[keycloak-user] backup strategy

Stian Thorgersen sthorger at redhat.com
Wed Feb 7 04:57:12 EST 2018 

Absolutely. H2 is not recommended for production use.

You may want to backup KC for as well, but that's for config data only so
you'd only need to do that if you make configuration changes.

On 7 Feb 2018 10:43 am, "Corentin Dupont" <corentin.dupont at gmail.com> wrote:

> Good idea. By the way, we still use H2 database, so I guess it is
> recommended to update to MySQL/postgreSQL?
>
>
> On Wed, Feb 7, 2018 at 8:48 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> Export is not really that great for backups. It can be rather slow if you
>> have loads of entries in the DB and it also requires the server to be
>> stopped prior.
>>
>> You should rather use DB specific tools to backup the DB directly. That
>> will be faster and more reliable as well.
>>
>> On 6 February 2018 at 16:05, Corentin Dupont <corentin.dupont at gmail.com>
>> wrote:
>>
>>> Another question, can I import a configuration in Keycloak while it is
>>> running or do I need to stop it?
>>>
>>>
>>> On Tue, Feb 6, 2018 at 12:09 PM, Corentin Dupont <
>>> corentin.dupont at gmail.com>
>>> wrote:
>>>
>>> > Hi guys,
>>> > I wonder what the backup strategy is?
>>> > Is it good practice to export regularly all Keycloak configuration?
>>> >
>>> > I can export with the command:
>>> > ./keycloak/bin/standalone.sh -Dkeycloak.migration.action=export
>>> > -Dkeycloak.migration.provider=singleFile
>>> -Dkeycloak.migration.file=export-`date
>>> > +"%m-%d-%y"`.json -Djboss.http.port=8888 -Djboss.https.port=9999
>>> > -Djboss.management.http.port=7777
>>> >
>>> > It exports the current configuration (realms, users...).
>>> > I set different ports so it can run concurently with the running
>>> instance
>>> > of keycloak.
>>> > I can set a cron job with the command, but unfortunately this command
>>> need
>>> > to be stopped by Ctrl-C.
>>> >
>>> > -> How to make it stop after the export?
>>> >
>>> > Other question, the export need to be run on the same container than
>>> > Keycloak, but this is not very practical in a Cloud setting. I use
>>> Amazon
>>> > ECS, so I have to log in the VM and then the container. I have then to
>>> > extract the file with various scp.
>>> > Is there any way to make this easier (i.e. with an API command)?
>>> >
>>> > Cheers
>>> > Corentin
>>> >
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>

More information about the keycloak-user mailing list