Bootstrapping ACL's without a fully setup cluster?

[valarauca]

Hello!

I was wondering if there is a method to bootstrap tokens before cluster initialization. Namely the token could be distributed to the consul-agent-proxies, and consul-agent-servers before initialization.

The current process is a bit messy at it requires a partial bootstrap of the system, then a rolling restart while configurations are re-generated as the ACL system is brought online. At least this my take away from this section.

This is a large amount of fiction, which seems unnecessary as the existing ServiceDefination structure has fields for these values, and -token allow for them to readily passed through.

But to my surprise when I try to create a bootstrap token

valarauca@valarauca:~/Documents/consul$ ./consul acl bootstrap
Failed ACL bootstrapping: Put http://127.0.0.1:8500/v1/acl/bootstrap: dial tcp 127.0.0.1:8500: connect: connection refused

sigh

---

Short of a full feature request, what code would need to be duplicated, or studied to simply provide "valid tokens" initially during bootstrap?

Where would these tokens need to be provided (so consul-server will store them in its "pool" during initialization)?

I'm aware this process isn't likely untested, unproven, and unstable. But I am nevertheless interested in making this work, and possibly assisting by contributing patches to ensure it works.

[vtzan]

Dear Team,

This is a great feature. I saw the you have closed this #6706 and #6743
Is this going to be considered as a feature request or it is considered a best practice from you
and is going to stay as is?

thank you in advance
Vasilios Tzanoudakis