1.
Social Connections 11 Chicago, June 1-2 2017
All you need to know about
Orient Me
Nico Meisenzahl, panagenda
@nmeisenzahl

2.
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS

3.
Social Connections 11 Chicago, June 1-2 2017
Nico Meisenzahl
• Consultant at panagenda
• IBM Connections since version 3.0 / 2010
• IBM Notes / Domino since 2008
• Focusing in ICS
• Deployment & consulting
• Optimization and migration
• “panagendian” since 2016
• IBM Champion
@nmeisenzahl
linkedin.com/in/nicomeisenzahl
meisenzahl.org
nico.meisenzahl
+49 170 7355081
nico.meisenzahl@panagenda.com

4.
Social Connections 11 Chicago, June 1-2 2017
Agenda
• What is Docker, Kubernetes, CfC?
• Orient Me
• Tips & tricks

5.
Social Connections 11 Chicago, June 1-2 2017
What is…

6.
Social Connections 11 Chicago, June 1-2 2017
What is Docker?
• xx

7.
Social Connections 11 Chicago, June 1-2 2017
VM vs. Container

8.
Social Connections 11 Chicago, June 1-2 2017
Docker pros
• More efficient resource allocation
• Linux containers
• Isolated user space within one OS
• Kernel will be shared
• Light weight
• Scalable and agile

9.
Social Connections 11 Chicago, June 1-2 2017
What is Kubernetes?
• Container orchestration/management tool
• Allows to manage & scale container across many
hosts
• “kubectl” command & optional web ui
• Built by Google to manage
their environment
• Open source

10.
Social Connections 11 Chicago, June 1-2 2017
What is IBM Spectrum CfC?
• Container management toolkit based on
• Kubernetes
• Docker repository
• Helm
• ELK stack
• etcd
• Web UI to deploy, manage, monitor and scale
containers
• https://goo.gl/uGeXv9

11.
Social Connections 11 Chicago, June 1-2 2017
Orient Me

12.
Social Connections 11 Chicago, June 1-2 2017
Big picture

13.
Social Connections 11 Chicago, June 1-2 2017
Based on…
• IBM services/code
• Apache ZooKeeper
• MongoDB
• Redis
• Solr

14.
Social Connections 11 Chicago, June 1-2 2017
System Requirements
• RHEL / CentOS 7.3
• designed to be horizontally scalable, but one
node deployment will work
• All System requirements
https://goo.gl/HNgEJW
• Test environment (one node): 4 Cores, 16 GB
RAM, 200 GB disk

15.
Social Connections 11 Chicago, June 1-2 2017
Installation steps (1)
• Download from Fix
Central
• Install Spectrum CfC
using /opt/deployCfC/
deployCfC.sh

16.
Social Connections 11 Chicago, June 1-2 2017
Installation steps (2)
• Setting up persistent volumes using
provided scripts
• Local (one node only!)
• NFS
• Enable profile events
• TDISOL (tdi-profiles-config.xml)
• Profiles (profiles-config.xml)

17.
Social Connections 11 Chicago, June 1-2 2017
Installation steps (3)
• Install Orient Me using
hybrid/microservices/hybridcloud/install.sh
• Configure IHS
• Forward /social & /itm
• Secure your IHS Proxy configuration:
https://goo.gl/KDalJr

18.
Social Connections 11 Chicago, June 1-2 2017
Installation steps (3)
• Populate Profiles & Communities
• Configure the Action Center
• Optional: Configure mail service
(Exchange only)
• Optional: Secure Redis communication

19.
Social Connections 11 Chicago, June 1-2 2017
Installation guides
• Knowledge Center: https://goo.gl/CvUmzN
• Martti Garden:
http://socialibmer.com/orient-me-
installation-and-integration-guide/

20.
Social Connections 11 Chicago, June 1-2 2017
Tips & tricks

21.
Social Connections 11 Chicago, June 1-2 2017
Define mount points for…
• /pv
• Persistent Docker volumes
• /var/lib
• Docker with Images, Containers, …
• Elasticsearch, Repository, …
• Around 20 GB after installation
• /opt
• CfC root directory
Tip: Do not move /var/lib/docker/overlay

22.
Social Connections 11 Chicago, June 1-2 2017
Installation: root vs. sudo
• Installation with sudo will work, but:
• Root password will be asked
• Kubectl within sudo session
• export PATH=$PATH:/usr/local/bin
• Export PATH before CfC setup
• Customize /root/.bashrc

