Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjustments/configuration for Keycloak >=17.0.0 #25

Open
Wolfsrudel opened this issue Feb 21, 2022 · 6 comments
Open

Adjustments/configuration for Keycloak >=17.0.0 #25

Wolfsrudel opened this issue Feb 21, 2022 · 6 comments

Comments

@Wolfsrudel
Copy link

I tried to deploy the module/ provider in a new Keycloak 17.0.0 installation.
To do this I took the following steps:

cp keycloak-health-checks.jar <keycloak_home>/providers
chown keycloak:keycloak <keycloak_home>/providers/keycloak-health-checks.jar
<keycloak_home>/bin/kc.sh start --auto-build

The provider is deployed and works for filesystem but not for database and infinispan. The following error appears:

curl -s http://localhost:8080/auth/realms/master/health/check | jq -C .
{
  "name": "keycloak",
  "state": "DOWN",
  "details": {
    "database": {
      "connection": "error",
      "message": "Need to specify class name in environment or system property, or in an application resource file: java.naming.factory.initial",
      "state": "DOWN"
    },
    "filesystem": {
      "freebytes": 25301344256,
      "state": "UP"
    },
    "infinispan": {
      "error": "health-check",
      "errorMessage": "javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or in an application resource file: java.naming.factory.initial",
      "state": "DOWN"
    }
  }
}

The database connection is controlled by configuration file (<keycloak_home>/conf/keycloak.conf) and environment variables.

I assume that the module has to be adapted for 17.0.0. Am I right?
@fperot74
Copy link

fperot74 commented Apr 6, 2022

Hi @Wolfsrudel,
I'm interested by an upgrade to KC17 too (or may be KC18 in a few days)... Did you had a chance to resolve these naming issues?

@Wolfsrudel
Copy link
Author

No. I also assume with difficulty that something needs to be done here in terms of programming. A "simple" adjustment in terms of configuration doesn't seem to be enough.

@fperot74
Copy link

fperot74 commented Apr 7, 2022

As answered by @thomasdarimont on keycloak-dev mailing list:

you can already define custom health checks as CDI components for Keycloak-legacy and Keycloak.X if metrics are enabled.
See: https://github.com/thomasdarimont/keycloak-project-example/blob/main/keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/health/CustomHealthChecks.java

Using Kubernetes, I need to check if our devops are able to check responsiveness directly with these metrics but, if not, I think we can replace the DB datasource lookup in DatabaseHealthIndicator by:

protected DataSource lookupDataSource() throws Exception {
	return CDI.current().select(DataSource.class).get();
}

@thomasdarimont
Copy link
Owner

Thanks for the heads-up. I just updated the health-checks for Keycloak 17.0.1 with support for Keycloak-Legacy and Keycloak.X.

@Wolfsrudel
Copy link
Author

You rock! I will try this tomorrow.

@zdykstra
Copy link

zdykstra commented Apr 7, 2022

I was able to use this under Keycloak.X, 17.0.1. The health check URL is now /realms/$realm/health/check, but it otherwise seems to report useable metrics. Is details.infinispan.healthStatus just a rollup of the details.infinispan.cacheDetails[].healthStatus ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@thomasdarimont @Wolfsrudel @zdykstra @fperot74