How to Install and Use Gremlin with Docker on Ubuntu 16.04
Gremlin is a simple, safe and secure way to use Chaos Engineering to improve system resilience. You can use Gremlin with Docker in a variety of ways. It is possible to attack Docker containers and it is also possible to run Gremlin in a container to create attacks against the host or other containers.
This tutorial will provide a walkthrough of the following:
- How to install Docker
- How to create a htop container to monitor the host and containers
- How to create an Nginx Docker container to attack using Gremlin
- How to install Gremlin on the host
- How to create a CPU Attack from the host against an nginx Docker container using the Gremlin Control Panel
To run Gremlin in a Docker container, view the guide on How to Install and Use Gremlin in a Docker Container.
Before you begin this tutorial, you’ll need the following:
- An Ubuntu 16.04 server
- A Gremlin account (sign up here)
- The <span class="code-class-custom">apt-transport-https</span> package to be able to install gremlin from our repo via HTTPS.
Step 1 - Installing Docker
In this step, you’ll install Docker.
Add Docker’s official GPG key:
Use the following command to set up the stable repository.
Update the apt package index:
Make sure you are about to install from the Docker repo instead of the default Ubuntu 16.04 repo:
Install the latest version of Docker CE:
Docker should now be installed, the daemon started, and the process enabled to start on boot. Check that it's running:
Make sure you are in the Docker usergroup, replace $USER with your username:
Log out and back in for your permissions to take effect, or type the following:
Step 2 - Create an htop container for monitoring
htop is an interactive process viewer for unix.
Create the docker file:
Add the following to the Dockerfile:
Build the Dockerfile and tag the image:
Run htop inside a container:
To exit htop, use the q key.
Next we will create an nginx container and monitor the new container directly by joining the nginx container’s pid namespace.
Step 3 - Create an nginx Docker container to be used for Gremlin Attacks
First we will create a directory for the html page we will serve using nginx:
Create a simple html page:
Paste in the content shown below:
Create a container using the nginx Docker image:
View the nginx Docker container
You will see the following:
Step 4 - Use an htop container to monitor an nginx Docker container
htop can be used to monitor Gremlin attacks against the host and Gremlin attacks against individual containers.
Join the docker-nginx container’s pid namespace:
Before the attack, htop will show you that CPU is not spiking:
Next we are going to install Gremlin on the host to perform attacks.
Step 5 - Installing the Gremlin Daemon and CLI
First, add the Gremlin Debian repository:
Import the repo’s GPG key:
Then install the Gremlin daemon and CLI:
After you have created your Gremlin account (sign up here) you will need to find your Gremlin Daemon credentials. Login to the Gremlin App using your Company name and sign-on credentials. These were emailed to you when you signed up to start using Gremlin.
Navigate to Team Settings and click on your Team.
Store your Gremlin agent credentials as environment variables, for example:
Next run the Gremlin Daemon in a Container.
Use docker run to pull the official Gremlin Docker image and run the Gremlin daemon:
Use docker ps to see all running Docker containers:
Jump into your Gremlin container with an interactive shell (replace b281e749ac33 with the real ID of your Gremlin container):
From within the container, check out the available attack types:
Step 6 - Creating attacks using the Gremlin App
Example: Creating a CPU Attack from the host against the nginx Docker container using the App
The “Hello World” of Chaos Engineering is the CPU Resource Attack. To create a CPU Resource Attack select “Resource” and then “CPU” in the dropdown menu.
The CPU Resource Attack will consume CPU resources based on the settings you select. The most popular default settings for a CPU Resource Attack are pre-selected, a default attack will utilize 1 core for 60 seconds. Before you can run the Gremlin attack you will need to click either Exact hosts to run the attack on or click the Random attack option.
Click Exact and select the host you created the nginx Docker container on, in this example that is 126.96.36.199.
Example: Using Container Labels to Attack Specific Containers
Container labels will enable you to choose containers on your host to attack.
Click to enable container labels, type in the label details of the container.
For this example, the Nginx Docker container label we created is set to service=nginx.
Finally select ”Create” to kick off a random Gremlin CPU Resource Attack on the nginx Docker container.
Your attack will begin to run, you will be able to view its progress via Gremlin Attacks in the Gremlin Control Panel.
To view the results of the attack join the docker-nginx container’s pid namespace:
You will see the following in htop:
If you have the Gremlin Slackbot enabled you will also see the bot post that the Gremlin Attack has started. When it’s successful the Gremlin Slackbot will post again. To setup the Gremlin Slackbot follow the guide, How to Setup and Use the Gremlin Slackbot.
When your attack is finished it will move to Completed Attacks in the Gremlin App.
To view the logs of the Attack, click on the Attack in Completed Attacks.
You've installed Gremlin on a server running Docker and validated that Gremlin works by running the “Hello World” of Chaos Engineering for Docker Containers, the CPU Resource attack. You now possess tools that make it possible for you to explore additional Gremlin Attacks.
Gremlin’s Developer Guide is a great resource and reference for using Gremlin to do Chaos Engineering. You can also explore the Gremlin Community for more information on how to use Chaos Engineering with your infrastructure.