GNU Health/Operating System-Specific Notes

From Wikibooks, open books for an open world
Jump to: navigation, search

Installing GNU Health Dependencies[edit]

Choose your OS derivative from one of the sections below.

Once you are done installing these global dependencies, go back to the Installation

Arch Linux, Parabola GNU/Linux and other derivatives[edit]

Login as root :

# pacman -S postgresql pygtk gcc python2-pip wget


Generate the PostgreSQL environment in Arch Linux[edit]

Follow the instructions on the PostgreSQL section of the Arch Linux Wiki : https://wiki.archlinux.org/index.php/PostgreSQL


Patch for PIL: Fix temporary issue with PIL library compilation

# ln -si /usr/include/freetype2 /usr/include/freetype


Parabola GNU/Linux has a GNU Health section : https://wiki.parabolagnulinux.org/GNU_Health

Debian GNU/Linux and derivatives (eg, Ubuntu)[edit]

Debian package[edit]

GNU Health is now available straight from the Debian Testing repository (should be available in Ubuntu starting with version 14.10). If you want to have both client and server on the same machine (recommended to test the software), just install the gnuhealth package:

# apt-get install gnuhealth

If you want the server and client installed on separate machines, install only the appropriate packages on each machine

# apt-get install gnuhealth-server
# apt-get install gnuhealth-client

The GNU Health server will run on the server on port 8482.

You can then continue to log into the application.

Install from source[edit]

Note : Make sure that your PIP (python-pip) is 1.3.1 or higher

Run the following command as root (or using sudo):

# apt-get install python-pip python-imaging postgresql \
build-essential python-dev libxml2-dev libxslt1-dev \
postgresql-server-dev-9.1 libldap2-dev libsasl2-dev python-ldap \
libjpeg-dev zlib1g-dev libfreetype6-dev libtiff4-dev liblcms2-dev libwebp-dev

Startup Scripts[edit]

In this section you will find sample scripts that can automate the startup of the Trytond daemon for GNU Health. You can find updated scripts on the directory scripts/startup for your Operating System type or Distro.

These scripts are tailored for the local user installation, assuming the user is "gnuhealth".

Arch Linux, Parabola GNU/Linux and other derivatives[edit]

Arch Linux and Parabola GNU/Linux-libre use systemd as a service manager

Sample GNU Health systemd unit file for GNU Health service using Tryton server 2.8.2

[Unit]
Description=Tryton Server Daemon for GNU Health
Requires=postgresql.service
[Service]
Type=simple
User=gnuhealth
SyslogIdentifier=gnuhealth
ExecStart=/home/gnuhealth/gnuhealth/tryton/server/trytond-2.8.2/bin/trytond
[Install]
WantedBy=multi-user.target

Copy the file to /usr/lib/systemd/system/gnuhealth.service

To execute GNU Health as a daemon

#systemctl start gnuhealth.service

If you want to enable the service so it will startup enter

#systemctl enable gnuhealth.service

To check the status of the service

#systemctl status gnuhealth.service

You should see something like this

gnuhealth.service - Tryton Server Daemon for GNU Health
  Loaded: loaded (/usr/lib/systemd/system/gnuhealth.service; enabled)
  Active: active (running) since Sun 2013-08-04 17:12:07 ART; 56min ago
Main PID: 192 (python)
  CGroup: name=systemd:/system/gnuhealth.service
          └─192 python /home/gnuhealth/gnuhealth/tryton/server/trytond-2.8.2/bin/trytond


To stop the service, try

#systemctl stop gnuhealth.service

Verify that the server has actually stopped.

Aug 04 18:10:32 veganworld systemd[1]: Stopping Tryton Server Daemon for GNU Health...
Aug 04 18:10:33 veganworld gnuhealth[192]: [Sun Aug 04 21:10:33 2013] INFO:server:stopped
Aug 04 18:10:33 veganworld systemd[1]: Stopped Tryton Server Daemon for GNU Health.

Installing GNU Health on openSUSE[edit]

Instead of installing from source, openSUSE provides prebuild packages of GNU Health, that makes full advantage of the systems package managers capabilities. To make installation as easy as possible, the openSUSE-packages allow you to install GNU Health with a single click, resolving and installing all dependencies automatically. This can be done from the graphical administration frontend YaST/WebYaST or from the command line using zypper.

The installation process consists of two steps:

  • Adding the repositories
  • Installation of the package gnuhealth

Installing the repositories[edit]

In theory you can use any openSUSE or SLES release to run GNU Health. Anyway, it is recommended to use openSUSE 13.1, as this is a long-term-support release.
The installation is described assuming that only a command-line interface is available.
Open a terminal window and log in as root ( sudo su - )

Include the python-repository:
zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_13.1 python

Include the Tryton-Repository (in this case Tryton 3.0 for GNU Health 2.4):
zypper ar -f http://download.opensuse.org/repositories/Application:/ERP:/Tryton:/3.0/openSUSE_13.1 tryton

Check Buildservice for the latest GNUHealth / Tryton repository

Installation of the package gnuhealth[edit]

Install GNU Health. All dependencies, e.g. for postgres database or Tryton-Server, will be resolved automatially:
zypper in gnuhealth

In case you need the Tryton-Client as well:
zypper in tryton

Done.

