coder
diff --git a/‎agent/agent.go
Lines changed: 29 additions & 14 deletions b/‎agent/agent.go
Lines changed: 29 additions & 14 deletions
diff --git a/‎agent/agentssh/agentssh.go
Lines changed: 15 additions & 7 deletions b/‎agent/agentssh/agentssh.go
Lines changed: 15 additions & 7 deletions
diff --git a/‎agent/agentssh/metrics.go
Lines changed: 71 additions & 11 deletions b/‎agent/agentssh/metrics.go
Lines changed: 71 additions & 11 deletions
@@ -24,6 +24,7 @@ import (
 
 	"github.com/armon/circbuf"
 	"github.com/google/uuid"
+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/spf13/afero"
 	"go.uber.org/atomic"
 	"golang.org/x/exp/slices"
@@ -62,6 +63,8 @@ type Options struct {
 	IgnorePorts            map[int]string
 	SSHMaxTimeout          time.Duration
 	TailnetListenPort      uint16
+
+	PrometheusRegistry *prometheus.Registry
 }
 
 type Client interface {
@@ -101,6 +104,10 @@ func New(options Options) Agent {
 			return "", nil
 		}
 	}
+	if options.PrometheusRegistry == nil {
+		options.PrometheusRegistry = prometheus.NewRegistry()
+	}
+
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	a := &agent{
 		tailnetListenPort:      options.TailnetListenPort,
@@ -119,6 +126,8 @@ func New(options Options) Agent {
 		ignorePorts:            options.IgnorePorts,
 		connStatsChan:          make(chan *agentsdk.Stats, 1),
 		sshMaxTimeout:          options.SSHMaxTimeout,
+		prometheusRegistry:     options.PrometheusRegistry,
+		metrics:                newAgentMetrics(options.PrometheusRegistry),
 	}
 	a.init(ctx)
 	return a
@@ -162,10 +171,13 @@ type agent struct {
 	latestStat    atomic.Pointer[agentsdk.Stats]
 
 	connCountReconnectingPTY atomic.Int64
+
+	prometheusRegistry *prometheus.Registry
+	metrics            *agentMetrics
 }
 
 func (a *agent) init(ctx context.Context) {
-	sshSrv, err := agentssh.NewServer(ctx, a.logger.Named("ssh-server"), a.filesystem, a.sshMaxTimeout, "")
+	sshSrv, err := agentssh.NewServer(ctx, a.logger.Named("ssh-server"), a.prometheusRegistry, a.filesystem, a.sshMaxTimeout, "")
 	if err != nil {
 		panic(err)
 	}
@@ -979,7 +991,7 @@ func (a *agent) trackScriptLogs(ctx context.Context, reader io.Reader) (chan str
 
 func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, msg codersdk.WorkspaceAgentReconnectingPTYInit, conn net.Conn) (retErr error) {
 	defer conn.Close()
-	metricReconnectingPTYHandler.Add(1)
+	a.metrics.handler.Add(1)
 
 	a.connCountReconnectingPTY.Add(1)
 	defer a.connCountReconnectingPTY.Add(-1)
@@ -1000,7 +1012,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 				logger.Debug(ctx, "session error after agent close", slog.Error(err))
 			} else {
 				logger.Error(ctx, "session error", slog.Error(err))
-				metricReconnectingPTYError.Add(1)
+				a.metrics.handlerError.Add(1)
 			}
 		}
 		logger.Debug(ctx, "session closed")
@@ -1020,7 +1032,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 		// Empty command will default to the users shell!
 		cmd, err := a.sshServer.CreateCommand(ctx, msg.Command, nil)
 		if err != nil {
-			metricReconnectingPTYCreateCommandError.Add(1)
+			a.metrics.createCommandError.Add(1)
 			return xerrors.Errorf("create command: %w", err)
 		}
 		cmd.Env = append(cmd.Env, "TERM=xterm-256color")
@@ -1033,7 +1045,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 
 		ptty, process, err := pty.Start(cmd)
 		if err != nil {
-			metricReconnectingPTYCmdStartError.Add(1)
+			a.metrics.cmdStartError.Add(1)
 			return xerrors.Errorf("start command: %w", err)
 		}
 
