You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Step 1 -  Create the ubuntu environment 

The minimum hardware requirements below are suggested for a new DATIM4U implementation.  Requirements will be highly dependent upon how you intend to use the DATIM Global  implementation and the amount of data being stored and processed. 

    • Quad core CPU

    • 32 GB Memory

    • At least 500 GB of disk space

    • Ubuntu 14.04 64-bit

    • Internet access

    • It is also recommended that the installer consider the time zone setting.  The DATIM-Global system uses UTC.  


      Add credentials for developers or support personnel who need sudo access to the box.  
      certificates????
    1.1  Open ports needed for the OpenHim.Port 5008 and 5000 have to be open for OpenHIM to functions
     

Step 2 Install software

Depending upon the need for the environment (testing, production or other need), the installer will need to determine which  versions of the OpenHIM and OpenInfoman packaging to install.  

  • Add Repositories

    • sudo add-apt-repository ppa:webupd8team/java

    • sudo add-apt-repository ppa:openhie/release

    • sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 (Mongodb key)

    •  sudo echo deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

  •  sudo apt-get update

  • Install certificates/nginx

  •  sudo apt-get install libxml2-util

  • install java - sudo apt-get install  oracle-java8-installer

  •  

2.1 Install OpenHIM

2.2 Install OpenInfoman

  •  

    Install openinfoman

  • Install openinfoman-datim

  • sudo ln -s /etc/nginx/sites-available/openinfoman /etc/nginx/sites-enabled/openinfoman

2.3 Install anything else like the publish to ilr script?  

Step 3 Configure software 

3.1 nginx configuration 

3.2 OpenHim Configuration 

3.2.1 Setting up OpenHIM administrator alerts

It is recommended that implementers configure their system to alert systems administrators when transactions fail to exchange.  Directions to configure this can be found here:  OpenHIM User Guide -> Alerting and Reports -> Failure Alerting.

 

3.2.2 Setting up the OpenHIM Certificate

Depending upon how you obtained your certificates, the certificate files may end in .pem, .crt, .cer or .der.  Also note that the administrator will need to ensure that the certificate expiration dates are managed. When the certificate expires, the administrator will need to exchange certificates again. To install certificates from a CA to replace the self-signed certificates generated during installation, perform the following steps:  

 

We support Chrome for the installation and configuration process. The steps for 3.2.2.1 vary significantly when using different browsers as the browsers view the OpenHim as the browsers view the newly installed application as coming from an unverified source until the actual certificate is installed in the OpenHIM. Also we recommend performing Step 3.2.2.1 in an incognito mode.

 

3.2.2.1 - Login to OpenHim by going to http://GlobalDNSName(where GlobalDNSName is the DNS name).  

 

Default credentials are: root@openhim.org/openhim-password.

 

Note: If prompted, click on the "Advanced" (in grey) link, then "proceed..." link. The first time you login you may get the following screen:

 

 

 

 This occurs because our installation certificate is self-signed. These and other issues may occur in Safari and Firefox browsers. Follow instructions given on the error message.

 

 

 

3.2.2.2 Click on the "link" in the dialog, a new page will open, click on the "Advanced" (in grey) link, then "proceed..." link. Once the certificate is accepted navigate back to the log in page and sign in again.

 

Note: If you continue to have issues, you may ask your browser to ignore certificate errors. The steps to do this differs from operating system to operating system. You may also accomplish this by starting your browser with the '--ignore-certificate-errors --test-type’ flag. This can be done by changing chrome properties via chrome (right click) -> properties -> edit 'target' field to add the aforementioned flag.

 

 

 

3.2.2.3 - When logging in, a prompt will appear to change your password. Follow the on-screen directions to complete these steps.

 

3.2.2.4 - After successful login, on the left sidebar menu, select Certificates to display the certificates interface.

 

 

3.2.2.5 - Using the directions on screen, upload your machines's certificate and key. Please note that for "certificate expiration date", -1 does not indicate "never".

 

The common name should be the DNS of your server or include a wild card that includes your DNS. For example, www.DNSNAME.ohie.org(where DNSNAME is the DNS name of your node).

 

Note: If your certificates were generated by the script and you are running that on a remote server then you could get the certificates your machine at yourpath location using the following command.

 

 scp user@datim.example.com:/etc/letsencrypt/live/datim.example.com/* /yourpath .

 

 

 


 

 

 

 

 

 

3.2.2.6 - After uploading both the certificate and the key, the OpenHim will verify that the keys match. Note that the system will notify you that the keys will not match until both files are uploaded.

