[Hawkular-dev] Should Keycloak integration be optional?

Thomas Segismont tsegismo at redhat.com
Fri Jan 30 04:58:39 EST 2015 

Le 29/01/2015 17:08, Juraci Paixão Kröhling a écrit :
> On 01/29/2015 12:20 PM, Thomas Segismont wrote:
>> >My last point was "The PR makes it impossible to install a metrics
>> >  server without KC". I meant that if one needs to configure and run
>> >a KC server in order to run a metrics server, then many potential
>> >users will not even give it a try. Potential users here are admins
>> >and production-focused developers who are working with combos like
>> >  Grafana/Graphite/collectd
> Sorry for cutting the whole message to just this point, but before
> talking about the other points, I just want to clarify one thing: the

That's ok, as long as we do talk about the other points ;)

>   admin does*not*  need to deal with KC at all when trying things out.
> To run a metrics server, one just runs the start.sh and Keycloak just
> happens to be there as an implementation detail.
>

I know that start.sh does everything so that you get a metrics + KC 
instance up and running. But that is not my point. My point is that many 
admins will not even try the start.sh way if they realize they will 
*have to* install an identity management server to use metrics in the 
long run.

> Once the admin is ready to bring things to production, then Keycloak
> becomes a "concern", like any other backend would be (LDAP, SAML, ...).
>

When you install InfluxDB, carbon/whisper, opentsdb, you don't need to 
install an identity management server, period.

And LDAP, RDBMS, properties file are identity management backends, KC is 
identity management itself.

> Since the demo, I've been looking at how other projects are
> integrating with Keycloak. The common scenario seems to be that their
> Maven profiles build a "distribution" that is Wildfly + Keycloak +
> WARs. So, the user just uncompresses this distribution package and has
> everything ready (this is similar to what we had in GateIn).
>
> Would this be a solution? I remember seeing somewhere that the goal is
> not to be dependent on Wildfly[1], but not sure if this design goal is
> still accurate.
>
> [1]https://developer.jboss.org/wiki/HighLevelRequirements

That would be nice for users who *want* KC.

I can understand that we make KC a runtime requirement for the full 
Hawkular monty, but I can't for metrics alone.

Regards,
Thomas

More information about the hawkular-dev mailing list