OpenG2P
diff --git a/‎.gitbook/assets/image (80).png‎
10.4 KB b/‎.gitbook/assets/image (80).png‎
10.4 KB
diff --git a/‎.gitbook/assets/image (81).png‎
23.6 KB b/‎.gitbook/assets/image (81).png‎
23.6 KB
diff --git a/‎SUMMARY.md‎
Lines changed: 4 additions & 4 deletions b/‎SUMMARY.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎pbms-gen2/deployment/configurations.md‎
Lines changed: 42 additions & 0 deletions b/‎pbms-gen2/deployment/configurations.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎pbms-gen2/deployment/domain-names-and-certificates.md‎
Lines changed: 17 additions & 0 deletions b/‎pbms-gen2/deployment/domain-names-and-certificates.md‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎pbms-gen2/deployment/helm-charts.md‎
Lines changed: 0 additions & 2 deletions b/‎pbms-gen2/deployment/helm-charts.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎pbms-gen2/deployment/pbms-3.0.md‎
Lines changed: 189 additions & 0 deletions b/‎pbms-gen2/deployment/pbms-3.0.md‎
Lines changed: 189 additions & 0 deletions
diff --git a/‎pbms-gen2/deployment/pbms-bg-tasks.md‎
Lines changed: 0 additions & 2 deletions b/‎pbms-gen2/deployment/pbms-bg-tasks.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎pbms-gen2/deployment/pbms-helm-charts.md‎
Lines changed: 114 additions & 0 deletions b/‎pbms-gen2/deployment/pbms-helm-charts.md‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎pbms-gen2/deployment/pbms-odoo.md‎
Lines changed: 0 additions & 2 deletions b/‎pbms-gen2/deployment/pbms-odoo.md‎
Lines changed: 0 additions & 2 deletions
@@ -405,15 +405,15 @@
     * [Roles & privileges](pbms-gen2/design/roles-and-privileges.md)
     * [G2P Bridge workflow](pbms-gen2/design/g2p-bridge-workflow.md)
   * [Deployment](pbms-gen2/deployment/README.md)
-    * [PBMS Odoo](pbms-gen2/deployment/pbms-odoo.md)
-    * [PBMS BG Tasks](pbms-gen2/deployment/pbms-bg-tasks.md)
+    * [PBMS 3.0](pbms-gen2/deployment/pbms-3.0.md)
     * [Configurations](pbms-gen2/deployment/configurations.md)
     * [Domain names & certificates](pbms-gen2/deployment/domain-names-and-certificates.md)
-    * [Helm charts](pbms-gen2/deployment/helm-charts.md)
+    * [PBMS Helm Charts](pbms-gen2/deployment/pbms-helm-charts.md)
   * [Developer Zone](pbms-gen2/developer-zone/README.md)
     * [PBMS Helm Chart 4.x](pbms-gen2/developer-zone/pbms-helm-chart-4.x.md)
-    * [Developer Install](pbms-gen2/developer-zone/developer-install.md)
     * [Repositories](pbms-gen2/developer-zone/repositories.md)
+    * [Developer Install](pbms-gen2/developer-zone/developer-install.md)
+    * [PBMS Docker](pbms-gen2/developer-zone/pbms-docker.md)
   * [API Reference](pbms-gen2/api-reference/README.md)
     * [Beneficiary portal APIs](pbms-gen2/api-reference/beneficiary-portal-apis.md)
     * [Agency app APIs](pbms-gen2/api-reference/agency-app-apis.md)
 
@@ -1,2 +1,44 @@
+---
+description: >-
+  The instructions here are related to configuration of base settings for PBMS
+  using the Odoo UI
+---
+
 # Configurations
 
+Once all the pods are in **Running** state we can start interacting with the Odoo UI and configure some base settings.
+
+## Prerequisites
+
+* [ ] The user must have access to PBMS in OpenG2P systems.
+* [ ] The user must be an Administrator on the system
+
+## Configure Minio Object Store
+
+1. Navigate to the minio hostname specified during installation. You can find this in your Rancher namespace by navigating to **Istio -> Virtual Services**, and searching for `minio`
+2. Login using credentials from Rancher **Storage -> Secrets**, search for `minio`
+3. Navigate to the Buckets section in the Minio UI and click **Create Bucket**
+4. Choose an appropriate bucket name (example: `documents`) and click on **Create Bucket**
+
+## Configure PBMS Document Settings
+
+1. Navigate to the pbms hostname specified during installation. You can find this in your Rancher namespace by navigating to **Istio -> Virtual Services**, and searching for `pbms`. Login using credentials from Rancher.
