This is the first part of a multi-part series. Current plans see at least 7 posts, so watch out for them during the upcoming week(s). Part 2 and 3 will touchdown on Monday and Wednesday.
It is a quite complex process but in the end you should be able to follow all the steps in under 4 hours - maybe faster.
First things first: the terms.
- IAM = Identity Access Management
- Proton = the gRPC server task running on Domino
- OAuth = cross-platform authentication mechanism using tokens, not credentials
The key part is to have a Domino 10.0.1 server up and running out of the box. This can either be a VM or a Docker container or a VHost anywhere. As the AppDevPack is Linux only at the moment there are several options for your OS:
- RedHat Enterprise Linux
- CentOS 7.4+
- SLES 12+
Technically you can also use Ubuntu Server 18.04 LTS though it isn’t a supported OS. I did everything on Ubuntu and it worked almost out of the box. For the sake of my personal convenience I will use Ubuntu in this series. Just make sure you run the installation with the locale en_US.UTF-8 (just choose English as your setup language). For the keyboard layout you can set it to your favorite language like German in my case (just to avoid confusion when typing - and you will type alot, I promise!).
Also install the bc package to be sure everything runs smoothly - though I didn’t have to install it at any time. Some reported the bc package is needed to run the installer. Anyway, just do it.
sudo apt-get install bc
CentOS (and maybe the other supported OS) need some additional packages to be installed and some tweaking. Ubuntu does not need any additional packages. And I favor a Debian-based system over anything else. Keep in mind you do not get support for it.
You will also need SSH access to your machine depending on if you run in a VM, on a host or in the cloud. Most of the Linux OS know the concept of SUDOers and do not have a „real“ root user. If you prefer to have a real root user, it’s also fine. On Ubuntu it’s just a
sudo su
away from having access to all areas.
To access your machine via SSH with the root account, you have to modify this line in /etc/ssh/sshd_config:
#PermitRootLogin prohibit-password
to this
PermitRootLogin yes #prohibit-password
and restart the service
service sshd restart
Otherwise you only can login with a normal user an su after login. Some say this is a security risk. After you have done all the steps you may revert the line above.
To access the server I suggest to use a static IP. Ubuntu 18.04 does not use the ifupdown and the traditional network system anymore. Instead the configuration is a bit more complex. A good tutorial can be found here: https://websiteforstudents.com/configure-static-ip-addresses-on-ubuntu-18-04-beta/
The next steps are made as sudo user (sudo su) or just create a real root user (my preference) with sudo passwd.
I always create a directory /install and then copy all the needed packages to this destination. This will be
- the Domino Server installation tar archive
- the Domino App Dev Pack tar archive
- depending on if you are going to create a stand-alone server or an additional server, the cert.id and/or server.id you may have to prepare before
I also set all rights to this folder as the notes user also will use this folder:
mkdir /install
chmod 777 /install
I am using scp from the command line for this task. This allows me to transfer files to and from the machine without having to setup samba as a network filesystem. Depending on your installation this might need either credentials or a key file.
If you are not used to use scp, here is an example
scp DOM_SVR.xxx.tar root@<ipOrHostname>:/install
This will copy a local file from your MacOS terminal or Windows Putty to your server in the /install folder.
Create a notes user for the server:
adduser notes
I won’t go through the installation and configuration process of Domino here. To start the server I suggest you taking a look into Daniel Nashed’s start script. Otherwise you may have to start the server manually every time.
For the server configuration I prefer the remote setup utility. For this start the server with the user „notes“ in the folder /local/notesdata with
cd /local/notesdata
/opt/ibm/domino/bin/server -listen
After you configured Domino stop the listener, grab all the relevant id files for Notes client access etc. You know the steps I assume.
For IAM you also need Node.js to be installed. There are several ways to do so. I would NOT recommend to use the packages of your OS as they might be outdated. For IAM you need Node.js 8+. I prefer to have version 10+. You can install the IAM stuff on the same machine Domino is running on. For the sake of simplicity I assume to have Domino and IAM on the same machine. This is where the official docs are not clear but while reading further they assume a different machine when it comes to ports. Just forget it and keep going. We will adopt the ports later.
My preferred way to install Node.js is to use Node-Source (https://github.com/nodesource/distributions/blob/master/README.md) with these two commands:
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
Check your Node.js installation afterwards with
node -v
Some extras
I also install additional packages like MC
apt install mc
and also some Node.js packages that help me
npm install -g pm2 nodemon
Next up is part 2: Domino administration
YMMV