2. 杂货
  3. Consul [WARN] agent: Node info update blocked by ACLs: node=XXX accessorID="anonymous token"

Consul [WARN] agent: Node info update blocked by ACLs: node=XXX accessorID="anonymous token"

mowen 2024-07-15 465

开启ACLs后,Services健康检查失败并且无法注销,查看consul日志出现Node info更新被阻止

[WARN]  agent: Node info update blocked by ACLs: node=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx accessorID="anonymous token"


解决办法:
1、consul.json中设置acl.tokens.agent

  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "enable_token_persistence": true,
    "enable_key_list_policy": true,
    "tokens": {
      "initial_management": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "agent": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    }
  }


2、在Roles中给acl.tokens.agent赋予Agent、Node、Service对应的写入权限

agent_prefix "" {
    policy = "write"
}
node_prefix "" {
    policy = "write"
}
service_prefix "" {
    policy = "write"
    intentions = "write"
}


3、重启consul一段时间后,健康检查失败或超时且未注销的Service自动注销

2024-07-15T00:56:42.101-0700 [INFO]  agent: Synced node info
2024-07-15T00:56:42.168-0700 [INFO]  agent: Deregistered check: check=service:CCStatsServices->10.138.0.3:9307
2024-07-15T00:56:42.171-0700 [INFO]  agent: Deregistered check: check=service:CCGameServices->10.138.0.3:9302
2024-07-15T00:56:42.175-0700 [INFO]  agent: Deregistered check: check=service:CCLoginServices->10.138.0.3:9304
2024-07-15T00:56:42.178-0700 [INFO]  agent: Deregistered check: check=service:CCPredictServices->10.138.0.3:9306
2024-07-15T00:56:42.182-0700 [INFO]  agent: Deregistered check: check=service:CCPredictServices->10.138.0.3:9307
2024-07-15T00:56:42.185-0700 [INFO]  agent: Deregistered check: check=service:CCDataServices->10.138.0.3:9302
2024-07-15T00:56:42.188-0700 [INFO]  agent: Deregistered check: check=service:CCStatsServices->10.138.0.3:9308
2024-07-15T00:56:42.192-0700 [INFO]  agent: Deregistered check: check=service:CCRenderServices->10.138.0.3:9306
2024-07-15T00:56:42.195-0700 [INFO]  agent: Deregistered check: check=service:CCRenderServices->10.138.0.3:9305
2024-07-15T00:56:42.202-0700 [INFO]  agent: Deregistered check: check=service:CCAuthServices->10.138.0.3:9301
2024-07-15T00:56:42.205-0700 [INFO]  agent: Deregistered check: check=service:CCLoginServices->10.138.0.3:9303
2024-07-15T00:56:42.208-0700 [INFO]  agent: Deregistered check: check=service:CCMPServices->10.138.0.3:9304
2024-07-15T00:56:42.211-0700 [INFO]  agent: Deregistered check: check=service:CCMPServices->10.138.0.3:9305
2024-07-15T00:56:42.214-0700 [INFO]  agent: Deregistered check: check=service:CCDataServices->10.138.0.3:9301
2024-07-15T00:56:42.217-0700 [INFO]  agent: Deregistered check: check=service:CCAuthServices->10.138.0.3:9300
2024-07-15T00:56:42.220-0700 [INFO]  agent: Deregistered check: check=service:CCGameServices->10.138.0.3:9303


最新回复 (0)
返回
发新帖
X