HashiCorp Diagnostic, hcdiag, is a universal troubleshooting and data gathering tool for HashiCorp products that helps you collect and archive important data about your Nomad cluster. You can share the information that hcdiag gathers with your team or the HashiCorp support teams during incident response and troubleshooting.

»Prerequisites

Docker

»Create a Nomad cluster

In this scenario, a Nomad cluster consisting of one node will be created. This node will run the Nomad agent in development mode inside of a Docker container and perform both the server and client functions. Development mode is great for quickly starting a cluster to test configurations or prototype interactions. The hcdiag information in this tutorial can be used to troubleshoot and report on any Nomad cluster.

»Setup the environment

Run a ubuntu Docker container in detached mode with the -d flag. The --rm flag instructs Docker to delete the container once it has been stopped and the -t flag allocates a pseudo-tty which keeps the container running until it is stopped manually.

$ docker run -d --rm -t --name nomad ubuntu:20.04

$ docker run -d --rm -t --name nomad ubuntu:20.04

Open an interactive shell into the container with the -it flags.

$ docker exec -it nomad /bin/bash

$ docker exec -it nomad /bin/bash

Note: Your terminal prompt will now appear differently to show that you are in a shell in the Ubuntu container - root@7c267a923930:/#. The rest of the commands in the tutorial are to be run in this Ubuntu container shell.

Update apt-get and install the necessary dependencies.

$ apt-get update && apt-get install -y curl unzip

$ apt-get update && apt-get install -y curl unzip

Create a working directory and change into it.

$ mkdir /tmp/nomad-hcdiag && cd /tmp/nomad-hcdiag

$ mkdir /tmp/nomad-hcdiag && cd /tmp/nomad-hcdiag

»Install and Start Nomad

Create a variable for the Nomad version.

$ NOMAD_VERSION="1.2.6"

$ NOMAD_VERSION="1.2.6"

Download and install the nomad binary.

$ curl -o nomad.zip https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip

$ curl -o nomad.zip https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip

Unzip the package, move the binary to a directory on the system path, and delete the zip file.

$ unzip nomad.zip && mv nomad /usr/local/bin/ && rm nomad.zip

$ unzip nomad.zip && mv nomad /usr/local/bin/ && rm nomad.zip

Create an agent configuration file named nomad.hcl and enable ACLs.

$ echo "acl { enabled = true }" > nomad.hcl

$ echo "acl { enabled = true }" > nomad.hcl

Run the nomad agent in dev mode as a background process. This may take a few seconds.

$ nomad agent -dev -config=nomad.hcl > /dev/null 2>&1 &

$ nomad agent -dev -config=nomad.hcl > /dev/null 2>&1 &

Bootstrap the ACLs and save the management token SecretID to a file.

$ nomad acl bootstrap | grep -i secret | awk -F '=' '{print $2}' | xargs > management.token

$ nomad acl bootstrap | grep -i secret | awk -F '=' '{print $2}' | xargs > management.token

Set the NOMAD_TOKEN variable to use the management token.

$ export NOMAD_TOKEN=$(cat management.token)

$ export NOMAD_TOKEN=$(cat management.token)

Test connectivity to the cluster by running a nomad status command.

$ nomad node status

$ nomad node status

»Install and Run the `hcdiag` tool

Create a variable for the hcdiag tool version.

$ HCDIAG_VERSION="0.1.2"

$ HCDIAG_VERSION="0.1.2"

Download the hcdiag binary.

$ curl -o hcdiag.zip https://releases.hashicorp.com/hcdiag/${HCDIAG_VERSION}/hcdiag_${HCDIAG_VERSION}_linux_amd64.zip

$ curl -o hcdiag.zip https://releases.hashicorp.com/hcdiag/${HCDIAG_VERSION}/hcdiag_${HCDIAG_VERSION}_linux_amd64.zip

Unzip the package, move the binary to a directory on the system path, and delete the zip file.

$ unzip hcdiag.zip && mv hcdiag /usr/local/bin/ && rm hcdiag.zip

$ unzip hcdiag.zip && mv hcdiag /usr/local/bin/ && rm hcdiag.zip

Run hcdiag against the Nomad cluster. This may take a few minutes.

