-
Notifications
You must be signed in to change notification settings - Fork 48
Home
Michael J. Giarlo edited this page Jun 6, 2017
·
29 revisions
In Hyku, each tenant is managed by an Account
. Account
segments the application data as follows:
- First, a unique identifier for the tenant (a random UUID) is generated
- The
Apartment
gem is used to segment the application database. In the PostgreSQL database, this segmentation occurs via database schemas. So, each Hyku tenant stores its data in its own database schema. (NOTE: Apartment also calls these segments "tenants". But, in Hyku, a tenant encompasses a bit more, as you will see below.)- It is worth noting that most models become scoped to an
Apartment
tenant (i.e. they apply to a specific tenant's database schema). However,Account
is a global model, as it manages the tenant.
- It is worth noting that most models become scoped to an
- A Solr Collection is created specific to the tenant (named with the tenant UUID). All objects in this tenant will be indexed into that collection.
- A Fedora Container is created specific to the tenant (named with the tenant UUID). All objects in this tenant will be stored in this container.
- A Redis namespace is created specific to the tenant (named with the tenant UUID).
- A
Site
is created on the tenant. TheSite
corresponds to this tenant's Hyku application (and is configured to use the defined database schema, Solr collection, Fedora container, etc).Site
is a singleton that we use to effectively namespace, e.g.,application_name
values.
Other models to be aware of:
- Application users are managed by the
User
model. EachUser
has one or moreRoles
.Users
are defined within a tenant scope (usingApartment
). So, if a user has a login for multiple Sites, those logins are stored separately (and may have different passwords, etc). - Some
Roles
are scoped toSites
; some aren't. There is a many-to-many relationship betweenRoles
andUsers
. We currently have twoRoles
defined: Site admins and SuperAdmins. SuperAdmins can create/manage tenants, while a Site admin is only an admin in a specific tenant. -
Abilities
useRoles
to make authorization decisions onResources
(terminology from the rolify gem).
- Flip the
multitenancy.enabled
setting in config/settings.yml totrue
(but don't commit this later)multitenancy: enabled: true
- To support a multitenant setup locally, you'll need to ensure your localhost can respond to multiple subdomains (as each tenant is a subdomain). There's a few options for doing so:
- Option 1: Use the
lvh.me
registered domain (which just points at 127.0.0.1) as your configuredmultitenancy.admin_host
in config/settings.yml. This will mean that your main application will be available at http://lvh.me:3000 and a tenant named "test" would be at http://test.lvh.me:3000multitenancy: ... admin_host: lvh.me
- Option 2: Use dnsmasq per http://evans.io/legacy/posts/wildcard-subdomains-of-localhost/. (Tested successfully on Ubuntu.)
- Option 3: Set up some localhost IPs (one per tenant) in
/etc/hosts
(or similar), e.g.:127.0.2.1 foo 127.0.3.1 bar
- On OSX 10.11.6, it was also necessary to turn off
System Preferences > Security & Privacy > Firewall
and/or disable low level packet filtering to allow connections to the additional local IPs, as documented here:sudo pfctl -d
- On OSX 10.11.6, it was also necessary to turn off
- Option 1: Use the
- When starting Hyku, be sure to bind the rails server to 0.0.0.0 so that all of your tenants respond to HTTP requests:
rails s -b 0.0.0.0
- To manage your tenants, you'll want to have at least one superadmin user. This user must be a "global" user (i.e. not specific to a tenant).
- To create a "global" user, click the "Administrator Login" link in the footer of the homepage. Then click "Sign up" to create a global user account.
- After that, you'll need to grant your global user "superadmin" rights via the following rake task: (Note: The square brackets around the email address are required)
rake superadmin:grant[[email protected]]
- You can now login as a superadmin using the "Administrator Login" option in the footer. Once logged in, you'll be able to create a new repository (i.e. tenant) or see currently existing tenants via an "Accounts" menu option in header.