The `consul agent` command is the heart of Consul: it runs the agent that performs the important task of maintaining membership information, running checks, announcing services, handling queries, etc.

Commands: Agent

agent

Commands: Debug

debug

The event command provides a mechanism to fire a custom user event to an entire datacenter. These events are opaque to Consul, but they can be used to build scripting infrastructure to do automated deploys, restart services, or perform any other orchestration action. Events can be handled by using a watch.

Commands: Event

event

The exec command provides a mechanism for remote execution. For example, this can be used to run the `uptime` command across all machines providing the `web` service.

Commands: Exec

exec

The `force-leave` command forces a member of a Consul cluster to enter the left state. If the member is still actually alive, it will eventually rejoin the cluster. The true purpose of this method is to force remove failed nodes.

Commands: Force Leave

force-leave

Consul is controlled via a very easy to use command-line interface (CLI). Consul is only a single command-line application: `consul`. This application then takes a subcommand such as agent or members. The complete list of subcommands is in the navigation to the left.

Commands

Commands (CLI)

The `info` command provides various debugging information that can be useful to operators. Depending on if the agent is a client or server, information about different sub-systems will be returned.

Commands: Info

info

The `join` command tells a Consul agent to join an existing cluster. A new Consul agent may join any node in the existing cluster. After joining with one member, the gossip communication will propagate the updated membership state across the cluster.

Commands: Join

join

The `keygen` command generates an encryption key that can be used for Consul agent traffic encryption. The keygen command uses a cryptographically strong pseudo-random number generator to generate the key.

Commands: Keygen

keygen

Commands: Keyring

keyring

The `leave` command triggers a graceful leave and shutdown of the agent. It is used to ensure other nodes see the agent as left instead of failed. Nodes that leave will not attempt to re-join the cluster on restarting with a snapshot.

Commands: Leave

leave

The license command provides datacenter-level management of the Consul Enterprise license.


Commands: License

license

The lock command provides a mechanism for leader election, mutual exclusion, or worker pools. For example, this can be used to ensure a maximum number of services running at once across a cluster.

Commands: Lock

lock

The `login` command will exchange the provided third party credentials with the requested auth method for a newly minted Consul ACL token.


Commands: Login

login

The `logout` command will destroy the provided token if it was created from `consul login`.


Commands: Logout

logout

The `maint` command provides control of both service and node maintenance mode


Commands: Maint

maint

The `members` command outputs the current list of members that a Consul agent knows about, along with their state. The state of a node can only be alive, left, or failed.

Commands: Members

members

The `monitor` command is used to connect and follow the logs of a running Consul agent. Monitor will show the recent logs and then continue to follow the logs, not exiting until interrupted or until the remote agent quits.

Commands: Monitor

monitor

The `reload` command triggers a reload of configuration files for the agent.

Commands: Reload

reload

The rtt command estimates the network round trip time between two nodes.


Commands: RTT

The `consul validate` command tests that config files are valid by attempting to parse them. Useful to ensure a configuration change will not cause consul to fail after a restart.


Commands: Validate

validate

The `version` command prints the version of Consul and the protocol versions it understands for speaking to other agents.

Commands: Version

version

The `watch` command provides a mechanism to watch for changes in a particular data view (list of nodes, service members, key value, etc) and to invoke a process with the latest values of the view. If no process is specified, the current values are dumped to stdout which can be a useful way to inspect data in Consul.

Commands: Watch

watch

Commands: TLS CA Create

Commands: TLS Cert Create

cert

Commands: TLS

Commands: Snapshot Agent

Commands: Snapshot

snapshot

Commands: Snapshot Inspect

inspect

Commands: Snapshot Restore

restore

Commands: Snapshot Save

save

Commands: Services Deregister

deregister

Commands: Services

services

Commands: Services Register

register

The operator area command is used to interact with Consul's network area subsystem.


Commands: Operator Area

area

The operator autopilot subcommand is used to view and modify Consul's Autopilot configuration.


Commands: Operator Autopilot

autopilot

The operator command provides cluster-level tools for Consul operators.


Commands: Operator

operator

The operator raft subcommand is used to view and modify Consul's Raft configuration.


Commands: Operator Raft

raft

Commands: Namespace Create

create

Commands: Namespace Delete

delete

The namespace command provides management of Consul Enterprise namespaces.


Commands: Namespace

namespace

Commands: Namespace List

list

Commands: Namespace Read

read

Commands: Namespace Update

update

Commands: Namespace Write

write

Commands: KV Delete

Commands: KV Export

export

Commands: KV Get

Commands: KV Import

import

Commands: KV

Commands: KV Put

Commands: Intention Check

check

Commands: Intention Create

Commands: Intention Delete

Commands: Intention Get

Commands: Intention

intention

Commands: Intention List

Commands: Intention Match

match

The connect CA subcommand is used to view and modify the Connect Certificate Authority (CA) configuration.


Commands: Connect CA

The connect proxy subcommand is used to run the Envoy proxy for Connect.

Commands: Connect Proxy

envoy

The connect expose subcommand is used to expose a Connect-enabled service  through an Ingress gateway by modifying the gateway's configuration and adding an intention to allow traffic from the gateway to the service.


Commands: Connect Expose

expose

Commands: Connect

connect

The connect proxy subcommand is used to run the built-in mTLS proxy for Connect.


»Consul ACL Binding Rules

»Usage

»Identifying Binding Rules

»Basic Examples