Upload
social-connections
View
329
Download
0
Embed Size (px)
Citation preview
Social Connections 11 Chicago, June 1-2 2017
All you need to know about Orient Me
Nico Meisenzahl, panagenda
@nmeisenzahl
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS
Social Connections 11 Chicago, June 1-2 2017
Nico Meisenzahl
• Consultant at panagenda
• IBM Connections since version 3.0 / 2010
• IBM Notes / Domino since 2008
• Focusing in ICS
• Deployment & consulting
• Optimization and migration
• “panagendian” since 2016
• IBM Champion
@nmeisenzahl
linkedin.com/in/nicomeisenzahl
meisenzahl.org
nico.meisenzahl
+49 170 7355081
Social Connections 11 Chicago, June 1-2 2017
Agenda
• What is Docker, Kubernetes, CfC?
• Orient Me
• Tips & tricks
Social Connections 11 Chicago, June 1-2 2017
What is…
Social Connections 11 Chicago, June 1-2 2017
What is Docker?
• xx
Social Connections 11 Chicago, June 1-2 2017
VM vs. Container
Social Connections 11 Chicago, June 1-2 2017
Docker pros
• More efficient resource allocation
• Linux containers
• Isolated user space within one OS
• Kernel will be shared
• Light weight
• Scalable and agile
Social Connections 11 Chicago, June 1-2 2017
What is Kubernetes?
• Container orchestration/management tool• Allows to manage & scale container across many
hosts
• “kubectl” command & optional web ui
• Built by Google to manage their environment
• Open source
Social Connections 11 Chicago, June 1-2 2017
What is IBM Spectrum CfC?
• Container management toolkit based on• Kubernetes
• Docker repository
• Helm
• ELK stack
• etcd
• Web UI to deploy, manage, monitor and scale containers
• https://goo.gl/uGeXv9
Social Connections 11 Chicago, June 1-2 2017
Orient Me
Social Connections 11 Chicago, June 1-2 2017
Big picture
Social Connections 11 Chicago, June 1-2 2017
Based on…
• IBM services/code
• Apache ZooKeeper
• MongoDB
• Redis
• Solr
Social Connections 11 Chicago, June 1-2 2017
System Requirements
• RHEL / CentOS 7.3
• designed to be horizontally scalable, but one node deployment will work
• All System requirements https://goo.gl/HNgEJW
• Test environment (one node): 4 Cores, 16 GB RAM, 200 GB disk
Social Connections 11 Chicago, June 1-2 2017
Installation steps (1)
• Download from Fix
Central
• Install Spectrum CfC
using /opt/deployCfC/
deployCfC.sh
Social Connections 11 Chicago, June 1-2 2017
Installation steps (2)
• Setting up persistent volumes using provided scripts
• Local (one node only!)
• NFS
• Enable profile events
• TDISOL (tdi-profiles-config.xml)
• Profiles (profiles-config.xml)
Social Connections 11 Chicago, June 1-2 2017
Installation steps (3)
• Install Orient Me using
hybrid/microservices/hybridcloud/install.sh
• Configure IHS
• Forward /social & /itm
• Secure your IHS Proxy configuration:
https://goo.gl/KDalJr
Social Connections 11 Chicago, June 1-2 2017
Installation steps (3)
• Populate Profiles & Communities
• Configure the Action Center
• Optional: Configure mail service
(Exchange only)
• Optional: Secure Redis communication
Social Connections 11 Chicago, June 1-2 2017
Installation guides
• Knowledge Center: https://goo.gl/CvUmzN
• Martti Garden:
http://socialibmer.com/orient-me-
installation-and-integration-guide/
Social Connections 11 Chicago, June 1-2 2017
Tips & tricks
Social Connections 11 Chicago, June 1-2 2017
Define mount points for…
• /pv• Persistent Docker volumes
• /var/lib• Docker with Images, Containers, …
• Elasticsearch, Repository, …
• Around 20 GB after installation
• /opt• CfC root directory
Tip: Do not move /var/lib/docker/overlay
Social Connections 11 Chicago, June 1-2 2017
Installation: root vs. sudo
• Installation with sudo will work, but:
• Root password will be asked
• Kubectl within sudo session
• export PATH=$PATH:/usr/local/bin
• Export PATH before CfC setup
• Customize /root/.bashrc
Social Connections 11 Chicago, June 1-2 2017
DNS vs. /etc/hosts
• Container will talk to your Connections environment
• Hosts entries will work but many customizations are needed
• Use DNS and be happy ;-)
• Test only: Install bind server and redeploy kube-dns pods
Social Connections 11 Chicago, June 1-2 2017
Reconfigure Orient Me settings
• kubectl edit configmaps
Social Connections 11 Chicago, June 1-2 2017
Redeploy Containers
• Why?
