Task:
Replace Ubuntu 24 HCL Sametime 11.6 Community Edition installation w/Ubuntu Podman host (VM) with Sametime 12.0.2 container-based
Important Notes:
- We shutdown our Domino-based Sametime 11.6 VM while creating the new one after hours. We removed the Domino-based server's entries from the Domino Directory (domain) after the new Sametime server came online.
- We did not worry about migration of any persistent chats.
- The existing Domino-based contacts were CN/OU/O-based hierarchical contacts. We did NOT bother to run the conversion. After saving any chats anyone wanted to keep, they right-clicked removed, and re-added anyone they wanted to still be in the contacts.
- We kept the same DNS and IP as the previous HCL Sametime server to limit any reconfiguration.
- YAML files are VERY picking about indents. Do NOT use tabs, and make sure your indentions are correct for the configuration options.
- The mongo CLI program is mongosh. Its commands are JSON and do not need a trailing semi-colon.
- The external host ports cannot be changed from 443 and 8000 as of Sametime 12.0.2.
- For the LDAP account, use a comma and not a slash if using canonical name, alternately, use the email address of the LDAP account instead.
- Netavark is already included w/Podman in Ubuntu, and there is no need to set-up the network.
Servers:
Old Domino-based HCL Sametime server:
Ubuntu 24.04.1 VM (upgraded in-place from Ubuntu 20.x)
Sametime/MWDomain
sametime.mindwatering.net
192.168.99.107
New HCL Sametime server:
Ubuntu 24.04.1 VM host (new one)
sametime.mindwatering.net
192.168.99.107
Primary HCL Domino server for LDAP:
MWDom1/MWDomain
mwdom01.mindwatering.net
192.168.91.101
- port: 636 (389 redirects to 636)
- user: LDAP ServiceID/O=MWDomain
- ST admin email: stadminemailaccount@mindwatering.net
Standalone Podman Host Creation:
1. Shutdown old Sametime server:
vSphere --> select old Sametime (VM)
--> Actions --> Power --> Shutdown Guest OS
--> Actions --> Rename --> SametimeOLD
2. Build new VM:
vSphere --> Datacenter --> New from Template --> Chose Ubuntu_24-04_Server template
a. Power on the VM
vSphere --> select new Sametime (VM)
--> Actions --> Power --> Power On
b. SSH into the VM:
$ ssh myadminid@sametime.mindwatering.net
<enter pwd>
Note:
- SSH is already installed in the Mindwatering templates. If not, login to the remote console and install with:
$ sudo apt-get install openssh-server
- vi/vim is already installed in the Mindwatering templates. If not, install with:
$ sudo apt-get install vim
OS Modifications and Installation Prerequisite Packages:
1. Set static IP - 192.168.99.107
$ cd /etc/netplan/
$ ls -l
<get the file name of the cloud-init.yaml - in our case it is 50-cloud-init.yaml >
$ vi 50-cloud-init.yaml
network:
ethernets:
ens160:
addresses:
- 192.168.99.107/24
nameservers:
addresses:
- 192.168.99.1
- 192.168.91.1
search:
- mindwatering.net
routes:
- to: default
via: 192.168.99.1
version: 2
<esc>:wq (to save)
Disable changes on reboot and apply the new static IP:
$ sudo bash -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
$ sudo netplay apply
Note: If there is an error, usually indentions, it will typically tell you the line. Re-edit the file, and re-apply.
2. Update sysfs.conf adding/setting the following line for MondoDB:
# vi /etc/sysfs.conf
sysfsFile = 0
<esc>:wq (to save)
3. Update sysctl.conf to set swappiness to 1 (minimum) for MongoDB:
# vi /etc/sysfs.conf
vm.swappiness = 1
<esc>:wq (to save)
4. Install Prerequisite Packages:
$ sudo apt-get update
<wait>
$ sudo apt-get upgrade
<wait>
If apt tells you there are packages to remove:
$ sudo apt-get autoremove
<wait>
If the kernel was updated, restart:
$ sudo reboot
<wait and log back into the VM>
Install podman prerequisite that didn't install w/ our and needed to be added.
$ sudo apt-get install software-properties-common dos2unix gnupg curl unzip
<wait>
Install ldapsearch to test ldap queries later:
$ sudo apt-get install ldapsearch
<wait>
Verify the number files, file size maxes, and open files are large enough:
$ sudo ulimit -a
<view limits - typically the number of open files is too low, only 1024>
To edit the user limits, if necessary:
$ sudo vi /etc/security/limits.conf
< add additional specific user soft/hard entries >
$ sudo vi /etc/pam.d/common-session
<add the following >
session required pam_limits.so
To increase the system-wide limit:
$ sudo vi /etc/sysctl.conf
<add/update the following line with the new desired limit>
fs.file-max = 2097152
$ sudo sysctl -p
BTW, if it is a service file, you can edit the servername.service file, adding/updating the following line:
...
[Service]
...
LimitNOFile=65536
...
MongoDB Installation:
1. Install MongoDB:
$ cd /home/myadminid/tmp/
$ sudo su -
# curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
# echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
# apt-get update
<wait>
# apt-get upgrade
<wait>
# apt-get install mongodb-org
<approve with y, if prompted, wait>
Verify status of MongoDb:
# systemctl status mongod.service
<verify enabled and running>
Perhaps optional tuning:
a. Install additional package:
# apt-get install libtcmalloc-minimal4t64
b. Create the service for it:
# vi /etc/systemd/system/enable-transparent-huge-pages.service
# chmod 755 /etc/systemd/system/enable-transparent-huge-pages.service
c. Enable the service:
# systemctl daemon-reload
# systemctl enable enable-transparent-huge-pages.service
# systemctl enable enable-transparent-huge-pages.service
# systemctl start enable-transparent-huge-pages.service
# systemctl status enable-transparent-huge-pages.service
<view status - should show successful but now inactive>
2. Install Podman:
# apt-get install podman podman-compose netavark
<approve with y, if prompted, wait>
Verify status of Podman:
# systemctl status podman
Exit to normal account
# exit
Configure MongoDB for Sametime:
Notes:
- These commands are case-sensitive, and JavaScript and JSON are typically case-sensitive. Enter with the exact case specified by HCL.
- Update the sametimeUser password.
1. Create the sametimeUser admin account in the built-in admin database:
$ sudo mongosh
> use admin
<returned message: switched to db admin>
> db.createUser({user: "sametimeUser", pwd: "reallygreatpassword", roles:[{role:"readWrite", db:"chatlogging"},{ role:"readWrite", db:"mobileOffline"},{ role:"readWrite", db:"meeting"},{role:"dbAdmin", db:"meeting"},{role:"userAdminAnyDatabase", db:"admin"}]})
<verify in the output that is says :Successfully added user, and verify the details>
Note. Update the password, mystpwd, with your own password. Note the password for later.
> db.createUser({user: "sametimeClusterAdmin", pwd: "mystpwd", roles:[{role:"readWrite", db:"chatlogging"},{ role:"readWrite", db:"mobileOffline"},{role:"userAdminAnyDatabase", db:"admin"}]})
<verify in the output that is says :Successfully added user, and verify the details>
2. Create the chatlogging database and the EVENTS and SESSIONS collections (via on-demand using it the first time):
> use chatlogging
> db.EVENTS.insertOne({"_id" : "dummy"})
> db.SESSIONS.insertOne({"_id" : "dummy"})
> exit
3. Stop the MongoDB service, add the replication config, and start MongoDB back up.
$ sudo systemctl stop mongod
<wait>
Edit the mongod.conf file, and perform the following two updates:
- navigate down to the network interfaces section (statement) add add the network configuration
- navigate down to the replication section (statement) and add the replica set information
$ sudo vi /etc/mongod.conf
. . .
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,192.168.99.107
bindIpAll: true
. . .
# replication
replication:
replSetName: rs0
. . .
<esc>:wq (to save)
# mongosh
> rs.initiate()
You can confirm it with:
> rs.conf()
and
> rs.status()
> exit
$ sudo systemctl start mongodb.service
<wait>
$ sudo systemctl status mongodb.service
<verify service is active and running>
Install Sametime on Host/VM:
1. Transfer the file to the server:
Using scp or Filezilla from remote machine transfer the install zip to the folder.
You can use /opt/sametime, but in our case we do it by version of software in the myadminid's home folder
- folder: /home/myadminid/sametime_1202
- Sametime_12.0.2.zip
$ mkdir /home/myadminid/sametime1202
- Transfer the file via SCP or Filezilla to this new folder.
$ cd /home/myadminid/sametime1202
$ unzip Sametime_12.0.2.zip
<wait>
2. Run the install.
Notes:
- For us the install does not completely work. The bind credentials were not in the custom.env afterwards, we had to perform some manual edits.
- If you run another version of Sametime (a FP), this causes us issues with the images, we make sure to remove all images before running install.sh
- Use comma as canonical name separator, or email address for LDAP user.
$ sudo su
# ./install.sh
<wait while all the images are set-up>
<answer the questions>
- Sametime server name: sametime.mindwatering.net
- Mongo host: 192.168.99.107
- Mongo port: [27017]
<take the default>
- Administrator's user name: sametimeUser
- Password: reallygreatpassword
- Connection URL: [mongodb://sametimeUser:************%23@192.168.99.107:27017]
<take the default>
- LDAP server: mwdom01.mindwatering.net
- LDAP port: 636
- Bind name: cn=ldap serviceid,O=mwdomain
- Base password: **********
- Base DN: o=mwdomain
- TLS access: 636
- displayName: [cn]
<take the default>
- JWT Secret: []
<take the empty default unless you have JWT>
- LTPA: [N]
<take the default>
- Administrator email: stadminemailaccount@mindwatering.net
- Grafana Admin user: []
<take the default>
- Grafana Password: []
- Initiate and wait
IMPORTANT:
- The first run will fail because the bind information is not actually saved.
3. Fix the install:
$ docker-compose down -t 100
<wait>
$ sudo vi custom.env
. . .
# LDAP configuration
. . .
LDAP_BIND_ENTRY_DN_ENV=cn=ldap serviceid,o=mwdomain
LDAP_BIND_ENTRY_PWD_ENV= **********
LDAP_PERSON_RESOLVE_BASE_ENV=o=mwdomain
. . .
<esc>:wq (to save)
Try again:
$ docker-compose up -d
<wait - confirm all the returned status values are a 0>
4. Create a one-off Service for the Sametime containers to auto-start:
$ cd /usr/lib/systemd/system/
$ sudo touch podman-compose-app.service
$ vi podman-compose-app.service
[Unit]
Description=Podman Compose Application Service
Requires=podman.service
After=podman.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/myadminid/st1202
ExecStart=/usr/bin/podman-compose up -d
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
<esc>:wq (to save)
Enable the service:
$ sudo systemctl enable podman-compose-app.service
Post-Install:
1. Old Domino Server clean-up steps:
There is no more Domino server needed.
- Domino Admin client --> Open primary server, MWDom1/MWDomain
- - Configuration (tab)
- - Internet Site documents:
- - - Locate Sametime/MWDomain Web Site Configuration
- - - Delete any Rule document(s) and its Internet Site document underneath
- - - Delete the Web Site Configuration
- - Server documents:
- - - Select the MWDom1/MWDomain server document, click Delete
- - Connection documents:
- - - Select connection documents to or from MWDom1/MWDomain, click Delete
- - Configuration document:
- - - Select MWDom1/MWDomain configuration document, if it exists, and click Delete
AdminP will look for MWDom1/MWDomainin groups and application access controls and delete MWDom1/MWDomain automatically.
Troubleshooting and Misc Podman Commands w/ Sametime:
LDAP Failure from Sametime to Domino LDAP directory:
LDAP entry with / causing bind to fail: mwdom01.mindwatering.net. [48] Inappropriate authentication
- KB0116572
- Start-up error:
sed: -e expression #1, char 70: unknown option to `s'
- Authentication log error:
stusers 2024-11-20 20:39:26.873 INFO 113 --- 123399941506880 : StLdapConnection::bind: dn = (null)
stusers 2024-11-20 20:39:26.873 INFO 113 --- 123399941506880 : StLdapConnection::asyncBind: dn = (null)
stusers 2024-11-20 20:39:27.013 INFO 113 --- 123399941506880 : StLdapConnection::asyncResult: m_pConn = 0x703b2c78e6a0 msgId = 1 timeLimit = 0
stusers 2024-11-20 20:39:27.015 INFO 113 --- 123399941506880 : Failed connecting to directory server mwdom01.mindwatering.net. [48] Inappropriate authentication
This error is caused by the name added w/Notes canonical format instead of email address or using comma as delineator:
LDAP_BIND_ENTRY_DN_ENV=cn=ldap accountname,o=mindwateringdomain
or
LDAP_BIND_ENTRY_DN_ENV=cn=accountname@mindwatering.net
Container podman and podman-compose Commands:
podman ps
- view podman containers loaded/running
podman container list -a
- another command to view podman containers loaded/running
podman-compose up -d
- startup containers for the current Sametime folder
podman-compose down -t 60
- shutdown containers for the current Sametime folder, and give 60 seconds for each container instead of the default 10 seconds before the send kill command being issued
podman-compose logs
- view logs from all the containers from the pod for this Sametime folder
podman-compose logs community
- view logs just from the community container
podman-compose logs nginx
- view logs just from the nginx web server
podman rm -a
- issue only after the down command above, to remove all containers
podman image rm -a
- issue only after the down command, and if no containers are loaded, removes the images that the ./install.sh set-up
podman rmi --all
- issue only after the down command, removes all images from the local image repository.
- effectively uninstalls sametime and any other images from host
podman exec -it foldername_community_1 bash
- start bash terminal session into the community container
- Note: vi is not available, but cat is available, and downloading a file is an option, as well
podman cp foldername_community_1 :/sametime.ini ../tmp/sametime.ini
- copies the sametime.ini from the container to the host, up one folder and down into another tmp folder for transfer for analysis
podman cp ../tmp/sametime.ini foldername_community_1:/sametime.ini
- copies the edited file with the new debug, for example, back up to the sametime community container, overwriting the currently used on in the container.
podman-compose logs --since 10m
- all of the pod container logs, but only the last 10 minutes of them
New Sametime client VPS codes:
HCL Notes 12.0.2 64-bit: 122c --> Add to VPS_ALLOWED_LOGIN_TYPES in sametime.ini
- See the table of codes: KB0024444
Per HCL Support, add to custom.env:
$ cd/home/myadminid/sametime1202
. . .
STI__config__VPS_ALLOWED_LOGIN_TYPES=129D,129C,129B,129A,122c,130F,130E,130D,130C,130B,130A,1308,1306,1304,1443,143C,143D,143E,143F,143A,1439,1438,1437,143B,1436,1435,1434,14AF,14B2,14B4,14B6,14AD,14A2,14A0
. . .
<esc>:wq (to save)
previous page
|