Dynatrace Managed feature update, Version 138

Swaggerized Cluster Management API

Dynatrace now uses Swagger to generate an OpenAPI specification for our on-premise APIs, which supports machine-readable JSON and YAML formats (https://<cluster-webui-domain>/api/v1.0/onpremise/spec.[json|yaml]). Additionally, we’re proud to announce that we now bundle the Swagger UI with the Cluster Management Console. This means you can now visualize and interact with API resources without the underlying implementation logic in place. And you can now directly execute REST methods on our API without implementing or using a separate REST client.

To access the Cluster Management API specification

  1. Expand the user menu in the upper-right corner of the Cluster Management Console.
  2. Click the Cluster Management API link to open the API documentation, which is automatically generated from our Swagger specification (i.e., class and method-level annotations).

Note: If when you access the Cluster Management API documentation for the first time, you see a warning (a red exclamation point icon) in the upper-right corner of each operation detail pane (see example above), your access to the documentation hasn’t yet been authenticated. To enable authentication, you must create an API authentication token or use an existing token, as explained below.

To create an API token for authentication

  1. Select Settings from the navigation menu and click API tokens.
  2. Type a value for the secure access API token into the text field.
  3. Click the Generate token button to activate the new token.
  4. Copy the new token to your clipboard and return to the Cluster Management API documentation.
  5. Click the red exclamation-point warning button displayed within any operation detail pane.
  6. Paste the copied API token into the Value field and enclose the token in the form:
    Api-Token <your-api-token>
  7. Click the Authorize button.

Now you can execute any API operation listed in the Cluster Management API documentation by clicking the respective Execute button.  In future releases, we plan to allow HTTP Basic authentication via your CMC username and password, in addition to the token-based approach to authentication.

Security enhancements

We’ve invested considerable effort into providing security updates and improvements for Dynatrace Managed.

In response to recent side-channel attack vulnerabilities (namely Meltdown and Spectre) we performed a critical kernel update on our backend services, including Mission Control. For details, please see ALAS-2018-939 and Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715.

We no longer use the temp directory (/tmp) to store and launch executables. The installer script now unpacks binaries to /opt/dynatrace-managed/installer/bin. Bundled Managed components that depend on the JVM’s usage of the /tmp directory, including Cassandra and Elasticsearch, are now started with an additional JVM parameter that specifies a custom temp directory: -Djava.io.tmpdir sets a custom directory such as /opt/dynatrace-managed/tmp-bin.

Further, generation of the cluster UUID has been reworked to only use randomized input (no identifiable information). Analysis showed that externally linked libraries for UUID generation retrieved and used the machine’s MAC address, which posed problems for some customers.

Also in this Release

  • Session stickiness (nginx) is now enabled by default and listening on port 8022. If you managed iptables rules manually, keep in mind to update that port. Log files stored at /var/opt/dynatrace-managed/log/nginx are controlled by the Dynatrace Server. Log file rotation is performed once the log file size reaches 20 MBs in size. The maximum number of stored log files for access.log and error.log is 11 (including the currently selected log file).
  • We extended the SMTP configuration options in CMC to support STARTTLS (see below). To set up your SMTP connection security within CMC, go to Settings > Emails >  SMTP server.

  • Port 9160 has been removed from iptables configuration as it’s no longer required due to the removal of the Astyanax Java client for Cassandra.
  • Dynatrace Managed Security Gateway domain and certificate information now includes the configured port to facilitate configuration debugging (Settings > Public endpoints).
  • We have added Amazon Linux to the list of supported platforms for Dynatrace Managed server.

Other new features

Additionally, all new features introduced with Dynatrace SaaS Version 137 and Version 138 are now also supported by Dynatrace Managed.