CentOS 8.2.2004 and HCL Domino 11.0.1 FP2 and Sametime 11.5 Community Server Installation
Important Notes:
- We started this install from a VM template that already had the CentOS 8.2.2004 server OS and prerequisites already installed. So these instructions skip the prerequisite steps.
- We installed the same libraries needed for IBM Sametime 8.5 and Sametime 9. The installation gave us no errors, so there do not appear to be any new library prerequisites.
- We performed the Domino installation in console mode, and we performed the Sametime installation using the console.
- If you notice any errors, just us know using the Contact link at the top menu of this site.
CentOS installation and OS prerequisite steps are included in this document below.
______________________________
Domino 11.0 / 11.0.1 FP2
and Sametime Installation:
______________________________
Mongo Db Installation:
Added Mongo Community Edition to Ubuntu Repository:
Note: 11.5 MongoDB 4.2 Repo works. No longer have to install 3.6.x as a work-around.
$ sudo su
# vi /etc/yum.repos.d/mongodb-org-4.2.repo
Add the following content:
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
<esc>:wq to save
Install MongoDb:
$ yum install -y mongodb-org
Note:
The install command includes all the components specified individually in the our last MongoDB 3.6 work-around:
- mongodb-org-mongos
- mongodb-org-server
- mongodb-org-shell
- mongodb-org-tools
- python2
- python-libs
- python-pip-wheel
- python-setuptools-wheel
- python2-pip
- python2-setuptools
We did not lock MongoDB to the 4.2 release. To keep mongodb from being upgraded to 4.2, add the following to the yum exclude in /etc/yum.conf
# vi /etc/yum.conf
...
exclude=mongodb-org,mongodb-org-server,mongodb-org-shell,mongodb-org-mongos,mongodb-org-tools
...
<esc>:wq to save
# exit
Start MongoDB and verify running, set to start as service at boot-up:
$ sudo systemctl start mongod
Verify:
$ sudo systemctl status mongod
< review output >
$ sudo tail /var/log/mongodb/mongo.log
< review output >
$ sudo systemctl enable mongod
Enter the Mongo shell:
$ sudo mongo
Optional:
Disable the Cloud Free Monitoring Reminder (or enable if desired):
> db.disableFreeMonitoring()
or to enable: db.enableFreeMonitoring()
<note: Nothing is returned with the disable command>
Perform the Mongo.DB HCL db set-up:
> use admin
--> returned message: switched to db admin
Important: In the command below, update the mystpwd to the password you want Sametime to use.
> db.createUser({user: "sametimeUser", pwd: "mystpwd", roles:[{role:"readWrite", db:"chatlogging"},{ role:"readWrite", db:"mobileOffline"},{role:"userAdminAnyDatabase", db:"admin"}]})
--> returned message: Successfully added user: { ...
> exit
Restart the MongoDb service:
$ sudo systemctl restart mongod
Verify:
$ sudo tail /var/log/mongodb/mongo.log
< review output >
Create the sametime database and two collections:
> mongo
> use chatlogging
--> returned message: switched to db chatlogging. In Sametime 11.5, HCL's documentation has us initializing the Sessions and Events by inserting a dummy id instead of using db.createCollection().
> db.EVENTS.insertOne({"_id" : "dummy"})
--> returned message: { "acknowledged" : true, "insertedId" : "dummy" }
> db.SESSIONS.insertOne({"_id" : "dummy"})
--> returned message: { "acknowledged" : true, "insertedId" : "dummy" }
Create the sametime user and give it a password. Remember the password for in a later step.
> db.createUser({user:"sametimeUser", pwd:"mystpwd", roles:[{role:"readWrite", db:"chatlogging"},{role:"userAdminAnyDatabase", db:"admin"}]})
--> returned message: Successfully added user: { ...
Update the Mongo configuration /etc/mongod.conf to add replication and change the network settings.
$ sudo systemctl stop mongod
$ sudo vi /etc/mongod.conf
Updated the net section to bind to both the localhost and main server IP, it should look like this:
...
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,192.168.199.100
Update the replication section, currently commented out to look like this:
replication:
replSetName: rs0
...
