keycloak-scim/testsuite/performance/README.provisioning-parameters.md

11 KiB

Keycloak Performance Testsuite - Provisioning Parameters

Overview of Provisioned Services

Testing

Deployment Keycloak Server Database Load Balancer Infinispan Server
Singlenode 1 instance 1 instance - -
Cluster N instances 1 instance 1 instance -
Cross-DC K instances in DC1 + L instances in DC2 1 instance per DC 1 instance per DC 1 instance per DC

Monitoring

Deployment CAdvisor Influx DB Grafana
Monitoring 1 instance 1 instance 1 instance

Service Parameters

Keycloak Server

Category Setting Property Default Value
Keycloak Server version server.version ${project.version} from the project pom.xml file.
Admin user keycloak.admin.user admin
Admin user's password keycloak.admin.password admin
Scaling[1] Scale for cluster keycloak.scale Maximum size[2] of cluster.
Scale for DC1 keycloak.dc1.scale Maximum size of DC1.
Scale for DC2 keycloak.dc2.scale Maximum size of DC2.
Docker Allocated CPUs keycloak.docker.cpusets 2-3 for singlenode, 2 3 for cluster deployment
Allocated CPUs for DC1 keycloak.dc1.docker.cpusets 2
Allocated CPUs for DC2 keycloak.dc2.docker.cpusets 3
Available memory keycloak.docker.memlimit 2500m
JVM Memory settings keycloak.jvm.memory -Xms64m -Xmx2g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
Undertow HTTP Listener max connections keycloak.http.max-connections 50000
AJP Listener max connections keycloak.ajp.max-connections 50000
IO Worker IO thread pool keycloak.worker.io-threads 2
Worker Task thread pool keycloak.worker.task-max-threads 16
Datasources Connection pool min size keycloak.ds.min-pool-size 10
Connection pool max size keycloak.ds.max-pool-size 100
Connection pool prefill keycloak.ds.pool-prefill true
Prepared statement cache size keycloak.ds.ps-cache-size 100

[ 1 ] The scaling parameters are optional. They can be set within interval from 1 to the maximum cluster size]. If not set they are automatically set to the maximum size of the cluster (DC1/DC2 respectively).

[ 2 ] Maximum cluster size is determined by provisioner-specific parameter such as keycloak.docker.cpusets for the default docker-compose provisioner. The maximum cluster size corresponds to the number of cpusets.

Database

Category Setting Property Default Value
Docker Allocated CPUs db.docker.cpusets 1
Allocated CPUs for DC1 db.dc1.docker.cpusets 1
Allocated CPUs for DC2 db.dc2.docker.cpusets 1
Available memory db.docker.memlimit 2g

Load Balancer

Category Setting Property Default Value
Docker Allocated CPUs lb.docker.cpusets 1
Allocated CPUs for DC1 lb.dc1.docker.cpusets 1
Allocated CPUs for DC2 lb.dc2.docker.cpusets 1
Available memory lb.docker.memlimit 1500m
JVM Memory settings lb.jvm.memory -Xms64m -Xmx1024m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
Undertow HTTP Listener max connections lb.http.max-connections 50000
IO Worker IO thread pool lb.worker.io-threads 2
Worker Task thread pool lb.worker.task-max-threads 16

Infinispan Server

Category Setting Property Default Value
Docker Allocated CPUs for DC1 infinispan.dc1.docker.cpusets 1
Allocated CPUs for DC2 infinispan.dc2.docker.cpusets 1
Available memory infinispan.docker.memlimit 1500m
JVM Memory settings infinispan.jvm.memory -Xms64m -Xmx1g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC

Monitoring

Category Setting Property Default Value
Docker Allocated CPUs monitoring.docker.cpusets 0
JMX Management user management.user Not set.
Management user's password management.user.password Not set.

By setting the managemen.user and management.user.password parameters it is possible to add a management user to all WildFly-backed services (Keycloak Server, Infinispan Server and the Load Balancer). Unless both parameters are explicitly provided during the provisioning phase the user will not be added and it won't be possible to log into the management console or access JMX.

Note on Docker settings

By default, there are 4 CPU cores allocated: core 0 for monitoring, core 1 for database (MariaDB), and cores 2 and 3 for Keycloak server. Default memory limits for database and Keycloak server are 2g. The cpuset and memlimit parameters set here are set to cpuset and mem_limit parameters of docker-compose configuration. See docker-compose documentation for meaning of the values. How to set the parameters correctly depends on number of factors - number of cpu cores, NUMA, available memory etc., hence it is out of scope of this document.

Example CPU Settings

HW Development Machine "Fat Box"
Cores 4 48
NUMA Nodes 0-3 0-23, 24-47

Cluster

Setting Development Machine "Fat Box"
monitoring.docker.cpusets 0 0
db.docker.cpusets 1 1
lb.docker.cpusets 1 2
keycloak.docker.cpusets 2-3 3-6 7-10 11-16 … 43-46

Cross-DC

Setting Development Machine "Fat Box"
monitoring.docker.cpusets 0 0
db.dc1.docker.cpusets 1 1
lb.dc1.docker.cpusets 1 2
infinispan.dc1.docker.cpusets 1 3
keycloak.dc1.docker.cpusets 2 4-7 8-11 12-15 16-19 20-23
db.dc2.docker.cpusets 1 24
lb.dc2.docker.cpusets 1 25
infinispan.dc2.docker.cpusets 1 26
keycloak.dc2.docker.cpusets 3 27-30 31-34 35-38 39-42 43-46