Hey Michael, You are absolutely correct. The deployment details are crucial. For offering a production-ready environment going with hosted managed DB on a known cloud provider is a must IMO. Our FaaS tool uses the most basic deployment (to keep costs down) - single EC2 instance on AWS that holds both the Tomcat web server that provides Fineract and a local MySQL server process that holds all the tenant DBs. As you suggested, we've created a new Tenant Management Java Resource that just does "create database" and then runs the migration files on that new tenant. As I said, it works as a "default" tenant API so authentication is done using Basic auth with a system user from that tenant. Do you think that's adequate?
Regarding the connection pool - we hadn't gone and tackled that one yet so it might just be the connection pool configuration that needs to be changed, but as far as I have seen, each tenant has it's own pool or at least it seems this way when you look for open connections on the MySQL server. David Yahalomi Co-Founder Rothschild Blvd 3, Tel Aviv-Yafo, Israel mobile: + 972 52 817 9787 email: [email protected] <https://articode.co> ᐧ On Thu, Jul 16, 2020 at 2:04 AM Michael Vorburger <[email protected]> wrote: > On Wed, 15 Jul 2020, 10:02 David Yahalomi, <[email protected]> wrote: > >> Hey Jubha and Awasum! >> >> We've created FaaS (Fineract as a service) <https://faas.articode.co/> >> and part of that was automating the creation of new tenants. Our service is >> public and meant for development purposes so the API to create new tenants >> did not include any security considerations. >> That being said, the front end site does not send requests directly to >> Fineract but rather goes through an AWS lambda function (that could >> potentially check for permissions/credits and whatnot) and it handles >> calling Fineract. >> > >> We have created a system user on the "default" tenant and it is used to >> authenticate against this new "create tenant" API. >> We would love to contribute this process if we could figure out a way to >> deliver that functionality without too many moving parts. ideally, the >> current Fineract server should handle the whole process on its own. >> > > The crux I think is that creating an additional DB for a new Tenant is > somewhat dependent on the details of the actual deployment... > > How do you create a new Tenant DB? Just SQL "create database newtenant;", > OR using an API of a managed database by your favorite Cloud provider? > (E.g. https://www.fineract.dev uses https://cloud.google.com/sql, but > YMMV, fair enough.) > > But anyone motivated to do this sure could still make a start with > contributing a Pull Request that adds a new Tenant Management Java Resource > class eyc. for API which, for now, does the SQL (and that could later be > extended for specific managed DBs in cloud). Go for it! > > Another consideration is scaling of such a setup. At the moment, Fineract >> handles each tenant with it's own DB connection. That means that many >> resources are allocated at the booting stage of Fineract server but >> potentially never used (on less active tenants). This is something that we >> should potentially figure out before offering production-grade deployment >> of Fineract as a service. >> > > I'm not sure I understand what exactly you mean here (just set the > connection pool configuration appropriately, no?), but Pull Requests with > any suggested Improvements to connection handling are always welcome, of > course. > > Best, >> >> David Yahalomi >> Co-Founder >> >> Rothschild Blvd 3, Tel Aviv-Yafo, Israel >> mobile: + 972 52 817 9787 >> email: [email protected] >> <https://articode.co> >> >> ᐧ >> >> On Wed, Jul 15, 2020 at 10:27 AM jubha mayala <[email protected]> >> wrote: >> >>> Hi All, I do not remember the name, but some guys from Israel have done >>> this kind of thing. And they shared here the demo for people to have a look >>> and test. anybody remembers this please point out their name. >>> >>> On Wed, Jul 8, 2020 at 7:08 PM Saransh Sharma <[email protected]> >>> wrote: >>> >>>> Definitely, this could be a bonus if we could do the same for fineract >>>> cn. >>>> >>>> Some thoughts, >>>> >>>> Super user can only or special right with 2fa API access. >>>> >>>> No delete option >>>> >>>> We can use db to be loaded as a service where , flyway migration >>>> happens real time. >>>> >>>> Let me know what you think >>>> >>>> >>>> >>>> On Wed, 8 Jul 2020, 19:25 Awasum Yannick, <[email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I think it will be a good idea to automate the process of creating and >>>>> managing new tenants (DBs) on Fineract 1.x. At the moment, this is done >>>>> via >>>>> manual process and scripts as seen here: >>>>> https://mifosforge.jira.com/wiki/spaces/docs/pages/187498786/How+to+Setup+New+Trail+Instance >>>>> >>>>> Will it be a good idea to automate this process so that each new >>>>> tenant is created using say, an API endpoint? Maybe this endpoint will >>>>> need >>>>> to be protected (secure) so that not anyone can create a new tenant? How >>>>> do >>>>> we secure this process? >>>>> >>>>> >>>>> Any thoughts? Are there people who have done things like this before? >>>>> and might want to contribute back? >>>>> >>>>> I created an issue for this: >>>>> https://issues.apache.org/jira/browse/FINERACT-1081 >>>>> >>>>> >>>>> Thanks. >>>>> Awasum >>>>> >>>> Mifos-developer mailing list >>>> [email protected] >>>> Unsubscribe or change settings at: >>>> https://lists.sourceforge.net/lists/listinfo/mifos-developer >>> >>>