Now continue with the basic setup of database and server as described in the Tryton Wiki. When done, continue with the GNU Health Installation. As GNU Health runs as additional modules on a standard Tryton installation, there are some small differences in setup:

  • The server runs under the user 'tryton', not under 'gnuhealth'. For security reasons, the user tryton is created as 'no-login'. If you need to work as user tryton, you need to login via su tryton -s /bin/bash.
  • All Tryton settings and directories are Tryton-Standard, unless you change it in /etc/trytond.conf
  • The installation proposes nano as command-line-editor, not vi. Unless you are a Unix-Hacker, you will understand why.


Installing GNU Health in a Virtual Environment on FreeBSD[edit]

NOTE: This installation mode accomplishes two things: First, it takes care of the subtle differences between GNU/Linux and the FreeBSD. Second, it is made to provide maximum scalability and flexibility of the resulting installation. Using Python's virtualenv tool, we are able to create completely independent instances without any interference due to different versions of Python and its packages. As you can imagine, this comes extremely handy, if you have to upgrade GNU Health on a busy production server. The following will take care of all dependencies and should ideally be deployed in a separate FreeBSD Jail.
Assuming that you may wish to run your GNU Health instance within a private network, instructions on how to create a private certificate authority and self-signed certificates have been included, too.
What is not covered? T he installation of GNU Health itself entails only a tiny fracton of what makes a system safe and sound enough to handle critivcal data. You will have to look further into FreeBSD installation; how to harden your system; manage security and monitoring; set up, configure and tune PostgreSQL; and how to create redundancy.


Create the GNU Health User[edit]

Create a non-privileged user for each instance of trytond, as well as some essential directories:

   setenv INSTANCE tryton-health
   setenv INSTANCE_UID_GID 2501
   mkdir -p /home/${INSTANCE}/custom_report /home/${INSTANCE}/data /home/${INSTANCE}/jsondata /var/run/trytond /var/log/trytond  
   pw groupadd ${INSTANCE} -g ${INSTANCE_UID_GID}  
   pw groupadd tryton -g 2500  
   pw useradd -c "${INSTANCE} user" -d /home/${INSTANCE} -G tryton,ssl-cert -n ${INSTANCE} -s /bin/csh -u ${INSTANCE_UID_GID} -w no  
   chown -R root:${INSTANCE} /home/${INSTANCE}  
   chown root:tryton /var/run/trytond /var/log/trytond  
   chmod -R 770 /home/${INSTANCE}  
   chmod 770 /var/run/trytond /var/log/trytond

Note: The tryton group is set to an arbitrary GID 2500, each individual trytond instance UId and GID is to be incremented by +1.
With these static UIDs/GIDs, you can union-mount the /home directory using the same UIDs/GIDs in the host system or any other jail.


Create Your Local Certificate Authority[edit]

Note: We need a local certificate authority to issue local keys and certificates for use within the local network.
Backup the existing original configuration file:

   cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.orig

In stanza [ CA_default ], edit /etc/ssl/openssl.cnf as follows (only changed sections are shown):

   #dir            = ./demoCA              # Where everything is kept
   dir             = /etc/ssl              # Where everything is kept
   #default_days   = 365                   # how long to certify for
   default_days    = 3650                  # how long to certify for

In stanza [ req ], edit /etc/ssl/openssl.cnf as follows (only changed sections are shown):

   #default_bits           = 1024
   default_bits            = 2048

In stanza [ req_distinguished_name ], edit /etc/ssl/openssl.cnf as follows (only changed sections are shown):

   #countryName_default            = AU
   countryName_default             = [my_country_code]
   #stateOrProvinceName_default    = Some-State
   stateOrProvinceName_default     = [my_state]
   localityName_default            = [my_city]
   #0.organizationName_default     = Internet Widgits Pty Ltd
   0.organizationName_default      = [my_organisation]
   organizationalUnitName          = Organizational Unit Name (eg, section)
   #organizationalUnitName_default =
   organizationalUnitName_default  = [my_department]
   emailAddress                    = Email Address
   emailAddress_max                = 64
   emailAddress_default            = webmaster@[my_domain]

