This topic explains how to run OneAgent as a Docker container, as opposed to the standard script-based Linux installation approach.
To monitor applications that run in Docker containers, run Dynatrace OneAgent on the host—either as a separate container or by installing Dynatrace OneAgent on the host. You don't need to embed OneAgent into any of your Docker images or inherit it from a special base image.
Before you begin
What you'll need:
- Dynatrace environment credentials
Your Docker environment must allow your OneAgent container to run in privileged mode.
Locate your Dynatrace environment credentials
The first step is to get your Dynatrace environment ID and token. This information is presented to you during Dynatrace OneAgent installation.
To get your Dynatrace environment ID and token
- Select Deploy Dynatrace from the navigation menu.
- Click Start installation and select Linux.
- Locate your environment ID and token, as shown below.
Run Dynatrace OneAgent as a Docker container
To run Dynatrace OneAgent as a Docker container you need to issue the following
docker run command on all your Docker hosts:
$ docker run -d --restart=unless-stopped --privileged=true --pid=host --net=host --ipc=host -v /:/mnt/root dynatrace/oneagent TENANT=REPLACE_WITH_YOUR_ENVIRONMENT_ID TENANT_TOKEN=REPLACE_WITH_YOUR_TOKEN SERVER=REPLACE_WITH_YOUR_CONNECTION_ENDPOINT
Be sure to replace all
REPLACE_WITH placeholders in the command with the respective credential information explained above. For example, the connection endpoint in
If you're using Dynatrace Managed, the connection endpoint for your Managed cluster is
Note: The variables
SERVER must be handed over to the Docker container in a command, not as environment variables.
Using a container orchestration tool
If you use a container orchestration tool, your orchestrator can deploy the Dynatrace OneAgent container for you. The example snippets below show you how to take advantage of orchestration tools in deploying Dynatrace OneAgent to all your nodes.
Custom installation with command line parameters
You can alternatively perform a custom installation with command line parameters.
Dynatrace OneAgent is what is referred to as a "super-privileged container." It's designed to have almost complete access to the host system as a root user. The following Docker command options open selected privileges to the host:
--ipc=host - Allows processes running inside the container to directly access the host’s IPC namespace.
--net=host - Allows processes running inside the container to directly access host network interfaces.
--pid=host - Allows processes running inside the container to see and work with all processes in the host process table.
-v /:/mnt/root - Mounts the host's root directory into the container at
/mnt/root to enable the installation of Dynatrace OneAgent on the host at
Running Dynatrace OneAgent as a Docker container gives you full-stack visibility into your complete containerized environment. This includes deep monitoring of supported applications, services, and databases.
Deep monitoring for native (i.e., non-containerized) processes on the host is disabled. In addition, log analytics functionality doesn't have access to logs stored at the Docker-host level, including logs gathered by the Docker JSON logging driver.
Also, note that when OneAgent is deployed as a Docker image, OneAgent auto-update isn't supported. To upgrade OneAgent, you must redeploy the Docker image. To automate the procedure for upgrading OneAgent within Docker containers, write a script that includes the following steps:
- Pull the latest image from the Docker Hub using the following command:
$ docker pull dynatrace/oneagent
- Stop the old OneAgent container.
- Deploy OneAgent again.