[keycloak-dev] server start up errors

John Dennis jdennis at redhat.com
Tue Jun 21 10:02:48 EDT 2016 

On 06/21/2016 09:34 AM, Bill Burke wrote:
>
>
> On 6/21/16 8:21 AM, John Dennis wrote:
>>
>> The "wait for full initialization" problem is not new to us with
>> daemons. It's come up a number of times with IPA and other daemons we
>> work with. The way we've dealt with it is to have our service scripts
>> that start and stop services write to one of the primary sockets and
>> only when it gets a valid response back conclude the service is in fact
>> up (handling timeouts of course). Systemd came along later and might
>> have some support for socket detection, I'll investigate that option.
>>
>
> This is good feedback.  I'm not sure what you mean by writing to a
> primary socket.  You mean HTTP(S) 80/443?  I'm pretty sure HTTP(S)
> sockets are set up before Keycloak is even deployed.  This is because
> internally Keycloak has a dependency on HTTP subsystem and won't be
> initialized until that subsystem is started.

Sorry, I guess I wasn't clear. What I meant was to send a request and 
wait for a valid response. It makes sense the servlet container would 
have it's listening sockets set up much earlier but Keycloak won't 
respond to a request on a valid endpoint until it's fully initialized.

What I was trying to describe was something like this, a loop iterates 
trying to send a request, it ignores common socket errors, if a valid 
response is received it terminates the loop with a success status. If 
after a specified time interval or iteration count a valid response has 
not been received it terminates the loop with a failure status.

Of course this means there is some endpoint which does not require 
authentication nor has any side-effect. I'm guessing the REST API 
exposes something which could be used for this purpose but I haven't 
looked into it.

> Can you parse System output for a specific string?  Is that viable?
> I'll ping Wildfly team to see how they've handled stuff like this.

Trying to parse the log is problematic. Normally the log is appended to 
(until log rotation occurs). It could be tricky to identify the matching 
log message associated with the server lifetime. Also in some scenarios 
log messages may not be flushed immediately, especially if logging is 
configured to go to a network location. It also would make the service 
script dependent on knowing the logging configuration and exact messages 
to look for which may change between versions, a maintenance issue.


-- 
John

More information about the keycloak-dev mailing list