Skip to main content
Type '/' to Search

Use hcdiag with Consul

HashiCorp Diagnostics (hcdiag) is a troubleshooting data-gathering tool that you can use to collect and archive important data from Consul server environments. The information gathered by hcdiag is well-suited for sharing with teams during incident response and troubleshooting.

In this tutorial, you will:

  • Retrieve example repository with Git
  • Create a local Consul datacenter using Docker Compose
  • Use the created environment to execute basic hcdiag commands
  • Explore the contents of files created by the tool
  • Learn about additional hcdiag options and how to use a configuration file with hcdiag

Note: The hcdiag tool is currently available only for Consul on Linux.

»Prerequisites

»Docker

You will need a local install of Docker running on your machine for this tutorial. You can find the instructions for installing Docker here. Docker Engine 20.10.7 was used in this tutorial.

»Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Visit the Docker Compose install guide for operating system specific installation instructions. Docker Compose format 3.7 was used in this tutorial.

»Git

Git is a version control system used for interacting with code repositories. Visit the Git download page for installation instructions.

»Clone GitHub repository

Clone the GitHub repository containing the configuration files and resources.

HTTPS
$ git clone https://github.com/hashicorp/learn-consul-docker.git

$ git clone https://github.com/hashicorp/learn-consul-docker.git

$ git clone git@github.com:hashicorp/learn-consul-docker.git

$ git clone git@github.com:hashicorp/learn-consul-docker.git

Change into the directory with the newly cloned repository.

$ cd learn-consul-docker/

$ cd learn-consul-docker/

Check out the v0.2 tag of the repository.

$ git checkout v0.2

$ git checkout v0.2

Change into the directory that contains the complete configuration files for this tutorial.

$ cd datacenter-deploy-hcdiag/

$ cd datacenter-deploy-hcdiag/

»Create the Consul datacenter

From within your working directory, run the following Docker Compose command to create local Consul datacenter featuring three Consul servers and a single client.

$ docker-compose up --detach

Creating network "consul_hashicorp" with driver "bridge"
Creating consul-client1 ... done
Creating consul-server3 ... done
Creating consul-server1 ... done
Creating consul-server2 ... done

$ docker-compose up --detach

Creating network "consul_hashicorp" with driver "bridge"
Creating consul-client1 ... done
Creating consul-server3 ... done
Creating consul-server1 ... done
Creating consul-server2 ... done

Note: Your first run will take the longest as Docker will first pull the respective images from the Docker Hub repository. Additional runs will not require to download the image again and should only take a few seconds to complete.

»Access the Consul client

Open an interactive shell to the Consul server container.

$ docker exec -it consul-server1 /bin/sh

$ docker exec -it consul-server1 /bin/sh

Note that your terminal prompt will now appear differently, like this:

/ #

/ #

Set the required environment variables that enable hcdiag to communicate with your secure Consul cluster.

$ export CONSUL_HTTP_ADDR=http://127.0.0.1:8500 && export CONSUL_HTTP_TOKEN=my-root-token && export CONSUL_TOKEN=my-root-token

$ export CONSUL_HTTP_ADDR=http://127.0.0.1:8500 && export CONSUL_HTTP_TOKEN=my-root-token && export CONSUL_TOKEN=my-root-token

Run the consul members command to ensure the Consul datacenter is up and running.

$ consul members
consul-server1  192.168.16.4:8301  alive   server  1.11.0beta3  2         dc1  default    <all>
consul-server2  192.168.16.3:8301  alive   server  1.11.0beta3  2         dc1  default    <all>
consul-server3  192.168.16.2:8301  alive   server  1.11.0beta3  2         dc1  default    <all>
consul-client1  192.168.16.5:8301  alive   client  1.11.0beta3  2         dc1  default    <default>

$ consul members
consul-server1  192.168.16.4:8301  alive   server  1.11.0beta3  2         dc1  default    <all>
consul-server2  192.168.16.3:8301  alive   server  1.11.0beta3  2         dc1  default    <all>
consul-server3  192.168.16.2:8301  alive   server  1.11.0beta3  2         dc1  default    <all>
consul-client1  192.168.16.5:8301  alive   client  1.11.0beta3  2         dc1  default    <default>

»Install necessary tools

Before you can download hcdiag, you need to install the curl and unzip tools. The Consul container is based on Alpine Linux, so you can do this with the apk package manager.