23.
Social Connections 11 Chicago, June 1-2 2017
DNS vs. /etc/hosts
• Container will talk to your Connections
environment
• Hosts entries will work but many
customizations are needed
• Use DNS and be happy ;-)
• Test only: Install bind server and redeploy kube-
dns pods

24.
Social Connections 11 Chicago, June 1-2 2017
Reconfigure Orient Me settings
• kubectl edit configmaps

25.
Social Connections 11 Chicago, June 1-2 2017
Redeploy Containers
• Why?
• configuration changes
• Runtime issues
• kubectl delete pods xxx
• Use kubectl delete --all pods --namespace=default to
recreate all Orient Me containers

26.
Social Connections 11 Chicago, June 1-2 2017
Internet access is needed!
• Why?
• Docker Hub
• Kubernetes & Helm installation (curl)
• CfC Installation (yum)
• Solr pods (yum)
• Direct access is the only supported one
• Proxy configuration will work too
• You may need to reconfigure this after updates!

27.
Social Connections 11 Chicago, June 1-2 2017
Proxy configuration (before CfC setup)
• Customize /etc/environment
• http_proxy=“http://yourproxy”
https_proxy=“https://yourproxy”
no_proxy=“localhost, 127.0.0.1,*.cfc”
• Create /etc/systemd/system/docker.service.d/http-
proxy.conf
• [Service]
Environment=“HTTP_PROXY=http://yourproxy”
Environment=“HTTPS_PROXY=https://yourproxy”
Environment=“no_proxy=localhost, 127.0.0.1,*.cfc”

28.
Social Connections 11 Chicago, June 1-2 2017
Proxy configuration (after Installation)
• Customize Configmap
• proxy-http: http://yourproxy
proxy-https: https://yourproxy
noproxy: localhost,127.0.0.1,*.cfc
• Customize “env” section within
application configuration
• at least for Solr
• Redeploy pods

29.
Social Connections 11 Chicago, June 1-2 2017
footer.jsp
• will not be loaded on Orient Me
• Move your customizations into header.sjp
• Touchpoint
• Piwik
• …

30.
Social Connections 11 Chicago, June 1-2 2017
Changing the admin user password
1. Change password using CfC UI
2. Login to local Docker registry
• docker login master.cfc:8500
3. Recreate secrets
• kubectl delete secret myregkey
• kubectl create secret docker-registry myregkey --docker-
server=https://master.cfc:8500 --docker-
username=admin --docker-password=<yourpsw> --
docker-email=connections@us.ibm.com

31.
Social Connections 11 Chicago, June 1-2 2017
HTTPS only communication (CNX)
• Posting & likes will not work by default
• Reconfigure configmap
• Redeploy pods
• orient-webclient-*
• itm-service-*
• More information: https://goo.gl/doada3

32.
Social Connections 11 Chicago, June 1-2 2017
Troubleshoot Redis configuration
• SELECT * FROM HOMEPAGE.MT_CFG_SETTINGS
WHERE NAME LIKE 'c2.export.redis%'

33.
Social Connections 11 Chicago, June 1-2 2017
People migration
• Issues?
• Check if CNX is reachable
• kubectl exec -it people-migrate-* -- curl --insecure -v
https://cnx6.pana.local/profiles/admin/atom/profiles.do
• Any MongoDB related issues?
• kubectl exec -it mongo-0 -- mongo mongo-0 -eval
'rs.status()’
• Migration takes 15-20 minutes for every 10k
users

34.
Social Connections 11 Chicago, June 1-2 2017
Reinstall Orient Me (In case of failure)
• hybridcloud/bin/clean.sh
• Will remove all Orient Me pods/services
• Spectrum CfC will stay
• Delete persistent content manually (/pv)
• Reinstall using install script

35.
Social Connections 11 Chicago, June 1-2 2017
Limitations
• Sametime Proxy integration will not be
loaded on Orient Me
• No embedded experience (Third party
integrations)
• SPNEGO SSO seems not to work
• PMR is under investigation

36.
Social Connections 11 Chicago, June 1-2 2017
More resources
• Kubernetes cheat sheet:
https://kubernetes.io/docs/user-
guide/kubectl-cheatsheet/
• My troubleshooting session (yesterday)
• Slides will be available soon

37.
Social Connections 11 Chicago, June 1-2 2017
Q&A

38.
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS