Hello Luis,
Like I promised below you will find the installation setup for installing GNUHEALTH ON OmniOSCE.
I really recommend you to try it out, it's really mind blowing stuff what they all can do with OmniOSCE ....
Also I really encourage you to develop further on OmniOSCE and
check in the mailinglist of illumos and OmniOSCE.
https://wiki.illumos.org/display/illumos/illumos+Mailing+Lists
However do have some questions witch will have defiantly a good
reason for it but just out of curiosity ...
- Why using Tryton (never heard before sorry ) and not make it
browsable and write it complete in php for example ?
So you don't need a client and can even use it on a tablet or
smartphone (pritty handy for home dokters who has to go form home
to home and don't want to carrier a lot of stuff with them like my
home dokter :)
- Why using Postgresql because it's recommend on tryton ?
Did you already tried it on a Percona ?
- Who is al using your Wonderfull program ? Is it big in Hospitals in Spain other Hospitals in Europe, Germany or in the World ?
- What is the view of the Goverment on it ?
- Do have other questions but would great to have a chat on it and changing some ideas ...
Nice ! It is indeed a quite small footprint in memory and disk (disk space will grow though :-) ). Actually I was about to tell you that it would be nice to have some specs on GNU Health running on OmniOSCE. We should come up with some benchmark tools for GNU Health to test different components and scenarios.
Yes we defiantly can do some benchmark on it :) => you will
have to explain me how to run the benchmarks :)
Do it need some more fine tuning and optimalisation = defiantly yes always ;)
Thanks a lot for all the feedback and help and have fun with it ;)
Install OmniOSCE and create GNUHEALTH zone
Install OmniOSCE Global Zone and GNUHealth Non-Global Zone
http://www.omniosce.org/setup/freshinstall.html
https://github.com/jfqd/OmniOSce-wiki
or
https://omnios.omniti.com/wiki.php/GeneralAdministration
On Global Zone (the DATA pool is compressed with lz4)
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
DATA 1,22T 443G 805G - 16% 35% 1.00x ONLINE -
rpool 136G 27,2G 109G - 72% 19% 1.00x ONLINE -
pool: DATA
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
DATA ONLINE 0 0 0
c1t2d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0
mirror-2 ONLINE 0 0 0
c1t4d0 ONLINE 0 0 0
c1t5d0 ONLINE 0 0 0
errors: No known data errors
address@hidden:~# zfs create -o mountpoint=none DATA/Zones/GNUHealth/ROOT/export
address@hidden:~# zfs create -o mountpoint=none DATA/Zones/GNUHealth/ROOT/export/home
address@hidden:~# zfs create -o mountpoint=none DATA/Zones/GNUHealth/ROOT/export/home/gnuhealth
address@hidden:~# passwd root
address@hidden:~# vi /etc/ssh/sshd_config
=> PermitRootLogin no
address@hidden:~# vi /etc/resolv.conf
nameserver ......
address@hidden:~# svcs -a | grep dns
disabled 11:17:00 svc:/network/dns/install:default
disabled 11:17:00 svc:/network/dns/client:default
disabled 11:17:01 svc:/network/dns/multicast:default
address@hidden:~# svcadm enable svc:/network/dns/client:default
address@hidden:~# svcs -a | grep dns
disabled 11:17:00 svc:/network/dns/install:default
disabled 11:17:01 svc:/network/dns/multicast:default
online 11:31:56 svc:/network/dns/client:default
address@hidden:~# cp /etc/nsswitch.conf{,.bak}
address@hidden:~# cp /etc/nsswitch. {dns,conf}
address@hidden:~# cat /etc/nsswitch.conf
hosts: files dns mdns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files dns mdns
address@hidden:~# svcadm refresh nsswitch.conf
address@hidden:~# svcs -a | grep ntp => only on global zone
=> vi /etc/inet/ntp.conf
address@hidden:~# cat /etc/default/init => in global zone and in non-global zone
TZ=Europe/Brussels
Create GNUHEALTH USER in Non-Global Zone
