Keycloak 10.0.1 is based on Wildfly 19 which comes with support for OpenTracing. However the OpenTracing support in Keycloak is not active by default. This small example demonstrates how to enable OpenTracing in the latest Keycloak version based on the article Micro_Profile_OpenTracing_Comes_To_WildFly
This example tries to explore a solution for KEYCLOAK-8288.
docker run -d --name jaeger \
-p 6831:6831/udp \
-p 5778:5778 \
-p 14268:14268 \
-p 16686:16686 \
jaegertracing/all-in-one:1.17.1
In order to enable opentracing in Keycloak, we need to add the opentracing extension:
<extension module="org.wildfly.extension.microprofile.opentracing-smallrye"/>Then we need to create a default opentracing subsystem configuration
<subsystem xmlns="urn:wildfly:microprofile-opentracing-smallrye:2.0" default-tracer="jaeger-demo">
<jaeger-tracer name="jaeger-demo">
<sampler-configuration sampler-type="const" sampler-param="1.0"/>
<sender-configuration sender-endpoint="http://localhost:14268/api/traces"/>
<reporter-configuration reporter-log-spans="true"/>
</jaeger-tracer>
</subsystem>
The following jboss-cli script creates the necessary bits.
Copy standalone.xml to standalone-tracing.xml
Run via bin/jboss-cli.sh:
/extension=org.wildfly.extension.microprofile.opentracing-smallrye:add
## For UDP
#/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=jaeger:add(host=localhost, port=6831)
#/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=jaeger-demo:add(sampler-type=const, sampler-param=1, #reporter-log-spans=true, sender-binding=jaeger)
# For TCP
/subsystem=microprofile-opentracing-smallrye:add()
/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=jaeger-demo:add(sampler-type=const, sampler-param=1, reporter-log-spans=true)
/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=jaeger-demo:write-attribute(name="sender-endpoint", value="http://localhost:14268/api/traces")
# Setting the default tracer
/subsystem=microprofile-opentracing-smallrye:write-attribute(name=default-tracer, value=jaeger-demo)
stop-embedded-server
exit
Note that additional configuration examples can be found here: configuration_guide/eclipse_microprofile A description about the jaeger-tracing configuration options can be found in the subsystem-configuration/MicroProfile_OpenTracing_SmallRye documentation.
In order to get Wildfly Jaeger OpenTracing support working we need to activate CDI, which is currently not used by Keycloak.
Uncomment the excluded weld subsystem in
jboss-deployment-structure.xml:$KEYCLOAK_HOME/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.keycloak.keycloak-server-subsystem.dependencies"/>
</dependencies>
<exclude-subsystems>
<subsystem name="webservices"/>
<!--<subsystem name="weld"/>-->
</exclude-subsystems>
</deployment>
</jboss-deployment-structure>Create an empty
beans.xml
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
bean-discovery-mode="all">
</beans>bin/standalone.sh -c standalone-tracing.xml
If everything is setup correctly you should see log messages like:
...
23:02:29,652 INFO [io.jaegertracing.internal.reporters.LoggingReporter] (default task-1) Span reported: 96dad3890edde7a8:96dad3890edde7a8:0:1 - GET:org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet
23:02:33,225 INFO [io.jaegertracing.internal.reporters.LoggingReporter] (default task-1) Span reported: 5a6a8ffb45ae1d2:5a6a8ffb45ae1d2:0:1 - POST:org.keycloak.services.resources.LoginActionsService.authenticateForm
23:02:33,308 INFO [io.jaegertracing.internal.reporters.LoggingReporter] (default task-1) Span reported: 3cda2b77c6bc7577:3cda2b77c6bc7577:0:1 - GET:org.keycloak.services.resources.account.AccountFormService.loginRedirect
23:02:33,361 INFO [io.jaegertracing.internal.reporters.LoggingReporter] (default task-1) Span reported: b229006688e2d438:b229006688e2d438:0:1 - GET:org.keycloak.services.resources.account.AccountFormService.accountPage
23:02:45,140 INFO [io.jaegertracing.internal.reporters.LoggingReporter] (default task-1) Span reported: 48fad346264b8360:48fad346264b8360:0:1 - GET:org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.logout
...
git clone [email protected]:ehsavoie/opentracing-demo.git
mvn clean package -DskipTests
cp target/opentracing-demo.war $KEYCLOAK_HOME/standalone/deployments
Refresh the following URLs a few times in your browser http://localhost:8080/opentracing-demo/rest/xml http://localhost:8080/opentracing-demo/rest/json
