Deploy OneAgent on Elastic Container Service (EC2)

To deploy OneAgent on AWS Elastic Container Service (ECS) clusters with EC2 launch type, follow the instructions below.

Prerequisites

  • ECS cluster with Linux-based container instances.
  • Review the list of supported applications and versions.
  • Create the ecsinstanceRole IAM role in the ECS console.

Deploy OneAgent as a daemon service

This approach describes the installation of OneAgent as a daemon service in its own container. ECS orchestrates the execution of the OneAgent task on each container instance that is part of the cluster.

  1. On the ECS console, go to Task Definitions > Create new Task Definition. Select EC2 and then Next step.

  2. In Configure task and container definitions, enter the following values:

  • Task Definition Name: oneagent
  • Network Mode: host
  1. Scroll down to Volumes. Click Add volume and enter the following values:
  • Name: oneagent
  • Volume type: Bind Mount
  • Source path: /

Click Add to add the volume.

  1. Scroll to Container Definitions and click Add container. In the Standard section, enter the following values:
  • Container name: oneagent
  • Image: dynatrace/oneagent
  • Memory limits: as needed

Note: There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 256 MiBs), as it's less restrictive, but you can adjust this setting as needed.

  1. In the Advanced container configuration section, go to Environment. Make sure that Essential is selected.
    In Environment variables, define ONEAGENT_INSTALLER_SCRIPT_URL depending on how you connect to Dynatrace:
  • For SaaS: https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<pass_token>
  • For Managed: https://<your-domain>/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<pass_token>
  • For ActiveGate: https://<your-active-gate-ip-or-hostname>:9999/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>

Note: If you connect via an ActiveGate, you can skip the certificate check by adding the ONEAGENT_INSTALLER_SKIP_CERT_CHECK key with the value true.

  1. Optional Add OneAgent installer parameters.
    While still in Environment variables, you can customize your OneAgent installation by adding several OneAgent installer parameters in the command text box. Make sure to separate each parameter by a space. For example, --set-infra-only=true --set-app-log-content-access=false --set-network-zone=<your.network.zone>.

Note: Set the --set-network-zone=<your.network.zone> parameter if you want to configure network zones. See network zones for more information.

  1. Go to Storage and logging and enter the following values in Mount point:
  • Source volume: oneagent
  • Container path: /mnt/root
  1. Scroll down to Security and set the container to run in Privileged mode.

  2. Click Add to add the container definition.

  3. While still in the task definition, go back to Volumes and click Configure via JSON. Add the following two parameters at the root level (for example, before the "tags"):

"ipcMode": "host",  
"pidMode": "host",  

Click Save to save the JSON configuration.

  1. Click Create to save your task definition.

  2. In the Task definitions menu, select the newly created OneAgent task and then click Actions > Create service. This will create a service to run your task.

  3. In Configure service, enter the following values:

  • Launch type: EC2
  • Task Definition: oneagent
  • Service type: DAEMON
  • Service name: give a name to the the service.

Leave the rest of the settings set as they are by default. Follow the remaining steps until you reach and select Create service.

Once the service is created, the associated tasks will be executed. The oneagent service creates a task to deploy OneAgent on each container instance of your cluster.

You can see the container instances displayed on the ECS cluster dashboard, and the corresponding hosts in your Dynatrace monitoring environment.

ECS hosts

  1. After deploying OneAgent, restart the running application tasks to get service-level visibility.

Security implications

See Docker security implications for details.

Limitations

See Docker limitations for details.