Does FusionAuth support high availability database configurations?
-
With a primary/secondary and replication, to ensure availability of the user identity management service?
-
Yes. We don't have any specific guidance around using MySQL and PostgreSQL in an high availability configuration. However, it should work. This document discusses the various possible architectures at a high level: https://fusionauth.io/docs/v1/tech/installation-guide/server-layout
It is worth noting that MySQL group replication will not work. It requires a primary key on each table. We do not meet this requirement and have no plans to adjust the schema for this style of replication to work. Other types of replication that do not require a PK on every table should work.
The particulars of DB clustering are outside of the scope of what we can assist with, however.
-
@dan there's one important case not covered in those docs - a high-availability database configuration with a single write-instance and one (or many) read-instances (or replicas.)
Does FusionAuth support this? Typically support means that read-only queries are routed to this read-replica by the application, in order to reduce querying load on the primary write instance.
-
Hi Kevin.
FusionAuth does not support one read instances and many read replicas at this time.
We've done some load testing and if you scale your database vertically enough, and have enough servers in front of it, FusionAuth can handle 2000 registrations/second. This is with one primary database and a standby for failover.
Since most of the traffic to an auth server is login events, and most of the work of a login is a password hash, which is designed to be idempotent and slow enough to prevent credential stuffing, it would make sense that the typical weak link would be CPU power, not the database.
This is in contrast this with a more typical web application, in which the database is probably the limiting factor.
All that said, if you are interested in seeing FusionAuth have built in support for separating out reads and writes, feel free to open a github issue: https://github.com/fusionauth/fusionauth-issues/issues with more details.
-
@dan thanks for the response - yeah we are performing load testing currently and FusionAuth is performing excellently. For reference we've got it running containerized on 1 core of an amazon c6a.large instance, with about 1700mb memory, and getting 60 registrations per second, p50 response time of 65ms.
-
@kevin-mahoney Awesome, thanks for sharing the numbers, that's great to hear!
If I may ask, what is the p95 response time for that load test?
-
@dan 160ms
