Based on the information provided below, why can’t you successfully register the service?

You are launching a new service to be registered with Consul. However, when you attempt to register the service using the following command you are getting a permission denied error.

consul services register /etc/consul.d/client/app1_service.json – token=988b8fb4-357a-376d-057e-9d9fd5a170a2

Based on the information provided below, why can’t you successfully register the service?

——————————————————————————

The configuration below is being used to register the service:

The policy that the token is associated with is below:

A . web-server-1 is an invalid service name
B. the policy has a syntax error and is not enforcing the policy properly
C. the policy does not permit registration of a service named app1-web
D. the ACL system has not been bootstrapped

View Answer

Answer: C

Explanation:

For this question, I wanted to tie in multiple sections but focus on the ACL section. If you look at the service configuration, the service name is actually app1-web, while the ID of the node registering the service is web-server-1. When the service is registered by running the consul register command above, the service that would be created in Consul is app1-web, however, the policy only allows the token write permissions for a service named web-server-1.

To fix this, you could either modify the policy to permit write access for a service named app1-web, or modify the name of the service in the configuration file to be web-server-1. Basically, if the rule doesn’t have "_prefix", it must match the name exactly.

https://www.consul.io/docs/acl/acl-system.html