@@ -1064,7 +1076,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 						logger.Debug(ctx, "unable to read pty output, command exited?", slog.Error(err))
 					} else {
 						logger.Warn(ctx, "unable to read pty output, command exited?", slog.Error(err))
-						metricReconnectingPTYOutputReaderError.Add(1)
+						a.metrics.outputReaderError.Add(1)
 					}
 					break
 				}
@@ -1085,7 +1097,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 							slog.F("other_conn_id", cid),
 							slog.Error(err),
 						)
-						metricReconnectingPTYWriteError.Add(1)
+						a.metrics.writeError.Add(1)
 					}
 				}
 				rpty.activeConnsMutex.Unlock()
@@ -1105,7 +1117,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 	if err != nil {
 		// We can continue after this, it's not fatal!
 		logger.Error(ctx, "resize", slog.Error(err))
-		metricReconnectingPTYResizeError.Add(1)
+		a.metrics.resizeError.Add(1)
 	}
 	// Write any previously stored data for the TTY.
 	rpty.circularBufferMutex.RLock()
@@ -1118,7 +1130,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 	// while also holding circularBufferMutex seems dangerous.
 	_, err = conn.Write(prevBuf)
 	if err != nil {
-		metricReconnectingPTYWriteError.Add(1)
+		a.metrics.writeError.Add(1)
 		return xerrors.Errorf("write buffer to conn: %w", err)
 	}
 	// Multiple connections to the same TTY are permitted.
@@ -1169,7 +1181,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 		_, err = rpty.ptty.InputWriter().Write([]byte(req.Data))
 		if err != nil {
 			logger.Warn(ctx, "write to pty", slog.Error(err))
-			metricReconnectingPTYInputWriterError.Add(1)
+			a.metrics.inputWriterError.Add(1)
 			return nil
 		}
 		// Check if a resize needs to happen!
@@ -1180,7 +1192,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 		if err != nil {
 			// We can continue after this, it's not fatal!
 			logger.Error(ctx, "resize", slog.Error(err))
-			metricReconnectingPTYResizeError.Add(1)
+			a.metrics.resizeError.Add(1)
 		}
 	}
 }
@@ -1213,7 +1225,7 @@ func (a *agent) startReportingConnectionStats(ctx context.Context) {
 		var mu sync.Mutex
 		status := a.network.Status()
 		durations := []float64{}
-		ctx, cancelFunc := context.WithTimeout(ctx, 5*time.Second)
+		pingCtx, cancelFunc := context.WithTimeout(ctx, 5*time.Second)
 		defer cancelFunc()
 		for nodeID, peer := range status.Peer {
 			if !peer.Active {
@@ -1229,7 +1241,7 @@ func (a *agent) startReportingConnectionStats(ctx context.Context) {
 			wg.Add(1)
 			go func() {
 				defer wg.Done()
-				duration, _, _, err := a.network.Ping(ctx, addresses[0].Addr())
+				duration, _, _, err := a.network.Ping(pingCtx, addresses[0].Addr())
 				if err != nil {
 					return
 				}
@@ -1254,7 +1266,10 @@ func (a *agent) startReportingConnectionStats(ctx context.Context) {
 		// Collect agent metrics.
 		// Agent metrics are changing all the time, so there is no need to perform
 		// reflect.DeepEqual to see if stats should be transferred.
-		stats.Metrics = collectMetrics()
+
+		metricsCtx, cancelFunc := context.WithTimeout(ctx, 5*time.Second)
+		defer cancelFunc()
+		stats.Metrics = a.collectMetrics(metricsCtx)
 
 		a.latestStat.Store(stats)
 
