This is a valid RSS feed.
This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:admin="http://webns.net/mvcb/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/">
<channel>
<title>Daniel Nashed’s Blog</title>
<description>Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/</link>
<language>en-us</language>
<lastBuildDate>Thu, 28 Mar 2024 21:21:11 +0200</lastBuildDate>
<item>
<title>HCL Verse 3.2.1 shipped and it has never been easier to download</title>
<pubDate>Thu, 28 Mar 2024 21:21:11 +0200</pubDate>
<description>
<![CDATA[
The HCL Domino Container project always uses the latest versions. The versions are added by by a software.txt file. With the new My HCLSoftware portal and the automated Domino Download script on Linu ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/hcl-verse-3.2.1-shipped-and-it-has-never-been-easier-to-download.htm</link>
<category>Verse</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/hcl-verse-3.2.1-shipped-and-it-has-never-been-easier-to-download.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/hcl-verse-3.2.1-shipped-and-it-has-never-been-easier-to-download.htm</guid>
<content:encoded><![CDATA[ <br /><span style=" font-size:10pt;font-family:sans-serif">The HCL Domino Container project always uses the latest versions.<br /> The versions are added by by a <strong>software.txt</strong> file.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">With the new My HCLSoftware portal and the automated Domino Download script on Linux, I just go thru the menu, download the software and copy the meta data.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">From the meta data I create the entry in software.txt and initiate a build and automation test run, before publishing the new data.</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">Here are the details about the release --> </span><a href="https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108589"><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108589</span></a> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">-- Daniel</span> <br /> <br /><tt><span style=" font-size:10pt">--------------------------------------------------------------------------------</span></tt> <br /><tt><span style=" font-size:10pt">WebKit : HCL Verse 3.2.1 for Domino Multiplatform Multilingual</span></tt> <br /><tt><span style=" font-size:10pt">Name : HCL_Verse_3.2.1.zip</span></tt> <br /><tt><span style=" font-size:10pt">Version : 3.2.1</span></tt> <br /><tt><span style=" font-size:10pt">Platform : all</span></tt> <br /><tt><span style=" font-size:10pt">Size : 96439903</span></tt> <br /><tt><span style=" font-size:10pt">SHA256 : 87feda28be377b836d115c961b0ff6c76d9cc3bd2ada8c4baccead59cd5cc4dd</span></tt> <br /><tt><span style=" font-size:10pt">ID : Vt5jAKevMOoaTz4sPD8yT</span></tt> <br /><tt><span style=" font-size:10pt">Modified : 2024-03-28T00:00:00.000Z</span></tt> <br /><tt><span style=" font-size:10pt">--------------------------------------------------------------------------------</span></tt> <br /> <br /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/hcl-verse-3.2.1-shipped-and-it-has-never-been-easier-to-download.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/hcl-verse-3.2.1-shipped-and-it-has-never-been-easier-to-download.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Important: Domino ID Vault -- Don’t remove old servers if still referenced in user documents</title>
<pubDate>Tue, 26 Mar 2024 12:38:29 +0200</pubDate>
<description>
<![CDATA[
When you migrate to new servers, you have to be aware of the following limitation, which is documented in 12.0.2/14.0 but also affects older servers. To ensure you can recover all user.IDs make sure ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/important-domino-id-vault-dont-remove-old-servers-if-still-referenced-in-user-documents.htm</link>
<category>Domino</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/important-domino-id-vault-dont-remove-old-servers-if-still-referenced-in-user-documents.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/important-domino-id-vault-dont-remove-old-servers-if-still-referenced-in-user-documents.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:Arial"><br /> </span><span style=" font-size:10pt;font-family:sans-serif">When you migrate to new servers, you have to be aware of the following limitation, which is documented in 12.0.2/14.0 but also affects older servers.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">To ensure you can recover all user.IDs make sure the server document is still present and the server is still in the ID vault configuration. See the following warning in help and Kbase document.<br /> This is a recent update in documentation and I just sent it to a customer during a server upgrade/move workshop.</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">-- Daniel</span> <br /> <br /><a href=https://help.hcltechsw.com/domino/14.0.0/admin/conf_addingorremovingidvaultservers_t.html><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://help.hcltechsw.com/domino/14.0.0/admin/conf_addingorremovingidvaultservers_t.html</span></a> <br /><a href="https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082442"><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082442</span></a> <br /> <br /><img alt="Image:Important: Domino ID Vault -- Don’t remove old servers if still referenced in user documents" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/important-domino-id-vault-dont-remove-old-servers-if-still-referenced-in-user-documents.htm/content/M2?OpenElement" /> <br /> <br /> <br /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/important-domino-id-vault-dont-remove-old-servers-if-still-referenced-in-user-documents.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/important-domino-id-vault-dont-remove-old-servers-if-still-referenced-in-user-documents.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>HDMI Ghost seems to make my Intel NUC Proxmox server run better</title>
<pubDate>Mon, 25 Mar 2024 22:35:46 +0200</pubDate>
<description>
<![CDATA[
Looks like I might have found a solution for my stability issue and it seems to also lower the CPU consumption on my Intel NUC. I had some crashes/hangs I could not explain. There was no display con ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/hdmi-ghost-seems-to-make-my-intel-nuc-proxmox-server-run-better.htm</link>
<category>Proxmox</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/hdmi-ghost-seems-to-make-my-intel-nuc-proxmox-server-run-better.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/hdmi-ghost-seems-to-make-my-intel-nuc-proxmox-server-run-better.htm</guid>
<content:encoded><![CDATA[ <br /><span style=" font-size:10pt;font-family:sans-serif">Looks like I might have found a solution for my stability issue and it seems to also lower the CPU consumption on my Intel NUC.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I had some crashes/hangs I could not explain. There was no display connected to the machine and when it hang adding a display did not lead to any prompt.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> After some research I found side comments about HDMI Ghost plug-ins which keep the GPU enabled and make Proxmox machines more stable.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I ordered one over the weekend and today my Proxmox server seem to run better.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The HDMI Ghost plug was about 5 Euro and might have solved my problem.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> I am still testing but it looks goo so far.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Does anyone have similar experience? <br /> <br /> -- Daniel</span><span style=" font-size:12pt"> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/hdmi-ghost-seems-to-make-my-intel-nuc-proxmox-server-run-better.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/hdmi-ghost-seems-to-make-my-intel-nuc-proxmox-server-run-better.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Domino on Linux server.id with password</title>
<pubDate>Mon, 25 Mar 2024 22:34:01 +0200</pubDate>
<description>
<![CDATA[
This idea is in my head for a while and I wrote my own "nshvault" application to protect secrets of all kinds. For now it is my private project for my own environment, but it might be an official pro ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/domino-on-linux-server.id-with-password.htm</link>
<category>Domino</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/domino-on-linux-server.id-with-password.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/domino-on-linux-server.id-with-password.htm</guid>
<content:encoded><![CDATA[ <br /><span style=" font-size:10pt;font-family:sans-serif">This idea is in my head for a while and I wrote my own "<strong>nshvault</strong>" application to protect secrets of all kinds.<br /> For now it is my private project for my own environment, but it might be an official project at some point.<br /> <br /> I can feed data into different applications like AWS client, SSH agents and unwrap secrets to be consumed over a FIFO (for example for NGINX).<br /> The data is encrypted on rest and can be wrapped into expiring temporary secrets, which access tokens can be passed via environment variables (similar to what an SSH agent does).</span> <br /><span style=" font-size:10pt;font-family:sans-serif">In that context I also thought about Domino and built something separate, which would also work nicely with the nshvault idea.</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif"><strong>Domino server.id password support</strong><br /> <br /> For Domino on Windows there is already Notes Shared Login (NSL).<br /> But for Domino on Linux there is no native solution available.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">So I wrote a small extension manager, which can feed the password from an external credential helper.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">The credential helper could be anything like my nshvault or any other secure application.<br /> You could even get passwords from remote machine in your own network, to protect against running machines or copies of your machine somewhere else.</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif"><strong>Here is the idea</strong></span> <br /><span style=" font-size:10pt;font-family:sans-serif"><br /> Invoking another process with <strong>stdin</strong>, <strong>stdout</strong> and <strong>stderr</strong> connected to get the password from the external program.<br /> The external program can have the <strong>SUID</strong> permission set and run with a "<strong>vault</strong>" user. <br /> </span> <br /><span style=" font-size:10pt;font-family:sans-serif">For now only <strong>stout</strong> is actively used. But this could be extended to pass some security token or other additional information from the Domino server to the credential helper.</span> <br /><span style=" font-size:10pt;font-family:sans-serif"><br /> A password file could be encrypted and only readable by this helper program. But already writing it to a file, which only the vault user can read, would be sufficient protection in most environments.<br /> This helper application can also check who is calling it by checking the <strong>PPID</strong> and the calling binary via <strong>/proc/pid/exe</strong>.<br /> Only white listed binaries will receive the password.<br /> <br /> I wrote a first version over the weekend and I am not yet sure if I want to make it available for free. Or even open source it.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">Mid term a simple credential helper call-out would be great to have in standard Domino.</span> <br /><span style=" font-size:10pt;font-family:sans-serif"><br /> What do you think about this credential helper approach?</span> <br /><span style=" font-size:10pt;font-family:sans-serif"><br /> -- Daniel</span> <br /> <br /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/domino-on-linux-server.id-with-password.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/domino-on-linux-server.id-with-password.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Engage Session Highlight: Domino Containers - The Next Step</title>
<pubDate>Sun, 24 Mar 2024 12:17:21 +0200</pubDate>
<description>
<![CDATA[
Two years ago Martijn de Jong (a fellow HCL Ambassador) presented a great "Domino Docker" session. In the last two years a lot happened. Martijn's abstract is even missing some recent additions I kn ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/engage-session-highlight-domino-containers-the-next-step.htm</link>
<category>Domino Container</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/engage-session-highlight-domino-containers-the-next-step.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/engage-session-highlight-domino-containers-the-next-step.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> Two years ago Martijn de Jong (a fellow HCL Ambassador) presented a great "Domino Docker" session.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In the last two years a lot happened. Martijn's abstract is even missing some recent additions I know he will cover.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I just finished work on an automatic container environment preparation script, which will work on the major distributions to get ready for Domino containers.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> It's an early morning session. But if you are interested in Domino containers or if your are running Domino containers, this session is for you!</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> -- Daniel</span><span style=" font-size:12pt"> <br /> <br /> </span><img alt="Image:Engage Session Highlight: Domino Containers - The Next Step" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/engage-session-highlight-domino-containers-the-next-step.htm/content/M2?OpenElement" /><span style=" font-size:12pt"><br /> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Ad10. Domino Containers - The Next Step</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Wednesday, April 24 | 08:00 - 08:45 | D. Schilderskamer</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> It's been two years since we called Domino containers ready for production use. In the mean time, a lot has happened in the Domino container project.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Automated downloads and an easy-to-use menu have made it easier than ever to create your own Domino container images, while automated testing during the image build process ensures that your image is working flawlessly before you deploy it.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Join this demo-rich session to learn how easy it is to use Domino containers in your environment and prepare to be WOW-ed!</span><span style=" font-size:12pt"> <br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/engage-session-highlight-domino-containers-the-next-step.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/engage-session-highlight-domino-containers-the-next-step.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Introducing the Domino One Touch Installer V2</title>
