Mifos Research Notes
What we want to run as BB
Paymenthub Setup:
Link to base PHEE base helm chart :- (for referencing values.yaml) https://github.com/openMF/ph-ee-env-template/blob/master/helm/ph-ee-engine/values.yaml
Link to paymenthub G2Psandbox Helm chart ( git clone env-labs— https://github.com/openMF/ph-ee-env-labs.git )
For G2Psandbox chart—> https://github.com/openMF/ph-ee-env-labs/tree/master/helm/g2p-sandbox
https://docs.google.com/document/d/1Pk4fHdAONAwZ9j65YuI8qA8MgDmv_oMnlvqNUQGsMTA/edit This document enlists on how to enable xpack security for Elasticsearch, Kibana and other ES dependent services in Paymenthub.
Dev Repository: Sandbox Github Repo
FSP Setup
Link to fineract base helm chart : https://github.com/fynarfin/fineract-env/blob/master/helm/fineract/values.yaml
Link to fineract g2p sandbox helm chart: https://github.com/fynarfin/fineract-env/blob/master/helm/g2p-Sandbox/values.yaml
How they do it
Paymenthub Setup:
Guidebook/documentation
How to run in kubernetes/docker
For G2Psandbox chart—> https://github.com/openMF/ph-ee-env-labs/tree/master/helm/g2p-sandbox
Please refer to Operations app latest version known issue work around in the G2Psandbox helm chart README file
How to access the APIs ?
Postman SIT env for paymenthub : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Environment/SIT.json
Postman collection for paymenthub : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Payment%20Hub.json
Test paymenthub postman collection for channel —>GSMA API—> GSMA P2P API
FSP Setup
Guidebook/documentation
…
How to run in kubernetes/docker
Link to fineract base helm chart : https://github.com/fynarfin/fineract-env/blob/master/helm/fineract/values.yaml
Link to fineract g2p sandbox helm chart: https://github.com/fynarfin/fineract-env/blob/master/helm/g2p-Sandbox/values.yaml
How to access the APIs ?
Community app link (for seeing the debits and credits) : - https://communityapp.sandbox.fynarfin.io/?baseApiUrl=https://fynams.sandbox.fynarfin.io&tenantIdentifier=rhino
[ You should always specify the backend via baseApiUrl and tenant via tenant identifier Eg : https://openmf.github.io/community-app?baseApiUrl=https://demo.fineract.dev&tenantIdentifier=default ]
Note: in case of Self-signed certificates, use curl —insecure flag or open the FSP host name (fynams.sandbox.fynarfin.io)in a new tab and accept the self-signed certs.
For creating Savings products and Tenant Clients in Fineract:
How we will do it.
Sandbox setup
What are the differences
Private images from provided repository should be exported and then imported in our repository → Currently AWS ECR.
What are the obstacles
Apply known issue fix Mifos Research Notes | Upgrade/Install chart:
Elasticsearch ceritificates Mifos Research Notes | ElasticSearch secrets
Manage Domans in order to access the apps via Ingresses
Resources:
Payment Hub installation link (https://mifos.gitbook.io/docs/payment-hub-ee/overview/installation-instructions ) or this deployment mode referencing component architecture link (https://mifos.gitbook.io/docs/payment-hub-ee/overview/deployment-models ) or examples (https://mifos.gitbook.io/docs/payment-hub-ee/overview/example ).
Basic information :
Payment hub EE - Mifos (there is a a documentation that I will follow but the repo is empty: https://mifos.gitbook.io/docs/payment-hub-ee/overview )
Questions:
Is there a guidebook/doc that we can follow to run the environment?
Will installation guideline execution will set up a full environment or we will need to install other components?
Which are all the repositories that will be used
After we run the environment how do we access the APIs?
Fineract - Mifos
Information from MIFOS related with running payment BB in sandbox:
Steps to add/login to ecr from another cluster :
After AWS configure / login to our ECR cluster :AWS ecr get-login-password --region ap-south-1 > password
After AWS configure / login to third party (Mifos) AWS account / EKS cluster : kubectl create secret docker-registry dockersecret --docker-server=419830066942.dkr.ecr.ap-south-1.amazonaws.com --docker-username=AWS --docker-password=“$(cat password)” --docker-email=somanath@fynarfin.io
Patching service account with docker imagePullSecret: kubectl patch service account default -p ‘{“imagePullSecrets”: [{“name”: “dockersecret”}]}’
Verify the Service account patch with pod — kubectl get pod <pod name> _n <namespace> -o=jsonpath=‘{.spec.imagePullSecrets[0].name}{“\n”}’
Paymenthub Setup:-
Link to base PHEE base helm chart :- (for referencing values.yaml) https://github.com/openMF/ph-ee-env-template/blob/master/helm/ph-ee-engine/values.yaml
Link to paymenthub G2Psandbox Helm chart ( git clone env-labs— https://github.com/openMF/ph-ee-env-labs.git )
For G2Psandbox chart—> https://github.com/openMF/ph-ee-env-labs/tree/master/helm/g2p-sandbox
Please refer to Operations app latest version known issue work around in the G2Psandbox helm chart README file
Postman SIT env for paymenthub : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Environment/SIT.json
Postman collection for paymenthub : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Payment%20Hub.json
Test paymenthub postman collection for channel —>GSMA API—> GSMA P2P API
Question & Answers over Paymenthub Setup:
What image tag should we use for ph_ee_connector_mojaloop (https://github.com/openMF/ph-ee-env-labs/blob/7ed115f79efd46a42e1c63cdbf845d3adfbfec4e/helm/g2p-sandbox/values.yaml#L215 )
Answered by Somanath Hugar via Slack: “You can use the latest image tag for ph_ee_connector_mojaloop”
we will need some help for starting the ElasticSerach with elastic-certificates
Answered by Somanath Hugar via Slack: Please refer to the documentation for ElasticSearch certificates, secrets
https://docs.google.com/document/d/1Pk4fHdAONAwZ9j65YuI8qA8MgDmv_oMnlvqNUQGsMTA/edit?usp=sharing
We redeply the chart, but now we have 1 pod restarting, can you help sorting out the error and run the pod?
