Domino容器化安装及运维笔记

1、容器作業系統選擇

本案使用Oracle Linux 9.5最小化安裝作業系統

安装中文语言包：yum install glibc-langpack-zh

安装英文语言包：yum install glibc-langpack-en

yum install perl-libs

2、創建縮主機同網段網絡（若跑獨一容器則不用創建，創macvlan目的是單主機跑多個不同IP的Container，重負載container亦可在縮主機設置多片網卡進行分流，能用10GB不要用1GB網絡）。

ip link set bond0 promisc on

docker network create -d macvlan --subnet=10.72.200.0/24 --gateway=10.72.200.1 -o parent=bond0 vlan200

或創建橋接網絡

docker network create --driver bridge --subnet 10.72.200.0/24 --gateway 10.72.200.1 vlan200

創建測試網絡container

docker run --rm -it --net=vlan200 --ip=10.72.200.208 centos /bin/bash

3、部署Domino container 11FP9(此版經驗證支援webex簡繁體多國語言及ehr相容性）。

docker create volume ehrks03

docker run --rm -v ehrks03:/local/notesdata --hostname ehrap.domino.com --env DOMINO_LANG=C --cap-add=SYS_PTRACE --net=vlan200 --ip=10.72.200.* -p 1352:1352 -p 8585:8585 domino-docker:V1101FP9_06102024prod --setup

docker run --rm -v ehrks02:/local/notesdata --hostname ehrap.domino.com --env DOMINO_LANG=C --cap-add=SYS_PTRACE --net=vlan200 --ip=10.72.200.* -p 1352:1352 -p 8585:8585 domino-docker:V1101FP9_06102024prod --setup

Preparing for server setup...

Done.

./java -ss512k -Xmso5M -cp jhall.jar:cfgdomserver.jar:./ndext/ibmdirectoryservices.jar lotus.domino.setup.WizardManagerDomino -data /local/notesdata -listen

Remote server setup enabled on port 8585.

The Domino setup server is now in listening mode.

A remote client can now connect to this server and configure Domino.

To connect to this server, launch the Remote Domino Setup program from a command-prompt as follows:

From a Domino administrator client: serversetup -remote

From a Domino server: server -remote

To end this server, launch the Remote Domino Setup program from a command-prompt as follows:

From a Domino administrator client: serversetup -q ehrks03.domino.com

From a Domino server: server -q ehrks03.foxlink.com.tw

For more information, see the printed guide Setting Up Domino Networks and Servers.

此过程需要1到2钟完成初始化，请耐心等待，此時在Windows client打开远程配置工具进行配置即可。

To end this server, launch the Remote Domino Setup program from a command-prompt as follows:

From a Domino administrator client: serversetup -q ehrap.domino.com

From a Domino server: server -q ehrap.domino.com

For more information, see the printed guide Setting Up Domino Networks and Servers.

*Warning all runtime debug info will be logged to /local/notesdata/setuplog.txt

[000116:000002-00007CB848D00700] 09/06/2024 05:25:59 Created new log file as /local/notesdata/log.nsf

[000116:000002-00007CB848D00700] 09/06/2024 05:26:19 Extended access control option has changed. Rebuilding UNID Index in database /local/notesdata/names.nsf...

[000116:000002-00007CB848D00700] 09/06/2024 05:26:19 Extended access control feature is enabled for the database /local/notesdata/names.nsf

[000116:000002-00007CB848D00700] 09/06/2024 05:26:20 On setting preserved for Database Option: LARGE_UNKTABLE for database /local/notesdata/reports.nsf

[000116:000002-00007CB848D00700] 09/06/2024 05:26:20 On setting preserved for Database Option: LARGE_UNKTABLE for database /local/notesdata/cppfbws.nsf

[000116:000002-00007CB848D00700] Performing consistency check on feedcontent.ntf...

[000116:000002-00007CB848D00700] Completed consistency check on feedcontent.ntf

启用正式DOMINO主机

docker run -it --name ehrks02 -v ehrks02:/local/notesdata --env TZ=Asia/Shanghai --env DOMINO_LANG=C --hostname ehrap.domino.com --net=vlan200 --ip=10.72.200.* --cap-add=SYS_PTRACE -p 8089:8089 -p 8086:8086 -p 1352:1352 domino-docker:V1101FP9_06102024prod

设置开机自启动容器，并调整IP.

docker update --restart=always --net=vlan200 --ip=10.72.200.208 d9b9f78e183f

4、升级补丁

因11版容器IMAGE断更，可独立安装LINUX TAR包进行升级。

取得root權限修改group

sudo docker exec -it -u root ehrks03 bash

5、CP Java套件。

cd /docker/volumes/ehr03/_data

docker cp openedge.jar ehrks03:/opt/hcl/domino/notes/11000100/linux/jvm/lib/ext/

find /opt/ -name "open*.jar"