First update package sources.

$ apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
v3.13.5-280-g32fbcd8e25 [https://dl-cdn.alpinelinux.org/alpine/v3.13/main]
v3.13.5-278-g37b0c46534 [https://dl-cdn.alpinelinux.org/alpine/v3.13/community]
OK: 13892 distinct packages available

$ apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
v3.13.5-280-g32fbcd8e25 [https://dl-cdn.alpinelinux.org/alpine/v3.13/main]
v3.13.5-278-g37b0c46534 [https://dl-cdn.alpinelinux.org/alpine/v3.13/community]
OK: 13892 distinct packages available

Then install curl and unzip.

$ apk add curl unzip
(1/5) Installing brotli-libs (1.0.9-r3)
(2/5) Installing nghttp2-libs (1.42.0-r1)
(3/5) Installing libcurl (7.78.0-r0)
(4/5) Installing curl (7.78.0-r0)
(5/5) Installing unzip (6.0-r9)
Executing busybox-1.32.1-r6.trigger
OK: 12 MiB in 24 packages

$ apk add curl unzip
(1/5) Installing brotli-libs (1.0.9-r3)
(2/5) Installing nghttp2-libs (1.42.0-r1)
(3/5) Installing libcurl (7.78.0-r0)
(4/5) Installing curl (7.78.0-r0)
(5/5) Installing unzip (6.0-r9)
Executing busybox-1.32.1-r6.trigger
OK: 12 MiB in 24 packages

»Download and use hcdiag

You are now ready to download hcdiag from the HashiCorp releases repository. Recall that hcdiag is currently only available as a Linux binary. hcdiag also not currently available as a Linux package (such as apt or apk).

Download the binary with curl.

$ curl \
    --silent \
    --remote-name \
    https://releases.hashicorp.com/hcdiag/0.1.1/hcdiag_0.1.1_linux_amd64.zip

$ curl \
    --silent \
    --remote-name \
    https://releases.hashicorp.com/hcdiag/0.1.1/hcdiag_0.1.1_linux_amd64.zip

Unzip and remove the archive.

$ unzip hcdiag_0.1.1_linux_amd64.zip && rm -f hcdiag_0.1.1_linux_amd64.zip
Archive:  hcdiag_0.1.1_linux_amd64.zip
  inflating: README.md               
  inflating: hcdiag 

$ unzip hcdiag_0.1.1_linux_amd64.zip && rm -f hcdiag_0.1.1_linux_amd64.zip
Archive:  hcdiag_0.1.1_linux_amd64.zip
  inflating: README.md               
  inflating: hcdiag

Move the hcdiag executable into /usr/sbin so that you can invoke the command using just its name.

$ mv hcdiag sbin/

$ mv hcdiag sbin/

Run hcdiag with the consul flag. This will gather your available environment and Consul product information.

$ hcdiag -consul
2021-12-13T18:39:31.014Z [INFO]  hcdiag: Checking product availability
2021-12-13T18:39:31.158Z [INFO]  hcdiag: Gathering diagnostics
2021-12-13T18:39:31.158Z [INFO]  hcdiag: Running seekers for: product=host
2021-12-13T18:39:31.158Z [INFO]  hcdiag: running: seeker=stats
2021-12-13T18:39:31.158Z [INFO]  hcdiag: Running seekers for: product=consul
2021-12-13T18:39:31.159Z [INFO]  hcdiag: running: seeker="consul version"
2021-12-13T18:39:31.223Z [INFO]  hcdiag: running: seeker="consul debug -output=temp102546180/ConsulDebug -duration=10s -interval=5s"
2021-12-13T18:39:43.301Z [INFO]  hcdiag: running: seeker="GET /v1/agent/self"
2021-12-13T18:39:43.304Z [INFO]  hcdiag: running: seeker="GET /v1/agent/metrics"
2021-12-13T18:39:43.306Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/datacenters"
2021-12-13T18:39:43.307Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/services"
2021-12-13T18:39:43.307Z [INFO]  hcdiag: running: seeker="GET /v1/namespace"
2021-12-13T18:39:43.308Z [WARN]  hcdiag: result: seeker="GET /v1/namespace" result=%!s(<nil>) error="404 Not Found"
2021-12-13T18:39:43.308Z [INFO]  hcdiag: running: seeker="GET /v1/status/leader"
2021-12-13T18:39:43.308Z [INFO]  hcdiag: running: seeker="GET /v1/status/peers"
2021-12-13T18:39:43.311Z [INFO]  hcdiag: Created Results.json file: dest=temp102546180/Results.json
2021-12-13T18:39:43.311Z [INFO]  hcdiag: Created Manifest.json file: dest=temp102546180/Manifest.json
2021-12-13T18:39:43.317Z [INFO]  hcdiag: Compressed and archived output file: dest=.

