Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

DNUG Domino 11 First Look Presentation

Daniel Nashed  2 December 2019 09:10:21

At DNUG Domino Day last week Ulrich Krause and myself presented a First Look into Domino 11.

We also had Uffe Sorensen from HCL presenting about the new license model which will be presented at the Lauch event later this week.
Among other features our presentation also contains the technical part of the new license check routines for Domino 11.
Domino 11 will introduce FlexNet licensing. HCL wants customers to already configure it when possible to get feeback.
But it isn't mandatory yet and you will only need it when you are on the new license model!

The FlexNet integration in 11.0.0 will be a first start and HCL is working on updating and extending it in Domino 11.0.1
Right now only the integration with the Cloud License Server (CLS) is supported.
There is also a Local License Server (LLS) provided by FlexNet. But the LLS support isn't part of 11.0.0.

Here is a link to our slides.

https://www.slideshare.net/daniel_nashed/dnug-hcl-domino-11-first-look

-- Daniel

Last Call for Domino Day 2019 next week

Daniel Nashed  21 November 2019 08:56:43
Bis zum offiziellen Launch-Day für Notes/Domino 11 live aus Tokio am 4.12 ist es nicht mehr lange.
Der DNUG Domino Day wird schon ganz im Zeichen von Notes/Domino 11 stehen.


Für die technischen Sessions haben wir die Freigabe die Beta-Version zu zeigen und aus unseren Erfahrungen zu berichten!

Dabei ist mir gerade aufgefallen, daß die drei aktivsten Betateilnehmer weltweit DNUG-Mitglieder sind..

Danke nochmal von meiner Seite auch als DNUG Domino Fachgruppenleiter an Ulrich Krause und Christian Henseler!!


Ich denke wir werden neben interessanten Sessions auch interessante Diskussionen haben.
Dafür haben wir am Ende extra eine Session für Fragen an HCL und die Fachgruppe.

Denn selbst für uns, die wir im Betaprogram aktiv sind, gibt es noch offene Fragen.


Bei den geplanten Änderung in der Lizensierung und dem Flexnet-Lizenzmanagement, gibt es einige Unsicherheit, weil es noch keine greifbaren Informationen gibt.

Daher haben wir Uffe Sorensen (HCL Global Director of CWP Strategy) eingeladen. In Uffe's Session geht es genau um dieses Thema!


Den technischen Umsetzungs-Teil von Flexnet werden wir in unserer Domino Session erklären. Ich hatte die Chance die Flexnet-Anbindung schon im Detail zu testen und entsprechendes Feedback zu geben.


Ich freue mich besonders auch, daß wir Thomas Hampel (HCL Senior Regional Director, Products and Platforms) als Keynote-Sprecher dabei haben.
Damit haben wir dieses Jahr eine fast ganz deutschsprachige Agenda und Thomas hat nicht nur die Produkt-Offering-Brille auf, sondern ist auch technisch involviert (siehe z.B. unser gemeinsames Domino Docker Projekt -->
https://github.com/IBM/domino-docker).

Ich freue mich schon auf den Domino Day -- dieses mal in Köln um die Ecke von TIMETOACT, die der DNUG auch am Vortag am Kölner Standort mit einem Raum für die DNUG Jahresplanung unterstützt.


Link zum Domino Day -->
https://dnug.de/domino-day-2019/

Ciao und ich freue mich viele von Euch nächste Woche zu sehen!



Daniel


PS: Am Abend davor ist die 25 Jahre DNUG Feier in Köln. Alle DNUG Mitglieder und Teilnehmer des Domino Days, sind herzlich eingeladen!

Creating JSK for a Java based web server

Daniel Nashed  27 October 2019 23:27:38
This weekend I have been looking into setting up a Flexnet server, which is based on a Java process that needs a certificate.
The server uses the Java Key Store format (JKS) which isn't obvious to create form an existing certificate.

It's easier when you have an existing store. But for a server you usually need a new JKS file.


I found a quite straight forward but not obvious path.


This might be also interesting for other applications. That's why I am posting it here. Having that information would have saved me an hour of research.

