added acls

hashicorp-education · Dec 14, 2021 · 6348270 · 6348270
1 parent 625a8a3
commit 6348270
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 19 deletions.
diff --git a/datacenter-deploy-hcdiag/README.md b/datacenter-deploy-hcdiag/README.md
@@ -17,27 +17,34 @@ Deploy a Consul datacenter containing agents with a preconfigured DNS service an
 
 1. Open an interactive shell to a Consul server:
    1. `docker exec -it consul-server1 /bin/sh`
-2. Update package sources;
+2. Set environment variables:
+   1. `export CONSUL_HTTP_ADDR=http://127.0.0.1:8500`
+   2. `export CONSUL_HTTP_TOKEN=my-master-token`
+   3. `export CONSUL_TOKEN=my-master-token`
+3. Check to see if all clients have successfully joined the Consul datacenter:
+   1. `consul members`
+   2. `curl http://127.0.0.1:8500/v1/agent/members --header "X-Consul-Token: my-master-token"`
+4. Update package sources;
    1. `apk update`
-3. Add curl and unzup packages:
+5. Add curl and unzup packages:
    1. `apk add curl unzip`
-4. Download hcdiag:
+6. Download hcdiag:
    1. `curl --silent --remote-name https://releases.hashicorp.com/hcdiag/0.1.1/hcdiag_0.1.1_linux_amd64.zip`
-5. Unzip hcdiag and remove the archive:
+7. Unzip hcdiag and remove the archive:
    1. `unzip hcdiag_0.1.1_linux_amd64.zip && rm -f hcdiag_0.1.1_linux_amd64.zip`
-6. Move the hcdiag executable to your sbin directory:
+8. Move the hcdiag executable to your sbin directory:
    1. `mv hcdiag sbin/`
-7. Run hcdiag for consul:
-   1. `hcdiag -consul`
-   2. Let it run until completion
-8. Look for the support package
-   1. `ls -l *.gz`
-9. Unpack the archive:
-   1.  `tar zxvf support-2021-12-10T20:47:55Z.tar.gz`
-10. Change directory into the unpacked folder:
+9.  Run hcdiag for consul:
+   2. `hcdiag -consul`
+   3. Let it run until completion
+10. Look for the support package
+   4. `ls -l *.gz`
+11. Unpack the archive:
+   5.  `tar zxvf support-2021-12-10T20:47:55Z.tar.gz`
+12. Change directory into the unpacked folder:
     1.  `cd temp495511880/`
-11. Examine the contents 
-13. Exit the terminal: `exit`
+13. Examine the contents 
+14. Exit the terminal: `exit`
 
 ## Additional information
 

diff --git a/datacenter-deploy-hcdiag/client1.json b/datacenter-deploy-hcdiag/client1.json
@@ -6,5 +6,13 @@
         "consul-server1",
         "consul-server2",
         "consul-server3"
-     ]
+    ],
+	"acl": { 
+		"enabled": true,
+		"default_policy": "deny",
+		"enable_token_persistence": true,
+		"tokens": {
+			"agent": "my-agent-token"
+		}
+	}
 }
diff --git a/datacenter-deploy-hcdiag/server1.json b/datacenter-deploy-hcdiag/server1.json
@@ -11,5 +11,14 @@
     "retry_join":[
         "consul-server2",
         "consul-server3"
-    ]
+    ],
+	"acl": { 
+		"enabled": true,
+		"default_policy": "deny",
+		"enable_token_persistence": true,
+		"tokens": {
+			"master": "my-master-token",
+			"agent": "my-agent-token"
+		}
+	}
 }
diff --git a/datacenter-deploy-hcdiag/server2.json b/datacenter-deploy-hcdiag/server2.json
@@ -11,5 +11,14 @@
     "retry_join":[
         "consul-server1",
         "consul-server3"
-    ]
+    ],
+	"acl": { 
+		"enabled": true,
+		"default_policy": "deny",
+		"enable_token_persistence": true,
+		"tokens": {
+			"master": "my-master-token",
+			"agent": "my-agent-token"
+		}
+	}
 }
diff --git a/datacenter-deploy-hcdiag/server3.json b/datacenter-deploy-hcdiag/server3.json
@@ -11,5 +11,14 @@
     "retry_join":[
         "consul-server1",
         "consul-server2"
-    ]
+    ],
+	"acl": { 
+		"enabled": true,
+		"default_policy": "deny",
+		"enable_token_persistence": true,
+		"tokens": {
+			"master": "my-master-token",
+			"agent": "my-agent-token"
+		}
+	}
 }