GNU Health/Installation
The corresponding official chapter: https://docs.gnuhealth.org/his/techguide/installation/vanilla.html |
Requirements
[edit | edit source]The latest stable GNU Health Federation ecosystem uses these main resources:
- Operating system: GNU/Linux or FreeBSD for the server.
- RDBMS Database: PostgreSQL >= 10.x
- Document-oriented Database for Health Information System / Person Master Index: PostgreSQL :>= 10.x
- Python: >= 3.6
- uwsgi : >=2.0
- Flask : 1.0
- Tryton 6.0
- Bash shell
- PIP for Python 3, verify through:You should see python3, as in:
pip --version
pip x.x.x from /usr/local/lib/python3.6/site-packages (python 3.6)
If you see python2.x then stop and get pip for Python 3.
Errata
[edit | edit source]Before you continue, please read the Errata chapter for the latest issues involved the installation or upgrade procedure.
Installing GNU Health on GNU/Linux and FreeBSD
[edit | edit source]Operating System requirements
[edit | edit source]The following table contains the instructions to setup your operating system for a standard GNU Health installation. The operating systems and their version shown in the list have been tested using the instructions for each OS.
The installation instructions for the different operating systems and distributions have been done on a fresh installation. For simplicity's sake, the server environment was installed without a GUI. No firewall was configured (we will cover this on the security section), and OpenSSH server was installed.
The instructions – written here – have been applied and verified with the following operating systems as shown below.
Verify that you are using the operating system version documented on the following table |
Operating System | Version | Link | Notes |
---|---|---|---|
openSUSE | Leap 15.4 | openSUSE setup | |
FreeBSD | FreeBSD 12.1 | FreeBSD setup | |
CentOS | 7.8 | CentOS setup | |
Ubuntu | 20.04 | Ubuntu setup | |
Armbian | 20.05 | Armbian setup | |
Debian | 10.1 | Debian setup |
Setting up Network Time Protocol (NTP)
[edit | edit source]In order to properly run GNU Health, you need to make sure that the time on both the server (database and central instance) and clients are properly set and in sync. The best way to do this is to keep your clock synchronized with a NTP Server .
This is a critical step, not only for the smooth functioning of GNU Health, but also because many documents will have a timestamp associated with them that can have legal value.
Creating the Operating System User
[edit | edit source]Do this step only if you didn't create the user during the installation of the operating system. |
The following steps will create the GNU Health operating system user. Please note that many operating systems give you the option to create a regular user at installation time. If you already created the "gnuhealth" operating system user, you can skip this section, otherwise, create it now.
Run the following command as root:
adduser gnuhealth
Note: If your Operating System doesn't include the adduser command, you can use the useradd command:
useradd -m gnuhealth
Verify PostgreSQL authentication method
[edit | edit source]Note: You can skip this section if you made a standard installation on FreeBSD
PostgreSQL uses different authentication methods (MD5, ident, trust ... ). Depending the Operating System, the postgreSQL server authentication method will vary.
The standard GNU Health installation uses the trust authentication method, so you need to check the postgreSQL authentication file configuration.
Locate the pg_hba.conf
file and verify that the trust method is set.
The location of this configuration file varies across operating systems; under UNIX/Linux, the full pathname of the file can be obtained with the following command, to be executed as root:
su - postgres -c "psql -t -P format=unaligned -c 'show hba_file'"
You may need to start the postgres server at least one time as this file may be created during first startup. Usually this file is located at /etc/postgresql/10/main
or /var/lib/pgsql/data
.
An example configuration file entry specifying use of the trust method is given in the following line:
local all all trust
The following example in particular may address issues with establishing a working database connection as reported in the context of the creation of the GNU Health database upon first use of the Tryton client (see further down; Symptom: the "Create" button is not displayed):
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
Make sure you edit the file as user 'postgres', not root. Otherwise, postgres may have trouble reading the changed file. After any changes to the file, the postgreSQL server needs to be restarted.
Many authentication errors (e.g., database connection errors) arise because of not having correctly configured this file. Of course, you can use other authentication methods, and you can adapt the tryton / GNU Health configuration file to each of them. For the sake of simplicity, we based the documentation and sample files in this book on one specific method (trust).
