Deny access to consul by default (#110)

e2b-dev · Mar 25, 2024 · 8cc19fb · 8cc19fb
2 parents b4c0150 + aaa27df
commit 8cc19fb
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 11 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.0.70
+0.0.71
diff --git a/packages/api/main.go b/packages/api/main.go
@@ -140,6 +140,7 @@ func main() {
 
 	s := NewGinServer(apiStore, swagger, *port)
 
+	fmt.Printf("Starting server on port %d\n", *port)
 	// And we serve HTTP until the world ends.
 	err = s.ListenAndServe()
 	if err != nil {

diff --git a/packages/cluster/scripts/run-consul.sh b/packages/cluster/scripts/run-consul.sh
@@ -254,11 +254,8 @@ EOF
   },
   "acl": {
     "enabled": true,
-    "default_policy": "allow",
-    "enable_token_persistence": true,
-    "tokens": {
-      "initial_management": "$CONSUL_ACL_MASTER_TOKEN"
-    }
+    "default_policy": "deny",
+    "enable_token_persistence": true
   },
   "telemetry": {
     "prometheus_retention_time": "24h",
@@ -365,23 +362,22 @@ function start_consul {
 function bootstrap {
   log_info "Waiting for Consul to start"
   while true; do
-    local readonly consul_leader_addr=$(consul info | grep "leader_addr =" | awk -F'=' '{print $2}' | tr -d  ' ')
-    local readonly consul_leader=$(consul info | grep "leader =" | awk -F'=' '{print $2}' | tr -d  ' ')
+    local readonly consul_leader_addr=$(consul info -token="${consul_token}"| grep "leader_addr =" | awk -F'=' '{print $2}' | tr -d ' ')
+    local readonly consul_leader=$(consul info -token="${consul_token}"| grep "leader =" | awk -F'=' '{print $2}' | tr -d ' ')
     if [[ -n "$consul_leader_addr" ]]; then
       log_info "Consul leader elected"
 
       if [[ "$consul_leader" == "true" ]]; then
         local readonly consul_token="$1"
         log_info "Bootstrapping Consul"
-        echo "${consul_token}" > /tmp/consul.token
+        echo "${consul_token}" >/tmp/consul.token
         consul acl bootstrap /tmp/consul.token
         rm /tmp/consul.token
       fi
 
       break
     fi
 
-
     log_info "Waiting for Consul to start"
     sleep 1
   done

diff --git a/packages/cluster/server/main.tf b/packages/cluster/server/main.tf
@@ -52,7 +52,7 @@ resource "google_compute_instance_group_manager" "server_cluster" {
 
   auto_healing_policies {
     health_check      = google_compute_health_check.nomad_check.id
-    initial_delay_sec = 0
+    initial_delay_sec = 120
   }
 
   lifecycle {