Mifos Research Notes
Paymenthub Setup:
Link to base PHEE base helm chart :- (for referencing values.yaml) https://github.com/openMF/ph-ee-env-template/blob/master/helm/ph-ee-engine/values.yaml
Link to paymenthub G2Psandbox Helm chart ( git clone env-labs— https://github.com/openMF/ph-ee-env-labs.git )
For G2Psandbox chart—> https://github.com/openMF/ph-ee-env-labs/tree/master/helm/g2p-sandbox
https://docs.google.com/document/d/1Pk4fHdAONAwZ9j65YuI8qA8MgDmv_oMnlvqNUQGsMTA/edit This document enlists on how to enable xpack security for Elasticsearch, Kibana and other ES dependent services in Paymenthub.
Dev Repository: Sandbox Github Repo
FSP Setup
Link to fineract base helm chart : https://github.com/fynarfin/fineract-env/blob/master/helm/fineract/values.yaml
Link to fineract g2p sandbox helm chart: https://github.com/fynarfin/fineract-env/blob/master/helm/g2p-Sandbox/values.yaml
Sandbox setup
Private images from provided repository should be exported and then imported in our repository → Currently AWS ECR.
Apply known issue fix Mifos Research Notes | Upgrade/Install chart:
Elasticsearch ceritificates Mifos Research Notes | ElasticSearch secrets
Manage Domans in order to access the apps via Ingresses
Payment Hub installation link (https://mifos.gitbook.io/docs/payment-hub-ee/overview/installation-instructions ) or this deployment mode referencing component architecture link (https://mifos.gitbook.io/docs/payment-hub-ee/overview/deployment-models ) or examples (https://mifos.gitbook.io/docs/payment-hub-ee/overview/example ).
Payment hub EE - Mifos (there is a a documentation that I will follow but the repo is empty: https://mifos.gitbook.io/docs/payment-hub-ee/overview )
Fineract - Mifos
Information from MIFOS related with running payment BB in sandbox:
Steps to add/login to ecr from another cluster :
After AWS configure / login to our ECR cluster :AWS ecr get-login-password --region ap-south-1 > password
After AWS configure / login to third party (Mifos) AWS account / EKS cluster : kubectl create secret docker-registry dockersecret --docker-server=419830066942.dkr.ecr.ap-south-1.amazonaws.com --docker-username=AWS --docker-password=“$(cat password)” --docker-email=somanath@fynarfin.io
Patching service account with docker imagePullSecret: kubectl patch service account default -p ‘{“imagePullSecrets”: [{“name”: “dockersecret”}]}’
Verify the Service account patch with pod — kubectl get pod <pod name> _n <namespace> -o=jsonpath=‘{.spec.imagePullSecrets[0].name}{“\n”}’
Question & Answers over Paymenthub Setup:
What image tag should we use for ph_ee_connector_mojaloop (https://github.com/openMF/ph-ee-env-labs/blob/7ed115f79efd46a42e1c63cdbf845d3adfbfec4e/helm/g2p-sandbox/values.yaml#L215 )
Answered by Somanath Hugar via Slack: “You can use the latest image tag for ph_ee_connector_mojaloop”
we will need some help for starting the ElasticSerach with elastic-certificates
Answered by Somanath Hugar via Slack: Please refer to the documentation for ElasticSearch certificates, secrets
We redeply the chart, but now we have 1 pod restarting, can you help sorting out the error and run the pod?
pod: ph-ee-connector-ams-mifos
we successful run it with ams_local_enabled: true
Identify the pods required to run the Payment Hub bare minimum configuration?
SLCB (commercial bank payment connector) service is not necessarily required for most demos so you can go ahead and remove it.
In barebones, you can remove Zeebe Operate & either one of Mojaloop or GSMA payment schema connectors but that would impede us from giving demos so I wouldn't recommend removing them.
We have a blocker on how to proceed with "Deploying the BPMN flows" and do we need to deploy any BPMN flows. Could you share more information or any short written explanation/procedure?
That would be the Upload BPMN API. You can find it in Payment Hub APIs Postman Collection Zeebe Operations APIs folder in ph-ee-env-template Github repository.
Initial Actions:
Mifos Fineract (Initial tryouts not used in current solution!)
Docker run
Docker Run:
API Info:
Local Swagger
Legacy doc:
Guide Kubernetes :
was not able to run working instance in local minikube. The described run information was followed but it’s not working, Tested by @Vladislav Todorov on local minikube and by @Tsvetomir Krumov . Same problem for both error after starting fineract-server (was trying to connect to DB on localhost instead the one described in fineract/kubernetes/fineractmysql-deployment.yml).
After adding 3 new environment variables to fineract/kubernetes/fineract-server-deployment.yml fineract-server starts successfully
- name: fineract_tenants_url
value: jdbc:mariadb://fineractmysql:3306/fineract_tenants
- name: fineract_tenants_uid
name: fineract-tenants-db-secret
key: username
- name: fineract_tenants_pwd
name: fineract-tenants-db-secret
key: password
Access Info:
Mifos Community APP - UI
Swagger API:
Health Check: https://localhost:8443/fineract-provider/actuator/health to return {"status":"UP"}
Paymenthub/Fineract Setup
Both provided charts for Paymenthub(PaymentHub Setup) and Fineract (FSP setup) are used as a dependent charts in current setup.
Mifos PaymentHub and Fineract setup for sandbox
All images referenced from Mifos private repository are pulled and pushed in Our ECR
ElasticSearch secrets
Original source provided: https://docs.google.com/document/d/1Pk4fHdAONAwZ9j65YuI8qA8MgDmv_oMnlvqNUQGsMTA/edit?usp=sharing
// curent elasticsearch version 7.16.3
// Current chart namespace "paymenthub"
// Change them is other namespace is used
//. when chart is installed or different version
//. of elasticsearch is used in the chart
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.16.3
docker run --name elastic-helm-charts-certs -i -w /app \
docker.elastic.co/elasticsearch/elasticsearch:7.16.3 \
/bin/sh -c " \
elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \
elasticsearch-certutil cert --name security-master --dns security-master --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12"
docker cp elastic-helm-charts-certs:/app/elastic-certificates.p12 ./
openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem
openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt
kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 --namespace paymenthub
kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem --namespace paymenthub
kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt --namespace paymenthub
Install/Update chart commands:
Repo: Sandbox Github Repo
Installation instructions github: GitHub Repository
Obtain dependency:
helm dependency build helm/g2p-sandbox
rebuild the charts/ directory based on the Chart.lock file
or use "helm dependency update" to update charts/ based on the contents of Chart.yaml
helm dependency update helm/g2p-sandbox
Upgrade/Install chart:
helm upgrade -f helm/g2p-sandbox/values.yaml -f helm/g2p-sandbox/values-sandbox.yaml --set fin-engine.namespace=paymenthub g2pconnect helm/g2p-sandbox --install --create-namespace --namespace paymenthub
Known Issues
Uninstall chart
helm uninstall g2pconnect --namespace paymenthub
Delete all related Persistent Volume Claims:
kubectl delete pvc data-fineract-mysql-0 data-operationsmysql-0 data-zeebe-zeebe-0 ph-ee-elasticsearch-ph-ee-elasticsearch-0 -n paymenthub
Services PaymentHubEE
NAMESPACE | NAME | TYPE | CLUSTER-IP | EXTERNAL-IP | PORTS | COMMENTS | Commands Port forwarding | URLS / status check |
paymenthub | fineract-mysql | ClusterIP | |
| mysql:3306►0 |
paymenthub | fineract-server | LoadBalancer | | a80156cc82d9d450b812122a2550d372-118577547.eu-central-1.elb.amazonaws.com | 8443►31694 |
paymenthub | fineract-server-local | ClusterIP | |
| 443►0 | Connection OK | kubectl -n paymenthub port-forward service/fineract-server-local 15200:443 | |
paymenthub | kafka | NodePort | |
| 9092►30092 |
paymenthub | message-gateway | ClusterIP | |
| port:80►0 |
paymenthub | mifos-community | LoadBalancer | | a106843e644274921a9536ef41647a5a-2118717487.eu-central-1.elb.amazonaws.com | 9090►31659 |
paymenthub | mifos-community-local | ClusterIP | |
| 9090►0 | Connection OK | kubectl -n paymenthub port-forward service/mifos-community-local 15201:9090 | |
paymenthub | operationsmysql | ClusterIP | |
| mysql:3306►0 |
paymenthub | operationsmysql-headless | ClusterIP |
| mysql:3306►0 |
paymenthub | ph-ee-connector-channel | ClusterIP | |
| port:80►0 http:82►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-connector-channel 15102:80 | |
paymenthub | ph-ee-connector-mojaloop-java | ClusterIP | |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-connector-mojaloop-java 15105:80 | curl http://localhost:15105 -verbose |
paymenthub | ph-ee-elasticsearch | ClusterIP | |
| http:9200►0 transport:9300►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-elasticsearch 15103:9200 | curl -X GET "localhost:15103/_cluster/health?pretty" |
paymenthub | ph-ee-elasticsearch-headless | ClusterIP |
| http:9200►0 transport:9300►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-elasticsearch-headless 15104:9200 | curl -X GET "localhost:15104/_cluster/health?pretty" |
paymenthub | ph-ee-kibana | ClusterIP | |
| http:5601►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-kibana 15105:5601 | curl -k -s https://localhost:15105/api/status | json_pp |
paymenthub | ph-ee-operations-app | ClusterIP | |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-operations-app 15100:80 | |
paymenthub | ph-ee-operations-web | ClusterIP | |
| 4200►0 | Connection ? Auth request goes trough dns?!? We have CORS error when trying with port forward | kubectl -n paymenthub port-forward service/ph-ee-operations-web 15101:4200 |
paymenthub | ph-ee-zeebe-ops | ClusterIP | |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-zeebe-ops 15103:80 | Check es and Upload bpmn used
paymenthub | zeebe-operate | ClusterIP | |
| http:80►0 | Connection OK | kubectl -n paymenthub port-forward service/zeebe-operate 15104:80 | Accesible in browser |
paymenthub | zeebe-zeebe | ClusterIP |
| http:9600►0 internal:26502►0 command:26501►0 |
paymenthub | zeebe-zeebe-gateway | ClusterIP | |
| http:9600►0 gateway:26500►0 |
paymenthub | ph-ee-connector-bulk | ClusterIP | |
| port:80►0 | Connection OK | kubectl -n paymenthub port-forward service/ph-ee-connector-bulk 15106:80 |
BPMN Deployment
Upload BPMN API. You can find it in Payment Hub Postman Collection Zeebe Operations APIs folder in ph-ee-env-template Github repository.
Initially provided bpmn-s: BPMNs
API information provided by Mifos:
For creating Savings products and Tenant Clients:
Environment: https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Environment/FineractCoDevelop_environment.json
Postman Collection : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/G2P%20Sandbox%20Demo%20Prep.json
For transactions:
Then Use "Bulk APIs" => "Batch Transactions" API endpoint from : https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Payment%20Hub.json . Environment https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/Environment/SIT.json
With csv file: https://github.com/openMF/ph-ee-env-template/blob/master/PostmanCollections/ph-ee-bulk-demo-6.csv