SOCCNX11 All you need to know about Orient Me

Social Connections 11 Chicago, June 1-2 2017

All you need to know about Orient Me

Nico Meisenzahl, panagenda

@nmeisenzahl

PLATINUM SPONSORS

GOLD SPONSORS

SILVER SPONSORS


Nico Meisenzahl

• Consultant at panagenda

• IBM Connections since version 3.0 / 2010

• IBM Notes / Domino since 2008

• Focusing in ICS

• Deployment & consulting

• Optimization and migration

• “panagendian” since 2016

• IBM Champion

@nmeisenzahl

linkedin.com/in/nicomeisenzahl

meisenzahl.org

nico.meisenzahl

+49 170 7355081

[email protected]


Agenda

• What is Docker, Kubernetes, CfC?

• Orient Me

• Tips & tricks


What is…


What is Docker?

• xx


VM vs. Container


Docker pros

• More efficient resource allocation

• Linux containers

• Isolated user space within one OS

• Kernel will be shared

• Light weight

• Scalable and agile


What is Kubernetes?

• Container orchestration/management tool• Allows to manage & scale container across many

hosts

• “kubectl” command & optional web ui

• Built by Google to manage their environment

• Open source


What is IBM Spectrum CfC?

• Container management toolkit based on• Kubernetes

• Docker repository

• Helm

• ELK stack

• etcd

• Web UI to deploy, manage, monitor and scale containers

• https://goo.gl/uGeXv9


Orient Me


Big picture


Based on…

• IBM services/code

• Apache ZooKeeper

• MongoDB

• Redis

• Solr


System Requirements

• RHEL / CentOS 7.3

• designed to be horizontally scalable, but one node deployment will work

• All System requirements https://goo.gl/HNgEJW

• Test environment (one node): 4 Cores, 16 GB RAM, 200 GB disk


Installation steps (1)

• Download from Fix

Central

• Install Spectrum CfC

using /opt/deployCfC/

deployCfC.sh



• Setting up persistent volumes using provided scripts

• Local (one node only!)

• NFS

• Enable profile events

• TDISOL (tdi-profiles-config.xml)

• Profiles (profiles-config.xml)



• Install Orient Me using

hybrid/microservices/hybridcloud/install.sh

• Configure IHS

• Forward /social & /itm

• Secure your IHS Proxy configuration:

https://goo.gl/KDalJr



• Populate Profiles & Communities

• Configure the Action Center

• Optional: Configure mail service

(Exchange only)

• Optional: Secure Redis communication


Installation guides

• Knowledge Center: https://goo.gl/CvUmzN

• Martti Garden:

http://socialibmer.com/orient-me-

installation-and-integration-guide/


Tips & tricks


Define mount points for…

• /pv• Persistent Docker volumes

• /var/lib• Docker with Images, Containers, …

• Elasticsearch, Repository, …

• Around 20 GB after installation

• /opt• CfC root directory

Tip: Do not move /var/lib/docker/overlay


Installation: root vs. sudo

• Installation with sudo will work, but:

• Root password will be asked

• Kubectl within sudo session

• export PATH=$PATH:/usr/local/bin

• Export PATH before CfC setup

• Customize /root/.bashrc


DNS vs. /etc/hosts

• Container will talk to your Connections environment

• Hosts entries will work but many customizations are needed

• Use DNS and be happy ;-)

• Test only: Install bind server and redeploy kube-dns pods


Reconfigure Orient Me settings

• kubectl edit configmaps


Redeploy Containers

• Why?

• configuration changes

• Runtime issues

• kubectl delete pods xxx

• Use kubectl delete --all pods --namespace=default to

recreate all Orient Me containers


Internet access is needed!

• Why?• Docker Hub

• Kubernetes & Helm installation (curl)

• CfC Installation (yum)

• Solr pods (yum)

• Direct access is the only supported one

• Proxy configuration will work too• You may need to reconfigure this after updates!


Proxy configuration (before CfC setup)

• Customize /etc/environment• http_proxy=“http://yourproxy”

https_proxy=“https://yourproxy” no_proxy=“localhost, 127.0.0.1,*.cfc”

• Create /etc/systemd/system/docker.service.d/http-proxy.conf• [Service]

Environment=“HTTP_PROXY=http://yourproxy” Environment=“HTTPS_PROXY=https://yourproxy” Environment=“no_proxy=localhost, 127.0.0.1,*.cfc”


Proxy configuration (after Installation)

• Customize Configmap

• proxy-http: http://yourproxy

proxy-https: https://yourproxy

noproxy: localhost,127.0.0.1,*.cfc

• Customize “env” section within

application configuration

• at least for Solr

• Redeploy pods


footer.jsp

• will not be loaded on Orient Me

• Move your customizations into header.sjp

• Touchpoint

• Piwik

• …


Changing the admin user password

1. Change password using CfC UI

2. Login to local Docker registry• docker login master.cfc:8500

3. Recreate secrets• kubectl delete secret myregkey• kubectl create secret docker-registry myregkey --docker-

server=https://master.cfc:8500 --docker-username=admin --docker-password=<yourpsw> [email protected]


HTTPS only communication (CNX)

• Posting & likes will not work by default

• Reconfigure configmap

• Redeploy pods

• orient-webclient-*

• itm-service-*

• More information: https://goo.gl/doada3


Troubleshoot Redis configuration

• SELECT * FROM HOMEPAGE.MT_CFG_SETTINGS WHERE NAME LIKE 'c2.export.redis%'


People migration

• Issues?• Check if CNX is reachable

• kubectl exec -it people-migrate-* -- curl --insecure -v https://cnx6.pana.local/profiles/admin/atom/profiles.do

• Any MongoDB related issues?• kubectl exec -it mongo-0 -- mongo mongo-0 -eval

'rs.status()’

• Migration takes 15-20 minutes for every 10k users


Reinstall Orient Me (In case of failure)

• hybridcloud/bin/clean.sh• Will remove all Orient Me pods/services

• Spectrum CfC will stay

• Delete persistent content manually (/pv)

• Reinstall using install script


Limitations

• Sametime Proxy integration will not be

loaded on Orient Me

• No embedded experience (Third party

integrations)

• SPNEGO SSO seems not to work

• PMR is under investigation


More resources

• Kubernetes cheat sheet:

https://kubernetes.io/docs/user-

guide/kubectl-cheatsheet/

• My troubleshooting session (yesterday)

• Slides will be available soon


Q&A

PLATINUM SPONSORS

GOLD SPONSORS

SILVER SPONSORS

Technology

SOCCNX11 All you need to know about Orient Me