 
@@ -20,6 +20,7 @@ import (
 
 	"github.com/gliderlabs/ssh"
 	"github.com/pkg/sftp"
+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/spf13/afero"
 	"go.uber.org/atomic"
 	gossh "golang.org/x/crypto/ssh"
@@ -69,9 +70,12 @@ type Server struct {
 	connCountVSCode     atomic.Int64
 	connCountJetBrains  atomic.Int64
 	connCountSSHSession atomic.Int64
+
+	prometheusRegistry *prometheus.Registry
+	metrics            *sshServerMetrics
 }
 
-func NewServer(ctx context.Context, logger slog.Logger, fs afero.Fs, maxTimeout time.Duration, x11SocketDir string) (*Server, error) {
+func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prometheus.Registry, fs afero.Fs, maxTimeout time.Duration, x11SocketDir string) (*Server, error) {
 	// Clients' should ignore the host key when connecting.
 	// The agent needs to authenticate with coderd to SSH,
 	// so SSH authentication doesn't improve security.
@@ -90,13 +94,17 @@ func NewServer(ctx context.Context, logger slog.Logger, fs afero.Fs, maxTimeout
 	forwardHandler := &ssh.ForwardedTCPHandler{}
 	unixForwardHandler := &forwardedUnixHandler{log: logger}
 
+	metrics := newSSHServerMetrics(prometheusRegistry)
 	s := &Server{
 		listeners:    make(map[net.Listener]struct{}),
 		fs:           fs,
 		conns:        make(map[net.Conn]struct{}),
 		sessions:     make(map[ssh.Session]struct{}),
 		logger:       logger,
 		x11SocketDir: x11SocketDir,
+
+		prometheusRegistry: prometheusRegistry,
+		metrics:            metrics,
 	}
 
 	s.srv = &ssh.Server{
@@ -107,7 +115,7 @@ func NewServer(ctx context.Context, logger slog.Logger, fs afero.Fs, maxTimeout
 		},
 		ConnectionFailedCallback: func(_ net.Conn, err error) {
 			s.logger.Warn(ctx, "ssh connection failed", slog.Error(err))
-			metricConnectionFailedCallback.Add(1)
+			metrics.connectionFailedCallback.Add(1)
 		},
 		Handler:     s.sessionHandler,
 		HostSigners: []ssh.Signer{randomSigner},
@@ -116,19 +124,19 @@ func NewServer(ctx context.Context, logger slog.Logger, fs afero.Fs, maxTimeout
 			s.logger.Debug(ctx, "local port forward",
 				slog.F("destination-host", destinationHost),
 				slog.F("destination-port", destinationPort))
-			metricLocalPortForwardingCallback.Add(1)
+			metrics.localPortForwardingCallback.Add(1)
 			return true
 		},
 		PtyCallback: func(ctx ssh.Context, pty ssh.Pty) bool {
-			metricPtyCallback.Add(1)
+			metrics.ptyCallback.Add(1)
 			return true
 		},
 		ReversePortForwardingCallback: func(ctx ssh.Context, bindHost string, bindPort uint32) bool {
 			// Allow reverse port forwarding all!
 			s.logger.Debug(ctx, "local port forward",
 				slog.F("bind-host", bindHost),
 				slog.F("bind-port", bindPort))
-			metricReversePortForwardingCallback.Add(1)
+			metrics.reversePortForwardingCallback.Add(1)
 			return true
 		},
 		RequestHandlers: map[string]ssh.RequestHandler{
@@ -405,7 +413,7 @@ func (s *Server) startPTYSession(session ptySession, m sessionMetricsObject, cmd
 }
 
 func (s *Server) sftpHandler(session ssh.Session) {
-	metricSftpHandler.Add(1)
+	s.metrics.sftpHandler.Add(1)
 
 	ctx := session.Context()
 
