diff --git a/playbooks/tasks/upgrade-servers.yml b/playbooks/tasks/upgrade-servers.yml
index f51c53bcf8ce9eea9c2d32fc50170fd8748f60cf..dd4d8f320c3b87c00941f82d3572ce99d08f4d15 100644
--- a/playbooks/tasks/upgrade-servers.yml
+++ b/playbooks/tasks/upgrade-servers.yml
@@ -1,5 +1,22 @@
+- name: Upgrade, reboot and health-check accounts.archlinux.org
+  hosts: accounts.archlinux.org
+  max_fail_percentage: 0
+  gather_facts: false
+
+  tasks:
+    - name: Upgrade and reboot
+      include_tasks: include/upgrade-server.yml
+
+    - name: Wait for Keycloak to become available
+      uri: url=https://{{ inventory_hostname }}/metrics
+      register: result
+      until: result.status == 200
+      # retry for 5 minutes after boot
+      retries: 30
+      delay: 10
+
 - name: Upgrade and reboot all hetzner servers
-  hosts: all,!kape_servers,!equinix_metal
+  hosts: all,!accounts.archlinux.org,!kape_servers,!equinix_metal
   max_fail_percentage: 0
   serial: 20%
   gather_facts: false
diff --git a/roles/keycloak/files/increase-start-timeout.conf b/roles/keycloak/files/increase-start-timeout.conf
new file mode 100644
index 0000000000000000000000000000000000000000..9550979edd2c56e83d6dc045202c9a7cc3f5c317
--- /dev/null
+++ b/roles/keycloak/files/increase-start-timeout.conf
@@ -0,0 +1,2 @@
+[Service]
+TimeoutStartSec=3min
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 0265cfc2c5ab55b0092716a41b1488a0380af921..d3a221df6e515bd90bf7c2e217da1fdef41a360c 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -23,6 +23,12 @@
 - name: Create drop-in directory for keycloak.service
   file: path=/etc/systemd/system/keycloak.service.d state=directory owner=root group=root mode=0755
 
+- name: Increase start-up timeout on single-core systems
+  copy: src=increase-start-timeout.conf dest=/etc/systemd/system/keycloak.service.d/ owner=root group=root mode=0644
+  when: ansible_processor_vcpus == 1
+  notify:
+    - Daemon reload
+
 - name: Get service facts
   service_facts: