The information contained in this article has been verified as up-to-date on the date of the original publication of the article. HashiCorp endeavors to keep this information up-to-date and correct, but it makes no representations or warranties of any kind, express or implied, about the ongoing completeness, accuracy, reliability, or suitability of the information provided.
All information contained in this article is for general information purposes only. Any reliance you place on such information as it applies to your use of your HashiCorp product is therefore strictly at your own risk.
Introduction
This article is intended to be used as a guide outlining the major configuration changes necessary to configure Consul and Envoy to be monitored using Datadog agent.
Table of Contents
- Datadog Configuration Files
- Enable Consul Telemetry
- Enable Consul and Envoy Logging to File
- Expose Envoy Sidecar Proxy Metrics
- Create Datadog Account
- Create Datadog API Key
- Installing Datadog Agent on Host VM
- Configure Datadog Agent for Consul Metrics Capture
- Configure Datadog Agent for Envoy Metrics Capture
- Verify Consul to Datadog Agent Communication
- Verify Envoy to Datadog Agent Communication
Prerequisites
- Datadog Account and Login Info
- Linux OS Administrative User Access
- Running Consul Cluster using VMs
- Consul Connect Enabled
- Envoy Running as Sidecar Proxy for Connect Environment
- Shell Access to VMs hosting Consul
Datadog Configuration Files
| File | Default Path | Description |
| datadog.yaml | /etc/datadog-agent/datadog.yaml |
Holds Datadog's central configuration options for root agent configuration parameters. |
| consul.d/conf.yaml | /etc/datadog-agent/conf.d/consul.d/conf.yaml |
Houses Consul specific Datadog configurations to capture /v1/agent/metrics data and Logs. |
| envoy.d/conf.yaml | /etc/datadog-agent/conf.d/envoy.d/conf.yaml |
Houses Envoy specific Datadog configurations to capture /stats and /stats/prometheus metrics data and Envoy logs. |
Enable Consul Telemetry
Configure each Consul agent to expose and capture local agent metrics with Prometheus and DogstatsD:
telemetry = {
prometheus_retention_time = "1h"
dogstatsd_addr = "127.0.0.1:8125"
}
If agent configuration entry for telemetry required updating, restart of Consul agent is required. Ensure, if restarting servers, to perform rolling-reboot of servers ensuring that the current Raft leader is restarted last.
sudo systemctl restart consul
Enable Consul and Envoy Logging to File
Consul Agent Configuration File
Ensure the following entries are set in any Consul agent configuration files that are desired for log exports to Datadog.
log_level = "DEBUG"
syslog_facility = "LOCAL1"
log_file = "/var/log/consul/consul.log"
Envoy Extra Args
Ensure any Envoy sidecar proxies are set to log at the desired level and to a known accessible log location. Below example uses the following extra arguments as an amendment to the consul connect envoy command:
-- --log-level trace --log-path /var/log/envoy/web-proxy.log --component-log-level upstream:trace,http:trace,router:trace,config:trace
# Example Sidecar Extra Config for Logging
consul connect envoy -sidecar-for web-1 -- --log-level trace --log-path /var/log/envoy/backend-proxy.log --component-log-level upstream:trace,http:trace,router:trace,config:trace
Expose Envoy Sidecar Proxy Metrics
Proxy Defaults |
# File: proxy-defaults.hcl |
Sidecar Specific |
# web.hcl - web service and sidecar proxy registration |
If using global enablement, ensure to write configuration changes to Consul:
consul config write proxy-defaults.hcl
Re-run/restart Envoy's bootstrap from consul connect envoy command.
# systemd for web-sidecar-proxy
# ExecStart=consul connect envoy -sidecar-for web-1 -address
systemctl restart web-sidecar-proxy
Create Datadog Account
Create a Datadog account following the instructions found on Datadog's website.
Create Datadog API Key
To add a Datadog API key:
- Login to Datadog using your account's username and password.
- Navigate to Organization settings, then click the API keys tab.
- Click the New Key button.
- Enter a name for your key or token.
- Click Create API key.
- Take note of Key ID for later use when installing and configuring agent.
Official Datadog procedure found here.
Installing Datadog Agent on Host VM
There are two methods for installing and configuring the Datadog agent daemon on the Host Virtual Machine. Automatically using an s3 maintained script or manually. The steps below go through manually configuring Datadog to capture the concepts of configuration and generate the required Consul and Envoy specific files and directories.
- If not already done, copy Key ID from Step 6 of Create Datadog API Key above.
- Continue with configuration steps below.
Install and Configure Datadog for Consul and Envoy
-
Set up apt so that it can download through https and install
curlandgnupg:sudo apt-get update sudo apt-get install apt-transport-https curl gnupg -
Set up the Datadog deb repo on your system and create a Datadog archive keyring:
sudo sh -c "echo 'deb [signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg] https://apt.datadoghq.com/ stable 7' > /etc/apt/sources.list.d/datadog.list" sudo touch /usr/share/keyrings/datadog-archive-keyring.gpg sudo chmod a+r /usr/share/keyrings/datadog-archive-keyring.gpg curl https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public | sudo gpg --no-default-keyring --keyring /usr/share/keyrings/datadog-archive-keyring.gpg --import --batch curl https://keys.datadoghq.com/DATADOG_APT_KEY_382E94DE.public | sudo gpg --no-default-keyring --keyring /usr/share/keyrings/datadog-archive-keyring.gpg --import --batch curl https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public | sudo gpg --no-default-keyring --keyring /usr/share/keyrings/datadog-archive-keyring.gpg --import --batch -
Update your local apt repo and install the Agent:
sudo apt-get update sudo apt-get install datadog-agent datadog-signing-keys -
Copy the example datadog.yaml config into place and plug in your API key
sudo sh -c "sed 's/api_key:.*/api_key: "${DD_API_KEY}"/' /etc/datadog-agent/datadog.yaml.example > /etc/datadog-agent/datadog.yaml" -
Configure your Datadog region:
sudo sh -c "sed -i 's/# site:.*/site: datadoghq.com/' /etc/datadog-agent/datadog.yaml" -
Ensure permissions are correct:
sudo sh -c "chown dd-agent:dd-agent /etc/datadog-agent/datadog.yaml && chmod 640 /etc/datadog-agent/datadog.yaml" -
Create Consul specific Datadog configuration directory:
sudo mkdir --parents /etc/datadog-agent/conf.d/consul.d -
Create Envoy specific Datadog configuration directory:
sudo mkdir --parents /etc/datadog-agent/conf.d/envoy.d -
Add consul group permissions to dd-agent user to allow Datadog agent to stream Consul and Envoy logs:
sudo usermod --append --groups=consul dd-agent -
Start the Agent:
sudo systemctl restart datadog-agent.service
Configure Datadog for Consul Metrics Capturing
The core datadog.yaml configuration file needs some configuration before the Datadog agent can capture and export metrics to datadoghq.com.
-
Open and configure
/etc/datadog-agent/datadog.yamlfor Consul metrics capturing and log capturing:api_key: <YOUR_API_KEY_ID_HERE>
site: datadoghq.com
logs_enabled: true
histogram_percentiles: ["0.10", "0.20", "0.30", "0.40", "0.50", "0.60", "0.70", "0.80", "0.90", "0.95", "0.99"]
dogstatsd_mapper_profiles:
- name: consul
prefix: "consul."
mappings:
- match: 'consul\.http\.([a-zA-Z]+)\.(.*)'
match_type: "regex"
name: "consul.http.request"
tags:
method: "$1"
path: "$2"
- match: 'consul\.raft\.replication\.appendEntries\.logs\.([0-9a-f-]+)'
match_type: "regex"
name: "consul.raft.replication.appendEntries.logs"
tags:
peer_id: "$1"
- match: 'consul\.raft\.replication\.appendEntries\.rpc\.([0-9a-f-]+)'
match_type: "regex"
name: "consul.raft.replication.appendEntries.rpc"
tags:
peer_id: "$1"
- match: 'consul\.raft\.replication\.heartbeat\.([0-9a-f-]+)'
match_type: "regex"
name: "consul.raft.replication.heartbeat"
tags:
peer_id: "$1" -
Create and configure
/etc/datadog-agent/conf.d/consul.d/conf.yamlfile for Consul agent metrics and logging:init_config:
instances:
- url: <https://localhost:8501|http://localhost:8500>
self_leader_check: true
network_latency_check: true
catalog_checks: true
auth_type: "basic"
service: "consul"
# If using ACLs and/or RPC TLS Uncomment Below and Configure
# acl_token: <acl_token_for_metrics_access>
# tls_ca_cert: "/etc/consul.d/tls/consul-agent-ca.pem"
# tls_cert: "/etc/consul.d/tls/consul.pem"
# tls_private_key: "/etc/consul.d/tls/consul-key.pem"
logs:
- path: /var/log/consul/*.log
service: consul
source: consul
type: fileConfigure Datadog for Envoy Metrics Capturing
-
Create and configure
/etc/datadog-agent/envoy.d/conf.yamlfile for Envoy metrics and logging:init_config:
instances:
- openmetrics_endpoint: http://127.0.0.1:9102/metrics
logs:
- path: /var/log/envoy/*.log
service: envoy
source: envoy
type: file -
Restart the Datadog Agent:
sudo systemctl restart datadog-agent.service
Verify Consul to Datadog Agent Communication
Verify UDP DogstatsD Connection is Established with Consul
sudo netstat -nup | grep "127.0.0.1:8125.*ESTABLISHED"
udp 0 0 127.0.0.1:53874 127.0.0.1:8125 ESTABLISHED 23176/consul
sudo -u dd-agent -- datadog-agent check consul
Verify Envoy to Datadog Agent Communication
Verify UDP DogstatsD Connection is Established with Consul
sudo -u dd-agent -- datadog-agent check envoy
Next - Explore Datadog Integration Features
Install Consul and Envoy integrations from Integrations menu within DD UI to retrieve any preset Consul or Envoy Dashboards.
This part is somewhat customized and can get complicated. This will depend on the use-case and can be very custom to whatever needs are necessary.
References: