github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/e2e/consulacls/README.md (about)

     1  # Configure Consul ACLs
     2  
     3  This directory contains a set of scripts for re-configuring Consul in the TF
     4  provisioned e2e environment to enable Consul ACLs.
     5  
     6  ## Usage
     7  
     8  The `consul-acls-manage.sh` script can be used to manipulate the Consul cluster
     9  to activate or de-activate Consul ACLs. There are 3 targets into the script, only
    10  2 of which should be used from e2e framework tests. The script should be run from
    11  the e2e directory (i.e. the directory from wich the e2e framework also runs).
    12  
    13  ### bootstrap
    14  
    15  The command `consul-acls-manage.sh bootstrap` should *NOT* be used from e2e
    16  framework tests. It's merely a convenience entry-point for doing development /
    17  debugging on the script itself.
    18  
    19  The bootstrap process will upload "reasonable" ACL policy files to Consul Servers,
    20  Consul Clients, Nomad Servers, and Nomad Clients.
    21  
    22  The bootstrap process creates a file on local disk which contains the generated
    23  Consul ACL master token. The file is named based on the current TF state file
    24  serial number. `/tmp/e2e-consul-bootstrap-<serial>.token`
    25  
    26  ### enable
    27  
    28  The command `consul-acls-manage.sh enable` will enable Consul ACLs, going through
    29  the bootstrap process only if necessary. Whether the bootstrap process is necessary
    30  depends on the existence of a token file that matches the current TF state serial
    31  number. If no associated token file exists for the current TF state, the bootstrap
    32  process is required. Otherwise, the bootstrap process is skipped.
    33  
    34  If the bootstrap process was not required (i.e. it already occurred and a
    35  Consul master token already exists for the current TF state), the script will
    36  activate ACLs in the Consul Server configurations and restart those agents. After
    37  using `enable`, the `disable` command can be used to turn Consul ACLs back off,
    38  without destroying any of the existing ACL configuration.
    39  
    40  ### disable
    41  
    42  The command `consul-acls-manage.sh disable` will disable Consul ACLs. This does
    43  not "cleanup" the policy files for Consul / Nomad agents, it merely deactivates
    44  ACLs in the Consul Server configurations and restarts those agents. After using
    45  `disable`, the `enable` command can be used to turn Consul ACLs back on, using
    46  the same ACL token(s) generated before.