Customize installation for Dynatrace Managed
You can use command line parameters to override some default settings or to upgrade Dynatrace Managed.
By default you don't need to use any parameters to install Dynatrace Managed. The installer works in interactive mode. It asks you either to confirm the default settings or provide your own values. The values you enter during installation always take precedence. They override command line parameter values as well as default values.
When you run the installer in interactive mode with command line parameters, the parameter values are presented as prompts (instead of defaults). If you enter any values at this point, they will take precedence.
To install Dynatrace Managed in non-interactive mode with default settings, use the --install-silent
parameter. Remember to use --license
to provide the license key that we sent you.
What are the default settings?
- Installation path (binaries):
/opt/dynatrace-managed
Path restrictionStarting with Dynatrace Managed 1.216, do not use
/opt/dynatrace
as an installation path for Dynatrace Managed binaries. - Dynatrace Server data files:
/var/opt/dynatrace-managed
- The system user who runs Dynatrace processes:
dynatrace
- The system group who runs Dynatrace processes:
dynatrace
You can use the help
parameter from the command line to list all available command line options of the Dynatrace Managed installer. As root, type:
[root@localhost]# ./dynatrace-managed-installer.sh --help
See below the supported command-line parameters for the Dynatrace Managed installer.
Initial configuration parameters
The following environment and admin-user attribute parameters should be used for initial server configuration. When specified, the installer will generate an authentication token for the public REST API following successful installation and cluster registration.
--initial-environment <name>
Use this parameter to specify the name of the environment.
--initial-first-name <name>
Use this parameter to specify the administrator's first name.
--initial-last-name <name>
Use this parameter to specify the administrator's last name.
--initial-email <email>
Use this parameter to specify the administrator's email.
--initial-pass <pass>
Use this parameter to specify the administrator's password.
Installation mode parameters
You can run the Dynatrace Managed installer in any of the following modes:
--install
This is standard, interactive installation.
--install-silent
Use this parameter to install with default settings in non-interactive mode. You can use this parameter to automate Dynatrace Managed installation. You can use other command line parameters to bypass some of the default settings.
--install-new-dc-silent
This parameter can only be used in Premium HA mode. You can use this parameter to automate Dynatrace Managed installation in a new data center. You can use other command line parameters to bypass some of the default settings.
--upgrade
Starts the upgrade process. Use this parameter if you want to start Dynatrace Managed upgrade from the command line.
--system-check
Use this parameter to check if the machine and operating system fulfills the requirements of the new version.
--restore
Restores Dynatrace Managed installation from the backup file referenced by the --backup-file
parameter. Backup is performed by Dynatrace Managed on a daily basis once you've enabled and configured backup on Dynatrace Managed.
--reconfigure
Reconfigure existing installation using setup parameters.
--uninstall
Safely uninstalls Dynatrace Managed.
--self-check
Use this parameter to verify that the installer file isn't corrupt.
--backup-file <path>
When restoring: full path to backup file with configuration and data.
--timeouts <component:value, ..>
Use this parameter to lengthen timeouts for specified components. Example use cases:
- You find out that a specific component requires a longer timeout; for example, your OS firewall startup requires a few minutes.
- You have many tenants, so you need more time for Server startup.
--drop-x-forwarded-for
Dynatrace uses the X-Forwarded-For header for various features (for example, logging). While we don't make any security-related decisions based on the values of these headers, they should be handled according to the security best practices. Not following these practices might result in displaying and logging incorrect data—if a potential attacker added manipulated X-Forwarded-For headers to requests that are sent to the Dynatrace application.
The outermost reverse proxy from which Dynatrace can be accessed must be configured as detailed below.
- All requests that target Dynatrace are stripped from all X-Forwarded-For headers.
- The following request paths are to be excluded from this behavior. Requests to these paths should be allowed to keep X-Forwarded-For headers as the related features require those headers.
/bf
/mbeacon
/communication
The Nginx proxy installed with Dynatrace Managed follows these rules by default. However, this behavior can be turned off during installation if Nginx is not the outermost proxy from which clients access Dynatrace. In this case, the outermost proxy must be configured manually.
proc
Base timeout in seconds. This value is added to the component-specific timeouts listed below for Nodekeeper, Cassandra, Elasticsearch, Server, ActiveGate, and NGINX.
ndk
Nodekeeper startup process timeout seconds = proc
+ ndk
cas
Cassandra startup process timeout seconds = proc
+ cas
els
Elasticsearch startup process timeout seconds = proc
+ els
srv
Server startup process timeout seconds = proc
+ svr
ag
ActiveGate startup process timeout seconds = proc
+ ag
ngx
NGINX startup process timeout seconds = proc
+ ngx
fw
Firewall startup process timeout seconds = fw
Setup parameters
You can change the installation path and other settings using the following parameters:
Binaries
--binaries-dir <path>
Full path to the Dynatrace binaries directory.
Using this parameter with SELinux enabled requires the semanage utility to be available on your system.
Default value: /opt/dynatrace-managed
Licensing
--license <license-key>
Use this parameter to provide the license key you obtained from the Dynatrace team.
--license-file <path>
Dynatrace license file, used when license key is not provided.
Datastore
If you have SELinux enabled, the following parameters require the semanage utility to be available on your system.