+2. From the top-left Apps icon, go to **Settings -> Technical -> Storage Backend**
+3. Create a new storage backend or update existing ones.
+   * Give the record a name (example: Default S3 Document Store)
+   * Select Backend type as **Amazon S3**
+   * Check the `Is Public` boolean field.
+   * Fill the Amazon S3 section using credentials from Rancher and the bucket name created while [configuring minio](configurations.md#configure-minio-object-store) (it is recomended to use internal url on port 9000, example: `http://minio-pbms:9000`).
+   * Save the record using the top-left odoo save icon.
+
+## Configure Keycloak
+
+1. _To be added_
+
+## Configure PBMS Base Settings
+
+1. Navigate to the pbms hostname specified during installation. You can find this in your Rancher namespace by navigating to **Istio -> Virtual Services**, and searching for `pbms`. Login using credentials from Rancher.
+2. From the top-left Apps icon, go to **Settings** and click on **G2P PBMS Settings** tab from the left sidebar.
+3. Update the URLs for Background Task API and Bridge API from **Rancher -> Istio -> Virtual Services**.
+4. Select the pre-configured Document Store from the dropdown.
+5. Configure Keymanager if required (by default Keymanager is toggled off).
@@ -1,2 +1,19 @@
+---
+description: Domain names and certificates for PBMS
+---
+
 # Domain names & certificates
 
+## Domain names <a href="#domain-names" id="domain-names"></a>
+
+The suggested convention is given below.
+
+`<component>.<environment>.<your org domain>.<tld>`
+
+<table><thead><tr><th width="165">Component</th><th>Example Domain</th></tr></thead><tbody><tr><td>PBMS</td><td><code>pbms.dev.openg2p.org</code></td></tr></tbody></table>
+
+All the above domains point to Nginx IP corresponding to server (virtual host) that routes to Istio Ingress gateway server on [OpenG2P Cluster](https://docs.openg2p.org/deployment/base-infrastructure/openg2p-cluster).
+
+## Certificates
+
+SSL certs for all the above must be available, generally as a wild card certificate for the domain, example. `*.dev.openg2p.org`\
@@ -0,0 +1,189 @@
+---
+description: >-
+  The instructions here pertain to the deployment of PBMS 3.0 and associated
+  components on the Kubernetes cluster using OpenG2P PBMS Helm chart.  All the
+  components are installed in the same namespace.
+---
+
+# PBMS 3.0
+
+## Prerequisites
+
+Before you deploy, make sure the following are in place:
+
+* [ ] Kubernetes cluster is up and running
+* [ ] Nginx server is configured (skip this for OpenG2P-in-a-box)
+* [ ] Namespace is created (via Rancher under a Project)
+* [ ] Project Owner access on the OpenG2P namespace
+* [ ] Istio gateway is set up in the namespace
+
+## Installation using Rancher UI
+
+1. **Log in** to the **Rancher Admin Console** and select your **target cluster**.
+2.  Navigate to **Apps → Repositories** and click **Create** to add a new repository:
+
+    * **Name:** `openg2p`
+    * **Target HTTPS Index URL:** `https://openg2p.github.io/openg2p-helm/rancher`
+    * Click **Create**
+
+    <figure><img src="../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
+3. On the top-right, select the **namespace** where you want to install PBMS.
+4.  To view prerelease charts (if required), click your **user avatar → Preferences → Include Prerelease Versions**.
+
+    <figure><img src="../../.gitbook/assets/image (81).png" alt=""><figcaption></figcaption></figure>
+5.  Navigate to **Apps → Charts** and locate the chart:
+
+    * **Name:** _OpenG2P PBMS (3.0.0)_
+    * **Description:** Installs PBMS Odoo + Postgres, Background Tasks, and Minio
+
+    <figure><img src="../../.gitbook/assets/image (80).png" alt=""><figcaption></figcaption></figure>
+6. Click the chart, choose **version 3.0.0**, and click **Install**.