If server is not behind a firewall, then enable security authorization for MongoDB. Uncomment the security heading, and updating the authorization to enabled:
security:
authorization: enabled
Save:
<esc>:wq to save
Notes:
The mongod.conf configuration file is YAML, it uses indentations to delineate what goes inside the line above it. Therefore, don't use tabs, and watch the number of spacebar hits. You may want to make one change at a time and restart the MongoDB after each change so you know which edit caused the server to fail.
The HCL installation document indicates to use BindIpAll. The documentation seems to hint that this is possibly equivalent to 0.0.0.0 which could make a wider attack vector for MongoDb. Therefore, we used a list above.
Restart the MongoDb service and check for errors
Restart the MongoDb service:
$ sudo systemctl start mongod
Verify:
$ sudo tail /var/log/mongodb/mongo.log
< review output. >
Note:
If there is an error, the error messages can be cryptic. If it is an exit-code 14, the error could be rights to the .socks file, and is not likely related to these configuration modifications. Instructions to workaround the sock issue:
$ sudo chown mongod:mongod /tmp/mongodb-27017.sock
Create the replica set:
$ sudo mongo
> rs.initiate()
You can confirm it with:
> rs.conf()
and
> rs.status()
> exit
Domino Installation:
Note; If the install properly detected that the server had no X11, it will be continued in console (terminal) mode.
1. Copy the installation files to the Domino server:
- Domino_1101_Linux_English.tar
- Domino_1101FP2_Linux.tar
2. Started SSH Terminal to server.
$ ssh myadmin@myserver.mindwatering.com
<enter password>
3. Performed the installation.
$ cd /home/myadmin/tmp/dom1101/
$ tar -xvf Domino_1101_Linux_English.tar
<watched files extracted>
$ cd linux64
$ sudo ./install
<go through the prompts>
- <Enter> to continue
- "0" to skip to end of HCL Master License Agreement
- "Y" to agree
- <Enter> to continue
- <Enter> for NO (Data Directories Only Partitioned Domino Server
- <Enter> to continue
- <Enter> for default: /opt/hcl/domino
- <Enter> to continue
- <Enter> to NO (partitioned server)
- <Enter> to continue
- <Enter> for nothing/null (Data Files Directory Name)
- User Name: notes
- Group Name: notes
- <Enter> to continue
- <Enter> for default: Manual
- <Enter> for default: Domino Enterprise Server
- <Enter> to continue
- <Enter> to continue after reviewing all questions answered
< wait for the install >
- <Enter> to exit the installer
Note:
- The steps/questions are the same. But the navigation is a bit different as the newer HCL installation program is InstallAnywhere. So you click <enter> instead of <tab> to accept a setting, and you have to use "0" to get to the end of the license fine print page.
- Since my server has been upgraded over the years, the executable path still shows an IBM based one. Update if yours if different. We also use /local/notesdata for our data path. Also, our Domino server user id is notes.
- If the Sametime server is also the "main" Domino server that manages the Domino Directory, you must start the server manually to answer "Yes". Major releases always have a directory upgrade, the server "hangs" waiting on the answer. So our first boot into 11 will be manually.
4. Start the server manually. (This assumes that you are upgrading/migrating, where a server.id and notes.ini have already been provisioned. If this is a new install, then start the server in listen mode, instead. )
$ su notes
$ cd /local/notedata/
$ /opt/hcl/domino/bin/server
< wait for boot. Answer "Yes" if this Domino instance is the Directory server, wait for server to "settle" for several minutes. >
- Important -
If you have an existing (old) ST server, create a replica of the vpuserinfo.nsf on the new Domino Sametime server using the Domino Admin client.
Caution: The uninstall will remove this file, though.
Shutdown the Domino service.
> q
5. Exit being the notes user, and start the server normally.
$ exit
- Important -
Install the Nashed scripts if not already done.
Once installed, enable and start the new Domino service
$ sudo systemctl enable domino.service
$ sudo systemctl start domino.service
Now that HCL Domino 11.01 is running okay, we'll updated to FP2.
$ sudo systemctl stop domino.service
< wait>
Change to the location of the FP2 tar file, and install:
$ cd /home/myadmin/tmp/dom1101FP1/
$ tar -xvf Domino_1101FP2_Linux.tar
<watched files extracted>
$ cd linux64
Note:
If the install path is not /opt/hcl/domino, then set the NUI variable like in previous upgrades:
# NUI_NOTESDIR=/opt/hcl/domino
# export NUI_NOTESDIR
$ sudo ./install
Follow the prompts.
