Fix OOM when running Keycloak in DevMode #41833
Conversation
fedinskiy
force-pushed
the
fix/keycloak-oom
branch
from
0b22c10
to
203b42a
Compare
|
@sberyozkin you were interested in checking this one, IIRC |
|
Thanks @fedinskiy, sure, I'd like to check on my laptop the difference, will get back to you asap |
fedinskiy
force-pushed
the
fix/keycloak-oom
branch
from
203b42a
to
fa692d2
Compare
| @@ -110,7 +110,7 @@ public class DevServicesConfig { | |||
| /** | |||
| * The `JAVA_OPTS` passed to the keycloak JVM | |||
| */ | |||
| @ConfigItem | |||
| @ConfigItem(defaultValue = "-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90") | |||
There was a problem hiding this comment.
I would expect the default values of the container to allow Keycloak to run?
If we have a problem there, we should probably report it to the Keycloak team?
There was a problem hiding this comment.
These values allow keycloak to run, but it may consume to much memory.
I presume, that they use defaults, which are good for their intended use case (long running containers with many connections), but are not optimal for devmode use case (containers are being spin up often, but for short time and with a single local client)
There was a problem hiding this comment.
@gsmet FYI, please see #41426, feedback from the Keycloak team is that the new GC policy is now used in Keycloak 25, with the advice being to set the limits at the (Quarkus) KC devservice level but that is hard to do right without impacting some systems. These suggested default properties are the ones which were used in KC 24 and they worked for all type of systems
There was a problem hiding this comment.
I wonder, instead of trying to deal with all of these advanced memory management properties by default, should we document that you may have to set these or those properties in memory constrained environments ?
There was a problem hiding this comment.
@sberyozkin what are the downsides of implementing this change?
As I see it, it makes life easier for some of our users and doesn't make things worse for anybody. Putting this into documentation means, that some of the users have to do it themselves and spend more time and effort. Am I missing something?
There was a problem hiding this comment.
@fedinskiy Sorry for the delay, I'm a little bit concerned that we'll put the properties and miss out on whatever happens in Keycloak around the GC management going forward, which may for example benefit unconstrained systems. My understanding that the problem happens only on the QE system so far.
But, it would make sense IMHO to see if trying to control the limits explicitly can work and what difference it can make. Can you please ping @mabartos for the extra guidance and try to find the HEAP limits for this system as suggested at https://www.keycloak.org/server/containers#_specifying_different_memory_settings ?
Have a look please in the next week or so
There was a problem hiding this comment.
I've created a new PR for this with all the explanations: #43601
fedinskiy
force-pushed
the
fix/keycloak-oom
branch
from
fa692d2
to
23a396b
Compare
|
Hey @fedinskiy, thanks for the effort here, let me close this PR for now as #43601 replaces it, we can revisit if necessary, thanks again |
Fixes #41813