Note: Adjust [my_country_code], [my_state], [my_city], [my_organisation], [my_department] and webmaster@my.domain] to their appropriate values. Create the group ssl-cert for privilege separation:

   pw groupadd -n ssl-cert

Create the required directories, and serial database:

   mkdir -p /etc/ssl/cacerts /etc/ssl/certs /etc/ssl/dh /etc/ssl/newcerts /etc/ssl/private /etc/ssl/req
   chown root:ssl-cert /etc/ssl/private
   chmod 750 /etc/ssl/private
   touch /etc/ssl/index.txt 
   echo '00' > /etc/ssl/serial

Create the CA key, suggesting ca.[my_domain] as CA domain name. Note: The domain of the certificate (i.e. ca.[my_domain]) must be different from the domain (i.e. [my_domain]) of any certificates signed by it!

   setenv MY_DOMAIN [my_domain]
   openssl genrsa -des3 -out /etc/ssl/private/ca.${MY_DOMAIN}.cakey.pem
System Prompt Your Response
Enter pass phrase [CA key pass phrase]
Verify pass phrase [CA key pass phrase]

Generate the CA certificate as follows:

   openssl req \
       -days 3650 \
       -extensions v3_ca \
       -new -x509 \
       -key /etc/ssl/private/ca.${MY_DOMAIN}.cakey.pem \
       -out /etc/ssl/cacerts/ca.${MY_DOMAIN}.cacrt.pem
System Prompt Your Response
Enter pass phrase [CA key pass phrase]
Country name (2 letter code) [my_country_code]
State or province (full name) [my_state]
Locality name, e.g. city [my_city]
Organisation name (e.g. company) [my_organisation]
Organisational unit (e.g. section) [my_department]
Common name (e.g. YOUR host name) ca.[my_domain]
Mail address webmaster@[my_domain]

Note: Adjust [my_country_code], [my_state], [my_city], [my_organisation], [my_department] and [my.domain] to their appropriate values. Test the CA certificate:

   openssl x509 -in /etc/ssl/cacerts/ca.${MY_DOMAIN}.cacrt.pem -noout -text
   openssl x509 -in /etc/ssl/cacerts/ca.${MY_DOMAIN}.cacrt.pem -noout -dates
   openssl x509 -in /etc/ssl/cacerts/ca.${MY_DOMAIN}.cacrt.pem -noout -purpose


Create a Local, Self-Signed Tryton Server Certificate[edit]

Before you copy/paste the following script, change the leading variables MY_DOMAIN and DEFAULT_ATTRIBUTES to something that makes sense for your setting. Do not change anything else thereafter:

   setenv SERVER_NAME "[hmis_server]"
   setenv MY_DOMAIN "[my_domain]"
   setenv DEFAULT_ATTRIBUTES "/C=[my_country_code]/ST=[my_state]/L=[my_city]/O=[my_organisation]/OU=[my_department]"

Once done, execute the following as root:

   echo "Creating a certificate signing request (CSR)."
   openssl req \
       -nodes -new -days 3650 \
       -subj "${DEFAULT_ATTRIBUTES}/CN=${SERVER_NAME}.${MY_DOMAIN}" \
       -keyout /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key.pem \
       -out /etc/ssl/req/${SERVER_NAME}.${MY_DOMAIN}.req.pem
   echo "Testing the newly created CSR."
   openssl req -text -verify -noout -in /etc/ssl/req/${SERVER_NAME}.${MY_DOMAIN}.req.pem
   echo "Check for errors, press [Enter] to continue..."
   read x
   echo "Signing CSR for ${SERVER_NAME}.${MY_DOMAIN}."
   openssl ca \
       -out /etc/ssl/certs/${SERVER_NAME}.${MY_DOMAIN}.crt.pem \
       -in /etc/ssl/req/${SERVER_NAME}.${MY_DOMAIN}.req.pem \
       -cert /etc/ssl/cacerts/ca.${MY_DOMAIN}.cacrt.pem \
       -keyfile /etc/ssl/private/ca.${MY_DOMAIN}.cakey.pem
   echo "Testing certificate for ${SERVER_NAME}.{MY_DOMAIN}."
   openssl verify \
       -CAfile /etc/ssl/cacerts/ca.${MY_DOMAIN}.cacrt.pem \
       /etc/ssl/certs/${SERVER_NAME}.${MY_DOMAIN}.crt.pem
   echo "Check for errors, press [Enter] to continue..."
   read x
   echo "Creating bundle for ${SERVER_NAME}.${MY_DOMAIN}."
   cat /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key.pem \
       /etc/ssl/certs/${SERVER_NAME}.${MY_DOMAIN}.crt.pem \
       > /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key+crt.pem
   echo "Creating DH parameter file for ${SERVER_NAME}.${MY_DOMAIN}."
   openssl dhparam -check -text -5 512 -out /etc/ssl/dh/${SERVER_NAME}.${MY_DOMAIN}.dh
System Prompt Your Response
Check for errors, press [Enter] to continue... [Enter]
Enter pass phrase for /etc/ssl/private/ca.[my_domain].cakey.pem [CA key pass phrase]
Sign the certificate y
1 out of 1 certificate requests certified, commit? y
Checking for errors, press [Enter] to continue... [Enter]

