From be1c7e50e1e8809ea56f2c9d472eccd8ffd73a97 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 04:57:58 +0200
Subject: Adding upstream version 1.44.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../ebpf.plugin/integrations/ebpf_processes.md     | 187 +++++++++++++++++++++
 1 file changed, 187 insertions(+)
 create mode 100644 collectors/ebpf.plugin/integrations/ebpf_processes.md

(limited to 'collectors/ebpf.plugin/integrations/ebpf_processes.md')

diff --git a/collectors/ebpf.plugin/integrations/ebpf_processes.md b/collectors/ebpf.plugin/integrations/ebpf_processes.md
new file mode 100644
index 00000000..62542359
--- /dev/null
+++ b/collectors/ebpf.plugin/integrations/ebpf_processes.md
@@ -0,0 +1,187 @@
+<!--startmeta
+custom_edit_url: "https://github.com/netdata/netdata/edit/master/collectors/ebpf.plugin/integrations/ebpf_processes.md"
+meta_yaml: "https://github.com/netdata/netdata/edit/master/collectors/ebpf.plugin/metadata.yaml"
+sidebar_label: "eBPF Processes"
+learn_status: "Published"
+learn_rel_path: "Data Collection/eBPF"
+most_popular: False
+message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE COLLECTOR'S metadata.yaml FILE"
+endmeta-->
+
+# eBPF Processes
+
+
+<img src="https://netdata.cloud/img/ebpf.jpg" width="150"/>
+
+
+Plugin: ebpf.plugin
+Module: processes
+
+<img src="https://img.shields.io/badge/maintained%20by-Netdata-%2300ab44" />
+
+## Overview
+
+Monitor calls for function creating tasks (threads and processes) inside Linux kernel.
+
+Attach tracing (kprobe or tracepoint, and trampoline) to internal kernel functions.
+
+This collector is only supported on the following platforms:
+
+- Linux
+
+This collector supports collecting metrics from multiple instances of this integration, including remote instances.
+
+The plugin needs setuid because it loads data inside kernel. Netada sets necessary permission during installation time.
+
+### Default Behavior
+
+#### Auto-Detection
+
+The plugin checks kernel compilation flags (CONFIG_KPROBES, CONFIG_BPF, CONFIG_BPF_SYSCALL, CONFIG_BPF_JIT), files inside debugfs, and presence of BTF files to decide which eBPF program will be attached.
+
+#### Limits
+
+The default configuration for this integration does not impose any limits on data collection.
+
+#### Performance Impact
+
+This thread will add overhead every time that an internal kernel function monitored by this thread is called.
+
+
+## Metrics
+
+Metrics grouped by *scope*.
+
+The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.
+
+
+
+### Per eBPF Processes instance
+
+These metrics show total number of calls to functions inside kernel.
+
+This scope has no labels.
+
+Metrics:
+
+| Metric | Dimensions | Unit |
+|:------|:----------|:----|
+| system.process_thread | process | calls/s |
+| system.process_status | process, zombie | difference |
+| system.exit | process | calls/s |
+| system.task_error | task | calls/s |
+
+### Per apps
+
+These Metrics show grouped information per apps group.
+
+Labels:
+
+| Label      | Description     |
+|:-----------|:----------------|
+| app_group | The name of the group defined in the configuration. |
+
+Metrics:
+
+| Metric | Dimensions | Unit |
+|:------|:----------|:----|
+| app.process_create | calls | calls/s |
+| app.thread_create | call | calls/s |
+| app.task_exit | call | calls/s |
+| app.task_close | call | calls/s |
+| app.task_error | app | calls/s |
+
+### Per cgroup
+
+These Metrics show grouped information per cgroup/service.
+
+This scope has no labels.
+
+Metrics:
+
+| Metric | Dimensions | Unit |
+|:------|:----------|:----|
+| cgroup.process_create | process | calls/s |
+| cgroup.thread_create | thread | calls/s |
+| cgroup.task_exit | exit | calls/s |
+| cgroup.task_close | process | calls/s |
+| cgroup.task_error | process | calls/s |
+| services.process_create | a dimension per systemd service | calls/s |
+| services.thread_create | a dimension per systemd service | calls/s |
+| services.task_close | a dimension per systemd service | calls/s |
+| services.task_exit | a dimension per systemd service | calls/s |
+| services.task_error | a dimension per systemd service | calls/s |
+
+
+
+## Alerts
+
+There are no alerts configured by default for this integration.
+
+
+## Setup
+
+### Prerequisites
+
+#### Compile kernel
+
+Check if your kernel was compiled with necessary options (CONFIG_KPROBES, CONFIG_BPF, CONFIG_BPF_SYSCALL, CONFIG_BPF_JIT) in `/proc/config.gz` or inside /boot/config file. Some cited names can be different accoring preferences of Linux distributions.
+When you do not have options set, it is necessary to get the kernel source code from https://kernel.org or a kernel package from your distribution, this last is preferred. The kernel compilation has a well definedd pattern, but distributions can deliver their configuration files
+with different names.
+
+Now follow steps:
+1. Copy the configuration file to /usr/src/linux/.config.
+2. Select the necessary options: make oldconfig
+3. Compile your kernel image: make bzImage
+4. Compile your modules: make modules
+5. Copy your new kernel image for boot loader directory
+6. Install the new modules: make modules_install
+7. Generate an initial ramdisk image (`initrd`) if it is necessary.
+8. Update your boot loader
+
+
+#### Debug Filesystem
+
+This thread needs to attach a tracepoint to monitor when a process schedule an exit event. To allow this specific feaure, it is necessary to mount `debugfs` (`mount -t debugfs none /sys/kernel/debug/`).
+
+
+
+### Configuration
+
+#### File
+
+The configuration file name for this integration is `ebpf.d/process.conf`.
+
+
+You can edit the configuration file using the `edit-config` script from the
+Netdata [config directory](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#the-netdata-config-directory).
+
+```bash
+cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
+sudo ./edit-config ebpf.d/process.conf
+```
+#### Options
+
+All options are defined inside section `[global]`.
+
+
+<details><summary>Config options</summary>
+
+| Name | Description | Default | Required |
+|:----|:-----------|:-------|:--------:|
+| update every | Data collection frequency. | 5 | no |
+| ebpf load mode | Define whether plugin will monitor the call (`entry`) for the functions or it will also monitor the return (`return`). | entry | no |
+| apps | Enable or disable integration with apps.plugin | no | no |
+| cgroups | Enable or disable integration with cgroup.plugin | no | no |
+| pid table size | Number of elements stored inside hash tables used to monitor calls per PID. | 32768 | no |
+| ebpf type format | Define the file type to load an eBPF program. Three options are available: `legacy` (Attach only `kprobe`), `co-re` (Plugin tries to use `trampoline` when available), and `auto` (plugin check OS configuration before to load). | auto | no |
+| ebpf co-re tracing | Select the attach method used by plugin when `co-re` is defined in previous option. Two options are available: `trampoline` (Option with lowest overhead), and `probe` (the same of legacy code). This plugin will always try to attach a tracepoint, so option here will impact only function used to monitor task (thread and process) creation. | trampoline | no |
+| maps per core | Define how plugin will load their hash maps. When enabled (`yes`) plugin will load one hash table per core, instead to have centralized information. | yes | no |
+| lifetime | Set default lifetime for thread when enabled by cloud. | 300 | no |
+
+</details>
+
+#### Examples
+There are no configuration examples.
+
+
-- 
cgit v1.2.3