3:46 p.m.
Hi there,
We were trying to add a LDAP user federation provider with around 5000 users. But the
process crashed with out of memory error:
2018-06-02 06:54:35.900 UTC INFO Sync changed users finished: 393 imported users, 4532
updated users, 8 users failed sync! See server log for more details (Timer-2)
[org.keycloak.storage.ldap.LDAPStorageProviderFactory]
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Brute Force Protector"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Thread-74"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Thread-330"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Periodic Recovery"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Thread-332"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"default task-324"
2018-06-05 07:08:55.594 UTC ERROR java.lang.OutOfMemoryError: Java heap space (default
task-333) [stderr]
Here’re the options we used:
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
-Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman
-Djava.awt.headless=true -Duser.timezone=UTC
From what I read, it seems like Keycloak import users from LDAP to our production database
through a periodic background task.
But I’m not sure what happened in the memory level that caused the OutOfMemory error. Does
keycloak cache all data in memory during the sync process? Is there any configuration I
can set to avoid this error? Is there a user number limit given our JAVA Options?
Any suggestion would be appreciated.
Thanks a lot,
Chenyuan
2:51 a.m.
On 07/08/18 22:46, Chenyuan Zhang wrote:
Hi there,
We were trying to add a LDAP user federation provider with around 5000 users. But the
process crashed with out of memory error:
2018-06-02 06:54:35.900 UTC INFO Sync changed users finished: 393 imported users, 4532
updated users, 8 users failed sync! See server log for more details (Timer-2)
[org.keycloak.storage.ldap.LDAPStorageProviderFactory]
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Brute Force Protector"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Thread-74"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Thread-330"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Periodic Recovery"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"Thread-332"
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread
"default task-324"
2018-06-05 07:08:55.594 UTC ERROR java.lang.OutOfMemoryError: Java heap space (default
task-333) [stderr]
Here’re the options we used:
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
-Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman
-Djava.awt.headless=true -Duser.timezone=UTC
From what I read, it seems like Keycloak import users from LDAP to our production
database through a periodic background task.
But I’m not sure what happened in the memory level that caused the OutOfMemory error.
Does keycloak cache all data in memory during the sync process? Is there any configuration
I can set to avoid this error? Is there a user number limit given our JAVA Options?
We didn't yet try to test LDAP sync with 5000 users. But looks like the
count is not so big, so it's quite strange that there is OOM for this
setup. Few tips:
- If you use periodic synces, you can maybe try to disable periodic sync
temporarily and check if it helps? Or increase the interval of sync?
(For example 1 per day instead of 1 per hour etc)
- Increase memory options and see if it helps
- Disable user cache and see if it helps (or configure user cache
eviction with the lower count of users allowed). See the docs for how to
do it.
Marek
Any suggestion would be appreciated.
Thanks a lot,
Chenyuan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:23 p.m.
Thank you Marek!
Best,
Chenyuan
On 9 Aug 2018, at 2:51 am, Marek Posolda <mposolda(a)redhat.com>
wrote:
> On 07/08/18 22:46, Chenyuan Zhang wrote:
> Hi there,
>
> We were trying to add a LDAP user federation provider with around 5000 users. But the
process crashed with out of memory error:
>
> 2018-06-02 06:54:35.900 UTC INFO Sync changed users finished: 393 imported users,
4532 updated users, 8 users failed sync! See server log for more details (Timer-2)
[org.keycloak.storage.ldap.LDAPStorageProviderFactory]
> Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in
thread "Brute Force Protector"
>
> Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in
thread "Thread-74"
>
> Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in
thread "Thread-330"
>
> Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in
thread "Periodic Recovery"
>
> Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in
thread "Thread-332"
>
> Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in
thread "default task-324"
> 2018-06-05 07:08:55.594 UTC ERROR java.lang.OutOfMemoryError: Java heap space
(default task-333) [stderr]
>
> Here’re the options we used:
>
> JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
-Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman
-Djava.awt.headless=true -Duser.timezone=UTC
>
> From what I read, it seems like Keycloak import users from LDAP to our production
database through a periodic background task.
>
> But I’m not sure what happened in the memory level that caused the OutOfMemory error.
Does keycloak cache all data in memory during the sync process? Is there any configuration
I can set to avoid this error? Is there a user number limit given our JAVA Options?
We didn't yet try to test LDAP sync with 5000 users. But looks like the count is not
so big, so it's quite strange that there is OOM for this setup. Few tips:
- If you use periodic synces, you can maybe try to disable periodic sync temporarily and
check if it helps? Or increase the interval of sync? (For example 1 per day instead of 1
per hour etc)
- Increase memory options and see if it helps
- Disable user cache and see if it helps (or configure user cache eviction with the lower
count of users allowed). See the docs for how to do it.
Marek
>
> Any suggestion would be appreciated.
>
> Thanks a lot,
> Chenyuan
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2344
days inactive
2347
days old
2 comments
2 participants
participants (2)
-
Chenyuan Zhang -
Marek Posolda