Linux Mint - Free and powerful

Monday, 13 January 2014

Creating a Linux Mint Power Server - Configuring Domino (part 1)

What did you say? IBM Domino? Are you nuts?

If you ever need to start a revolution then your choice of software must be I-B-M Domino. In the right hands this technology is impenetrable. In the wrong hands, well lets just say most installations of Domino that I had to review was installed by numpties with I-B-M is the biggest numptie of course. Seeing that I do not work for them any more and biting the hand that used to feed me is irrelevant I guess I can go nuts and tell it like it is.

Here are the key mistakes made by IBM since gobbling up the Lotus Co-operation. 

  • IBM mainframe technology mentality that promoted centralisation.
  • Constant increases in price and frikking confusing pricing at best.
  • Deprecating really good stuff such as Foundations (IDIOTS!)
  • Promoting rubbish such as NoPlace - SlowPlace - CrapPlace (Quickplace - ughhh)
  • Killing Dom Doc (Fkn IDIOTS!)
  • Putting long term IBMers in charge of Domino. I would love to name and shame but ...
  • Ed Brill - nuff said.

Let's get started.


To create a secure domain you need to pre-create some Certifiers and an initial server.



Start up a Notes 9 client.



As this is a secure domain use the highest encryption.  Also, force a strong password. Domino Admins are lazy. Myself included.


A 4096 bit key is formidable. 

Save that ID file. Also note the naming convention. Afterwards make a copy and call it certoriginal.id and DO NOT MESS with it. Hide it away. Lock it up.

Create a SRV OU


Now create a certifier for the OU called SRV. Servers MUST always go in this group. Applying access controls to a group and "accidentally" applying to servers will cause issues and it also presents a big security hole.

Fortunately some clever IBM bloke decided that if you create a new domain with a pre created  O and OU cert then the server will inherent this OU.  Clever, yes, but it is not very clear.


Again, secure this server.

Keep in mind that setting up a server in this way precludes you from connecting an older version server. You will have to create a new cert at a lower encryption and cross certify.


Transfer the cert id's to the target server and start the setup.

If Domino does not find a full notes.ini it will assume a new setup and start the java setup.

Start the Domino Setup.


As this is a new Domain...

 


Select your pre created Cert ID.



Click on customise. This is the magic button





Done.


The domain is largely irrelevant.  It is to do with mail routing.



My advice here. Use IT as a generic. This ID will be removed at some point anyway so don't worry to much.


Complete nonsense.


Half helpful.


Irrelevant as it does such a bad job and creates a false sense of security.




OK Done.



Use the Notes ID user id password. This can be automated.



Ok, the server is starting but complains a lot.

As this is a partitioned server add this line:

TCPIP_TCPIPAddress=0,130.123.4.1

How?

Start terminal, enter sudo -i, enter nemo &, go to /notesrv/data, select gedit on notes.ini. Easy.

Restart the server.

If that did not work, and believe me it happens, then something is hogging the port. Check for apache or postfix etc. If this was an existing server or a server that did not have a clean install then at some point you may not be able to get past this issue. With my workstations I install a lot of software using dselect and I do this for servers as well. Something went wrong and at some point you have to cut your loses and reinstall the OS. I reinstalled a clean version of Linux Mint 16 and it is running perfectly now. Who knows?

Openfiles and ulimit

Much has been written about this and even Domino will point you to a (slightly) useless technote telling you how to fix it. There is a a trick here and it is so obvious that you would go doh!

Here is what needs to be done:


Check first:

# su - notes1
$ ulimit -Hn
$ ulimit -Sn

Now do this:

sudo gedit /etc/security/limits.conf &  

Add this:

notes1 hard nofile 40000
notes1 soft nofile 40000
notes2 hard nofile 40000
notes2 soft nofile 40000
notes3 hard nofile 40000
notes3 soft nofile 40000
notes4 hard nofile 40000
notes4 soft nofile 40000


Also check this:
cat /proc/sys/fs/file-max

To alter do this:
sudo gedit /etc/sysctl.conf

add:
fs.file-max = 1000000

then do:
sysctl -p

So how do I start Domino while testing / installing / playing?

rayd@Alpha ~ $ su notes1 
notes1@Alpha /home/rayd $  
notes1@Alpha cd /notesrv/data1
notes1@Alpha ~ $ /opt/ibm/domino/bin/server


Type in ulimit -n after the su to user notes1

Did that work? Of course not!

You can try anything you want now it simply won't work.

Here is the doh! moment.

sudo gedit /etc/pam.d/su &

uncomment this line:

session    required   pam_limits.so


See the doh! moment. Yes. If you use su to change users then su ... Anyway. Hope that helps.

Connect remotely

Copy the admin.id back to your client.

Open a FW port for port 1352 plus 85 for the server (optional)

Create a connection doc to the server.

Connect?

Good.




Next stage, securing the domain and documenting.

That concludes Creating a Linux Mint Power Server  - 4 - Configuring Domino (part 1)

You now have a powerful, albeit useless server ready.

0 comments :

Post a Comment

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers

Pages

Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed

Ads

Web sites come and go and information is lost and therefore some pages are archived. @rayd123. Powered by Blogger.