self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-18 16:24:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/metrics.go

348 lines
15 KiB
Go
Raw Normal View History

Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
/*
Updated Teleport codebase to AGPL3 license (#35259) Signed-off-by: Fred Heinecke <fred.heinecke@goteleport.com>
2023-12-01 17:48:14 +00:00
* Teleport
* Copyright (C) 2023 Gravitational, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
package teleport
const (
// MetricGenerateRequests counts how many generate server keys requests
// are issued over time
MetricGenerateRequests = "auth_generate_requests_total"
// MetricGenerateRequestsThrottled measures how many generate requests
// are throttled
MetricGenerateRequestsThrottled = "auth_generate_requests_throttled_total"
// MetricGenerateRequestsCurrent measures current in-flight requests
MetricGenerateRequestsCurrent = "auth_generate_requests"
// MetricGenerateRequestsHistogram measures generate requests latency
MetricGenerateRequestsHistogram = "auth_generate_seconds"
// MetricServerInteractiveSessions measures interactive sessions in flight
MetricServerInteractiveSessions = "server_interactive_sessions_total"
proxy: add proxy_ssh_sessions_total metric This is similar to server_interactive_sessions_total, but tracks all SSH sessions through a proxy.
2020-09-18 17:48:12 +00:00
// MetricProxySSHSessions measures sessions in flight on the proxy
MetricProxySSHSessions = "proxy_ssh_sessions_total"
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
// MetricRemoteClusters measures connected remote clusters
MetricRemoteClusters = "remote_clusters"
tctl: fix `tctl top` colors on dark terminals If we leave `TextStyle` empty on UI elements, it will use the default foreground color defined by the terminal (light for dark terminals and vice versa). Same goes for `BorderStyle`. A few other tweaks to UI and source metrics: - update table ratios to prevent hiding output rows on short (height) terminal windows - update tab selector style to use bold/underline instead of colors to mark selected tab - print `No data` in histogram tables when there are no values - don't report the local cluster in `remote_clusters` metric
2020-08-19 18:06:19 +00:00
// MetricTrustedClusters counts trusted clusters
MetricTrustedClusters = "trusted_clusters"
Add additional Prometheus Metrics (#6511)
2021-04-28 22:46:27 +00:00
// MetricClusterNameNotFound counts times a cluster name was not found
MetricClusterNameNotFound = "cluster_name_not_found_total"
// MetricFailedLoginAttempts counts failed login attempts
MetricFailedLoginAttempts = "failed_login_attempts_total"
Add metric to track number ssh connect attempts (#11240) * add ssh connect attempts metric * fix help message wording Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
2022-03-24 20:34:00 +00:00
// MetricConnectToNodeAttempts counts ssh attempts
MetricConnectToNodeAttempts = "connect_to_node_attempts_total"
Add additional Prometheus Metrics (#6511)
2021-04-28 22:46:27 +00:00
// MetricFailedConnectToNodeAttempts counts failed ssh attempts
MetricFailedConnectToNodeAttempts = "failed_connect_to_node_attempts_total"
// MetricUserMaxConcurrentSessionsHit counts number of times a user exceeded their max concurrent ssh connections
MetricUserMaxConcurrentSessionsHit = "user_max_concurrent_sessions_hit_total"
// MetricProxyConnectionLimitHit counts the number of times the proxy connection limit was exceeded
MetricProxyConnectionLimitHit = "proxy_connection_limit_exceeded_total"
// MetricUserLoginCount counts user logins
MetricUserLoginCount = "user_login_total"
// MetricHeartbeatConnectionsReceived counts heartbeat connections received by auth
MetricHeartbeatConnectionsReceived = "heartbeat_connections_received_total"
Watcher System Metrics (#8338) * add event watcher prometheus metrics and a new tctl top tab to visualize them
2021-09-28 16:16:03 +00:00
// MetricCertificateMismatch counts login failures due to certificate mismatch
MetricCertificateMismatch = "certificate_mismatch_total"
Add additional Prometheus Metrics (#6511)
2021-04-28 22:46:27 +00:00
// MetricHeartbeatsMissed counts the nodes that failed to heartbeat
MetricHeartbeatsMissed = "heartbeats_missed_total"
Watcher System Metrics (#8338) * add event watcher prometheus metrics and a new tctl top tab to visualize them
2021-09-28 16:16:03 +00:00
// MetricWatcherEventsEmitted counts watcher events that are emitted
MetricWatcherEventsEmitted = "watcher_events"
// MetricWatcherEventSizes measures the size of watcher events that are emitted
MetricWatcherEventSizes = "watcher_event_sizes"
Added metrics for missing SSH tunnels. Added metrics and logging for missing SSH reverse tunnels. This is useful for debugging to find if nodes are discovering all proxies.
