The Linux installer can be used with command line parameters when you can't use the default settings. Note that all parameters listed below are optional.
SERVER—The address of the Dynatrace Server. Use the IP address or a name. Add the port number following a colon, for example
TENANT—Your Dynatrace environment ID. You received this ID with your activation email. By default, this setting is already set to the correct value. If you're selling Dynatrace-based services, use this option to set your customers' IDs (available from the pool of IDs you purchased from Dynatrace).
TENANT_TOKEN—The internal token that is used for authentication when OneAgent connects to the Dynatrace cluster to send data. You can retrieve the tenant token from the following REST endpoint. In return, you will get a JSON object that will include the
HOST_GROUP—The name of a group you want to assign the host to. For details, see Organize your environment using host groups. Requires OneAgent version 1.139. The host group string can only contain alphanumeric characters, hyphens, underscores, and periods. It must not start with
dt. and the maximum length is 100 characters. For example
HOST_GROUP=My.HostGroup_123-456. To remove the host from a group, you must uninstall Dynatrace OneAgent. You can't remove the host from a group when updating Dynatrace OneAgent.
PROXY—The address of the proxy server. Use the IP address or a name. Add the port number following a colon, for example
PROXY=184.108.40.206:8080. We also support IPv6 addresses. To let the installer automatically detect proxy details, use
PROXY=auto. OneAgent installation on Linux supports automatic proxy detection based on the environment variables:
HTTPS_PROXY.If you want the installer to skip entering proxy details, use
APP_LOG_CONTENT_ACCESS—When set to
true, allows Dynatrace OneAgent to access log files for the purpose of log analytics. Accepted values are (
false) or (
0). This option can alternatively be enabled/disabled through the Web UI.
DISABLE_SYSTEM_LOGS_ACCESS—When set to
1, disables Dynatrace OneAgent access to system logs. Dynatrace OneAgent downloads Linux system logs for the purpose of diagnosing issues that may be caused by conditions in your environment. For details, see System logs downloaded by OneAgent. Note that the
DISABLE_SYSTEM_LOGS_ACCESS parameter is a self-diagnostics setting and is not related in any way to Log Analytics controlled by the
INSTALL_PATH—allows installation to a different directory. For example on Linux:
/bin/sh Dynatrace-OneAgent-Linux.sh INSTALL_PATH=/data/dynatrace/. When this parameter is used, the installer creates the symbolic link /
opt/dynatrace/oneagent -> /data/dynatrace and all OneAgent files are placed in the specified directory (in this example,
/data/dynatrace). Note that this symbolic link needs to be removed manually, once OneAgent has been uninstalled. Using this parameter on Linux when SELinux is enabled requires the semanage binary to be available on your system.
INFRA_ONLY—Activates cloud infrastructure monitoring mode, in place of full-stack monitoring mode. With this approach, you receive infrastructure-only health data, with no application or user performance data. For details, see Cloud infrastructure monitoring. Accepted values are
0 (deactivated) and
1 (activated). This option can alternatively be enabled/disabled through the Web UI.
-p—preserves SELinux policy sources after compilation. We want to be as transparent as possible. With this parameter enabled, you can see what we do to ensure that your security policy isn't violated. Go to
/opt/dynatrace/oneagent/SELinuxPolicy to begin investigating.
-n—makes the installer skip SELinux policy installation. If you use this parameter and SELinux policy is active on your system, you'll need to create a custom policy rule for OneAgent yourself. Note that you don't have to use this parameter if SELinux is disabled on your server.
Note: For Dynatrace OneAgent versions 102 and earlier, your security policy can be found at
USER—specifies the name of the non-priviliged user, which is used by unprivileged OneAgent processes. Unprivileged processes are those that don't need root privileges. These processes on Linux are called
Network OneAgent and
Plugin OneAgent. The default behavior is that the Dynatrace installer uses
dtuser for the name of the unprivileged user. If
USER=<username> parameter is specified, then the installer uses
<username> as the name of the unprivileged user.
In both cases, the Dynatrace installer checks whether a required user (
dtuser or specified by
USER parameter) already exists in the system. If a user and a group with the same name exist and this user has that group set as its primary one, the user is used to start the Network OneAgent and the Plugin OneAgent processes. If a user doesn't exist, the Dynatrace installer creates this user and group and later starts these unprivileged processes with this new user. If a user exists in the system but doesn't have group with the same name set as its primary one, the installation is aborted—to use a group with different name, you must use the
USER string can only contain alphanumeric characters, the minimum length is 3 characters, the maximum length is 32 characters, and it can't be a user identifier string.
GROUP—can only be used in conjunction with the
USER parameter and is used to specify the primary group for the user passed via the
USER parameter. If you don't specify the
GROUP parameter, the installer assumes it's the same as the
USER, for both existing and non-existing users. If you specify the group using the
GROUP parameter, and a user doesn't exist, the installer creates the user and assigns it to the specified group. You also use the
GROUP parameter to specify an unprivileged user that belongs to a specific group, with a different name than the user name. To harden your system security, we strongly recommend to use a dedicated user group to run OneAgent processes.
GROUP string can only contain alphanumeric characters, the minimum length is 3 characters, the maximum length is 32 characters, and it can't be a group identifier string.
NON_ROOT_MODE—Dynatrace OneAgent v1.141 and above can be installed in non-priviliged mode. This is the only time you need to grant elevated privileges to Dynatrace OneAgent. Elevated privileges are dropped as soon as Dynatrace OneAgent is deployed.
To install Dynatrace OneAgent in non-priviliged mode, you need to manually append the
NON_ROOT_MODE=1 parameter to the installation command. For example:
sudo /bin/sh Dynatrace-Agent-Linux-1.0.0.sh NON_ROOT_MODE=1
To switch the installer back to the default mode for consecutive updates, run it with
Note that non-priviliged mode requires Linux kernel capabilities available in the versions:
- v2.6.26 and above for Dynatrace OneAgent installation without root privileges.
- v4.3 and above (recommended systemd ≥ 221) for Dynatrace OneAgent automatic updates and full operation without root privileges.
DISABLE_ROOT_FALLBACK— is used with conjuction with
NON_ROOT_MODE parameter. Use it to block the superuser permission level for Dynatrace OneAgent run in the non-priviliged mode. The root privileges are required for automatic updates and selected operations on kernel versions between 2.6.26 and 4.3, that is versions without the support for Linux ambient capabilities.
sudo /bin/sh Dynatrace-Agent-Linux-1.0.0.sh NON_ROOT_MODE=1 DISABLE_ROOT_FALLBACK=1
To switch the installer back to use the superuser permission level for consecutive updates, run it with
For more information, check the permission requirements for OneAgent installation and operation on Linux.
- The uninstall process doesn't delete the unprivileged user from the system (whether or not it's
dtuseror specified by the
- The unprivileged
usernameis preserved during upgrades, unless a new username is specified during upgrade.