Keycloak Qarkus Support

[raul-verdi]

Description

Trying to add metrics to Keycloak. Followed the instructions, it would seem the service provider is not loaded by Keycloak. Tried with widfly keycloak and that works.

Expected Behavior

Expect metrics in endpoint <url>/auth/realms/<realm>/metrics

Actual Behavior

Curl to <url>/auth/realms/<realm>/metrics results in 404

Environment

• Operating system: Mac OS host, keycloak deployed Docker running on Ubuntu 18.04
• Keycloak: 17 (quarkus)

Steps to reproduce

1. Download latest version .jar, at the time of this writing it is 2.5.3
2. Copy it to the container on /opt/keycloak/standalone/deployments/. Tried it out on build and runtime (just in case)
3. Set the name with .dodeploy
4. Start Keycloak

If there is anything else you need, please let me know. If I find something from the Quarkus side, I'll make sure to also share it here.

[williancolognesitrimble]

Actually in Keycloak 17 the metrics are exported without the prefix /auth that were removed by Keycloak release.

But from my tests, looks like many metrics are not returning any value, for example keycloak_logins and other like that.

Edit: Actually I just added the event listener and it worked well.

[laurent-treeb]

With Keycloak Quarkus version, the jar has to be put in the path: /opt/keycloak/providers/ and not in /opt/keycloak/standalone/deployments/

The doc should be update to mention that.

[raul-verdi]

With Keycloak Quarkus version, the jar has to be put in the path: /opt/keycloak/providers/ and not in /opt/keycloak/standalone/deployments/

Thanks for the update @laurent-dol. I tried it out, and I am getting the metrics now.

You were right @williancolognesitrimble, the path now does not include auth any more

I created a PR for this. It's just a change in the README, as all that was needed was just there.

[raul-verdi]

But from my tests, looks like many metrics are not returning any value, for example keycloak_logins and other like that.

I see the same on my side. All the JVM metrics are fine, while keycloak_logins, keycloak_user_event_*, and more show empty

[laurent-treeb]

@raul-verdi : have you enable the events listener in the realm where you want to have metrics ?

https://github.com/aerogear/keycloak-metrics-spi#enable-metrics-listener-event

[raul-verdi]

Allright, that was it. Thanks @laurent-dol

Unless there is something else, I'm good with closing the issue.

[fredericoschardong]

Hey, I must be doing something terribly wrong to not get it to work on 17.0.0. Here is the Dockerfile:

FROM quay.io/keycloak/keycloak:17.0.0 as builder

COPY keycloak-metrics-spi-2.5.3.jar /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN touch /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar.dodeploy

ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build

Which apparently builds just fine:

Step 7/14 : RUN /opt/keycloak/bin/kc.sh build
 ---> Running in 7298c857f843
Updating the configuration and installing your custom providers, if any. Please wait.
2022-04-08 19:43:34,553 INFO  [org.keycloak.common.Profile] (build-16) Preview feature enabled: token_exchange
2022-04-08 19:43:34,876 WARN  [org.keycloak.services] (build-16) KC-SERVICES0047: metrics (org.jboss.aerogear.keycloak.metrics.MetricsEndpointFactory) is implementing the internal SPI realm-restapi-extension. This SPI is internal and may change without notice
2022-04-08 19:43:35,226 WARN  [org.keycloak.services] (build-16) KC-SERVICES0047: metrics-listener (org.jboss.aerogear.keycloak.metrics.MetricsEventListenerFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice
2022-04-08 19:43:38,913 INFO  [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 5338ms
Server configuration updated and persisted. Run the following command to review the configuration:

    kc.sh show-config

Removing intermediate container 7298c857f843

However, it doesn't work at all:

keycloak_1           | ERROR: Unexpected error when starting the server in (development) mode
keycloak_1           | ERROR: Failed to start quarkus
keycloak_1           | ERROR: Failed to open /opt/keycloak/lib/../providers/keycloak-metrics-spi-2.5.3.jar
keycloak_1           | ERROR: /opt/keycloak/lib/../providers/keycloak-metrics-spi-2.5.3.jar
keycloak_1           | For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

Unfortunately the --verbose parameter doesn't work. Any ideas?

[raul-verdi]

@fredericoschardong I had a similar issue, it was telling me that the file was keycloak-metrics-spi-2.5.3.jar was not found, so I added the file in both stages. However, if that is your whole Dockerfile, you don't seem to be using 2 stages, only one.

I would try to enable more logging by setting the KC_LOG_LEVEL to debug, and also I would get into the container and actually checking that the file is there.

[fredericoschardong]

It was not my entire Dockerfile. The solution was to include the file on the second stage, which I was missing.

Thank you @raul-verdi !

[ignBiometrical]

Just tried this on a non-docker version, following all the instructions, and still, no success, Do I maybe need to build out a custom version? It just returns 404 when I go to /realms//metrics, of course with the actual realm in place.

[raul-verdi]

@ignBiometrical do you have any logs from keycloak to share so we can see what's going on?

[arnault01]

Hello, thanks for this thread, it explains a lot. One question remains, how do you enable event listeners with keycloak quarkus ? Or maybe there is no need to. Also I have installed the library with keycloak 18, and I watched the user login/logout metrics, but it does not seem to be refreshed.

[arnault01]

I have found how to enable the events listener, it has not changed from the GUI console.