$ hcdiag -consul
2021-12-13T18:39:31.014Z [INFO]  hcdiag: Checking product availability
2021-12-13T18:39:31.158Z [INFO]  hcdiag: Gathering diagnostics
2021-12-13T18:39:31.158Z [INFO]  hcdiag: Running seekers for: product=host
2021-12-13T18:39:31.158Z [INFO]  hcdiag: running: seeker=stats
2021-12-13T18:39:31.158Z [INFO]  hcdiag: Running seekers for: product=consul
2021-12-13T18:39:31.159Z [INFO]  hcdiag: running: seeker="consul version"
2021-12-13T18:39:31.223Z [INFO]  hcdiag: running: seeker="consul debug -output=temp102546180/ConsulDebug -duration=10s -interval=5s"
2021-12-13T18:39:43.301Z [INFO]  hcdiag: running: seeker="GET /v1/agent/self"
2021-12-13T18:39:43.304Z [INFO]  hcdiag: running: seeker="GET /v1/agent/metrics"
2021-12-13T18:39:43.306Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/datacenters"
2021-12-13T18:39:43.307Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/services"
2021-12-13T18:39:43.307Z [INFO]  hcdiag: running: seeker="GET /v1/namespace"
2021-12-13T18:39:43.308Z [WARN]  hcdiag: result: seeker="GET /v1/namespace" result=%!s(<nil>) error="404 Not Found"
2021-12-13T18:39:43.308Z [INFO]  hcdiag: running: seeker="GET /v1/status/leader"
2021-12-13T18:39:43.308Z [INFO]  hcdiag: running: seeker="GET /v1/status/peers"
2021-12-13T18:39:43.311Z [INFO]  hcdiag: Created Results.json file: dest=temp102546180/Results.json
2021-12-13T18:39:43.311Z [INFO]  hcdiag: Created Manifest.json file: dest=temp102546180/Manifest.json
2021-12-13T18:39:43.317Z [INFO]  hcdiag: Compressed and archived output file: dest=.

Tip: You can also invoke hcdiag without options to gather all available environment and product information. To learn about all executable options, run hcdiag -h.

»Examine the output

List the directory for tar+gzip archive files to discover the file that hcdiag created.

$ ls -l *.gz
-rw-r--r--    1 root     root        139143 Aug 10 21:18 support-2021-08-10T21:18:53Z.tar.gz

$ ls -l *.gz
-rw-r--r--    1 root     root        139143 Aug 10 21:18 support-2021-08-10T21:18:53Z.tar.gz

The filename contains a support prefix, followed by a timestamp. You can unpack the archive and further examine its contents.

$ tar zxvf support-2021-08-10T21:18:53Z.tar.gz
temp005038472/Manifest.json
temp005038472/Results.json
temp005038472/ConsulDebug.tar.gz

$ tar zxvf support-2021-08-10T21:18:53Z.tar.gz
temp005038472/Manifest.json
temp005038472/Results.json
temp005038472/ConsulDebug.tar.gz

The archive extracts three files into a temporary directory:

  • Manifest.json contains information describing the hcdiag run, including configuration options used, run duration, and a count of any errors encountered.
  • Results.json contains information about the environment and the output from an invocation of Consul debug.
  • ConsulDebug.tar.gz contains the output from invoking Consul debug as described in

You can further explore the ConsulDebug.tar.gz archive by unpacking it and examining its contents.