address@hidden:/export/home# useradd -u 1000 -g staff -d /export/home/gnuhealth/ -c gnuhealth -s /usr/bin/bash -m gnuhealth
UX: useradd: gnuhealth name too long. ( ignore user is created)
address@hidden:~# passwd gnuhealth
address@hidden:~# chown -R gnuhealth:staff /export/home/gnuhealth
Add pkgsrc repo of joyent
address@hidden:~# pwd
/root
Go to site => https://pkgsrc.joyent.com/install-on-illumos/
And execute
address@hidden:~# BOOTSTRAP_TAR="bootstrap-2017Q2-x86_64.tar.gz"
address@hidden:~# BOOTSTRAP_SHA="76395983001441108c3ca3ed77d6e071387cc2f5"
address@hidden:~# curl -O https://pkgsrc.joyent.com/packages/SmartOS/bootstrap/${BOOTSTRAP_TAR}
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 62.2M 100 62.2M 0 0 560k 0 0:01:53 0:01:53 --:--:-- 490k
address@hidden:~# [ "${BOOTSTRAP_SHA}" = "$(/bin/digest -a sha1 ${BOOTSTRAP_TAR})" ] || echo "ERROR: checksum failure"
address@hidden:~# tar -zxpf ${BOOTSTRAP_TAR} -C /
address@hidden:~# export PATH=/opt/local/sbin:/opt/local/bin:$PATH
address@hidden:~# export MANPATH=/opt/local/man:$MANPATH
address@hidden:~# vi .profile
export PATH=/opt/local/sbin:/opt/local/bin:$PATH
export MANPATH=/opt/local/man:$MANPATH
address@hidden:~# pkgin update
address@hidden:~# pkgin install gcc49-4.9.4nb1 gtar-1.29 gpgme-1.8.0 postgresql94-server-9.4.12 python36-3.6.1nb2 py36-pip-9.0.1 py36-psycopg2-2.7.1 py36-lxml-3.8.0 py36-Pillow-4.1.1 patch-2.7.5 coreutils-8.26
Postgres
address@hidden:~# sudo -i -u postgres
address@hidden:~# vi /var/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust => don’t need to => need more test !!!
# IPv6 local connections:
address@hidden:~# svcs -a | grep post
address@hidden:~# svcadm refresh svc:/pkgsrc/postgresql:default
address@hidden:~# svcadm enable svc:/pkgsrc/postgresql:default
address@hidden:~# sudo -i -u postgres
address@hidden:~$ createuser --createdb --no-createrole --no-superuser gnuhealth
address@hidden:~$ psql
address@hidden:~# su - gnuhealth
address@hidden:/export/home/gnuhealth $ cat .bash_profile
[[ -f /export/home/gnuhealth//.gnuhealthrc ]] && source /export/home/gnuhealth//.gnuhealthrc
export PATH=/opt/local/gcc49/bin:/usr/bin/gcc:/opt/local/sbin:/opt/local/bin:$PATH
export MANPATH=/opt/local/man:$MANPATH
address@hidden:~$ wget https://ftp.gnu.org/gnu/health/gnuhealth-latest.tar.gz
--2017-08-18 12:31:29-- https://ftp.gnu.org/gnu/health/gnuhealth-latest.tar.gz
Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b
Connecting to ftp.gnu.org|208.118.235.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10210541 (9.7M) [application/x-gzip]
Saving to: 'gnuhealth-latest.tar.gz'
gnuhealth-latest.tar.gz 100%[=====================================>] 9.74M 1.09MB/s in 9.2s
2017-08-18 12:31:39 (1.06 MB/s) - 'gnuhealth-latest.tar.gz' saved [10210541/10210541]
address@hidden:~$ gpg2 --recv-key gpg.mit.edu 0xC015E1AE00989199
Warning: using insecure memory!
gpg: "gpg.mit.edu" not a key ID: skipping
gpg: requesting key 00989199 from hkp server keys.gnupg.net
gpg: key 00989199: "Luis Falcon (GNU) <address@hidden>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
address@hidden:~$ gpg2 --with-fingerprint --list-keys 0xC015E1AE00989199
Warning: using insecure memory!
pub 4096R/00989199 2017-05-06
Key fingerprint = ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199
uid [ unknown] Luis Falcon (GNU) <address@hidden>
uid [ unknown] Luis Falcon (GNU Health) <address@hidden>
sub 4096R/EF9E0F9A 2017-05-06
address@hidden:~$ wget ftp://ftp.gnu.org/gnu/health/gnuhealth-3.2.1.tar.gz.sig
--2017-08-18 12:32:17-- ftp://ftp.gnu.org/gnu/health/gnuhealth-3.2.1.tar.gz.sig
=> 'gnuhealth-3.2.1.tar.gz.sig'
Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b
Connecting to ftp.gnu.org|208.118.235.20|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /gnu/health ... done.
