[keycloak-dev] client query caches getting complicated
Bill Burke
bburke at redhat.com
Wed Feb 17 13:04:52 EST 2016
Eviction policies don't solve it. I spelled out why in the original post.
On 2/17/2016 12:46 PM, Pedro Igor Silva wrote:
> ISPN also provides an eviction policies to avoid undesired memory consumption. Not sure if that helps to what you said about "the more clients that get added, keycloak gets slower and slower".
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, February 17, 2016 3:11:08 PM
> Subject: [keycloak-dev] client query caches getting complicated
>
> Currently, adding or deleting a client, or updating a realm causes
> invalidation/eviction of the realm and all clients in that realm. To
> make matters worse, the next time the realm is accessed, it queries and
> loads each client and its relationships. Why do we do this? When a
> realm invalidation happens, the cache has no idea if the realm is just
> being updated or removed entirely from the DB. With a realm removal, you
> also need to evict the cache of all clients within the realm. So, a
> cached realm MUST have a list of all clients within it. As a result,
> the more clients that get added, keycloak gets slower and slower.
> Eventually though the cache stabilizes after inserts/update/deletes
> subside and we get back to normal performance, but you can see a nasty
> blip for a little bit.
>
> I think i have a couple of solutions for this:
>
> * Create a separate client cache. Client keys would be
> "{realm.id}.{client.id}". Iterate on all client keys, and evict those
> that start with the realm id.
> * Or, do a DB query for all clients of the realm.
>
> I'm giving this until end of day to see if I can get a good solution,
> otherwise i'm aborting.
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list