[docs] ACL reset procedure (#5334)

* Adding reset instructions.

* Added link to the boostrapping guide for the reset procedure.

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
This commit is contained in:
kaitlincarter-hc 2019-02-19 10:45:23 -06:00 committed by GitHub
parent 07e5308206
commit a093af320c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions

View File

@ -11,7 +11,7 @@ Command: `consul acl bootstrap`
The `acl bootstrap` command will request Consul to generate a new token with unlimited privileges to use
for management purposes and output its details. This can only be done once and afterwards bootstrapping
will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap
reset procedure.
[reset procedure](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide#ensure-the-acl-system-is-configured-properly).
The ACL system can also be bootstrapped via the [HTTP API](/api/acl/acl.html#bootstrap-acls).

View File

@ -218,6 +218,21 @@ curl http://127.0.0.1:8500/v1/catalog/nodes -H 'x-consul-token: 4411f091-a4c9-48
All the values should be as expected. Particularly, if `TaggedAddresses` is `null` it is likely we have not configured ACLs correctly. A good place to start debugging is reviewing the Consul logs on all the servers.
If you encounter issues that are unresolvable, or misplace the bootstrap token, you can reset the ACL system by updating the index. First re-run the bootstrap command to get the index number.
```
$ consul acl bootstrap
Failed ACL bootstrapping: Unexpected response code: 403 (Permission denied: ACL bootstrap no longer allowed (reset index: 13))
```
Then write the reset index into the bootstrap reset file: (here the reset index is 13)
```
$ echo 13 >> <data-directory>/acl-bootstrap-reset
```
After reseting the ACL system you can start again at Step 2.
## Step 6: Enable ACLs on the Consul Clients
Since ACL enforcement also occurs on the Consul clients, we need to also restart them