GNU Health/Installation

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Requirements[edit | edit source]

The latest stable GNU Health Federation ecosystem uses these main resources:

  • Operating system: GNU/Linux or FreeBSD for the server.
  • RDBMS Database: PostgreSQL >= 10.x
  • Document-oriented Database for Health Information System / Person Master Index: PostgreSQL  :>= 10.x
  • Python: >= 3.6
  • uwsgi : >=2.0
  • Flask : 1.0
  • Tryton 6.0
  • Bash shell
  • PIP for Python 3, verify through:
    pip --version
    
    You should see python3, as in:
    pip x.x.x from /usr/local/lib/python3.6/site-packages (python 3.6)
    If you see python2.x then stop and get pip for Python 3.

Errata[edit | edit source]

Before you continue, please read the Errata chapter for the latest issues involved the installation or upgrade procedure.

Installing GNU Health on GNU/Linux and FreeBSD[edit | edit source]

Operating System requirements[edit | edit source]

The following table contains the instructions to setup your operating system for a standard GNU Health installation. The operating systems and their version shown in the list have been tested using the instructions for each OS.

The installation instructions for the different operating systems and distributions have been done on a fresh installation. For simplicity's sake, the server environment was installed without a GUI. No firewall was configured (we will cover this on the security section), and OpenSSH server was installed.

The instructions – written here – have been applied and verified with the following operating systems as shown below.

Operating System Version Link Notes
openSUSE Leap 15.4 openSUSE setup
FreeBSD FreeBSD 12.1 FreeBSD setup
CentOS 7.8 CentOS setup
Ubuntu 20.04 Ubuntu setup
Armbian 20.05 Armbian setup
Debian 10.1 Debian setup

Setting up Network Time Protocol (NTP)[edit | edit source]

In order to properly run GNU Health, you need to make sure that the time on both the server (database and central instance) and clients are properly set and in sync. The best way to do this is to keep your clock synchronized with a NTP Server .

This is a critical step, not only for the smooth functioning of GNU Health, but also because many documents will have a timestamp associated with them that can have legal value.

Creating the Operating System User[edit | edit source]

The following steps will create the GNU Health operating system user. Please note that many operating systems give you the option to create a regular user at installation time. If you already created the "gnuhealth" operating system user, you can skip this section, otherwise, create it now.

Run the following command as root:

adduser gnuhealth

Note: If your Operating System doesn't include the adduser command, you can use the useradd command:

useradd -m gnuhealth

Verify PostgreSQL authentication method[edit | edit source]

Note: You can skip this section if you made a standard installation on FreeBSD

PostgreSQL uses different authentication methods (MD5, ident, trust ... ). Depending the Operating System, the postgreSQL server authentication method will vary.

The standard GNU Health installation uses the trust authentication method, so you need to check the postgreSQL authentication file configuration.

Locate the pg_hba.conf file and verify that the trust method is set. The location of this configuration file varies across operating systems; under UNIX/Linux, the full pathname of the file can be obtained with the following command, to be executed as root:

su - postgres -c "psql -t -P format=unaligned -c 'show hba_file'"

You may need to start the postgres server at least one time as this file may be created during first startup. Usually this file is located at /etc/postgresql/10/main or /var/lib/pgsql/data.

An example configuration file entry specifying use of the trust method is given in the following line:

local all all trust

The following example in particular may address issues with establishing a working database connection as reported in the context of the creation of the GNU Health database upon first use of the Tryton client (see further down; Symptom: the "Create" button is not displayed):

host all all 127.0.0.1/32 trust
host all all ::1/128      trust

Make sure you edit the file as user 'postgres', not root. Otherwise, postgres may have trouble reading the changed file. After any changes to the file, the postgreSQL server needs to be restarted.

Many authentication errors (e.g., database connection errors) arise because of not having correctly configured this file. Of course, you can use other authentication methods, and you can adapt the tryton / GNU Health configuration file to each of them. For the sake of simplicity, we based the documentation and sample files in this book on one specific method (trust).

Make sure you restart your postgresql server:

sudo service postgresql restart

Creating the Database User[edit | edit source]

The following command switches to the postgres administration user and gives permissions to your newly created gnuhealth administrator:

Execute as root:

su - postgres -c "createuser --createdb --no-createrole --no-superuser gnuhealth"

Downloading and Installing GNU Health[edit | edit source]

Running the GNU Health Installer[edit | edit source]

Become user gnuhealth[edit | edit source]
su - gnuhealth
cd $HOME
Download GNU Health from GNU.org[edit | edit source]
wget https://ftp.gnu.org/gnu/health/gnuhealth-latest.tar.gz
Verify the package signature[edit | edit source]

First get the signing key if you haven't done so:

gpg --recv-key  --keyserver  keyserver.ubuntu.com 0xC015E1AE00989199

The key is issued by Luis Falcon (meanmicio at GNU) <falcon@gnu.org> and its fingerprint is ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199. This information can be seen issuing:

gpg --with-fingerprint --list-keys 0xC015E1AE00989199

Then, verify the signature, using the matching version number for the latest. For instance, if latest GNU Health version is 4.0.4, then

Download the detached signature:

wget https://ftp.gnu.org/gnu/health/gnuhealth-4.0.4.tar.gz.sig

Verify the package using the detached signature:

gpg --verify gnuhealth-4.0.4.tar.gz.sig gnuhealth-latest.tar.gz

If the file is correctly validated, the output should be something like:

 gpg: Signature made Sat 01 Jul 2017 11:06:25 PM WEST
 gpg:                using RSA key ACBFC80FC891631C68AA8DC8C015E1AE00989199
 gpg: Good signature from "Luis Falcon (GNU) <falcon@gnu.org>" [ultimate]
 gpg:                 aka "Luis Falcon (GNU Health) <lfalcon@gnusolidario.org>" [ultimate]

The important part is the Good signature from "Luis Falcon ....". The WARNING means that, even if the file and signature are OK and validated correctly, you aren't trusting that key; and it's OK. You can read more about this in The GNU Privacy Handbook, Chapter 3. Key Management.

Uncompress GNU Health HMIS package[edit | edit source]
tar xzf gnuhealth-latest.tar.gz
Change to the GNU Health installation directory matching your version[edit | edit source]
cd gnuhealth-4.0.4
Download the latest GNU Health installer[edit | edit source]
wget -qO- https://ftp.gnu.org/gnu/health/gnuhealth-setup-latest.tar.gz | tar -xzvf -
Run the GNU Health installer[edit | edit source]
bash ./gnuhealth-setup install

Debian Family: How do I solve "error: externally-managed-environment" everytime I use pip3?

  • OR remove file /usr/lib/python3.x/EXTERNALLY-MANAGED,
  • OR use pip's argument --break-system-packages,
  • OR add following lines to ~/.config/pip/pip.conf: [global] break-system-packages = true
Enable the BASH environment for the GNU Health admin[edit | edit source]

Finally, enable the BASH environment for the gnuhealth user.

source ${HOME}/.gnuhealthrc

Activate Network Devices for the JSON-RPC Protocol[edit | edit source]

The Tryton GNU Health server listens to localhost at port 8000, not allowing direct connections from other workstations. If necessary, enter the following:

editconf

You can edit the parameter listen in the [web] section, to activate the network device so workstations in your net can connect. For example, the following block

[web]
listen = *:8000

will allow to connect to the server in the different devices of your system.

Setting up a Local Directory for Attachments[edit | edit source]

By default, Tryton uses a system-wide directory to store the attachments. It is advisable, in GNUHealth to keep the attachments in the gnuhealth user space.

If necessary, edit the server configuration file trytond.conf and enter the attach directory under the [database] section, for instance:

editconf
[database]
path = /home/gnuhealth/attach

Since debian systems connect to database over a UNIX socket, add an extra / under the [database] section, for instance:

[database]
uri = postgresql:///localhost:5432

Configuring the log file (optional)[edit | edit source]

The way the server logs and tracks events is based on a log configuration file, that resides in the config directory "${GNUHEALTH_DIR}"/tryton/server/config/.

A default version is shipped, called gnuhealth_log.conf. If necessary, enter the following into gnuhealth_log.conf:

[formatters]
keys: simple

[handlers]
keys: rotate, console

[loggers]
keys: root

[formatter_simple]
format: [%(asctime)s] %(levelname)s:%(name)s:%(message)s
datefmt: %a %b %d %H:%M:%S %Y

[handler_rotate]
class: handlers.TimedRotatingFileHandler
args: ('/home/gnuhealth/gnuhealth/logs/gnuhealth.log', 'D', 1, 30)
formatter: simple

[handler_console]
class: StreamHandler
formatter: simple
args: (sys.stdout,)

[logger_root]
level: WARNING
handlers: rotate, console

In this example (and in the standard file) the log file is written in the default logs directory. You can change it to fit your specific installation.

