gravitational · gabrielcorado · May 21, 2024 · May 9, 2024 · May 15, 2024 · May 20, 2024
diff --git a/docs/pages/includes/config-reference/instance-wide.yaml b/docs/pages/includes/config-reference/instance-wide.yaml
@@ -130,3 +130,7 @@ teleport:
  format:
  output: text
  extra_fields: [level, timestamp, component, caller]
+
+# These settings apply to the Debug service:
+debug_service:
+ enabled: true
diff --git a/docs/pages/includes/diagnostics/debug-service-intro.mdx b/docs/pages/includes/diagnostics/debug-service-intro.mdx
@@ -0,0 +1,4 @@
+Teleport includes an internal service called "Debug". This service contains
+commands that can help you troubleshoot Teleport issues. The service is used
+through teleport debug commands, which must be executed on the same
+machine/container your Teleport instance runs on.
diff --git a/docs/pages/includes/diagnostics/teleport-debug-config.mdx b/docs/pages/includes/diagnostics/teleport-debug-config.mdx
@@ -0,0 +1,6 @@
+<Admonition type="tip" title="Specify your Teleport configuration path">
+If your Teleport configuration is not placed on the default path
+(`/var/lib/teleport`), you must to specify its location to the CLI command
+using the `-c/--config` flag.
+</Admonition>
+
diff --git a/docs/pages/management/admin/troubleshooting.mdx b/docs/pages/management/admin/troubleshooting.mdx
@@ -18,6 +18,29 @@ services such as the Application Service and Database Service.
 
 ## Step 1/3. Enable verbose logging
 
+<Tabs>
+<TabItem label="With Debug service">
+(!docs/pages/includes/diagnostics/debug-service-intro.mdx!)
+
+Change your instance log level without a restart using
+`teleport debug set-log-level`:
+
+```bash
+$ teleport debug set-log-level DEBUG
+Changed log level from "INFO" to "DEBUG".
+
+# If you're unsure what is the current level you can retrieve it.
+$ teleport debug get-log-level
+Current log level "DEBUG"
+```
+
+After troubleshooting, remember to turn the log level back to avoid generating
+unnecessary logs.
+
+(!docs/pages/includes/diagnostics/teleport-debug-config.mdx!)
+</TabItem>
+
+<TabItem label="Updating configuration">
 To diagnose problems, you can configure the `teleport` process to run with
 verbose logging enabled by passing it the `-d` flag. `teleport` will write logs
 to stderr.
@@ -33,6 +56,8 @@ teleport:
 Restart the `teleport` process to apply the modified log level. Logs will resemble
 the following (these logs were printed while joining a server to a cluster, then
 terminating the `teleport` process on the server):
+</TabItem>
+</Tabs>
 
 ```
 DEBU [NODE:PROX] Agent connected to proxy: [aee1241f-0f6f-460e-8149-23c38709e46d.tele.example.com aee1241f-0f6f-460e-8149-23c38709e46d teleport-proxy-us-west-2-6db8db844c-ftmg9.tele.example.com teleport-proxy-us-west-2-6db8db844c-ftmg9 localhost 127.0.0.1 ::1 tele.example.com 100.92.90.42 remote.kube.proxy.teleport.cluster.local]. leaseID:4 target:tele.example.com:11106 reversetunnel/agent.go:414

diff --git a/docs/pages/management/diagnostics/profiles.mdx b/docs/pages/management/diagnostics/profiles.mdx
@@ -7,20 +7,51 @@ Teleport leverages Go's diagnostic capabilities to collect and export
 profiling data. Profiles can help identify the cause of spikes in CPU,
 the source of memory leaks, or the reason for a deadlock.
 
-## Enable profiling
+## Using `teleport debug profile`
+
+(!docs/pages/includes/diagnostics/debug-service-intro.mdx!)
+
+`teleport debug profile` collects a list of pprof profiles. It outputs a
+compressed tarball (`.tar.gz`) to STDOUT. You decompress it using `tar` or
+direct the result to a file.
+
+By default, it collects `goroutine`, `heap` and `profile` profiles.
+
+```bash
+# Collect default profiles and save to a file.
+$ teleport debug profile > pprof.tar.gz
+$ tar xvf pprof.tar.gz
+
+# Collect default profiles and decompress it.
+$ teleport debug profile | tar xzv -C ./
+
+# Collect "trace" and "mutex" profiles and save to a file.
+$ teleport debug profile trace,mutex > pprof.tar.gz
+```
+
+If you're running Teleport on a Kubernetes cluster you can directly collect
+profiles to a local directory without an interactive session:
+
+```bash
+$ kubectl -n teleport my-pod -- teleport debug profile > pprof.tar.gz 
+```
+
+(!docs/pages/includes/diagnostics/teleport-debug-config.mdx!)
+
+## Using diagnosis endpoints
 
 The profiling endpoint is only enabled if the `--debug` flag is supplied.
 
 (!docs/pages/includes/diagnostics/diag-addr-prereqs-tabs.mdx flags="--debug" !)
 
-## Collecting profiles
+### Collecting profiles
 
 Go's standard profiling endpoints are served at `http://127.0.0.1:3000/debug/pprof/`.
 Retrieving a profile requires sending a request to the endpoint corresponding
 to the desired profile type. When debugging an issue it is helpful to collect
 a series of profiles over a period of time.
 
-### CPU
+#### CPU
 CPU profile shows execution statistics gathered over a user specified period:
 
 ``` code
@@ -31,7 +62,7 @@ $ curl -o cpu.profile http://127.0.0.1:3000/debug/pprof/profile?seconds=30
 $ go tool pprof -http : cpu.profile
 ```
 
-### Goroutine
+#### Goroutine
 
 Goroutine profiles show the stack traces for all running goroutines in the system:
 
@@ -43,7 +74,7 @@ $ curl -o goroutine.profile http://127.0.0.1:3000/debug/pprof/goroutine
 $ go tool pprof -http : goroutine.profile
 ```
 
-### Heap
+#### Heap
 
 Heap profiles show allocated objects in the system:
 
@@ -55,7 +86,7 @@ $ curl -o heap.profile http://127.0.0.1:3000/debug/pprof/heap
 $ go tool pprof -http : heap.profile
 ```
 
-### Trace
+#### Trace
 
 Trace profiles capture scheduling, system calls, garbage collections, heap size, and other events that are collected by the Go runtime
 over a user specified period of time:

diff --git a/docs/pages/reference/cli/teleport.mdx b/docs/pages/reference/cli/teleport.mdx
@@ -32,6 +32,9 @@ The primary commands for the `teleport` CLI are as follows:
 | `teleport start` | Starts the `teleport` process in the foreground using the current shell session, including any services configured by the [configuration YAML file](../config.mdx). |
 | `teleport status` | Prints the status of the current active Teleport SSH session. |
 | `teleport version` | Prints the current release version of the Teleport binary installed on your system. |
+| `teleport debug set-log-level` | Changes instance log level. |
+| `teleport debug get-log-level` | Fetches instance current log level. |
+| `teleport debug debug profile` | Export the application profiles (pprof format). |
 
 <Notice type="tip">
 For more information on subcommands when working with the `teleport` cli, use the `--help` option or `teleport <subcommand> --help`.