|
From: | Dirk Willems |
Subject: | Re: [Health] installation problem on unix |
Date: | Sat, 9 Sep 2017 00:45:52 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Hello Luis,
Like I promised below you will find the installation setup for installing GNUHEALTH ON OmniOSCE. I really recommend you to try it out, it's really mind blowing stuff what they all can do with OmniOSCE .... Also I really encourage you to develop further on OmniOSCE and
check in the mailinglist of illumos and OmniOSCE. https://wiki.illumos.org/display/illumos/illumos+Mailing+Lists
However do have some questions witch will have defiantly a good
reason for it but just out of curiosity ... - Why using Tryton (never heard before sorry ) and not make it
browsable and write it complete in php for example ? So you don't need a client and can even use it on a tablet or
smartphone (pritty handy for home dokters who has to go form home
to home and don't want to carrier a lot of stuff with them like my
home dokter :) - Why using Postgresql because it's recommend on tryton ? Did you already tried it on a Percona ? - Who is al using your Wonderfull program ? Is it big in Hospitals in Spain other Hospitals in Europe, Germany or in the World ? - What is the view of the Goverment on it ? - Do have other questions but would great to have a chat on it and changing some ideas ...
Nice ! It is indeed a quite small footprint in memory and disk (disk space will grow though :-) ). Actually I was about to tell you that it would be nice to have some specs on GNU Health running on OmniOSCE. We should come up with some benchmark tools for GNU Health to test different components and scenarios.
Yes we defiantly can do some benchmark on it :) => you will
have to explain me how to run the benchmarks :)
Do it need some more fine tuning and optimalisation = defiantly yes always ;)
Thanks a lot for all the feedback and help and have fun with it ;)
Install OmniOSCE and create GNUHEALTH zone
Install OmniOSCE Global Zone and GNUHealth Non-Global Zone
http://www.omniosce.org/setup/freshinstall.html https://github.com/jfqd/OmniOSce-wiki or https://omnios.omniti.com/wiki.php/GeneralAdministration
On Global Zone (the DATA pool is compressed with lz4)
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT DATA 1,22T 443G 805G - 16% 35% 1.00x ONLINE - rpool 136G 27,2G 109G - 72% 19% 1.00x ONLINE -
pool: DATA state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM DATA ONLINE 0 0 0 c1t2d0 ONLINE 0 0 0 c1t3d0 ONLINE 0 0 0 mirror-2 ONLINE 0 0 0 c1t4d0 ONLINE 0 0 0 c1t5d0 ONLINE 0 0 0 errors: No known data errors address@hidden:~# zfs create -o mountpoint=none DATA/Zones/GNUHealth/ROOT/export address@hidden:~# zfs create -o mountpoint=none DATA/Zones/GNUHealth/ROOT/export/home address@hidden:~# zfs create -o mountpoint=none DATA/Zones/GNUHealth/ROOT/export/home/gnuhealth
address@hidden:~# passwd root address@hidden:~# vi /etc/ssh/sshd_config => PermitRootLogin no
address@hidden:~# vi /etc/resolv.conf nameserver ......
address@hidden:~# svcs -a | grep dns disabled 11:17:00 svc:/network/dns/install:default disabled 11:17:00 svc:/network/dns/client:default disabled 11:17:01 svc:/network/dns/multicast:default address@hidden:~# svcadm enable svc:/network/dns/client:default address@hidden:~# svcs -a | grep dns disabled 11:17:00 svc:/network/dns/install:default disabled 11:17:01 svc:/network/dns/multicast:default online 11:31:56 svc:/network/dns/client:default
address@hidden:~# cp /etc/nsswitch.conf{,.bak} address@hidden:~# cp /etc/nsswitch. {dns,conf}
address@hidden:~# cat /etc/nsswitch.conf
hosts: files dns mdns
# Note that IPv4 addresses are searched for in all of the ipnodes databases # before searching the hosts databases. ipnodes: files dns mdns
address@hidden:~# svcadm refresh nsswitch.conf
address@hidden:~# svcs -a | grep ntp => only on global zone => vi /etc/inet/ntp.conf
address@hidden:~# cat /etc/default/init => in global zone and in non-global zone TZ=Europe/Brussels
Create GNUHEALTH USER in Non-Global Zone
address@hidden:/export/home# useradd -u 1000 -g staff -d /export/home/gnuhealth/ -c gnuhealth -s /usr/bin/bash -m gnuhealth UX: useradd: gnuhealth name too long. ( ignore user is created)
address@hidden:~# passwd gnuhealth
address@hidden:~# chown -R gnuhealth:staff /export/home/gnuhealth
Add pkgsrc repo of joyent
address@hidden:~# pwd /root
Go to site => https://pkgsrc.joyent.com/install-on-illumos/
And execute
address@hidden:~# BOOTSTRAP_TAR="bootstrap-2017Q2-x86_64.tar.gz" address@hidden:~# BOOTSTRAP_SHA="76395983001441108c3ca3ed77d6e071387cc2f5" address@hidden:~# curl -O https://pkgsrc.joyent.com/packages/SmartOS/bootstrap/${BOOTSTRAP_TAR} % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 62.2M 100 62.2M 0 0 560k 0 0:01:53 0:01:53 --:--:-- 490k address@hidden:~# [ "${BOOTSTRAP_SHA}" = "$(/bin/digest -a sha1 ${BOOTSTRAP_TAR})" ] || echo "ERROR: checksum failure" address@hidden:~# tar -zxpf ${BOOTSTRAP_TAR} -C / address@hidden:~# export PATH=/opt/local/sbin:/opt/local/bin:$PATH address@hidden:~# export MANPATH=/opt/local/man:$MANPATH address@hidden:~# vi .profile export PATH=/opt/local/sbin:/opt/local/bin:$PATH export MANPATH=/opt/local/man:$MANPATH address@hidden:~# pkgin update address@hidden:~# pkgin install gcc49-4.9.4nb1 gtar-1.29 gpgme-1.8.0 postgresql94-server-9.4.12 python36-3.6.1nb2 py36-pip-9.0.1 py36-psycopg2-2.7.1 py36-lxml-3.8.0 py36-Pillow-4.1.1 patch-2.7.5 coreutils-8.26
Postgres
address@hidden:~# sudo -i -u postgres
address@hidden:~# vi /var/pgsql/data/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust => don’t need to => need more test !!! # IPv6 local connections:
address@hidden:~# svcs -a | grep post address@hidden:~# svcadm refresh svc:/pkgsrc/postgresql:default address@hidden:~# svcadm enable svc:/pkgsrc/postgresql:default address@hidden:~# sudo -i -u postgres address@hidden:~$ createuser --createdb --no-createrole --no-superuser gnuhealth address@hidden:~$ psql address@hidden:~# su - gnuhealth address@hidden:/export/home/gnuhealth $ cat .bash_profile [[ -f /export/home/gnuhealth//.gnuhealthrc ]] && source /export/home/gnuhealth//.gnuhealthrc
export PATH=/opt/local/gcc49/bin:/usr/bin/gcc:/opt/local/sbin:/opt/local/bin:$PATH export MANPATH=/opt/local/man:$MANPATH
address@hidden:~$ wget https://ftp.gnu.org/gnu/health/gnuhealth-latest.tar.gz --2017-08-18 12:31:29-- https://ftp.gnu.org/gnu/health/gnuhealth-latest.tar.gz Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b Connecting to ftp.gnu.org|208.118.235.20|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 10210541 (9.7M) [application/x-gzip] Saving to: 'gnuhealth-latest.tar.gz'
