Olav Grønås Gjerde

profile image
Full stack system architect with passion for Unix, Java, Python and databases.
Twitter @olavgg
4 days ago

Keycloak 26 and stupid change if you run proxy=edge

Keycloak has with version 26 refactored a the configuration for proxy setup and I run Keycloak behind Nginx. The documentation for upgrading to version 26 mention this without highlighting it, and links to another document that explains how to change this. This change is so stupid, because it is 100% unnecessary. And all the awesome tutorials written by people over time and published on the web, are no longer working.

Basically proxy = edge is no longer working, you need to replace this with 2 options:

proxy-headers = xforwarded
http-enabled = true

For Keycloak 25, they introduced "http-management-port". The default keycloak.conf, does not include that property and the default port value is the same as Clickhouse use for http. Again, you need to spend 1 hour, understanding the error log, reading through the documentation to find the cause and fix. I may be nit picking here, but that configuration option should be included in the keycloak.conf

I love Keycloak, and I am grateful for the work by the developers. But I hate maintaining it because of stupid changes. They have several major releases every year, and there is no LTS. So users have to upgrade it all the time to get all the bug and security fixes. For every version forward, where the upgrade process is not crystal clear, I will write down why it is stupid and what you need to do to fix it.

3 months ago

How to check current RoCE version that is running on RHEL or Almalinux

Login as root:

cd /sys/kernel/config/rdma_cm

Create the mlx4_0 (ConnectX3 Pro) or mlx5_0 folder (ConnectX4++)

mkdir mlx5_0
tree
.
└── mlx5_0
    └── ports
        ├── 1
        │   ├── default_roce_mode
        │   └── default_roce_tos
        └── 2
            ├── default_roce_mode
            └── default_roce_tos
cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_mode
RoCE v2

Voila!

View older blog posts ⇾