[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Health-dev] Separating PostgreSQL / Documenation

From: Gerald Wiese
Subject: [Health-dev] Separating PostgreSQL / Documenation
Date: Wed, 9 Mar 2022 16:57:16 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0


some points on PostgreSQL & documentation.

1) I was working on separating PostgreSQL on another system as a base for redundancy/clusters. I got it working now in Ansible for both Ubuntu & openSUSE Leap (devel branch, hopefully merged soon).

Basically the additional steps are the following:

- Set "listen_addresses = '*'" and "password_encryption = scram-sha-256" in postgresql.conf. If using openSUSE create selfsigned cert/key and set paths as well because ssl is off and snakeoil certs don't exist by default.

- Set a password when creating the postgresql role

- Set a pg_hba.conf line like "hostssl health          tryton         scram-sha-256"

- At HMIS set the Postgresql URI like postgresql://tryton:password@domain/

Then the database can be at another system, only be accessed from the given IP & user+pw+db, SSL is used and the password is stored securely.

2) I will document this in detail as soon as possible but I will be on vacation and it might last until april to have it ready. Besides I can add stuff I did like using directories in /etc/, /var/log/ & /var/lib/ without read access for other users for vanilla installation and further PostgreSQL/Apache/Nginx configurations.

3) What about starting a new HMIS documentation using Python Sphinx with RTD themes? If someone writes a new chapter as a single .rst file it can easily be integrated (and html re-generated from everything).

I could make a start together with a renewed installation chapter. If you don't know Sphinx & RTD theme by name have a look here, but you probably already saw it at other documentations:



reply via email to

[Prev in Thread] Current Thread [Next in Thread]