Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-3738

Server does not shutdown gracefully when started with --optimized [GHI#43561]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      core

      Describe the bug

      We were experiencing issues with client timeouts when shutting down single replicas in a Keycloak Docker container cluster.

      When drilling down the issue we found out that keycloak does not seem to shutdown on SIGINT or SIGTERM when running start with --optimized. When running the same image without the optimized flag the server performs a graceful shutdown and does not abruptly leave the cluster.

      Version

      26.4.1

      Regression

      [ ] The issue is a regression

      Expected behavior

      The keycloak service should perform a graceful shutdown when running with start --optimized.

      Actual behavior

      The service does not gracefully shutdown leading to client timeouts and warnings about potential dataloss in the remaining members of the keycloak cluster.

      How to Reproduce?

      docker-compose.yml

      version: '3.8'

services:
  keycloak:

      build: .
      container_name: keycloak-local
      ports:

      • '8080:8080'
      • '9000:9000'
        depends_on:
      • postgres
        stop_signal: SIGTERM
        stop_grace_period: 30s
        command: start --optimized
        environment:
        KC_DB: postgres
        KC_DB_USERNAME: postgres
        KC_DB_PASSWORD: postgres
        KC_DB_URL: jdbc:postgresql://postgres-local:5432/keycloak
        KEYCLOAK_ADMIN: admin
        KEYCLOAK_ADMIN_PASSWORD: admin
        KC_HTTP_PORT: 8080
        KC_HTTP_ENABLED: 'true'
        KC_HOSTNAME_STRICT: 'false' 
          postgres:

        image: postgres:15
        container_name: postgres-local
        environment:
        POSTGRES_USER: postgres
        POSTGRES_PASSWORD: postgres
        POSTGRES_DB: keycloak
        ports:

      • '5435:5432'
        volumes:
      • postgres_data:/var/lib/postgresql/data 
        volumes:
  postgres_data:

      Dockerfile

      WORKDIR /opt/keycloak

# Configure a database vendor
ENV KC_DB=postgres

RUN /opt/keycloak/bin/kc.sh build 

FROM quay.io/keycloak/keycloak:latest

COPY --from=builder /opt/keycloak/ /opt/keycloak/

# Configure a database vendor
ENV KC_DB=postgres

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

      1. Run docker compose up -d
      2. Wait for keycloak to start
      3. Run docker compose down
      4. Check container logs for graceful shutdown

      As a reference when omitting the --optimized in the command section of the docker compose and performing the same reproduction steps, the service will gracefully shutdown with the following logs:

      2025-10-17 09:19:24,751 INFO  [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
2025-10-17 09:19:24,762 INFO  [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Stopping JGroups certificate reload manager
2025-10-17 09:19:24,767 INFO  [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2025-10-17 09:19:24,782 INFO  [io.quarkus] (main) Keycloak stopped in 0.074s

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Cloud Native
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: