CentOS 7.7 and HCL Domino 11 and Sametime 11 Community Server Installation
Important Notes:
- We started this install from a VM template that already had the CentOS 7.7 server OS and prerequisites already installed. So these instructions skip the prerequisite steps.
- We installed the same libraries needed for IBM Sametime 8.5 and Sametime 9. The installation gave us no errors, so there do not appear to be any new library prerequisites.
- We performed the Domino installation in console mode, and we performed the Sametime installation using the X-Windows desktop graphical interface.
- If you notice any errors, just us know using the Contact link at the top menu of this site.
CentOS installation and OS prerequisite steps are included in this document below.
______________________________
Domino 10.0.1 Upgrade
to Domino 11.0
and Sametime Installation:
______________________________
Mongo Db Installation:
Added Mongo Community Edition to Ubuntu Repository:
Note: 4.x version doesn't work with vs 3 auth. Gives NoPermission error to service.
$ sudo su
# vi /etc/yum.repos.d/mongodb-org-4.2.repo
Add the following content:
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
<esc>:wq to save
Install MongoDb:
# yum install -y mongodb-org
Install MongoDb 3.6.x instead:
We updated the /etc/yum.repos.d/mongodb-org-4.2.repo file:
# mv /etc/yum.repos.d/mongodb-org-4.2 /etc/yum.repos.d/mongodb-org-3.6
# vi /etc/yum.repos.d/mongodb-org-3.6
Change two lines:
...
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
...
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
<esc>:wq to save
# sudo yum install -y mongodb-org-3.6.5 mongodb-org-server-3.6.5 mongodb-org-shell-3.6.5 mongodb-org-mongos-3.6.5 mongodb-org-tools-3.6.5
Note:
We also tried installing mongodb-org-3.6.12 and doing the authSchema step below and it worked. So our final install was the version 3.6.12 which also worked. We did not try the 3.6.16, the latest displayed in the repo for the 3.6 stream.
To keep mongodb from being upgraded to 4.2, we added the following to the yum exclude in /etc/yum.conf
# vi /etc/yum.conf
...
exclude=mongodb-org,mongodb-org-server,mongodb-org-shell,mongodb-org-mongos,mongodb-org-tools
...
<esc>:wq to save
Start MongoDB and verify running, set to start as service at boot-up:
$ sudo service mongo start
Verify:
$ sudo tail /var/log/mongodb/mongo.log
< review output >
$ sudo chkconfig mongo on
Enter the Mongo shell:
$ sudo mongo
Disable the Cloud Free Monitoring Reminder (or enable if desired):
> db.disableFreeMonitoring()
or to enable: db.enableFreeMonitoring()
<note: Nothing is returned with the disable command>
Do the Mongo.DB HCL db set-up:
> use admin
--> returned message: switched to db admin
> db.system.users.remove({})
--> returned message: WriteResult({ "nRemoved" : 0 })
> db.system.version.find()
--> returned message: { "_id" : "featureCompatibilityVersion", "version" : "4.2" ... }
We need the authSchema version output to be version 3. Running the following commands from HCL:
> db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
--> returned message: WriteResult({ "nInserted" : 1 })
> db.system.version.find()
--> returned message now includes authSchema to be version 3
> exit
Restart the MongoDb service:
$ sudo service mongo restart
Verify:
$ sudo tail /var/log/mongodb/mongo.log
< review output >
Create the sametime database and two collections:
> mongo
> use chatlogging
--> returned message: switched to db chatlogging
> db.createCollection("SESSIONS")
--> returned message: { "ok" : 1 }
> db.createCollection("EVENTS")
--> returned message: { "ok" : 1 }
Create the sametime user and give it a password. Remember the password for in a later step.
> db.createUser({user:"sametimeUser", pwd:"mystpwd", roles:[{role:"readWrite", db:"chatlogging"},{role:"userAdminAnyDatabase", db:"admin"}]})
--> returned message: Successfully added user: { ...
Update the Mongo configuration /etc/mongod.conf to add replication and change the network settings.
$ sudo systemctl stop mongod
$ sudo vi /etc/mongod.conf
Updated the net section to bind to both the localhost and main server IP, it should look like this:
...
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,192.168.199.100
Update the replication section, currently commented out to look like this:
replication:
replSetName: rs0
...
<esc>:wq to save
Notes:
The mongod.conf configuration file is YAML, it uses indentations to delineate what goes inside the line above it. Therefore, don't use tabs, and watch the number of spacebar hits. You may want to make one change at a time and restart the MongoDB after each change so you know which edit caused the server to fail.
The HCL MS Windows document indicates to use BindIpAll. The documentation seems to hint that this is possibly equivalent to 0.0.0.0 which would make MongoDb at risk for attack. Instead, we used a list above.
Restart the MongoDb service and check for errors
Restart the MongoDb service:
$ sudo service mongo restart
Verify:
$ sudo tail /var/log/mongodb/mongo.log
< review output. If there is an error, the error messages can be cryptic >
Create the replica set:
$ sudo mongo
> rs.initiate()
You can confirm it with:
> rs.conf()
and
> rs.status()
> exit
Domino Installation:
Note; If the install properly detected that the server had no X11, it will be continued in console (terminal) mode.
1. Copy the installation file to the Domino server:
- Domino_11.0_Linux_English.tar
2. Started SSH Terminal to server.
$ ssh myadmin@myserver.mindwatering.com
<enter password>
3. Performed the installation.
$ cd /home/myadmin/tmp/dom11/
$ tar -xvf Domino_11.0_Linux_English.tar
<watched files extracted>
$ cd linux64
$ sudo ./install
<go through the prompts>
- <Enter> to continue
- "0" to skip to end of HCL Master License Agreement
- "Y" to agree
- <Enter> to continue
- <Enter> for NO (Data Directories Only Partitioned Domino Server
- <Enter> to continue
- <Enter> for default: /opt/hcl/domino
- <Enter> to continue
- <Enter> to NO (partitioned server)
- <Enter> to continue
- <Enter> for nothing/null (Data Files Directory Name)
- User Name: notes
- Group Name: notes
- <Enter> to continue
- <Enter> for default: Manual
- <Enter> for default: Domino Enterprise Server
- <Enter> to continue
- <Enter> to continue after reviewing all questions answered
< wait for the install >
- <Enter> to exit the installer
Note:
- The steps/questions are the same. But the navigation is a bit different as the new installation program is InstallAnywhere. So you click <enter> instead of <tab> to accept a setting, and you have to use "0" to get to the end of the license fine print page.
- Since my server has been upgraded over the years, the executable path still shows an IBM based one. Update if yours if different. We also use /local/notesdata for our data path. Also, our Domino server user id is notes.
- If the Sametime server is also the "main" Domino server that manages the Domino Directory, you must start the server manually to answer "Yes". Major releases always have a directory upgrade, the server "hangs" waiting on the answer. So our first boot into 11 will be manually.
4. Start the server manually. (This assumes that you are upgrading, where a server.id and notes.ini have already been provisioned. If this is a new install, then start the server in listen mode, instead. )
$ su notes
$ cd /local/notedata/
$ /opt/ibm/domino/bin/server
< wait for boot. Answer "Yes" if this Domino instance is the Directory server, wait for server to "settle" for several minutes. >
- Important -
If you have an existing (old) ST server, create a replica of the vpuserinfo.nsf on the new Domino Sametime server using the Domino Admin client.
Shutdown the Domino service.
> q
5. Exit being the notes user, and start the server normally.
$ exit
- Important -
Install the Nashed scripts if not already done.
Once installed, enable and start the new Domino service
$ sudo systemctl enable domino.service
$ sudo systemctl start domino.service
Sametime Installation:
Transfer the Sametime installation file to the ST server. Open a terminal from WITHIN the GNOME Desktop
- Sametime_11.0_CommunityServer_Linux64.tar
$ cd /home/myadmin/tmp/
$ sudo tar -xvf Sametime_11.0_CommunityServer_Linux64.tar
There are two directories produced.
The GSKit folder needed to encrypt ST communications. (See our R9 docs on that process in this repository if needed. In our case, we reverted back to Domino Directory instead of LDAP.)
$ cd Server/
$ sudo chmod g+x install.bin
$ sudo chmod u+x install.bin
To install Sametime with the Gnome Desktop GUI:
$ sudo ./install.bin
<wait for the installation dialog window to appear >
--> At the HCL Sametime Server 11.0.0 dialog, on the Introduction (first) page, click Next.
--> On the License Agreement Page, click the I accept the terms of the License Agreement checkbox, and click Next.
--> On the Domino Data directory page, confirm the location /local/notesdata was populated successfully, click Next.
--> On the Directory Selection page, choose Domino Directory, or if using a LDAP directory choose that, and enter the LDAP server and port, click Next.
--> On the License Information page, choose Standard or Limited depending on what you bought. Since we are only setting up the Community server and the Proxy server, we will choose Limited, click Next.
(Note: Do not choose Dynamic. The FlexNet server is not being used with Sametime 11 yet. )
--> On the Pre-Installation Summary page, review and click Install.
<wait>
--> On the Install Complete page, leave selected to No, I will restart my system myself, if presented. Click Done.
We didn't reboot, because Domino is likely set to start automatically with reboot, and we have some post install tasks to do.
To install Sametime from console:
Download the installer.properties "silent" file attached to the same location as the Sametime 11 installation tar file, or copy and clean-up the contents from the Sametime 11 Admin. Guide.
installer.properties
$ vi installer.properties
- Update UNIX_UserName and UNIX_GroupName if not notes.
- Update UNIX_SERVERNAME to your server's hostname.
- If using LDAP instead of Domino for your directory, change DIRECTORY_TYPE_DOMINO=0, change DIRECTORY_TYPE_LDAP=1, and complete the LDAP_SERVER and LDAP_PORT with your settings.
- Update the ST_BRANDING_INFO=entry, or ST_BRANDING_INFO=standard, depending on your license.
Install with:
$ ./install.bin -i silent
Note:
- It will look for the installer.properties file automatically. Alternately, you can use the -f flag to specify an alternate folder location.
- When the server is installed correctly, this file will have 0 as content: stsetup_exit_status.txt. Otherwise, it will contain any error messages.
- IMPORTANT -
Before starting the Domino services, update the chatlogging.ini file:
# cd /local/notesdata/
# vi chatlogging.ini
Update the CL_MONGO_PASSWORD= line to the sametime password noted above.
Save the file.
<esc>:wq
Before starting the Domino services, update the samtime.ini file:
$ vi sametime.ini
Find the line VPS_ALLOWED_LOGIN_TYPES. If you have this line, add the client IDs 1312 and 12A2 to the existing list.
Find the line VPS_PREFERRED_LOGIN_TYPES. If you have this line, add the client IDs 1312 and 12A2 to the existing list.
Save the file.
<esc>:wq
Manually start the Domino Sametime server, look for any errors.
$ cd /local/notedata/
$ su notes
$ /opt/ibm/domino/bin/server
< wait for boot >
______________________________
CentOS 7.7 Linux
OS Installation
and Prerequisite Steps:
______________________________ Linux CentOS 7 OS Install:
Create a new CentOS 7 VM
- 6.5 GB of memory with 1 Disk of 50 GB, and video memory of 16 MB for the X Windows system
Note: With only the CentOS 7 OS running (w/o X Windows GUI), the system used between 1.5 and 1.75 GB. So we added 4 GB to start for Domino and Sametime.
Attached to CentOS iso:
CentOS-7-x86_64-Minimal-1804.iso
Notes:
The current iso at this writing appears to be:
CentOS -7-x86_64-Minimal-1908.iso
We did NOT try the new CentOS 8 since, at this writing, some of the libraries are older than in CentOS 7.7.
Started VM and Installation:
At start page, selected top link: Install CentOS 7
On Welcome page, took the defaults of English and English US, clicked Continue.
On Installation Summary page,
- kept Date &Time default, as it was correct.
- kept SOFTWARE SELECTION as Minimal Install, as it was correct.
- Select INSTALLATION DESTINATION
--> Click the Disk icon under Local Standard Disks. (Ours says VMware Virtual disk, sda / 50 GB)
--> Click Done.
- Select NETWORK and HOST NAME
--> At the top right, changed the ens192 NIC to On
--> At the bottom, enter the hostname AND domain: myserver.mindwatering.net, click Apply
--> Clicked Configure and set-up for a static/Manual IP
- - - - IP Address: 192.168.199.100
- - - - Netmask: 24
- - - - Default Route: 192.168.199.1
- - - - DNS: 192.168.199.1 123.123.123.1
- - - - Search Domains: mindwatering.net
- - - - click Save
--> Back in the NETWORK & HOST NAME page, click Done.
With all the warning caution triangles removed/completed, click Begin Installation.
While the installation is going, under USER SETTINGS, click ROOT PASSWORD.
--> Enter the root user password in the Root Password field, enter it again in the Confirm field.
--> You can create the Domino server notes user now, or do it later. To do it now, click USER CREATION.
- - - - Fullname: notes
- - - - User name: notes
- - - - Password: *************
- - - - Confirm password: *************
- - - - (Leave checked the checkbox for Require a password to use this account. Leave unchecked the checkbox for Make this user administrator)
- - - - click Done
- - - > click Finish configuration
When done, click Reboot.
Notes:
Update the network settings to what's needed for your installation.
For the Installation Destination, we typically have on disk for the OS, one for /local/notesdata, and others for anything else needed for the box. (e.g. another one for transaction logs, and one for DAOS).
Login and Start Prerequisite Tasks:
After reboot, login as root, and update the system:
# yum update
< waited >
# yum autoremove
Install Open VMTools if Using VMware VM:
CentOS doesn't install the VMware/OpenVM tools automatically like in Ubuntu. Install the open-vm tools with:
# yum install open-vm-tools
< click y, to the request to install the RPG certificate key to trust the repository >
Start the tools (ours was not running):
# systemctl enable vmtoolsd
# systemctl status vmtoolsd
# systemctl start vmtoolsd
Install OpenSSH Server:
To remotely manage the server, and to transfer files to it, install the OpenSSH server:
# yum install openssh-server
Note: Installation of openssh-server not needed. Already installed.
Security/Limits File Updates:
Edit /etc/security/limits.conf using root and add or modify the lines:
notes soft nofile 65535
notes hard nofile 65535
(Use 65535 for 64 bit Linux for both soft and hard limits, per HCL 2019/12. )
Update SELINUX:
$ vi /etc/selinux/config
Change to SELINUX=disabled and save.
(<esc> :wq <enter> to save)
Time Server Sync:
(optional) Set up NTP if not using VMware Tools or OpenVM tools to sync time:
$ ntpdate pool.ntp.org
$ chkconfig ntpd on
32-Bit Multilib Installations?
I received confirmation from Daniel Nashed that no compat libraries or 32-bit libraries are needed anymore as ST is fully 64-bit.
64-bit Packages for Domino and Sametime:
Notes:
If you have the Desktop version of CentOS 7.7, it appears that the pre-requisite packages for the graphical installation were already there.
HCL has not published that certain new packages are needed or some are no longer needed. So for know we verified the same packages Sametime 9, only libXp wasn't already installed with the minimal ISO plus the stripped GNOME Desktop we installed.
The Domino install via console mode requires perl
# yum install perl
The following were already installed; these can be skipped:
# yum install glibc
# yum install libgcc
# yum install libstdc++
For the X-Windows Desktop install, the following are all installed; these can be skipped:
# yum install libXtst
# yum install libXmu
# yum install libXft
# yum install libXi
The previous versions of Domino and Sametime on Linux also required the libXp. We installed Sametime successfully w/o it, but don't know if something still needs it. Just in case, we installed libXp:
# yum install libXp
Setup the Domino User Account:
Skip this step if you set up the notes user during the install, but do the DOMINO_LINUX_SET_PARMS and the /local/notesdata steps still.
Create the notes (domino) user. Leave alone the opt/hcl/domino path so it owned/signed by root, but change the ownership of the /local/notesdata folder so that is is owned by the notes server user.
# useradd -d /home/notes -m notes
- or to include a specific UID ID -
# useradd -d /home/notes -m notes -u 1008
Set the password:
# passwd notes
Set up the notes user to use DOMINO_LINUX_SET_PARMS:
# vi /home/notes/.bashrc
Add to the end of the file: export DOMINO_LINUX_SET_PARMS=1
Create the installation Domino data notesdata folder. We use /local/notesdata.
(For a new CentOS 7.7 install, we had to create the /local folder, in addition to the /local/notesdata folder.)
# cd /
# mkdir local
# cd /local
# mkdir notesdata
# chown -R notes /local/notesdata/
# chgrp -R notes /local/notesdata/
# chmod -R g+w /local/notesdata/
Open the Domino and Sametime Firewall Ports:
CentOS 7 uses FirewallD.
If you are not using the Domino Java Controller, leave off 2050. There are other ports to add if you are running multiple SameTime Domino servers (e.g. 1516, 9092, 9094, 8082).
# firewall-cmd --zone=public --add-port=1352/tcp --permanent
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
# firewall-cmd --zone=public --add-port=2050/tcp --permanent
# firewall-cmd --zone=public --add-port=1533/tcp --permanent
in this example we restrict SSH and e-mail to internal networks only ...
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.199.0/16" port protocol="tcp" port="22" accept"
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.211.0/28" port protocol="tcp" port="25" accept"
# firewall-cmd --reload
Confirm loaded and running:
# firewall-cmd --state
Other Misc Steps:
If running multiple IPs, update the network configuration with second ethernet.
Update /etc/hosts:
Notes:
- Watch out for the GUI (desktop) tool to wipe out /etc/hosts and the 127.0.0.1 loopback address!
- If a second line has been added for 127.0.1.1, comment it out with a # in front of the line. That messages up the server.
- Add a new line with the server's internal IP and FQDN and simple hostname:
# 127.0.1.1 myserver
192.168.199.100 myserver.mindwatering.net myserver
Save the file and exit. <esc> :wq.
If the /local/notesdata/ is a second virtual (or real) disk and you need to mount it, update /etc/fstab.
e.g. /dev/sdb1 /local/notesdata ext3 defaults 1 1
Verify that postfix is not running or enabled. If so, disable it.
e.g.
# systemctl status postfix
< received active status>
# systemctl stop postfix
# systemctl disable postfix
Install Domino Start-up Scripts:
For the Nashed start-up script, follow the instructions that come with the start-up script.
For the domino.service file in /etc/systemd/system, update lines 7, 10, and 11 for your paths.
For the rc_domino_script in /opt/ibm/domino or /opt/nashcom/, update lines 42 and 65 for the server OS ID and paths.
For the rc_domino in /etc/init.d/, update lines 31, 35, and 43, for your server OS ID and paths.
For the rc_domino.script_notes file to /etc/domino/, updates similar lines as rc_domino.script.
Update all the file permissions to 755.
$ sudo systemctl enable domino.service
Note: This server is an upgrade, not a new install. We are re-using the /local/notesdata, and we chose to keep the existing /opt/ibm/domino path. Our existing start-up script is already in/opt/ibm/domino If this is a new install, the script path will be /opt/nashed/, as Daniel Nashed now has his scripts set to be in a separate /opt/nashcom/ folder.
Installing a Desktop on CentOS 7.7 Minimal:
Notes:
- We found that the ST installation doesn't yest have a response file setup documented and readme.txt - no console install possible. If you run the install w/o a GUI you get files scatter across your root "/" folder. So we have install a GUI into the server uUntil the documentation is released.
- We found that with CentOS 7.7 the groupinstall for "X Window system" doesn't work with startx by itself, even with increasing video size to 128 MB. We could use "GNOME Desktop", but that gives us all the desktop apps, which are not needed on a server. So we installed with the base gnome groups added with it, instead.
- As of 2011/01/0, the Gnome Desktop GUI is no longer needed. HCL released the instructions to do a replay/silent install instead.
# yum groupinstall "X Window System" -y
# yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts
# yum groupinstall fonts
# startx
< gnome booted successfully. Clicked the Power symbol (upper right) to restart the server.>
(Optional) Login as root, and set the GNOME Desktop to be loaded instead of the terminal prompt as desired.
# systemctl set-default graphical.target
Note:
For a manual run, systemctl isolate graphical.target, is used to still default to terminal, but give option to boot to GUI.
The GNOME default 800x600 resolution isn't big enough for installation screens. Increase it:
Applications --> System Tools --> Settings
In the Settings dialog, scroll down and choose Display
Change the Display Resolution field to something bigger but smaller than the average admin's monitor resolution. We choose 1280x800 (16x10). Click Apply.
Click the Keep Changes button in the dialog. (If don't click it, the system will think you cannot, and revert to previous resolution.)
Close the dialog to return to the GNOME desktop.
previous page
|