<pubDate>Sun, 24 Mar 2024 11:33:56 +0200</pubDate>
<description>
<![CDATA[
The Domino One Touch install was a small script I worked on for a DNUG workshop to quickly setup Domino servers. Now I am bringing the install script to a new level. I married the script with functi ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-one-touch-installer-v2.htm</link>
<category>Domino</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-one-touch-installer-v2.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-one-touch-installer-v2.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> The Domino One Touch install was a small script I worked on for a DNUG workshop to quickly setup Domino servers. Now I am bringing the install script to a new level.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I married the script with functionality form the Domino container project, where Domino is installed automatically when building a container image with all add-on software.<br /> Instead of rewriting the components I added a "<strong>-installnative</strong>" option to the container build script (build.sh) levering all the existing functionality.<br /> <br /> Now the <strong>install_domino.sh</strong> installs Domino using the build script from the container project with all add-on packages like Nomad, Verse RESTAPI, Language packs..<br /> In addition it automatically installs the Domino Download Script. It also understands options configure the download script with a token.<br /> The script can be either invoked from cloned or downloaded and extracted GitHub repositories or it can be invoked with a curl download and shell redirection.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Here is an example, which automates all the steps. Once the script is done, you can run the "domino" script to setup and run the Domino server.</span><tt><span style=" font-size:11pt"><strong><br /> <br /> curl -sfL </strong></span></tt><a href="https://raw.githubusercontent.com/nashcom/domino-startscript/develop/install_domino.sh"><tt><span style=" font-size:11pt;color:blue"><strong><u>https://raw.githubusercontent.com/nashcom/domino-startscript/develop/install_domino.sh</u></strong></span></tt></a><tt><span style=" font-size:11pt"><strong> | INSTALL_OPTIONS="domino -verse -nomad" DOMDOWNLOAD_TOKEN=xyz bash -</strong></span></tt><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Installing Domino on a Linux machine now can be performed with a simple command-line.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Once done installed, Domino can be started with the "domino" command, which by default now includes a setup and run-time menu as mentioned in a previous blog post.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Current options passed via environment variables</strong></span><tt><span style=" font-size:10pt"><br /> <br /> INSTALL_OPTIONS="domino -verse -nomad"</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> DOMDOWNLOAD_TOKEN=xyz</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> DOMDOWNLOAD_CUSTOM_URL=</span></tt><a href=https://user:password@download.acme.com/><tt><span style=" font-size:10pt;color:blue"><u>https://user:password@download.acme.com</u></span></tt></a><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> LinuxYumUpdate=No</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> DOMINO_INSTALL_DATA_TAR=/local/HCLSoftware/domino_install_notesdata.taz</span></tt><span style=" font-size:12pt"> </span> <br /> <br /> <ul> <li><span style=" font-size:10pt;font-family:sans-serif">If no install options are passed, the menu is invoked.</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">If no download token is specified and software packages are missing in <strong>/local/software</strong> or a specified remote location, the script prompts for a download token.</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">You can also pass a URL to your own internal download server instead of the My HCLSoftware token as shown below</span></li></ul><span style=" font-size:10pt;font-family:sans-serif"><br /> The update is already in the develop branches of the two projects.<br /> <br /> -- Daniel</span><span style=" font-size:12pt"> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/introducing-the-domino-one-touch-installer-v2.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-one-touch-installer-v2.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Replacing GNU Debugger with gdb-minimal package for Domino to avoid python dependencies</title>
<pubDate>Sun, 24 Mar 2024 10:56:01 +0200</pubDate>
<description>
<![CDATA[
Domino on Linux leverages the GNU debugger (gdb). Over time the project got a lot of extra dependencies. The container image moved from the full "gdp" packages to the "gdb-minimal" package w while a ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/replacing-gnu-debugger-with-gdb-minimal-package-for-domino.htm</link>
<category></category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/replacing-gnu-debugger-with-gdb-minimal-package-for-domino.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/replacing-gnu-debugger-with-gdb-minimal-package-for-domino.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> Domino on Linux leverages the GNU debugger (gdb). Over time the project got a lot of extra dependencies.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The container image moved from the full "<strong>gdp</strong>" packages to the "<strong>gdb-minimal</strong>" package w while ago.<br /> <br /> The benefit is not only less storage, but it also comes with far less dependencies.<br /> For example python is a dependency for the full "gdb".<br /> <br /> If your Linux machine already has those packages installed, there is no difference.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But if you are trying to reduce the packages installed and the exposure to CVEs, installing <strong>gdb-minimal</strong> would be a good idea.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> After you installed it, you also need to set a symbolic link to the original location where Domino's NSD expects it to be located.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> When you build the container image on a platform that does not have python installed, it will not be installed when building the container image.<br /> For example UBI minimal does not include it by default.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Example:</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> yum install -y gdb-minimal</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> ln -s /usr/bin/gdb.minimal /usr/bin/gdb</span></tt><span style=" font-size:12pt"> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/replacing-gnu-debugger-with-gdb-minimal-package-for-domino.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/replacing-gnu-debugger-with-gdb-minimal-package-for-domino.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Creating Domino One Touch Setup JSON via Lotus Script</title>
<pubDate>Sun, 24 Mar 2024 09:05:41 +0200</pubDate>
<description>
<![CDATA[
The idea for Domino One Touch Setup (OTS) was born in the Domino Container Community project and HCL added a native implementation into Domino 12 available cross platform. The Domino container image ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/creating-domino-one-touch-setup-json-via-lotus-script.htm</link>
<category>OTS</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/creating-domino-one-touch-setup-json-via-lotus-script.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/creating-domino-one-touch-setup-json-via-lotus-script.htm</guid>
<content:encoded><![CDATA[ <br /><span style=" font-size:10pt;font-family:sans-serif">The idea for Domino One Touch Setup (OTS) was born in the Domino Container Community project and HCL added a native implementation into Domino 12 available cross platform.<br /> The Domino container image and also the Domino Start Script can consume it and ship with first and additional server OTS JSON files including prompting to replace placeholders.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">Beside the standard documentation there is a GitHub repository for examples and additional information -> </span><a href="https://github.com/HCL-TECH-SOFTWARE/domino-one-touch-setup"><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://github.com/HCL-TECH-SOFTWARE/domino-one-touch-setup</span></a> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">The basic configuration isn't that complicated. But you can also use it to create databases from templates and add or update documents.</span> <br /><span style=" font-size:10pt;font-family:sans-serif">Generating JSON from existing documents might be quite time consuming.</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">I wrote Lotus Script code to convert documents into JSON and also a small routine to create the setup part of OTS.</span> <br /> <br /><a href="https://gist.github.com/Daniel-Nashed/a0a436e983d91e7c54388219045f39b0"><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://gist.github.com/Daniel-Nashed/a0a436e983d91e7c54388219045f39b0</span></a> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">For now it is a simple script I added to a database where I dump documents I want to add to OTS.<br /> </span> <br /><span style=" font-size:10pt;font-family:sans-serif">But in future we could make it a full application. <br /> <br /> What do you think?<br /> </span> <br /><span style=" font-size:10pt;font-family:sans-serif">-- Daniel</span> <br /> <br /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/creating-domino-one-touch-setup-json-via-lotus-script.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/creating-domino-one-touch-setup-json-via-lotus-script.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Building Images on Docker behind a proxy</title>
<pubDate>Sat, 23 Mar 2024 11:26:09 +0200</pubDate>
<description>
<![CDATA[
This challenge came up at a customer when building an image in a corporate environment. It can be quite tricky and the devil is in the detail. There are multiple layers where you need the proxy set: ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/building-images-on-docker-behind-a-proxy.htm</link>
<category>Docker</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/building-images-on-docker-behind-a-proxy.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/building-images-on-docker-behind-a-proxy.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> This challenge came up at a customer when building an image in a corporate environment. It can be quite tricky and the devil is in the detail.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> There are multiple layers where you need the proxy set:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> 1. Docker needs to be able to pull images</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> 2. The container image build Linux needs to have access to a repository server to load new packages and update existing packages</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> If you have an internal repository server for Linux updates for the base image you choose, you want to point image to that repository.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In this case you might want to build your own base image containing the right repository URLs like you configure your normal Linux servers.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> But sometimes your host OS and the container image might differ and you want to pull the Linux packages from a trusted external resource.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In some cases customers even restrict the target URLs on their proxy, which can be also problematic.<br /> But in this case your Squid proxy access.log or equivalent on your proxy is your friend.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Once you figured out where and how you get your base image and Linux updates, you can start setting the configuration.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In my case I am using a Squid proxy for HTTP and HTTPS requests.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Configure proxy on Docker host</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Once Docker has a proxy setting, it will pass the proxy to the container during build via environment variables.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Those settings are picked up by your build container.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> For local connections I had to modify the build logic to exclude the NGINX local hosting IP, which would have gone thru the proxy too.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Curl in the currently used versions in most distributions does not yet allow to exclude IP ranges.<br /> Therefore I am excluding the IP address of the NGINX container only.