Plugins installed in Docker container required permissions for OneAgent

darynakovyrina — Thu, 11 Apr 2024 14:48:54 GMT

When deploying plugins in Docker containers with Dynatrace OneAgent, you might encounter permission-related errors due to insufficient access to the Docker socket. This issue is indicated by errors in the OneAgent logs, such as:

ERROR_UNKNOWN, description=Docker API error. Docker setup is possibly not supported or plugin agent has not enough permission to access docker socket...
PermissionError: [Errno 13] Permission denied

This issue arises because the PluginAgent requires access to the Docker socket (/var/run/docker.sock) to communicate with the Docker daemon. If the PluginAgent lacks the necessary permissions, it cannot function properly.

To resolve this issue, ensure that you're running the plugin inside the Docker container has at least read/write access to the Docker socket. Alternatively, adding the user to the Docker group grants full access to the Docker daemon, allowing the plugin to communicate without permission errors.

Grant Read/Write Access

Modify the permissions of the Docker socket to allow read/write access:

sudo chmod a+rw /var/run/docker.sock

Note: This approach makes the Docker socket accessible to all users and might pose a security risk.

Add User to the Docker Group

A more secure approach is to add the user running the plugin to the Docker group:

sudo usermod -aG docker $USER

Replace $USER with the username of the user running the plugin. Then, restart the Docker service:

sudo systemctl restart docker

For more detailed information on managing Docker permissions and security, consult the Docker security documentation.

article Plugins installed in Docker container required permissions for OneAgent in Troubleshooting

Plugins installed in Docker container required permissions for OneAgent