gnuhealth-latest.tar.gz 100%[=====================================>] 9.74M 1.09MB/s in 9.2s
2017-08-18 12:31:39 (1.06 MB/s) - 'gnuhealth-latest.tar.gz' saved [10210541/10210541]
address@hidden:~$ gpg2 --recv-key gpg.mit.edu 0xC015E1AE00989199 Warning: using insecure memory! gpg: "gpg.mit.edu" not a key ID: skipping gpg: requesting key 00989199 from hkp server keys.gnupg.net gpg: key 00989199: "Luis Falcon (GNU) <address@hidden>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 address@hidden:~$ gpg2 --with-fingerprint --list-keys 0xC015E1AE00989199 Warning: using insecure memory! pub 4096R/00989199 2017-05-06 Key fingerprint = ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199 uid [ unknown] Luis Falcon (GNU) <address@hidden> uid [ unknown] Luis Falcon (GNU Health) <address@hidden> sub 4096R/EF9E0F9A 2017-05-06
address@hidden:~$ wget ftp://ftp.gnu.org/gnu/health/gnuhealth-3.2.1.tar.gz.sig --2017-08-18 12:32:17-- ftp://ftp.gnu.org/gnu/health/gnuhealth-3.2.1.tar.gz.sig => 'gnuhealth-3.2.1.tar.gz.sig' Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b Connecting to ftp.gnu.org|208.118.235.20|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /gnu/health ... done. ==> SIZE gnuhealth-3.2.1.tar.gz.sig ... 566 ==> PASV ... done. ==> RETR gnuhealth-3.2.1.tar.gz.sig ... done. Length: 566 (unauthoritative)
gnuhealth-3.2.1.tar.gz.sig 100%[=====================================>] 566 --.-KB/s in 0.001s
2017-08-18 12:32:18 (657 KB/s) - 'gnuhealth-3.2.1.tar.gz.sig' saved [566]
address@hidden:~$ gpg2 --verify gnuhealth-3.2.1.tar.gz.sig gnuhealth-latest.tar.gz Warning: using insecure memory! gpg: Signature made Sat Jul 22 15:46:48 2017 CEST using RSA key ID 00989199 gpg: Good signature from "Luis Falcon (GNU) <address@hidden>" [unknown] gpg: aka "Luis Falcon (GNU Health) <address@hidden>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199
address@hidden:~$ gtar -xvf gnuhealth-latest.tar address@hidden:~$ cd gnuhealth-3.2.1
Modify the scripts add all in RED
address@hidden:~$ vi gnuhealth-setup
get_url() { # $1 : Module name # return : URL to download echo ${TRYTON_BASE_URL}/${TRYTON_VERSION}/$(wget --quiet -O- ${TRYTON_BASE_URL}/${TRYTON_VERSION} | gegrep -o "${1}-${TRYTON_VERSION}.[0-9\.]+.tar.gz" | gsort -V | tail -1) }
# Copy Tryton configuration files
cp -r ${GNUHEALTH_INST_DIR}/config/* ${CONFIG_DIR} || bailout
address@hidden:~$ vi .gnuhealthrc
# Get the most current Tryton server version # It should only be one trytond, but just in case.. TRYTOND=`ls -1d ${GNUHEALTH_DIR}/tryton/server/trytond-* | gegrep -o "trytond-[0-9\.]+.[0-9\.]+.[0-9\.]+" | gsort -V | tail -1`
address@hidden:~$ bash -x ./gnuhealth-setup install
2017-08-19 21:25:58 [INFO] Installation of GNU Health version 3.2.1 successful !
address@hidden:~$ editconf => add / so you get /// [database] uri = postgresql:///localhost:5432
Editconf => for your information
postgresql:/// connects over a UDP socket and can use the Unix userid to authenticate. postgresql://host:port/ connects over TCP, where the userid of the remote end is not known (or cannot be trusted).It's a bit of a simplification to say pg_hba.conf doesn't matter: you need to allow Unix domain socket connections in that config file if you want paswordless logins. It's just that the default settings already allow that.
address@hidden:~$ cd /export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin/ address@hidden:~$ ./trytond --verbose
24348 1 [2017-09-03 22:22:43,611] INFO trytond.modules purchase_request:registering classes 24348 1 [2017-09-03 22:22:43,614] INFO trytond.modules stock_supply:registering classes 24348 1 [2017-09-03 22:22:43,659] INFO werkzeug * Running on http://192.168.1.42:8000/ (Press CTRL+C to quit)
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ nohup ./trytond & [1] 25690
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ netstat -an | grep 8000
192.168.1.42.8000 *.* 0 0 128000 0 LISTEN
Create Database
address@hidden:/export/home/gnuhealth $ createdb health320--encoding=unicode --local=C --template=template0 address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ ./trytond-admin -c /export/home/gnuhealth/gnuhealth/tryton/server/config/trytond.conf -d health320--all -v -p 29527 1 [2017-09-04 20:04:45,034] INFO trytond.backend.postgresql.database connect to "health320" 29527 1 [2017-09-04 20:04:45,058] INFO trytond.admin init db 29527 1 [2017-09-04 20:05:05,917] INFO trytond.modules res:loading user.xml 29527 1 [2017-09-04 20:05:06,207] INFO trytond.modules res:loading ir.xml 29527 1 [2017-09-04 20:05:07,216] INFO trytond.modules all modules loaded Admin Password for health320: Admin Password Confirmation:
Resources is use
Cpus/Online: 24/24 Physical: 71.9G Virtual: 75.9G ----------CPU---------- ----PHYSICAL----- -----VIRTUAL----- ZONE USED %PART %CAP %SHRU USED PCT %CAP USED PCT %CAP [total] 0.38 1.60% - - 16.1G 22.3% - 25.9G 34.1% - [system] 0.08 0.35% - - 5912M 8.02% - 15.1G 19.8% - global 0.28 1.20% - - 9473M 12.8% 99.9% 9497M 12.2% - GNUHealth 0.00 0.01% - - 165M 0.22% 99.7% 294M 0.37% - NGINX 0.00 0.00% - - 64.1M 0.08% 99.2% 96.4M 0.12% -
DATA/Zones2/GNUHealth used 2,38G DATA/Zones2/GNUHealth compressratio 1.89x DATA/Zones2/GNUHealth compression lz4 inherited from DATA DATA/Zones2/GNUHealth recordsize 128K default
Maybe here we have to
set the recordsize on 8K => for Oracle Database on
Solaris 11 it is the case not sure for Postgress => if
true then we have to put the postgresql on another
filesystem where we can put the recordsize on 8K.
Also make
bootenvironments of your zone and zfs snapshot's, In case you want
to clone it or reinstall it very handy ;)
For
reinstalling if you lost everything (almost impossible with
OmniOSCE ;) What we do is
booting from a live media get a terminal recreate/create the rpool
=> zfs receive the snapshot to the rpool => create a boot
environment and reboot => everything is back just take the
time to transfer the rpool data witch is in most cases very small
....
* OPTIONAL
Get Let’s encrypt certificate https://github.com/Neilpang/acme.sh
NGINX Config
address@hidden:/opt/local/etc/nginx/sites-enabled# cat GNUHealth upstream gnuhealth { server 10.0.0.2:8000; }
server { listen 80; server_name gnuhealth.example.com; return 301 https://$server_name$request_uri;
location ~^/.well-known/acme-challenge { allow all; root /var/www/proxy/GNUHealth; auth_basic off; } }
server { listen 443 ssl http2; server_name gnuhealth.example.com; more_set_headers "Server: NOT OF YOUR BUSINESS"; server_tokens off;
ssl on; ssl_certificate /opt/local/etc/nginx/certs/gnuhealth.fullchain.pem; ssl_certificate_key /opt/local/etc/nginx/certs/gnuhealth.key.pem; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m;
#Enable HSTS add_header Strict-Transport-Security max-age=63072000;
# Do not allow this site to be displayed in iframes add_header X-Frame-Options DENY;
# Do not permit Content-Type sniffing. add_header X-Content-Type-Options nosniff;
location / { client_max_body_size 204800M; proxy_set_header Connection ""; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; proxy_pass http://gnuhealth; }
location ~^/.well-known/acme-challenge { allow all; root /var/www/proxy/GNUHealth; auth_basic off; } }
Test Your SSL Connection
https://www.ssllabs.com/ssltest/
You should get something like this !!!
So Now your Frontend is Fully Encrypted with Let’s encrypt SSL TLS1.2 Your Backend doesn’t need to because of the internal switch witch cannot break out !!!