$ hcdiag -nomad
2022-03-03T17:23:59.379Z [INFO]  hcdiag: Checking product availability
2022-03-03T17:23:59.471Z [INFO]  hcdiag: Gathering diagnostics
2022-03-03T17:23:59.471Z [INFO]  hcdiag: Running seekers for: product=host
2022-03-03T17:23:59.471Z [INFO]  hcdiag: running: seeker=stats
2022-03-03T17:23:59.471Z [INFO]  hcdiag: Running seekers for: product=nomad
2022-03-03T17:23:59.471Z [INFO]  hcdiag: running: seeker="nomad version"
2022-03-03T17:23:59.509Z [INFO]  hcdiag: running: seeker="nomad node status -json"
2022-03-03T17:23:59.545Z [INFO]  hcdiag: running: seeker="nomad agent-info -json"
2022-03-03T17:23:59.584Z [INFO]  hcdiag: running: seeker="nomad operator debug -output=hcdiag-2022-03-03T172359Z -duration=30s"
2022-03-03T17:24:33.692Z [INFO]  hcdiag: running: seeker="GET /v1/agent/members"
2022-03-03T17:24:33.693Z [INFO]  hcdiag: running: seeker="GET /v1/plugins?type=csi"
2022-03-03T17:24:33.693Z [INFO]  hcdiag: running: seeker="GET /v1/operator/autopilot/configuration"
2022-03-03T17:24:33.694Z [INFO]  hcdiag: running: seeker="GET /v1/operator/raft/configuration"
2022-03-03T17:24:33.696Z [INFO]  hcdiag: Created Results.json file: dest=hcdiag-2022-03-03T172359Z/Results.json
2022-03-03T17:24:33.696Z [INFO]  hcdiag: Created Manifest.json file: dest=hcdiag-2022-03-03T172359Z/Manifest.json
2022-03-03T17:24:33.717Z [INFO]  hcdiag: Compressed and archived output file: dest=./hcdiag-2022-03-03T172359Z.tar.gz

$ hcdiag -nomad
2022-03-03T17:23:59.379Z [INFO]  hcdiag: Checking product availability
2022-03-03T17:23:59.471Z [INFO]  hcdiag: Gathering diagnostics
2022-03-03T17:23:59.471Z [INFO]  hcdiag: Running seekers for: product=host
2022-03-03T17:23:59.471Z [INFO]  hcdiag: running: seeker=stats
2022-03-03T17:23:59.471Z [INFO]  hcdiag: Running seekers for: product=nomad
2022-03-03T17:23:59.471Z [INFO]  hcdiag: running: seeker="nomad version"
2022-03-03T17:23:59.509Z [INFO]  hcdiag: running: seeker="nomad node status -json"
2022-03-03T17:23:59.545Z [INFO]  hcdiag: running: seeker="nomad agent-info -json"
2022-03-03T17:23:59.584Z [INFO]  hcdiag: running: seeker="nomad operator debug -output=hcdiag-2022-03-03T172359Z -duration=30s"
2022-03-03T17:24:33.692Z [INFO]  hcdiag: running: seeker="GET /v1/agent/members"
2022-03-03T17:24:33.693Z [INFO]  hcdiag: running: seeker="GET /v1/plugins?type=csi"
2022-03-03T17:24:33.693Z [INFO]  hcdiag: running: seeker="GET /v1/operator/autopilot/configuration"
2022-03-03T17:24:33.694Z [INFO]  hcdiag: running: seeker="GET /v1/operator/raft/configuration"
2022-03-03T17:24:33.696Z [INFO]  hcdiag: Created Results.json file: dest=hcdiag-2022-03-03T172359Z/Results.json
2022-03-03T17:24:33.696Z [INFO]  hcdiag: Created Manifest.json file: dest=hcdiag-2022-03-03T172359Z/Manifest.json
2022-03-03T17:24:33.717Z [INFO]  hcdiag: Compressed and archived output file: dest=./hcdiag-2022-03-03T172359Z.tar.gz

»Production usage tips

By default, the hcdiag tool includes files for up to 72 hours back from the current time. You can specify the desired time range using the -include-since flag.

If you are concerned about impacting performance of your Nomad servers, you can specify that the seekers to not run concurrently, and instead be invoked serially with the -serial flag.