Add the tryton-health user to the ssl-cert group to enable access to the private key and bundle:

   pw groupmod ssl-cert -m ${INSTANCE}
   chown root:ssl-cert /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key.pem /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key+crt.pem  
   chmod 440 /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key.pem /etc/ssl/private/${SERVER_NAME}.${MY_DOMAIN}.key+crt.pem


Install Python[edit]

Issue the following as root:

   cd /usr/ports/lang/python27 && make deinstall install distclean
Program System Prompt Your Response
python27 IPv6 protocol Yes
Enable gettext support for the locale module Yes
Enable python's internal malloc Yes
Threading support Yes
S(UCS): Unicode UCS2-4 support Yes

Note: Configuration options with negative responses ("No") are not listed!


Install the PostgreSQL Client and psycopg2[edit]

Note: We assume that for security reasons and scalability, you are running the database server on a different server, jail or otherwise.
Issue the following as root:

   cd /usr/ports/databases/postgresql91-client && make deinstall install distclean
Program System Prompt Your Response
postgresql-client Use internationalised messages Yes
Builds with compiler optimisations Yes
Build with XML data type Yes
Use internal timezone database Yes
Builds with 64-bit date/time type Yes
Build with OpenSSL support Yes
libxml2 XML schema support Yes
Threads support Yes

Next, issue the following as root:

   cd /usr/ports/databases/py-psycopg2 && make deinstall install distclean


Install libxslt[edit]

Issue the following as root:

   cd /usr/ports/textproc/libxslt && make deinstall install distclean  
Program System Prompt Your Response
libxslt Enable crypto support for exslt Yes


Install OpenLDAP Client and python-ldap[edit]

For a major deployment with many users, a central authentication system facilitates user administration. As you may consider OpenLDAP for this job, which can also be used to manage user PKI certificates, let's install the OpenLDAP client. Issue the following as root:

   cd /usr/ports/net/py-ldap2 && make deinstall install distclean
Program System Prompt Your Response
py_sasl SASL support Yes
cyrus-sasl Enable cmusaslsecretCRAM-MD5 property Yes
Enable use of authdaemon Yes
Enable LOGIN authentication Yes
Enable PLAIN authentication Yes

Note: We are going to use LDAP over SSL/TLS, and therefore do not have to worry about SASL hashes.


Install py-virtualenv[edit]

Issue the following as root:

   cd /usr/ports/devel/py-virtualenv && make deinstall install distclean  
Program System Prompt Your Response
py-Jinja2 Enable Babel extension Yes
Enable speedups Yes


Install Relatorio[edit]

Next, issue the following as root:

   cd /usr/ports/print/py-relatorio && make deinstall install distclean  
Program System Prompt Your Response
py-pycha Add support for py-cairo Yes
cairo Enable GObject functions feature Yes
png Enable animated png support Yes
pcre Use the stack for recursion during matching Yes
pixman Use CPU-specific optimisations Yes
perl Use 64 bit integers Yes
Build with -pthread Yes
gamin Drop privileges to effective user Yes


Install dateutil[edit]

Now, enter the following as root:

   cd /usr/ports/devel/py-dateutil && make deinstall install distclean  


Install polib[edit]

Issue the following as root:

   cd /usr/ports/devel/py-polib && make deinstall install distclean  


Install pywebdav[edit]

Proceed by issuing the following as root:

   cd /usr/ports/www/py-pywebdav && make deinstall install distclean  


Install pytz[edit]

Next, off to install pytz as root:

   cd /usr/ports/devel/py-pytz && make deinstall install distclean  


Install simplejson[edit]

Next in line is simplejson. Issue as root:

   cd /usr/ports/devel/py-simplejson && make deinstall install distclean  


Install py-imaging[edit]

Here we go installing what is needed for PIL; do the following as root:

   cd /usr/ports/graphics/py-imaging && make deinstall install distclean  


Install VObject[edit]

Issue the following as root:

   cd /usr/ports/deskutils/py-vobject && make deinstall install distclean  


Install vatnumber[edit]

Again as root, do:

   cd /usr/ports/finance/py-vatnumber && make deinstall install distclean  


Install pyOpenSSL[edit]

Install this on as root:

   cd /usr/ports/security/py-openssl && make deinstall install distclean  


Install Genshi[edit]

Issue the following as root:

   cd /usr/ports/textproc/py-genshi && make deinstall install distclean  
Program System Prompt Your Response
py-genshi I18n support through the Babel plugin Yes


Install Sphinx[edit]

Off to install Sphinx as root:

   cd /usr/ports/textproc/py-sphinx && make deinstall install distclean


Get Ready to Have trytond Automagically Fired up on System Startup[edit]