=> need to do some stuff => getting the service online* but isn’t yet running
address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ cat trytond.xml <?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> <service_bundle type='manifest' name='GNUHEALTH'> <service name='application/GNUHEALTH' type='service' version='0'> <create_default_instance enabled='true'/> <single_instance/> <dependency name='multi-user-server' type='service' grouping='require_all' restart_on='none'> <service_fmri value='svc:/milestone/multi-user-server:default' /> </dependency> <dependency name='network' grouping='require_all' restart_on='error' type='service'> <service_fmri value='svc:/milestone/network:default'/> </dependency> <dependency name='filesystem-local' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local:default'/> </dependency>
<method_context> <method_credential user='gnuhealth' group='staff' privileges=':default' /> <method_environment> <envvar name='HOME' value='/export/home/gnuhealth' /> <envvar name='gnuhealthrc' value='/export/home/gnuhealth//.gnuhealthrc' /> <envvar name='PATH' value='/opt/local/gcc49/bin:/usr/bin/gcc:/opt/local/sbin:/opt/local/bin:/usr/sbin:/usr/bin:$PATH' /> <envvar name='MANPATH' value='/opt/local/man:$MANPATH' /> </method_environment> </method_context>
<exec_method name='start' type='method' exec='/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin/trytond' timeout_seconds='60' />
<exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/> <exec_method name='refresh' type='method' exec=':kill -HUP' timeout_seconds='60'/>
<property_group name='startd' type='framework'> <propval name='duration' type='astring' value='contract'/> <propval name='ignore_error' type='astring' value='core,signal'/> </property_group> <template> <common_name> <loctext xml:lang='C'>GNUHEALTH daemon</loctext> </common_name> </template> </service> </service_bundle>
On 05-09-17 01:51, Luis Falcon wrote:
Hi Dirk ! On Mon, 4 Sep 2017 23:32:25 +0200postgresql:/// connects over a UNIX socket and can use the Unix userid to authenticate. postgresql://host:port/ connects over TCP, where the userid of the remote end is not known (or cannot be trusted). It's a bit of a simplification to say pg_hba.conf doesn't matter: you need to allow Unix domain socket connections in that config file if you want paswordless logins. It's just that the default settings already allow that. see => uri = postgresql:///localhost:5432Thanks for the update! Yeah, it's a bit tricky, and different Operating Systems / distros come with different default pg_hba.conf files. [...]address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ ./trytond-admin -c /export/home/gnuhealth/gnuhealth/tryton/server/config/trytond.conf -d vic --all -v -p Admin Password Confirmation: Now everything works cool :) So GNUHEALTH is running on OmniOSCE server and tryton-client on a debian with remote connection over lanWonderful ! Congratulations !!Next thing to do is installing the NGINX config and encrypt everything with Let's encrypt and giving you the install documentation like promised so some little patient please I'm having a busy weeks on my work ...Great ! Thanks a lot . Documentation is key :)Ps => GNUHealth zone is using 315 MB on Memory GNUHealth 0.00 0.00% - - 315M 0.42% 99.8% 381M 0.49% -and use 2,36 GB on disk => full OS + postgress => ok without any data just installed it from scratch DATA/Zones2/GNUHealth 2,36G 741G 24K /Zones2/GNUHealthNice ! It is indeed a quite small footprint in memory and disk (disk space will grow though :-) ). Actually I was about to tell you that it would be nice to have some specs on GNU Health running on OmniOSCE. We should come up with some benchmark tools for GNU Health to test different components and scenarios.Keep you posting with all the documentation after the NGINX setup ... Thanks again Luis you're a very great man very much appreciations !!!Thanks to you, Dirk, for all the work and very valuable feedback. Welcome again to the GNU Health community ! All the best, LuisKind Regards, Dirk On 04-09-17 20:16, Luis Falcon wrote:Hi Dirk ! On Mon, 4 Sep 2017 16:09:48 +0200 Dirk Willems <address@hidden> wrote:Hello Luis, Installed the gtar and now is working fine, server is listen on *:8000 :)Excellent news ! :)Database is created but when running the trytond-admin it goes wrong ... address@hidden:/export/home/gnuhealth/gnuhealth/tryton/server/trytond-4.2.6/bin $ ./trytond-admin --all --database=vic Any suggestions what I miss or can I created the database completely manually ? Thanks in advance.Use the "trust" method to connect to the DB. Check the following https://en.wikibooks.org/wiki/GNU_Health/Installation#Verify_PostgreSQL_authentication_method And restart postgresql server. Let us know how it went... you're almost there ! :) Bests, Luis --
|
[Prev in Thread] | Current Thread | [Next in Thread] |