/opt/hcl/domino/notes/11000100/linux/jvm/lib/ext/openedge.jar

安裝traveler

docker image load --input Traveler_12.0.1FP1_Docker_ML.tgz

docker run --rm --name travelersetup -v ks-inotes:/local/notesdata --hostname ks-inotes.*com --net=vlan78 --ip=192.168.78.148 -p 8585:8585 -p 1352:1352 traveler-docker:V12011_202205131541 --setup

啟用windows notes romote遠端配置工具進行配置。

docker run -it --name ks-inotes -v ks-inotes:/local/notesdata --net=vlan78 --ip=192.168.78.148 --hostname ks-inotes.*.com --cap-add=SYS_PTRACE -p 1352:1352 -p 443:443 -p 80:80 -p 50215:50215 -p 50126:50126 traveler-docker:V12011_202205131541

查看相關啟用端口

ss -unlpt | grep 2375

Container部署可視化管理工具

docker run -d -p 8443:9000 -p 8000:8000 --name ks-portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v ~/local-certs:/certs -v portainer_data:/data portainer/

portainer --ssl --sslcert /certs/portainer.pem --sslkey /certs/portainer.key

磁盤擴容

1、[root@jx-notes ~]# cat /etc/fstab

#

# /etc/fstab

# Created by anaconda on Thu Nov 22 14:37:23 2018

#

# Accessible filesystems, by reference, are maintained under '/dev/disk'

# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info

#

/dev/mapper/VolGroup-root / xfs defaults 0 0

UUID=2596c0b4-991a-4cd6-b6cb-1abf1588c304 /boot xfs defaults 0 0

/dev/mapper/VolGroup-data /mail xfs defaults 0 0

/dev/mapper/VolGroup-swap swap swap defaults 0 0

[root@jx-notes ~]# xfs_growfs /

meta-data=/dev/mapper/VolGroup-root isize=256 agcount=4, agsize=1310720 blks

= sectsz=512 attr=2, projid32bit=1

= crc=0 finobt=0, sparse=0, rmapbt=0

= reflink=0

data = bsize=4096 blocks=5242880, imaxpct=25

= sunit=0 swidth=0 blks

naming =version 2 bsize=4096 ascii-ci=0, ftype=1

log =internal log bsize=4096 blocks=2560, version=2

= sectsz=512 sunit=0 blks, lazy-count=1

realtime =none extsz=4096 blocks=0, rtextents=0

data blocks changed from 5242880 to 10484736

2、[root@jx-notes ~]# lvextend -l +100%FREE /dev/VolGroup/root

Size of logical volume VolGroup/root changed from 20.00 GiB (5120 extents) to <40.00 GiB (10239 extents).

Logical volume VolGroup/root successfully resized.

