Infrastructure Layer

Enabling Services Discovery

Gremlin can collect information about the running processes on the Linux machines in which the agent is installed. This process information will help inform Gremlin's Services Discovery features.

What is collected?

For every process visible to the Gremlin agent, Gremlin will collect:

  • process ID (PID)
  • parent process ID (PPID)
  • active UDP and TCP sockets (ipaddress:port)
  • path to process executable
  • command line argument to process

Requirements

Enable process collection

Gremlin 2.18.0 disables process collection by default. Enable it with one of the following:

  • set GREMLIN_COLLECT_PROCESSES=true in the Gremlin agent environment (i.e. by writing it to /etc/default/gremlind)
  • setting collect_processes: true in /etc/gremlin/config.yaml

The following subsections show examples for enabling process collection on your platform.

Existing installation

shell
1# This setcap command is only required for versions below 2.18.0. These capabilities are set by default in later versions.
2sudo setcap cap_sys_ptrace,cap_dac_read_search+ep /usr/sbin/gremlind \
3 && echo GREMLIN_COLLECT_PROCESSES=true | sudo tee -a /etc/default/gremlind \
4 && sudo systemctl restart gremlind

APT

shell
1echo "deb https://deb.gremlin.com/ release non-free" | sudo tee /etc/apt/sources.list.d/gremlin.list \
2 && sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9CDB294B29A5B1E2E00C24C022E8EF3461A50EF6 \
3 && sudo apt update \
4 && GREMLIN_COLLECT_PROCESSES=true sudo -E apt install gremlin gremlind

YUM

shell
1sudo curl https://rpm.gremlin.com/gremlin.repo -o /etc/yum.repos.d/gremlin.repo \
2 && GREMLIN_COLLECT_PROCESSES=true sudo -E yum install gremlin gremlind

Kubernetes

shell
1helm repo add gremlin https://helm.gremlin.com
2helm repo update
3helm install gremlin gremlin/gremlin \
4 --namespace gremlin \
5 --set gremlin.hostPID=true \
6 --set gremlin.collect.processes=true \
7 --set gremlin.secret.managed=true \
8 --set gremlin.secret.type=secret \
9 --set gremlin.secret.clusterID=my-cluster \
10 --set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
11 --set gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET

Docker

shell
1docker run -d \
2 --pid=host \
3 --cap-add=SYS_PTRACE \
4 -v /var/lib/gremlin:/var/lib/gremlin \
5 -v /var/log/gremlin:/var/log/gremlin \
6 -v /var/run/docker.sock:/var/run/docker.sock \
7 -e GREMLIN_TEAM_ID \
8 -e GREMLIN_TEAM_SECRET \
9 -e GREMLIN_IDENTIFIER \
10 -e GREMLIN_COLLECT_PROCESSES=true \
11 gremlin/gremlin daemon