diff --git a/.changelog/15988.txt b/.changelog/15988.txt new file mode 100644 index 00000000000..a5df03ad687 --- /dev/null +++ b/.changelog/15988.txt @@ -0,0 +1,3 @@ +```release-note:improvements +cli: Added a flag, `-enable-config-gen-logging`, to the `connect envoy` command to display log messages when generating the bootstrap config. +``` diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go index 27cb5255332..3c994513703 100644 --- a/command/connect/envoy/envoy.go +++ b/command/connect/envoy/envoy.go @@ -9,6 +9,7 @@ import ( "os/exec" "strings" + "github.com/hashicorp/go-hclog" "github.com/mitchellh/cli" "github.com/mitchellh/mapstructure" @@ -36,6 +37,7 @@ type cmd struct { http *flags.HTTPFlags help string client *api.Client + logger hclog.Logger // flags meshGateway bool @@ -56,6 +58,7 @@ type cmd struct { prometheusCAPath string prometheusCertFile string prometheusKeyFile string + enableLogging bool // mesh gateway registration information register bool @@ -199,6 +202,9 @@ func (c *cmd) init() { "Path to a private key file for Envoy to use when serving TLS on the Prometheus metrics endpoint. "+ "Only applicable when envoy_prometheus_bind_addr is set in proxy config.") + c.flags.BoolVar(&c.enableLogging, "enable-config-gen-logging", false, + "Output debug log messages during config generation") + c.http = &flags.HTTPFlags{} flags.Merge(c.flags, c.http.ClientFlags()) flags.Merge(c.flags, c.http.MultiTenancyFlags()) @@ -255,11 +261,18 @@ func (c *cmd) Run(args []string) int { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) return 1 } + // TODO: refactor return c.run(c.flags.Args()) } func (c *cmd) run(args []string) int { + opts := hclog.LoggerOptions{Level: hclog.Error} + if c.enableLogging { + opts.Level = hclog.Debug + } + c.logger = hclog.New(&opts) + c.logger.Debug("Starting Envoy config generation") if c.nodeName != "" && c.proxyID == "" { c.UI.Error("'-node-name' requires '-proxy-id'") @@ -324,6 +337,7 @@ func (c *cmd) run(args []string) int { c.proxyID = c.gatewaySvcName } + c.logger.Debug("Set Proxy ID", "proxy-id", c.proxyID) } if c.proxyID == "" { c.UI.Error("No proxy ID specified. One of -proxy-id, -sidecar-for, or -gateway is " + @@ -417,6 +431,7 @@ func (c *cmd) run(args []string) int { c.UI.Error(fmt.Sprintf("Error registering service %q: %s", svc.Name, err)) return 1 } + c.logger.Debug("Proxy registration complete") if !c.bootstrap { // We need stdout to be reserved exclusively for the JSON blob, so @@ -426,6 +441,7 @@ func (c *cmd) run(args []string) int { } // Generate config + c.logger.Debug("Generating bootstrap config") bootstrapJson, err := c.generateConfig() if err != nil { c.UI.Error(err.Error()) @@ -434,17 +450,20 @@ func (c *cmd) run(args []string) int { if c.bootstrap { // Just output it and we are done + c.logger.Debug("Outputting bootstrap config") c.UI.Output(string(bootstrapJson)) return 0 } // Find Envoy binary + c.logger.Debug("Finding envoy binary") binary, err := c.findBinary() if err != nil { c.UI.Error("Couldn't find envoy binary: " + err.Error()) return 1 } + c.logger.Debug("Executing envoy binary") err = execEnvoy(binary, nil, args, bootstrapJson) if err == errUnsupportedOS { c.UI.Error("Directly running Envoy is only supported on linux and macOS " + @@ -551,6 +570,7 @@ func (c *cmd) generateConfig() ([]byte, error) { if err != nil { return nil, err } + c.logger.Debug("Generated template args") var bsCfg BootstrapConfig @@ -588,6 +608,7 @@ func (c *cmd) generateConfig() ([]byte, error) { datacenter = svcList.Node.Datacenter c.gatewayKind = svcList.Services[0].Kind } + c.logger.Debug("Fetched registration info") if svcProxyConfig == nil { return nil, errors.New("service is not a Connect proxy or gateway") } diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx index 996886df6f7..74dc754c43c 100644 --- a/website/content/commands/connect/envoy.mdx +++ b/website/content/commands/connect/envoy.mdx @@ -110,6 +110,8 @@ Usage: `consul connect envoy [options] [-- pass-through options]` always specifies `--config-file` and `--v2-config-only` and by default passes `--disable-hot-restart` see [hot restart](#envoy-hot-restart). +- `-enable-config-gen-logging` - This flag enables debug message logging when generating the Envoy bootstrap configuration to help troubleshoot issues. Logs output to `stderr`. For more information about generating the Envoy bootstrap configuration, refer to [Envoy proxy configuration](/consul/docs/connect/proxies/envoy#bootstrap-configuration). + #### Envoy Sidecar Proxy Options - `-sidecar-for` - The _ID_ (not name if they differ) of the service instance diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 7f9dfe47a65..154f017ecb0 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -108,11 +108,17 @@ If TLS is enabled on Consul, you will also need to add the following environment ## Bootstrap Configuration -Envoy requires an initial bootstrap configuration file. The easiest way to -create this is using the [`consul connect envoy` -command](/commands/connect/envoy). The command can either output the -bootstrap configuration directly to stdout, or generate the configuration and issue an `exec` command -to the Envoy binary as a convenience wrapper. +Envoy requires an initial bootstrap configuration file. You can either create the file manually using the Consul command line or configure Consul Dataplane to generate the file. + +### Generate the bootstrap file on the Consul CLI + +Connect to a local Consul client agent and run the [`consul connect envoy` command](/consul/commands/connect/envoy) to create the Envoy bootstrap configuration. The command either outputs the bootstrap configuration directly to stdout or generates the configuration and issues an `exec` command to the Envoy binary as a convenience wrapper. For more information about using `exec` to bootstrap Envoy, refer to [Exec Security Details](/consul/commands/connect/envoy#exec-security-details). + +If you experience issues when bootstrapping Envoy proxies from the CLI, use the +`-enable-config-gen-logging` flag to enable debug message logging. These logs can +help you troubleshoot issues that occur during the bootstrapping process. +For more information about available flags and parameters, refer to the +[`consul connect envoy CLI` reference](/consul/commands/connect/envoy). Because some Envoy configuration options, such as metrics and tracing sinks, can only be specified via the bootstrap configuration, Connect as of Consul 1.5.0 adds