+7. On the next screen:
+   * **Installation Name:** `openg2p-pbms` (or any preferred name)
+   * Enable **Customise Helmbox before installation** → click **Next**
+8. In the **General Settings** section, configure the following:
+   * **Hostname:** Set the PBMS URL (e.g., `pbms.dev.openg2p.org`)
+   * **PostgreSQL Host:** Provide the hostname of the PostgreSQL instance (or use the internal one if enabled)
+   * **Keycloak Base URL:** Enter your Keycloak URL (e.g., `https://keycloak.openg2p.sandbox.net`)
+   * **Email Service Name:** Provide the email service name used in PBMS
+   * **OIDC Client ID:** Provide the OIDC client ID for PBMS (Odoo)
+   * **OIDC Client Secret:** Provide the OIDC client secret for PBMS (Odoo)
+9. In the **Registry Settings** section:
+   * **Registry DB:** Provide the PostgreSQL database name for Registry
+   * **Registry DB User:** Enter the DB username
+   * **Registry DB Secret:** Specify the Kubernetes secret name containing the DB password
+   * **Registry DB Secret Key:** Enter the key name within the secret containing the user password
+10. In the **Background Task Settings** section (only visible if enabled):
+    * **Celery Beat Producer Frequency:** Set frequency in seconds (e.g., `60`)
+    * **Celery Beat Producer Batch Size:** Set the number of tasks per batch
+    * **Celery Beat Producer Number of Tasks to Process:** Set total tasks per run
+    * **Celery Workers G2P Bridge Base URL:** Provide the Bridge API URL used by Celery Workers
+    * **Celery Workers Batch Size:** Set worker batch size
+11. Configure **Minio Settings** (if applicable):
+    * **Hostname:** e.g., `minio-pbms.dev.openg2p.org`
+    * Enable **Install Minio** and **Enable Minio Persistence**
+12. Click **Next** → go to **Helm Options**.
+    * **Disable the Wait flag**
+13. Click **Install**.
+14. Monitor pods in your namespace until they reach the **Running** state.
+
+    <div align="left"><figure><img src="../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure></div>
+
+## Installation using CLI
+
+1.  Clone the [OpenG2P PBMS Deployment Repository](pbms-helm-charts.md)
+
+    ```
+    git clone https://github.com/OpenG2P/openg2p-pbms-gen2-deployment.git
+    cd openg2p-pbms-gen2-deployment/charts
+    ```
+
+
+2.  Update Helm Dependencies
+
+    ```
+    helm dependency update openg2p-pbms
+    ```
+
+
+3.  Review and update `values.yaml` as needed:
+
+    * `global.hostname`: Public hostname for PBMS (e.g., `pbms.dev.openg2p.org`)
+    * `global.keycloakBaseUrl`: Base URL for Keycloak authentication
+    * `global.postgresqlHost`: PostgreSQL host (e.g., `openg2p-commons-postgresql`)
+    * `global.registryDB*` and `global.pbmsDB*`: Registry and PBMS database credentials
+    * `global.minioInstallationName`: Minio instance for file storage
+    * `odoo.image.tag`: PBMS version or custom image tag
+    * `openg2p-pbms-bg-task-celery-*`: Celery environment variables (frequency, batch size, etc.)
+    * `istio.virtualservice.host`: Hostname when Istio is enabled
+
+    {% hint style="info" %}
+    You can override values inline using `--set` or pass a custom file with `-f`.
+    {% endhint %}
+
+
+4.  Install the Helm chart
+
+    ```
+    helm install <release-name> openg2p-pbms \
+      -f ./values.yaml \
+      -n <namespace>
+    ```
+
+    Replace `<release-name>` with a unique name (e.g., `pbms-dev`) and `<namespace>` with the target Kubernetes namespace.
+5.  Verify deployment
+
+    ```
+    helm status <release-name> -n <namespace>
+    kubectl get pods,svc -n <namespace>
+    ```
+
+
+6.  Upgrade the deployment when changing configuration
+
+    ```
+    helm upgrade <release-name> openg2p-pbms \
+      -f ./values.yaml \
+      -n <namespace>
+    ```
+
+    \
+    You can view current values using:
+
+    ```
+    helm get values <release-name> -n <namespace>
+    ```
+
+{% hint style="info" %}
+To uninstall PBMS from command line:
+
+```
+helm uninstall <release-name> -n <namespace>
+```
+{% endhint %}
+
+## Post-Installation Configuration
+
+1.  Get the Odoo service URL (usually from ingress or Istio VirtualService):
+
+    ```
+    kubectl get svc,ingress -n <namespace>
+    ```
+
+
+2. Log in to Odoo using admin credentials (configured in Keycloak or Odoo setup).
+3. Activate the PBMS modules under **Apps**:
+   * Ensure “OpenG2P PBMS Core”, “OpenG2P PBMS Background Tasks”, and other required extensions are installed.
