一、 啟用配置文件
./consul agent -server -ui -bootstrap-expect=1 -data-dir=data -node=consul -advertise="192.168.1.222" -bind="0.0.0.0" -client="0.0.0.0" -config-dir=conf
config-dir:指定配置目錄,配置文件為.json格式
二、 在配置文件中啟用ACL
將文件保存在config-dir目錄下,acl.json
{ "datacenter":"dc1", "acl": { "enabled": true, //啟用acl "default_policy": "deny", //匿名不可訪問 "down_policy": "extend-cache", "tokens": { "master": "p2BE1AtpwPbrxZdC6k+eXA==" //根token,類似root密碼 } } }
三、獲取管理員token
使用第一步命令重啟consul后調用Token下發接口:
http://x.x.x.:8500/v1/acl/create http mehtod: put http header:X-Consul-Token:p2BE1AtpwPbrxZdC6k+eXA== request body:json
RequestBody:
{"Name": "dc1", "Type": "management"}
返回:
{ "ID": "14367ebf-79ce-b8e7-842b-3398708aaf97" }
使用postman:
返回結果
將 返回的token 寫入consul頁面,完成登錄
四、創建新Token[可選]
- 創建policies,進入policies tab
2. 創建你要的token,先創建policies, 以下是管理員權限,然后返回Token頁創建Token
acl = "write" agent_prefix "" { policy = "write" } event_prefix "" { policy = "write" } key_prefix "" { policy = "write" } keyring = "write" node_prefix "" { policy = "write" } operator = "write" query_prefix "" { policy = "write" } service_prefix "" { policy = "write" intentions = "write" } session_prefix "" { policy = "write" }
五、如果使用fabio,配置fabio.propertites,修改以下參數,並重啟
registry.consul.token = xxxxxxxx-180f-4875-66de-xxxxxxxxxx