Deploying hcdiag in production involves a workflow similar to the following:

Place the hcdiag binary on the Nomad system in scope - this could be a Nomad server or a Nomad client.
When running with a configuration file and the -config flag, ensure that the specified configuration file is readable by the user that executes hcdiag.
Ensure that the current directory or that specified by the dest flag is writable by the user that executes hcdiag.
Ensure connectivity to the HashiCorp products that hcdiag needs to connect to during the run. Export any required environment variables for establishing connection or passing authentication tokens as necessary.
Decide on a duration for information gathering, noting that the default is to gather for up to 72 hours back in server log output. Adjust your needs as necessary with the -include-since flag. For example, to include only 24 hours of log output, invoke as:
```
$ hcdiag -nomad -include-since 24h
```
```
$ hcdiag -nomad -include-since 24h
```
Limit what is gathered with the -includes flag. For example, -includes /var/log/consul-*,/var/log/nomad-* instructs hcdiag to only gather logs matching the specified Consul and Nomad filename patterns.
Use the -dryrun flag to observe what hcdiag will do without anything actually being done for testing configuration and options.

»Examine the results

hcdiag generates an archive file with the troubleshooting data about the cluster in the current working directory.

Extract the archive.

$ tar xzf hcdiag-*.tar.gz

$ tar xzf hcdiag-*.tar.gz

Note: The extracted directory uses a timestamp as part of the filename. This means any references to it used in this tutorial will be different than what you will see on your local machine.

Navigate to the directory of the same name.

$ cd hcdiag-2022-03-03T172359Z

$ cd hcdiag-2022-03-03T172359Z

The directory contains the Manifest.json file, which includes information about the hcdiag run, including start and end time, duration, number of errors encountered, and the configuration options used.

{
    "started_at": "2022-03-03T17:23:59.379165952Z",
    "ended_at": "2022-03-03T17:24:33.695178553Z",
    "duration": "34.336700941 seconds",
    "num_errors": 0,
    "num_seekers": 9,
    "configuration": {
        "host_config": null,
        "products_config": null,
        "operating_system": "auto",
        "serial": false,
        "dry_run": false,
        "consul_enabled": false,
        "nomad_enabled": true,
        "terraform_ent_enabled": false,
        "vault_enabled": false,
        "includes": null,
        "include_from": "1970-01-01T00:00:00Z",
        "include_to": "2022-03-03T17:23:59.37916546Z",
        "destination": "."
    }
}

hcdiag-2022-03-03T172359Z/Manifest.json

{
    "started_at": "2022-03-03T17:23:59.379165952Z",
    "ended_at": "2022-03-03T17:24:33.695178553Z",
    "duration": "34.336700941 seconds",
    "num_errors": 0,
    "num_seekers": 9,
    "configuration": {
        "host_config": null,
        "products_config": null,
        "operating_system": "auto",
        "serial": false,
        "dry_run": false,
        "consul_enabled": false,
        "nomad_enabled": true,
        "terraform_ent_enabled": false,
        "vault_enabled": false,
        "includes": null,
        "include_from": "1970-01-01T00:00:00Z",
        "include_to": "2022-03-03T17:23:59.37916546Z",
        "destination": "."
    }
}

The directory also contains the Results.json file, which includes detailed information about the cluster, the nodes and their configurations, and other details about the environment. The example below has been snipped from the original output.