2021-10-14 00:04:40 +00:00
// MetricMissingSSHTunnels returns the number of missing SSH tunnels for this proxy.
MetricMissingSSHTunnels = "proxy_missing_ssh_tunnels"
Track active migrations in Prometheus and `tctl top` (#19520) This commit adds a new Prometheus gauge `teleport_migrations` that tracks for each migration if it is active (1) or not (0). This gauge is then leveraged in `tctl top` to show a set of active migrations.
2022-12-22 19:37:44 +00:00
// MetricMigrations tracks for each migration if it is active or not.
MetricMigrations = "migrations"
// TagMigration is a metric tag for a migration
TagMigration = "migration"
Add metric for incomplete file uploads (#19724)
2023-01-16 16:58:54 +00:00
// MetricIncompleteSessionUploads returns the number of incomplete session uploads
Add incomplete session upload metric to the teleport namespace (#20351) Also change name to match prometheus naming practices
2023-01-18 19:43:40 +00:00
MetricIncompleteSessionUploads = "incomplete_session_uploads_total"
Add metric for incomplete file uploads (#19724)
2023-01-16 16:58:54 +00:00
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
// TagCluster is a metric tag for a cluster
TagCluster = "cluster"
upgrader monitoring and alerts (#28951) * add rate limit stream helper * upgrader metrics & alert * add docs for discovering upgrade enroll prospects * update prehod protos * Update docs/pages/management/operations/enroll-agent-into-automatic-updates.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> --------- Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
2023-07-17 14:42:27 +00:00
// MetricTotalInstances provides an instance count
MetricTotalInstances = "total_instances"
// MetricEnrolledInUpgrades provides total number of instances that advertise an upgrader.
MetricEnrolledInUpgrades = "enrolled_in_upgrades"
// MetricUpgraderCounts provides instance count per-upgrader.
MetricUpgraderCounts = "upgrader_counts"
// TagUpgrader is a metric tag for upgraders.
TagUpgrader = "upgrader"
Added Prometheus metric for created access requests (#29761)
2023-07-29 15:07:11 +00:00
// MetricsAccessRequestsCreated provides total number of created access requests.
MetricAccessRequestsCreated = "access_requests_created"
// TagRoles is a number of roles requested as a part of access request.
TagRoles = "roles"
// TagResources is a number of resources requested as a part of access request.
TagResources = "resources"
Add user certificates generated prometheus metric. (#33413)
2023-10-13 18:42:29 +00:00
// UserCertificatesCreated provides total number of user certificates generated.
MetricUserCertificatesGenerated = "user_certificates_generated"
// TagPrivateKeyPolicy is a private key policy associated with a user's certificates.
