On 04/03/16 16:34, Bill Burke wrote:
There's a minimum of 4 Http Requests.  There is about 6 SQL queries to load a user.  So, if there is 2 nodes, you have minimum 12 queries for an uncached user. It really all depends how big the cache can be.  Couldn't a million users be cached on a pretty inexpensive box?  My laptop has 32 gig ram.  10K per user is 10 gigs for a million users.

Then, depending on UserSession ownership setting, you have pulling/grabbing/replication of the client sessions as you hop between nodes.  This is the one that can't be fixed.  I don't know how much of a big deal it is.
Just one important thing about how distributed infinispan caches work by default. I think it's quite important and may not be obvious, so writing it here just for case. Feel free to ignore if you're already aware of it.

If you have numOwners=1 in configuration and on node1 you call:

cache.put("session-id1", userSession1);

It doesn't mean that session is automatically saved on the local node (node1 in this case). Session can be saved internally on node2 and when you call on node1:

cache.get("session-id1");

you may always have some remote cluster calls to lookup session from node2.

It seems by default infinispan decides just based on the hash of key (sessionId in our case). Hopefully it's possible to change this behaviour by use some custom hash factory : http://infinispan.org/docs/8.2.x/user_guide/user_guide.html#_hashing_algorithms . IMO we should first investigate this, otherwise we may end with situation when we implement sticky sessions support, but there won't be any performance gain regarding userSessions lookup because of this infinispan behaviour.

Marek

On 3/4/2016 10:18 AM, Stian Thorgersen wrote:
Users are cached so that helps + it's possible to load balance based on source address. Do you really think that a lot of people will run that many nodes in either case?

On 4 March 2016 at 14:52, Bill Burke <bburke@redhat.com> wrote:
I"m not sure how well keycloak would scale without this.


On 3/4/2016 7:15 AM, Stian Thorgersen wrote:
Eventually it would be nice to support the ability for load balancers to send all requests for a particular user session to the same node (browser as well as client requests).


Is this a high priority for 1.9 or should it be 2.x? We may be able to put it into 1.9.2 if required.

I'd like feedback on how useful folks think it would be as well as feedback on the proposed implementation.


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user