Process Collection
Gremlin can collect information about the processes running on the Linux machines where the Gremlin Agent is installed. This process information is required to define Services in Gremlin Reliability Management and helps inform Gremlin's Service features.
What is collected?
For every process visible to the Gremlin Agent, Gremlin will collect:
- process ID (PID)
- parent process ID (PPID)
- active UDP and TCP sockets (<span class="code-class-custom">ipaddress:port</span>)
- path to process executable
- command line argument to process
Requirements
- Gremlin Agent version <span class="code-class-custom">2.18.0</span>
- Gremlin Kubernetes Chao version <span class="code-class-custom">0.3+</span>
- Gremlin must run within the PID namespace of the host; for Kubernetes this means hostPID=true
- Gremlin needs the CAP_SYS_PTRACE capability
- Gremlin needs the CAP_DAC_READ_SEARCH capability
Process Collection is not supported for Windows.
Enable Process Collection
As of Linux Agent version 2.25.0, Gremlin automatically enables Process Collection.
To enable Process Collection, use one of the following methods:
- set <span class="code-class-custom">GREMLIN_COLLECT_PROCESSES=true</span> in the Gremlin agent environment (by writing to <span class="code-class-custom">/etc/default/gremlind</span>)
- set <span class="code-class-custom">collect_processes: true</span> in /etc/gremlin/config.yaml
Examples
The following sections show examples for enabling Process Collection on your platform.
Existing installation
# This setcap command is only required for versions below 2.18.0. These capabilities are set by default in later versions.
sudo setcap cap_sys_ptrace,cap_dac_read_search+ep /usr/sbin/gremlind \
&& echo GREMLIN_COLLECT_PROCESSES=true | sudo tee -a /etc/default/gremlind \
&& sudo systemctl restart gremlind
APT
echo "deb https://deb.gremlin.com/ release non-free" | sudo tee /etc/apt/sources.list.d/gremlin.list \
&& sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9CDB294B29A5B1E2E00C24C022E8EF3461A50EF6 \
&& sudo apt update \
&& GREMLIN_COLLECT_PROCESSES=true sudo -E apt install gremlin gremlind
YUM
sudo curl https://rpm.gremlin.com/gremlin.repo -o /etc/yum.repos.d/gremlin.repo \
&& GREMLIN_COLLECT_PROCESSES=true sudo -E yum install gremlin gremlind
Kubernetes
If you’re upgrading an existing Helm installation of the Gremlin Agent, run the following command with helm upgradeM/span> instead of helm install.
helm repo add gremlin https://helm.gremlin.com
helm repo update
helm install gremlin gremlin/gremlin \
--namespace gremlin \
--set gremlin.hostPID=true \
--set gremlin.collect.processes=true \
--set gremlin.secret.managed=true \
--set gremlin.secret.type=secret \
--set gremlin.secret.clusterID=my-cluster \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET
Docker
docker run -d \
--pid=host \
--cap-add=SYS_PTRACE \
-v /var/lib/gremlin:/var/lib/gremlin \
-v /var/log/gremlin:/var/log/gremlin \
-v /var/run/docker.sock:/var/run/docker.sock \
-e GREMLIN_TEAM_ID \
-e GREMLIN_TEAM_SECRET \
-e GREMLIN_IDENTIFIER \
-e GREMLIN_COLLECT_PROCESSES=true \
gremlin/gremlin daemon
Disable Process Collection
To disable Process Collection, use one of the following methods:
- set GREMLIN_COLLECT_PROCESSES=false in the Gremlin agent environment (by writing to /etc/default/gremlind)
- set collect_processes: false in /etc/gremlin/config.yaml
Examples
The following sections show examples for disabling Process Collection on your platform.
Existing installation
echo GREMLIN_COLLECT_PROCESSES=false | sudo tee -a /etc/default/gremlind \
&& sudo systemctl restart gremlind
APT
echo "deb https://deb.gremlin.com/ release non-free" | sudo tee /etc/apt/sources.list.d/gremlin.list \
&& sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9CDB294B29A5B1E2E00C24C022E8EF3461A50EF6 \
&& sudo apt update \
&& GREMLIN_COLLECT_PROCESSES=false sudo -E apt install gremlin gremlind
YUM
sudo curl https://rpm.gremlin.com/gremlin.repo -o /etc/yum.repos.d/gremlin.repo \
&& GREMLIN_COLLECT_PROCESSES=false sudo -E yum install gremlin gremlind
Kubernetes
If you’re upgrading an existing Helm installation of the Gremlin Agent, run the following command with helm upgrade instead of helm install.
helm repo add gremlin https://helm.gremlin.com
helm repo update
helm install gremlin gremlin/gremlin \
--namespace gremlin \
--set gremlin.hostPID=true \
--set gremlin.collect.processes=false \
--set gremlin.secret.managed=true \
--set gremlin.secret.type=secret \
--set gremlin.secret.clusterID=my-cluster \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET
Docker
docker run -d \
--pid=host \
--cap-add=SYS_PTRACE \
-v /var/lib/gremlin:/var/lib/gremlin \
-v /var/log/gremlin:/var/log/gremlin \
-v /var/run/docker.sock:/var/run/docker.sock \
-e GREMLIN_TEAM_ID \
-e GREMLIN_TEAM_SECRET \
-e GREMLIN_IDENTIFIER \
-e GREMLIN_COLLECT_PROCESSES=false \
gremlin/gremlin daemon
