[keycloak-user] Behavior of Keycloak when performing an upgrade.

Marek Posolda mposolda at redhat.com
Wed Apr 19 16:11:58 EDT 2017 

On 19/04/17 19:38, Reed Lewis wrote:
> We are planning on implementing Keycloak with a very large dataset of users (in excess of 5 to 10 million).    We are going to have a single SQL datastore running in Azure, with multiple keycloak servers pointing to that single datastore.   The question that is being asked is what happens when we wish to upgrade keycloak from version xx to version yy (whatever the versions are I do not know).   The questions are:
>
>
> 1.       If the schema changes does Keycloak automatically handle that?
Yes, it should. We use Liquibase under the hood to migrate DB schema and 
data automatically. However it's highly recommended to backup your 
database before upgrade Keycloak. DB migration is always a bit tricky 
and bad things could happen ;)
>
> 2.       If there is schema changes, how long will that process take?
Depends what exactly was changed in the schema. For example if there is 
just one minor change in the table REALM and you have just 1 realm, it 
will be very fast. On the other hand change in the table related to USER 
data (for example removing foreign key and creating new foreign key) 
might be more tricky considering size of your DB.
>
> 3.       If there is no schema change can I shut down everything but one server, then shutdown the last one and start immediately a new one with the new software version?
Yes. See our Migration guide for more details. We usually provide some 
versions specific migration instructions in case there is some important 
manual migration step, which is needed to be done between migration from 
version X to version Y.

Marek
>
> So bottom line:  What is the upgrade path for Keycloak for major version to major version or minor to minor or whatever?
>
> Reed
> This message is the property of CARBONITE, INC. and may contain confidential or privileged information.
> If this message has been delivered to you by mistake, then do not copy or deliver this message to anyone.  Instead, destroy it and notify me by reply e-mail
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list