{
    "host": {
        "stats": {
            "runner": {
                "os": "linux"
            },
            "result": {
                "disk": [
                    {
                        "device": "overlay",
                        "mountpoint": "/",
                        "fstype": "overlay",
                        "opts": [
                            "rw",
                            "relatime"
                        ]
                    }
                ],
                ...snip...
                "host": {
                    "hostname": "57ad86696a15",
                    "uptime": 688427,
                    "bootTime": 1645639813,
                    "procs": 5,
                    "os": "linux",
                    "platform": "ubuntu",
                    "platformFamily": "debian",
                    "platformVersion": "20.04",
                    "kernelVersion": "5.10.47-linuxkit",
                    "kernelArch": "x86_64",
                    "virtualizationSystem": "docker",
                    "virtualizationRole": "guest",
                    "hostId": "b02242cb-0000-0000-ada9-5adcb8324189"
                },
                "memory": {
                    "total": 2081755136,
                    "available": 612855808,
                    "used": 1352024064,
                    "usedPercent": 64.94635419023652,
                    "free": 117100544,
                    "active": 593821696,
                    "inactive": 1176055808,
                    ...snip...
                },
                "uname": "#1 SMP Sat Jul 3 21:51:47 UTC 2021"
            },
            "error": ""
        }
    },
    "nomad": {
        "GET /v1/agent/members": {
            "runner": {
                "path": "/v1/agent/members",
                "client": {
                    "product": "nomad",
                    "baseurl": "http://127.0.0.1:4646"
                }
            },
            "result": {
                "Members": [
                    {
                        "Addr": "127.0.0.1",
                        "DelegateCur": 4,
                        "DelegateMax": 5,
                        "DelegateMin": 2,
                        "Name": "57ad86696a15.global",
                        "Port": 4648,
                        "ProtocolCur": 2,
                        "ProtocolMax": 5,
                        "ProtocolMin": 1,
                        "Status": "alive",
                        "Tags": {
                            "bootstrap": "1",
                            "build": "1.2.6",
                            "dc": "dc1",
                            "expect": "1",
                            "id": "bbb092e0-1265-df13-d6c3-8a34ee8a9ca8",
                            "mvn": "1",
                            "port": "4647",
                            "raft_vsn": "2",
                            "region": "global",
                            "role": "nomad",
                            "rpc_addr": "127.0.0.1",
                            "vsn": "1"
                        }
                    }
                ],
                "ServerDC": "dc1",
                "ServerName": "57ad86696a15",
                "ServerRegion": "global"
            },
            "error": ""
        },
        ...snip...
        "nomad node status -json": {
            "runner": {
                "command": "nomad node status -json"
            },
            "result": [
                {
                    "Address": "127.0.0.1",
                    "CreateIndex": 7,
                    "Datacenter": "dc1",
                    "Drain": false,
                    "Drivers": {
                        "docker": {
                            "Attributes": null,
                            "Detected": false,
                            "HealthDescription": "Failed to connect to docker daemon",
                            "Healthy": false,
                            "UpdateTime": "2022-03-03T17:21:33.954742403Z"
                        },
                        "exec": {
                            "Attributes": {
                                "driver.exec": "true"
                            },
                            "Detected": true,
                            "HealthDescription": "Healthy",
                            "Healthy": true,
                            "UpdateTime": "2022-03-03T17:21:33.954886082Z"
                        },
                        "java": {
                            "Attributes": null,
                            "Detected": false,
                            "HealthDescription": "",
                            "Healthy": false,
                            "UpdateTime": "2022-03-03T17:21:33.954630793Z"
                        },
                        "qemu": {
                            "Attributes": null,
                            "Detected": false,
                            "HealthDescription": "",
                            "Healthy": false,
                            "UpdateTime": "2022-03-03T17:21:33.954490615Z"
                        },
                        "raw_exec": {
                            "Attributes": {
                                "driver.raw_exec": "true"
                            },
                            "Detected": true,
                            "HealthDescription": "Healthy",
                            "Healthy": true,
                            "UpdateTime": "2022-03-03T17:21:33.954814412Z"
                        }
                    },
                    "ID": "45889c69-3fcc-a3c1-c6d2-403b09bf436e",
                    "LastDrain": null,
                    "ModifyIndex": 9,
                    "Name": "57ad86696a15",
                    "NodeClass": "",
                    "SchedulingEligibility": "eligible",
                    "Status": "ready",
                    "StatusDescription": "",
                    "Version": "1.2.6"
                }
            ],
            "error": ""
        },
        "nomad operator debug -output=hcdiag-2022-03-03T172359Z -duration=30s": {
            "runner": {
                "command": "nomad operator debug -output=hcdiag-2022-03-03T172359Z -duration=30s"
            },
            "result": "Starting debugger...\n\nNomad CLI Version: Nomad v1.2.6 (a6c6b475db5073e33885377b4a5c733e1161020c)\n           Region: \n        Namespace: \n          Servers: (1/1) [57ad86696a15.global]\n          Clients: (1/1) [45889c69-3fcc-a3c1-c6d2-403b09bf436e]\n         Interval: 30s\n         Duration: 30s\n\nCapturing cluster data...\nConsul - Collecting Consul API data from: http://127.0.0.1:8500\nUnable to contact Consul leader, skipping: Get \"http://127.0.0.1:8500/v1/status/leader\": dial tcp 127.0.0.1:8500: connect: connection refused\nVault - Collecting Vault API data from: https://vault.service.consul:8200\n    Capture interval 0000\nCreated debug directory: hcdiag-2022-03-03T172359Z/nomad-debug-2022-03-03-172359Z",
            "error": ""
        },
        "nomad version": {
            "runner": {
                "command": "nomad version"
            },
            "result": "Nomad v1.2.6 (a6c6b475db5073e33885377b4a5c733e1161020c)",
            "error": ""
        }
    }
}