+   *   Update module list if they aren’t visible:
+
+       ```
+       kubectl exec -it <odoo-pod-name> -n <namespace> -- \
+         odoo -d <database-name> -u all --stop-after-init
+       ```
+
+
+4. Verify background workers:
+   *   Check Celery workers and beat scheduler pods:
+
+       ```
+       kubectl get pods -n <namespace> | grep celery
+       ```
+   * Confirm task queues are registered correctly.\
+
+5. Validate Redis and Minio connectivity:
+   * Ensure Redis pod is running and reachable by the Celery worker.
+   * Verify Minio access credentials match the Helm values and Odoo configuration.
+6. Confirm database migrations:
+   *   Review logs of Odoo pod for any migration errors:
+
+       ```
+       kubectl logs <odoo-pod-name> -n <namespace>
+       ```
+
+
+7.  (Optional) Apply PBMS demo or seed data:
+
+    ```
+    kubectl exec -it <odoo-pod-name> -n <namespace> -- \
+      odoo -d <database-name> -i g2p_pbms_demo
+    ```
@@ -0,0 +1,114 @@
+---
+description: >-
+  Information regarding helm charts for installation for PBMS and all it's
+  dependencies
+---
+
+# PBMS Helm Charts
+
+G2P PBMS (Odoo + Background Tasks) and all its dependencies can be installed using a single [Helm chart](https://github.com/OpenG2P/openg2p-pbms-deployment/tree/4.0/charts/openg2p-pbms) which acts the main chart for PBMS Odoo Core (`odoo`) and references multiple sub-charts.
+
+* `openg2p-pbms-bg-task-api`
+* `openg2p-pbms-bg-task-celery-beat-producers`
+* `openg2p-pbms-bg-task-celery-workers`
+
+### PBMS Core Odoo
+
+The **PBMS Core Odoo** chart is the primary component of the PBMS Helm deployment. It serves as the main Odoo instance for PBMS and includes references to all Background Task sub-charts (API, Celery Beat Producers, and Celery Workers).
+
+This component deploys the Odoo application container image (`openg2p/openg2p-pbms-core`) configured with PostgreSQL, Redis, Keycloak for OIDC authentication, and MinIO for object storage.
+
+#### Key configurations include:
+
+* External PostgreSQL connection (`externalDatabase`) linked to `pbmsdb`.
+* OIDC integration using Keycloak (`oidcIssuerUrl`, `oidcClientId`, `oidcClientSecret`).
+* Environment variables controlling performance, logging, and module behavior.
+* Integration with MinIO (`S3_URL`, `S3_ACCESS_KEY_ID`, `S3_SECRET_ACCESS_KEY`) for media and file storage.
+* Redis service used as a broker for job queues and cache.
+* Optional Istio VirtualService configuration for routing traffic to Odoo.
+
+### PBMS Background Tasks API
+
+The **PBMS Background Tasks API** sub-chart deploys the API service responsible for managing and exposing background task endpoints.\
+It provides an interface layer between PBMS and the asynchronous processing system, handling requests from Odoo and passing task metadata to Celery producers and workers.
+
+#### Key configurations include:
+
+* Uses the PostgreSQL instance defined in the global configuration.
+* Connects to both the **Background Task Database (`bgtaskdb`)** and **Social Registry Database (`registrydb`)**.
+* Configured via environment variables such as:
+  * `BG_TASK_API_DB_HOSTNAME`, `BG_TASK_API_DB_DBNAME`, `BG_TASK_API_DB_USERNAME` for the Background Task DB.
+  * `BG_TASK_API_DB_HOSTNAME_SR`, `BG_TASK_API_DB_DBNAME_SR`, `BG_TASK_API_DB_USERNAME_SR` for the Social Registry DB.
+* Integrates with Keymanager for secure key operations if required.
+
+### PBMS Background Tasks Celery Beat Producers
+
+The **PBMS Background Tasks Celery Beat Producers** sub-chart is responsible for **scheduling and triggering** periodic background tasks.\
+It acts as the “heartbeat” of the background task system, periodically generating task events for Celery Workers to process.
+
+#### Key configurations include:
+
+* Frequency, batch size, and concurrency are controlled by environment variables:
+  * `BG_TASK_CELERY_BEAT_PRODUCER_FREQUENCY`
+  * `BG_TASK_CELERY_BEAT_BATCH_SIZE`
+  * `BG_TASK_CELERY_BEAT_NO_OF_TASKS_TO_PROCESS`
+* Connects to multiple databases:
+  * **PBMS Core DB (`pbmsdb`)**
+  * **Background Task DB (`bgtaskdb`)**
+  * **Social Registry DB (`registrydb`)**
+* Uses Redis as the Celery broker and backend:
+  * `BG_TASK_CELERY_BEAT_CELERY_BROKER_URL`
+  * `BG_TASK_CELERY_BEAT_CELERY_BACKEND_URL`
+
+This component ensures continuous and reliable task dispatching to maintain workflow execution in the PBMS ecosystem.
+
+### PBMS Background Tasks Celery Workers
+
+The **PBMS Background Tasks Celery Workers** sub-chart handles **asynchronous execution** of the tasks generated by Celery Beat Producers and the API.\
+Each worker consumes jobs from the Redis queue and performs operations such as data synchronization, eligibility computation, and background updates.
+
+#### Key configurations include:
+
+* Batch and concurrency control: `BG_TASK_CELERY_WORKERS_BATCH_SIZE`.
+* Multi-database connectivity:
+  * **PBMS DB**, **Background Task DB**, **Social Registry DB**, and asynchronous Postgres connections (`postgresql+asyncpg`).
+* Redis as Celery’s broker and backend for reliable task delivery and tracking.
+* Keymanager integration for cryptographic operations (e.g., signing keys, secure access tokens).
+
+Environment variables manage:
+
+* Async DB connection (`BG_TASK_CELERY_WORKERS_DB_DRIVER_ASYNC`, `BG_TASK_CELERY_WORKERS_DB_USERNAME_ASYNC`).
+* Security and Keymanager access (`BG_TASK_CELERY_WORKERS_SIGN_KEY_KEYMANAGER_APP_ID`, `BG_TASK_CELERY_WORKERS_KEYMANAGER_API_BASE_URL`, etc.).
+
+## Database
+
+The PBMS Helm chart provisions a shared **PostgreSQL** instance used by both the **PBMS Core Odoo** and **Background Tasks** components. The database runs in the same Kubernetes namespace as the application stack and is automatically initialized via the `postgres-init` job. This ensures that all required databases, users, and secrets are created before Odoo and Background Task pods start.
+
+Two distinct databases are configured for separation of concerns:
+
+* **`pbmsdb`** — the primary database for the PBMS Odoo instance.
+* **`bgtaskdb`** — the dedicated database for Background Task components (API, Celery Beat Producers, and Celery Workers).
+
+Database connection details, usernames, and secrets are defined under the `global` values section in the Helm chart and templated per release using Helm’s `tpl` function. Key parameters include:
+
+* **Global DB variables**
+  * `global.postgresqlHost`: internal PostgreSQL service hostname (e.g., `openg2p-commons-postgresql`)
+  * `global.pbmsDB`, `global.pbmsDBUser`, `global.pbmsDBSecret`, `global.pbmsDBUserPasswordKey`: for the Odoo database
+  * `global.pbmsBgTaskDB`, `global.pbmsBgTaskDBUser`, `global.pbmsBgTaskDBSecret`, `global.pbmsBgTaskDBUserPasswordKey`: for the Background Tasks database
+* **Database initialization (`postgres-init`)**
+  * Automatically provisions both `pbmsdb` and `bgtaskdb` with corresponding users.
+  *   References the global secret templates for credential management:
+
+      ```
+      - name: '{{ tpl .Values.global.pbmsDB $ }}'
+        user: '{{ tpl .Values.global.pbmsDBUser $ }}'
+        secret: '{{ tpl .Values.global.pbmsDBSecret $ }}'
+      - name: '{{ .Release.Name }}_bgtask_db'
+        user: '{{ .Release.Name }}_bgtask_db_user'
+        secret: '{{ .Release.Name }}-bgtask'
+      ```
+  * The root PostgreSQL password is read from the existing secret `openg2p-commons-postgresql`.
+
+All PBMS components — Odoo, API, Celery Beat Producers, and Celery Workers — connect to PostgreSQL using these templated credentials via their respective `envVars` sections. This allows consistent configuration and automatic secret injection across sub-charts.
+
+By maintaining separate databases under a shared PostgreSQL service, the Helm chart provides both **operational isolation** (between synchronous and asynchronous workloads) and **deployment simplicity**, while leveraging Kubernetes Secrets for secure credential management.