$ tar zxvf temp005038472/ConsulDebug.tar.gz
ConsulDebug/
ConsulDebug/2021-12-13T18-39-31Z/
ConsulDebug/agent.json
ConsulDebug/consul.log
ConsulDebug/host.json
ConsulDebug/index.json
ConsulDebug/members.json
ConsulDebug/metrics.json

$ tar zxvf temp005038472/ConsulDebug.tar.gz
ConsulDebug/
ConsulDebug/2021-12-13T18-39-31Z/
ConsulDebug/agent.json
ConsulDebug/consul.log
ConsulDebug/host.json
ConsulDebug/index.json
ConsulDebug/members.json
ConsulDebug/metrics.json

Feel free to inspect the bundle to ensure it contains only information that is appropriate to share based on your use-case or situation. The tool will not obscure secrets or sensitive information.

Consul Enterprise users: If you are a Consul Enterprise user, you can share the output from hcdiag with HashiCorp Customer Success to greatly reduce the amount of information gathering needed in a support request.

The tool only works locally and does not export or share the diagnostic bundle with anyone. You must use other tools to transfer it to a secure location so you can share it with specific support staff who need to view it.

»Configuration file

You can configure hcdiag behavior with a HashiCorp Configuration Language (HCL) formatted file. If you examine the Results.json file under the respective product key, such as Consul, you can find the commands that are executed.

Here is a minimal configuration file that instructs hcdiag to exclude the consul debug command shown as an example.

product "consul" {
  excludes = ["GET /v1/agent/metrics"]
}
diag.hcl
product "consul" {
  excludes = ["GET /v1/agent/metrics"]
}

If you create this file as diag.hcl and execute hcdiag as follows, then you could expect the output to resemble the example output.

$ hcdiag -consul -config diag.hcl
2021-12-13T21:02:04.468Z [INFO]  hcdiag: Checking product availability
2021-12-13T21:02:04.600Z [INFO]  hcdiag: Gathering diagnostics
2021-12-13T21:02:04.600Z [INFO]  hcdiag: Running seekers for: product=consul
2021-12-13T21:02:04.600Z [INFO]  hcdiag: running: seeker="consul version"
2021-12-13T21:02:04.600Z [INFO]  hcdiag: Running seekers for: product=host
2021-12-13T21:02:04.600Z [INFO]  hcdiag: running: seeker=stats
2021-12-13T21:02:04.661Z [INFO]  hcdiag: running: seeker="consul debug -output=temp579253096/ConsulDebug -duration=10s -interval=5s"
2021-12-13T21:02:16.743Z [INFO]  hcdiag: running: seeker="GET /v1/agent/self"
2021-12-13T21:02:16.746Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/datacenters"
2021-12-13T21:02:16.748Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/services"
2021-12-13T21:02:16.749Z [INFO]  hcdiag: running: seeker="GET /v1/namespace"
2021-12-13T21:02:16.750Z [WARN]  hcdiag: result: seeker="GET /v1/namespace" result=%!s(<nil>) error="404 Not Found"
2021-12-13T21:02:16.750Z [INFO]  hcdiag: running: seeker="GET /v1/status/leader"
2021-12-13T21:02:16.751Z [INFO]  hcdiag: running: seeker="GET /v1/status/peers"
2021-12-13T21:02:16.754Z [INFO]  hcdiag: Created Results.json file: dest=temp579253096/Results.json
2021-12-13T21:02:16.754Z [INFO]  hcdiag: Created Manifest.json file: dest=temp579253096/Manifest.json
2021-12-13T21:02:16.757Z [INFO]  hcdiag: Compressed and archived output file: dest=.