Make sure you restart your postgresql server:
sudo service postgresql restart
Creating the Database User
[edit | edit source]The following command switches to the postgres
administration user and gives permissions to your newly created gnuhealth
administrator:
Execute as root:
su - postgres -c "createuser --createdb --no-createrole --no-superuser gnuhealth"
Downloading and Installing GNU Health
[edit | edit source]Do the following steps with your newly created gnuhealth user, do not use root. |
Running the GNU Health Installer
[edit | edit source]Become user gnuhealth
[edit | edit source]su - gnuhealth
cd $HOME
Download GNU Health from GNU.org
[edit | edit source]wget https://ftp.gnu.org/gnu/health/gnuhealth-latest.tar.gz
Verify the package signature
[edit | edit source]First get the signing key if you haven't done so:
gpg --recv-key --keyserver keyserver.ubuntu.com 0xC015E1AE00989199
The key is issued by Luis Falcon (meanmicio at GNU) <falcon@gnu.org> and its fingerprint is ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199. This information can be seen issuing:
gpg --with-fingerprint --list-keys 0xC015E1AE00989199
Then, verify the signature, using the matching version number for the latest. For instance, if latest GNU Health version is 4.0.4, then
Download the detached signature:
wget https://ftp.gnu.org/gnu/health/gnuhealth-4.0.4.tar.gz.sig
Verify the package using the detached signature:
gpg --verify gnuhealth-4.0.4.tar.gz.sig gnuhealth-latest.tar.gz
If the file is correctly validated, the output should be something like:
gpg: Signature made Sat 01 Jul 2017 11:06:25 PM WEST gpg: using RSA key ACBFC80FC891631C68AA8DC8C015E1AE00989199 gpg: Good signature from "Luis Falcon (GNU) <falcon@gnu.org>" [ultimate] gpg: aka "Luis Falcon (GNU Health) <lfalcon@gnusolidario.org>" [ultimate]
The important part is the Good signature from "Luis Falcon ....". The WARNING means that, even if the file and signature are OK and validated correctly, you aren't trusting that key; and it's OK. You can read more about this in The GNU Privacy Handbook, Chapter 3. Key Management.
Uncompress GNU Health HMIS package
[edit | edit source]tar xzf gnuhealth-latest.tar.gz
Change to the GNU Health installation directory matching your version
[edit | edit source]cd gnuhealth-4.0.4
Download the latest GNU Health installer
[edit | edit source]wget -qO- https://ftp.gnu.org/gnu/health/gnuhealth-setup-latest.tar.gz | tar -xzvf -
Run the GNU Health installer
[edit | edit source]bash ./gnuhealth-setup install
Debian Family: How do I solve "error: externally-managed-environment" everytime I use pip3?
- OR remove file
/usr/lib/python3.x/EXTERNALLY-MANAGED
, - OR use
pip
's argument--break-system-packages
, - OR add following lines to
~/.config/pip/pip.conf
:[global]
break-system-packages = true
Enable the BASH environment for the GNU Health admin
[edit | edit source]Finally, enable the BASH environment for the gnuhealth user.
source ${HOME}/.gnuhealthrc
Activate Network Devices for the JSON-RPC Protocol
[edit | edit source]The Tryton GNU Health server listens to localhost at port 8000, not allowing direct connections from other workstations. If necessary, enter the following:
editconf
You can edit the parameter listen in the [web] section, to activate the network device so workstations in your net can connect. For example, the following block
[web] listen = *:8000
will allow to connect to the server in the different devices of your system.
Setting up a Local Directory for Attachments
[edit | edit source]By default, Tryton uses a system-wide directory to store the attachments. It is advisable, in GNUHealth to keep the attachments in the gnuhealth user space.
If necessary, edit the server configuration file trytond.conf and enter the attach directory under the [database] section, for instance:
editconf
[database] path = /home/gnuhealth/attach
Since debian systems connect to database over a UNIX socket, add an extra / under the [database] section, for instance:
[database] uri = postgresql:///localhost:5432
Configuring the log file (optional)
[edit | edit source]The way the server logs and tracks events is based on a log configuration file, that resides in the config directory "${GNUHEALTH_DIR}"/tryton/server/config/
.
A default version is shipped, called gnuhealth_log.conf
. If necessary, enter the following into gnuhealth_log.conf
:
[formatters]
keys: simple
[handlers]
keys: rotate, console
[loggers]
keys: root
[formatter_simple]
format: [%(asctime)s] %(levelname)s:%(name)s:%(message)s
datefmt: %a %b %d %H:%M:%S %Y
[handler_rotate]
class: handlers.TimedRotatingFileHandler
args: ('/home/gnuhealth/gnuhealth/logs/gnuhealth.log', 'D', 1, 30)
formatter: simple
[handler_console]
class: StreamHandler
formatter: simple
args: (sys.stdout,)
[logger_root]
level: WARNING
handlers: rotate, console
In this example (and in the standard file) the log file is written in the default logs directory. You can change it to fit your specific installation.
