Bottleneck when using auth/admin/realms/myrealm/users in my app

I am running a script which requests the master token before requesting the list of users for a realm. I perform this request in a tight loop 100 times and output the time it takes to perform the "auth/admin/realms/mine/users?first=0&max=1000" request.

When testing with a locally installed keycloak docker, a single request is taking 4.0 seconds. If I run 5 instances of this script at the same time, a single request takes around 10 seconds.
And if I run 10 instances, it jumps to 20 seconds before a reply is received.

  • Nodemon is not working in Docker environment
  • knife bootstrap - recipe fails to find parent directory
  • gitlab can not change gitlab url ,i edit config,yml , gitlab.yml
  • how to create a vagrant box which is not already in the list http://www.vagrantbox.es
  • Docker: Internal UDP communication
  • Tensorboard Site cannot be found
  • Therefore, I have a serious bottleneck in my webapp on the page where I list all user information and was wondering how I might go about solving this problem.

    I am running keycloak 2.5.0.Final. My java home is /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre. authorizationPersister = jpa.

    My script:

    import requests
    
    keyCloakUrl = "http://foo.bar"
    
    for i in range(100):
    
        session = requests.Session()
        r = session.post(
            keyCloakUrl +"auth/realms/master/protocol/openid-connect/token", 
            data={
                "grant_type":"password",
                "client_id":"admin-cli",
                "username":"admin",
                "password":"admin"
            }
        )
        master_token = json.loads(r.content)['access_token']
    
        r = s.get(
            keyCloakUrl + "auth/admin/realms/mine/users?first=0&max=1000",
            headers={'Authorization':'Bearer '+master_token}
        )
        print(r.elapsed.total_seconds())
    

    My dockerfile:

    FROM jboss/keycloak-mysql:2.5.0.Final
    
    ARG db2
    
    ADD deps/ /opt/jboss/keycloak/
    RUN /opt/jboss/keycloak/import_utbud_realm.sh 
    
    CMD ["-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "-Djboss.socket.binding.port-offset=2"]
    

    UPDATE

    I also tried measuring the time for the “auth/realms/master/protocol/openid-connect/token” request. This is 0.1 seconds per request with only one instance of the script running and 0.8 seconds with 10 instances running.

  • How can I use docker-compose locally after setting up a docker-machine host?
  • Creating a running Postgres service inside a docker container
  • Gitlab-CI multi runner start docker container, scripts now work
  • Is there any way to access a docker (nginx) container via a local url like http://mydomain.dev?
  • Docker nginx reverse proxy returns 502 bad gateway “connection refused while connecting to upstream”
  • Multiple dokku apps one domain
  • One Solution collect form web for “Bottleneck when using auth/admin/realms/myrealm/users in my app”

    Maybe it is a silly observation, but did you try to increase you JVM heap in your docker configs? Like:

    CMD java -XX:+PrintFlagsFinal -XX:+PrintGCDetails $JAVA_OPTIONS -jar java-container.jar
    

    There is a fantastic blog that explain the memory issue with the JVM and docker here

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.