
Examples for Consul ACLs for single or multiple datacenters.

Primary LanguageShell

Consul ACL Examples

This repository contains 2 examples of Consul Cluster configurations that works with the recent implementation of ACL in Consul.

The example resides in the following directories:

  • single-dc
  • multi-dc

The examples are working with and validated on version 1.5.0.


Each directory contains a docker-compose.yml that contains a basic configuration. Each file will create a network where all containers are connected on. All containers have port 8500 and 8600/udp exposed. For the first container, the same ports are open, 2nd container is +1 and 3rd container is +2.

The cluster can be started by executing the docker-compose.sh script. Please make sure that if you start the 2nd cluster that the first cluster is down (Due to opening of ports).

The wdijkerman/consul image is used for the Consul Cluster setup.


This example starts 3 Docker Consul containers named consul-1, consul-2 and consul-3.

The following ACL's are created:

  • "agent": 7a59f860-7e6a-0037-52d6-270ee84e4bed
  • "master": 9a6c723f-2533-2679-4515-654cdb7f96c9

Within the hcl directory, 2 hcl files can be found that contains the configuration for the roles.


This example starts 2 Docker Consul containers named consul-dc1 and consul-dc2. consul-dc1 resides in the dc1 datacenter and consul-dc2 in the dc2 datacenter.

The following ACL's are created:

  • "agent": FD8BCA99-ACE8-4FFE-BDF2-760A9CFAEAAB
  • "master": BDDF9C2E-7296-4D80-9CB5-661224D11FD6

ACLs/Tokens are replicated to the secondary datacenters. So you'll have to only create them on the consul-dc1 cluster. These tokens are replicated via an acl with id FA294BBA-8279-4F93-84A2-FCBA61C8298A, which is only configured on the consul-dc2 cluster.

Within the hcl directory, 3 hcl files can be found that contains the configuration for the roles.


This repository is based on the learn.hashicorp.com site and some various other sites.

Link: https://learn.hashicorp.com/consul/