$ hcdiag -consul -config diag.hcl
2021-12-13T21:02:04.468Z [INFO]  hcdiag: Checking product availability
2021-12-13T21:02:04.600Z [INFO]  hcdiag: Gathering diagnostics
2021-12-13T21:02:04.600Z [INFO]  hcdiag: Running seekers for: product=consul
2021-12-13T21:02:04.600Z [INFO]  hcdiag: running: seeker="consul version"
2021-12-13T21:02:04.600Z [INFO]  hcdiag: Running seekers for: product=host
2021-12-13T21:02:04.600Z [INFO]  hcdiag: running: seeker=stats
2021-12-13T21:02:04.661Z [INFO]  hcdiag: running: seeker="consul debug -output=temp579253096/ConsulDebug -duration=10s -interval=5s"
2021-12-13T21:02:16.743Z [INFO]  hcdiag: running: seeker="GET /v1/agent/self"
2021-12-13T21:02:16.746Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/datacenters"
2021-12-13T21:02:16.748Z [INFO]  hcdiag: running: seeker="GET /v1/catalog/services"
2021-12-13T21:02:16.749Z [INFO]  hcdiag: running: seeker="GET /v1/namespace"
2021-12-13T21:02:16.750Z [WARN]  hcdiag: result: seeker="GET /v1/namespace" result=%!s(<nil>) error="404 Not Found"
2021-12-13T21:02:16.750Z [INFO]  hcdiag: running: seeker="GET /v1/status/leader"
2021-12-13T21:02:16.751Z [INFO]  hcdiag: running: seeker="GET /v1/status/peers"
2021-12-13T21:02:16.754Z [INFO]  hcdiag: Created Results.json file: dest=temp579253096/Results.json
2021-12-13T21:02:16.754Z [INFO]  hcdiag: Created Manifest.json file: dest=temp579253096/Manifest.json
2021-12-13T21:02:16.757Z [INFO]  hcdiag: Compressed and archived output file: dest=.

You do not have to create the configuration and execute the command again, but if you compare the example output to the previous invocation that you ran, you notice that the excluded Consul agent metrics information is not present.

»Production usage tips

By default, the hcdiag tool includes files for up to 72 hours back from the current time. You can specify the desired time range using the -include-since flag.

If you are concerned about impacting performance of your Consul servers, you can specify that the seekers to not run concurrently, and instead be invoked serially with the -serial flag.

Deploying hcdiag in production involves a workflow similar to the following:

  1. Place the hcdiag binary on the Consul system in scope - this could be a Consul server or a Consul client.

  2. When running with a configuration file and the -config flag, ensure that the specified configuration file is readable by the user that executes hcdiag.

  3. Ensure that the current directory or that specified by the dest flag is writable by the user that executes hcdiag.

  4. Ensure connectivity to the HashiCorp products that hcdiag needs to connect to during the run. Export any required environment variables for establishing connection or passing authentication tokens as necessary.

  5. Decide on a duration for information gathering, noting that the default is to gather for up to 72 hours back in server log output. Adjust your needs as necessary with the -include-since flag. For example, to include only 24 hours of log output, invoke as:

    $ hcdiag -Consul -include-since 24h

    $ hcdiag -Consul -include-since 24h

  6. Limit what is gathered with the -includes flag. For example, -includes /var/log/consul-*,/var/log/nomad-* instructs hcdiag to only gather logs matching the specified Consul and Nomad filename patterns.

  7. Use the -dryrun flag to observe what hcdiag will do without anything actually being done for testing configuration and options.

»Clean up your environment

To clean up from exploring hcdiag, first exit the container.

$ exit

$ exit

Stop and remove all containers.

$ docker-compose down --rmi all

Stopping consul-server1 ... done
Stopping consul-client  ... done
Stopping consul-server3 ... done
Stopping consul-server2 ... done
Removing consul-server1 ... done
Removing consul-client  ... done
Removing consul-server3 ... done
Removing consul-server2 ... done
Removing network datacenter-deploy-hcdiag_consul
Removing image hashicorp/consul:1.11.0-beta3

$ docker-compose down --rmi all

Stopping consul-server1 ... done
Stopping consul-client  ... done
Stopping consul-server3 ... done
Stopping consul-server2 ... done
Removing consul-server1 ... done
Removing consul-client  ... done
Removing consul-server3 ... done
Removing consul-server2 ... done
Removing network datacenter-deploy-hcdiag_consul
Removing image hashicorp/consul:1.11.0-beta3

»Summary

In this tutorial, you retrieved a Git repository, created a local Consul datacenter with Docker Compose, and used the local environment to explore the hcdiag tool in the context of gathering information from a running Consul environment.

You also learned about the available configuration flags, the configuration file, and production specific tips for using hcdiag.

»Help and Reference

Feel free to explore the following resources for additional help with troubleshooting your Consul environment.

stdin: is not a tty