pod: ph-ee-connector-ams-mifos
we successful run it with ams_local_enabled: true
Identify the pods required to run the Payment Hub bare minimum configuration?
SLCB (commercial bank payment connector) service is not necessarily required for most demos so you can go ahead and remove it.
In barebones, you can remove Zeebe Operate & either one of Mojaloop or GSMA payment schema connectors but that would impede us from giving demos so I wouldn't recommend removing them.
We have a blocker on how to proceed with "Deploying the BPMN flows" and do we need to deploy any BPMN flows. Could you share more information or any short written explanation/procedure?
That would be the Upload BPMN API. You can find it in Payment Hub APIs Postman Collection Zeebe Operations APIs folder in ph-ee-env-template Github repository.
BPMNS : BPMNS
FSP Setup :-
Link to fineract base helm chart : https://github.com/fynarfin/fineract-env/blob/master/helm/fineract/values.yaml
Link to fineract g2p sandbox helm chart: https://github.com/fynarfin/fineract-env/blob/master/helm/g2p-Sandbox/values.yaml
Community app link (for seeing the debits and credits) : - https://communityapp.sandbox.fynarfin.io/?baseApiUrl=https://fynams.sandbox.fynarfin.io&tenantIdentifier=rhino
[ You should always specify the backend via baseApiUrl and tenant via tenant identifier Eg : https://openmf.github.io/community-app?baseApiUrl=https://demo.fineract.dev&tenantIdentifier=default ]
Note: in case of Self-signed certificates, use curl —insecure flag or open the FSP host name (fynams.sandbox.fynarfin.io)in a new tab and accept the self-signed certs.
Initial Actions:
Mifos Fineract (Initial tryouts not used in current solution!)
Docker run
Docker Run:
API Info:
Local Swagger
Legacy doc:
Kubernetes:
Guide Kubernetes :
was not able to run working instance in local minikube. The described run information was followed but it’s not working, Tested by @Vladislav Todorov on local minikube and by @Tsvetomir Krumov . Same problem for both error after starting fineract-server (was trying to connect to DB on localhost instead the one described in fineract/kubernetes/fineractmysql-deployment.yml).
After adding 3 new environment variables to fineract/kubernetes/fineract-server-deployment.yml fineract-server starts successfully
- name: fineract_tenants_url
value: jdbc:mariadb://fineractmysql:3306/fineract_tenants
- name: fineract_tenants_uid
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: username
- name: fineract_tenants_pwd
valueFrom:
secretKeyRef:
name: fineract-tenants-db-secret
key: password
Access Info:
Mifos Community APP - UI
Swagger API:
Health Check: https://localhost:8443/fineract-provider/actuator/health to return {"status":"UP"}
Paymenthub/Fineract Setup
Source
Both provided charts for Paymenthub(PaymentHub Setup) and Fineract (FSP setup) are used as a dependent charts in current setup.