Issue the following as root:

   echo '#\!/bin/sh' > /usr/local/etc/rc.d/trytond  
   echo '#' >> /usr/local/etc/rc.d/trytond  
   echo '# Startup script for trytond' >> /usr/local/etc/rc.d/trytond  
   echo '#' >> /usr/local/etc/rc.d/trytond  
   echo '# Christoph Larsen <christoph.larsen@synalinq.com>, February 2013' >> /usr/local/etc/rc.d/trytond  
   echo '#' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo '# PROVIDE: trytond' >> /usr/local/etc/rc.d/trytond  
   echo '# REQUIRE: DAEMON' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo '# Define these trytond_* variables in one of these files:' >> /usr/local/etc/rc.d/trytond  
   echo '#       /etc/rc.conf' >> /usr/local/etc/rc.d/trytond  
   echo '#       /etc/rc.conf.local' >> /usr/local/etc/rc.d/trytond  
   echo '#' >> /usr/local/etc/rc.d/trytond  
   echo '# plone_enable : bool' >> /usr/local/etc/rc.d/trytond  
   echo '# Enable trytond ("YES") or not ("NO", the default).' >> /usr/local/etc/rc.d/trytond  
   echo '#' >> /usr/local/etc/rc.d/trytond  
   echo '# trytond_instances : list' >> /usr/local/etc/rc.d/trytond  
   echo "# Space-separated list of trytond's instances in base directory /usr/local/ "'("" by default).' >> /usr/local/etc/rc.d/trytond  
   echo '#' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo '. /etc/rc.subr' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'name="trytond"' >> /usr/local/etc/rc.d/trytond  
   echo "rcvar=`set_rcvar`" >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'trytond_start () {' >> /usr/local/etc/rc.d/trytond  
   echo '    echo -n "Starting trytond instances:" >> /usr/local/etc/rc.d/trytond  
   echo '    for instance in $trytond_instances; do' >> /usr/local/etc/rc.d/trytond  
   echo '        if [ -f /var/run/trytond/${instance}.pid ]; then' >> /usr/local/etc/rc.d/trytond  
   echo '            echo ""' >> /usr/local/etc/rc.d/trytond  
   echo '        else' >> /usr/local/etc/rc.d/trytond  
   echo '            if [ -d /usr/local/${instance} ]; then' >> /usr/local/etc/rc.d/trytond  
   echo '                echo -n "  ${instance} -> "' >> /usr/local/etc/rc.d/trytond  
   echo '                su ${instance} -c "/usr/local/${instance}/bin/trytond --config=/usr/local/etc/${instance}.conf" &' >> /usr/local/etc/rc.d/trytond  
   echo '            fi' >> /usr/local/etc/rc.d/trytond  
   echo '        fi' >> /usr/local/etc/rc.d/trytond  
   echo '    done' >> /usr/local/etc/rc.d/trytond  
   echo '    echo "" >> /usr/local/etc/rc.d/trytond  
   echo '}' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'trytond_stop () {' >> /usr/local/etc/rc.d/trytond  
   echo '    echo -n "Stopping trytond instances:"' >> /usr/local/etc/rc.d/trytond  
   echo '    for instance in $trytond_instances; do' >> /usr/local/etc/rc.d/trytond  
   echo '        if [ -f /var/run/trytond/${instance}.pid ]; then' >> /usr/local/etc/rc.d/trytond  
   echo '            echo -n "  ${instance}"' >> /usr/local/etc/rc.d/trytond  
   echo '            kill `cat /var/run/trytond/${instance}.pid` > /dev/null' >> /usr/local/etc/rc.d/trytond  
   echo '        fi' >> /usr/local/etc/rc.d/trytond  
   echo '    done' >> /usr/local/etc/rc.d/trytond  
   echo '    echo ""' >> /usr/local/etc/rc.d/trytond  
   echo '}' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'trytond_restart () {' >> /usr/local/etc/rc.d/trytond  
   echo '    echo "Restarting trytond instances:"' >> /usr/local/etc/rc.d/trytond  
   echo '    for instance in $trytond_instances; do' >> /usr/local/etc/rc.d/trytond  
   echo '        if [ -f /var/run/trytond/${instance}.pid ]; then' >> /usr/local/etc/rc.d/trytond  
   echo '            kill `cat /var/run/trytond/${instance}.pid`' >> /usr/local/etc/rc.d/trytond  
   echo '            sleep 5' >> /usr/local/etc/rc.d/trytond  
   echo '        fi' >> /usr/local/etc/rc.d/trytond  
   echo '        if [ -d /usr/local/${instance} ]; then' >> /usr/local/etc/rc.d/trytond  
   echo '            su ${instance} -c "/usr/local/${instance}/bin/trytond --config=/usr/local/etc/${instance}.conf" &' >> /usr/local/etc/rc.d/trytond  
   echo '        fi' >> /usr/local/etc/rc.d/trytond  
   echo '    done' >> /usr/local/etc/rc.d/trytond  
   echo '}' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'start_cmd="trytond_start"' >> /usr/local/etc/rc.d/trytond  
   echo 'stop_cmd="trytond_stop"' >> /usr/local/etc/rc.d/trytond  
   echo 'restart_cmd="trytond_restart"' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'load_rc_config $name' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo ': ${trytond_enable="NO"}' >> /usr/local/etc/rc.d/trytond  
   echo ': ${trytond_instances=""}' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'cmd="$1"' >> /usr/local/etc/rc.d/trytond  
   echo '[ $# -gt 0 ] && shift' >> /usr/local/etc/rc.d/trytond  
   echo '[ -n  "$*" ] && trytond_instances="$*"' >> /usr/local/etc/rc.d/trytond  
   echo  >> /usr/local/etc/rc.d/trytond  
   echo 'run_rc_command "${cmd}"' >> /usr/local/etc/rc.d/trytond  
   chown root:wheel /usr/local/etc/rc.d/trytond  
   chmod 755 /usr/local/etc/rc.d/trytond

