-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warnings in log during normal startup #27308
Comments
We should default kc.transaction-xa-enabled=false in dev mode.
Resolved in infinispan 15: infinispan/infinispan@3a98601
Neither of our built-in cache configs have global-state defined, but the ClusterPermissionMapper and the ClusterRoleMapper create internal caches that expect persistence. For dev mode there doesn't seem to be a great way to ignore this, and it doesn't like we should be configuing a global-store in that case. @mhajas @mabartos @vmuzikar is there any benefit to users configuring a global-state when not in dev mode? If not, then it seems like we'd want the upstream to switch this to a debug message instead. -- moved to #27718 since the XA warning took over this issue. |
I guess that actually just kicks the can down the road a bit - the warning will come back for the prod profile. The only way to resolve it then is to either to not use xa or to use quarkus configuration to enable recovery. #15255 was resolved without addressing whether quarkus.transaction-manager.enable-recovery should be settable via a keycloak option, or even just default to true. cc @vmuzikar @keycloak/store what is your preference here? |
I vote against having different default between dev and prod mode, as it is source for lots of tears. It will bite those who write extensions, and then Keycloak would behave differently out-of-the-blue. About the matter of transactions: I remember that the container needs to have a writable folder anyway, and we're setting the If we can't settle for enabling it, we can still choose to configure the logging for that class to swallow the warning. |
Switching the tagging to @keycloak/core
I would opt against just swallowing the warning. To expand a little bit on the impluse to change the default for dev mode - unless I'm missing something users shouldn't be trying to coordinate across multiple transactional resources in dev mode correct? If we can't agree to enable recovery by default, then we can extend this reasoning about a principled default a little further - for example only default to xa when multiple datasources are configured. Then the burden would be on the user to specifically enable xa in single source scenarios where they were trying to enlist some other kind of resource. |
I'd be ok to make the default non-XA in all setups as Keycloak is usually targeting only a single database. I know that the transaction manager behaves identical as long as only one datasource joins the transaction, still this IMHO can't be determined at startup by how many datasources there are. When implementing map storage, Infinispan was "joining" the transaction, and then the transaction manager did a full XA, so it might not only be the databases you expect. In addition, we officially support custom user storage, which might come with its own JDBC connection. LDAP doesn't support it, and Infinispan in the current store doesn't support it for performance and throughput reason. When doing XA, it should have transaction recovery, but I never understood that fully. To set this up with containers would be a real challenge (nightmare?) to figure out where to store that information. The https://quarkus.io/guides/transaction describes on how to store this information in a database using JDBC, but also that it is not simple in a cloud environment:
So I think I would be ok with:
|
Yes that is what I meant by other resources.
The statefulset pod names can provide the former, but the latter seems like it would require creating a service (probably with a static ip) for each replica. There is also a mention of a workaround with setting quarkus.datasource.TX_LOG.jdbc.transactions=disabled It seems a little easier to just use StatefulSet stable storage.
Would the additional support be treated as a separate enhancement, or would you want that in place prior to flipping the default? It seems like you could end up needing to add quite a few properties. |
Some thoughts about keeping the exposed options at a minimum: In the past the goal was to write documentation which didn't reference Quarkus configuration options directly. To keep that bar, and given the warning message above, I assume We could choose to support only file based XA for now (as before), and ignore JDBC until requested. If that is the case, there wouldn't be the need for those properties to be exposed. We would still document where the transaction logs are kept in the file system (which is TL;DR: So it could be no additional options exposed if we set WDYT? |
Which we would be able to detect as long as it is configured via quarkus properties - that should be the most common scenario. However you probably have a concern that users should knowingly set XA support rather than it being inferred. So ignoring the case of making the kc.transaction-xa-enabled default more principled, we have roughly an options matrix like this:
To make sure, are you advocating initially for the top left box - kc.transaction-xa-enabled=true and quarkus.transaction-manager.enable-recovery=true, or are you still open for defaulting kc.transaction-xa-enabled=false as well? |
@shawkins - my main concern in my first response was to have dev and prod mode aligned. After this discussion, I'd be ok (and possibly prefer if there are no arguments against it) the defaults in any mode and independent of any other configuration as follows: A little bit of documentation about the folder |
xa is not enabled by default recovery is enabled by default closes keycloak#27308 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
xa is not enabled by default recovery is enabled by default closes #27308 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Before reporting an issue
Area
dist/quarkus
Describe the bug
When starting Keycloak there are warnings in the log:
The last entry is fine, but the others should not be present when I'm starting Keycloak with default configuration.
Version
23.0.6
Regression
Expected behavior
No unexpected warnings in logs with default configuration
Actual behavior
Outputs several warnings that users won't know what to do with
How to Reproduce?
bin/kc.sh start-dev --log-level warn
Anything else?
No response
The text was updated successfully, but these errors were encountered: