VAULT-31409: trace postUnseal function

[bosouza]

Description

This PR adds 2 new settings to the top-level Vault server configuration: enable_post_unseal_trace that when enabled will cause Vault to generate a Go trace during the execution of core.postUnseal and save it to disk under the directory configured in post_unseal_trace_dir, defaulting to /tmp/vault-traces/ instead if the field isn't set. This file can be inspected using the go tool trace command and will help us debug cases where the leadership transfer operation takes too long.

Most of the feature was split into a reusable StartDebugTrace function in a separate package. It could be used for similar debug purposes in the future but most importantly for now it avoids adding more code and dependencies to the already-bloated core package.

Manually tested the functionality to ensure that it was possible to generate the traces by updating the new fields in the config, then sending a SIGHUP signal to the running Vault process and triggering a leadership election via vault operator step-down. Disabling the generation of the traces via the same SIGHUP process also works. Post-unseal only runs on the active node so restarting a follower won't generate the post-unseal traces.

Jira: VAULT-31409

TODO only if you're a HashiCorp employee

• Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
  to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
  • If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
• ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
  of a public function, even if that change is in a CE file, double check that
  applying the patch for this PR to the ENT repo and running tests doesn't
  break any tests. Sometimes ENT only tests rely on public functions in CE
  files.
• Jira: If this change has an associated Jira, it's referenced either
  in the PR description, commit message, or branch name.
• RFC: If this change has an associated RFC, please link it in the description.
• ENT PR: If this change has an associated ENT PR, please link it in the
  description. Also, make sure the changelog is in this PR, not in your ENT PR.

[github-actions]

CI Results: failed ❌
Failures:

Test Type	Package	Test	Logs
race	command/server	TestConfig_Sanitized	view test results
race	http	TestSysConfigState_Sanitized	view test results
race	http	TestSysConfigState_Sanitized/inmem_storage,_no_HA_storage	view test results
race	http	TestSysConfigState_Sanitized/inmem_storage,_raft_HA_storage	view test results
race	http	TestSysConfigState_Sanitized/raft_storage	view test results
standard	command/server	TestConfig_Sanitized	view test results
standard	http	TestSysConfigState_Sanitized	view test results
standard	http	TestSysConfigState_Sanitized/inmem_storage,_no_HA_storage	view test results
standard	http	TestSysConfigState_Sanitized/inmem_storage,_raft_HA_storage	view test results
standard	http	TestSysConfigState_Sanitized/raft_storage	view test results

[bosouza]

still want to make this more similar to VAULT_STACKTRACE_WRITE_TO_FILE for the sake of consistency

[miagilepner]

can we switch this to using filepath.Join to create the path, rather than Sprintf?

[miagilepner]

let's also add these fields to the (*Config).Merge function

[bosouza]

ahh good catch, wouldn't have noticed this unless I'd tested with multiple files. I wonder why we didn't go for a more generic implementation here (maybe didn't want to use reflect?) but we could at least have some semgrep validation to check that all fields are merged (or explicitly ignored)

[bosouza]

not sure what is the best order between this metric and the new trace, but I think it's fair to include the metric in the captured trace even tho that will make the time spend on the tracing setup invisible to the metric

[bosouza]

ahh good catch, wouldn't have noticed this unless I'd tested with multiple files. I wonder why we didn't go for a more generic implementation here (maybe didn't want to use reflect?) but we could at least have some semgrep validation to check that all fields are merged (or explicitly ignored)

[github-actions]

Build Results:
All builds succeeded! ✅

[miagilepner]

do we need the !os.IsNotExist(err) portion of this condition?

[bosouza]

yes, I think we need it. If os.IsNotExist(err) evaluates to true then we don't want to evaluate d.IsDir() since d would be nil.

The alternative would be to use a nested if-else structure that interleaves error returns with additional operations (creation of default dir), which I don't like as much:

	d, err := os.Stat(dir)
	if err != nil {
		if os.IsNotExist(err) {
			if dirMustExist {
				return "", nil, fmt.Errorf("trace directory %q does not exist", dir)
			} else {
				if err := os.Mkdir(dir, 0o700); err != nil {
					return "", nil, fmt.Errorf("failed to create trace directory %q: %s", dir, err)
				}
			}
		} else {
			return "", nil, fmt.Errorf("failed to stat trace directory %q: %s", dir, err)
		}
	} else if !d.IsDir() {
		return "", nil, fmt.Errorf("trace directory %q is not a directory", dir)
	}