Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Domino V12 Community Image on any container platform

Daniel Nashed – 23 April 2021 18:11:33

Starting with the first Domino V12 code drop we already looked into optimizing our Domino Community image, replacing functionality introduced into Domino V12 native -- not even just for containers.

One touch setup


One of the prominent examples which helps setup in the container world is the One-Touch/File Setup, which combines functionality from the automated setup leveraging the old Java based setup with PDS files and a Java based application configuration.

Both have been implemented using environment variables and with more options a JSON based approach.
I will write up some examples for our Domino container work-should over the weekend, which I will share afterwards.
A good starting point is
https://help.hcltechsw.com/domino/12.0.0/admin/inst_onetouch.html.
So with a Domino V12 image you can continue to use our routines or better switch to the new functionality in Domino V12 we are fully supporting.
I just updated the integration yesterday when looking into the setup for our workshop lab next week.


Full Kubernetes support

If full automated, Domino on Kubernetes can be very powerful, but the image needs to support all the different options mounting multiple file-systems on different Kubernetes flavors.
We spent a lot of time making the image work well in different environments including livingness and readiness probes. Some partners also needed arbitrary user ID support for K8s -- which is the standard and specially handled by OpenShift for example

Podman systemd support

Podman is faster moving than Docker today. The HCL Domino V12 image now also supports Podman.
But there is much more to do than just to replace "docker" commands with "podman" commands.
At a first glance both look very similar. But the devil is in the detail. We started to look into Podman very early and have distinct options for Docker and Podman in the container and also in the container support scripts.
Docker is a daemon based environment. Podman leverages systemd to run containers if configured. There isn't a Podman daemon.
Therefore for smaller environments just running on production Domino container, I came up with a start script for managing the full container life-cycle (config, run, update, build add-on images..)

Domino Container script

This new script is a full featured management script for Domino containers running on Docker or Podman.
It's not yet fully documented but is is very easy to use and it has an installer.

This is derived from the management script we have in the Docker project but more belongs to the Domino Start Script.
It complements the start script, which is running inside the container and works hand in hand.

There are similar options, admins know already from the Domino start script.
This includes configuration, environment variable files, starting, stopping and updating the container.
And it also comes with an easy to use build environment for add-on image.

I also added the Borg Backup components as a configurable option (there are options to specify to get the FUSE device and settings added for user space mounts).
All in all this adds an easy to use interface for Docker and Podman based containers.
I am using it for my productions servers running on Podman with the systemd integration.
And I have other partners using it for their environments already.


Additional Domino V12 feature support

I already mentioned the Borg Backup support, which is an extra in the Domino Start Script and integrated into the Domino Container script.
But there is more to discover... Our container has a simple CA integrated. I added the CA script for the Volt image first and figured out we want it in the Domino base image.

So every server will have a keyfile.kyr created which is used by default until you have a real certificate.
The basic configuration for the new Domino V12 CertMgr is very simple. You only have to "load certmgr" on the first server.
A certificate in cerstore.nsf will just replace the keyfile.kyr created by the command-line CA.
The new TLS Cache added to the SSL stack, will automatically read newly creates certificates.

There is no need to restart the internet tasks like HTTP any more.

Conclusion
All in all over time features in the Domino Community script and Domino V12 native play nicely together.
And we will continue to look into more enhancements in the Domino Community script to better support new features in Domino V12.
For the work-shop next week I will look into more auto setup examples looking into the new JSON format mentioned earlier.

Your feedback
Are you using Domino in the container world today? If yes what platform are you running on?
Which image are you using and what are the features you like? Also which are the features your are missing?
I really want to hear from you. Either here or drop me a mail ..

-- Daniel



Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]