In order to use logging, you need to provide the --logconf option, along with the path to the log configuration file gnuhealth_log.conf
as argument, when invoking the Tryton server in the next section (e.g. trytond --logconf "${GNUHEALTH_DIR}"/tryton/server/config/gnuhealth_log.conf
).
For more information, check the following resources:
- Python logging facility logging tutorial: https://docs.python.org/3/howto/logging.html#logging-basic-tutorial
- Tryton Server logging documentation: http://trytond.readthedocs.org/en/latest/topics/logs.html
Initialize the database instance
[edit | edit source]Create the database
createdb health
database name | |
---|---|
We use "health" as an example, choose the name of your database, but keep it short and only alphanumeric chars |
Change to your newly installed system (use the alias cdexe):
cdexe
and initialize the instance:
python3 ./trytond-admin --all --database=health
You will be asked to provide a password for the "admin" user.
If everything goes well, you are ready to start the GNU Health HMIS node server.
Start the GNU Health HMIS node
cd
./start_gnuhealth.sh
Logconf path | |
---|---|
As mentioned in the previous section, use the --logconf [path] option to specify the path of the logging configuration |
You can execute the GNU Health server in the background (using nohup ./start_gnuhealth.sh &) and check the output in the file nohup.out
.
Creating a Systemd service for the GNU Health server
[edit | edit source]If you use the standard installation method, you can use the following scripts to automate the startup/stop of the GNU Health instance using systemd services.
GNU Health service unit file
[edit | edit source]Create the GNU Health Unit file under /usr/lib/systemd/system/gnuhealth.service
:
For Ubuntu 18.04 LTS users: /etc/systemd/system/gnuhealth.service
:
[Unit]
Description=GNU Health Server
After=network.target
[Service]
Type=simple
User=gnuhealth
WorkingDirectory=/home/gnuhealth
ExecStart=/home/gnuhealth/start_gnuhealth.sh
Restart=on-abort
[Install]
WantedBy=multi-user.target
Starting and Stopping the GNU Health service
[edit | edit source]You can issue the commands:
systemctl start gnuhealth
or:
systemctl stop gnuhealth
Enable the service to start at boot time
[edit | edit source]If you want to automatically start the GNU Health server whenever you start the operating system, you can enable the service with the following command:
systemctl enable gnuhealth
Using a WSGI Server for GNU Health Hospital Management Component
[edit | edit source]GNU Health HMIS uses by default the werkzeug server. This should be valid only for development scenarios. For production servers, GNU Health HMIS will benefit from a Web Server Gateway Interface (WSGI), such as uWSGI and a web server that supports reverse proxy, as NGINX.
Your Trytond configuration file
[edit | edit source]Edit your trytond.conf file to meet the requirements. You can edit this file directly using the alias "editconf" with the gnuhealth user.
This sample enables access both to the GTK and webclient.
[database]
uri = postgresql://localhost:5432
path = /home/gnuhealth/attach
[web]
listen = localhost:8000
root = /home/gnuhealth/sao/package
uWSGI configuration file
[edit | edit source]This is a sample for the gnuhealth uwsgi .ini ("gh.ini") file. Make sure NINGX user has the appropriate permissions to the uwsgi socket.
[uwsgi]
master = true
processes = 5
plugins = python3
socket = /tmp/uwsgi.sock
chmod-socket=660
module=trytond.application:app
Configuring NGINX as a reverse proxy for GNU Health HMIS
[edit | edit source]In this sample, NINGX will listen to 8100 in HTTPS mode, to requests coming from the web clients. It also listens to port 8000 for the native GTK client.
