The current documentation describes the installation of Tryton server on an openSUSE 13.2 System
Many of the settings can be made from the GUI, but in case you dont have a GUI (e.g. on a server) it is described from a command-line view.
Check out /usr/share/doc/packages/trytond/tryton-server.README.SUSE for additional information.
GNU Health is available as package for openSUSE. Unlike the installation with the bash-script as described in the GNU Health documentation, it follows the setup-guidelines of openSUSE and the Tryton Server as a set of additional modules.
The most easy way is probably to install GNU Health using the one-click-install, available for all supported openSUSE and GNU Health Versions.
You can now continue with the Basic Setup of the Database
Open a terminal window and log in as root ( sudo su - )
Include the python-repository:
zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_13.2 python
Include the Tryton-Repository in the desired version - in this case Tryton 3.6:
zypper ar -f http://download.opensuse.org/repositories/Application:/ERP:/Tryton:/3.6/openSUSE_13.2 tryton
As an alternative approach to the one-click-install, you can install GNU Health manually.
The following command installs it with all dependencies (Postgres-Database, Tryton-Server):
zypper install gnuhealth
You can now continue with the Basic Setup of the Database
You may want to check for available modules using zypper. In case you feel that one or the other module is missing, feel free to contact the package maintainer.
zypper search trytond*
will list all available Tryton-Modules.
To install Tryton with all available modules:
zypper install trytond*
.....and delete those modules you dont need, e.g.
zypper remove trytond_account_be trytond_account_fr
Tryton frontend for openSUSE is available from the same source as 'tryton'.
zypper install tryton
As Tryton from release 3.4 onwards uses an encrypted password in the configuration, there are two options to set-up the database and Tryton:
- the database is created manually (recommended for productive environments)
- the database shall be created from the Tryton client (recommended for test-server)
In general, lets configure the database authorisation first.
The postgres-database runs under the user postgres . In order to make changes to the database - create
databases - we need to change the local authorisation.
In /var/lib/pgsql/data/pg_hba.conf, change the line
local all all md5
to
local all all trust
Start the Service postgres (as root)
systemctl start postgresql
Verify it has started correctly:
systemctl status postgresql
You can now log in as user postgres ( sudo su - postgres ) to perform all below activities.
The Tryton Server runs under the user tryton, so we need to create him in the postgres DB:
log-in as user postgres (su postgres) to maintain the password and authorisations for tryton:
psql -c "CREATE USER tryton WITH CREATEDB;"
This should be sufficient as minimal settings for postgres. You can now create a database as user 'postgres':
psql -c "createdb mydb --encoding='UTF8' --owner=tryton;"
Now you need to initialize the database for use with Tryton.
Log in as user 'tryton' ( sudo su - tryton -s /bin/bash ) and run:
trytond -c /etc/tryton/trytond.conf -u res -d mydb
In order to create the database from the client, we need to enable the role 'tryton' for an encrypted password and need to store the password in the tryton configuration file.
Additional to the above role creation we change the role 'tryton' for an encrypted pasword 'admin'
psql -c "ALTER ROLE tryton ENCRYPTED PASSWORD 'admin' ;"
The password needs to be stored - encrypted - in the tryton config file (see below )
Maintain the variables in /etc/trytond.conf, at least:
# type of database
db_type = postgresql
# admin password for the Tryton server
admin_passwd = admin
From Tryton 3.4 onwards, the configuration file has changed. It is now in /etc/tryton/trytond.conf .
The required entries look like:
# The URI to connect to the SQL database (following RFC-3986)
uri = postgresql://admin:DBAdminPassword@localhost:5432/
# The path to the directory where the Tryton Server stores files.
# The server must have write permissions to this directory.
path = /var/lib/trytond
If your database resides on the same machine as the Tryton-Server, the URI entry may just be:
# The URI to connect to the SQL database (following RFC-3986)
uri = postgresql:///
You may as well adapt the new log file configuration in /etc/tryton/trytond_log.conf
From Tryton 3.4 onwards, the password is encrypted in the configuration file. To create the encrypted entry, run the command
python -c 'import getpass,crypt,random,string; print crypt.crypt(getpass.getpass(), "".join(random.sample(string.ascii_letters + string.digits, 8)))'
For the password 'admin' you receive the key 'BF1ZdEC4NVcsM' which is entered in /etc/tryton/trytond.conf :
[session]
# Session settings
super_pwd = BF1ZdEC4NVcsM
In case you have GNU Health installed, the script /usr/share/doc/packages/gnuhealth/scripts/serverpass.py would do the job.