==> SIZE gnuhealth-3.2.1.tar.gz.sig ... 566
==> PASV ... done. ==> RETR gnuhealth-3.2.1.tar.gz.sig ... done.
Length: 566 (unauthoritative)
gnuhealth-3.2.1.tar.gz.sig 100%[=====================================>] 566 --.-KB/s in 0.001s
2017-08-18 12:32:18 (657 KB/s) - 'gnuhealth-3.2.1.tar.gz.sig' saved [566]
address@hidden:~$ gpg2 --verify gnuhealth-3.2.1.tar.gz.sig gnuhealth-latest.tar.gz
Warning: using insecure memory!
gpg: Signature made Sat Jul 22 15:46:48 2017 CEST using RSA key ID 00989199
gpg: Good signature from "Luis Falcon (GNU) <address@hidden>" [unknown]
gpg: aka "Luis Falcon (GNU Health) <address@hidden>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199
address@hidden:~$ gtar -xvf gnuhealth-latest.tar
address@hidden:~$ cd gnuhealth-3.2.1
Modify the scripts add all in RED
address@hidden:~$ vi gnuhealth-setup
get_url() {
# $1 : Module name
# return : URL to download
echo ${TRYTON_BASE_URL}/${TRYTON_VERSION}/$(wget --quiet -O- ${TRYTON_BASE_URL}/${TRYTON_VERSION} | gegrep -o "${1}-${TRYTON_VERSION}.[0-9\.]+.tar.gz" | gsort -V | tail -1)
}
# Copy Tryton configuration files
cp -r ${GNUHEALTH_INST_DIR}/config/* ${CONFIG_DIR} || bailout
address@hidden:~$ vi .gnuhealthrc
# Get the most current Tryton server version
# It should only be one trytond, but just in case..
TRYTOND=`ls -1d ${GNUHEALTH_DIR}/tryton/server/trytond-* | gegrep -o "trytond-[0-9\.]+.[0-9\.]+.[0-9\.]+" | gsort -V | tail -1`
address@hidden:~$ bash -x ./gnuhealth-setup install
2017-08-19 21:25:58 [INFO] Installation of GNU Health version 3.2.1 successful !
address@hidden:~$ editconf => add / so you get ///
[database]
uri = postgresql:///localhost:5432
Editconf => for your information
postgresql:/// connects over a UDP socket and can use the Unix userid to authenticate.
postgresql://host:port/ connects over TCP, where the userid of the remote end is not known (or cannot be trusted).It's a bit of a simplification to say pg_hba.conf doesn't matter: you need to allow Unix domain socket connections in that config file if you want paswordless logins. It's just that the default settings already allow that.
address@hidden:~$ cd /export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin/
address@hidden:~$ ./trytond --verbose
24348 1 [2017-09-03 22:22:43,611] INFO trytond.modules purchase_request:registering classes
24348 1 [2017-09-03 22:22:43,614] INFO trytond.modules stock_supply:registering classes
24348 1 [2017-09-03 22:22:43,659] INFO werkzeug * Running on http://192.168.1.42:8000/ (Press CTRL+C to quit)
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ nohup ./trytond &
[1] 25690
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ netstat -an | grep 8000
192.168.1.42.8000 *.* 0 0 128000 0 LISTEN
Create Database
address@hidden:/export/home/gnuhealth $ createdb health320--encoding=unicode --local=C --template=template0
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ ./trytond-admin -c /export/home/gnuhealth/gnuhealth/tryton/server/config/trytond.conf -d health320--all -v -p
29527 1 [2017-09-04 20:04:45,034] INFO trytond.backend.postgresql.database connect to "health320"
29527 1 [2017-09-04 20:04:45,058] INFO trytond.admin init db
29527 1 [2017-09-04 20:05:05,917] INFO trytond.modules res:loading user.xml
29527 1 [2017-09-04 20:05:06,207] INFO trytond.modules res:loading ir.xml
29527 1 [2017-09-04 20:05:07,216] INFO trytond.modules all modules loaded
Admin Password for health320:
Admin Password Confirmation:
Resources is use
Cpus/Online: 24/24 Physical: 71.9G Virtual: 75.9G
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
ZONE USED %PART %CAP %SHRU USED PCT %CAP USED PCT %CAP
[total] 0.38 1.60% - - 16.1G 22.3% - 25.9G 34.1% -
[system] 0.08 0.35% - - 5912M 8.02% - 15.1G 19.8% -
global 0.28 1.20% - - 9473M 12.8% 99.9% 9497M 12.2% -
GNUHealth 0.00 0.01% - - 165M 0.22% 99.7% 294M 0.37% -
NGINX 0.00 0.00% - - 64.1M 0.08% 99.2% 96.4M 0.12% -
DATA/Zones2/GNUHealth used 2,38G
DATA/Zones2/GNUHealth compressratio 1.89x
DATA/Zones2/GNUHealth compression lz4 inherited from DATA
DATA/Zones2/GNUHealth recordsize 128K default
Maybe here we have to
set the recordsize on 8K => for Oracle Database on
Solaris 11 it is the case not sure for Postgress => if
true then we have to put the postgresql on another
filesystem where we can put the recordsize on 8K.
Also make
bootenvironments of your zone and zfs snapshot's, In case you want
to clone it or reinstall it very handy ;)
For
reinstalling if you lost everything (almost impossible with
OmniOSCE ;)
What we do is
booting from a live media get a terminal recreate/create the rpool
=> zfs receive the snapshot to the rpool => create a boot
environment and reboot => everything is back just take the
time to transfer the rpool data witch is in most cases very small
....
* OPTIONAL
Get Let’s encrypt certificate
https://github.com/Neilpang/acme.sh
NGINX Config
address@hidden:/opt/local/etc/nginx/sites-enabled# cat GNUHealth
upstream gnuhealth {
server 10.0.0.2:8000;
}
server {
listen 80;
server_name gnuhealth.example.com;
return 301 https://$server_name$request_uri;
location ~^/.well-known/acme-challenge {
allow all;
root /var/www/proxy/GNUHealth;
auth_basic off;
}
}
server {
listen 443 ssl http2;
server_name gnuhealth.example.com;
more_set_headers "Server: NOT OF YOUR BUSINESS";
server_tokens off;
ssl on;
ssl_certificate /opt/local/etc/nginx/certs/gnuhealth.fullchain.pem;
ssl_certificate_key /opt/local/etc/nginx/certs/gnuhealth.key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#Enable HSTS
add_header Strict-Transport-Security max-age=63072000;
# Do not allow this site to be displayed in iframes
add_header X-Frame-Options DENY;
# Do not permit Content-Type sniffing.
add_header X-Content-Type-Options nosniff;
location / {
client_max_body_size 204800M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://gnuhealth;
}
location ~^/.well-known/acme-challenge {
allow all;
root /var/www/proxy/GNUHealth;
auth_basic off;
}
}
Test Your SSL Connection
https://www.ssllabs.com/ssltest/
You should get something like this !!!
So Now your Frontend is Fully Encrypted with Let’s encrypt SSL TLS1.2
Your Backend doesn’t need to because of the internal switch witch cannot break out !!!
=> need to do some stuff => getting the service online* but isn’t yet running
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ cat trytond.xml
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='GNUHEALTH'>
<service name='application/GNUHEALTH' type='service' version='0'>
<create_default_instance enabled='true'/>
<single_instance/>
<dependency name='multi-user-server' type='service' grouping='require_all' restart_on='none'>
<service_fmri value='svc:/milestone/multi-user-server:default' />
</dependency>
<dependency name='network' grouping='require_all' restart_on='error' type='service'>
<service_fmri value='svc:/milestone/network:default'/>
</dependency>
<dependency name='filesystem-local' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/system/filesystem/local:default'/>
</dependency>
<method_context>
<method_credential user='gnuhealth' group='staff' privileges=':default' />
<method_environment>
<envvar name='HOME' value='/export/home/gnuhealth' />
<envvar name='gnuhealthrc' value='/export/home/gnuhealth//.gnuhealthrc' />
<envvar name='PATH' value='/opt/local/gcc49/bin:/usr/bin/gcc:/opt/local/sbin:/opt/local/bin:/usr/sbin:/usr/bin:$PATH' />
<envvar name='MANPATH' value='/opt/local/man:$MANPATH' />
</method_environment>
</method_context>
<exec_method name='start' type='method' exec='/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin/trytond' timeout_seconds='60' />
<exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
<exec_method name='refresh' type='method' exec=':kill -HUP' timeout_seconds='60'/>
<property_group name='startd' type='framework'>
<propval name='duration' type='astring' value='contract'/>
<propval name='ignore_error' type='astring' value='core,signal'/>
</property_group>
<template>
<common_name>
<loctext xml:lang='C'>GNUHEALTH daemon</loctext>
</common_name>
</template>
</service>
</service_bundle>
Hi Dirk ! On Mon, 4 Sep 2017 23:32:25 +0200postgresql:/// connects over a UNIX socket and can use the Unix userid to authenticate. postgresql://host:port/ connects over TCP, where the userid of the remote end is not known (or cannot be trusted). It's a bit of a simplification to say pg_hba.conf doesn't matter: you need to allow Unix domain socket connections in that config file if you want paswordless logins. It's just that the default settings already allow that. see => uri = postgresql:///localhost:5432Thanks for the update! Yeah, it's a bit tricky, and different Operating Systems / distros come with different default pg_hba.conf files. [...]address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ ./trytond-admin -c /export/home/gnuhealth/gnuhealth/tryton/server/config/trytond.conf -d vic --all -v -p Admin Password Confirmation: Now everything works cool :) So GNUHEALTH is running on OmniOSCE server and tryton-client on a debian with remote connection over lanWonderful ! Congratulations !!Next thing to do is installing the NGINX config and encrypt everything with Let's encrypt and giving you the install documentation like promised so some little patient please I'm having a busy weeks on my work ...Great ! Thanks a lot . Documentation is key :)Ps => GNUHealth zone is using 315 MB on Memory GNUHealth 0.00 0.00% - - 315M 0.42% 99.8% 381M 0.49% -and use 2,36 GB on disk => full OS + postgress => ok without any data just installed it from scratch DATA/Zones2/GNUHealth 2,36G 741G 24K /Zones2/GNUHealthNice ! It is indeed a quite small footprint in memory and disk (disk space will grow though :-) ). Actually I was about to tell you that it would be nice to have some specs on GNU Health running on OmniOSCE. We should come up with some benchmark tools for GNU Health to test different components and scenarios.Keep you posting with all the documentation after the NGINX setup ... Thanks again Luis you're a very great man very much appreciations !!!Thanks to you, Dirk, for all the work and very valuable feedback. Welcome again to the GNU Health community ! All the best, LuisKind Regards, Dirk On 04-09-17 20:16, Luis Falcon wrote:Hi Dirk ! On Mon, 4 Sep 2017 16:09:48 +0200 Dirk Willems <address@hidden> wrote:Hello Luis, Installed the gtar and now is working fine, server is listen on *:8000 :)Excellent news ! :)Database is created but when running the trytond-admin it goes wrong ... address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ ./trytond-admin --all --database=vic Any suggestions what I miss or can I created the database completely manually ? Thanks in advance.Use the "trust" method to connect to the DB. Check the following https://en.wikibooks.org/wiki/GNU_Health/Installation#Verify_PostgreSQL_authentication_method And restart postgresql server. Let us know how it went... you're almost there ! :) Bests, Luis
| |
Dirk Willems System Engineer +32 (0)3 443 12 38 address@hidden Quality. Passion. Personality |
| |
|
| www.exitas.be | Veldkant 31 | 2550 Kontich | |
| |
|
|
Illumos OmniOS Installation and Configuration
Implementation Specialist.
Oracle Solaris 11 Installation and Configuration Certified Implementation Specialist. |
 |