When deploying plugins in Docker containers with Dynatrace OneAgent, you might encounter permission-related errors due to insufficient access to the Docker socket. This issue is indicated by errors in the OneAgent logs, such as:
ERROR_UNKNOWN, description=Docker API error. Docker setup is possibly not supported or plugin agent has not enough permission to access docker socket...
PermissionError: [Errno 13] Permission denied
This issue arises because the PluginAgent requires access to the Docker socket (/var/run/docker.sock) to communicate with the Docker daemon. If the PluginAgent lacks the necessary permissions, it cannot function properly.
To resolve this issue, ensure that you're running the plugin inside the Docker container has at least read/write access to the Docker socket. Alternatively, adding the user to the Docker group grants full access to the Docker daemon, allowing the plugin to communicate without permission errors.
Modify the permissions of the Docker socket to allow read/write access:
sudo chmod a+rw /var/run/docker.sock
Note: This approach makes the Docker socket accessible to all users and might pose a security risk.
- Add User to the Docker Group
A more secure approach is to add the user running the plugin to the Docker group:
sudo usermod -aG docker $USER
Replace $USER with the username of the user running the plugin. Then, restart the Docker service:
sudo systemctl restart docker
For more detailed information on managing Docker permissions and security, consult the Docker security documentation.