hcdiag-2022-03-03T172359Z/Manifest.json

{
    "host": {
        "stats": {
            "runner": {
                "os": "linux"
            },
            "result": {
                "disk": [
                    {
                        "device": "overlay",
                        "mountpoint": "/",
                        "fstype": "overlay",
                        "opts": [
                            "rw",
                            "relatime"
                        ]
                    }
                ],
                ...snip...
                "host": {
                    "hostname": "57ad86696a15",
                    "uptime": 688427,
                    "bootTime": 1645639813,
                    "procs": 5,
                    "os": "linux",
                    "platform": "ubuntu",
                    "platformFamily": "debian",
                    "platformVersion": "20.04",
                    "kernelVersion": "5.10.47-linuxkit",
                    "kernelArch": "x86_64",
                    "virtualizationSystem": "docker",
                    "virtualizationRole": "guest",
                    "hostId": "b02242cb-0000-0000-ada9-5adcb8324189"
                },
                "memory": {
                    "total": 2081755136,
                    "available": 612855808,
                    "used": 1352024064,
                    "usedPercent": 64.94635419023652,
                    "free": 117100544,
                    "active": 593821696,
                    "inactive": 1176055808,
                    ...snip...
                },
                "uname": "#1 SMP Sat Jul 3 21:51:47 UTC 2021"
            },
            "error": ""
        }
    },
    "nomad": {
        "GET /v1/agent/members": {
            "runner": {
                "path": "/v1/agent/members",
                "client": {
                    "product": "nomad",
                    "baseurl": "http://127.0.0.1:4646"
                }
            },
            "result": {
                "Members": [
                    {
                        "Addr": "127.0.0.1",
                        "DelegateCur": 4,
                        "DelegateMax": 5,
                        "DelegateMin": 2,
                        "Name": "57ad86696a15.global",
                        "Port": 4648,
                        "ProtocolCur": 2,
                        "ProtocolMax": 5,
                        "ProtocolMin": 1,
                        "Status": "alive",
                        "Tags": {
                            "bootstrap": "1",
                            "build": "1.2.6",
                            "dc": "dc1",
                            "expect": "1",
                            "id": "bbb092e0-1265-df13-d6c3-8a34ee8a9ca8",
                            "mvn": "1",
                            "port": "4647",
                            "raft_vsn": "2",
                            "region": "global",
                            "role": "nomad",
                            "rpc_addr": "127.0.0.1",
                            "vsn": "1"
                        }
                    }
                ],
                "ServerDC": "dc1",
                "ServerName": "57ad86696a15",
                "ServerRegion": "global"
            },
            "error": ""
        },
        ...snip...
        "nomad node status -json": {
            "runner": {
                "command": "nomad node status -json"
            },
            "result": [
                {
                    "Address": "127.0.0.1",
                    "CreateIndex": 7,
                    "Datacenter": "dc1",
                    "Drain": false,
                    "Drivers": {
                        "docker": {
                            "Attributes": null,
                            "Detected": false,
                            "HealthDescription": "Failed to connect to docker daemon",
                            "Healthy": false,
                            "UpdateTime": "2022-03-03T17:21:33.954742403Z"
                        },
                        "exec": {
                            "Attributes": {
                                "driver.exec": "true"
                            },
                            "Detected": true,
                            "HealthDescription": "Healthy",
                            "Healthy": true,
                            "UpdateTime": "2022-03-03T17:21:33.954886082Z"
                        },
                        "java": {
                            "Attributes": null,
                            "Detected": false,
                            "HealthDescription": "",
                            "Healthy": false,
                            "UpdateTime": "2022-03-03T17:21:33.954630793Z"
                        },
                        "qemu": {
                            "Attributes": null,
                            "Detected": false,
                            "HealthDescription": "",
                            "Healthy": false,
                            "UpdateTime": "2022-03-03T17:21:33.954490615Z"
                        },
                        "raw_exec": {
                            "Attributes": {
                                "driver.raw_exec": "true"
                            },
                            "Detected": true,
                            "HealthDescription": "Healthy",
                            "Healthy": true,
                            "UpdateTime": "2022-03-03T17:21:33.954814412Z"
                        }
                    },
                    "ID": "45889c69-3fcc-a3c1-c6d2-403b09bf436e",
                    "LastDrain": null,
                    "ModifyIndex": 9,
                    "Name": "57ad86696a15",
                    "NodeClass": "",
                    "SchedulingEligibility": "eligible",
                    "Status": "ready",
                    "StatusDescription": "",
                    "Version": "1.2.6"
                }
            ],
            "error": ""
        },
        "nomad operator debug -output=hcdiag-2022-03-03T172359Z -duration=30s": {
            "runner": {
                "command": "nomad operator debug -output=hcdiag-2022-03-03T172359Z -duration=30s"
            },
            "result": "Starting debugger...\n\nNomad CLI Version: Nomad v1.2.6 (a6c6b475db5073e33885377b4a5c733e1161020c)\n           Region: \n        Namespace: \n          Servers: (1/1) [57ad86696a15.global]\n          Clients: (1/1) [45889c69-3fcc-a3c1-c6d2-403b09bf436e]\n         Interval: 30s\n         Duration: 30s\n\nCapturing cluster data...\nConsul - Collecting Consul API data from: http://127.0.0.1:8500\nUnable to contact Consul leader, skipping: Get \"http://127.0.0.1:8500/v1/status/leader\": dial tcp 127.0.0.1:8500: connect: connection refused\nVault - Collecting Vault API data from: https://vault.service.consul:8200\n    Capture interval 0000\nCreated debug directory: hcdiag-2022-03-03T172359Z/nomad-debug-2022-03-03-172359Z",
            "error": ""
        },
        "nomad version": {
            "runner": {
                "command": "nomad version"
            },
            "result": "Nomad v1.2.6 (a6c6b475db5073e33885377b4a5c733e1161020c)",
            "error": ""
        }
    }
}

Finally, the directory contains a sub-directory named nomad-debug-{TIMESTAMP}, which includes additional information about the cluster, clients, servers, and job-related components.

$ ls -l nomad-debug-2022-03-03-172359Z
total 24
drwxr-xr-x 3 root root 4096 Mar  3 17:41 client
drwxr-xr-x 2 root root 4096 Mar  3 17:41 cluster
-rw-r--r-- 1 root root 3799 Mar  3 17:24 index.html
-rw-r--r-- 1 root root 1504 Mar  3 17:24 index.json
drwxr-xr-x 3 root root 4096 Mar  3 17:41 interval
drwxr-xr-x 3 root root 4096 Mar  3 17:41 server

$ ls -l nomad-debug-2022-03-03-172359Z
total 24
drwxr-xr-x 3 root root 4096 Mar  3 17:41 client
drwxr-xr-x 2 root root 4096 Mar  3 17:41 cluster
-rw-r--r-- 1 root root 3799 Mar  3 17:24 index.html
-rw-r--r-- 1 root root 1504 Mar  3 17:24 index.json
drwxr-xr-x 3 root root 4096 Mar  3 17:41 interval
drwxr-xr-x 3 root root 4096 Mar  3 17:41 server

$ ls -l nomad-debug-2022-03-03-172359Z/cluster
total 44
-rw-r--r-- 1 root root  7052 Mar  3 17:24 agent-self.json
-rw-r--r-- 1 root root  4584 Mar  3 17:24 cli-flags.json
-rw-r--r-- 1 root root 11151 Mar  3 17:24 eventstream.json
-rw-r--r-- 1 root root   471 Mar  3 17:24 members.json
-rw-r--r-- 1 root root   104 Mar  3 17:24 namespaces.json
-rw-r--r-- 1 root root    10 Mar  3 17:24 regions.json
-rw-r--r-- 1 root root   139 Mar  3 17:24 vault-sys-health.json