</span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><strong><br /> <br /> vi /usr/lib/systemd/system/docker.service</strong></span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Environment=https_proxy=</span></tt><a href=http://192.168.96.99:3128/><tt><span style=" font-size:10pt;color:blue"><u>http://192.168.96.99:3128</u></span></tt></a><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Environment=http_proxy=</span></tt><a href=http://192.168.96.99:3128/><tt><span style=" font-size:10pt;color:blue"><u>http://192.168.96.99:3128</u></span></tt></a><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> systemctl daemon-reload</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> systemctl restart docker</span></tt><span style=" font-size:12pt"> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Configure proxy on Docker client</strong></span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><strong><br /> <br /> mkdir ~/.docker</strong></span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><strong><br /> vi ~/.docker/config.json</strong></span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> {</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> "proxies": {</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> "default": {</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> "httpProxy": "</span></tt><a href=http://192.168.96.99:3128/><tt><span style=" font-size:10pt;color:blue"><u>http://192.168.96.99:3128</u></span></tt></a><tt><span style=" font-size:10pt">",</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> "httpsProxy": "</span></tt><a href=http://192.168.96.99:3128/><tt><span style=" font-size:10pt;color:blue"><u>http://192.168.96.99:3128</u></span></tt></a><tt><span style=" font-size:10pt">"</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> }</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> }</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> }</span></tt><span style=" font-size:12pt"> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Configure proxy for your current session for curl, git and other operations</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Usually the proxy should be already set on OS level.<br /> But if it is not generally set, you can export the proxy using environment variables in your current session.</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> export https_proxy=</span></tt><a href=http://192.168.96.99:3128/><tt><span style=" font-size:10pt;color:blue"><u>http://192.168.96.99:3128</u></span></tt></a><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> export http_proxy=</span></tt><a href=http://192.168.96.99:3128/><tt><span style=" font-size:10pt;color:blue"><u>http://192.168.96.99:3128</u></span></tt></a><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:Arial"><br /> <br /> This last step might not be needed for a Docker build, but would be useful for curl and other operations.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:Arial"><br /> Your admin might have already globally set the proxy in your environment.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:Arial"><br /> Else also for pulling Linux updates or installing packages on your host needs the proxy (unless you configured a local repo cache)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:Arial"><br /> <br /> The proxy would be also used by your Git client to pull updates from GitHub.</span><span style=" font-size:12pt"> <br /> <br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/building-images-on-docker-behind-a-proxy.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/building-images-on-docker-behind-a-proxy.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Picking the right Linux distribution for Domino</title>
<pubDate>Sat, 23 Mar 2024 09:46:13 +0200</pubDate>
<description>
<![CDATA[
There have been some discord discussions and there is a new HCL GitHub repository providing information about different Linux platforms - https://opensource.hcltechsw.com/domino-linux/. This blog po ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/picking-the-right-linux-distribution-for-domino.htm</link>
<category>Domino</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/picking-the-right-linux-distribution-for-domino.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/picking-the-right-linux-distribution-for-domino.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> There have been some discord discussions and there is a new HCL GitHub repository providing information about different Linux platforms -> </span><a href="https://opensource.hcltechsw.com/domino-linux/"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://opensource.hcltechsw.com/domino-linux/</u></span></a><span style=" font-size:10pt;font-family:sans-serif">.<br /> This blog post is to see if this type of information is helpful and also the base for further discussion at Engage conference at the Linux round table.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> I hope the following information is helpful? Is this the kind of material that is missing?</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> We can incorporate this including your feedback into the HCL Domino Linux GitHub repository.<br /> <br /> -- Daniel</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Introduction</strong></span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> In contrast to Windows, Linux as a free operating system allows you to pick from a large number of distributions.<br /> Distributions are build from the Linux sources and each distribution makes it's own selection of versions and combination of packages.<br /> <br /> Many distributions are based on other distributions or use their sources.<br /> In addition different distributions use different package managers, which is a major difference between distributions.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Rolling releases vs. stable long term releases</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Running an enterprise application like Domino requires a stable Linux release.<br /> A rolling release might introduce major versions of packages and the kernel completely unexpected.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In the enterprise world software needs to be tested. Testing an enterprise software on a wild zoo of Linux distributions is almost impossible and would introduce risk.</span><span style=" font-size:10pt;color:#800000;font-family:sans-serif"><strong><br /> <br /> So the first and most important criteria for picking a distribution is a long term release.</strong></span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Officially HCL tested Domino versions vs. supported versions</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> HCL picked RedHat Enterprise Linux (RHEL) and SUSE Enterprise Linux (SLES) as the two fully supported and tested distributions.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But meanwhile many other long term Linux distributions which meet the Linux kernel, glibc and stdc++ lib versions are supported.<br /> <br /> Supported means they should work and in case you have a problem, you can open a support ticket to get help on your Domino problem.<br /> You cannot expect that HCL support knows about your Linux distribution and can help you with the distribution specific configuration or steps to troubleshoot.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Linux vendor support</strong></span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> If you are running Domino in an enterprise environment you should have some kind of Linux support.<br /> This can be either support from a vendor like RedHat, SUSE or Canonical (Ubuntu), or a company or a company specialized on Linux support.<br /> Unless you really know what you are doing and have an own Linux team in your company some kind of external support makes a lot of sense.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Pick one corporate Linux standard</strong></span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Because Linux platforms can quite differ in the way they are setup and administrated, the package managers etc. and also the support contracts you might want to have in place, it is wise to pick one strategic Linux distribution.<br /> <br /> Domino admins should first check if there is corporate standard and if it fits with Domino.<br /> Usually companies pick long term releases and this choose should usually work for Domino.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> How to pick your corporate standard Linux distribution</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Many distributions are based on the source packages of another distribution or at least use the same package manager.<br /> Administration of those distributions might still differ, because the distributions choice of the network package and other important Linux packages.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But basically it drills down to those 4 different categories of Linux distributions which are most commonly used:</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Redhat/CentOS Stream/Fedora based</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Fedora is the fast moving distribution. Running itself is not advisable. But it is the source of many long term release distributions.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Before CentOS Stream many distributions have been build based on CentOS.<br /> Meanwhile CentOS Stream is positioned between Fedora and RedHat Enterprise Linux.<br /> <br /> This was the starting point for a couple of new distributions like RockyLinux and Alma Linux based on Redhat Enterpeise sources.<br /> Any of those distributions based on a stable Redhat Enterpise version and also CentOS Stream which dot releases become the dot releases of RedHat enterpise Linux are valid choice.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The package manager use is "<strong>yum</strong>" (actually most distributions switched to "<strong>dnf</strong>" the newer implementation that yum invokes under the covers).<br /> Both are using <strong>RPM</strong> packages (RPM = RedHat Package Manager).</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> There are many other stable Linux versions based on the Fedora/RedHat stack. This includes AmazonLinux and Oracle Linux.<br /> Both are valid choices. AmazoneLinux Linux is of special interest when running on AWS.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> My personal preference for a free Linux distribution is still CentOS Stream, which is a stable long term release.<br /> <br /> The safest bet is still Redhat Enterprise Linux, which is the build platform for Domino (Currently RHEL 9.1 which introduced the dependency for glibc 2.34+).</span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> SUSE Linux based</strong></span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> There are basically 3 different distributions:</span> <br /> <br /> <ul> <li><span style=" font-size:10pt;font-family:sans-serif"><strong>SUSE Enterprise Linux (SLES)</strong> the fully tested version of SUSE Linux</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif"><strong>openSUSE Leap </strong>a free SLES compatible Linux distribution using the same Linux package sources</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif"><strong>openSUSE Tumbleweed</strong> a rolling Linux release, which is not recommended to be used </span></li></ul><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> SUSE also uses RPM packages. But they have their own package manager tool "<strong>zypper</strong>".<br /> It's similar to yum and easy to learn. But is a bit different.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In addition SUSE provides their own graphical or text based GUI tool "YaST" which is specially useful for admins who are no command line warriors.<br /> <br /> SUSE also supports the btrfs file system, which is a modern file system supporting compression, de-duplication and snapshots.<br /> <br /> The SUSE Linux distribution is around for a very long time -- and was the build platform for Domino initially by the way. </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Debian based</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Debian provides major release versions, which are long term supported.<br /> It has it's own package manager "<strong>dpkg</strong>" and packet format "<strong>Debian packages</strong>".<br /> <br /> Debian also supports the "<strong>apt</strong>" package manager, which is also used on Ubuntu.<br /> <br /> The package manager difference make administration a bit different to RedHat based environments.<br /> <br /> But Debian has some advantages like integrated ZFS support. <br /> ZFS is a very interesting file system also providing compression, de-duplication and snapshots.<br /> The ZFS file system would be probably a good topic for a separate blog post.<br /> <br /> Debian supports in place major version updates.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Experienced admins often favor Debian. It is also the base Proxmox and TrueNAS Scale are built on.<br /> But it isn't one of main releases picked by Domino admins today.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In addition the different package manager might not be supported by add-on application vendors (e.g. backup and other more OS level depending tools).</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Ubuntu</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Ubuntu also uses the Debian package format and uses the "<strong>apg</strong>" package manager.<br /> It also has ZFS integrated. Ubuntu also supports in place major release updates.<br /> <br /> I became a big fan of Ubuntu after I did not like it initially for servers specially because of the integrated ZFS and release updates.<br /> On desktops Ubuntu was always my favorite and my dad is a happy Ubuntu desktop user.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The server side using the long term support (LTS) versions is becoming more popular among Domino admins.<br /> But because of the different package manager, support for some add-on applications might not be available (for example IBM Spectrum protect aka TDP is only supported on RedHat and SUSE type of distributions).</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> <br /> Ensure your Linux uses glibc 2.34+</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Domino 14 is build on RedHat Enterprise Linux 9.1, which runs on glibc 2.34.<br /> glibc is the GNU Linux C run-time which is an important component of every Linux distribution (beside Alpine, which is a different animal and not Domino supported).</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> To prepare for Domino 14, you should ensure today the platform supports 2.34+. <strong><br /> <br /> <br /> Which one fits best?</strong><br /> <br /> This really depends on your requirements and what you already run. All of those long term release versions are a good fit with Domino.<br /> It really depends on what you are used to. If you are used to RedHat/CentOS type of administration, it would be probably not wise to switch to Ubuntu or Debian and the other way round.<br /> <br /> But if you are new to Linux, you have the pain of choice. <br /> Again you should check what you already have in your company or what most software you use is supported on.<br /> <br /> It's not just about Domino but also add-on software like backup and other more OS level depending software.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Probably for new admins a Redhat/CentOS based long term support distribution is the easier to learn platform where most resources are available.</span><span style=" font-size:12pt"> <br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/picking-the-right-linux-distribution-for-domino.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/picking-the-right-linux-distribution-for-domino.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>KVM vs. VMware for enterprise virtualization</title>
