Modified hcdiag configuration for use by HashiCorp with Customers.
The hcdiag-ext configuration (with hcdiag) can now be run on a remote host (eg laptop or desktop) as long as the host has network access to the cluster being queried and the necessary environment variables set. The remote execution ability removes the need to install anything on the cluster, significantly easing use and reducing concerns around security and change management.
You can either use the online version of these scripts hosted in GitHub pages at https://hashicorp.github.io/hcdiag-ext or download this repository and run the html files locally. All configuration generation and results parsing is handled with client side javascript. The only remote request is to load some fonts from https://fonts.googleapis.com to match HashiCorp branding.
The installation and execution can be summarised in just a few steps, but is explained in detail below this summary.
New for v0.6.x
Download hcdiag v0.5.0 manually and install on your PATH or use a package manager:
# Example RHEL package install steps
yum install -y yum-utils unzip
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
yum install hcdiag-0.5.0-1 -y
# Example Debian package install steps
apt update && apt install --yes curl gpg unzip
curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor > /tmp/hashicorp.gpg
mv /tmp/hashicorp.gpg /usr/share/keyrings/hashicorp-archive-keyring.gpg
chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
apt update
apt install hcdiag="0.5.0-1" --yes
For hcdiag-ext remote execution, you need to have the Vault binary locally to pass an initial hcdiag startup check:
# Example RHEL package install steps
yum install vault
# Example Debian package install steps
apt install vault
# Example Homebrew package install steps
brew install vault
# Example Chocolatey package install steps
choco install vault
The configurations generated in hcdiag-ext v0.6.x only make GET API requests and do not make hcdiag attempt to run any other commands. Privileged access to the product APIs is required to provide complete results.
hcdiag_terraform_configuration.hcl
TFE_TOKEN
and TFE_HTTP_ADDR
environment variables so hcdiag can query the product
hcdiag run -terraform-ent -config /path/to/hcdiag_terraform_configuration.hcl
ℹ️ To get accurate data, you must know the Vault subscription start time in the format YYYY-MM-DD
.
hcdiag_vault_configuration.hcl
VAULT_TOKEN
and VAULT_ADDR
environment variables so hcdiag can query the product
hcdiag_vault_policy.hcl
to ensure the principle of least privilegehcdiag run -vault -config /path/to/hcdiag_vault_configuration.hcl
results.json
file from the product instance to your local machine