Add the above, newly created script to FreeBSD's /etc/rc.conf as follows:

   echo  >> /etc/rc.conf  
   echo '# Enable trytond' >> /etc/rc.conf  
   echo 'trytond_enable="YES"' >> /etc/rc.conf  
   echo 'trytond_instances="[space-separated_list_of_trytond_instances]" >> /etc/rc.conf

Note: Adjust [space-separated_;list_of_trytond_instances] above to look like "tryton-health", or "tryton-health-production trytond-health-testing".
Do not yet start trytond, because we have not yet installed, nor configured, the instance!


Install a GNU HEALTH Instance in a Virtual Python Environment[edit]

Important: Upgrade instructions can be found at the bottom of this page!
Note: We want trytond to use site packages, whenever possible.
Note: GNU Health and the latest version of Tryton are not always in sync. Therefore, to avoid version conflicts, Python's virtualenv is used throughout, with version pinning of our core application.
If you have a running trytond instance, stop it to make sure there are no open files:

   /usr/local/etc/rc.d/trytond stop

Note: This command is very likely to create an error message at the time of the first installation, which you can safely ignore.
Presently, as of October 2013, the module trytond_health_profile installs the core modules as per the following list:

Core Modules Additional Modules
health health_calendar
health_genetics health_history
health_gyneco health_icd10pcs
health_icd10 health_icu
health_inpatient health_imaging
health_lab health_inpatient_calendar
health_lifestyle health_mdg6
health_pediatrics health_ntd
health_socioeconomics health_ntd_chagas
health_surgery health_ntd_dengue
health_nursing
health_qrcodes
health_reporting
health_services
health_stock
health_who_essential_medicines

Important: As the project is rapidly evolving, additional non-core modules will become constantly available.
Therefore, prior to any update, do check the content of the file gnuhealth-[latest_version]/health_profile/tryton.cfg in latest version of GNU Health and make sure those modules not listed there are listed explicitly below. For each instance of GNU Health, issue the following as root:

   setenv INSTANCE tryton-health  
   # EITHER: uncomment the following line for the first installation
   setenv UPGRADE " "
   # OR: uncomment the following for an upgrade  
   #setenv UPGRADE "--upgrade"
   # always set to the desired GNU Health version to avoid version conflicts  
   # use the following operators: "<=", "<", "==", ">" or ">="  
   # example:  
   # setenv GNU_HEALTH_VERSION "<2.3"  
   # guarantees that you will install the latest version of GNU Health 2.2.x
   setenv GNU_HEALTH_VERSION "[operator][desired version]"  
   cd /usr/local  
   virtualenv --system-site-packages ${INSTANCE}  
   cd /usr/local/${INSTANCE}  
   source bin/activate.csh  
   pip install ${UPGRADE} qrcode  
   pip install ${UPGRADE} cdecimal  
   # view installed python packages by issuing "yolk -l"
   pip install ${UPGRADE} yolk  
   pip install ${UPGRADE} trytond_health_profile${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_calendar${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_history${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_icd10pcs${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_icu${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_imaging${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_inpatient_calendar${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_mdg6${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_ntd${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_ntd_chagas${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_ntd_dengue${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_nursing${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_qrcodes${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_reporting${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_services${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_stock${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_who_essential_medicines${GNU_HEALTH_VERSION}
   cd /usr/local/${INSTANCE}
   deactivate

Note: In case you wish to migrate an existing instance to a new major Python version, e.g. from 2.7.x to 3.3.x, you will have to re-install the above instance. It is therefore essential that all user files that do not reside in the PostgreSQL database are safely tucked away in the /home/${INSTANCE} directory, which will not be overwritten by a re-installation.

