Infrastructure Layer
Advanced Configuration
You can configure the Gremlin daemon either via environment variables or a configuration file.
Using Environment Variables
The daemon supports the following environment variables:
| Environment Variable | Description |
|---|---|
GREMLIN_TEAM_ID |
Your Team ID (required for authentication) |
GREMLIN_TEAM_SECRET |
Your Team Secret (should only require secret or PEM certificates, not both) |
GREMLIN_TEAM_PRIVATE_KEY_OR_FILE |
Your PEM-encoded private key or path/filename to a file containing the private key (required for authentication) |
GREMLIN_TEAM_CERTIFICATE_OR_FILE |
The PEM-encoded public-key certificate or path/filename to the file containing your PEM-encoded public-key certificate (required for authentication) |
GREMLIN_IDENTIFIER |
Custom name for this client (default as the host's IP address) |
GREMLIN_CLIENT_TAGS |
Comma-separated list of custom tags to assign to this client. For example: GREMLIN_CLIENT_TAGS="zone=us-east1,role=mysql,foo=bar" |
The following are optional environment variables that may be required in Docker containerized deployments:
| Environment Variable | Description |
|---|---|
GREMLIN_BYPASS_USERNS_REMAP |
Indicates to run the Gremlin Daemon on the same Docker namespace as the host. By default, Gremlin does not launch with a namespace defined. To set this variable, change the value to 1 |
GREMLIN_DOCKER_IMAGE |
Indicates the location and version of the Gremlin Docker image to use. This variable can be used to indicate an internal repository. For example: GREMLIN_DOCKER_IMAGE=registry.hub.docker.com/gremlin/gremlin:latest |
In addition, the following standard Linux environment variables allow proxy configuration:
| Environment Variable | Description |
|---|---|
http_proxy |
In the form http[s]://[username:password@]address:port |
https_proxy |
In the form http[s]://[username:password@]address:port |
Using the Configuration File
To configure the daemon using a configuration file instead, create the file, /etc/default/gremlind or copy from /etc/default/gremlind.example:
#==============================#
# Gremlin Daemon Configuration #
#==============================#
# This file is used to expose configuration to the Gremlin daemon process (`gremlind`)
# NOTE: Some process managers such as sysvinit may require these variables to be preceded
# by `export`
# When the Gremlin daemon starts, it will automatically issue a `gremlin init` command to
# register this machine with the Gremlin Control Plane. This requires the following team and
# secret values to be set. If these values are not set, the Gremlin daemon will continue to
# start up. However `gremlin init` will need to be run separately before attacks can be run.
#GREMLIN_TEAM_ID=
#GREMLIN_TEAM_PRIVATE_KEY_OR_FILE=
#GREMLIN_TEAM_CERTIFICATE_OR_FILE=
# Supply extra options to `gremlin init` via this variable
# Example: `GREMLIN_INIT_OPTS=--tag service=api` (see https://www.gremlin.com/docs/infrastructure-layer/advanced-configuration/)
#GREMLIN_INIT_OPTS=
# To use Gremlin with an http proxy, provide the proxy information. Note that all of Gremlin's
# communication with the Gremlin Control Plane is via outbound HTTPs, therefore `https_proxy`
# (not `http_proxy` should be used in most cases)
# Example: https_proxy=https://proxyuser:proxypass@10.0.0.3:3218
#https_proxy=
# Any additional Gremlin Daemon variables (such as GREMLIN_IDENTIFIER) may be defined here
# (see https://www.gremlin.com/docs/infrastructure-layer/advanced-configuration/)You can set any of the environment variables listed in the previous section in the configuration file.