TagPrivateKeyPolicy = "private_key_policy"
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
)
const (
// MetricProcessCPUSecondsTotal measures CPU seconds consumed by process
MetricProcessCPUSecondsTotal = "process_cpu_seconds_total"
// MetricProcessMaxFDs shows maximum amount of file descriptors allowed for the process
MetricProcessMaxFDs = "process_max_fds"
// MetricProcessOpenFDs shows process open file descriptors
MetricProcessOpenFDs = "process_open_fds"
// MetricProcessResidentMemoryBytes measures bytes consumed by process resident memory
MetricProcessResidentMemoryBytes = "process_resident_memory_bytes"
// MetricProcessStartTimeSeconds measures process start time
MetricProcessStartTimeSeconds = "process_start_time_seconds"
)
const (
// MetricGoThreads is amount of system threads used by Go runtime
MetricGoThreads = "go_threads"
// MetricGoGoroutines measures current number of goroutines
MetricGoGoroutines = "go_goroutines"
// MetricGoInfo provides information about Go runtime version
MetricGoInfo = "go_info"
// MetricGoAllocBytes measures allocated memory bytes
MetricGoAllocBytes = "go_memstats_alloc_bytes"
// MetricGoHeapAllocBytes measures heap bytes allocated by Go runtime
MetricGoHeapAllocBytes = "go_memstats_heap_alloc_bytes"
// MetricGoHeapObjects measures count of heap objects created by Go runtime
MetricGoHeapObjects = "go_memstats_heap_objects"
)
const (
// MetricBackendWatchers is a metric with backend watchers
MetricBackendWatchers = "backend_watchers_total"
Use RADIX trees for prefix matching. (#2666) Buffer fan out used simple prefix match in a loop, what resulted in high CPU load on many connected watchers. This commit switches to RADIX trees for prefix matching what reduces CPU load substantially for 5K+ connected watchers.
2019-04-22 22:28:04 +00:00
// MetricBackendWatcherQueues is a metric with backend watcher queues sizes
MetricBackendWatcherQueues = "backend_watcher_queues_total"
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
// MetricBackendRequests measures count of backend requests
MetricBackendRequests = "backend_requests"
// MetricBackendReadHistogram measures histogram of backend read latencies
MetricBackendReadHistogram = "backend_read_seconds"
// MetricBackendWriteHistogram measures histogram of backend write latencies
MetricBackendWriteHistogram = "backend_write_seconds"
// MetricBackendBatchWriteHistogram measures histogram of backend batch write latencies
MetricBackendBatchWriteHistogram = "backend_batch_write_seconds"
// MetricBackendBatchReadHistogram measures histogram of backend batch read latencies
MetricBackendBatchReadHistogram = "backend_batch_read_seconds"
// MetricBackendWriteRequests measures backend write requests count
MetricBackendWriteRequests = "backend_write_requests_total"
// MetricBackendWriteFailedRequests measures failed backend write requests count
MetricBackendWriteFailedRequests = "backend_write_requests_failed_total"
// MetricBackendBatchWriteRequests measures batch backend writes count
MetricBackendBatchWriteRequests = "backend_batch_write_requests_total"
// MetricBackendBatchFailedWriteRequests measures failed batch backend requests count
MetricBackendBatchFailedWriteRequests = "backend_batch_write_requests_failed_total"
// MetricBackendReadRequests measures backend read requests count
MetricBackendReadRequests = "backend_read_requests_total"
// MetricBackendFailedReadRequests measures failed backend read requests count
MetricBackendFailedReadRequests = "backend_read_requests_failed_total"
// MetricBackendBatchReadRequests measures batch backend read requests count
MetricBackendBatchReadRequests = "backend_batch_read_requests_total"
// MetricBackendBatchFailedReadRequests measures failed backend batch read requests count
MetricBackendBatchFailedReadRequests = "backend_batch_read_requests_failed_total"
Enhanced Session Recording. Added package cgroup to orchestrate cgroups. Only support for cgroup2 was added to utilize because cgroup2 cgroups have unique IDs that can be used correlated with BPF events. Added bpf package that contains three BPF programs: execsnoop, opensnoop, and tcpconnect. The bpf package starts and stops these programs as well correlating their output with Teleport sessions and emitting them to the audit log. Added support for Teleport to re-exec itself before launching a shell. This allows Teleport to start a child process, capture it's PID, place the PID in a cgroup, and then continue to process. Once the process is continued it can be tracked by it's cgroup ID. Reduced the total number of connections to a host so Teleport does not quickly exhaust all file descriptors. Exhausting all file descriptors happens very quickly when disk events are emitted to the audit log which are emitted at a very high rate. Added tarballs for exec sessions. Updated session.start and session.end events with additional metadata. Updated the format of session tarballs to include enhanced events. Added file configuration for enhanced session recording. Added code to startup enhanced session recording and pass package to SSH nodes.
2019-11-16 00:39:40 +00:00
// MetricLostCommandEvents measures the number of command events that were lost
MetricLostCommandEvents = "bpf_lost_command_events"
// MetricLostDiskEvents measures the number of disk events that were lost.
MetricLostDiskEvents = "bpf_lost_disk_events"
// MetricLostNetworkEvents measures the number of network events that were lost.
MetricLostNetworkEvents = "bpf_lost_network_events"
Add restricted session Adds the ability to block network traffic on SSH sessions. The deny/allow lists of IPs are specified in teleport.yaml file. Supports both IPv4 and IPv6 communication. This feature currently relies on enhanced recording for cgroup management so that needs to be enabled as well. -- Design rationale: This patch uses Linux Security Module (LSM) hooks, specifically security_socket_connect and security_socket_sendmsg, to control egress traffic. The LSM provides two advantages over socket filtering program types. - It's executed early enough that the task information is available. This makes it easy to report PID, COMM, etc. - It becomes a model for extending restrictions beyond networking. The set of enforced cgroups is stored in a BPF hash map and the deny/allow lists are stored in BPF trie maps. An IP address is first checked against the allow list. If found, it's checked for an override in the deny list. The policy is default deny. However, the absence of the NetworkRestrictions API object is allow all. IPv4 addresses are additionally registered in IPv6 trie (as mapped) to account for dual stacks. However it is unclear if this is sufficient as 4-to-6 transition methods utilize a multitude of translation and tunneling methods.
2021-07-14 20:27:53 +00:00
// MetricLostRestrictedEvents measures the number of restricted events that were lost
MetricLostRestrictedEvents = "bpf_lost_restricted_events"
Add prometheus metric mirroring /readyz state This allows users to get the health of their nodes from prometheus metrics pipeline instead of polling readyz separately. Updates #3700
2020-05-12 22:50:52 +00:00
// MetricState tracks the state of the teleport process.
MetricState = "process_state"
Add teleport_build_info Prometheus metric to Teleport (#9595) Adds teleport_build_info metric to Teleport providing the gitref, version, and Go version.
2022-01-05 21:17:54 +00:00
// MetricNamespace defines the teleport prometheus namespace
MetricNamespace = "teleport"
add teleport_connected_resources metric (#9603) This adds the Prometheus metric teleport_connected_resources. Gauge increments when the keepalive is established and will decrement whenever the connection is broken/closed.
2022-02-16 20:19:28 +00:00
// MetricConnectedResources tracks the number and type of resources connected via keepalives
MetricConnectedResources = "connected_resources"
Add teleport_build_info Prometheus metric to Teleport (#9595) Adds teleport_build_info metric to Teleport providing the gitref, version, and Go version.
2022-01-05 21:17:54 +00:00
// MetricBuildInfo tracks build information
MetricBuildInfo = "build_info"
Add Prometheus metrics cache events and stale events (#9826) This adds two Prometheus metrics teleport_cache_events and teleport_cache_stale_events with one label indicating the service.
2022-02-11 16:14:42 +00:00
// MetricCacheEventsReceived tracks the total number of events received by a cache
MetricCacheEventsReceived = "cache_events"
// MetricStaleCacheEventsReceived tracks the number of stale events received by a cache
MetricStaleCacheEventsReceived = "cache_stale_events"
Add metric tracking number of Teleport agents joined to cluster (#9749) Adds the Prometheus metric teleport_registered_servers which is a gauge indicating the unique number of Teleport instances connected to the cluster by version. Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com> Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
2022-02-02 18:47:21 +00:00
// MetricRegisteredServers tracks the number of Teleport servers that have successfully registered with the Teleport cluster and have not reached the end of their ttl
MetricRegisteredServers = "registered_servers"
Metrics: expose install method counter (#30327) * Metrics: expose install method counter This PR adds a new metric that exposes the number of servers currently running grouped by their install method. Note: install method is a list o strings, so the metric sorts its values and then joins them by "," to create a single identifier. * do not mutate original install methods list
2023-08-18 15:38:14 +00:00
// MetricRegisteredServersByInstallMethods tracks the number of Teleport servers, and their installation method,
// that have successfully registered with the Teleport cluster and have not reached the end of their ttl
MetricRegisteredServersByInstallMethods = "registered_servers_by_install_methods"
Add teleport_reverse_tunnels_connected Prometheus metric (#9698) Adds teleport_reverse_tunnels_connected Prometheus metric which tracks reverse tunnels connected to the proxy server by type. * Update prometheus help Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update metrics wording Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
2022-02-02 20:52:19 +00:00
// MetricReverseSSHTunnels defines the number of connected SSH reverse tunnels to the proxy
MetricReverseSSHTunnels = "reverse_tunnels_connected"
Hosted plugin manager prerequisites (#23922) * Expose Ping() in bare auth server * Handle both pointer and bare PluginStatusV1 * Add metric name * Add StatusSink * Run GCI * Move comment back to auth_with_roles * Update lib/auth/auth.go Co-authored-by: Alan Parra <alan.parra@goteleport.com> * Rework SetStatus * Inline TryEmitStatus and use a proper context * Fix copyright notice * Fix bug in statusFromStatusCode * Test statusFromResponse * Add link to Slack API schema * Refactor statusFromStatusCode * Expand comment for Ping() * Add basic check for status in slack test * Address nits --------- Co-authored-by: Alan Parra <alan.parra@goteleport.com>
2023-04-11 15:24:25 +00:00
// MetricHostedPluginStatus tracks the current status
// (as defined by types.PluginStatus) for a plugin instance
MetricHostedPluginStatus = "hosted_plugin_status"
Metrics: add running services metric (#34999) * Metrics: add running services metric This PR adds a new gauge metric: `teleport_services` This metric has a label identifying the service and whether or not it is running. Those services are the ones started in the supervisor. Eg, proxy.web, discovery.init, ssh.node, auth.tls When the service stops, the counter is decreased. This gives us an overview of the currently running services in the process. * Consider only a subset of services * use friendly name for service names * improve metric's help message * Update lib/service/supervisor.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> * Fix service names --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
2023-12-05 09:11:30 +00:00
// MetricTeleportServices tracks which services are currently running in the current Teleport Process.
MetricTeleportServices = "services"
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
// TagRange is a tag specifying backend requests
TagRange = "range"
// TagReq is a tag specifying backend request type
TagReq = "req"
// TagTrue is a tag value to mark true values
TagTrue = "true"
// TagFalse is a tag value to mark false values
TagFalse = "false"
Watcher System Metrics (#8338) * add event watcher prometheus metrics and a new tctl top tab to visualize them
2021-09-28 16:16:03 +00:00
// TagResource is a tag specifying the resource for an event
TagResource = "resource"
Add teleport_build_info Prometheus metric to Teleport (#9595) Adds teleport_build_info metric to Teleport providing the gitref, version, and Go version.
2022-01-05 21:17:54 +00:00
// TagVersion is a prometheus label for version of Teleport built
TagVersion = "version"
// TagGitref is a prometheus label for the gitref of Teleport built
TagGitref = "gitref"
// TagGoVersion is a prometheus label for version of Go used to build Teleport
TagGoVersion = "goversion"
Add teleport_reverse_tunnels_connected Prometheus metric (#9698) Adds teleport_reverse_tunnels_connected Prometheus metric which tracks reverse tunnels connected to the proxy server by type. * Update prometheus help Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update metrics wording Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
2022-02-02 20:52:19 +00:00
Add Prometheus metrics cache events and stale events (#9826) This adds two Prometheus metrics teleport_cache_events and teleport_cache_stale_events with one label indicating the service.
