Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Domino V12 Community Image on any container platform

Daniel Nashed  23 April 2021 20:11:33

Starting with the first Domino V12 code drop we already looked into optimizing our Domino Community image, replacing functionality introduced into Domino V12 native -- not even just for containers.

One touch setup


One of the prominent examples which helps setup in the container world is the One-Touch/File Setup, which combines functionality from the automated setup leveraging the old Java based setup with PDS files and a Java based application configuration.

Both have been implemented using environment variables and with more options a JSON based approach.
I will write up some examples for our Domino container work-should over the weekend, which I will share afterwards.
A good starting point is
https://help.hcltechsw.com/domino/12.0.0/admin/inst_onetouch.html.
So with a Domino V12 image you can continue to use our routines or better switch to the new functionality in Domino V12 we are fully supporting.
I just updated the integration yesterday when looking into the setup for our workshop lab next week.


Full Kubernetes support

If full automated, Domino on Kubernetes can be very powerful, but the image needs to support all the different options mounting multiple file-systems on different Kubernetes flavors.
We spent a lot of time making the image work well in different environments including livingness and readiness probes. Some partners also needed arbitrary user ID support for K8s -- which is the standard and specially handled by OpenShift for example

Podman systemd support

Podman is faster moving than Docker today. The HCL Domino V12 image now also supports Podman.
But there is much more to do than just to replace "docker" commands with "podman" commands.
At a first glance both look very similar. But the devil is in the detail. We started to look into Podman very early and have distinct options for Docker and Podman in the container and also in the container support scripts.
Docker is a daemon based environment. Podman leverages systemd to run containers if configured. There isn't a Podman daemon.
Therefore for smaller environments just running on production Domino container, I came up with a start script for managing the full container life-cycle (config, run, update, build add-on images..)

Domino Container script

This new script is a full featured management script for Domino containers running on Docker or Podman.
It's not yet fully documented but is is very easy to use and it has an installer.

This is derived from the management script we have in the Docker project but more belongs to the Domino Start Script.
It complements the start script, which is running inside the container and works hand in hand.

There are similar options, admins know already from the Domino start script.
This includes configuration, environment variable files, starting, stopping and updating the container.
And it also comes with an easy to use build environment for add-on image.

I also added the Borg Backup components as a configurable option (there are options to specify to get the FUSE device and settings added for user space mounts).
All in all this adds an easy to use interface for Docker and Podman based containers.
I am using it for my productions servers running on Podman with the systemd integration.
And I have other partners using it for their environments already.


Additional Domino V12 feature support

I already mentioned the Borg Backup support, which is an extra in the Domino Start Script and integrated into the Domino Container script.
But there is more to discover... Our container has a simple CA integrated. I added the CA script for the Volt image first and figured out we want it in the Domino base image.

So every server will have a keyfile.kyr created which is used by default until you have a real certificate.
The basic configuration for the new Domino V12 CertMgr is very simple. You only have to "load certmgr" on the first server.
A certificate in cerstore.nsf will just replace the keyfile.kyr created by the command-line CA.
The new TLS Cache added to the SSL stack, will automatically read newly creates certificates.

There is no need to restart the internet tasks like HTTP any more.

Conclusion
All in all over time features in the Domino Community script and Domino V12 native play nicely together.
And we will continue to look into more enhancements in the Domino Community script to better support new features in Domino V12.
For the work-shop next week I will look into more auto setup examples looking into the new JSON format mentioned earlier.

Your feedback
Are you using Domino in the container world today? If yes what platform are you running on?
Which image are you using and what are the features you like? Also which are the features your are missing?
I really want to hear from you. Either here or drop me a mail ..

-- Daniel



Comments

1Palmi  23.04.2021 23:23:07  Domino V12 Community Image on any container platform

Hi Daniel

Am using domino on docker in Synology

DS1019+

INTEL Celeron J3455

1.5 GHz

32 GB

Image 11

I really like to have the small foot print that docker offers . Am not a linux guy and find it hard to "clean" up the Directory via CLI. if that is something you can blog about and I have not found a "Good Way" to update the server like we can do on X86

keep up the good work. We are listening.

2John Dalsgaard  24.04.2021 15:39:19  Domino V12 Community Image on any container platform

Hi Daniel

This is very interesting....

I have not yet taken the step to get my feet wet - but I intend to when I have had time to play with it... It seems that Podman is the best approach.

I'm also considering a small "home"-server like Synology as a replacement for the current one. And I would also like to think backup into that setup.

Currently using VMware ESXi server :-)

/John

3Richard Dew  11.05.2021 10:13:04  Domino V12 Community Image on any container platform

Hi Daniel,

We have been using Domino on Docker (CentOS7 / 8) since version 9 when you had to create your own images. It has always worked really well for us and I am very familiar around the Docker side however my knowledge of Kubernetes / Orchestration is very limited to work with Connections Component Pack.

We would now like to take this further forward with Orchestration but have always though Kubernetes was the choice now I am not so sure. What is your thoughts on this as Docker Swarm keeps being mentioned?

Also can you recommend any good guides to getting Domino working with Kubernetes etc as I am stumbling around this at the moment.

Thanks

Richard

4Daniel Nashed  12.05.2021 10:14:31  Domino V12 Community Image on any container platform

@Richard,

Kubernetes in all it's flavors, vanilla or with toppings (OpenShift, Rancher, ..) is really what enterprise customers are looking into.

I don't see that customers deploy Docker swam or other platforms.

Docker is a great tool to build images. But on the run-time side only useful for smaller environments.

The Docker Community project supports all the K8s based platforms. The most tricky one is OpenShift, because it as a more restrictive security model.

Also the HCL image is supporting K8s and OpenShift.

Stay tuned for more to come in the community project. Some of it can be used also with the official HCL image.

For example we are working on Config Maps for Domino V12 with a full On Touch configuration and other configurations like Helm charts that help in deployments.

Our many focus is still to build the best fitting container image. But yes we also have to take care of deployment and other details.

Looking into our image and also the new lab examples would be a good starting point for Domino on K8s.

https://github.com/IBM/domino-docker/tree/develop/lab/kubernetes/domino

-- Daniel

Links

    Archives


    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]