Mifos PaymentHub and Fineract setup for sandbox
Images
All images referenced from Mifos private repository are pulled and pushed in Our ECR
ElasticSearch secrets
Original source provided: https://docs.google.com/document/d/1Pk4fHdAONAwZ9j65YuI8qA8MgDmv_oMnlvqNUQGsMTA/edit?usp=sharing
// curent elasticsearch version 7.16.3
// Current chart namespace "paymenthub"
// Change them is other namespace is used
//. when chart is installed or different version
//. of elasticsearch is used in the chart
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.16.3
docker run --name elastic-helm-charts-certs -i -w /app \
docker.elastic.co/elasticsearch/elasticsearch:7.16.3 \
/bin/sh -c " \
elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \
elasticsearch-certutil cert --name security-master --dns security-master --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12"
docker cp elastic-helm-charts-certs:/app/elastic-certificates.p12 ./
openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem
openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt
kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 --namespace paymenthub
kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem --namespace paymenthub
kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt --namespace paymenthub
Install/Update chart commands:
Repo: Sandbox Github Repo
Installation instructions github: GitHub Repository
Obtain dependency:
helm dependency build helm/g2p-sandbox
rebuild the charts/ directory based on the Chart.lock file
or use "helm dependency update" to update charts/ based on the contents of Chart.yaml
Upgrade/Install chart:
Known Issues
Uninstall chart
Uninstall:
Delete all related Persistent Volume Claims:
Services PaymentHubEE
NAMESPACE | NAME | TYPE | CLUSTER-IP | EXTERNAL-IP | PORTS | COMMENTS | Commands Port forwarding | URLS / status check |
paymenthub | fineract-mysql | ClusterIP | 172.20.160.162 |
| mysql:3306►0 |
|
|
|
paymenthub | fineract-server | LoadBalancer | 172.20.214.30 | a80156cc82d9d450b812122a2550d372-118577547.eu-central-1.elb.amazonaws.com | 8443►31694 |
|
|
|
paymenthub | fineract-server-local | ClusterIP | 172.20.40.248 |
| 443►0 | Connection OK | kubectl -n paymenthub port-forward service/fineract-server-local 15200:443 | |
paymenthub | kafka | NodePort | 172.20.171.198 |
| 9092►30092 |
|
|
|
paymenthub | message-gateway | ClusterIP | 172.20.230.70 |
| port:80►0 |
|
|
|
paymenthub | mifos-community | LoadBalancer | 172.20.33.11 | a106843e644274921a9536ef41647a5a-2118717487.eu-central-1.elb.amazonaws.com | 9090►31659 |
|
|
|
paymenthub | mifos-community-local | ClusterIP | 172.20.226.30 |
| 9090►0 | Connection OK | kubectl -n paymenthub port-forward service/mifos-community-local 15201:9090 | |
paymenthub | operationsmysql | ClusterIP | 172.20.74.236 |
| mysql:3306►0 |
|
|
|
paymenthub | operationsmysql-headless | ClusterIP |
|
| mysql:3306►0 |
|
|
|
paymenthub | ph-ee-connector-channel | ClusterIP | 172.20.215.128 |
| port:80►0 http:82►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-connector-channel 15102:80 | |
paymenthub | ph-ee-connector-mojaloop-java | ClusterIP | 172.20.108.164 |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-connector-mojaloop-java 15105:80 | curl http://localhost:15105 -verbose |
paymenthub | ph-ee-elasticsearch | ClusterIP | 172.20.208.46 |
| http:9200►0 transport:9300►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-elasticsearch 15103:9200 | curl -X GET "localhost:15103/_cluster/health?pretty" |
paymenthub | ph-ee-elasticsearch-headless | ClusterIP |
|
| http:9200►0 transport:9300►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-elasticsearch-headless 15104:9200 | curl -X GET "localhost:15104/_cluster/health?pretty" |
paymenthub | ph-ee-kibana | ClusterIP | 172.20.75.153 |
| http:5601►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-kibana 15105:5601 | curl -k -s https://localhost:15105/api/status | json_pp |
paymenthub | ph-ee-operations-app | ClusterIP | 172.20.172.220 |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-operations-app 15100:80 | |
paymenthub | ph-ee-operations-web | ClusterIP | 172.20.134.142 |
| 4200►0 | Connection ? Auth request goes trough dns?!? We have CORS error when trying with port forward | kubectl -n paymenthub port-forward service/ph-ee-operations-web 15101:4200 |
|
paymenthub | ph-ee-zeebe-ops | ClusterIP | 172.20.240.140 |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-zeebe-ops 15103:80 | Check es and Upload bpmn used
|
paymenthub | zeebe-operate | ClusterIP | 172.20.64.104 |
| http:80►0 | Connection OK | kubectl -n paymenthub port-forward service/zeebe-operate 15104:80 | Accesible in browser |
paymenthub | zeebe-zeebe | ClusterIP |
|
| http:9600►0 internal:26502►0 command:26501►0 |
|
|
|
paymenthub | zeebe-zeebe-gateway | ClusterIP | 172.20.81.82 |
| http:9600►0 gateway:26500►0 |
|
|
|
paymenthub | ph-ee-connector-bulk | ClusterIP | 172.20.84.216 |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-connector-bulk 15106:80 |
|
|
|
|
|
|
|
|
|
|
BPMN Deployment
Upload BPMN API. You can find it in Payment Hub Postman Collection Zeebe Operations APIs folder in ph-ee-env-template Github repository.
Initially provided bpmn-s: BPMNs
API information provided by Mifos:
For creating Savings products and Tenant Clients:
Environment: https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Environment/FineractCoDevelop_environment.json
Postman Collection : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/G2P%20Sandbox%20Demo%20Prep.json
For transactions:
Then Use "Bulk APIs" => "Batch Transactions" API endpoint from : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Payment%20Hub.json . Environment https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Environment/SIT.json
With csv file: https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/ph-ee-bulk-demo-6.csv