lvextend -l +100%FREE /dev/mapper/VolGroup-root

lvextend -L +10GB /dev/mapper/VolGroup-root

[root@jx-notes ~]# df

文件系统 1K-块 已用 可用 已用% 挂载点

devtmpfs 4052196 0 4052196 0% /dev

tmpfs 4069052 0 4069052 0% /dev/shm

tmpfs 4069052 25360 4043692 1% /run

tmpfs 4069052 0 4069052 0% /sys/fs/cgroup

/dev/mapper/VolGroup-root 20961280 14195328 6765952 68% /

/dev/sda1 303788 248444 55344 82% /boot

/dev/mapper/VolGroup-data 159062016 85484992 73577024 54% /mail

tmpfs 813812 0 813812 0% /run/user/1000

ksnas01:/volume1/backup 38890914944 27813678976 11077117184 72% /backup

tmpfs 813812 0 813812 0% /run/user/0

3、不同文件系統采用不同切割方式

xfs

xfs_growfs /docker

btrfs

sudo btrfs filesystem resize max /data

sudo btrfs device usage /data

實操範例：

[root@jx-notes ~]# xfs_growfs /

meta-data=/dev/mapper/VolGroup-root isize=256 agcount=4, agsize=1310720 blks

= sectsz=512 attr=2, projid32bit=1

= crc=0 finobt=0, sparse=0, rmapbt=0

= reflink=0

data = bsize=4096 blocks=5242880, imaxpct=25

= sunit=0 swidth=0 blks

naming =version 2 bsize=4096 ascii-ci=0, ftype=1

log =internal log bsize=4096 blocks=2560, version=2

= sectsz=512 sunit=0 blks, lazy-count=1

realtime =none extsz=4096 blocks=0, rtextents=0

data blocks changed from 5242880 to 10484736

4、[root@jx-notes ~]# df

文件系统 1K-块 已用 可用 已用% 挂载点

devtmpfs 4052196 0 4052196 0% /dev

tmpfs 4069052 0 4069052 0% /dev/shm

tmpfs 4069052 25360 4043692 1% /run

tmpfs 4069052 0 4069052 0% /sys/fs/cgroup

/dev/mapper/VolGroup-root 41928704 14195520 27733184 34% /

/dev/sda1 303788 248444 55344 82% /boot

/dev/mapper/VolGroup-data 159062016 85485176 73576840 54% /mail

tmpfs 813812 0 813812 0% /run/user/1000

ksnas01:/volume1/backup 38890914944 27813707648 11077088512 72% /backup

tmpfs 813812 0 813812 0% /run/user/0

[root@jx-notes ~]# lvs

LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert

data VolGroup -wi-ao---- 151.70g

root VolGroup -wi-ao---- <40.00g

swap VolGroup -wi-ao---- 8.00g

[root@jx-notes ~]#

ubuntu server docker 安裝步驟

sudo apt full-upgrade

sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg lsb-release

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update

sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Other Misc Options:

Postfix:

After an OS update, we verify that Postfix was not re-enabled. Verify that postfix is not running or enabled. If so, disable it.

e.g.

# systemctl status postfix

< received active status. If disabled, nothing else needed, otherwise ... >

# systemctl stop postfix

# systemctl disable postfix

Check Firewall Ports:

CentOS 7 uses FirewallD.

If you are not using the Domino Java Controller, leave off 2050. There are other ports verify for IMAP mail access, or to add if you are running multiple SameTime Domino servers (e.g. 1516, 9092, 9094, 8082).

Confirm loaded and running:

# firewall-cmd --state

Example commands are below.

# firewall-cmd --zone=public --add-port=1352/tcp --permanent

# firewall-cmd --zone=public --add-port=80/tcp --permanent

# firewall-cmd --zone=public --add-port=443/tcp --permanent

# firewall-cmd --zone=public --add-port=2050/tcp --permanent

in this example we restrict SSH and e-mail to internal networks only ...

# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.199.0/16" port protocol="tcp" port="22" accept"

# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.211.0/28" port protocol="tcp" port="25" accept"

# firewall-cmd --reload

Confirm loaded and running:

# firewall-cmd --state

Install Domino Start-up Scripts:

For the Nashed start-up script, follow the instructions that come with the start-up script.

For the domino.service file in /etc/systemd/system, update lines 7, 10, and 11 for your paths.

For the rc_domino_script in /opt/ibm/domino or /opt/nashcom/, update lines 42 and 65 for the server OS ID and paths.

For the rc_domino in /etc/init.d/, update lines 31, 35, and 43, for your server OS ID and paths.

For the rc_domino.script_notes file to /etc/domino/, updates similar lines as rc_domino.script.

Update all the file permissions to 755.

$ sudo systemctl enable domino.service

Note: This server is an upgrade, not a new install. We are re-using the /local/notesdata, and we chose to keep the existing /opt/ibm/domino path. Our existing start-up script is already in/opt/ibm/domino If this is a new install, the script path will be /opt/nashed/, as Daniel Nashed now has his scripts set to be in a separate /opt/nashcom/ folder.

各版JAVA差別

/opt/hcl/domino/notes/11000100/linux/jvm/bin/java -version

openjdk version "1.8.0_402"

IBM Semeru Runtime Open Edition (build 1.8.0_402-b06)

Eclipse OpenJ9 VM (build openj9-0.43.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20240131_861 (JIT enabled, AOT enabled)

OpenJ9 - 2c3d78b48

OMR - ea8124dbc

JCL - 0fa9d9c532 based on jdk8u402-b06)

/opt/hcl/domino/notes/12000200/linux/jvm/bin/java -version

openjdk version "1.8.0_402"

IBM Semeru Runtime Open Edition (build 1.8.0_402-b06)

Eclipse OpenJ9 VM (build openj9-0.43.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20240131_861 (JIT enabled, AOT enabled)

OpenJ9 - 2c3d78b48

OMR - ea8124dbc

JCL - 0fa9d9c532 based on jdk8u402-b06)

/opt/hcl/domino/notes/14000000/linux/jvm/bin/java -version

openjdk version "17.0.10" 2024-01-16

IBM Semeru Runtime Open Edition 17.0.10.0 (build 17.0.10+7)

Eclipse OpenJ9 VM 17.0.10.0 (build openj9-0.43.0, JRE 17 Linux amd64-64-Bit Compressed References 20240116_670 (JIT enabled, AOT enabled)

OpenJ9 - 2c3d78b48

OMR - ea8124dbc

JCL - 2aad089841f based on jdk-17.0.10+7)