• configuration changes
• Runtime issues
• kubectl delete pods xxx
• Use kubectl delete --all pods --namespace=default to
recreate all Orient Me containers
Social Connections 11 Chicago, June 1-2 2017
Internet access is needed!
• Why?• Docker Hub
• Kubernetes & Helm installation (curl)
• CfC Installation (yum)
• Solr pods (yum)
• Direct access is the only supported one
• Proxy configuration will work too• You may need to reconfigure this after updates!
Social Connections 11 Chicago, June 1-2 2017
Proxy configuration (before CfC setup)
• Customize /etc/environment• http_proxy=“http://yourproxy”
https_proxy=“https://yourproxy” no_proxy=“localhost, 127.0.0.1,*.cfc”
• Create /etc/systemd/system/docker.service.d/http-proxy.conf• [Service]
Environment=“HTTP_PROXY=http://yourproxy” Environment=“HTTPS_PROXY=https://yourproxy” Environment=“no_proxy=localhost, 127.0.0.1,*.cfc”
Social Connections 11 Chicago, June 1-2 2017
Proxy configuration (after Installation)
• Customize Configmap
• proxy-http: http://yourproxy
proxy-https: https://yourproxy
noproxy: localhost,127.0.0.1,*.cfc
• Customize “env” section within
application configuration
• at least for Solr
• Redeploy pods
Social Connections 11 Chicago, June 1-2 2017
footer.jsp
• will not be loaded on Orient Me
• Move your customizations into header.sjp
• Touchpoint
• Piwik
• …
Social Connections 11 Chicago, June 1-2 2017
Changing the admin user password
1. Change password using CfC UI
2. Login to local Docker registry• docker login master.cfc:8500
3. Recreate secrets• kubectl delete secret myregkey• kubectl create secret docker-registry myregkey --docker-
server=https://master.cfc:8500 --docker-username=admin --docker-password=<yourpsw> [email protected]
Social Connections 11 Chicago, June 1-2 2017
HTTPS only communication (CNX)
• Posting & likes will not work by default
• Reconfigure configmap
• Redeploy pods
• orient-webclient-*
• itm-service-*
• More information: https://goo.gl/doada3
Social Connections 11 Chicago, June 1-2 2017
Troubleshoot Redis configuration
• SELECT * FROM HOMEPAGE.MT_CFG_SETTINGS WHERE NAME LIKE 'c2.export.redis%'
Social Connections 11 Chicago, June 1-2 2017
People migration
• Issues?• Check if CNX is reachable
• kubectl exec -it people-migrate-* -- curl --insecure -v https://cnx6.pana.local/profiles/admin/atom/profiles.do
• Any MongoDB related issues?• kubectl exec -it mongo-0 -- mongo mongo-0 -eval
'rs.status()’
• Migration takes 15-20 minutes for every 10k users
Social Connections 11 Chicago, June 1-2 2017
Reinstall Orient Me (In case of failure)
• hybridcloud/bin/clean.sh• Will remove all Orient Me pods/services
• Spectrum CfC will stay
• Delete persistent content manually (/pv)
• Reinstall using install script
Social Connections 11 Chicago, June 1-2 2017
Limitations
• Sametime Proxy integration will not be
loaded on Orient Me
• No embedded experience (Third party
integrations)
• SPNEGO SSO seems not to work
• PMR is under investigation
Social Connections 11 Chicago, June 1-2 2017
More resources
• Kubernetes cheat sheet:
https://kubernetes.io/docs/user-
guide/kubectl-cheatsheet/
• My troubleshooting session (yesterday)
• Slides will be available soon
Social Connections 11 Chicago, June 1-2 2017
Q&A
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS