Customize installation for Dynatrace Managed
You can use command line parameters to override some default settings or to upgrade Dynatrace Managed.
By default you don't need to use any parameters to install Dynatrace Managed. The installer works in interactive mode. It asks you either to confirm the default settings or provide your own values. The values you enter during installation always take precedence. They override command line parameter values as well as default values.
When you run the installer in interactive mode with command line parameters, the parameter values are presented as prompts (instead of defaults). If you enter any values at this point, they will take precedence.
To install Dynatrace Managed in non-interactive mode with default settings, use the
--install-silent parameter. Remember to use
--license to provide the license key that we sent you.
What are the default settings?
- Installation path (binaries):
Starting with Dynatrace Managed 1.216, do not use
/opt/dynatraceas an installation path for Dynatrace Managed binaries.
- Dynatrace Server data files:
- The system user who runs Dynatrace processes:
- The system group who runs Dynatrace processes:
You can use the
help parameter from the command line to list all available command line options of the Dynatrace Managed installer. As root, type:
See below the supported command-line parameters for the Dynatrace Managed installer.
Initial configuration parameters
The following environment and admin-user attribute parameters should be used for initial server configuration. When specified, the installer will generate an authentication token for the public REST API following successful installation and cluster registration.
Use this parameter to specify the name of the environment.
Use this parameter to specify the administrator's first name.
Use this parameter to specify the administrator's last name.
Use this parameter to specify the administrator's email.
Use this parameter to specify the administrator's password.
Installation mode parameters
You can run the Dynatrace Managed installer in any of the following modes:
This is standard, interactive installation.
Use this parameter to install with default settings in non-interactive mode. You can use this parameter to automate Dynatrace Managed installation. You can use other command line parameters to bypass some of the default settings.
This parameter can only be used in Premium HA mode. You can use this parameter to automate Dynatrace Managed installation in a new data center. You can use other command line parameters to bypass some of the default settings.
Starts the upgrade process. Use this parameter if you want to start Dynatrace Managed upgrade from the command line.
Use this parameter to check if the machine and operating system fulfills the requirements of the new version.
Restores Dynatrace Managed installation from the backup file referenced by the
--backup-file parameter. Backup is performed by Dynatrace Managed on a daily basis once you've enabled and configured backup on Dynatrace Managed.
Reconfigure existing installation using setup parameters.
Safely uninstalls Dynatrace Managed.
Use this parameter to verify that the installer file isn't corrupt.
When restoring: full path to backup file with configuration and data.
--timeouts <component:value, ..>
Use this parameter to lengthen timeouts for specified components. Example use cases:
- You find out that a specific component requires a longer timeout; for example, your OS firewall startup requires a few minutes.
- You have many tenants, so you need more time for Server startup.
Base timeout in seconds. This value is added to the component-specific timeouts listed below for Nodekeeper, Cassandra, Elasticsearch, Server, ActiveGate, and NGINX.
Nodekeeper startup process timeout seconds =
Cassandra startup process timeout seconds =
Elasticsearch startup process timeout seconds =
Server startup process timeout seconds =
ActiveGate startup process timeout seconds =
NGINX startup process timeout seconds =
Firewall startup process timeout seconds =
You can change the installation path and other settings using the following parameters:
Full path to the Dynatrace binaries directory.
Using this parameter with SELinux enabled requires the semanage utility to be available on your system.
Use this parameter to provide the license key you obtained from the Dynatrace team.
Dynatrace license file, used when license key is not provided.
If you have SELinux enabled, the following parameters require the semanage utility to be available on your system.
Full path to the Dynatrace installation space directory. We recommend that you use a dedicated drive or partition for this directory. Only Dynatrace data that isn't configured in other stores is kept here. If you don't configure specific paths for any of the other data stores, all Dynatrace data will be kept here.
Full path to Dynatrace session replay store. Default is
Full path to the Dynatrace metrics repository directory. If you specify this location, metrics data will be kept here instead of in the main data location.
