Help

4

How does a typical multi-tenancy setup of OpenERP look like?

Avatar
Hiro Kobayashi

I've never used OpenERP and I'm interested in its multi-tenant capabilities.

As I understand it, OpenERP has three application tiers: the database, the application server, and the web server.

If I want to create a working configuration for multiple, independent companies, that however share the core business logic and modules - What would the typical setup look like?

From my research, it seems that a single application server can serve multiple databases.

I guess my initial question is, what part of OpenERP and its components is stored in the database, what part in the application server, and what part in the web server? For instance, where exactly is an uploaded document stored? For instance, if I serve multiple databases with one application server, is access to uploaded documents really restricted based on the database in use?

On top of that, if I use a single application server, can I also only use one web server / client to serve the different databases? There seems to be a dbfilter command that allows to map a hostname to a database. Would it be possible to forward requests with a proxy and is there a way for the web client to differentiate the individual tenants?

And when is it recommended to run multiple application servers instead of one?

Edit: I've just realized that starting with 6.1, OpenERP application server comes with an embedded WSGI server

Avatar
Discard
3 Answers
2
Avatar
Daniel Reis
Best Answer

I would recommend you the following setup:

  1. To secure each company's processes, a distinct system user for each.
  2. A single shared Postgres database server, with a distinct database role for each company. This way each company won't be able to see others databases. 3, A dedicated OpenERP copy for each company, accessible only by the corresponding system user. Each will run it's own server process on a distinct port (ex: 8070, 8071, 8072, etc.)
  3. An upfront webserver, such as Nginx or Apache, acting as a reverse proxy, in order to: provide SSL, map domain names like mycompany.myserver.tld into localhost:port, and could also provide a static data cache and load balancing.

Having distinct Postgres roles for each companies solves the dbfilter issue: each role doesn't even know the the other companies exist. And if you choose for a company to have only the Production database, the database dropdown won't even show, making it simpler for the end user.

At #3, you might think it's a little too much to keep an OpenERP per company, and that it can bring unnecessary extra work every time you want to apply product updates. But:

  • from a security perspective, it's easy to see that it's preferable for each company to have access to it's dedicated copy.
  • From a product maintenance perspective, it also ends up as a better choice: yes it will bring some extra work to update all instances, but you have a choice to do it gradually (and start with less complex companies), or to selectively apply fixes only in the instances that really need it.

By now running three independent server processes is unavoidable, since each one needs to run under a different system user and database role. And that's a good thing: if for some reason one company's process is killed, there's a good chance the others will be unaffected.

Avatar
Discard
1
Avatar
UserBUG
Best Answer

With more than 5 years having passed since this question was raised and also with reference to this discussion (https://www.odoo.com/forum/help-1/question/odoo-as-a-service-in-the-cloud-98059), I also would like to know: With the changes in the recent releases, would you recommend a different approach to multi-tenancy in 2019? What would you do differently - with the database, the application server, the web server?

I'm very much looking forward to your input!

Avatar
Discard
0
Avatar
Sonia
Best Answer

Do you really find a better solution to this problematic?

this is so, can you share it, please.

Avatar
Discard