--datastore-dir <path>
Default value: /var/opt/dynatrace-managed
Full path to the Dynatrace installation space directory. We recommend that you use a dedicated drive or partition for this directory. Only Dynatrace data that isn't configured in other stores is kept here. If you don't configure specific paths for any of the other data stores, all Dynatrace data will be kept here.
--rpl-datastore-dir <path>
Default value: /var/opt/dynatrace-managed/server/replayData
Full path to Dynatrace session replay store. Default is /opt/dynatrace
.
--cas-datastore-dir <path>
Default value: /var/opt/dynatrace-managed/cassandra
Full path to the Dynatrace metrics repository directory. If you specify this location, metrics data will be kept here instead of in the main data location.
--els-datastore-dir <path>
Default value: /var/opt/dynatrace-managed/elasticsearch
Full path to Dynatrace Elasticsearch store directory.
--svr-datastore-dir <path>
Default value: /var/opt/dynatrace-managed/server/
Full path to Dynatrace raw transaction store directory. If you specify this location, raw transaction data will be kept here instead of in the main data location.
System user
To make the configuration as secure as possible, Dynatrace creates a unique Linux system user of Dynatrace Managed services.
The system user:
- Gets only the read, write, and execute permission to the files needed,
- Has no home directory,
- Has a
nologin
shell, - Has a disabled login
These measures prevent users from signing in and storing files. If system security is compromised, such preventive measures limit the number of actions an attacker can perform. If you decide to use a default user account, we recommend that you set it up with the above principles in mind.
The following parameters specify a system user who is authorized to run Dynatrace processes.
-
--system-user <user:group>
The user name and group name of the system user who is authorized to run Dynatrace processes.
The default value isdynatrace:dynatrace
. -
--system-user-id <UID:GID>
The user ID and group ID of the system user who is authorized to run Dynatrace processes.
The default value is1011:1011
.
You can specify one or both parameters.
- The user/group name and user ID/group ID must be the same on all cluster nodes to ensure proper access to shared storage (for example, backup).
- If you specify the user and group parameter and override the default settings, your modified values will automatically propagate as the new default value to subsequent nodes added to the cluster.
Connectivity to Mission Control
--network-proxy
If your machine uses a network proxy to connect to the Internet, put the address here in the following format: protocol://[user:password@]server-address:port
. The default value is none
.
--network-proxy-cert-file
If your machine uses a network HTTPS proxy with self-signed certificate, you have to extend trusted certificates store. Full path to a public SSL certificate file in PEM format should follow that parameter.
--registration-token
Token used for registration in Mission Control (optional for regular installation).
Cluster
--cluster-ip
If your machine has more than one network interface you need to decide which network interface will be used for Dynatrace Cluster traffic and put its IP4 address here.
--cluster-nodes <id:ip, ..>
You can specify the node ID with the IP address. Use this when you restore a cluster and you must attach a replacement node that has a different IP address than the original.
--seed-ip <ip>
IPv4 address of the seed node in the cluster.
--seed-auth <auth-token>
Authentication token for connection to seed node. You'll find this after logging into the seed node, on the Download node installer page. This token is valid for three hours.
--rack-dc <dc>
For rack aware deployments, provide the data center that contains the rack where you want to add the node.
--rack-name <rack>
For rack aware deployments, indicate the name of the rack to which the node is to be added.
OneAgent
--install-agent <on|off>
Enable/disable installation of self-monitoring OneAgent. The default value is on
.
--agent-system-user <user:group>
name:group of system user who should run self-monitoring agent. Use only if default user for agent cannot be used.
--agent-dir <path>
Allows installation of self-monitoring OneAgent to a different directory. For example, on Linux: /bin/sh Managed-installer.sh --agent-dir /opt/dt/self-monitoring
.
With --agent-dir
set to /data/dynatrace/
, the installer creates the symbolic link /opt/dynatrace/oneagent
-> /data/dynatrace
and all OneAgent files are placed into the specified directory (in this example, /data/dynatrace
). Note that this symbolic link needs to be removed manually, once OneAgent has been uninstalled. Using this parameter on Linux when SELinux is enabled requires the semanage
binary to be available on your system.
SSL certificates parameters
Command line parameters can also help you install or update SSL certificates on Dynatrace Managed. For more information on installing fully-qualified digital certificates, see Can I use my own SSL certificate?
--ssl-protocols "<protocols>"
Space-separated list of protocols accepted by SSL connections. Replaces the default list.
--ssl-ciphers "<ciphers>"
Definition of ciphers accepted by SSL connections. Replaces the default definition. This definition must first be validated with an openssl ciphers
command.
--ciphers-autoupdate <on|off>
Enable/disable cipher auto-update, which sets default values for protocols and ciphers accepted by SSL connections on each upgrade/reconfiguration. The default for new nodes is on
.
Other
--hosts <on|off>
Enable/disable altering of /etc/hosts
file. The default is on
.
--sudo-cmd "<cmd>"
Command that should be used for executing system commands with superuser privileges. Should contain the variable $CMD
(typed as \$CMD
). By default the following is used: /usr/bin/sudo \$CMD
. For example:
dynatrace-managed.sh --sudo-cmd "/usr/bin/pbrun \$CMD"
--no-start
(Upgrade only)
Use this parameter when you don't want Dynatrace Managed to start immediately following an upgrade.
--unregister
Use this parameter when uninstalling a cluster to unregister the cluster and release license from Mission Control.
--version
Print version information.
--tmp-dir <path>
Full path to the directory for installer temp files.