Create the trytond PostgreSQL Database[edit]

If you have remote administrator access to the database server on pgsql.[my_domain], you can stay inside the trytond instance server and issue the following:

   createuser --host pgsql.[my_domain] --username [postgresql_admin] --password \
       --createdb --no-createrole --no-superuser --pwprompt ${INSTANCE}  
System Prompt Your Response
Password [postgresql_admin_password]
Enter the password for the new role: [new_instance_password]
Enter it again: [new_instance_password]

If you have local access to the PostgreSQL server, issue the following instead:

   su pgsql
   cd /tmp
   csh
   setenv INSTANCE tryton-health
   createuser --createdb --no-createrole --no-superuser --pwprompt ${INSTANCE} 
   exit
   exit
Password [postgresql_admin_password]
Enter the password for the new role: [new_instance_password]
Enter it again: [new_instance_password]


Configure trytond[edit]

While the installation of trytond with pip has the enormous advantage that we can use Python's virtualenv ecosystem, it comes at a (small) price: trytond's configuration file is not included.
Find out from here, which trytond version your newly installed GNU Health requires, and let's use the following hack to get the appropriate version for our newly installed GNU Health instance:

   setenv TRYTOND_MAJOR_VERSION 2.8
   setenv TRYTOND_MINOR_VERSION 2  
   setenv INSTANCE tryton-health
   mkdir -p /root/packages/tryton  
   cd /root/packages/tryton  
   rm -rf ./trytond*  
   fetch http://downloads.tryton.org/${TRYTOND_MAJOR_VERSION}/trytond-${TRYTOND_MAJOR_VERSION}.${TRYTOND_MINOR_VERSION}.tar.gz  
   tar xzf ./trytond-${TRYTOND_VERSION}.${TRYTOND_MINOR_VERSION}.tar.gz  
   cp -f /root/packages/tryton/trytond-${TRYTOND_VERSION}.${TRYTOND_MINOR_VERSION}/etc/trytond.conf /usr/local/etc/trytond.conf.orig  
   rm -rf ./trytond-${TRYTOND_VERSION}.${TRYTOND_MINOR_VERSION}/  
   chown -R root:wheel /root  
   chmod -R 600 /root  
   chmod u+X /root  
   unsetenv TRYTOND_MAJOR_VERSION TRYTOND_MINOR_VERSION  
   cp /usr/local/etc/trytond.conf.orig /usr/local/etc/${INSTANCE}.conf

From with the jail, edit /usr/local/etc/${INSTANCE}.conf as follows (only changed sections are shown):

   #jsonrpc = localhost:8000  
   jsonrpc = [server_name].[my_domain]:[jsonrpc_port]
   #ssl_jsonrpc = False  
   ssl_jsonrpc = True
   #hostname_jsonrpc =  
   hostname_jsonrpc = [server_name].[my.domain]
   #jsondata_path = /var/www/localhost/tryton  
   jsondata_path = /home/[instance]/jsondata
   #xmlrpc = *.8069  
   #xmlrpc = [server_name].[my_domain]:[xmlrpc_port]
   #ssl_xmlrpc = False  
   ssl_xmlrpc = True
   #webdav = *:8080  
   webdav = [server_name].[my_domain]:[webdav_port]
   #ssl_webdav = False  
   ssl_webdav = True
   #hostname_webdav =  
   hostname_webdav = [server_name].[my_domain]
   #db_type = postgresql  
   db_type = postgresql  
   #db_host = False  
   db_host = [pgsql_server].[my_domain]
   #db_port = False  
   db_port = 5432
   #db_user = False  
   db_user = [instance]
   #db_password = False  
   db_password = [[instance] db_user password]
   #admin_passwd = admin  
   admin_passwd = [trytond superadmin password]
   #pidfile = False  
   pidfile = /var/run/trytond/[instance].pid
   #logfie = False  
   logfile = /var/log/trytond/[instance].log
   #privatekey = server.pem  
   privatekey = /etc/ssl/private/[server_name].[my_domain].key.pem
   #certificate = server.pem  
   certificate = /etc/ssl/certs/[server_name].[my_domain].crt.pem
   #smtp_server = localhost  
   smtp_server = [mail_server].[my_domain]
   #data_path = /var/lib/trytond  
   data_path = /home/[instance]/data  
   #multi_server = False  
   multi_server = True
   #session_timeout = 600  
   session_timeout = 900  
   #timezone = False  
   timezone = '[region]/[city]'  

