Build Pipeline
Three steps to get your extension into Dynatrace:
- Lint โ Validate your YAML for errors before building
python3 validate_extension.py ext/ - Assemble โ Package extension.yaml + MIBs into a zip
dt ext assemble --source ext/ --output extension.zip - Sign โ Digitally sign the package with your developer certificate
dt ext sign --src extension.zip --key developer.pem --output bundle.zip
Install dt-cli
python3 -m venv /tmp/dtcli-venv
/tmp/dtcli-venv/bin/pip install dt-cli
export PATH="/tmp/dtcli-venv/bin:$PATH"
Generate Certificates
# CA certificate (one-time)
dt ext genca --no-ca-passphrase
# Developer certificate
printf "Your Name\n" | dt ext generate-developer-pem \
--ca-crt ca.pem --ca-key ca.key -o developer.pem
Upload to Dynatrace
# Upload the CA cert to credential vault (one-time per environment)
# Do this in the Dynatrace UI: Settings โ Credential Vault โ Add certificate
# Upload extension via API
curl -X POST "${DT_ENV_URL}/api/v2/extensions" \
-H "Authorization: Api-Token ${DT_API_TOKEN}" \
-F "file=@bundle.zip"
# Or via dt-cli
dt ext upload bundle.zip --dtUrl "${DT_ENV_URL}" --apiToken "${DT_API_TOKEN}"
โ ๏ธ The CA certificate must go to BOTH the credential vault AND the ActiveGate filesystem (/var/lib/dynatrace/remotepluginmodule/agent/conf/certificates/). Missing either = extension won't activate.
Extensions API Lifecycle
Step API Call Purpose
โโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโ
1 POST /api/v2/extensions (multipart) Upload extension zip
2 GET /api/v2/extensions/{name} List versions
3 POST /api/v2/extensions/{name}/{ver}/envConfig Activate version
4 POST /api/v2/extensions/{name}/monitoringConfigs Add monitoring config
5 GET /api/v2/extensions/{name}/{ver}/envConfig Check status
๐ก Sprint environments require custom: prefix for non-Dynatrace extensions. Production environments don't.
โ ๏ธ Upload ca.pem to BOTH the Credential Vault AND the ActiveGate certificates directory. Miss either one and your extension won't load.
Upload to Dynatrace
curl -X POST "https://YOUR-ENV.live.dynatrace.com/api/v2/extensions" \
-H "Authorization: Api-Token YOUR-TOKEN" \
-F "file=@bundle.zip"
๐ก Dynatrace stores up to 10 versions. Bump version: in extension.yaml before each upload. You can activate any stored version.
Pre-Deploy Checklist
| Check | What to Verify | Common Mistake |
|---|---|---|
| โ Lint passes | 0 errors from validate_extension.py | Ignoring DED018 cross-table warnings |
| โ Metric keys match | snmp: keys = metrics: keys | Typo in one section, metric never appears |
| โ Screen card keys | Layout keys = chartsCards/entitiesListCards keys | Card shows blank because key doesn't match |
| โ MIBs bundled | Vendor MIBs in snmp/ directory | Works in dev (MIB cached), fails on customer AG |
| โ CA cert uploaded | Credential Vault + ActiveGate filesystem | Uploaded to vault only, AG rejects signature |
| โ API token scope | extensions.write scope on token | Using metrics.read token for upload |
What's Next
๐ You've completed the SNMP track! Continue to Python Extensions to build custom integrations, or jump to Production Skills for alerts and validation.
๐ Hands-On Exercise
Edit the YAML, then click "Check My Work" to validate.
This extension has a screen card overview referenced in the layout but the chartsCards key is device_overview โ a mismatch. Fix the key so they match.