Domino-docker explained – Part 3 : Running your first Domino server in a container
In part 2 we created a Domino container image. Now we want to start the image. Of course, we could just use docker run <options> <imagename>, but with the scripts from the Domino Docker project, there’s a much easier option. In this part, I’ll show you what to do to make running, restarting and stopping images super easy.
Installing the domino_container scripts
In the previous part we cloned the domino-docker repository from GitHub. This means you should have a directory like this on your system:
-rw-r--r-- 1 root root 1039 Jun 5 23:15 build.cfg -rwxr-xr-x 1 root root 14866 Jun 3 23:29 build.sh -rw-r--r-- 1 root root 7110 May 27 11:02 check_software.sh -rw-r--r--. 1 root root 3524 Jan 30 2021 CONTRIBUTING.md drwxr-xr-x. 5 root root 4096 Jan 30 2021 dockerfiles drwxr-xr-x. 3 root root 4096 Jun 3 23:29 docs -rw-r--r--. 1 root root 1438 Feb 2 2021 env drwxr-xr-x. 4 root root 4096 Jan 30 2021 examples drwxr-xr-x 4 root root 4096 May 27 11:02 lab -rw-r--r--. 1 root root 11399 Jan 30 2021 LICENSE drwxr-xr-x. 3 root root 4096 Jan 30 2021 management -rw-r--r--. 1 root root 7447 Jan 30 2021 README.md drwxr-xr-x. 2 root root 4096 Jun 5 23:16 software drwxr-xr-x. 6 root root 4096 Jun 3 23:29 start_script drwxr-xr-x. 4 root root 4096 Jan 30 2021 tools
The magic is in the start_script directory. Here you’ll find a script called “install_domino_container”. This script does the following:
- Install a script domino_container and a file software.txt in /opt/nashcom/startscript
- Make a symbolic link in /usr/bin to this script
- Install configuration scripts domino_container, env_container_domino11 and env_container_domino12 in /etc/sysconfig
- Install a systemd service file, domino.service, in /etc/systemd/system (only if you’re using podman)
cd /local/github/domino-docker/start_script ./install_domino_container
Configuring the Domino container
Next, you have to configure the Domino server container. The key file for this is the domino_container file in the /etc/sysconfig directory. The content of this file is used for the container parameters. Normally, you would add these parameters to a docker run command or a docker-compose yaml file. This has been made much easier by using the domino_container script and this configuration file.
Instead of opening this file, there’s an easier command to edit it, though:
domino_container config
Let’s have a look at this file:
CONTAINER_NAME=domino
This is the name under which you can find your container back if you do a docker/podman container ls. You can choose any name you want.
# Domino Docker Community/GitHub image CONTAINER_IMAGE=hclcom/domino:latest # Standard HCL image #CONTAINER_IMAGE=domino-docker:latest
Here you define the Container image that will be used for the Domino container. You can enter your just created Domino image here (in which case you don’t have to change anything), choose to use the HCL docker image, or enter the name of your custom image (like one of the images from later parts of this blog series).
# If not set, machine hostname is used by default #CONTAINER_HOSTNAME=domino.acme.loc
For the sake of portability, I would advise to uncomment this line and enter a specific hostname for this domino server.
DOMINO_SHUTDOWN_TIMEOUT=180
By default, a container has to stop within 10 seconds. If it doesn’t, it will be killed ungracefully. As Domino needs more time to stop gracefully, it’s important to add a parameter to prevent this default behaviour. The value of DOMINO_SHUTDOWN_TIMEOUT is used for this parameter.
# Using the host network is the best choice for a single Domino container running in a container CONTAINER_NETWORK_NAME=host #CONTAINER_PORTS="-p 1352:1352 -p 80:80 -p 443:443"
You can choose here to either use the host network, which means all Domino services in the container will listen on the IP address of the host or specify specific ports that will be forwarded to the container. For the latter, you have to comment the CONTAINER_NETWORK_NAME parameter and uncomment the CONTAINER_PORTS parameter. In my own setup, I added an extra IP address to my host (the IP address which used to belong to the virtual machine where my Domino server was running) and use the CONTAINER_PORTS parameter to forward only calls on this IP address to the Domino container.
CONTAINER_VOLUMES="-v notesdata_domino:/local/notesdata"
This is a parameter which you have to change. This parameter defines the path or paths on your host that you wish to map to the Domino server. Personally I mapped the directory /local/domino on my host to the /local directory of the container, but if you wish, you can map for example the translog directory to a different disk from your data directory etc. important: You need to make sure that the directories that you assign to the container have the proper access rights. Inside the container, the notes user has uid:gid 1000:1000, so all directories which you assign to the container have to be owned by this uid/gid. If you, for example, created a directory /local/domino on your host and assigned this to /local in the container, do a chown -R 1000:1000 /local/domino before you start the container.
# Environment file is used for first container start (run) to pass setup parameters # Domino V12 One Touch Configuration CONTAINER_ENV_FILE=env_container_domino12 # Domino V11 configuration with community image setup #CONTAINER_ENV_FILE=env_container_domino11
You can use environment files to set up your Domino server. This is only applicable if you create a new server. If you copied the data directory of an existing server which you want to move to Domino inside a container, you can ignore these settings.
Domino V12 introduced the one-touch Domino setup to automatically set up your Domino server. That’s why, starting with Domino V12, there’s another environment file, env_container_domino12, for automatically setting up your server, compared to older server version which have to use the env_container_domino11 file. As an alternative, you can choose to not use any environment file. This will open the server in listen mode and let you use the remote server setup to set up the server.
# Docker Restart policy CONTAINER_RESTART_POLICY=unless-stopped CONTAINER_RESTART_POLICY=on-failure:3
These settings are specific for Docker and set the restart policy for the Domino container in the Docker daemon. If you use podman, you can comment out these settings, as podman uses a systemd file to start/restart/stop the domino container.
# Domino V12 Borg Backup support (enables FUSE device) #BORG_BACKUP=yes
Domino V12 added the Domino backup solution, where you can back up Domino databases with a variety of backup tools. One of these tools is the open source Borg backup. If you want to use Borg backup, you need to install borgbackup on your host, build an image with Borg enabled and uncomment this line. See Daniel’s blog for more information.
# Editor Command #EDIT_COMMAND=nano
The domino container script allows you to easily edit some files. By default, it uses vi for this. If you prefer nano, you need to uncomment this line.
Configuring your firewall
Before you start your server, make sure that all ports that your Domino services use are opened in the firewall of your host. Which ports/services those are depends of course on which services you want to make available. Below is an example of the commands you could use.
cp /local/github/domino-docker/start_script/extra/firewalld/nrpc.xml /etc/firewalld/services/ firewall-cmd --permanent --add-service=nrpc firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-service=smtp firewall-cmd --permanent --add-service=ldaps etc firewall-cmd --reload
Starting your container
When you’ve configured your Domino server, you can start it by typing
domino_container start
That’s it. If all went well, your Domino server should start, and you should be able to access your server. To see what’s happening, you can type
domino_container console
To stop your domino server, type
domino_container stop
There are a lot of domino-container commands to assist you if something is not working or to manage your container in general, but that’s the topic of the next part.
Thank you for this series. It is a big help.
This series has been a great reference for me!
Let me add a small bit from myself. I created a soft link into for the volume directory and used “chown 1000:1000”. However, the files I copied into this folder were not accessible to the container. Then I found out the problem. I had added “notes” user to my host before installing anything. I removed this user and it works now.
Thank you!