[keycloak-user] Database upgrade

Stian Thorgersen sthorger at redhat.com
Fri Aug 19 08:24:52 EDT 2016 

Funny coincidence I'm actually working on making it easier to allow manual
update of the database. My current approach is that databaseSchema will be
deprecated in favor of two new options:

* migrationStrategy - valid values are vaildate, update and manual.
Validate will just check it's up-to-date and stop the server if not. Update
will automatically update. Manual will create an SQL file that can be used
to manually initilze/migrate the db, then stop the server.
* initializeEmpty - if true and the db is empty it will initialize the db
no matter what the migration strategy is

On 18 August 2016 at 22:48, Nalyvayko, Peter <pnalyvayko at agi.com> wrote:

> Nice, thanks Tom, appreciate it, I'll give it a try.
> Sincerely,
> Peter
> ________________________________________
> From: Thomas Darimont [thomas.darimont at googlemail.com]
> Sent: Thursday, August 18, 2016 4:30 PM
> To: Nalyvayko, Peter
> Cc: keycloak-user
> Subject: Re: [keycloak-user] Database upgrade
>
> Hello Peter,
>
> if you're already on 2.0.0 then you could do the following. ..
> Download the latest keycloak-2.1.0.Final relase and extract it.
>
> Then just run the liquibase scripts within the keycloak-model-jpa-2.1.0.Final.jar
> from the classpath as shown below.
> This works because since version 1.9.1.Final until now (2.2.0..) the
> liquibase scripts
> only contain declarative changes (that have no deps on Keycloak classes),
> however
> earlier versions run custom migration code that requires a bunch of
> Keycloak application classes on the classpath.
>
> So this approach (currently) works but will require additional classpath /
> infrastructure changes
> once keycloak needs to perform some programmatic migration operations in
> future releases.
>
> In my test I used a database with very little data so I'd recommend that
> you try this
> on a database backup first :-)
>
> The following example is based on a database created by Keycloak version
> 1.9.1.Final that
> I want to upgrade to 2.1.0.Final.
>
> My current directory:
> tom at euler ~/dev/playgroud/keycloak/keycloak-2.1.0.Final
>
> # Configure PG JDBC Driver jar
> POSTGRES_JDBC_LIB=~/.m2/repository/org/postgresql/
> postgresql/9.4.1209.jre7/postgresql-9.4.1209.jre7.jar
> # Keycloak Deps
> KEYCLOAK_DEPS_LIB=modules/system/layers/base/org/jboss/
> logging/main/jboss-logging-3.3.0.Final.jar
> # Keycloak JPA Model jar contains the liquibase migration scripts
> KEYCLOAK_JPA_MODEL_LIB=modules/system/layers/keycloak/org/keycloak/
> keycloak-model-jpa/main/keycloak-model-jpa-2.1.0.Final.jar
>
> # Manually execute the database update
> java -jar modules/system/layers/keycloak/org/liquibase/main/liquibase-core-3.4.1.jar
> \
>      --driver=org.postgresql.Driver \
>      --classpath="$POSTGRES_JDBC_LIB:$KEYCLOAK_DEPS_LIB:$KEYCLOAK_JPA_MODEL_LIB"
> \
>      --changeLogFile=META-INF/jpa-changelog-master.xml \
>      --url="jdbc:postgresql://localhost:5432/keycloak_migration_test" \
>      --username=keycloak \
>      --password=keycloak \
>      --logLevel=debug \
>      update
>
> The migration logs were actually quite big so I pasted them here for
> reference:
> https://gist.github.com/thomasdarimont/4d24215681b395361abd6736fa8ce36c
>
> And yes, I could successfully start Keycloak 2.1.0 on the migrated
> database.
>
> With that said, I agree with you that it would be a good idea to provide a
> script that only performs the database
> migration to ease testing of new releases.
>
>
> Cheers,
> Thomas
>
> 2016-08-18 20:54 GMT+02:00 Nalyvayko, Peter <pnalyvayko at agi.com<mailto:pna
> lyvayko at agi.com>>:
> Tom, thanks for the link. My use case: the dev team uses keycloak final
> 2.0.0 release distribution in their development environment.
> To start keycloak they run 'standalone.bat' as a part of their dev test
> bootstrap (not 'mvn -f ...-Pkeycloak-server) . Sometimes there is a need to
> run the keycloak database init/upgrade without actually starting the
> keycloak server,  so it would be great to be able to achieve that by
> specifying, for example, an extra parameter to'standalone.bat', i.e:
>
> $ standalone.bat --init-database-only
>
> The above command would execute the database initialization/upgrade and
> immediately terminate. Does it make sense?
>
> The instructions in the link, I believe, were written for a slightly
> different use case.
>
> ________________________________________
> From: Thomas Darimont [thomas.darimont at googlemail.com<mailto:
> thomas.darimont at googlemail.com>]
> Sent: Thursday, August 18, 2016 2:15 PM
> To: Nalyvayko, Peter
> Cc: keycloak-user
> Subject: Re: [keycloak-user] Database upgrade
>
> Hello Peter,
>
> https://github.com/keycloak/keycloak/blob/master/misc/
> UpdatingDatabaseSchema.md
>
> Cheers,
> Thomas
>
> 2016-08-18 19:21 GMT+02:00 Nalyvayko, Peter <pnalyvayko at agi.com<mailto:pna
> lyvayko at agi.com><mailto:pnalyvayko at agi.com<mailto:pnalyvayko at agi.com>>>:
> Hi,
> Is there an existing way to execute the keycloak database upgrade without
> actually starting the keycloak server?
> Thanks!
> --Peter
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org
> ><mailto:keycloak-user at lists.jboss.org<mailto:ke
> ycloak-user at lists.jboss.org>>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160819/5382b86c/attachment-0001.html

More information about the keycloak-user mailing list