You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
3 servers provisioned, ACL token displayed in the output and usable in the Consul UI
ACTUAL RESULTS
The "Generate ACL master token" task is configured with run_once: true, however it's run once on the bootstrap server. Since the task has the consul_node_role == 'server' condition, it's always skipped.
Since the token is not generated, it's not able to be saved on the other servers and fails with an error.
TASK [consul : Generate ACL master token] **************************************
task path: .../roles/consul/tasks/acl.yml:35
skipping: [consul1] => {"changed": false, "false_condition": "consul_node_role == 'server'", "skip_reason": "Conditional result was False"}
TASK [consul : Save ACL master token] ******************************************
task path: .../roles/consul/tasks/acl.yml:40
skipping: [consul1] => {"changed": false, "false_condition": "consul_node_role == 'server'", "skip_reason": "Conditional result was False"}
fatal: [consul2]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout'. 'dict object' has no attribute 'stdout'\n\nThe error appears to be in '.../roles/consul/tasks/acl.yml': line 40, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Save ACL master token\n ^ here\n"}
skipping: [consul3] => {"changed": false, "false_condition": "consul_node_role == 'server'", "skip_reason": "Conditional result was False"}
TASK [consul : Display ACL Master Token] ***************************************
task path: .../roles/consul/tasks/acl.yml:49
skipping: [consul1] => {"false_condition": "consul_node_role == 'server'"}
TASK [consul : Read ACL master token from previously boostrapped server] *******
task path: .../roles/consul/tasks/acl.yml:59
skipping: [consul1] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
TASK [consul : Save acl_replication_token from existing configuration] *********
task path: .../roles/consul/tasks/acl.yml:66
skipping: [consul1] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
skipping: [consul3] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
Please note I removed a few "no_log" attributes in acl.yml to have plain error messages
I was able to provision the cluster successfully by replacing all the consul_node_role == 'server' conditions in acl.yaml with consul_node_role == 'server' or consul_node_role == 'bootstrap'
The text was updated successfully, but these errors were encountered:
SUMMARY
When provisioning a multi-server cluster with a bootstrap server and one or more servers, the ACL master token is not generated automatically
ISSUE TYPE
COMPONENT NAME
?
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Mac OS X Sonoma 14.0
Apple M2 Pro
STEPS TO REPRODUCE
Create a 3 server inventory as below:
EXPECTED RESULTS
3 servers provisioned, ACL token displayed in the output and usable in the Consul UI
ACTUAL RESULTS
The "Generate ACL master token" task is configured with
run_once: true, however it's run once on the bootstrap server. Since the task has theconsul_node_role == 'server'condition, it's always skipped.Since the token is not generated, it's not able to be saved on the other servers and fails with an error.
Please note I removed a few "no_log" attributes in acl.yml to have plain error messages
I was able to provision the cluster successfully by replacing all the
consul_node_role == 'server'conditions in acl.yaml withconsul_node_role == 'server' or consul_node_role == 'bootstrap'The text was updated successfully, but these errors were encountered: