Implement load shedding

Closes #23340

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
This commit is contained in:
Václav Muzikář 2023-11-10 15:29:16 +01:00 committed by Alexander Schwartz
parent 4c8724e7b1
commit 15a83985b1
21 changed files with 292 additions and 4 deletions

View file

@ -66,3 +66,7 @@ The Map Store has been an experimental feature in previous releases.
Starting with this release, it is removed and users should continue to use the current JPA store. Starting with this release, it is removed and users should continue to use the current JPA store.
See the migration guide for details. See the migration guide for details.
= Load Shedding support
Keycloak now features `http-max-queued-requests` option to allow proper rejecting of incoming requests under high load.
For details refer to the https://www.keycloak.org/server/configuration-production[production guide].

View file

@ -26,6 +26,17 @@ Apart from <@links.server id="hostname"/>, production environments usually inclu
For details on configuring proxy communication modes in {project_name}, see <@links.server id="reverseproxy"/>. That {section} also recommends which paths should be hidden from public access and which paths should be exposed so that {project_name} can secure your applications. For details on configuring proxy communication modes in {project_name}, see <@links.server id="reverseproxy"/>. That {section} also recommends which paths should be hidden from public access and which paths should be exposed so that {project_name} can secure your applications.
== Limit the number of queued requests
A production environment should protect itself from an overload situation, so that it responds to as many valid requests as possible, and to continue regular operations once the situation returns to normal again.
One way of doing this is rejecting additional requests once a certain threshold is reached.
Load shedding should be implemented on all levels, including the load balancers in your environment.
In addition to that, there is a feature in Keycloak to limit the number of requests that can't be processed right away and need to be queued.
By default, there is no limit set.
Set the option `http-max-queued-requests` to limit the number of queued requests to a given threshold matching your environment.
Any request that exceeds this limit would return with an immediate `503 Server not Available` response.
== Production grade database == Production grade database
The database used by {project_name} is crucial for the overall performance, availability, reliability and integrity of {project_name}. For details on how to configure a supported database, see <@links.server id="db"/>. The database used by {project_name} is crucial for the overall performance, availability, reliability and integrity of {project_name}. For details on how to configure a supported database, see <@links.server id="db"/>.

View file

@ -110,4 +110,11 @@ public class HttpOptions {
.description("Enables or disables the HTTP/s and Socket serving.") .description("Enables or disables the HTTP/s and Socket serving.")
.defaultValue(Boolean.TRUE) .defaultValue(Boolean.TRUE)
.build(); .build();
public static final Option<Integer> HTTP_MAX_QUEUED_REQUESTS = new OptionBuilder<>("http-max-queued-requests", Integer.class)
.category(OptionCategory.HTTP)
.description("Maximum number of queued HTTP requests. " +
"Use this to shed load in an overload situation. Excess requests will return a \"503 Server not Available\" response.")
.build();
} }

View file

@ -101,6 +101,10 @@ final class HttpPropertyMappers {
.mapFrom(SecurityOptions.FIPS_MODE.getKey()) .mapFrom(SecurityOptions.FIPS_MODE.getKey())
.transformer(HttpPropertyMappers::resolveKeyStoreType) .transformer(HttpPropertyMappers::resolveKeyStoreType)
.paramLabel("type") .paramLabel("type")
.build(),
fromOption(HttpOptions.HTTP_MAX_QUEUED_REQUESTS)
.to("quarkus.thread-pool.queue-size")
.paramLabel("requests")
.build() .build()
}; };
} }

View file

@ -0,0 +1,54 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.it.resource.realm;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.services.resource.RealmResourceProvider;
/**
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class TestRealmResource implements RealmResourceProvider {
protected static final Logger logger = Logger.getLogger(TestRealmResource.class);
@Override
public Object getResource() {
return this;
}
@Path("slow")
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response slowResource() throws Exception {
final int sleep = 5000;
logger.info("Sleeping for " + sleep + " millis");
Thread.sleep(sleep);
logger.info("Waking up...");
return Response.noContent().build();
}
@Override
public void close() {
}
}

View file

@ -0,0 +1,56 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.it.resource.realm;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resource.RealmResourceProviderFactory;
/**
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class TestRealmResourceFactory implements RealmResourceProviderFactory {
public static final String ID = "test-resources";
@Override
public RealmResourceProvider create(KeycloakSession session) {
return new TestRealmResource();
}
@Override
public void init(Config.Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return ID;
}
}

View file

@ -0,0 +1,39 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.it.resource.realm;
import org.keycloak.it.TestProvider;
import java.util.Collections;
import java.util.Map;
/**
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class TestRealmResourceTestProvider implements TestProvider {
@Override
public Class[] getClasses() {
return new Class[] {TestRealmResource.class, TestRealmResourceFactory.class};
}
@Override
public Map<String, String> getManifestResources() {
return Collections.singletonMap("org.keycloak.services.resource.RealmResourceProviderFactory", "services/org.keycloak.services.resource.RealmResourceProviderFactory");
}
}

View file

@ -0,0 +1,18 @@
#
# Copyright 2023 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
org.keycloak.it.resource.realm.TestRealmResourceFactory

View file

@ -0,0 +1,59 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.it.cli.dist;
import org.junit.jupiter.api.Test;
import org.keycloak.it.junit5.extension.DistributionTest;
import org.keycloak.it.junit5.extension.RawDistOnly;
import org.keycloak.it.junit5.extension.TestProvider;
import org.keycloak.it.resource.realm.TestRealmResourceTestProvider;
import org.keycloak.it.utils.KeycloakDistribution;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import static io.restassured.RestAssured.when;
import static org.hamcrest.CoreMatchers.hasItem;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.MatcherAssert.assertThat;
/**
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
@DistributionTest(keepAlive = true)
@RawDistOnly(reason = "Containers are immutable")
public class HttpDistTest {
@Test
@TestProvider(TestRealmResourceTestProvider.class)
public void maxQueuedRequestsTest(KeycloakDistribution dist) {
dist.setQuarkusProperty("quarkus.thread-pool.max-threads", "1");
dist.run("start-dev", "--http-max-queued-requests=1");
// run requests async
List<CompletableFuture<Integer>> statusCodesFuture = new ArrayList<>();
for (int i = 0; i < 5; i++) {
statusCodesFuture.add(CompletableFuture.supplyAsync(() ->
when().get("/realms/master/test-resources/slow").getStatusCode()));
}
List<Integer> statusCodes = statusCodesFuture.stream().map(CompletableFuture::join).toList();
assertThat("Some of the requests should be properly rejected", statusCodes, hasItem(503));
assertThat("None of the requests should throw an unhandled exception", statusCodes, not(hasItem(500)));
}
}

View file

@ -121,6 +121,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a
@ -254,4 +257,4 @@ Security:
Do NOT start the server using this command when deploying to production. Do NOT start the server using this command when deploying to production.
Use 'kc.sh start-dev --help-all' to list all available options, including build Use 'kc.sh start-dev --help-all' to list all available options, including build
options. options.

View file

@ -116,6 +116,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a

View file

@ -121,6 +121,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a
@ -254,4 +257,4 @@ Security:
Do NOT start the server using this command when deploying to production. Do NOT start the server using this command when deploying to production.
Use 'kc.sh start-dev --help-all' to list all available options, including build Use 'kc.sh start-dev --help-all' to list all available options, including build
options. options.

View file

@ -116,6 +116,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a

View file

@ -122,6 +122,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a
@ -259,4 +262,4 @@ By default, this command tries to update the server configuration by running a
$ kc.sh start '--optimized' $ kc.sh start '--optimized'
By doing that, the server should start faster based on any previous By doing that, the server should start faster based on any previous
configuration you have set when manually running the 'build' command. configuration you have set when manually running the 'build' command.

View file

@ -117,6 +117,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a

View file

@ -122,6 +122,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a
@ -259,4 +262,4 @@ By default, this command tries to update the server configuration by running a
$ kc.sh start '--optimized' $ kc.sh start '--optimized'
By doing that, the server should start faster based on any previous By doing that, the server should start faster based on any previous
configuration you have set when manually running the 'build' command. configuration you have set when manually running the 'build' command.

View file

@ -117,6 +117,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--http-relative-path <path> --http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a Set the path relative to '/' for serving resources. The path must start with a

View file

@ -81,6 +81,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--https-certificate-file <file> --https-certificate-file <file>
The file path to a server certificate or certificate chain in PEM format. The file path to a server certificate or certificate chain in PEM format.

View file

@ -74,6 +74,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--https-certificate-file <file> --https-certificate-file <file>
The file path to a server certificate or certificate chain in PEM format. The file path to a server certificate or certificate chain in PEM format.

View file

@ -81,6 +81,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--https-certificate-file <file> --https-certificate-file <file>
The file path to a server certificate or certificate chain in PEM format. The file path to a server certificate or certificate chain in PEM format.

View file

@ -74,6 +74,9 @@ HTTP/TLS:
--http-enabled <true|false> --http-enabled <true|false>
Enables the HTTP listener. Default: false. Enables the HTTP listener. Default: false.
--http-host <host> The used HTTP Host. Default: 0.0.0.0. --http-host <host> The used HTTP Host. Default: 0.0.0.0.
--http-max-queued-requests <requests>
Maximum number of queued HTTP requests. Use this to shed load in an overload
situation. Excess requests will return a "503 Server not Available" response.
--http-port <port> The used HTTP port. Default: 8080. --http-port <port> The used HTTP port. Default: 8080.
--https-certificate-file <file> --https-certificate-file <file>
The file path to a server certificate or certificate chain in PEM format. The file path to a server certificate or certificate chain in PEM format.