Now you can start the service tryton:
systemctl start trytond
Check the status:
systemctl status trytond
To enable tryton to start at startup:
systemctl enable trytond
In most cases you will not have server and client running on the same box, but use a distributed environment with
- using SSL for secure communication
- server and client running on different machines
- application server and database running on different machines
Some small adjustments are required to serve these scenarios.
Next to various sources on the Internet, I found the description in
Mr. Novell's Blog very useful to generate a self-signed cetificate.
As long as you don't run a web-server on the same machine (which may be required to allow external customers access to your system via a frontend or a webshop), and put the certificats into the webserver's path, the question is where to store the self-signed certificates.
As it is only for Tryton, I created a directory /etc/trytond and put the files into appropriate subdirectories (following the naming convention you find for apache as well, access only to root and group tryton):
mkdir /etc/trytond
mkdir /etc/trytond/ssl.key
mkdir /etc/trytond/ssl.crt
mkdir /etc/trytond/ssl.csr
mv /path/to/certificates/server/tryton_server.key /etc/trytond/ssl.key/.
mv /path/to/certificates/server/tryton_server.crt /etc/trytond/ssl.crt/.
mv /path/to/certificates/server/tryton_server.csr /etc/trytond/ssl.csr/.
chmod 0640 /etc/trytond*
chmod +x /etc/trytond
chown -R root:tryton /etc/trytond*
Now you need to maintain the settings in /etc/trytond.conf resp. /etc/tryton/trytond.conf:
ssl_jsonrpc = True
#Uncomment these lines if you use xmlrpc and webdav
#ssl_xmlrpc = True
#ssl_webdav = True
privatekey = /etc/trytond/ssl.key/tryton_server.key
certificate = /etc/trytond/ssl.crt/.tryton_server.crt
Restart the server:
systemctl restart trytond
The client should automatically detect the SSL connection. In case you end up with an error like
...
File "/usr/lib/python2.7/httplib.py", line 371, in _read_status
raise BadStatusLine(line)
BadStatusLine: ''
then there is a problem with your SSL setup, or the client has connected to the server before without using SSL. In the latter case, close the client and remove the file
~/.config/tryton/x.y/known_hosts # Fingerprints
from the user's home directory.
First you need to enable the server to listen to clients from external.
Change the variable in /etc/tryton.conf resp. /etc/tryton/trytond.conf:
jsonrpc = *:8000
if the server should accept connections from any IP-address. Of course you can narrow to subnets to increase security.
Next, its a good idea to set some parameters for the database connection, at least user and password (up to Tryton 3.2)
db_user = tryton
db_password = DBAdminPassword
For Tryton 3.4 and above you need to set an encrypted password, see Set the encrypted password
Finally you should check the configuration file of the database what kind of connections it allows. For PostgreSQL under openSUSE this is in /var/lib/pgsql/data/pg_hba.conf . It should look similar to this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 md5
Here the database accepts only connections from the same machine. This should be about it. Restart the server.
For larger installations a split between application server and database is recommended. For the Tryton server, you need to set the host and port parameters for the database. Postgres runs by default on port 5432:
db_host = 192.168.2.100
db_port = 5432
From Tryton 3.4 onwards, the configuration file has changed. It is now in /etc/tryton/trytond.conf .
The required entries look like:
# The URI to connect to the SQL database (following RFC-3986)
uri = postgresql://admin:DBAdminPassword@192.168.2.100:5432/
Additionally you need to tell the database where to accept connections from. In the a.m. pg_hba.conf file, set the subnet accordingly, for example:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 192.168.2.1/16 md5
Database and Server need a restart to apply the changes