Start the server manually, like above, or use the service to do so.
$ sudo systemctl start domino.service
Sametime Installation:
Transfer the Sametime installation file to the ST server. Open a terminal from WITHIN the GNOME Desktop
- Sametime_11.5_CommunityServer_Linux64.tar
$ cd /home/myadmin/tmp/st115/
$ sudo tar -xvf Sametime_11.5_CommunityServer_Linux64.tar
There are two directories produced.
The GSKit folder needed to encrypt ST communications.
(See our R9 docs on that process in this repository if needed. In our case, we reverted back to Domino Directory instead of LDAP.)
$ cd Server/
$ sudo chmod g+x install.bin
$ sudo chmod u+x install.bin
To install Sametime with the Gnome Desktop GUI:
$ sudo su
# ./install.bin
<wait for the installer console wizard to appear >
--> At the HCL Sametime Server 11.5 wizard first page, on the Choose Locale... page, choose the language option. For English, that's 3.
--> On the Introduction page, ignore the text -- did you remember to shut down the Domino service? -- if so, click <enter>.
--> On the License Agreement Page, click 0 to get to the bottom, click Y to accept the terms of the license agreement.
--> On the Choose Install Folder page, confirm the location /local/notesdata was populated successfully, click <enter>.
--> On the Domino Server information page, confirm the notes user, the notes group, and enter the FQDN of the Sametime server, e.g. myserver.mindwatering.net, click <enter>
--> On the Directory Selection page, choose Domino Directory, or if using a LDAP Directory, choose that, and enter the LDAP server and port, click <enter>.
--> On the License Information page, choose Standard, Limited, or Dynamic depending on what is licensed. The default is Standard. Since we are only setting up the Community server and the Proxy server, we will choose Limited, click <enter> or change number.
(Note: Do not choose Dynamic. As far as we can tell, the FlexNet server is not being used with Sametime 11.5. )
--> On the Pre-Installation Summary page, review, and click <enter>.
<wait>
--> On the completion page, it will say either Error or Success at the top, with some info in the middle.
Note:
- When the server is installed correctly, the stsetup_exit_status.txt file will have 0 as content.
- When there is an error, the top of the page will display Error, and give a link to the log file at /local/notesdata/stsetup.log.
Skip to Important down below.
ALTERNATE INFO for the Prompted Install Above:
The Sametime 11.5 tar file includes the install properties for a silent install. It can be used to enable and disable (by adding or removing the leading comment # characters).
Install with:
$ sudo su
# ./install.bin -i silent
Note:
- It will look for the installer properties file automatically. Alternately, you can use the -f flag to specify an alternate folder location.
- IMPORTANT -
Before starting the Domino services, update the chatlogging.ini file and the sametime.ini file:
# cd /local/notesdata/
$ su notes
$ vi chatlogging.ini
Confirm or update the CL_MONGO_PASSWORD= line to the sametime password noted above.
Save the file.
<esc>:wq
$ vi sametime.ini
Find the line VPS_ALLOWED_LOGIN_TYPES. If you have this line, add the client IDs 1312 and 12A2 to the existing list.
Find the line VPS_PREFERRED_LOGIN_TYPES. If you have this line, add the client IDs 1312 and 12A2 to the existing list.
Save the file.
<esc>:wq
Copy the existing users chat repository, vpuserinfo.nsf, to the new Sametime 11.5 /local/notesdata/ folder, if applicable.
Manually start the Domino Sametime server, look for any errors.
$ cd /local/notedata/
$ /opt/hcl/domino/bin/server
< wait for boot >
Quit the server:
> q
Restart the server again as a service
$ exit
# systemctl restart domino
Verify:
myserver.mindwatering.net/servlet/auth/admin
Confirm the services are running okay.
Note: The Configuration Bridge is okay to be not running.
______________________________
CentOS 8.2.x Linux
OS Installation
and Prerequisite Steps:
______________________________ Linux CentOS 8.2.x OS Install:
Create a new (empty) VM:
- 6.5 GB of memory with 1 Disk of 50 GB, and video memory of 16 MB for the X Windows system
Note: With only the CentOS 8 OS running (w/o X Windows GUI), the system used between 1.5 and 1.75 GB. So we added 4 GB to start for Domino and Sametime.