Note: Replace [jsonrpc_port] with the allocated json port; should be within a port range permitted by your firewall, e.g. between 8000 and 8009.
Note: Replace [xmlrpc_port] with the allocated xmlrpc port; should be within a port range permitted by your firewall, e.g. between 8070 and 8079.
Note: Replace [webdav_port] with the allocated webdav port; should be within a port range permitted by your firewall, e.g. between 8080 and 8089.
Note: Replace [instance] with the appropriate ${INSTANCE} name.
Note: Replace [server_name] with the name of your GNU Health server.
Note: Replace [pgsql_server] with your PostgreSQL server name.
Note: replace [mail_server] with your mail server name.
Note: Replace [my_domain] with your domain name.
Note: Replace [region]/[city] with your timezone setting, e.g. 'Caribbean/Jamaica'.
Adjust permissions:

   chown root:${INSTANCE} /usr/local/etc/${INSTANCE}.conf*  
   chmod 640 /usr/local/etc/${INSTANCE}.conf*  

Issue the following as root for each instance to have log rotation effected for each instance of trytond:

   echo "/var/log/trytond/${INSTANCE}.log root:${INSTANCE} 660 7 * "'$D0  GJ' >> /etc/newsyslog.conf

Fire up your trytond server instance(s):

   /usr/local/etc/rc.d/trytond restart


Clean up[edit]

As each newly installed program is compiled, which in turn uses a few auxiliary programs, it is necessary to clean up after each compilation. So, if all went well, issue the following from within the jail:

   rm -rf /usr/local/src/*
   rm -rf /usr/local/lib/python2.7/site-packages/trytond.old
   portmaster -l

Note: Identify non-required programs in the "Root ports" and "Leaf ports" categories, only. Then, issue as root:

   pkg remove cmake gmage graphviz libtool
   portmaster -s  
   portmaster -y --clean-distfiles  
   portmaster --check-depends  
   portmaster --check-port-dbdir

Note: Reply "y" as prompted, to have all dependencies of the above superfluous packages purged.


Upgrade a GNU HEALTH Instance in a Virtual Python Environment[edit]

Stop your trytond instance:

   /usr/local/etc/rc.d/trytond stop

Presently, as of October 2013, the module trytond_health_profile installs the core modules as per the following list:

Core Modules Additional Modules
health health_calendar
health_genetics health_history
health_gyneco health_icd10pcs
health_icd10 health_icu
health_inpatient health_imaging
health_lab health_inpatient_calendar
health_lifestyle health_mdg6
health_pediatrics health_ntd
health_socioeconomics health_ntd_chagas
health_surgery health_ntd_dengue
health_nursing
health_qrcodes
health_reporting
health_services
health_stock
health_who_essential_medicines

Important: As the project is rapidly evolving, additional non-core modules will become constantly available.
Therefore, prior to any update, do check the content of the file gnuhealth-[latest_version]/health_profile/tryton.cfg in latest version of GNU Health and make sure those modules not listed there are listed explicitly below. For each instance of GNU Health, issue the following as root:

   setenv INSTANCE tryton-health  
   # EITHER: uncomment the following line for the first installation
   #setenv UPGRADE " "
   # OR: uncomment the following for an upgrade  
   setenv UPGRADE "--upgrade"
   # always set to the desired GNU Health version to avoid version conflicts  
   # use the following operators: "<=", "<", "==", ">" or ">="  
   # example:  
   # setenv GNU_HEALTH_VERSION "<2.3"  
   # guarantees that you will install the latest version of GNU Health 2.2.x
   setenv GNU_HEALTH_VERSION "[operator][desired version]"  
   cd /usr/local/${INSTANCE}  
   source bin/activate.csh  
   pip install ${UPGRADE} qrcode  
   pip install ${UPGRADE} cdecimal  
   # view installed python packages by issuing "yolk -l"
   pip install ${UPGRADE} yolk  
   pip install ${UPGRADE} trytond_health_profile${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_calendar${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_history${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_icd10pcs${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_icu${GNU_HEALTH_VERSION}
   pip install ${UPGRADE} trytond_health_imaging${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_inpatient_calendar${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_mdg6${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_ntd${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_ntd_chagas${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_ntd_dengue${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_nursing${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_qrcodes${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_reporting${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_services${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_stock${GNU_HEALTH_VERSION}  
   pip install ${UPGRADE} trytond_health_who_essential_medicines${GNU_HEALTH_VERSION}  
   /usr/local/${INSTANCE}
   deactivate

Note: In case you wish to migrate an existing instance to a new major Python version, e.g. from 2.7.x to 3.3.x, you will have to re-install the above instance. It is therefore essential that all user files that do not reside in the PostgreSQL database are safely tucked away in the /home/${INSTANCE} directory, which will not be overwritten by a re-installation.
Update your database by issuing the following as root:

   su ${INSTANCE} -c "/usr/local/${INSTANCE}/bin/trytond --config=/usr/local/etc/${INSTANCE}.conf  --update=all --database=[database]"  

Note: Repeat for all [database]s that are managed by this GNU Health instance.
If all went will, start your trytond instances again:

   /usr/local/etc/rc.d/trytond restart

--Ch larsen (discusscontribs) 10:27, 15 October 2013 (UTC)