Some type of health page would be great too for load balancers to monitor. Something that doesn't leak internal information but checks behind the scenes that:<br>1. Server can reach its databas(es) <br>2. Server cluster sync is working<br>3. Server can reach federation providers, etc.<br>Endpoint should respond to get requests and return an http status reflective of server state. <br><br><div class="gmail_quote"><div dir="ltr">On Mon, Jul 13, 2015 at 11:18 AM Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So looks like we're at agreement to add the additional info you wanted to server info page.<br>
<br>
How about we add an additional endpoint server-stat that can collect some stats about the server?<br>
<br>
----- Original Message -----<br>
> From: "Vlastimil Elias" <<a href="mailto:velias@redhat.com" target="_blank">velias@redhat.com</a>><br>
> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> Sent: Monday, 13 July, 2015 5:06:34 PM<br>
> Subject: Re: [keycloak-dev] Operational monitoring of Keycloak server<br>
><br>
> Looks like I have to look at WildFly/EAP DMR to see what is possible to<br>
> do with it, as I'm not sure if it is about remote monitoring also and<br>
> if/how it can be use from monitoring systems like Splunk.<br>
><br>
> Vl.<br>
><br>
> On 13.7.2015 15:26, Stian Thorgersen wrote:<br>
> > In WildFly/EAP that's DMR right? We're planning to make Keycloak managable<br>
> > through that as well. For example everything that goes into<br>
> > keycloak-server.json will eventually be moved to standalone.xml. Same with<br>
> > admin endpoints, everything you can do there you'll eventually be able to<br>
> > do through DMR and jboss-cli as well.<br>
> ><br>
> > However, IMO it would make sense to at least expose Keycloak specific<br>
> > information through the admin endpoints and console as well. Such number<br>
> > of sessions, etc..<br>
> ><br>
> > ----- Original Message -----<br>
> >> From: "Vlastimil Elias" <<a href="mailto:velias@redhat.com" target="_blank">velias@redhat.com</a>><br>
> >> To: <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> >> Sent: Monday, 13 July, 2015 3:17:16 PM<br>
> >> Subject: [keycloak-dev] Operational monitoring of Keycloak server<br>
> >><br>
> >> Hi,<br>
> >><br>
> >> as we deployed KC to production mode for <a href="https://developers.redhat.com" rel="noreferrer" target="_blank">https://developers.redhat.com</a><br>
> >> we started to think about operational monitoring, for example from<br>
> >> Nagios or other systems of this type.<br>
> >><br>
> >> KC user guide doesn't contain any chapter covering this topic, also no<br>
> >> any success over google search, so looks like KC doesn't have any<br>
> >> solution for this yet.<br>
> >> But I believe this is an important area which must be solved when KC is<br>
> >> used for production.<br>
> >><br>
> >> I can imagine monitoring of JDBC connection if JPA is used, monitoring<br>
> >> of Mongo connection if used as store, monitoring of LDAP connection if<br>
> >> LDAP federation is used etc.<br>
> >> Also some statistics like numbers of active sso session, number of<br>
> >> logins per minute etc should be provided there.<br>
> >><br>
> >> Monitoring is not about Keycloak core itself, it should be available for<br>
> >> extension developers also. For example we implemented own<br>
> >> UserFederationProvider which calls backend REST services.<br>
> >> We should be able to add info about this integration into monitoring<br>
> >> endpoint to be able to catch problems with this REST API.<br>
> >><br>
> >> It should be probably implemented same way as used by underlying<br>
> >> WildFly/EAP (JPA/JDBC is probably available for monitoring there). I'm<br>
> >> not sure if JMX is used there still or if some new framework is<br>
> >> available for it.<br>
> >> Or KC should use some form of KC REST API for this, which should be<br>
> >> extended by additional info from KC extensions?<br>
> >><br>
> >> What do you think?<br>
> >><br>
> >> Vlastimil<br>
> >><br>
> >> P.S we have <a href="https://issues.jboss.org/browse/RHD-552" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/RHD-552</a> for Red Hat<br>
> >> Developer instance of KC<br>
> >><br>
> >> --<br>
> >> Vlastimil Elias<br>
> >> Principal Software Engineer<br>
> >> <a href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a> Development Team<br>
> >><br>
> >> _______________________________________________<br>
> >> keycloak-dev mailing list<br>
> >> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> >> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> >><br>
><br>
> --<br>
> Vlastimil Elias<br>
> Principal Software Engineer<br>
> <a href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a> Development Team<br>
><br>
><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote></div>