Add a debug endpoint for collecting performance statistics and profiles. (#1461)

When `kolide serve --debug` is used, additional handlers will be started to
 provide access to profiling tools. These endpoints are authenticated with a
 randomly generated token that is printed to the Kolide logs at startup. The
 profiling tools are not intended for general use, but they may be useful when
 providing performance-related bug reports to the Kolide developers.

CHANGELOG.md

@@ -1,3 +1,7 @@
+* Add a debug endpoint for collecting performance statistics and profiles.
+
+  When `kolide serve --debug` is used, additional handlers will be started to provide access to profiling tools. These endpoints are authenticated with a randomly generated token that is printed to the Kolide logs at startup. These profiling tools are not intended for general use, but they may be useful when providing performance-related bug reports to the Kolide developers.
+
 * Add a workaround for CentOS6 detection.
 
   osquery 2.3.2 incorrectly reports an empty value for `platform` on CentOS6 hosts. We added a workaround to properly detect platform in Kolide, and also [submitted a fix](https://github.com/facebook/osquery/pull/3071) to upstream osquery.

cli/serve.go

@@ -4,12 +4,14 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net/http"
+	"net/url"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 
 	"github.com/WatchBeam/clock"
+	"github.com/e-dard/netbug"
 	kitlog "github.com/go-kit/kit/log"
 	kitprometheus "github.com/go-kit/kit/metrics/prometheus"
 	"github.com/kolide/kolide/server/config"
@@ -33,6 +35,9 @@ type initializer interface {
 }
 
 func createServeCmd(configManager config.Manager) *cobra.Command {
+	// Whether to enable the debug endpoints
+	debug := false
+
 	serveCmd := &cobra.Command{
 		Use:   "serve",
 		Short: "Launch the kolide server",
@@ -183,6 +188,17 @@ the way that the kolide server works.
 			r.Handle("/api/", apiHandler)
 			r.Handle("/", frontendHandler)
 
+			if debug {
+				// Add debug endpoints with a random
+				// authorization token
+				debugToken, err := kolide.RandomText(24)
+				if err != nil {
+					initFatal(err, "generating debug token")
+				}
+				r.Handle("/debug/", http.StripPrefix("/debug/", netbug.AuthHandler(debugToken)))
+				fmt.Printf("*** Debug mode enabled ***\nAccess the debug endpoints at /debug/?token=%s\n", url.QueryEscape(debugToken))
+			}
+
 			srv := &http.Server{
 				Addr:              config.Server.Address,
 				Handler:           r,
@@ -219,6 +235,8 @@ the way that the kolide server works.
 		},
 	}
 
+	serveCmd.PersistentFlags().BoolVar(&debug, "debug", false, "Enable debug endpoints")
+
 	return serveCmd
 }
 

docs/third-party/licenses.md

@@ -367,6 +367,7 @@ Third-Party Licenses
 | [github.com/beorn7/perks](https://github.com/beorn7/perks) | [MIT](https://opensource.org/licenses/MIT) |
 | [github.com/davecgh/go-spew](https://github.com/davecgh/go-spew) | [ISC](https://opensource.org/licenses/ISC) |
 | [github.com/dgrijalva/jwt-go](https://github.com/dgrijalva/jwt-go) | [MIT](https://opensource.org/licenses/MIT) |
+| [github.com/e-dard/netbug](https://github.com/e-dard/netbug) | [MIT](https://opensource.org/licenses/MIT) |
 | [github.com/elazarl/go-bindata-assetfs](https://github.com/elazarl/go-bindata-assetfs) | [FreeBSD](https://opensource.org/licenses/BSD-2-Clause) |
 | [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | [NewBSD](https://opensource.org/licenses/BSD-3-Clause) |
 | [github.com/garyburd/redigo](https://github.com/garyburd/redigo) | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) |

glide.lock

@@ -1,5 +1,5 @@
-hash: f3cd6c2e30f6c19975df5373a3fd6132d5672273718275c6ecf4dfbe4993b149
-updated: 2017-03-14T10:36:42.833374871-07:00
+hash: 08220902abb9783f0474c20495d92f407f4028b56ab95879b867c0dec4aab7cc
+updated: 2017-03-29T10:16:52.853564516-07:00
 imports:
 - name: github.com/alecthomas/template
   version: a0175ee3bccc567396460bf5acd36800cb10c49c
@@ -17,6 +17,8 @@ imports:
   - spew
 - name: github.com/dgrijalva/jwt-go
   version: 01aeca54ebda6e0fbfafd0a524d234159c05ec20
+- name: github.com/e-dard/netbug
+  version: e64d308a0b205c901264e88a10e70d64acb1810d
 - name: github.com/elazarl/go-bindata-assetfs
   version: 9a6736ed45b44bf3835afeebb3034b57ed329f3e
 - name: github.com/fsnotify/fsnotify

glide.yaml

@@ -68,3 +68,4 @@ import:
 - package: github.com/go-yaml/yaml
 - package: github.com/ryanuber/go-license
 - package: github.com/igm/sockjs-go
+- package: github.com/e-dard/netbug