running 2 different keycloak clusters sharing the same database ( 1 cluster to create new realms, and another for all other access)
10:06 p.m.
Hi,
Have a weird question, I want to run 2 different keycloak clusters, one for creating
realms and another for accessing realms/login and all other activity.
Is this kind of setup possible, have any body tried it before?
The 1st cluster just takes requests for provisioning new realms and any one time setup
(like creating the admin user in realm, giving him specific access only etc)
After that, all interactions login, token creating, provisioning further user etc will
take place through the other cluster..
I see that realm creation in my case ( realm has few user groups, client scopes, mappers
(java script mapper), other custom mappers, about 10 clients, client specific roles etc)
is a cpu intensive process and realm creation when we have about 80 to 100 relams(tenants)
takes any where between 20 to 30 sec with cpu usage spiking to 100%.
So, wanted to test if having a separate instance/cluster for realm creation will help and
ease the load on other cluster which servers typical login/logout and all other requests.
Any insights here will be much appreciated.
- Would like to know if this could corrupt the keycloak schema?- I am ok if the new realms
are not eagerly loaded in infispan cache (of the other cluster which handles regular
request), but this should start loading the new realm the moment a login request comes ( i
am ok for the first few logins to be slow).
RegardsMadhu
9:58 a.m.
Hello Madhu,
Technically, these don't need to be separate "clusters". Clustering in
Keycloak assumes that all the nodes should be the members of the same Infinispan pool. But
you can configure your loadbalancer so that requests to a special hostname (like eg.
"admin.your-domain.tld") are dispatched to a subset of dedicated nodes.
But the overall approach seems suboptimal to me. While not performing admin tasks like
creating realms, your dedicated nodes will stay idle and just eat RAM. I'd rather
suggest that you consider the scenario where your loadbalancer should monitor node CPU
load via e.g. SNMP, and use that metrics for dynamic round-robin load-balancing.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Wed, 2018-11-21 at 04:06 +0000, Madhu wrote:
Hi,
Have a weird question, I want to run 2 different keycloak clusters, one for creating
realms and another for accessing realms/login and all other activity.
Is this kind of setup possible, have any body tried it before?
The 1st cluster just takes requests for provisioning new realms and any one time setup
(like creating the admin user in realm, giving him specific access only etc)
After that, all interactions login, token creating, provisioning further user etc will
take place through the other cluster..
I see that realm creation in my case ( realm has few user groups, client scopes, mappers
(java script mapper), other custom mappers, about 10 clients, client specific roles etc)
is a cpu intensive process and realm creation when we have about 80 to 100 relams(tenants)
takes any where between 20 to 30 sec with cpu usage spiking to 100%.
So, wanted to test if having a separate instance/cluster for realm creation will help and
ease the load on other cluster which servers typical login/logout and all other requests.
Any insights here will be much appreciated.
- Would like to know if this could corrupt the keycloak schema?- I am ok if the new
realms are not eagerly loaded in infispan cache (of the other cluster which handles
regular request), but this should start loading the new realm the moment a login request
comes ( i am ok for the first few logins to be slow).
RegardsMadhu
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2231
days inactive
2231
days old
1 comments
2 participants
participants (2)
-
Dmitry Telegin -
Madhu