-- Daniel



Convert PEM into P12


In many cases you have a PEM file with the key, leaf certificate, intermediate certs and the trusted root.

This can be converted to a pkcs12 (aka as p12) file. This format can be used by many web-servers. But like Domino needs it's own keyring format, Java needs the JKS format.


openssl pkcs12 -export -out lls.p12 -in lls.pem -password pass:mypassword



Import p12 into a new JKS


Once you created a p12, the Java keytool can convert the p12 into a JKS.
This step creates a new JKS file with all the information from the p12 file :-)

keytool -importkeystore -deststorepass mypassword -destkeystore lls.jks -srcstorepass mypassword -srckeystore lls.p12 -srcstoretype PKCS12


That's a quite straight forward way, which can be used to automate the process.

Show Certs


Once you have created the JKS, you can dump all information from the JKS file to check it's all included.

keytool -list -keystore lls.jks -storepass mypassword -v



"Locale" issue on Linux CentOS & RHEL

Daniel Nashed  26 October 2019 18:40:14

"Locale" issue on Linux CentOS & RHEL



I ran into this with Domino on Docker. I noticed that the locale settings have not been detected correctly by Domino when running on CentOS with the German locale.

It turned out that this is a more general issue on Docker with other locales than LANG=C or LANG=en_US.UTF-8


There are differences between CentOS/RHEL 7 and the new version 8 where the language support in glibc has changed!


The issue in version 7 only impacts Docker environments. But with the new language handling in CentOS/RHEL8 this also impacts native applications on Linux.


When the locale is broken you see following error messages when checking the "locale":


export LANG=de_DE.UTF-8

locale

locale: Cannot set LC_CTYPE to default locale: No such file or directory

locale: Cannot set LC_MESSAGES to default locale: No such file or directory

locale: Cannot set LC_ALL to default locale: No such file or directory

LANG=de_DE.UTF-8

LC_CTYPE="de_DE.UTF-8"

LC_NUMERIC="de_DE.UTF-8"

LC_TIME="de_DE.UTF-8"

LC_COLLATE="de_DE.UTF-8"

LC_MONETARY="de_DE.UTF-8"

LC_MESSAGES="de_DE.UTF-8"

LC_PAPER="de_DE.UTF-8"

LC_NAME="de_DE.UTF-8"

LC_ADDRESS="de_DE.UTF-8"

LC_TELEPHONE="de_DE.UTF-8"

LC_MEASUREMENT="de_DE.UTF-8"

LC_IDENTIFICATION="de_DE.UTF-8"

LC_ALL=



CentOS 7 / RHEL7


It took a while to figure out why this is happening. And it turned out that for Docker the CentOS base image does only contain English in the glibc package.


There is a setting in /etc/yum.conf which causes that only the English locale is installed -apparently to save a bit of storage (it's not really much..).


The solution is to remove the following line from /etc/yum.conf


override_install_langs=en_US.utf8



Afterwards to reinstall the glibc-common. In some cases that doesn't work and you need to update it instead


yum reinstall -y glibc-common  
or  yum update -y glibc-common

For our Docker project this means we have to change the setting during the Docker build process and than update the glibc-common package.

In CentOS /RHEL 7 this only affects Docker and I have seen the discussion about this issue in the Docker community.
But I didn't find any solution. So I am documenting it in my blog to make it searchable.



CentOS/RHEL 8


With CentOS/RHEL 8 they have completely changed the way language support in glibc is handled.

This does not only affect Domino on Docker but also natively installed.


There is an interesting article about it on the RedHat website:


https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/installing-using-langpacks


They are mentioning a glibc-all-langpacks
which can be used instead of the smaller package glibc-minimal-langpack which is installed by default.

But even when installing this package you don't get all the languages installed. Instead this is the packet which sort of manages the other languages you can install.

There is an alternate solution to install glibc langauge packs (also mentioned in the article) but that's not recommended because it is slower as they say.

So what you need to do when you want to install additional languages is to first install the language packs named for example langpacks-en and than install glibc-all-langpacks
.

yum install -y langpacks-en langpacks-de glibc-all-langpacks


Only with this combination your locale works as expected and the "locale" command does not complain about missing files.


For Docker we will take care about this in the Docker Project. We will have to see which languages we install by default in future with CentOS 8 (it's not yet supported by Domino).

But for CentOS 7 we will just update the glibc-common package as described above.



-- Daniel



DNUG Domino Day 28.11.2019 in Köln

Daniel Nashed  18 October 2019 10:28:05

DNUG Domino Day 2019 in Köln

Auch in diesem Jahr haben wir wieder einen Domino Day organisiert.
Dieses Jahr im Herzen von Köln am Mediapark am Donnerstag, 28. November 2019.

Im Fokus der Veranstaltung steht das anstehende Release von Domino V11 und auch die neuesten Informationen von HCL zu Lizenzen und Support.
Es geht aber genau so um Neuerungen bei allen anderen Produktion, die in den Themenbereich der Fachgruppe fallen.

Die Anzahl der Teilnehmer ist auf 70 Plätze beschränkt. Daher macht es Sinn sich frühzeitig anzumelden!

Anmelde-Link --> https://www.eventbrite.de/e/domino-day-2019-tickets-70041755777

Ich denke wir haben wieder interessante Themen dabei und es hat sich einiges seit der letzten Konferenz/dem letzten Domino Day getan.
Und wir haben extra auch eine Session zum Thema Lizenzierung und Neuerungen/Änderungen im Bereich Support&Downloads aufgenommen, da ich dazu im meinem Blog und auch offline viele Fragen bekommen habe.

Gegen Ende gibt es vor einer Drink Receiption von TIMETOACT, noch eine Frage-Runde mit HCL, wo Ihr alle offenen Fragen loswerden könnt, die Ihr bis dahin noch nicht beantwortet bekommen habt.

Danke an Christoph Adler und Manfred Lenz als meine Fachgruppen-Kollegen bei der Unterstützung :-)

Ich freu mich viele von Euch zu sehen!

Ciao

Daniel

Aktuelle Agenda

09:00 – 09:15 Uhr
Begrüßung
FG-Domino: Daniel Nashed, Christoph Adler, Manfred Lenz

09:15 – 10:15 Uhr
Keynote: Strategy & Roadmaps Notes / Domino / Nomad (ggf. auch Sametime / Connections / VoP)
HCL

10:15 – 10:30 Uhr
Kaffeepause


10:30 – 11:30 Uhr
HCL Nomad
Detlev Poettgen, Christoph Adler

11:30 – 12:00 Uhr
HCL Update – Lizenzen, FlexNet (Support & Downloads) & Co.
Uffe Sorensen – HCL

12:00 – 13:00 Uhr
Mittagspause


13:00 – 14:00 Uhr
Notes V11 & VOP 1.0.8 – What’s new
Manfred Lenz, Christoph Adler

14:00 – 14:30 Uhr
Kaffeepause


14:30 – 15:30 Uhr
Domino V10 & 11 Session – What’s new & Lessons learned & Docker
Daniel Nashed

15:30 – 16:15 Uhr
AppDevPack & DQL – What’s new & Lessons learned
Stefan Neth

16:15 – 17:00 Uhr
Fragen & Antworten
DNUG-Fachgruppe & HCL

ab 17:00 Uhr
Ausklang & Drink Reception
sponsored by TIMETOACT
Termin

Donnerstag, 28.11.2019
9 – 17 Uhr
Ort

STARTPLATZ Köln
Im Mediapark 5
Raum Barcelona, 1. OG
50670 Köln
Anmeldung


    CentOS 8 Released

    Daniel Nashed  5 October 2019 15:55:47
    RHEL 8 is available for a while. And traditionally CentOS takes a couple of month before it is also updated to the same code base.

    I have downloaded and installed CentOS 8. The first version was the full version. There wasn't a minimum base image yet.

    Be aware that neither CentOS 8 nor RHEL 8 nor SLES 15 SP1 are currently supported!
    There are even packages which have older versions in CentOS 8 than the last updated of CentOS 7!
    For example I tried to install the latest Docker CE version 19.09. It needs a newer containerd.io version than what is currently shipped on CentOS 8.
    So I would stay with your current releases for now!

    Of course I have looked into SLES 15 SP1, RHEL 8 and CentOS 8 with Domino to see if it works.
    I don't think it makes sense to look into Domino 10 support for those platforms. I would expect an updated Linux version support for Domino 11.

    On the Docker side I ran into an issue preparing demons on a different machine.
    When you pull a centos:latest image today, you will get centos 8 which isn't working with the current dockerfiles which ships with the master version of the Docker project.
    We have updated the develop branch of the project already with a changed dependency:

    FROM centos:7 will continue provide the latest image of CentOS 7.

    So the project has been updated with another currently experimental dockerfile to build Domino on CentOS 8 for testing.

    But I can only recommend that you stay on CentOS 7 for now because that's the tested and supporter version.

    This is true for native and also Docker image versions!

    -- Daniel

    HCL Nomad V1.0.4 released

    Daniel Nashed  5 October 2019 15:32:28
    There is a new iPad Application which has been released.
    This is the first version from HCL and Nomad V1.0.4 replaces the offering known as IBM Domino Mobile Apps.


    The new version also comes with some interesting new features

    - Open your personal mail file in Nomad
    -> this was prevented by internal policy and is now allowed by default
    - GPS geo location support via LotusScript
     --> this will be available in the Notes 11 designer
    - Mobile Device Management pre-configuration
    - Free panaganda MarvelClient for iOS integration!

    - And there is also an option to disable DNS lookups to improve compatibility with some VPN solutions.
    - @platform([specific]) now returns the following type of text-list: iOS; 13.1; iPad; iPad7,5

    There is an interesting blog post from Andrew Mandy and Andrew Davis providing also information about what is coming next :-)


    https://www.cwpcollaboration.com/blogs/update-strategy-and-release-of-nomad-104-for-apple-ipad

    Specially the free Marvel Client (MC) integration is great.
    MC is integrated into Nomad 1.0.4 and allows you to check and update your Nomad clients.

    In combination with the MDM configuration profiles this means zero manual configuration.


    I have online-updated my MC of my existing installation and see my iPad in the MC reporting database.


    There is a FAQ regarding MarvelClient for iOS, whch you might want to check.


    https://www.panagenda.com/marvelclient-for-nomad/

    Well done integration! This is really what we need!

    Congrats & Thanks HCL and panagenda
    !


    iOS 13 Native Mail App Issues with Traveler

    Daniel Nashed  3 October 2019 15:41:43
    iOS 13 introduced a couple of changes. Some of them are done with good intention, but they broke existing functionality.
    There are currently two issues that are known. Both are described in detail in the following technote:

    https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0073141


    The technote will be updated with new information about the known issue and also new issues that might arise with iOS 13.

    The second issue just occurs when you have calendar ghosting disabled, which is enabled by default.
    But the issue with the duplicate sent mail folder entries cannot be worked around.

    Beside those two known issues, Traveler should work with iOS 13 and the native mail app.
    You should updates to iOS 13.1.2 which is another update in a short time we got for iOS 13.
    "13" isn't a good number of Apple as it sounds...

    -- Daniel


    1) Duplicate Sent folder entries

    As of iOS/iPadOS 13.0, Apple devices add an entry to the Sent folder for any emails sent from the Mail app.
    When the Sent folder is synced, the server entry is added and the device does not remove the original, resulting in a duplicate. HCL development has opened an Apple bug for this issue (FB7337231).

    Workaround: No workaround is available


    2) Accepting a meeting invitation from the iOS device does not send the response to the server

    If ghosting is disabled on the Traveler server, responding to a calendar notice from an iOS 13 device does not send the response.
    The meeting accept is reflected on the app but not in the user's notes calendar.  
    iOS 13.0 and 13.1 do not send MeetingResponse requests to the Traveler server unless the event is ghosted to the calendar.
    HCL Development has opened an Apple bug for this issue (FB7328175).

    Workaround:
    Ghosting is enabled at the Traveler server by default.  Check the Traveler server notes.ini parameters for NTS_CALENDAR_GHOSTING_SYNCML and NTS_IOS_CALENDAR_INITIAL_GHOST.  If found, make sure that they are set to true.

    RNUG -- Russian Notes User Group Event in Moscow

    Daniel Nashed  2 October 2019 08:48:42
    This is going to be a very special event! I am really looking forward to be there next week!
    I have never been to Moscow and I am looking forward to the event and also visiting the city.

    The venue looks great and there are many known speakers including fellow IBM Champions/HCL Masters from around the world.


    https://en.rnug.ru

    My sessions will be about Domino Performance and also Domino on Docker.

    And we are having a Domino on Linux Round Table session as well to get feedback from the Russian market.


    I have blogged about some tests which I have done with a local Linux which seems to be quite popular -->
    http://blog.nashcom.de/nashcomblog.nsf/dx/domino-on-astra-linux-feedback.htm

    So this will be an exiting event for participants and also us speakers!


    -- Daniel


    Image:RNUG -- Russian Notes User Group Event in Moscow


    Creating Internal use X.509 Certs

    Daniel Nashed  28 September 2019 13:58:30
    For one of my test servers I needed a proper certificate. A self-signed cert works in many cases. But creating your internal CA has benefits. You can have the CA root trusted in your brwoser etc.
    I needed a certificate for a local test server today and used the script I developed for the Docker project.

    A while ago I updated the script to add also additional SANs (Subject Alternate Names) and it will also add the SANs to a CSR request if you use the script with an external CA.
    Even when just generating a certificate with just a DNS name, this name also needs to be added to the SAN.
    This was implemented from the beginning but now you can add more SANs.

    After you configured the script, generating a proper certificate is just invoking this script.
    The CA directory contains the CA root that you add to your browser afterwards.

    Here is the example and here is the link to the script --> https://github.com/IBM/domino-docker/blob/develop/management/manage_certs.sh

    The script creates the private key, generates the CSR, depending on the configuration the reuqest is signed and everything is merged together into a single PEM.
    That PEM is imported into a matching keyring file -- if the kyrtool is installed and you are running as "notes".

    -- Daniel

     ./manage_certs.sh "traveler-nashcom-loc" "/CÞ/O=NashCom/CN=traveler.nashcom.loc" "traveler.nashcom.loc,trav2.nashcom.loc,trav2.nashcom.loc"

    (Using config file /local/cfg/certmgr_config)
    Generating key [/local/certmgr/key/traveler-nashcom-loc.key]
    Generating RSA private key, 2048 bit long modulus
    ...........................................+++
    ...+++
    e is 65537 (0x10001)
    Creating certificate Sign Request (CSR) [/local/certmgr/csr/traveler-nashcom-loc.csr]
    Removing [/local/certmgr/pem/traveler-nashcom-loc_all.pem]
    Signing CSR [/local/certmgr/csr/traveler-nashcom-loc.csr] with local CA
    Signature ok
    subject=/CÞ/O=NashCom/CN=traveler.nashcom.loc
    Getting CA Private Key
    Removing [/local/certmgr/csr/traveler-nashcom-loc.csr]

    Keyfile /local/certmgr/kyr/traveler-nashcom-loc.kyr created successfully


    Using keyring path '/local/certmgr/kyr/traveler-nashcom-loc.kyr'
    Successfully read 2048 bit RSA private key
    SECIssUpdateKeyringPrivateKey succeeded
    SECIssUpdateKeyringLeafCert succeeded

    --------------------------------------------
     traveler-nashcom-loc -> OK
    --------------------------------------------
     KeyLen       :  2048 bit
     Subject      :  /CÞ/O=NashCom/CN=traveler.nashcom.loc
     DNS NAME     :  traveler.nashcom.loc, DNS
     Valid Until  :  Sep 25 10:12:07 2029 GMT
    --------------------------------------------

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]