Add metrics

go.mod

@@ -4,7 +4,10 @@ go 1.13
 
 require (
 	github.com/go-sql-driver/mysql v1.5.0
+	github.com/google/go-cmp v0.4.0 // indirect
 	github.com/google/go-github/v29 v29.0.3
+	// https://github.com/influxdata/influxdb/issues/16901
+	github.com/influxdata/influxdb v1.7.9
 	golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 )

go.sum

@@ -5,10 +5,14 @@ github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-github/v29 v29.0.3 h1:IktKCTwU//aFHnpA+2SLIi7Oo9uhAzgsdZNbcAqhgdc=
 github.com/google/go-github/v29 v29.0.3/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/influxdata/influxdb v1.7.9 h1:uSeBTNO4rBkbp1Be5FKRsAmglM9nlx25TzVQRQt1An4=
+github.com/influxdata/influxdb v1.7.9/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6 h1:Sy5bstxEqwwbYs6n0/pBuxKENqOeZUgD45Gp3Q3pqLg=
 golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -26,6 +30,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=

influxdb.go

@@ -0,0 +1,101 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"expvar"
+	"log"
+	"os"
+	"time"
+
+	"github.com/influxdata/influxdb/client/v2"
+)
+
+const (
+	influxTable    = "whoami"
+	influxUsername = "frood"
+	influxDatabase = "frood"
+	influxAddr     = "https://influxdb:8086"
+	influxRoot     = `-----BEGIN CERTIFICATE-----
+MIIE1DCCAzygAwIBAgIRAL1uZZswS6fWex3VEuNfoKUwDQYJKoZIhvcNAQELBQAw
+gYExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTErMCkGA1UECwwiZmls
+aXBwb0BGaWxpcHBvcy1NYWNCb29rLVByby5sb2NhbDEyMDAGA1UEAwwpbWtjZXJ0
+IGZpbGlwcG9ARmlsaXBwb3MtTWFjQm9vay1Qcm8ubG9jYWwwHhcNMTgwODI1MjIy
+NzI5WhcNMjgwODI1MjIyNzI5WjCBgTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3Bt
+ZW50IENBMSswKQYDVQQLDCJmaWxpcHBvQEZpbGlwcG9zLU1hY0Jvb2stUHJvLmxv
+Y2FsMTIwMAYDVQQDDClta2NlcnQgZmlsaXBwb0BGaWxpcHBvcy1NYWNCb29rLVBy
+by5sb2NhbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMSzlxsjwhkZ
+7l5Zqe7+UqdwA+tcbll2zc4n5k3qqnLXv5IaDlKSkJDp/XygYvw94Cg6YMZ4bTPF
+nnPBH+YE+/+nXFWyLjlxfWHmpUVOV/W4aFaZQ8v8nScjgzwuN2fskigJBcrfD3eL
+dXCAcMPTB0Sp/EJ8YIt+VgyMKuBBvBn9dg4sPxLnkC+T9JYSRHmZMSK/kkPhlJUh
+Toj7CEBNR98J0YuozrxVL0qajlihSRcXv4zLBXPGBXbkodKlxDBRE+hyjMtWhqtL
+WOZSH9lbuccRWohzomMpmwRxxwinxowUJ6SQrsJsUXsgRHMHN6cN7zEOkUflh4UY
+JJvNAD9fErEHl1jiAIWEcx3sr085iko9PtY0Wg8CsnOyA8RR74iWxGi0HXJmSPD5
+NWiFZJvzD/iz9mYTp1oLxMrKcwrxi57TmcDGJ50nwZFHwj1CCZr4nnNQhg3SH3Yh
+P5BQGRQ5vDbtEh6t2HcdJnq3U8fEtJcZUP1LBwGVu6c1dYUMmLFi2QIDAQABo0Uw
+QzAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU
+H81fJLLgEa5AzctEzXCQrvnQ4uQwDQYJKoZIhvcNAQELBQADggGBAFMG0j1/tSdt
+WnJBlv/tmfD4jJCHpUlD6mf5p19xy3ZfU8wDa59Cgi5ByvWRlrTgSkxRdILF7oxe
+yuFceUbDXGWW+S2scJIExZVQLIHC33ki8wBe5N1C+O7/w6hPQsy7idVj9Z7xZQFb
+JJQMLv1OaSK9p1L3eGCJ0rSrfqmEr/waL7Oelk9kAvRzx69A8KiGhskFsMjCW9Fc
+cXhBSSRrdI5QI9gvsTh4R07r/yXeGW7qWdiMfrDh5i8FEeHUGz2f84LX1nap95e9
+rYRgtMgDHO3bL1WiPjNBntUdLq3iLmTOa7zrXFUvZ0y5jd9HLhSexJ1TyXaoOr2M
+Nb3Cf4ZiUTDe8hYdiNNdFcuLLBDXT6fZNvuolLIVPGsQXaNElSD6+xT8UY5/IyOg
+pdNvDnPjkJ2ux+f9vqTiWFbuNRlqaTNphwjc/RigeIaKPB00DqohJR3vqf630XBL
+3RHVEytTfupy/k9RJCbenkpITzTJgnW9WV3XkSTw/CCv2ikXmoTJlg==
+-----END CERTIFICATE-----`
+)
+
+func startInfluxDB() {
+	pool := x509.NewCertPool()
+	pool.AppendCertsFromPEM([]byte(influxRoot))
+	c, err := client.NewHTTPClient(client.HTTPConfig{
+		Addr:      influxAddr,
+		Username:  influxUsername,
+		Password:  os.Getenv("INFLUXDB_PASSWORD"),
+		Timeout:   10 * time.Second,
+		TLSConfig: &tls.Config{RootCAs: pool},
+	})
+	if err != nil {
+		log.Fatalln("InfluxDB error:", err)
+	}
+
+	go func() {
+		for range time.Tick(10 * time.Second) {
+			fields := make(map[string]interface{})
+			var do func(string, expvar.KeyValue)
+			do = func(prefix string, kv expvar.KeyValue) {
+				switch v := kv.Value.(type) {
+				case *expvar.Int:
+					fields[prefix+kv.Key] = v.Value()
+				case *expvar.Float:
+					fields[prefix+kv.Key] = v.Value()
+				case *expvar.String:
+					fields[prefix+kv.Key] = v.Value()
+				case *expvar.Map:
+					v.Do(func(x expvar.KeyValue) { do(kv.Key+".", x) })
+				default:
+					fields[prefix+kv.Key] = v.String()
+				}
+			}
+			expvar.Do(func(kv expvar.KeyValue) { do("", kv) })
+
+			if len(fields) == 0 {
+				continue
+			}
+
+			bp, _ := client.NewBatchPoints(client.BatchPointsConfig{
+				Database:  influxDatabase,
+				Precision: "s",
+			})
+			pt, err := client.NewPoint(influxTable, nil, fields, time.Now())
+			if err != nil {
+				log.Fatalln("InfluxDB error:", err)
+			}
+			bp.AddPoint(pt)
+			if err := c.Write(bp); err != nil {
+				log.Fatalln("InfluxDB write error:", err)
+			}
+		}
+	}()
+}

