<div dir="ltr">I think you can ping <a href="http://localhost:8080/auth/">http://localhost:8080/auth/</a> - until you get 200 OK.<div><br></div><div>Don't forget the final / in the url, otherwise you'll get 303 See Other rather than 200 OK.<div><div><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 21, 2016 at 4:02 PM, John Dennis <span dir="ltr"><<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 06/21/2016 09:34 AM, Bill Burke wrote:<br>
><br>
><br>
> On 6/21/16 8:21 AM, John Dennis wrote:<br>
>><br>
>> The "wait for full initialization" problem is not new to us with<br>
>> daemons. It's come up a number of times with IPA and other daemons we<br>
>> work with. The way we've dealt with it is to have our service scripts<br>
>> that start and stop services write to one of the primary sockets and<br>
>> only when it gets a valid response back conclude the service is in fact<br>
>> up (handling timeouts of course). Systemd came along later and might<br>
>> have some support for socket detection, I'll investigate that option.<br>
>><br>
><br>
> This is good feedback. I'm not sure what you mean by writing to a<br>
> primary socket. You mean HTTP(S) 80/443? I'm pretty sure HTTP(S)<br>
> sockets are set up before Keycloak is even deployed. This is because<br>
> internally Keycloak has a dependency on HTTP subsystem and won't be<br>
> initialized until that subsystem is started.<br>
<br>
</span>Sorry, I guess I wasn't clear. What I meant was to send a request and<br>
wait for a valid response. It makes sense the servlet container would<br>
have it's listening sockets set up much earlier but Keycloak won't<br>
respond to a request on a valid endpoint until it's fully initialized.<br>
<br>
What I was trying to describe was something like this, a loop iterates<br>
trying to send a request, it ignores common socket errors, if a valid<br>
response is received it terminates the loop with a success status. If<br>
after a specified time interval or iteration count a valid response has<br>
not been received it terminates the loop with a failure status.<br>
<br>
Of course this means there is some endpoint which does not require<br>
authentication nor has any side-effect. I'm guessing the REST API<br>
exposes something which could be used for this purpose but I haven't<br>
looked into it.<br>
<span class=""><br>
> Can you parse System output for a specific string? Is that viable?<br>
> I'll ping Wildfly team to see how they've handled stuff like this.<br>
<br>
</span>Trying to parse the log is problematic. Normally the log is appended to<br>
(until log rotation occurs). It could be tricky to identify the matching<br>
log message associated with the server lifetime. Also in some scenarios<br>
log messages may not be flushed immediately, especially if logging is<br>
configured to go to a network location. It also would make the service<br>
script dependent on knowing the logging configuration and exact messages<br>
to look for which may change between versions, a maintenance issue.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
John<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br></div>