Hosting on RDS

richb201

Has anyone had any success in self hosting on AWS RDS? Were there any instructions to hook up to RDS instead of a local copy of mySQL (or Postgres)?

dan

Hi @richb201 ,

I just did this for a video showing how to add/remove nodes to a FusionAuth cluster ( https://www.youtube.com/watch?v=y6bPjqP4Dzk ).

You want to do a few things:

1. Set up RDS in such a way that your FusionAuth node can connect to it.
2. Run the database scripts against the RDS instance: https://fusionauth.io/docs/v1/tech/installation-guide/fusionauth-app/#advanced-installation
3. Configure the username, password and URL in the fusionauth configuration to point to the RDS instance. https://fusionauth.io/docs/v1/tech/reference/configuration/ (database username, database password, database url). Because you are running the sql scripts manually, you won't need the root username/pw.

HTH.

richb201

OK. Dan, I have a fusionauth dir on my RDS mysql. But when I go to myURL:9011 it asks for my userid and password. Then it opens to this screen.

What is missing is my hard won FA setup from my local server. What do I need to copy up to the RDS to get my existing FA config up on RDS?

dan

@richb201

If you set it up manually on your local server, you will have to manually copy the changes up.

If you scripted your changes, you should be able to run those changes against your new server.

This forum post has more info: https://fusionauth.io/community/forum/topic/549/how-can-we-migrate-fusionauth-configuration-from-dev-qa-to-prod?_=1612832204162

dan

There is this open issue which addresses some of the migration concerns; please feel free to vote it up if it is of interest.

richb201

Thanks Dan. I have been battling with Docker to get AWS Secrets Manager going and I am just about done. I will be moving over the VMware. I have loaded a vbox on my laptop (even though I am already in Linux) so I can do complete install on it. I will still be using RDS.

Can you point me at any docs you have for installing in a vmWare box? How does it work with multiple instances? I am using passwordless and I will need to specify the address of fa:9011 for each box. Or would you suggest just one copy a fa?

richb201

Turns out that AWS uses Docker not vmWare so I'm back to docker.

dan

Ah, makes sense. We don't have specific VMware instructions; I'd imagine it'd work with a zipfile. But it sounds like you figured it out.

richb201

I am back to Docker but still having issues my FA docker install no longer working. Here is the database ENV I am using. Does this normal?

  DATABASE_URL: jdbc:mysql://database-2.cwymdn16cxes.us-east-1.rds.amazonaws.com/fusionauthdb

dan

Looks good to me. Probably a good idea to make sure you can connect to that database with the username and password you set in the environment from your container. RDS instances are behind a security group, so you need to make sure your requests can get through that.

I do see you shared more of the error message on another thread. Maybe you need to add the port number (:3306, just before /fusionauthdb) ?

I'm not going to mention this more than once, but wanted to let you know that you can get a FusionAuth Cloud server provisioned and maintained for as little as $75/month (pricing correct as I write this). Not sure how much time you are spending getting your remote server up and running, but it may be worth considering .

richb201

@dan

I agree this is getting way too painful.

I changed back to using my local mysql. For some reason silent config mod is still showing its "ugly" face.

---------------------------------- Entering Silent Configuration Mode -----------------------------------
---------------------------------------------------------------------------------------------------------

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.inversoft.lang.ClassLoaderTools (file:/usr/local/fusionauth/fusionauth-app/web/WEB-INF/lib/inversoft-database-0.5.2.jar) to method java.net.URLClassLoader.addURL(java.net.URL)
WARNING: Please consider reporting this to the maintainers of com.inversoft.lang.ClassLoaderTools
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Could be because I no longer have my fa table. I am not sure what happened to it? Clearly this problem is way above my "pay grade".

I relaunched my Ec2 instance and now I am able to at least use URL:9011 and the UI opens up.

But I still get the error above when I "docker up".

dan

Are you talking about the Illegal reflective access error message?

richb201

yes, for one thing.

dan

You can safely ignore that. It's a java warning based on some of the libraries on which we depend, I believe. If you can provide the version of java you are using and the OS version, I can file a bug.

richb201

Dan, I moving this discussion up to github since it seems to be an issue possibly with fusionauth/fusionauth-app:1.19.7 or perhaps the config of RDS.

One more thing. I do not have a mysql image in my docker container. This was taken out because of the use of RDS, but I am not sure FA can tolerate this?

richb201

I believe that this issue was solved. Seems that I was getting confused between the DATABASE_USERNAME and the DATABASE_ROOT_USERNAME. This was causing the error count to exceed the default. I think all is AOK. Thanks.

dan

Thanks awesome @richb201 !

I'm glad you were able to sort it out!