<pubDate>Fri, 22 Mar 2024 09:00:40 +0200</pubDate>
<description>
<![CDATA[
Now that VMware introduced some changes and discontinued the free ESXi technology, admins might need to review their strategies. I found an interesting article from RedHat published in 2018, which de ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/kvm-vs-vmware-for-enterprise-virtualization.htm</link>
<category>KVM</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/kvm-vs-vmware-for-enterprise-virtualization.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/kvm-vs-vmware-for-enterprise-virtualization.htm</guid>
<content:encoded><![CDATA[ <br /><span style=" font-size:10pt;font-family:sans-serif">Now that VMware introduced some changes and discontinued the free ESXi technology, admins might need to review their strategies.<br /> I found an interesting article from RedHat published in 2018, which describes it quite well and has references to other technologies like containers.It<br /> <br /> It is good starting point to look into the topic --> </span><a href="https://www.redhat.com/en/topics/virtualization/kvm-vs-vmware-comparison"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://www.redhat.com/en/topics/virtualization/kvm-vs-vmware-comparison</u></span></a><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> KVM is part of the Linux kernel and from technology point probably the better virtualization technology.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> VMware's strength is to make virtualization easy by providing a good admin interface and a stack working hand in hand with vendor specific back end functionality.<br /> But you can get similar functionality also in the Linux world. And there are multiple solutions on top of KVM which are also supported by the major vendors.<br /> <br /> Redhat, Ubuntu (</span><a href="https://ubuntu.com/blog/kvm-hyphervisor"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://ubuntu.com/blog/kvm-hyphervisor</u></span></a><span style=" font-size:10pt;font-family:sans-serif">) and Proxmox (</span><a href=https://www.proxmox.com/><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://www.proxmox.com</u></span></a><span style=" font-size:10pt;font-family:sans-serif">) are good examples.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Those vendors offer different type of options, where the general functionality is usually available for free -- the classical freemium *) model which Broadcom just broke this month for ESXi.<br /> A true native Linux stack with it's openness can bring also advantages. It usually comes with more innovation from a bigger development community.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> IMHO looking into KVM based virtualization makes a lot of sense.<br /> At least as a secondary option specially for Linux based environments. But it is also a valid approach for Windows with native QMEU drivers from RedHat.<br /> <br /> -- Daniel <br /> <br /> <br /> *) </span><a href=https://en.wikipedia.org/wiki/Free_(Anderson_book)><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://en.wikipedia.org/wiki/Free_(Anderson_book)</u></span></a><span style=" font-size:12pt"><br /> <br /> <br /> </span><img alt="Image:KVM vs. VMware for enterprise virtualization" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/kvm-vs-vmware-for-enterprise-virtualization.htm/content/M2?OpenElement" /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/kvm-vs-vmware-for-enterprise-virtualization.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/kvm-vs-vmware-for-enterprise-virtualization.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Introducing Domino Borg Backup Integration V2</title>
<pubDate>Sun, 17 Mar 2024 12:44:52 +0200</pubDate>
<description>
<![CDATA[
Borg Backup is an interesting backup option for Linux (https://www.borgbackup.org/) and also works inside a Domino container with a local or remote repository. The first integration with Domino Back ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-domino-borg-backup-integration-v2.htm</link>
<category>BorgBackup</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-domino-borg-backup-integration-v2.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-domino-borg-backup-integration-v2.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Borg Backup</strong> is an interesting backup option for Linux (</span><a href=https://www.borgbackup.org/><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://www.borgbackup.org/</u></span></a><span style=" font-size:10pt;font-family:sans-serif">) and also works inside a Domino container with a local or remote repository.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The first integration with Domino Backup used bash scripts and Borg commands. But this had limitations due to the way Borg handles backups.<br /> </span> <br /><span style=" font-size:10pt;font-family:sans-serif">Each database was stored in a separate repository. I have been looking for direct integration to avoid this overhead and store all backup data into a single backup.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> There is a newer option to import tar data directly into Borg as a stream -> </span><a href=https://borgbackup.readthedocs.io/en/stable/usage/tar.html><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://borgbackup.readthedocs.io/en/stable/usage/tar.html</u></span></a><span style=" font-size:10pt;font-family:sans-serif">.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Tar is a quite old format coming from the early times and was intended to store data on taps. It still plays a major role in today's Linux environments.The tar format contains the file meta data including file permissions which can be queries.<br /> The Borg Backup option allows to pipe multiple tar streams into a single backup.That made me coming up with a new approach which lead to this GitHub repository providing a new Domino Backup integration </span><a href="https://github.com/nashcom/domino-borg"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>-> https://github.com/nashcom/domino-borg</u></span></a><span style=" font-size:10pt;font-family:sans-serif">.<br /> <br /> There is will work in progress for more detailed documentation. Specially for special options like providing the encryption password need some review. I added multiple ways to provide the Borg repository password to not store it unprotected on disk.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But let me explain the basic idea. See the GitHub repository for details.</span><span style=" font-size:12pt"><br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> -- Daniel</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Idea:</strong></span><span style=" font-size:12pt"> </span> <br /><span style=" font-size:10pt;font-family:sans-serif"><br /> A small Linux program (nshborg) is started and controls the borg backup process by writing data over stdin into the Borg Backup process.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Another instance of the same program is invoked per each database and communicates with the running instance controlling the backup process.<br /> <strong><br /> Flow:</strong></span><span style=" font-size:12pt"> </span> <ul> <li><span style=" font-size:10pt;font-family:sans-serif">Pre Backup Script starts <strong>nshborg a "server instance"</strong> which starts the borg backup with the specified target repository</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif"><strong>Domino backup</strong> brings one database after another into backup mode and invoke nshborg (client instance) to interact with the <strong>nshborg server instance</strong></span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif"><strong>nshborg server instance</strong> invokes tar to get the database from stdout in tar format and pipes it to stdout of the borg process</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif"><strong>nshborg client instance</strong> waits until <strong>nshborg server instance</strong> completely sent the tar stream</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">Domino backup gets control back and brings the database online</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">If a delta data occurred during backup of the database, the delta is written in the same way</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">After all databases are processed the post backup script invokes nshborg client instance to signal <strong>nshborg server instance</strong> to complete the backup.</span><span style=" font-size:12pt"> </span> <br /><span style=" font-size:12pt"> </span></li></ul><span style=" font-size:10pt;font-family:sans-serif"><strong>Example for commands invoked:</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Backup DB command:</strong></span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><br /> /usr/bin/nshborg -b '/local/borg::domino-20240130124242'</span></tt><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Starts the backup and specifies the backup target.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Post-backup command:</strong></span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><br /> /usr/bin/nshborg -q</span></tt><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Stops the backup and signals nshborg to stop the backup</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Backup DB command:</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> /</span><tt><span style=" font-size:10pt">usr/bin/nshborg '/local/notesdata/names.nsf'</span></tt><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Tells nshborg server instance to push the file to the running borg instance.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Restore Db command:</strong></span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><br /> /usr/bin/nshborg -a '/local/borg::domino-20240130124242' -r '/local/notesdata/names.nsf' -t '/local/notesdata/restore/names.nsf.dad'</span></tt><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Restores a single database </span><span style=" font-size:12pt"><br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/introducing-domino-borg-backup-integration-v2.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-domino-borg-backup-integration-v2.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>High Domino Backup performance with native ZFS storage on Proxmox</title>
<pubDate>Sun, 17 Mar 2024 11:50:56 +0200</pubDate>
<description>
<![CDATA[
Introduction Domino 12+ default native backup is a very easy to use option, which also works on Docker containers. The resulting backup to a file target is always consistent, because delta informa ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/high-domino-backup-performance-with-native-zfs-storage-on-proxmox.htm</link>
<category>Domino</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/high-domino-backup-performance-with-native-zfs-storage-on-proxmox.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/high-domino-backup-performance-with-native-zfs-storage-on-proxmox.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Introduction</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Domino 12+ default native backup is a very easy to use option, which also works on Docker containers.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The resulting backup to a file target is always consistent, because delta information is always applied to the backup file.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But a file target raises the challenge that the whole NSF data will be copied to the target file-share or disk. Therefore a de-duplicating target is highly recommended. <br /> <br /> I took a look into ZFS in detail in my new local setup to test out performance.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Protect your target file copy data</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In addition to a file copy operation the resulting target should be always protected against Ransomware attacks.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> There are multiple ways to protect the resulting file copy data, which isn't scope of this performance write-up. <br /> Valid approaches would include a <u>snapshot</u> of the resulting ZFS data, copying the resulting consistent NSF data to a <u>different backup media</u>.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Any kind of secondary backup would work, because the data is consistent and does not need recovery operations on restore.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> ZFS File System</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> ZFS is a quite special enterprise grade file-system offering couple of very interesting options.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> It comes with an own very flexible pool management of native disks and also provides enterprise grade software RAID.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Beside snapshots it also supports compression and de-duplication.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In addition to space saving compression reduces the I/O load by taking just minimal CPU overhead which works perfectly OK with Domino NSF data.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> De-duplication in contrast isn't a good idea for active Domino NSF data. But it is a perfect match for a backup target with Domino backup.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> My ZFS backup performance on my Hetzner server isn't great. With a native setup of ZFS directly on the Proxmox hypervisor, the performance looks dramatically better.