# Virtual host for demo web client using TLS and listening in 8100
server {
listen 8100 ssl;
server_name your_hostname;
ssl_certificate /path/to/your/gnuhealth.crt;
ssl_certificate_key /path/to/your/gnuhealth.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi.sock;
}
# Virtual host for GNU Health GTK Client on 8000
server {
listen 8000;
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi.sock;
}
}
}
Putting everything together and booting the GNU Health server
[edit | edit source]Once you have configured the three elements (Trytond server, uwsgi and NGINX) is time to put in into production
- Make sure your NGINX server is running:
- Start uWSGI with the corresponding gnuhealth .ini file:
uwsgi $HOME/gh.ini --enable-threads &
Installation of the GNU Health Client
[edit | edit source]Requirements
[edit | edit source]openSUSE
[edit | edit source]Tested on openSUSE Leap 15.1 and Tumbleweed
- Disable Non-OSS repositoriess
- Desktop with KDE Plasma
- Create user "gnuhealth"
- Login as "gnuhealth" user
- Get the required packages / dependencies
$ sudo zypper install cairo-devel pkg-config python3-devel gcc gobject-introspection-devel python3-cairo python3-gobject-cairo python3-gobject-Gdk typelib-1_0-Gtk-3_0
GNU Health Client installation with pip3
[edit | edit source]- Update PATH. To make changes permanent, add this line in $HOME/.bashrc
$ export PATH=$HOME/.local/bin:$PATH
- Update pip3
$ pip3 install --upgrade --user pip
- Install GNU Health client
$ pip3 install --user --upgrade gnuhealth-client
The following command will boot your GNU Health client:
gnuhealth-client
Alternative Methods
[edit | edit source]System Packages
[edit | edit source]Instead from source as described above, you can install the GNU Health Client from pre-build packages as well. openSUSE offer packages that you can install with your systems package manager. Make sure you get the current gnuhealth-client version 4.0.x
Microsoft Windows and macOS
[edit | edit source]As GNU Health is free/libre software, developed primarily for free/libre operating systems and with the philosophy of free software in mind, it is recommended to use free/libre software with GNU Health, and GNU/Linux or other free/libre operating system for the client. The development of all GNU Health components (server, client, plugins, Thalamus, GNU Health Federation) is done and focused on Free / Libre operating systems. |
If you use Microsoft Windows or macOS, you can try using the Tryton 6.0 client, which may be compatible with GNU Health 4.0. Keep in mind that the windows client does not have the GNU Health commands, nor the plugins like GNU Health GNUPG crypto or GNU Health Camera and Federation Resource Locator.
Download the Tryton client executable (Windows) and follow the instructions.
Logging into the Application
[edit | edit source]Now that you're back at the login screen, you'll notice that the selected profile is the one you've just created. Fill in the login form:
- User name: the one you used previously (usually admin)
- Password: the one entered twice in the previous section
Login credentials for The Demo database: GNU Health/The Demo database#Connection to the GNU Health HMIS and LIMS
Installing the Default Modules
[edit | edit source]From this point on, you will use the client for almost every process. Start with the installation of the basic functionality:
- After you've created the database, the system will ask you to create some new users. You can skip this step for now.
- You are then presented with a list of modules that will provide the functionality you desire. If you don't see the Modules window, navigate to it on the left side: Administration → Modules → Modules.
- Select the health_profile module, and click on Mark for installation.
Click on the Action icon (two cogwweels, previous versions used a blue rotated square) and select Perform Pending Installation/Upgrade:
Tryton will automatically select all the dependent modules required for the installation:
Click on Start Upgrade. This process will take a while, depending on the computer where GNU Health is being installed on. Once it's done, the following message appears.
Creating a Company
[edit | edit source]The next thing you need to do is to create the initial company, that will be your health center. You will be presented with a wizard to create it.
Press F3 to create a new company.
Note: At the party form, please make sure you set the institution attribute. You will link this company to your main health institution later on. Please refer to the screenshot provided in this section for details.
Disabling demo users in production environments
[edit | edit source]For security reasons, you must deactivate demo users in production environments. |
GNU Health comes with a set of pre-defined users for demo purposes. They all have the prefix demo_
(demo_doctor
, demo_front_desk
, demo_nurse
... ).
To deactivate the users:
- Navigate to Administration > Users > Users in the sidebar.
- In filters, choose
Login: demo_
andActive: True
- Unset the "active" flag of each of them (untick the "Active" boxes). The demo users are now de-activated in your environment.
Look at the screenshot captioned Deactivation of demo users in production environments for an example (the Active checkboxes haven't been unticked).
Customizing the GNU Health Client
[edit | edit source]For GNU/Linux and other free operating systems, the GNU Health GTK client configuration file can be found at:
$HOME/.config/gnuhealth/<VERSION>/gnuhealth-client.conf
For example:
$HOME/.config/gnuhealth/4.0/gnuhealth-client.conf
Using a custom greeter / banner
[edit | edit source]You can customize the login greeter banner to fit your institution.
In the section [client]
, include the banner parameter with the absolute path of the png file.
Something like:
[client]
banner = /home/yourlogin/myhospitalbanner.png
The default resolution of the banner is 500 x 128 pixels. Adjust yours to approximately this size.
Completion
[edit | edit source]Congratulations! You have completed the initial installation of GNU Health. In the next chapter we will discuss how to add functionality by installing additional modules.