@@ -446,7 +454,7 @@ func (s *Server) sftpHandler(session ssh.Session) {
 		return
 	}
 	s.logger.Warn(ctx, "sftp server closed with error", slog.Error(err))
-	metricSftpServerError.Add(1)
+	s.metrics.sftpServerError.Add(1)
 	_ = session.Exit(1)
 }
 
 
@@ -3,25 +3,85 @@ package agentssh
 import (
 	"fmt"
 
+	"github.com/prometheus/client_golang/prometheus"
 	"tailscale.com/util/clientmetric"
 )
 
-var (
+type sshServerMetrics struct {
 	// SSH callbacks
-	metricConnectionFailedCallback      = clientmetric.NewCounter("ssh_connection_failed_callback")
-	metricLocalPortForwardingCallback   = clientmetric.NewCounter("ssh_local_port_forwarding_callback")
-	metricPtyCallback                   = clientmetric.NewCounter("ssh_pty_callback")
-	metricReversePortForwardingCallback = clientmetric.NewCounter("ssh_reverse_port_forwarding_callback")
-	metricX11Callback                   = clientmetric.NewCounter("ssh_x11_callback")
+	connectionFailedCallback      prometheus.Counter
+	localPortForwardingCallback   prometheus.Counter
+	ptyCallback                   prometheus.Counter
+	reversePortForwardingCallback prometheus.Counter
+	x11Callback                   prometheus.Counter
 
 	// SFTP
-	metricSftpHandler     = clientmetric.NewCounter("ssh_sftp_handler")
-	metricSftpServerError = clientmetric.NewCounter("ssh_sftp_server_error")
+	sftpHandler     prometheus.Counter
+	sftpServerError prometheus.Counter
 
 	// X11
-	metricX11SocketDirError  = clientmetric.NewCounter("ssh_x11_socket_dir_error")
-	metricX11XauthorityError = clientmetric.NewCounter("ssh_x11_xauthority_error")
-)
+	x11SocketDirError  prometheus.Counter
+	x11XauthorityError prometheus.Counter
+}
+
+func newSSHServerMetrics(registerer prometheus.Registerer) *sshServerMetrics {
+	connectionFailedCallback := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "connection_failed_callback",
+	})
+	registerer.MustRegister(connectionFailedCallback)
+
+	localPortForwardingCallback := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "local_port_forwarding_callback",
+	})
+	registerer.MustRegister(localPortForwardingCallback)
+
+	ptyCallback := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "pty_callback",
+	})
+	registerer.MustRegister(ptyCallback)
+
+	reversePortForwardingCallback := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "reverse_port_forwarding_callback",
+	})
+	registerer.MustRegister(reversePortForwardingCallback)
+
+	x11Callback := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "x11_callback",
+	})
+	registerer.MustRegister(x11Callback)
+
+	sftpHandler := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "sftp_handler",
+	})
+	registerer.MustRegister(sftpHandler)
+
+	sftpServerError := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "sftp_server_error",
+	})
+	registerer.MustRegister(sftpServerError)
+
+	x11SocketDirError := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "x11_socket_dir_error",
+	})
+	registerer.MustRegister(x11SocketDirError)
+
+	x11XauthorityError := prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: "agent", Subsystem: "ssh_server", Name: "x11_xauthority_error",
+	})
+	registerer.MustRegister(x11XauthorityError)
+
+	return &sshServerMetrics{
+		connectionFailedCallback:      connectionFailedCallback,
+		localPortForwardingCallback:   localPortForwardingCallback,
+		ptyCallback:                   ptyCallback,
+		reversePortForwardingCallback: reversePortForwardingCallback,
+		x11Callback:                   x11Callback,
+		sftpHandler:                   sftpHandler,
+		sftpServerError:               sftpServerError,
+		x11SocketDirError:             x11SocketDirError,
+		x11XauthorityError:            x11XauthorityError,
+	}
+}
 
 var sessionMetrics = map[string]sessionMetricsObject{}