Document unauth pprof and the new pprof endpoints. (#11413)

2021-04-21 15:21:59 -04:00 · 2021-04-21 15:21:59 -04:00 · a62202eb87
parent 81744c4094
commit a62202eb87
2 changed files with 101 additions and 1 deletions
--- a/website/content/api-docs/system/pprof.mdx
+++ b/website/content/api-docs/system/pprof.mdx
@ -26,6 +26,44 @@ $ curl \
    http://127.0.0.1:8200/v1/sys/pprof/
 ```

+## Allocs
+
+This endpoint returns a sampling of historical memory allocations over the life
+of the program.
+
+| Method | Path              |
+| :----- | :---------------- |
+| `GET`  | `/sys/pprof/allocs` |
+
+### Sample Request
+
+```shell-session
+$ curl \
+    --header "X-Vault-Token: ..." \
+    http://127.0.0.1:8200/v1/sys/pprof/allocs
+```
+
+## Block
+
+This endpoint returns a sampling of goroutines involved in blocking on
+synchronization primitives.
+
+It is included for completeness, but since Vault doesn't normally enable
+collection of this data, it won't return anything useful with the standard
+Vault binary.
+
+| Method | Path              |
+| :----- | :---------------- |
+| `GET`  | `/sys/pprof/block` |
+
+### Sample Request
+
+```shell-session
+$ curl \
+    --header "X-Vault-Token: ..." \
+    http://127.0.0.1:8200/v1/sys/pprof/block
+```
+
 ## Cmdline

 This endpoint returns the running program's command line, with arguments
@ -51,6 +89,12 @@ This endpoint returns stack traces of all current goroutines.
 | :----- | :--------------------- |
 | `GET`  | `/sys/pprof/goroutine` |

+### Parameters
+
+- `debug` `(int: 0)` - Specifies special arguments for the collection.
+A value of `2` results in the stack traces being returned as text
+instead of the default pprof format.
+
 ### Sample Request

 ```shell-session
@ -75,6 +119,26 @@ $ curl \
    http://127.0.0.1:8200/v1/sys/pprof/heap
 ```

+## Mutex
+
+This endpoint returns a sampling of goroutines holding contended mutexes.
+
+It is included for completeness, but since Vault doesn't normally enable
+collection of this data, it won't return anything useful with the standard
+Vault binary.
+
+| Method | Path              |
+| :----- | :---------------- |
+| `GET`  | `/sys/pprof/mutex` |
+
+### Sample Request
+
+```shell-session
+$ curl \
+    --header "X-Vault-Token: ..." \
+    http://127.0.0.1:8200/v1/sys/pprof/mutex
+```
+
 ## Profile

 This endpoint returns a pprof-formatted cpu profile payload. Profiling
@ -114,6 +178,24 @@ $ curl \
    http://127.0.0.1:8200/v1/sys/pprof/symbol
 ```

+## Threadcreate
+
+This endpoint returns stack traces of goroutines that led to the creation of
+new OS threads.
+
+| Method | Path                   |
+| :----- | :--------------------- |
+| `GET`  | `/sys/pprof/threadcreate` |
+
+### Sample Request
+
+```shell-session
+$ curl \
+    --header "X-Vault-Token: ..." \
+    http://127.0.0.1:8200/v1/sys/pprof/threadcreate
+```
+
+
 ## Trace

 This endpoint returns the execution trace in binary form. Tracing lasts
--- a/website/content/docs/configuration/listener/tcp.mdx
+++ b/website/content/docs/configuration/listener/tcp.mdx
@ -141,9 +141,14 @@ advertise the correct address to other nodes.

 ### `telemetry` Parameters

- `unauthenticated_metrics_access` `(string: "false")` - If set to true, allows
+- `unauthenticated_metrics_access` `(bool: false)` - If set to true, allows
  unauthenticated access to the `/v1/sys/metrics` endpoint.

+### `profiling` Parameters
+
+- `unauthenticated_pprof_access` `(bool: false)` - If set to true, allows
+  unauthenticated access to the `/v1/sys/pprof` endpoint.
+
 ## `tcp` Listener Examples

 ### Configuring TLS
@ -187,6 +192,19 @@ listener "tcp" {
 }
 ```

+### Configuring unauthenticated profiling access
+
+This example shows enabling unauthenticated profiling access.
+
+```hcl
+listener "tcp" {
+  profiling {
+    unauthenticated_pprof_access = true
+  }
+}
+```
+
+
 ### Listening on all IPv6 & IPv4 Interfaces

 This example shows Vault listening on all IPv4 & IPv6 interfaces including localhost.