2022-02-11 16:14:42 +00:00
// TagCacheComponent is a prometheus label for the cache component
TagCacheComponent = "cache_component"
Add teleport_reverse_tunnels_connected Prometheus metric (#9698) Adds teleport_reverse_tunnels_connected Prometheus metric which tracks reverse tunnels connected to the proxy server by type. * Update prometheus help Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update metrics wording Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
2022-02-02 20:52:19 +00:00
// TagType is a prometheus label for type of resource or tunnel connected
TagType = "type"
Add grpc server and client metrics to Teleport (#11534) Adds grpc metrics on the auth and and proxy service with the option to enable grpc latency via the metrics service.
2022-04-04 16:55:31 +00:00
// TagServer is a prometheus label to indicate what server the metric is tied to
TagServer = "server"
// TagClient is a prometheus label to indicate what client the metric is tied to
TagClient = "client"
Metrics: expose install method counter (#30327) * Metrics: expose install method counter This PR adds a new metric that exposes the number of servers currently running grouped by their install method. Note: install method is a list o strings, so the metric sorts its values and then joins them by "," to create a single identifier. * do not mutate original install methods list
2023-08-18 15:38:14 +00:00
// TagInstallMethods is a prometheus label to indicate what installation methods
// were used for the agent.
// This value comes from UpstreamInventoryAgentMetadata (sourced in lib/inventory/metadata.fetchInstallMethods).
TagInstallMethods = "install_methods"
Metrics: add running services metric (#34999) * Metrics: add running services metric This PR adds a new gauge metric: `teleport_services` This metric has a label identifying the service and whether or not it is running. Those services are the ones started in the supervisor. Eg, proxy.web, discovery.init, ssh.node, auth.tls When the service stops, the counter is decreased. This gives us an overview of the currently running services in the process. * Consider only a subset of services * use friendly name for service names * improve metric's help message * Update lib/service/supervisor.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> * Fix service names --------- Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
2023-12-05 09:11:30 +00:00
// TagServiceName is the prometheus label to indicate what services are running in the current proxy.
// Those services are monitored using the Supervisor.
// Only a subset of services are monitored. See [lib/service.metricsServicesRunningMap]
// Eg, discovery_service
TagServiceName = "service_name"
Use in-memory cache for the auth server API. This commit expands the usage of the caching layer for auth server API: * Introduces in-memory cache that is used to serve all Auth server API requests. This is done to achieve scalability on 10K+ node clusters, where each node fetches certificate authorities, roles, users and join tokens. It is not possible to scale DynamoDB backend or other backends on 10K reads per seconds on a single shard or partition. The solution is to introduce an in-memory cache of the backend state that is always used for reads. * In-memory cache has been expanded to support all resources required by the auth server. * Experimental `tctl top` command has been introduced to display common single node metrics. Replace SQLite Memory Backend with BTree SQLite in memory backend was suffering from high tail latencies under load (up to 8 seconds in 99.9%-ile on load configurations). This commit replaces the SQLite memory caching backend with in-memory BTree backend that brought down tail latencies to 2 seconds (99.9%-ile) and brought overall performance improvement.
