[Hawkular-dev] Should Keycloak integration be optional?

Thomas Heute theute at redhat.com
Fri Jan 30 06:22:12 EST 2015 


On 01/30/2015 10:58 AM, Thomas Segismont wrote:
> Le 29/01/2015 17:08, Juraci Paixão Kröhling a écrit :
>> On 01/29/2015 12:20 PM, Thomas Segismont wrote:
>>>> My last point was "The PR makes it impossible to install a metrics
>>>>   server without KC". I meant that if one needs to configure and run
>>>> a KC server in order to run a metrics server, then many potential
>>>> users will not even give it a try. Potential users here are admins
>>>> and production-focused developers who are working with combos like
>>>>   Grafana/Graphite/collectd
>> Sorry for cutting the whole message to just this point, but before
>> talking about the other points, I just want to clarify one thing: the
>
> That's ok, as long as we do talk about the other points ;)
>
>>    admin does*not*  need to deal with KC at all when trying things out.
>> To run a metrics server, one just runs the start.sh and Keycloak just
>> happens to be there as an implementation detail.
>>
>
> I know that start.sh does everything so that you get a metrics + KC
> instance up and running. But that is not my point. My point is that many
> admins will not even try the start.sh way if they realize they will
> *have to* install an identity management server to use metrics in the
> long run.
>
>> Once the admin is ready to bring things to production, then Keycloak
>> becomes a "concern", like any other backend would be (LDAP, SAML, ...).
>>
>
> When you install InfluxDB, carbon/whisper, opentsdb, you don't need to
> install an identity management server, period.

They are also not multi-tenant solutions AFAIK. I don't see Metrics 
competing with the solution mentioned, actually we looked into those to 
use as underlying solution.

That said I am fine not providing security within Metrics and have it 
part of Hawkular only if we can. I am much more hesitant providing 
multiple stacks for multiple purposes as it makes testing much more 
complicated.

Thomas

>
> And LDAP, RDBMS, properties file are identity management backends, KC is
> identity management itself.
>
>> Since the demo, I've been looking at how other projects are
>> integrating with Keycloak. The common scenario seems to be that their
>> Maven profiles build a "distribution" that is Wildfly + Keycloak +
>> WARs. So, the user just uncompresses this distribution package and has
>> everything ready (this is similar to what we had in GateIn).
>>
>> Would this be a solution? I remember seeing somewhere that the goal is
>> not to be dependent on Wildfly[1], but not sure if this design goal is
>> still accurate.
>>
>> [1]https://developer.jboss.org/wiki/HighLevelRequirements
>
> That would be nice for users who *want* KC.
>
> I can understand that we make KC a runtime requirement for the full
> Hawkular monty, but I can't for metrics alone.
>
> Regards,
> Thomas
> _______________________________________________
> hawkular-dev mailing list
> hawkular-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hawkular-dev
>

More information about the hawkular-dev mailing list