Full path to Dynatrace Elasticsearch store directory.
Full path to Dynatrace raw transaction store directory. If you specify this location, raw transaction data will be kept here instead of in the main data location.
To make the configuration as secure as possible, Dynatrace creates a unique Linux system user of Dynatrace Managed services.
The system user:
- Gets only the read, write, and execute permission to the files needed,
- Has no home directory,
- Has a
- Has a disabled login
These measures prevent users from signing in and storing files. If system security is compromised, such preventive measures limit the number of actions an attacker can perform. If you decide to use a default user account, we recommend that you set it up with the above principles in mind.
The following parameters specify a system user who is authorized to run Dynatrace processes.
The user name and group name of the system user who is authorized to run Dynatrace processes.
The default value is
The user ID and group ID of the system user who is authorized to run Dynatrace processes.
The default value is
You can specify one or both parameters.
- The user/group name and user ID/group ID must be the same on all cluster nodes to ensure proper access to shared storage (for example, backup).
- If you specify the user and group parameter and override the default settings, your modified values will automatically propagate as the new default value to subsequent nodes added to the cluster.
Connectivity to Mission Control
If your machine uses a network proxy to connect to the Internet, put the address here in the following format:
protocol://[user:password@]server-address:port. The default value is
If your machine uses a network HTTPS proxy with self-signed certificate, you have to extend trusted certificates store. Full path to a public SSL certificate file in PEM format should follow that parameter.
Token used for registration in Mission Control (optional for regular installation).
If your machine has more than one network interface you need to decide which network interface will be used for Dynatrace Cluster traffic and put its IP4 address here.
--cluster-nodes <id:ip, ..>
You can specify the node ID with the IP address. Use this when you restore a cluster and you must attach a replacement node that has a different IP address than the original.
IPv4 address of the seed node in the cluster.
Authentication token for connection to seed node. You'll find this after logging into the seed node, on the Download node installer page. This token is valid for three hours.
For rack aware deployments, provide the data center that contains the rack where you want to add the node.
For rack aware deployments, indicate the name of the rack to which the node is to be added.
Enable/disable installation of self-monitoring OneAgent. The default value is
name:group of system user who should run self-monitoring agent. Use only if default user for agent cannot be used.
Allows installation of self-monitoring OneAgent to a different directory. For example, on Linux:
/bin/sh Managed-installer.sh --agent-dir /opt/dt/self-monitoring.
--agent-dir set to
/data/dynatrace/, the installer creates the symbolic link
/data/dynatrace and all OneAgent files are placed into the specified directory (in this example,
/data/dynatrace). Note that this symbolic link needs to be removed manually, once OneAgent has been uninstalled. Using this parameter on Linux when SELinux is enabled requires the
semanage binary to be available on your system.
SSL certificates parameters
Command line parameters can also help you install or update SSL certificates on Dynatrace Managed. For more information on installing fully-qualified digital certificates, see Can I use my own SSL certificate?
Space-separated list of protocols accepted by SSL connections. Replaces the default list.
Definition of ciphers accepted by SSL connections. Replaces the default definition. This definition must first be validated with an
openssl ciphers command.
Enable/disable cipher auto-update, which sets default values for protocols and ciphers accepted by SSL connections on each upgrade/reconfiguration. The default for new nodes is
Enable/disable altering of
/etc/hosts file. The default is
Command that should be used for executing system commands with superuser privileges. Should contain the variable
$CMD (typed as
\$CMD). By default the following is used:
/usr/bin/sudo \$CMD. For example:
dynatrace-managed.sh --sudo-cmd "/usr/bin/pbrun \$CMD"
--no-start (Upgrade only)
Use this parameter when you don't want Dynatrace Managed to start immediately following an upgrade.
Use this parameter when uninstalling a cluster to unregister the cluster and release license from Mission Control.
Print version information.
Full path to the directory for installer temp files.