debug command builds an archive containing Nomad cluster
configuration and state information, Nomad server and client node
logs, and pprof profiles from the selected servers and client nodes.
If no selection option is specified, the debug archive contains only cluster meta information.
nomad debug [options]
This command accepts comma separated
node-id IDs for
monitoring and pprof profiling. If IDs are provided, the command will
monitor logs for the
duration, saving a snapshot of Nomad state
interval. Captured logs and configurations are subjected to
redaction, but may still contain sensitive information and the archive
contents should be reviewed before sharing.
output path is provided,
debug will create a timestamped
directory in that path instead of an archive. By default, the command
creates a compressed tar archive in the current directory.
Consul and Vault status and version information are included if configured.
-address=<addr>: The address of the Nomad server. Overrides the
NOMAD_ADDRenvironment variable if set. Defaults to
-region=<region>: The region of the Nomad server to forward commands to. Overrides the
NOMAD_REGIONenvironment variable if set. Defaults to the Agent's local region.
-no-color: Disables colored command output. Alternatively,
NOMAD_CLI_NO_COLORmay be set.
-ca-cert=<path>: Path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate. Overrides the
NOMAD_CACERTenvironment variable if set.
-ca-path=<path>: Path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate. If both
-ca-certis used. Overrides the
NOMAD_CAPATHenvironment variable if set.
-client-cert=<path>: Path to a PEM encoded client certificate for TLS authentication to the Nomad server. Must also specify
-client-key. Overrides the
NOMAD_CLIENT_CERTenvironment variable if set.
-client-key=<path>: Path to an unencrypted PEM encoded private key matching the client certificate from
-client-cert. Overrides the
NOMAD_CLIENT_KEYenvironment variable if set.
-tls-server-name=<value>: The server name to use as the SNI host when connecting via TLS. Overrides the
NOMAD_TLS_SERVER_NAMEenvironment variable if set.
-tls-skip-verify: Do not verify TLS certificate. This is highly not recommended. Verification will also be skipped if
-token: The SecretID of an ACL token to use to authenticate API requests with. Overrides the
NOMAD_TOKENenvironment variable if set.
-duration=2m: Set the duration of the log monitor command. Defaults to
"2m". Logs will be captured from specified servers and nodes at
-interval=2m: The interval between snapshots of the Nomad state. If unspecified, only one snapshot is captured.
-log-level=DEBUG: The log level to monitor. Defaults to
-node-id=n1,n2: Comma separated list of Nomad client node ids, to monitor for logs and include pprof data. Accepts id prefixes.
-server-id=s1,s2: Comma separated list of Nomad server names, or the special server name "leader" to monitor for logs and include pprof data.
-output=path: Path to the parent directory of the output directory. Defaults to the current directory. If specified, no archive is built.
-consul-token: Token used to query Consul. Defaults to
-vault-token: Token used to query Vault. Defaults to
This command prints the name of the timestamped archive file produced.
$ nomad debug -duration 20s -interval 5s -server-id leader -node-id 6e,dd Created debug archive: nomad-debug-2020-06-10-145821Z.tar.gz