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Test Setup</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Hardware</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Intel NUC Intel(R) Core(TM) i3-8109U CPU @ 3.00GHz (NUC8i3BEH)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Samsung 980 PRO NVMe M.2 SSD 2TB</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Software</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Proxmox 8.1.4</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> LXC container with Ubuntu 22.04.4 LTS ((Jammy Jellyfish)</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Domino 14.0 container</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> File System</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> With a LXC the file system is a ZFS file-system directly mounted from host. I added a root data disk and a backup volume</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Backup Setup and Test</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Domino backup comes with a standard configuration.The default target is <strong>/local/backup</strong>. <br /> The directory inside the container points to the ZFS sub volume tuned as a backup target.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I increased the backup file copy buffer from 128 KB to 1 MB via a special notes.ini parameter --> notes.ini FILE_COPY_BUFFER_SIZE=1048576.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> It turned for ZFS with 128 KB record size, this didn't make a big performance difference.<br /> But it is a recommended parameter to push file copy operations to a bigger buffer size and optimize File I/O operations on Linux side.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> To a fresh server I copied my 4.6 GB production mailfile for testing.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> And enabled de-duplication on the ZFS target volume.</span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><br /> zfs set atime=off tank/subvol-100-disk-3</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> zfs set dedup=on tank/subvol-100-disk-3</span></tt><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Basic backup performance is up to 500 MB/sec with compression and de-duplication.</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The first backup already showed great performance I didn't expect.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Performance varies a bit. But even like 20% less performance would be already beyond anything I have seen in most corporate environments.</span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:9pt"><br /> load backup</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Domino Database Backup</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Started</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Pruning backups</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: BackupNode: [my-domino-server], BackupName: [default], Translog Mode: [CIRCULAR], Backup Mode: [FULL]</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: LastBackupTime: 03/17/2024 09:28:13</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Starting backup for 123 database(s)</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup:</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: --- Backup Summary ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Previous Backup : 03/17/2024 09:28:13</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Start Time : 03/17/2024 09:29:02</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: End Time : 03/17/2024 09:29:18</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Runtime : 00:00:15.47</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup:</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: All : 123</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Processed : 123</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Excluded : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Pending Compact : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Compact Retries : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Backup Errors : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Not Modified : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Delta Files : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Delta applied : 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup:</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Total DB Size : 7.3 GB</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Total DeltaSize : 0.0 Bytes</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Data Rate : 496.9 MB/sec</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: --- Backup Summary ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup:</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:9pt"><br /> Backup: Finished</span></tt><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> More test results</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Another first Backup resulted in <strong>581.0 MB/sec</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Second Backup (immediately afterwards) had almost the same speed: <strong>577.3 MB/sec</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Backup after DBMT did vary in size and might get lower than the <strong>540.3 MB/sec</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> This depends also in how much the data changes. I saw performance dropped to like <strong>270 MB/sec</strong> in some cases for data that changed a lot.</span><span style=" font-size:12pt"><br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Looking at the de-duplication rates</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The first backup resulted in almost zero de-duplication. Which was sort of expected with a single mail file.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Second backup</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But already the second backup shows the benefit of ZFS de-duplication</span><span style=" font-size:12pt"> <br /> </span><tt><span style=" font-size:10pt"><br /> zpool list</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> tank 1.81T 90.5G 1.72T - - 0% 4% </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>2.00x</strong></span></tt><tt><span style=" font-size:10pt"> ONLINE -</span></tt><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Backup after DBMT</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> DBMT re-writes the whole NSF file and should at most done once per week.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Maybe even less when DAOS, NIFNSF are enabled.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But even after a DBMT the de-duplication rate was quite good in my test. This might vary with real world changing data.</span><span style=" font-size:12pt"> <br /> <br /> </span><tt><span style=" font-size:10pt"><br /> zpool list</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> tank 1.81T 90.7G 1.72T - - 0% 4% </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>2.85x</strong></span></tt><tt><span style=" font-size:10pt"> ONLINE -</span></tt><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Conclusion and additional thoughts</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> ZFS can be a very efficient backup target from performance and cost point of view.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In my case the ZFS target was on the same Proxmox server. But remote Linux hosts running ZFS natively accessed over NFS or CIFS would work as well.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The performance will be very likely not be the same, because of overhead added by NFS, network etc.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Proxmox might become more important in future for Domino.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Local Proxmox ZFS storage in combination with Domino clustering can be a valid approach including backup with the right backup protection strategy.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The ZFS backup volume should be at least a separate ZFS disk pool.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Remote ZFS over NFS</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Probably in larger production environments the ZFS pool will be on a different box, which makes the network the next bottleneck to look into.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> A 1 GBit network card could only handle at max 112 MB/sec. But in corporate environments server to server communication should be hopefully handled by 10 Gbit NICs.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> For a small server or home-office backup a local ZFS pool with periodic backup to an external disk would be a valid approach. <br /> A 112 MB/sec backup over 1 GBit NIC would be probably more than sufficient in smaller environments.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> Local native ZFS is the fastest option</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The best optimization is probably on a local ZFS pool, because compression and de-duplication is handled locally and only the delta has to be written.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> That's also why the native ZFS sub-volume mount in my LXC container setup is that important.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> For a ZFS zvol in a VM in combination with a local file-system the performance would probably look completely different as well.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The setup used removes all intermediate layers and just uses native ZFS for backup operations - almost comparable to a physical host without any virtualization.</span><span style=" font-size:12pt"> <br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/high-domino-backup-performance-with-native-zfs-storage-on-proxmox.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/high-domino-backup-performance-with-native-zfs-storage-on-proxmox.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Looking into S3 performance numbers for MinIO -- Is this the right target for backup?</title>
<pubDate>Sat, 16 Mar 2024 19:45:33 +0200</pubDate>
<description>
<![CDATA[
Introduction I know MinIO for a while and I have been using it for DAOS T2 testing early on. Years later they are now grow up and play in the cloud native storage league. Still the devil is in the ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/looking-into-s3-performance-numbers-for-minio-is-this-the-right-target-for-backup.htm</link>
<category>Domino Backup</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/looking-into-s3-performance-numbers-for-minio-is-this-the-right-target-for-backup.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/looking-into-s3-performance-numbers-for-minio-is-this-the-right-target-for-backup.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Introduction</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> I know MinIO for a while and I have been using it for DAOS T2 testing early on. Years later they are now grow up and play in the cloud native storage league.<br /> <br /> Still the devil is in the detail and for using it in production environment customers hopefully use the enterprise subscription to get tuning support. <br /> Paying for support this doesn't make it a cheap storage any more if you look at their price tag.<br /> <br /> S3 is an interesting technology. But it isn't the solution to all problems. "If you only have a hammer every problem looks like a nail".<br /> Coming from the cloud it is designed be AWS as a "<strong>S</strong>imple <strong>S</strong>torage <strong>S</strong>ervice" as the name indicates. It also has embedded verification and optional encryption.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> For sure it isn't useful for all type of operations.There is a certain overhead when you are not accessing the file system directly.<br /> And this also requires quite some additional resources like CPU if extensively used.<br /> <br /> I am mainly interested in taking a look into it for Domino Backup.<br /> But understanding the nature of access is also important to understand DAOS T2.<br /> Specially when it comes to listing NLOs for resync operations (which is not part of this test setup).</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Test the MinIO server</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> To scale MinIO, you need quite some hardware resources as your see from their report. My first test on a smaller machine failed, because I ran out of memory resources.<br /> When you look at their benchmark, they are running a cluster with a couple of nodes and multiple client drivers to generate the load.<br /> In the use case of a backup and also for DAOS T2 the performance of individual requests are more relevant.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;color:blue"><u><br /> </u></span><a href="https://min.io/resources/docs/MinIO-Throughput-Benchmarks-on-HDD-24-Node.pdf"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://min.io/resources/docs/MinIO-Throughput-Benchmarks-on-HDD-24-Node.pdf</u></span></a><span style=" font-size:10pt;font-family:sans-serif"> <br /> <br /> MinIO used a GO based test program from Wasabi for the benchmark above.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;color:blue"><u><br /> <br /> </u></span><a href="https://github.com/wasabi-tech/s3-benchmark"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://github.com/wasabi-tech/s3-benchmark</u></span></a><span style=" font-size:10pt;font-family:sans-serif"> <br /> <br /> I took a larger Hetzner cloud server with Intel CPU and run some quick tests.<br /> The local disks at Hetzner are always fast SSDs as you can see from the results.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The machine I used was pretty untuned. Even MinIO lists some interesting parameters in their load test (this reminds me on the old Domino Notesbench results).</span><span style=" font-size:12pt"> <br /> <br /> <br /> </span><img alt="Image:Looking into S3 performance numbers for MinIO -- Is this the right target for backup?" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/looking-into-s3-performance-numbers-for-minio-is-this-the-right-target-for-backup.htm/content/M2?OpenElement" /><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> <br /> The basic command I used is the a simple performance test also used in their workload.