In order to use logging, you need to provide the --logconf option, along with the path to the log configuration file gnuhealth_log.conf as argument, when invoking the Tryton server in the next section (e.g. trytond --logconf "${GNUHEALTH_DIR}"/tryton/server/config/gnuhealth_log.conf).

For more information, check the following resources:

Initialize the database instance[edit | edit source]

Create the database

createdb health
database name
We use "health" as an example, choose the name of your database, but keep it short and only alphanumeric chars

Change to your newly installed system (use the alias cdexe):

cdexe

and initialize the instance:

python3 ./trytond-admin --all --database=health

You will be asked to provide a password for the "admin" user.

If everything goes well, you are ready to start the GNU Health HMIS node server.

Start the GNU Health HMIS node

cd
./start_gnuhealth.sh
Logconf path
As mentioned in the previous section, use the --logconf [path] option to specify the path of the logging configuration

You can execute the GNU Health server in the background (using nohup ./start_gnuhealth.sh &) and check the output in the file nohup.out.

Creating a Systemd service for the GNU Health server[edit | edit source]

If you use the standard installation method, you can use the following scripts to automate the startup/stop of the GNU Health instance using systemd services.

GNU Health service unit file[edit | edit source]

Create the GNU Health Unit file under /usr/lib/systemd/system/gnuhealth.service:

For Ubuntu 18.04 LTS users: /etc/systemd/system/gnuhealth.service:

[Unit]
Description=GNU Health Server
After=network.target

[Service]
Type=simple
User=gnuhealth
WorkingDirectory=/home/gnuhealth
ExecStart=/home/gnuhealth/start_gnuhealth.sh
Restart=on-abort

[Install]
WantedBy=multi-user.target

Starting and Stopping the GNU Health service[edit | edit source]

You can issue the commands:

systemctl start gnuhealth

or:

systemctl stop gnuhealth

Enable the service to start at boot time[edit | edit source]

If you want to automatically start the GNU Health server whenever you start the operating system, you can enable the service with the following command:

systemctl enable gnuhealth

Using a WSGI Server for GNU Health Hospital Management Component[edit | edit source]

GNU Health HMIS uses by default the werkzeug server. This should be valid only for development scenarios. For production servers, GNU Health HMIS will benefit from a Web Server Gateway Interface (WSGI), such as uWSGI and a web server that supports reverse proxy, as NGINX.

Your Trytond configuration file[edit | edit source]

Edit your trytond.conf file to meet the requirements. You can edit this file directly using the alias "editconf" with the gnuhealth user.

This sample enables access both to the GTK and webclient.

[database]
uri = postgresql://localhost:5432
path = /home/gnuhealth/attach

[web]
listen = localhost:8000
root = /home/gnuhealth/sao/package

uWSGI configuration file[edit | edit source]

This is a sample for the gnuhealth uwsgi .ini ("gh.ini") file. Make sure NINGX user has the appropriate permissions to the uwsgi socket.

[uwsgi]

master = true
processes = 5
plugins = python3

socket = /tmp/uwsgi.sock
chmod-socket=660

module=trytond.application:app

Configuring NGINX as a reverse proxy for GNU Health HMIS[edit | edit source]

In this sample, NINGX will listen to 8100 in HTTPS mode, to requests coming from the web clients. It also listens to port 8000 for the native GTK client.

# Virtual host for demo web client using TLS and listening in 8100
    server {
        listen       8100 ssl;
        server_name  your_hostname;

        ssl_certificate      /path/to/your/gnuhealth.crt;
        ssl_certificate_key  /path/to/your/gnuhealth.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            include         uwsgi_params;
            uwsgi_pass      unix:/tmp/uwsgi.sock;
        }

    # Virtual host for GNU Health GTK Client on 8000 
    server {
        listen       8000;

        location / {
            include         uwsgi_params;
            uwsgi_pass      unix:/tmp/uwsgi.sock;
        }
    }
}


Putting everything together and booting the GNU Health server[edit | edit source]

Once you have configured the three elements (Trytond server, uwsgi and NGINX) is time to put in into production

  • Make sure your NGINX server is running:
  • Start uWSGI with the corresponding gnuhealth .ini file:
uwsgi $HOME/gh.ini --enable-threads &

Installation of the GNU Health Client[edit | edit source]

Requirements[edit | edit source]

openSUSE[edit | edit source]

