Skip to content

Server does not shutdown gracefully when started with --optimized #43561

New issue
New issue
Closed
bug
#43580
Closed
Server does not shutdown gracefully when started with --optimized#43561
bug
#43580
Assignees
shawkins
Labels
area/corekind/bugCategorizes a PR related to a bugpriority/blockerHighest Priority. Has a deadline and it blocks other tasksrelease/26.4.2release/26.5.0team/cloud-native
Milestone
26.5.0
@Bennet303

Description

@Bennet303
Bennet303
opened on Oct 17, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

We were experiencing issues with client timeouts when shutting down single replicas in a Keycloak Docker container cluster.

When drilling down the issue we found out that keycloak does not seem to shutdown on SIGINT or SIGTERM when running start with --optimized. When running the same image without the optimized flag the server performs a graceful shutdown and does not abruptly leave the cluster.

Version

26.4.1

Regression

  • The issue is a regression

Expected behavior

The keycloak service should perform a graceful shutdown when running with start --optimized.

Actual behavior

The service does not gracefully shutdown leading to client timeouts and warnings about potential dataloss in the remaining members of the keycloak cluster.

How to Reproduce?

docker-compose.yml

version: '3.8'

services:
  keycloak:
    build: .
    container_name: keycloak-local
    ports:
      - '8080:8080'
      - '9000:9000'
    depends_on:
      - postgres
    stop_signal: SIGTERM
    stop_grace_period: 30s
    command: start --optimized
    environment:
      KC_DB: postgres
      KC_DB_USERNAME: postgres
      KC_DB_PASSWORD: postgres
      KC_DB_URL: jdbc:postgresql://postgres-local:5432/keycloak
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_HTTP_PORT: 8080
      KC_HTTP_ENABLED: 'true'
      KC_HOSTNAME_STRICT: 'false'

  postgres:
    image: postgres:15
    container_name: postgres-local
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: keycloak
    ports:
      - '5435:5432'
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  postgres_data:

Dockerfile

WORKDIR /opt/keycloak

# Configure a database vendor
ENV KC_DB=postgres

RUN /opt/keycloak/bin/kc.sh build 

FROM quay.io/keycloak/keycloak:latest

COPY --from=builder /opt/keycloak/ /opt/keycloak/

# Configure a database vendor
ENV KC_DB=postgres

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
  1. Run docker compose up -d
  2. Wait for keycloak to start
  3. Run docker compose down
  4. Check container logs for graceful shutdown

As a reference when omitting the --optimized in the command section of the docker compose and performing the same reproduction steps, the service will gracefully shutdown with the following logs:

2025-10-17 09:19:24,751 INFO  [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
2025-10-17 09:19:24,762 INFO  [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Stopping JGroups certificate reload manager
2025-10-17 09:19:24,767 INFO  [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2025-10-17 09:19:24,782 INFO  [io.quarkus] (main) Keycloak stopped in 0.074s

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/corekind/bugCategorizes a PR related to a bugpriority/blockerHighest Priority. Has a deadline and it blocks other tasksrelease/26.4.2release/26.5.0team/cloud-native

Type

bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions