HCL Domino 11 with HCL Volt on CentOS Linux 8 Step-by-Step Installation

Mindwatering Incorporated

Author: Tripp W Black

Created: 03/11 at 02:09 PM

 

Category:
Domino Upgrades / Installations
Software Upgrade

CentOS 8 and HCL Domino 11.0 or Domino 11.0.1 with Volt Server Step-by-Step Installation
Important Notes:
- We set up a new VM running CentOS 8, with 3 virtual disks: one for /, the second for /local/, and the third called local2 for transaction logs.
- We did not need to install any additional libraries. This Domino server was "swung" from CentOS 7.7 to CentOS 8 with its Domino 11.0 NSFs and NTFs.
- We kept only the /local/notesdata/ disk. We removed all the system sub folders from the folder except for ones like IBM_Vault, etc. We also removed all full-text folders (app.ft folders).
- We performed the Domino installation in console mode.

CentOS installation and OS prerequisite steps are included in this document if doing a "swing" upgrade type installation.

_____________________________________

HCL Domino 11.0 or
HCL Domino 11.0.1
with HCL Volt

Installation:
_____________________________________


Domino Server Prerequisite Set-up:
- If not installing HCL Volt on the only (main/administrative) Domino server, register a new Domino server using the Administrator client, but do not use a server.id password.
- Update the new server document, and set the Internet Ports for web (e.g. 80 and 443).
- Create the Internet Site document for the server. Under the Configuration tab, enable the HTTP, under Allowed Methods, enable: GET, DELETE, HEAD, POST, PUT. Under the Domino Web Engine tab, under the HTTP Sessions heading, set-up the Session Authentication to Single. Multi-Server SSO, or SAML token.
(Any type of SSO will work for Volt)
- If you want to restrict Volt users w/in your organization, create an ACL group, and note the name for the post-installation tasks of setting access control on the Volt apps.


Domino 11.0.1 / Domino 11.0.1 Beta Installation:
Copy the installation file to the Domino server:
- Domino_11.0_Linux_English.tar
or
- Domino_1101_Preview_Linux64_Eng.tar

In our case, we used FileZilla to transfer to a temporary location:
/home/myadmin/tmp/dom11

2. Start SSH Terminal to server.
$ ssh myadmin@myserver.mindwatering.com
<enter password>

Extract and run the install:
$ cd /home/myadmin/tmp/dom11/
$ tar -xvf Domino_11.0_Linux_English.tar
<watched files extracted>
$ cd linux64
$ sudo ./install
<go through the prompts>
- <Enter> to continue with default number 3. English locale (or change)
- <Enter> to continue
- "0" to skip to end of HCL Master License Agreement
- "Y" to agree
- <Enter> to continue
- <Enter> for NO (Data Directories Only Partitioned Domino Server
- <Enter> to continue
- <Enter> for default: /opt/hcl/domino
- <Enter> to continue
- <Enter> to NO (partitioned server)
- <Enter> to continue
- <Enter> for nothing/null (Data Files Directory Name)
- User Name: notes
- Group Name: notes
- <Enter> to continue
- <Enter> for default: Manual
- <Enter> for default: Domino Enterprise Server
- <Enter> to continue
- <Enter> to continue after reviewing all questions answered
< wait for the install >
- <Enter> to exit the installer

Note:
- The steps/questions are the same. But the navigation is a bit different as the new installation program is InstallAnywhere. So you click <enter> instead of <tab> to accept a setting, and you have to use "0" to get to the end of the license fine print page.
- Since my server has been upgraded over the years, the executable path still shows an IBM based one. Update if yours if different. We also use /local/notesdata for our data path. Also, our Domino server user id is notes.
- If this server is the "main" Domino server that manages the Domino Directory, you must start the server manually to answer "Yes". Major releases always have a directory upgrade, the server "hangs" waiting on the answer. So our first boot into 11 will be manually.
- If you changed to the hcl/domino path, verify the "swung" notes.ini was successfully updated by the installation script before manually starting.

3. Start the server manually.
$ su notes
$ cd /local/notedata/
$ /opt/hcl/domino/bin/server
< wait for boot. Answer "Yes" if this Domino instance is the Directory server, wait for server to "settle" for several minutes. >

Shutdown the Domino service.
> q

4. Exit being the notes user, and start the server normally.
$ exit

5. Install the Nashed Domino script. Note that the folder path has changed with the new version. The scripts are put in their own folder so not to be in the way of official software updates.
$ systemctl start domino.service


HCL Volt Installation:
1. Unzip the HCL Volt installation file and copy the folder to a temporary location on the server:
- hcl.domino.volt-x.x.zip

In our case, we used FileZilla to transfer the contents of the extracted zip to a temporary location:
/home/myadmin/tmp/dom11volt/

2. Start SSH Terminal to server.
$ ssh myadmin@myserver.mindwatering.com
<enter password>

Verify the install is an executable (e.g. rwx). Stop the Domino service, and run the install:
$ cd /home/myadmin/tmp/dom11volt/
$ cd linux
$ sudo systemctl stop domino.service
< waited>
$ sudo chmod 755 ./install
$ sudo ./linux /opt/hcl/domino
<go through the prompts>
- At the HCL Domino Volt Installation page, at the Proceed with installation prompt, click Y.
- Take the default for Domino Data Directory [/local/notesdata]
- Take the default for Domino User [notes]
- Take the default for Domino Group [notes]
- At the Proceed with Installation prompt, click Y.
Note the location of the log:
/var/log/volt_install_nowdatetime.log

$ sudo systemctl start domino.service
<wait second or two>
$ sudo systemctl status domino.service


Volt Post-Installation Tasks:
- Update the system java.policy file.
$ sudo vi /opt/hcl/domino/notes/latest/linux/jvm/lib/security/java.policy
Add the following new lines to the end of the file:
// HCL Domino Volt - for Groovy templates
grant codeBase "file:/groovy/shell" {
permission java.security.AllPermission;
};
<esc, :wq>

$ sudo systemctl stop domino.service
<wait 15 to 30 seconds or so>
$ sudo systemctl start domino.service
<wait second or two>

Open the Domino Administrator client, to the Domino console, and enter the following, and note the response:
> tell http osgi ss dleap
Output should be similar to:
... 269 ACTIVE dleap_[version]
... 270 RESOLVED dleap.dependencies.stub_[version]

Update the Volt Builder app ACL, and add the group you created in the pre-requisites.
- Give the group the VoltAppsManager role, and Editor access.
- Change the -Default- access to Reader. The Anonymous access was already set to No Access.

Open the Volt Configuration Settings app.
(We didn't update any of the ACL settings. The -Default- and the Anonymous access were already set to No Access.
In the All Settings view, edit the serverURI document. Update the URI with the FQDN of the domino server. Use https instead of http if SSL/TLS has been set-up.

Restart HTTP:
> restart task http

Open a browser, and login to the management page:
https://mwvolt.mindwatering.net/volt-apps/secure/org/ide/manager.html


_____________________________________

CentOS 8.x Linux Installation
and Prerequisite Steps:

_____________________________________

Linux CentOS 8 OS Install:

Create a new CentOS 8 VM
- 6 GB of memory with 1 to 3 Disks of 50 GB, and video memory of 16 MB for the X Windows system
Note: With only the CentOS 8 OS running (w/o X Windows GUI), the system used between 1.5 and 1.7 GB. So we added 3.5 GB to start for Domino. If you have more than 50 concurrent users or have a heavier load increase the memory and start with 8 GB of memory. Increase the 50 GB disk space depending on your storage needs. If creating a transaction logs disk, make it 1 GB or more.

Attached to CentOS iso:
CentOS-8.1.1911-x86_64-DVD1.iso

We used the DVD iso because no minimal ISO has been created as of this writing.

Started VM and Installation:
At start page, selected top link: Install CentOS Linux 8

On Welcome page, took the defaults of English and English US, clicked Continue.

On Installation Summary page,
- kept Date &Time default, as it was correct.
- kept SOFTWARE SELECTION as Minimal Install, as it was correct.
- Select INSTALLATION DESTINATION
--> Click the Disk icon under Local Standard Disks. (Ours says VMware Virtual disk, sda / 50 GB)
--> Click Done.
- Select NETWORK and HOST NAME
--> At the top right, changed the ens192 NIC to On
--> At the bottom, enter the hostname AND domain: myserver.mindwatering.net, click Apply
--> Clicked Configure and set-up for a static/Manual IP
- - - - IP Address: 192.168.199.100
- - - - Netmask: 24
- - - - Default Route: 192.168.199.1
- - - - DNS: 192.168.199.1 123.123.123.1
- - - - Search Domains: mindwatering.net
- - - - click Save
--> Back in the NETWORK & HOST NAME page, click Done.
With all the warning caution triangles removed/completed, click Begin Installation.

While the installation is going, under USER SETTINGS, click ROOT PASSWORD.
--> Enter the root user password in the Root Password field, enter it again in the Confirm field.
--> You can create the Domino server notes user now, or do it later. To do it now, click USER CREATION.
- - - - Fullname: notes
- - - - User name: notes
- - - - Password: *************
- - - - Confirm password: *************
- - - - (Leave checked the checkbox for Require a password to use this account. Leave unchecked the checkbox for Make this user administrator)
- - - - click Done
When done, click Reboot.

Notes:
Update the network settings to what's needed for your installation.
For the Installation Destination, we typically have on disk for the OS, one for /local/notesdata, and others for anything else needed for the box. (e.g. another one for transaction logs, and one for DAOS).

After the reboot, CentOS has a scary screen that says:
LICENSING
License Information
License not accepted.

Simply click the blue box of text saying not accepted, click the I accept the license agreement, and then click Done.
Click the Finish configuration button.

Login as your admin user or root. If you selected the Server with GUI option, you are greeted with a Welcome set-up wizard.
Complete the welcome tabs.
(e.g. English US --> On Privacy page, No Location Services -->Connect Your Online Accounts, Skip --> Start Using CentOS Linux
Close the Getting Started window.


Login and Start Prerequisite Tasks:
After reboot, and you have logged-in, use the Terminal window to update the system:
# yum update
< waited, accepted a cert, waited some more >
# yum autoremove


Install Open VMTools if Using VMware VM:
CentOS 8 installed the VMware/OpenVM tools automatically for Server with GUI. If they are not installed, Install the open-vm tools with:
# yum install open-vm-tools
< click y, to the request to install the RPG certificate key to trust the repository >

Start the tools (ours was not running):
# systemctl enable vmtoolsd
# systemctl status vmtoolsd
# systemctl start vmtoolsd


Install OpenSSH Server:
To remotely manage the server, and to transfer files to it, install the OpenSSH server:
# yum install openssh-server
Note: Installation of openssh-server not needed, and already installed, for minimal installation, and Server with GUI.


Security/Limits File Updates:
Edit /etc/security/limits.conf using root and add or modify the lines:
notes soft nofile 65535
notes hard nofile 65535
(Use 65535 for 64 bit Linux for both soft and hard limits, per HCL 2019/12. )

Update SELINUX:
$ vi /etc/selinux/config
Change to SELINUX=disabled and save.
(<esc> :wq <enter> to save)


Time Server Sync:
(optional) Set up NTP if not using VMware Tools or OpenVM tools to sync time:
$ ntpdate pool.ntp.org
$ chkconfig ntpd on


32-Bit Multilib Installations?
I received confirmation from Daniel Nashed that no compat libraries or 32-bit libraries are needed anymore as Domino and JVM are fully 64-bit.


64-bit Packages for Domino:
Notes:
If you have the Desktop version of CentOS 8, it appears that the pre-requisite packages for the graphical installation were already there.
HCL has not published that certain new packages are needed or some are no longer needed. So for know we verified the same packages as our previous Domino 9 and 10 upgrades. With CentOS 7.6 and 7.7, only perl and libXp were not already installed with the minimal ISO plus the stripped GNOME Desktop we installed.

The Domino install via console mode requires perl
# yum install perl

The following were already installed; these can be skipped:
# yum install glibc
# yum install libgcc
# yum install libstdc++


For the X-Windows Desktop install, the following are all installed; these can be skipped:
# yum install libXtst
# yum install libXmu
# yum install libXft
# yum install libXi

The previous versions of Domino on Linux also required the libXp. We installed Domino successfully w/o it, but don't know if something still needs it. It should be skipped:
# yum install libXp


Setup the Domino User Account:
Skip this step if you set up the notes user during the install, but do the DOMINO_LINUX_SET_PARMS and the /local/notesdata steps still.
Create the notes (domino) user. Leave alone the opt/hcl/domino path so it owned/signed by root, but change the ownership of the /local/notesdata folder so that is is owned by the notes server user.
# useradd -d /home/notes -m notes
- or to include a specific UID ID -
# useradd -d /home/notes -m notes -u 1008

Set the password:
# passwd notes

Set up the notes user to use DOMINO_LINUX_SET_PARMS:
# vi /home/notes/.bashrc
Add to the end of the file: export DOMINO_LINUX_SET_PARMS=1

Create the installation Domino data notesdata folder. We use /local/notesdata.
(For a new CentOS 7.7 install, we had to create the /local folder, in addition to the /local/notesdata folder.)
# cd /
# mkdir local
# cd /local
# mkdir notesdata
# chown -R notes /local/notesdata/
# chgrp -R notes /local/notesdata/
# chmod -R g+w /local/notesdata/


Open the Domino Firewall Ports:
CentOS 7 uses FirewallD.
If you are not using the Domino Java Controller, leave off 2050. There are other ports for IMAP and POP3 if needed (993 and 995).

# firewall-cmd --zone=public --add-port=1352/tcp --permanent
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=443/tcp --permanent
in this example we restrict SSH and e-mail to internal networks only ...
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.199.0/16" port protocol="tcp" port="2050" accept"
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.199.0/16" port protocol="tcp" port="22" accept"
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.211.0/28" port protocol="tcp" port="25" accept"
# firewall-cmd --reload

Confirm loaded and running:
# firewall-cmd --state


Other Misc Steps:
If running multiple IPs, update the network configuration with second ethernet.

Update /etc/hosts:
Notes:
- Watch out for the GUI (desktop) tool to wipe out /etc/hosts and the 127.0.0.1 loopback address!
- If a second line has been added for 127.0.1.1, comment it out with a # in front of the line. That messages up the server.
- Add a new line with the server's internal IP and FQDN and simple hostname:
# 127.0.1.1 myserver
192.168.199.100 myserver.mindwatering.net myserver
Save the file and exit. <esc> :wq.

If the /local/notesdata/ is a second virtual (or real) disk and you need to mount it, update /etc/fstab.
e.g.
/dev/sdb1 /local/notesdata ext4 defaults 1 1
/dev/sdc1 /local2 ext4 defaults 1 1

Verify that postfix is not running or enabled. If so, disable it.
e.g.
# systemctl status postfix
< received active status>
# systemctl stop postfix
# systemctl disable postfix


Install Domino Start-up Scripts:
For the Nashed start-up script 3.3x, manual installation is no longer required. Run the install_script file after expanding the tar file.
If you are not using standard naming conventions, you will need to update the script variables near the top.
# tar -xvf start_script_331.tar
# cd start_script
# ./install_script

# systemctl status domino.service
< status is loaded, but inactive/not running >
# systemctl start domino.service



Installing a Desktop on CentOS 8 Minimal:
Notes:
We found that the HCL Sametime 11.0 installation doesn't yet have a response file setup documented and readme.txt - no console install possible. Update - the response format has been released a short time after the software release. This step is not required.
If you run the install w/o a GUI, and without a response file, you get files scatter across your root "/" folder.
We found that with CentOS 8 the groupinstall for "X Window system" doesn't work with startx by itself, even with increasing video size to 128 MB. We could use "GNOME Desktop", but that gives us all the desktop apps, which are not needed on a server. So we installed with the base gnome groups added with it, instead.

# yum groupinstall "X Window System" -y
# yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts
# yum groupinstall fonts
# startx
< gnome booted successfully. Clicked the Power symbol (upper right) to restart the server.>

(Optional) Login as root, and set the GNOME Desktop to be loaded instead of the terminal prompt as desired.
# systemctl set-default graphical.target
Note:
For a manual run, systemctl isolate graphical.target, is used to still default to terminal, but give option to boot to GUI.

The GNOME default 800x600 resolution isn't big enough for installation screens. Increase it:
Applications --> System Tools --> Settings
In the Settings dialog, scroll down and choose Display
Change the Display Resolution field to something bigger but smaller than the average admin's monitor resolution. We choose 1280x800 (16x10). Click Apply.
Click the Keep Changes button in the dialog. (If don't click it, the system will think you cannot, and revert to previous resolution.)
Close the dialog to return to the GNOME desktop.




previous page