2018-12-12 00:22:44 +00:00
)
Add a new usage reporter (#18142) * [draft] Add a new usage reporter This adds a new usage reporter service to the auth server. It's disabled by default in OSS and can only be turned on via startup hook in Cloud / Enterprise. In OSS, the audit log wrapper is never configured and any usage events are sent to a no-op discard reporter. Usage events are defined in prehog and can be sent to the new UsageReporter Service on the auth server. An audit event wrapper is used to capture certain events that are otherwise difficult to hook. Events are anonymized before submission, then held in a non-blocking queue for batching and submission purposes. * Remove dead code * Add SubmitUsageEvent RPC to Auth. This adds a new SubmitUsageEvent RPC to the Auth API that external clients (e.g. the UI) can use to submit usage events externally. * Slight refactor for unit testing * Add Prometheus metrics and add initial working prehog submitter * Add more metrics, tweak prehog client, and add unit tests * Further tweak http transport settings based on Teleport defaults * Add missing metrics * Fix goimports * Add new UI usage events * Update e ref * Add prehog directly for now. Improve logging. * update prehog * Add new prehog events; use username from request identity * add HTTP server for user events * Add username back to pre-onboard events * unauthenticated user events * Fix userevent build error * Use event-provided username where appropriate * Move barebones prehog reqs to lib/prehog and generate here. Also, use prod tunable values. * Fix license lints * De-flake tests by adding unfortunate amounts of synchronization. * Add missing license header * Misc PR cleanup for review * Update lib/events/usageevents/usageevents.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Address a batch of review comments Adds `anonymizer.AnonymizeString` and parent loggers * Update e ref * Clean up comments * Remove onboard prefix from recovery code event * Address another batch of feedback * Use defaults.HTTPClient() * Remove a noisy log message * Demote noisy log message to debug * Temporarily revert e ref for merge Co-authored-by: Michelle Bergquist <michelle.bergquist@goteleport.com> Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
2022-12-05 17:13:54 +00:00
const (
// MetricUsageEventsSubmitted is a count of usage events that have been generated.
MetricUsageEventsSubmitted = "usage_events_submitted_total"
// MetricUsageBatches is a count of batches enqueued for submission.
MetricUsageBatches = "usage_batches_total"
// MetricUsageEventsRequeued is a count of events that were requeued after a
// submission failed.
MetricUsageEventsRequeued = "usage_events_requeued_total"
// MetricUsageBatchSubmissionDuration is a histogram of durations it took to
// submit a batch.
MetricUsageBatchSubmissionDuration = "usage_batch_submission_duration_seconds"
// MetricUsageBatchesSubmitted is a count of event batches successfully
// submitted.
MetricUsageBatchesSubmitted = "usage_batch_submitted_total"
// MetricUsageBatchesFailed is a count of event batches that failed to
// submit.
MetricUsageBatchesFailed = "usage_batch_failed_total"
// MetricUsageEventsDropped is a count of events dropped due to the
// submission buffer reaching a length limit.
MetricUsageEventsDropped = "usage_events_dropped_total"
)
athena audit logs - add metrics (#26331)
2023-05-25 17:22:40 +00:00
// athena audit log metrics
const (
// MetricParquetlogConsumerBatchPorcessingDuration is a histogram of durations it
// took to process single batch of events.
MetricParquetlogConsumerBatchPorcessingDuration = "audit_parquetlog_batch_processing_seconds"
// MetricParquetlogConsumerS3FlushDuration is a histogram of durations it took to
// flush and close parquet files on s3.
MetricParquetlogConsumerS3FlushDuration = "audit_parquetlog_s3_flush_seconds"
// MetricParquetlogConsumerDeleteEventsDuration is a histogram of durations it
// took to delete events from SQS.
MetricParquetlogConsumerDeleteEventsDuration = "audit_parquetlog_delete_events_seconds"
// MetricParquetlogConsumerBatchSize is a histogram of sizes of single batch of events.
MetricParquetlogConsumerBatchSize = "audit_parquetlog_batch_size"
// MetricParquetlogConsumerBatchCount is a count of number of events in single batch.
MetricParquetlogConsumerBatchCount = "audit_parquetlog_batch_count"
// MetricParquetlogConsumerLastProcessedTimestamp is a timestamp of last finished consumer execution.
MetricParquetlogConsumerLastProcessedTimestamp = "audit_parquetlog_last_processed_timestamp"
// MetricParquetlogConsumerOldestProcessedMessage is age of oldest processed message.
MetricParquetlogConsumerOldestProcessedMessage = "audit_parquetlog_age_oldest_processed_message"
// MetricAthenaConsumerCollectFailed is a count of number of errors received from sqs collect.
MetricParquetlogConsumerCollectFailed = "audit_parquetlog_errors_from_collect_count"
)
Reference in a new issue Copy permalink