$ ls -l nomad-debug-2022-03-03-172359Z/cluster
total 44
-rw-r--r-- 1 root root  7052 Mar  3 17:24 agent-self.json
-rw-r--r-- 1 root root  4584 Mar  3 17:24 cli-flags.json
-rw-r--r-- 1 root root 11151 Mar  3 17:24 eventstream.json
-rw-r--r-- 1 root root   471 Mar  3 17:24 members.json
-rw-r--r-- 1 root root   104 Mar  3 17:24 namespaces.json
-rw-r--r-- 1 root root    10 Mar  3 17:24 regions.json
-rw-r--r-- 1 root root   139 Mar  3 17:24 vault-sys-health.json

$ ls -l nomad-debug-2022-03-03-172359Z/interval/0000
total 60
-rw-r--r-- 1 root root     2 Mar  3 17:24 allocations.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 csi-plugins.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 csi-volumes.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 deployments.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 evaluations.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 jobs.json
-rw-r--r-- 1 root root    42 Mar  3 17:24 license.json
-rw-r--r-- 1 root root 16085 Mar  3 17:24 metrics.json
-rw-r--r-- 1 root root  1028 Mar  3 17:24 nodes.json
-rw-r--r-- 1 root root   119 Mar  3 17:24 operator-autopilot-health.json
-rw-r--r-- 1 root root   149 Mar  3 17:24 operator-raft.json
-rw-r--r-- 1 root root   378 Mar  3 17:24 operator-scheduler.json

$ ls -l nomad-debug-2022-03-03-172359Z/interval/0000
total 60
-rw-r--r-- 1 root root     2 Mar  3 17:24 allocations.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 csi-plugins.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 csi-volumes.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 deployments.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 evaluations.json
-rw-r--r-- 1 root root     2 Mar  3 17:24 jobs.json
-rw-r--r-- 1 root root    42 Mar  3 17:24 license.json
-rw-r--r-- 1 root root 16085 Mar  3 17:24 metrics.json
-rw-r--r-- 1 root root  1028 Mar  3 17:24 nodes.json
-rw-r--r-- 1 root root   119 Mar  3 17:24 operator-autopilot-health.json
-rw-r--r-- 1 root root   149 Mar  3 17:24 operator-raft.json
-rw-r--r-- 1 root root   378 Mar  3 17:24 operator-scheduler.json

»Additional Notes

hcdiag can also be run against an existing cluster by setting the appropriate environment variables on the machine running the tool. To do so, set the NOMAD_ADDR environment variable to the address of a server in the cluster and NOMAD_TOKEN to a token's SecretID with proper access if ACLs are enabled. The machine also needs to have the nomad binary available in the environment path.

»About ACLs

To complete a full diagnostic successfully with ACLs enabled, hcdiag should to be run with the management token. This is because one of the endpoints it queries is /v1/operator/raft/configuration, which explicitly requires the management token. Without that token, hcdiag will print a warning message in the output that references a 403 Forbidden error and skip the raft configuration endpoint.

[WARN]  hcdiag: result: seeker="GET /v1/operator/raft/configuration" result=%!s(<nil>) error="403 Forbidden"

[WARN]  hcdiag: result: seeker="GET /v1/operator/raft/configuration" result=%!s(<nil>) error="403 Forbidden"

Despite this warning, hcdiag can still be used as long as the token set in NOMAD_TOKEN has read permissions on the /agent, /nodes, /operator, and /plugins endpoints. The results will just be missing diagnostic information from the raft configuration endpoint.

The following policy can be used to grant the necessary permissions to the token.

agent {
    policy = "read"
}

node {
    policy = "read"
}

operator {
    policy = "read"
}

plugin {
    policy = "read"
}

agent {
    policy = "read"
}

node {
    policy = "read"
}

operator {
    policy = "read"
}

plugin {
    policy = "read"
}

»Cleanup

Exit the Ubuntu container to return to your terminal prompt.

$ exit

$ exit

Stop the Docker container. It will automatically be deleted because of the -rm flag passed to the docker run command used in the beginning of the tutorial.

$ docker stop nomad

$ docker stop nomad

»Next Steps

In this tutorial you learned about the hcdiag tool, how to use it to gather information about your Nomad cluster, and tips for using it in production.

For additional information about the tool, check out the the hcdiag GitHub repository.

There are also hcdiag guides for other HashiCorp tools including Vault, Terraform, and Consul.

Infrastructure

Security

Applications

Networking

cloud