Tested on openSUSE Leap 15.1 and Tumbleweed

  • Disable Non-OSS repositoriess
  • Desktop with KDE Plasma
  • Create user "gnuhealth"
  • Login as "gnuhealth" user
  • Get the required packages / dependencies
   $ sudo zypper install cairo-devel pkg-config python3-devel gcc gobject-introspection-devel python3-cairo python3-gobject-cairo python3-gobject-Gdk typelib-1_0-Gtk-3_0

GNU Health Client installation with pip3[edit | edit source]

  • Update PATH. To make changes permanent, add this line in $HOME/.bashrc
   $ export PATH=$HOME/.local/bin:$PATH
  • Update pip3
   $ pip3 install --upgrade --user pip
  • Install GNU Health client
   $ pip3 install --user --upgrade gnuhealth-client


The following command will boot your GNU Health client:

gnuhealth-client

Alternative Methods[edit | edit source]

System Packages[edit | edit source]

Instead from source as described above, you can install the GNU Health Client from pre-build packages as well. openSUSE offer packages that you can install with your systems package manager. Make sure you get the current gnuhealth-client version 4.0.x

Microsoft Windows and macOS[edit | edit source]

If you use Microsoft Windows or macOS, you can try using the Tryton 6.0 client, which may be compatible with GNU Health 4.0. Keep in mind that the windows client does not have the GNU Health commands, nor the plugins like GNU Health GNUPG crypto or GNU Health Camera and Federation Resource Locator.

Download the Tryton client executable (Windows) and follow the instructions.

Logging into the Application[edit | edit source]

Login Screen

Now that you're back at the login screen, you'll notice that the selected profile is the one you've just created. Fill in the login form:

  • User name: the one you used previously (usually admin)
  • Password: the one entered twice in the previous section

Login credentials for The Demo database: GNU Health/The Demo database#Connection to the GNU Health HMIS and LIMS

Installing the Default Modules[edit | edit source]

Step 4: Mark for installation button for health_profile

From this point on, you will use the client for almost every process. Start with the installation of the basic functionality:

  1. After you've created the database, the system will ask you to create some new users. You can skip this step for now.
  2. You are then presented with a list of modules that will provide the functionality you desire. If you don't see the Modules window, navigate to it on the left side: Administration → Modules → Modules.
  3. Select the health_profile module, and click on Mark for installation.
  4. Click on the Action icon (two cogwweels, previous versions used a blue rotated square) and select Perform Pending Installation/Upgrade:

    Step 5: Perform pending installation/upgrade after clicking on the Action icon

  5. Tryton will automatically select all the dependent modules required for the installation:

    Step 5/6: Packages to be installed, Start upgrade button

  6. Click on Start Upgrade. This process will take a while, depending on the computer where GNU Health is being installed on. Once it's done, the following message appears.

    Step 6, system upgrade finished

Creating a Company[edit | edit source]

The next thing you need to do is to create the initial company, that will be your health center. You will be presented with a wizard to create it.

Creating an initial company

Press F3 to create a new company.

Note: At the party form, please make sure you set the institution attribute. You will link this company to your main health institution later on. Please refer to the screenshot provided in this section for details.

Initial configuration. Creating the main company associated to the party (health institution)

Disabling demo users in production environments[edit | edit source]

GNU Health comes with a set of pre-defined users for demo purposes. They all have the prefix demo_ (demo_doctor, demo_front_desk, demo_nurse... ).

To deactivate the users:

  1. Navigate to Administration > Users > Users in the sidebar.
  2. In filters, choose Login: demo_ and Active: True
  3. Unset the "active" flag of each of them (untick the "Active" boxes). The demo users are now de-activated in your environment.
Deactivation of demo users in production environments

Look at the screenshot captioned Deactivation of demo users in production environments for an example (the Active checkboxes haven't been unticked).

Customizing the GNU Health Client[edit | edit source]

For GNU/Linux and other free operating systems, the GNU Health GTK client configuration file can be found at:

$HOME/.config/gnuhealth/<VERSION>/gnuhealth-client.conf

For example:

$HOME/.config/gnuhealth/4.0/gnuhealth-client.conf

Using a custom greeter / banner[edit | edit source]

You can customize the login greeter banner to fit your institution.

In the section [client], include the banner parameter with the absolute path of the png file.

Something like:

[client]
banner = /home/yourlogin/myhospitalbanner.png

The default resolution of the banner is 500 x 128 pixels. Adjust yours to approximately this size.

Completion[edit | edit source]

Congratulations! You have completed the initial installation of GNU Health. In the next chapter we will discuss how to add functionality by installing additional modules.