[Health-dev] Separating PostgreSQL / Documenation

[Gerald Wiese]

Hey,

some points on PostgreSQL & documentation.

1) I was working on separating PostgreSQL on another system as a base 
for redundancy/clusters. I got it working now in Ansible for both Ubuntu 
& openSUSE Leap (devel branch, hopefully merged soon).

Basically the additional steps are the following:

- Set "listen_addresses = '*'" and "password_encryption = scram-sha-256" 
in postgresql.conf. If using openSUSE create selfsigned cert/key and set 
paths as well because ssl is off and snakeoil certs don't exist by default.

- Set a password when creating the postgresql role

- Set a pg_hba.conf line like "hostssl health          tryton 
10.13.13.102/24         scram-sha-256"

- At HMIS set the Postgresql URI like postgresql://tryton:password@domain/

Then the database can be at another system, only be accessed from the 
given IP & user+pw+db, SSL is used and the password is stored securely.


2) I will document this in detail as soon as possible but I will be on 
vacation and it might last until april to have it ready. Besides I can 
add stuff I did like using directories in /etc/, /var/log/ & /var/lib/ 
without read access for other users for vanilla installation and further 
PostgreSQL/Apache/Nginx configurations.


3) What about starting a new HMIS documentation using Python Sphinx with 
RTD themes? If someone writes a new chapter as a single .rst file it can 
easily be integrated (and html re-generated from everything).

I could make a start together with a renewed installation chapter. If 
you don't know Sphinx & RTD theme by name have a look here, but you 
probably already saw it at other documentations:

https://geraldwiese.gitlab.io/gnuhealth-automatic-deployment/index.html


Greets

Gerald