main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"database/sql"
+	"expvar"
 	"log"
 	"net"
 	"net/http"
@@ -25,6 +26,7 @@ func main() {
 	go func() {
 		log.Println(http.ListenAndServe(os.Getenv("LISTEN_DEBUG"), nil))
 	}()
+	startInfluxDB()
 
 	ts := oauth2.StaticTokenSource(
 		&oauth2.Token{AccessToken: os.Getenv("GITHUB_TOKEN")},
@@ -47,6 +49,15 @@ func main() {
 		legacyQuery:  legacyQuery,
 		newQuery:     newQuery,
 		sessionInfo:  make(map[string]sessionInfo),
+
+		hsErrs:     expvar.NewInt("handshake_errors"),
+		errors:     expvar.NewInt("errors"),
+		agent:      expvar.NewInt("agent"),
+		x11:        expvar.NewInt("x11"),
+		roaming:    expvar.NewInt("roaming"),
+		conns:      expvar.NewInt("conns"),
+		withKeys:   expvar.NewInt("with_keys"),
+		identified: expvar.NewInt("identified"),
 	}
 	server.sshConfig = &ssh.ServerConfig{
 		KeyboardInteractiveCallback: server.KeyboardInteractiveCallback,

server.go

@@ -6,6 +6,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"errors"
+	"expvar"
 	"fmt"
 	"net"
 	"os"
@@ -124,6 +125,10 @@ type Server struct {
 	newQuery    *sql.Stmt
 	legacyQuery *sql.Stmt
 
+	hsErrs, errors              *expvar.Int
+	agent, x11, roaming         *expvar.Int
+	conns, withKeys, identified *expvar.Int
+
 	mu          sync.RWMutex
 	sessionInfo map[string]sessionInfo
 }
@@ -164,9 +169,20 @@ func (s *Server) Handle(nConn net.Conn) {
 	conn, chans, reqs, err := ssh.NewServerConn(nConn, s.sshConfig)
 	if err != nil {
 		le.Error = "Handshake failed: " + err.Error()
+		s.hsErrs.Add(1)
 		return
 	}
 	defer func() {
+		s.conns.Add(1)
+		if len(le.KeysOffered) > 0 {
+			s.withKeys.Add(1)
+		}
+		if le.Error != "" {
+			s.errors.Add(1)
+		}
+		if le.GitHub != "" {
+			s.identified.Add(1)
+		}
 		s.mu.Lock()
 		delete(s.sessionInfo, string(conn.SessionID()))
 		s.mu.Unlock()
@@ -243,12 +259,15 @@ func (s *Server) Handle(nConn net.Conn) {
 
 		reqLock.Lock()
 		if agentFwd {
+			s.agent.Add(1)
 			channel.Write(agentMsg)
 		}
 		if x11 {
+			s.x11.Add(1)
 			channel.Write(x11Msg)
 		}
 		if roaming {
+			s.roaming.Add(1)
 			channel.Write(roamingMsg)
 		}