 

3.2.2.7 - OpenHim will prompt you to re-start the system. Proceed with the re-start.

 

3.2.3 Setting up the OpenHIM Mediators 

The following mediators are used by the Global OpenHim:  

    • openhim-mediator-basicauth-map - Adds basic auth details that are looked up from a map of OpenHim client IDs. 
    • OpenInfoMan-DHIS2 Sync Mediator - OpenInfoMan-DHIS2 Sync Mediator

To install these????

3.2.4 Setting up OpenHim Channels

The following channels are used in the DATIM-Global transactions:  

  • ADX/DXF Import
  • DHIS API
  • Global ILR
  • Node ILR
  • AUTO - Export from DHIS to ILR DATIM-Global document

To set up the channels you can export the base channel configuration from an existing global instance by using the export page to select the channels you want to configure (depicted below).  Then you can select generate export script.  This can then be imported into your new system.  

 

3.2.5 Setting up Global OpenHim Clients 

The following clients need to be included

  • datim-global 
  • datim-node-mediator
  • openinfoman

3.2.5.1 Log into the Global OpenHim and select clients from the menu 
3.2.5.2 Select  to add a new client with the following configurations:  
Client-ID = datim-global
Client Name = datim-global
Roles = metadata-query  (If this role does not already exist, use the Add New Role box to create it.) 
Basic Auth Password and Confirm Password = ???  Issue 27

3.2.5.3.  Select Save Changes 

 

3.2.5.4 Select  to add a new client with the following configurations:  

 

Client-ID = datim-node-mediator

 

Client Name = datim-node-mediator
Organization = Jembi
Software Name = DATIM Mediator

 

Roles = submitter  (If this role does not already exist, use the Add New Role box to create it.) 

 

Certificate =  ???  Issue 27

 


 

3.2.5.5.  Select Save Changes 

 

3.2.5.6 Select  to add a new client with the following configurations:  

 

Client-ID = openinfoman

 

Client Name = OpenInfoMan

 

Roles = metadata-query  (If this role does not already exist, use the Add New Role box to create it.) 
Basic Auth Password = Set this password to the value that will be used to configure the OpenInfoMan cache refresh

 


 

 

 

3.2.5.5.  Select Save Changes 


3.3 Infoman Configuration 

The Infoman will need to be configured to have the following documents:  

  • A DATIM-Global document - This document contains all of the sites extracted from the Global DHIS2 system.  
  • A DATIM-FactsInfo document - This document is refreshed by a chron job that populates each night with the latest mechanisms.  
  • XXOU-Extract documents for each OU that will be using the system.  - These documents will contain sites that are extracted from the DATIM-Global document.  These should be the lasted update of the information and are used for a one-time load of site data into the XXOU node.  
  • XXOU-Managed documents - These documents are cache documents that are refreshed from XXOU-Manged documents on each node and used to provided updated site information being managed at the OUs  to the Global DHIS2 system.  

3.3.1 Create DATIM-Global document - Need help with this.  

3.3.2 Create Extract documents for each OU node that need to work with this global instance 

For each OU node that needs to work with DATIM-Global, there needs to be an extract document that contains the current OU country data that will the the source for seeding the node with their DATIM4U sites.  

To create the documents use this command:   curl -sL -o /dev/null --data "directory=XXOU-Extract” -X POST http://localhost:8984/CSD/createDirectory

3.3.3 Populate Extract documents

To populate each extract document, use these directions: https://wiki.ohie.org/display/resources/How+to+Configure+DATIM+Global#HowtoConfigureDATIMGlobal-ManuallypopulatingtheXXOU-Extractdocument

3.3.4 Create FactsInfoDocument 


Increase Timeout and allowed size in nginx.conf


Step 4 - Add Nodes as trading partner 

To add nodes as trading partners' follow the following directions for adding a node as a trading partner for each node that this global system will be exchanging data with.  

 

Debug Commands -

  • Netstat -lntu  (to check open ports)
  • sudo dpkg-reconfigure openinfoman - to reconfigure openinfoman
  • sudo tail -fn 100 /var/log/upstart/openhim-core.log

 



Other DATIM Links

How to seed the DATIM4U Node

How to install the OHIE Stack for DATIM Global

OHIE DATIM4U Calls

Adding Certificates

DATIM4U Administrator Help

 

Links on this page

  • No labels

This work is licensed under a Creative Commons Attribution 4.0 International License.