Attach the VM CDROM to the CentOS iso:
CentOS-8.2.2004-x86_64-Minimal.iso
Notes:
Obviously, you'll want to use the newest ISO for CentOS 8.
We also tried the CentOS-8.2.204-x86_64-boot.iso, and it worked just fine, too.
Start VM, and perform Installation:
At start page, selected top link: Install CentOS 8
On Welcome page, we took the defaults of English and English US, clicked Continue.
On Installation Summary page,
- kept Date &Time default, as it was correct.
- kept SOFTWARE SELECTION as Minimal Install, as it was correct.
- Select INSTALLATION DESTINATION
--> Click the Disk icon under Local Standard Disks. (Ours says VMware Virtual disk, sda / 50 GB)
--> Click Done.
- Select NETWORK and HOST NAME
--> At the top right, changed the ens192 NIC to On
--> At the bottom, enter the hostname AND domain: myserver.mindwatering.net, click Apply
--> Clicked Configure and set-up for a static/Manual IP
- - - - IP Address: 192.168.199.100
- - - - Netmask: 24
- - - - Default Route: 192.168.199.1
- - - - DNS: 192.168.199.1 123.123.123.1
- - - - Search Domains: mindwatering.net
- - - - click Save
--> Back in the NETWORK & HOST NAME page, click Done.
With all the warning caution triangles removed/completed, click Begin Installation.
While the installation is going, under USER SETTINGS, click ROOT PASSWORD.
--> Enter the root user password in the Root Password field, enter it again in the Confirm field.
--> You can create the Domino server notes user now, or do it later. To do it now, click USER CREATION.
- - - - Fullname: notes
- - - - User name: notes
- - - - Password: *************
- - - - Confirm password: *************
- - - - (Leave checked the checkbox for Require a password to use this account. Leave unchecked the checkbox for Make this user administrator)
- - - - click Done
- - - > click Finish configuration
When done, click Reboot.
Notes:
Update the network settings to what's needed for your installation.
For the Installation Destination, we typically have one disk for the OS, we add a second disk for /local/notesdata, and others for anything else needed for the box. (e.g. another one for transaction logs, and one for DAOS).
Perform Domino Prerequisite Tasks:
After install first reboot, login as root, and update the system:
# yum update
< waited >
# yum autoremove
Install Open VMTools if Using VMware VM:
CentOS doesn't install the VMware/OpenVM tools automatically like in Ubuntu. Install the open-vm tools with:
# yum install open-vm-tools
< click y, to the request to install the RPG certificate key to trust the repository >
Start the tools (ours was not running):
# systemctl enable vmtoolsd
# systemctl status vmtoolsd
# systemctl start vmtoolsd
Install OpenSSH Server:
To remotely manage the server, and to transfer files to it, install the OpenSSH server:
# yum install openssh-server
Note: Installation of openssh-server not needed. Already installed.
Security/Limits File Updates:
Edit /etc/security/limits.conf using root and add or modify the lines:
notes soft nofile 65535
notes hard nofile 65535
(Use 65535 for 64 bit Linux for both soft and hard limits, per HCL 2019/12. )
Update SELINUX:
$ vi /etc/selinux/config
Change to SELINUX=disabled and save.
(<esc> :wq <enter> to save)
Time Server Sync:
(optional) Set up NTP if not using VMware Tools or OpenVM tools to sync time:
$ ntpdate pool.ntp.org
$ chkconfig ntpd on
64-bit Packages for Domino and Sametime:
Notes:
If you didn't install "minimal", and instead installed the "X-Windows" Desktop version of CentOS 8.2, it appears that almost all the pre-requisite packages for the Domino installation were already installed in CentOS 8. Since HCL is morning towards console only for Linux-based installations, we install the Linux GUI when someone would prefer to have it.
As the Domino install via console mode requires perl, verify it's installed. We chose to confirm by installing rather than to run perl and check its version.
# yum install perl
The following were already installed; these can be skipped:
# yum install glibc
# yum install libgcc
# yum install libstdc++
For the X-Windows Desktop install, the following are all installed; these can be skipped:
# yum install libXtst
# yum install libXmu
# yum install libXft
# yum install libXi
# yum install libXp
Setup the Domino User Account:
Skip the useradd step if you set up the notes user during the install, but do the DOMINO_LINUX_SET_PARMS and the /local/notesdata steps still.
Create the notes (domino) user. Leave alone the opt/hcl/domino path so it owned/signed by root, but change the ownership of the /local/notesdata folder so that is is owned by the notes server user.
# useradd -d /home/notes -m notes
- or to include a specific UID ID -
# useradd -d /home/notes -m notes -u 1008
Set the password:
# passwd notes
Set up the notes user to use DOMINO_LINUX_SET_PARMS:
# vi /home/notes/.bashrc
Add to the end of the file: export DOMINO_LINUX_SET_PARMS=1
Create the installation Domino data notesdata folder. We use /local/notesdata.
(For a new CentOS 7.7 install, we had to create the /local folder, in addition to the /local/notesdata folder.)
# cd /
# mkdir local
# cd /local
# mkdir notesdata
# chown -R notes /local/notesdata/
# chgrp -R notes /local/notesdata/
# chmod -R g+w /local/notesdata/
Open the Domino and Sametime Firewall Ports:
CentOS 7 uses FirewallD.
If you are not using the Domino Java Controller, leave off 2050. There are other ports to add if you are running multiple SameTime Domino servers (e.g. 1533, 1516, 9092, 9094, 8082).
Add required ports for your install, similar to:
# firewall-cmd --zone=public --add-port=1352/tcp --permanent
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --zone=public --add-port=993/tcp --permanent
# firewall-cmd --zone=public --add-port=2050/tcp --permanent
# firewall-cmd --zone=public --add-port=1533/tcp --permanent
in this example we restrict SSH and e-mail to internal networks only ...
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.199.0/16" port protocol="tcp" port="22" accept"
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.211.0/28" port protocol="tcp" port="25" accept"
# firewall-cmd --reload
Confirm loaded and running:
# firewall-cmd --state
Other Misc Steps:
If running multiple IPs, update the network configuration with second ethernet.
Update /etc/hosts:
Notes:
- Watch out for the GUI (desktop) tool to wipe out /etc/hosts and the 127.0.0.1 loopback address!
- If a second line has been added for 127.0.1.1, comment it out with a # in front of the line. That messes up the server.
- Add a new line with the server's internal IP and FQDN and simple hostname:
# 127.0.1.1 myserver
192.168.199.100 myserver.mindwatering.net myserver
Save the file and exit. <esc> :wq.
If the /local/notesdata/ is a second virtual (or real) disk and you need to mount it, update /etc/fstab.
e.g. /dev/sdb1 /local/notesdata ext4 defaults 1 1
Verify that postfix is not running or enabled. If so, disable it.
e.g.
# systemctl status postfix
< received active status>
# systemctl stop postfix
# systemctl disable postfix
Install Domino Start-up Scripts:
Request the service from Daniel Nashed's web site. When you receive it, uncompress the archive and run the install.
$ cd /home/myadmin/tmp/domsvc/
$ sudo tar -xvf start_script_331.tar
$ cd start_script
$ sudo su
# ./install_script
< monitor >
# exit
Afterwards, you can:
$ sudo systemctl enable domino.service
$ sudo systemctl start domino.service
Note: So not to compete with HCL's path, the executable script path is /opt/nashed.
Installing a Desktop on CentOS 8.2.x Minimal:
Notes:
- It is not required, but some of us prefer to have a GUI. To add one to a minimal install:
# yum groupinstall "X Window System" -y
# yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts
# yum groupinstall fonts
# startx
< gnome booted successfully. Clicked the Power symbol (upper right) to restart the server.>
(Optional) Login as root, and set the GNOME Desktop to be loaded instead of the terminal prompt as desired.
# systemctl set-default graphical.target
Note:
For a manual run, systemctl isolate graphical.target, is used to still default to terminal, but give option to boot to GUI.
The GNOME default 800x600 resolution isn't big enough for installation screens. Increase it:
Applications --> System Tools --> Settings
In the Settings dialog, scroll down and choose Display
Change the Display Resolution field to something bigger but smaller than the average admin's monitor resolution. We choose 1280x800 (16x10). Click Apply.
Click the Keep Changes button in the dialog. (If don't click it, the system will think you cannot, and revert to previous resolution.)
Close the dialog to return to the GNOME desktop.
previous page
|