<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yap, beside server-stat endpoint Stian talked about we should add
some server-health endpoint also to be used for remote health
monitoring by load balancers or systems like Nagios.<br>
Simple http endpoint without authentication (as it doesn't leak any
sensitive information) is typically simplest way how to do this
monitoring.<br>
<br>
Vl.<br>
<br>
<div class="moz-cite-prefix">On 14.7.2015 05:13, Scott Rossillo
wrote:<br>
</div>
<blockquote
cite="mid:CALAqdu-=pLCvRf73SodrnN5iTNz=5VnHuJ_3_R=tFbb3-eef7A@mail.gmail.com"
type="cite">Some type of health page would be great too for load
balancers to monitor. Something that doesn't leak internal
information but checks behind the scenes that:<br>
1. Server can reach its databas(es) <br>
2. Server cluster sync is working<br>
3. Server can reach federation providers, etc.<br>
Endpoint should respond to get requests and return an http status
reflective of server state. <br>
<br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Jul 13, 2015 at 11:18 AM Stian Thorgersen
<<a moz-do-not-send="true" href="mailto:stian@redhat.com">stian@redhat.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">So looks
like we're at agreement to add the additional info you wanted
to server info page.<br>
<br>
How about we add an additional endpoint server-stat that can
collect some stats about the server?<br>
<br>
----- Original Message -----<br>
> From: "Vlastimil Elias" <<a moz-do-not-send="true"
href="mailto:velias@redhat.com" target="_blank">velias@redhat.com</a>><br>
> To: "Stian Thorgersen" <<a moz-do-not-send="true"
href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>><br>
> Cc: <a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> Sent: Monday, 13 July, 2015 5:06:34 PM<br>
> Subject: Re: [keycloak-dev] Operational monitoring of
Keycloak server<br>
><br>
> Looks like I have to look at WildFly/EAP DMR to see what
is possible to<br>
> do with it, as I'm not sure if it is about remote
monitoring also and<br>
> if/how it can be use from monitoring systems like Splunk.<br>
><br>
> Vl.<br>
><br>
> On 13.7.2015 15:26, Stian Thorgersen wrote:<br>
> > In WildFly/EAP that's DMR right? We're planning to
make Keycloak managable<br>
> > through that as well. For example everything that
goes into<br>
> > keycloak-server.json will eventually be moved to
standalone.xml. Same with<br>
> > admin endpoints, everything you can do there you'll
eventually be able to<br>
> > do through DMR and jboss-cli as well.<br>
> ><br>
> > However, IMO it would make sense to at least expose
Keycloak specific<br>
> > information through the admin endpoints and console
as well. Such number<br>
> > of sessions, etc..<br>
> ><br>
> > ----- Original Message -----<br>
> >> From: "Vlastimil Elias" <<a
moz-do-not-send="true" href="mailto:velias@redhat.com"
target="_blank">velias@redhat.com</a>><br>
> >> To: <a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> >> Sent: Monday, 13 July, 2015 3:17:16 PM<br>
> >> Subject: [keycloak-dev] Operational monitoring
of Keycloak server<br>
> >><br>
> >> Hi,<br>
> >><br>
> >> as we deployed KC to production mode for <a
moz-do-not-send="true" href="https://developers.redhat.com"
rel="noreferrer" target="_blank">https://developers.redhat.com</a><br>
> >> we started to think about operational
monitoring, for example from<br>
> >> Nagios or other systems of this type.<br>
> >><br>
> >> KC user guide doesn't contain any chapter
covering this topic, also no<br>
> >> any success over google search, so looks like KC
doesn't have any<br>
> >> solution for this yet.<br>
> >> But I believe this is an important area which
must be solved when KC is<br>
> >> used for production.<br>
> >><br>
> >> I can imagine monitoring of JDBC connection if
JPA is used, monitoring<br>
> >> of Mongo connection if used as store, monitoring
of LDAP connection if<br>
> >> LDAP federation is used etc.<br>
> >> Also some statistics like numbers of active sso
session, number of<br>
> >> logins per minute etc should be provided there.<br>
> >><br>
> >> Monitoring is not about Keycloak core itself, it
should be available for<br>
> >> extension developers also. For example we
implemented own<br>
> >> UserFederationProvider which calls backend REST
services.<br>
> >> We should be able to add info about this
integration into monitoring<br>
> >> endpoint to be able to catch problems with this
REST API.<br>
> >><br>
> >> It should be probably implemented same way as
used by underlying<br>
> >> WildFly/EAP (JPA/JDBC is probably available for
monitoring there). I'm<br>
> >> not sure if JMX is used there still or if some
new framework is<br>
> >> available for it.<br>
> >> Or KC should use some form of KC REST API for
this, which should be<br>
> >> extended by additional info from KC extensions?<br>
> >><br>
> >> What do you think?<br>
> >><br>
> >> Vlastimil<br>
> >><br>
> >> P.S we have <a moz-do-not-send="true"
href="https://issues.jboss.org/browse/RHD-552"
rel="noreferrer" target="_blank">https://issues.jboss.org/browse/RHD-552</a>
for Red Hat<br>
> >> Developer instance of KC<br>
> >><br>
> >> --<br>
> >> Vlastimil Elias<br>
> >> Principal Software Engineer<br>
> >> <a moz-do-not-send="true"
href="http://jboss.org" rel="noreferrer" target="_blank">jboss.org</a>
Development Team<br>
> >><br>
> >> _______________________________________________<br>
> >> keycloak-dev mailing list<br>
> >> <a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> >> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
> >><br>
><br>
> --<br>
> Vlastimil Elias<br>
> Principal Software Engineer<br>
> <a moz-do-not-send="true" href="http://jboss.org"
rel="noreferrer" target="_blank">jboss.org</a> Development
Team<br>
><br>
><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team</pre>
</body>
</html>