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Example:</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> ./s3-benchmark -a s3-user -s s3-password -u </strong></span><a href=http://127.0.0.1:9000/><span style=" font-size:10pt;color:blue;font-family:sans-serif"><strong><u>http://127.0.0.1:9000</u></strong></span></a><span style=" font-size:10pt;font-family:sans-serif"><strong> -t 1 -z 1M</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The MinoIO server is the simple MinIO Docker container without extra tuning using a native disk.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I mostly used the 1 MB object size for testing. But changed it for two test to see the different for backing up larger databases.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The result of parallel operations with the client and the server on the same machine was impressive.<br /> But the write operations for a single object haven't been great for smaller files.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Domino Backup uses a single thread to backup databases. You could see that with parallel write operations the box was able to handle up to<strong> 580 MB/sec</strong> write performance.<br /> So the disk itself wasn't the bottleneck here. It's probably the overhead of starting the operation which causes the slower performance for a write.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> My test has been completely local. This is the lowest network latency you can get.<br /> In a modern network environment the LAN latency should not play a big role here.<br /> But usually machines have only a <u>1GBit network connection</u>.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Conclusion</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> ~160 MB/sec</strong> for a single writer thread is probably the fastest you can get with S3.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I saw similar performance for uploading files to AWS S3 via AWS CLI form a AWS hosted machine.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> For Domino backup S3 does not buy you any simplification and the performance might really depend on your databases size and the tuning of your MinIO server.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> In addition S3 itself does not de-duplicate data. Which is essential for Domino backup to a simple storage.<br /> When you look at </span><a href="https://blog.min.io/myths-about-deduplication-and-compression/"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://blog.min.io/myths-about-deduplication-and-compression/</u></span></a><span style=" font-size:10pt;font-family:sans-serif"> it really sounds like they have no interest in de-duplication at all.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> But compression alone will not help for daily backups with like 14 days of backup retention.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> They are probably right about the general use case. But for daily backups de-duplication are essential.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> I don't see the benefit of using S3 if you have to install, support, tune and back it up on your own.<br /> It's a different story in the cloud where S3 is a native implementation for example in AWS S3 infrastructure and you consume it as an highly optimized service.<br /> <br /> For a company putting Domino backup on a MinIO S3 drive does increase the overhead and will potential cost more than storing it to a simple ZFS de-duplicated share.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Also when it comes to backup performance of a simple file copy operation without de-duplication a Hetzner 1 TB Storage box for around 4 Euro/month can copy at 500 MB/sec without any additional CPU overhead.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> -- Daniel</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Test results</strong></span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> <br /> Threads: 1</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong>/ Object Size 1 MB</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Loop 1: PUT time 60.0 secs, objects = 3617, speed = </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>60MB/sec</strong></span></tt><tt><span style=" font-size:10pt">, 60.3 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: GET time 60.0 secs, objects = 20158, speed = 336MB/sec, 336.0 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: DELETE time 9.0 secs, 402.1 deletes/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Threads: 1 / Object Size 100 MB</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Loop 1: PUT time 60.0 secs, objects = 97, speed = </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>161.6MB/sec</strong></span></tt><tt><span style=" font-size:10pt">, 1.6 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: GET time 60.1 secs, objects = 589, speed = 980.1MB/sec, 9.8 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: DELETE time 0.2 secs, 415.6 deletes/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Threads: 10</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong>/ Object Size 1 MB</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Loop 1: PUT time 60.0 secs, objects = 28594, speed = </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>476.5MB/sec</strong></span></tt><tt><span style=" font-size:10pt">, 476.5 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: GET time 60.0 secs, objects = 264612, speed = 4.3GB/sec, 4410.0 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: DELETE time 4.7 secs, 6093.5 deletes/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Threads: 10 / Object Size 100 MB</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Loop 1: PUT time 60.4 secs, objects = 776, speed = </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>1.3GB/sec</strong></span></tt><tt><span style=" font-size:10pt">, 12.8 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: GET time 60.2 secs, objects = 3696, speed = 6GB/sec, 61.4 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: DELETE time 0.8 secs, 977.7 deletes/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Threads: 100</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt">/</span></tt><span style=" font-size:10pt;font-family:sans-serif"><strong>Object Size 1 MB</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Loop 1: PUT time 60.0 secs, objects = 34512, speed = 574MB/sec, 574.8 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: GET time 60.0 secs, objects = 308293, speed = 5GB/sec, 5137.5 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: DELETE time 20.6 secs, 1677.5 deletes/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Threads: 1000</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt">/ </span></tt><span style=" font-size:10pt;font-family:sans-serif"><strong>Object Size 1 MB</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> Loop 1: PUT time 60.2 secs, objects = 28628, speed = 475.5MB/sec, 475.5 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: GET time 60.1 secs, objects = 406941, speed = 6.6GB/sec, 6774.5 operations/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Loop 1: DELETE time 21.1 secs, 1359.6 deletes/sec. Slowdowns = 0</span></tt><span style=" font-size:12pt"> <br /> </span> <br /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/looking-into-s3-performance-numbers-for-minio-is-this-the-right-target-for-backup.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/looking-into-s3-performance-numbers-for-minio-is-this-the-right-target-for-backup.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>First look at openSUSE Leap 15.6 Beta with Domino 14</title>
<pubDate>Sat, 16 Mar 2024 13:02:33 +0200</pubDate>
<description>
<![CDATA[
As some of you know from earlier discussions, the latest currently available SUSE Enterprise and openSUSE Leap 15.5 ships with a too old glibc to work out of the box with Domino 14. You could still ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/first-look-at-opensuse-leap-15.6-beta-with-domino-14.htm</link>
<category>SUSE</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/first-look-at-opensuse-leap-15.6-beta-with-domino-14.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/first-look-at-opensuse-leap-15.6-beta-with-domino-14.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> </span> <br /><span style=" font-size:10pt;font-family:sans-serif">As some of you know from earlier discussions, the latest currently available SUSE Enterprise and openSUSE Leap 15.5 ships with a too old glibc to work out of the box with Domino 14.<br /> You could still run it on a Docker(or Podman) host, because the container image brings the glibc run-time with it and only uses the kernel from the Docker host.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> openSUSE Leap and SUSE Enterprise (SLES) share the repositories and are technically more or less the same.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> SUSE Linux 15.6 is scheduled for mid 2024</strong><br /> <br /> I have been looking into openSUSE Leap earlier with their Alpha version.<br /> Now the official beta is available for download -> </span><a href=https://get.opensuse.org/leap/15.6/><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://get.opensuse.org/leap/15.6/</u></span></a><span style=" font-size:10pt;font-family:sans-serif"><br /> An update of the Alpha version took me straight to the beta version.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> SUSE Linux 15.6 comes with a 6.4 kernel - that needs full re-testing</strong><br /> <br /> As expected Domino 14 works natively with the updated glibc. The requirement is <strong>glibc 2.34+</strong>. This Linux version will introduce <strong>glibc 2.38</strong>.<br /> But SUSE also switched again to a new major kernel version with a Service Pack.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> This means HCL will have to re-rest SUSE Linux once the final version is released.<br /> It will take some time to have fully tested and support SUSE supported for Domino 14.0.<br /> <br /> But the more interesting question is what will happen with older versions like 12.0.2 which would need to be separately tested.<strong><br /> <br /> SUSE 15.6 </strong>is a <u>service pack</u>, but with the changes involved, it qualifies itself to be looked at as a new major release.<br /> So I would not expect it to be tested for the Domino 12.0.2 or earlier code stream.<br /> It could still fall under the category "not officially tested by HCL but works".</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Here are the current versions of important packages.<br /> <br /> The kernel is pretty new. So as glibc is.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> OpenSSL has been bumped up to version 3.1.4 which was previously the 1.1.1 fully patched version.<br /> The curl package is not up to date showing a version of 3/2023. But this might change before release hopefully.</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ---<br /> <br /> uname -a</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Linux localhost 6.4.0-150600.9-default #1 SMP PREEMPT_DYNAMIC Fri Feb 23 21:11:52 UTC 2024 (375d88d) x86_64 x86_64 x86_64 GNU/Linux</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ldd --version</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> ldd (GNU libc) 2.38</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> openssl version</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ---</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> curl --version</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> curl 8.0.1 (x86_64-suse-linux-gnu) libcurl/8.0.1 OpenSSL/3.1.4 zlib/1.2.13 brotli/1.0.7 zstd/1.5.5 libidn2/2.2.0 libpsl/0.20.1 (+libidn2/2.2.0) libssh/0.9.8/openssl/zlib nghttp2/1.40.0</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Release-Date: 2023-03-20</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd</span></tt><span style=" font-size:12pt"> </span> <br /> <br /> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/first-look-at-opensuse-leap-15.6-beta-with-domino-14.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/first-look-at-opensuse-leap-15.6-beta-with-domino-14.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Preparing my Engage conference Domino Auto Update Session - Questions and feedback?</title>
<pubDate>Sat, 16 Mar 2024 11:44:28 +0200</pubDate>
<description>
<![CDATA[
Engage conference in Antwerp end of April gets closer. My session will cover Domino 14.0 Auto Update including some background information and latest information from the hopefully at that time rele ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/preparing-my-engage-conference-domino-auto-update-session-questions-and-feedback.htm</link>
<category>DominoAutoUpdate</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/preparing-my-engage-conference-domino-auto-update-session-questions-and-feedback.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/preparing-my-engage-conference-domino-auto-update-session-questions-and-feedback.htm</guid>
<content:encoded><![CDATA[ <br /><span style=" font-size:10pt;font-family:sans-serif">Engage conference in Antwerp end of April gets closer. <br /> My session will cover Domino 14.0 Auto Update including some background information and latest information from the hopefully at that time released 14.0FP1.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Did you look into Auto Notify, Download and Distribute in Domino 14 already? How do you like what is there so far? <br /> Do you have have any specific questions? Or feedback that could be interesting for HCL for the next steps in Auto Update in Domino 14.0.1?</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> My session is only 45 minutes. So it will be a challenge to provide all the information and get all the feedback.<br /> That's why I would like to understand what admins in the field already know about it and what specific details I should cover in particular.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> You should try it out and get hands on experience to bring your questions and feedback to Engage.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The functionality is pretty easy to setup. That was one of the design goals. <br /> So far I have only 27 slides to also cover questions and a live demo.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> -- Daniel</span><span style=" font-size:12pt"> <br /> <br /> </span><img alt="Image:Preparing my Engage conference Domino Auto Update Session - Questions and feedback?" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/preparing-my-engage-conference-domino-auto-update-session-questions-and-feedback.htm/content/M2?OpenElement" /><span style=" font-size:12pt"><br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/preparing-my-engage-conference-domino-auto-update-session-questions-and-feedback.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/preparing-my-engage-conference-domino-auto-update-session-questions-and-feedback.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Running Domino on Proxmox in LXC container with Docker</title>
<pubDate>Sat, 16 Mar 2024 10:42:41 +0200</pubDate>
<description>
<![CDATA[
I am experimenting with different type of Proxmox configurations for Domino. Proxmox supports LXC containers which combines shared kernel from the host in combination with a light Linux container hos ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/running-domino-on-proxmox-in-lxc-container-with-docker.htm</link>
<category>Proxmox</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/running-domino-on-proxmox-in-lxc-container-with-docker.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/running-domino-on-proxmox-in-lxc-container-with-docker.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> I am experimenting with different type of Proxmox configurations for Domino.<br /> Proxmox supports <strong>LXC</strong> containers which combines shared kernel from the host in combination with a light Linux container hosting a Linux server.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> This combination offers direct access to ZFS sub-volumes for your the LXC container.<br /> One of the benefits is lower overhead for kernel scheduling. Your Linux container runs on the kernel of your host using native Linux kernel level virtualization.<br /> Another benefit is that there is no disk virtualization in between.<br /> <br /> For a full VM with it's own kernel a zvol is created, in which a separate file-system is used to format the zvol device presented to your VM.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In my case I took another step. I am using Alpine Linux in a LXC container to run a Docker host, which then runs a Redhat UBI based container, which hosts the Domino server.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Alpine might not be the choice for a production environment. I would rather use Redhat/CentOS 9.x clones or Ubuntu to run Domino native or in a Docker container.<br /> But it nicely shows the different layers. Alpine Linux is not even running on glibc. But Docker is available on Alpine Linux.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> This setup shows nicely three different virtualization technologies playing hand in hand.</span><span style=" font-size:12pt"> </span> <ul> <li><span style=" font-size:10pt;font-family:sans-serif">Proxmox as a host level hypervisor </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">LXC as a lightweight virtualization option for Linux servers</span><span style=" font-size:12pt"> </span> </li><li><span style=" font-size:10pt;font-family:sans-serif">Docker as an application virtualization using containers</span></li></ul><span style=" font-size:10pt;font-family:sans-serif"><br /> The whole stack is based on Linux native virtualization technologies with very low overhead and a lot of tuning options.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> -- Daniel</span><span style=" font-size:12pt"> <br /> <br /> </span><img alt="Image:Running Domino on Proxmox in LXC container with Docker" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/running-domino-on-proxmox-in-lxc-container-with-docker.htm/content/M2?OpenElement" /><span style=" font-size:12pt"><br /> <br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/running-domino-on-proxmox-in-lxc-container-with-docker.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/running-domino-on-proxmox-in-lxc-container-with-docker.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Important: For Domino SMTP with ECDSA keys for STARTTLS inbound</title>
<pubDate>Sat, 16 Mar 2024 09:45:15 +0200</pubDate>
<description>
<![CDATA[
The short version of you don't want to know all the technical details: If you choose a ECDSA key for your web server, make sure you have also a RSA key for SMTP inbound connections In case you ar ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm</link>
<category></category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> The short version of you don't want to know all the technical details: <strong><br /> <br /> If you choose a ECDSA key for your web server, make sure you have also a RSA key for SMTP inbound connections</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> In case you are interested in the technical details, read on ...</span><span style=" font-size:12pt"> <br /> <br /> </span><img alt="Image:Important: For Domino SMTP with ECDSA keys for STARTTLS inbound" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm/content/M2?OpenElement" /><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> -- Daniel</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> What's the big deal running ECDSA keys/certs for SMTP only</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Domino supports modern cryptography with elliptic curve ciphers since version 12.0.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Web clients/applications usually fully support ECDSA today. But not every SMTP server provider runs their infrastructure ECDSA key ready.<br /> Outgoing connection from a Domino server over SMTP with STARTTLS are usually not a problem, because the server side drives what is used during TLS handshake.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But for incoming connections the Domino SMTP server will present supported ciphers based on the TLS Credentials (new name for SSL certificate in certstore.nsf since Domino 12.0).<br /> If you are running a ECDSA certificate, you would limit the supported ciphers to the following two ECDSA ciphers.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> This might break some older servers to deliver messages or fall back to unencrypted connections.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> With ECDSA Domino by default uses the following two ciphers:</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ./nshciphers blog.nashcom.de</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ------------------------------------------</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C02C, TLSv1.2, ECDHE-ECDSA-AES256-GCM-SHA384 , TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C02B, TLSv1.2, ECDHE-ECDSA-AES128-GCM-SHA256 , TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> ------------------------------------------</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> RSA keys recommended for SMTP</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The new TLS cache which is part of the new functionality in Domino 12+ supports both key types in parallel.<br /> The TLS cache determines which key to use based on the signature algorithms the client passes to the server.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> So you can add TLS credentials with RSA and ECDSA keys in parallel to <strong>certstore.nsf</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> What determines which certificate/key is used?</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> The signing algorithms requested during the handshake determine the certificate used.<br /> If both or none algorithm are requested, Domino prefers ECDSA for HTTPS and RSA for all other protocols by default (can be flipped per protocol via notes.ini).</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Example requesting ECDSA and RSA with STARTTLS</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Here is an example passing both types of signature algorithms to a STARTTLS connection. You can see that the RSA key is favored. <br /> You can see that a RSA key/certificate has been picked. Which results in a RSA cipher to be used.</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> openssl s_client -sigalgs "RSA+SHA256:ECDSA+SHA256" -connect notes.nashcom.de:25 -starttls smtp</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> SSL-Session:</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Protocol : TLSv1.2</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Cipher : </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>ECDHE-RSA-AES256-GCM-SHA384</strong></span></tt><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Example requesting only ECDSA with STARTTLS</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> In contrast when only specifying a ECDSA signing algorithm, the server prefers the ECDSA key/certificate resulting in a ECDSA cipher to be used.</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> openssl s_client -sigalgs "ECDSA+SHA256" -connect notes.nashcom.de:25 -starttls smtp</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> SSL-Session:</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Protocol : TLSv1.2</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> Cipher : </span></tt><tt><span style=" font-size:10pt;color:blue"><strong>ECDHE-ECDSA-AES256-GCM-SHA384</strong></span></tt><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Supported strong RSA cipher list in Domino 14.0 has changed!</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Domino 14 moved more ciphers to the weak list. Only four ciphers remain on the recommended list.</span><tt><span style=" font-size:10pt"><br /> <br /> ./nshciphers blog.nashcom.de -r</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ------------------------------------------</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C030, TLSv1.2, ECDHE-RSA-AES256-GCM-SHA384 , TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> 009F, TLSv1.2, DHE-RSA-AES256-GCM-SHA384 , TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C02F, TLSv1.2, ECDHE-RSA-AES128-GCM-SHA256 , TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> 009E, TLSv1.2, DHE-RSA-AES128-GCM-SHA256 , TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> ------------------------------------------</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Enabling weak ciphers</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> If you pick any other cipher, you have to enable notes.ini <strong>USE_WEAK_SSL_CIPHERS=1</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Choosing weaker ciphers for SMTP isn't a general problem.<br /> Modern SSL/TLS stacks support <strong>secure renegotiation</strong> to ensure to pick the highest cipher the SSL client and server have in common (the order is server determined unless configured differently).</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> So allowing older, potentially weaker ciphers isn't a big deal.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> As long you are not in a highly regulated environment and have to ensure a trusted channel, a weaker cipher is much better then a fall back to unencrypted SMTP traffic.</span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> Changing the cipher list for SMTP</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> For outgoing connections the <u>server document</u> is used to configure the ciphers used.<br /> This is even true if you enable internet sites and the cipher list is hidden.<br /> <br /> To look at the cipher list and change it, disable internet sites in the basic tab, change the cipher list and enable internet sites before saving.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Test have shown that also for inbound SMTP connections the cipher configuration <u>in server document</u> is used -- the ciphers in the SMTP internet site are ignored. <br /> But still with internet sites you can distinct between HTTPS and SMTP STARTTLS this way.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Domino 14.0 Dialog</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Older dialogs have less deprecated ciphers (see further down)</span><span style=" font-size:12pt"> <br /> <br /> </span><img alt="Image:Important: For Domino SMTP with ECDSA keys for STARTTLS inbound" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm/content/M3?OpenElement" /><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Without enabling weak ciphers, Domino 12.0.2 FP3 uses the following ciphers.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The basic RSA none DHE ciphers have been marked weak for a longer time, because older ciphers don't support <strong>Forward Secrecy (FS)</strong>.<br /> <br /> If you are running on Domino 12.0.2 you can just enable those older ciphers listed in red.<br /> For Domino 14.0 you would need enable notes.ini <strong>USE_WEAK_SSL_CIPHERS=1</strong></span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> nshciphers domino.nashcom.de -r</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> ------------------------------------------</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C030, TLSv1.2, ECDHE-RSA-AES256-GCM-SHA384 , TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> 009F, TLSv1.2, DHE-RSA-AES256-GCM-SHA384 , TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C02F, TLSv1.2, ECDHE-RSA-AES128-GCM-SHA256 , TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> 009E, TLSv1.2, DHE-RSA-AES128-GCM-SHA256 , TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C028, TLSv1.2, ECDHE-RSA-AES256-SHA384 , TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> 006B, TLSv1.2, DHE-RSA-AES256-SHA256 , TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> C027, TLSv1.2, ECDHE-RSA-AES128-SHA256 , TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> 0067, TLSv1.2, DHE-RSA-AES128-SHA256 , TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> ------------------------------------------</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Log of week ciphers</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> You can see here that the right hand ciphers with RSA only have been listed as weak ciphers when starting HTTP in my case:</span><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> <br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_AES_256_GCM_SHA384. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_AES_128_GCM_SHA256. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_AES_256_CBC_SHA256. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_AES_128_CBC_SHA256. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_AES_128_CBC_SHA. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_3DES_EDE_CBC_SHA. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><tt><span style=" font-size:10pt"><br /> SSLDisableExportCiphers> Disabling weak cipher RSA_WITH_RC4_128_SHA. Set notes.ini "USE_WEAK_SSL_CIPHERS=1" to re-enable.</span></tt><span style=" font-size:12pt"> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> <br /> <br /> Conclusion</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Running a RSA key/cert for SMTP is an important requirement. </strong><br /> <br /> Depending on your use case, you might want to also enable weaker ciphers in Domino 14.0 for SMTP only.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Which isn't really lowering your security in general because of <strong>secure renegotiation</strong>. <br /> <br /> I am personally keeping the stronger cipher list with RSA and ECDSA.<br /> But now you know what you can do if you have older SMTP server which can't connect any more.<br /> <br /> <br /> ---</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><strong><br /> <br /> Two test tools that might help you (but you need to compile them on your own)</strong></span><span style=" font-size:12pt"> </span><span style=" font-size:12pt;color:blue"><u><br /> <br /> </u></span><a href="https://github.com/nashcom/nsh-tools/tree/main/nshcipher"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://github.com/nashcom/nsh-tools/tree/main/nshcipher</u></span></a><span style=" font-size:10pt;font-family:sans-serif"> </span><span style=" font-size:12pt;color:blue"><u><br /> </u></span><a href="https://github.com/nashcom/nsh-tools/tree/main/nshmailx"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://github.com/nashcom/nsh-tools/tree/main/nshmailx</u></span></a><span style=" font-size:12pt"> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/important-for-domino-smtp-with-ecdsa-keys-for-starttls.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>End Of General Availability of the Free vSphere Hypervisor (ESXi 7.x and 8.x)</title>
<pubDate>Fri, 15 Mar 2024 23:12:49 +0200</pubDate>
<description>
<![CDATA[
https://kb.vmware.com/s/article/2107518 Broadcom pulled the plug on VMware's most well known base level project used by many home office users. Admins also used it to learn to use the basic functio ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/end-of-general-availability-of-the-free-vsphere-hypervisor-esxi-7.x-and-8.x.htm</link>
<category></category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/end-of-general-availability-of-the-free-vsphere-hypervisor-esxi-7.x-and-8.x.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/end-of-general-availability-of-the-free-vsphere-hypervisor-esxi-7.x-and-8.x.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:12pt;color:blue"><u><br /> </u></span><a href=https://kb.vmware.com/s/article/2107518><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://kb.vmware.com/s/article/2107518</u></span></a><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Broadcom pulled the plug on VMware's most well known base level project used by many home office users.<br /> Admins also used it to learn to use the basic functionality working with it at home.<br /> <br /> A 60 days trial license of the full product is not the same experience then using it for own home office operations.<br /> Free access to the base technology was a great move of VMware IMHO.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Beside all the changes Broadcom did in the partner program, OEMs, the portfolio, this sounds like the one that will have the biggest long term impact.<br /> This might not interest the current steak holders who get their bonus on short term profit increase.<br /> <br /> It could be the final start for many IT professionals and companies to look for alternate solutions.<br /> <br /> Linux provides kernel level virtualization "KVM" which is used in other great products like the Proxmox server.<br /> The internet is powered by Linux and native virtualization.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Short term profit alone isn't sustainable for a company. Loosing the base in the community will kick back sooner or later.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> You can expect more posts from me about other virtualization technologies.</span> <br /> <br /><span style=" font-size:12pt">---</span> <br /> <br /><span style=" font-size:10pt;font-family:sans-serif">Another interesting blog post came up in private discussions --> </span><a href=https://www.theregister.com/2022/05/30/broadcom_strategy_vmware_customer_impact/><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://www.theregister.com/2022/05/30/broadcom_strategy_vmware_customer_impact/</span></a><span style=" font-size:10pt;font-family:sans-serif"><br /> <br /> Maximizing the ROI ins understandable. But I am not sure if this strategy will work longer term -- even for those customers it is harder to move.<br /> Maybe those companies who can't be move that easy will still look for alternate solutions, because they can't risk to put all they eggs in one basked.<br /> </span> <br /><span style=" font-size:10pt;font-family:sans-serif">-- Daniel</span><span style=" font-size:12pt"><br /> </span> <br /><span style=" font-size:12pt"><br /> </span><img alt="Image:End Of General Availability of the Free vSphere Hypervisor (ESXi 7.x and 8.x)" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/end-of-general-availability-of-the-free-vsphere-hypervisor-esxi-7.x-and-8.x.htm/content/M2?OpenElement" /><span style=" font-size:12pt"><br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/end-of-general-availability-of-the-free-vsphere-hypervisor-esxi-7.x-and-8.x.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/end-of-general-availability-of-the-free-vsphere-hypervisor-esxi-7.x-and-8.x.htm?opendocument&comments</wfw:comment>
</item>
<item>
<title>Introducing the Domino native Linux installer and Domino Linux Menu</title>
<pubDate>Fri, 15 Mar 2024 12:02:04 +0200</pubDate>
<description>
<![CDATA[
When I ask a question like "why admins are not moving to Domino on Linux" I might have a plan in my head already. I cannot solve all the challenges for you at once. But I am helping over years with ...
]]>
</description>
<link>https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm</link>
<category>Domino</category>
<dc:creator>Daniel Nashed</dc:creator>
<comments>https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm?opendocument&comments</comments>
<guid isPermaLink="true">https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm</guid>
<content:encoded><![CDATA[ <span style=" font-size:10pt;font-family:sans-serif"><br /> When I ask a question like "why admins are not moving to Domino on Linux" I might have a plan in my head already.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I cannot solve all the challenges for you at once. But I am helping over years with my Domino Start Script to get Domino on Linux easier to run.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The start script already helps to perform standard operations.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Istallation is and some other operations might be still more complicated at first glance on Linux.<br /> <br /> Picking the right distribution should be covered in this HCL community project --> </span><a href="https://opensource.hcltechsw.com/domino-linux/"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://opensource.hcltechsw.com/domino-linux/</u></span></a><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> And you will see more information been added there over time.</span><span style=" font-size:12pt"> <br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Domino Server Automatic Installation</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I introduced a build menu into the HCL Domino Community image process recently.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> And I took that logic and I am making it available for native installations as well.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> This new option also offers automated downloads via the recently released Domino Download script </span><a href="https://nashcom.github.io/domino-startscript/domdownload/"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://nashcom.github.io/domino-startscript/domdownload/</u></span></a><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The installation works on all major Linux distributions and allows to install all components automatically.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I am still preferring the container build process, because this will be a much cleaner way to install Domino from scratch for every image build.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> In addition this generates a well defined image which can be tested and applied to any server.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But this installation option might be helpful for many admins on regular/native Domino servers.</span><span style=" font-size:12pt"> <br /> <br /> </span><img alt="Image:Introducing the Domino native Linux installer and Domino Linux Menu" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm/content/M2?OpenElement" /><span style=" font-size:12pt"><br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Domino Server Configuration</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Once you have server installed, the next challenge is to get the server up and running.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The HCL open source project for One Touch Setup (OTS) could be a good starting point for you.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> (see </span><a href="https://github.com/HCL-TECH-SOFTWARE/domino-one-touch-setup"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://github.com/HCL-TECH-SOFTWARE/domino-one-touch-setup</u></span></a><span style=" font-size:10pt;font-family:sans-serif">)</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But the Domino start script already comes with pre-defined OTS configuration templates and will prompt for configuration parameters to merge into the configuration.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> A new menu option for the Start Script project can guide you for invoking the configuration.</span><span style=" font-size:12pt"> <br /> <br /> <br /> </span><img alt="Image:Introducing the Domino native Linux installer and Domino Linux Menu" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm/content/M3?OpenElement" /><span style=" font-size:12pt"><br /> <br /> </span><img alt="Image:Introducing the Domino native Linux installer and Domino Linux Menu" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm/content/M4?OpenElement" /><span style=" font-size:12pt"><br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Domino Start Script Menu</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Once your server is configured, the start script can start and stop the server among many other options.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I took the most important options and added them to a start script menu.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> The menu is automatically invoked if you run the "domino" command without any parameters.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Existing functionality is still available via <u>command line</u>.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> I am not planning to build cascaded menus to provide every option of the start script .</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> This menu is intended to simplify standard Domino operations.</span><span style=" font-size:12pt"> <br /> <br /> <br /> </span><img alt="Image:Introducing the Domino native Linux installer and Domino Linux Menu" border="0" src="https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm/content/M5?OpenElement" /><span style=" font-size:12pt"><br /> <br /> </span><span style=" font-size:12pt;font-family:sans-serif"><strong><br /> Feedback?</strong></span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> This will not solve all challenges admins have today running Domino on Linux.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> But I think this is a good next step and will help many of you.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> We have to spend more time on how-to and tutorial material for Domino on Linux.</span><span style=" font-size:12pt"> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> And the community needs your help for providing content and feedback.</span><span style=" font-size:12pt"> <br /> </span><span style=" font-size:12pt;color:blue"><u><br /> </u></span><a href="https://opensource.hcltechsw.com/domino-linux/"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://opensource.hcltechsw.com/domino-linux/</u></span></a><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> Domino Backup on Linux for sure is another interesting topic (part of another HCL open source project --> </span><a href="https://opensource.hcltechsw.com/domino-backup/"><span style=" font-size:10pt;color:blue;font-family:sans-serif"><u>https://opensource.hcltechsw.com/domino-backup/</u></span></a><span style=" font-size:12pt"> <br /> </span><span style=" font-size:10pt;font-family:sans-serif"><br /> What to you think? Is this helpful? Keep me posted on what else is challenging.</span><span style=" font-size:12pt"> <br /> <br /> </span> ]]></content:encoded>
<wfw:commentRss> https://blog.nashcom.de/nashcomblog.nsf/dxcomments/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm</wfw:commentRss>
<wfw:comment> https://blog.nashcom.de/nashcomblog.nsf/dx/introducing-the-domino-native-linux-installer-and-domino-linux-menu.htm?opendocument&comments</wfw:comment>
</item>
</channel></rss>
If you would like to create a banner that links to this page (i.e. this validation result), do the following:
Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src
attribute if necessary):
If you would like to create a text link instead, here is the URL you can use:
http://www.feedvalidator.org/check.cgi?url=http%3A//blog.nashcom.de/nashcomblog.nsf/feed.rss