[keycloak-user] backup strategy

Knurr, Michael Michael.Knurr at adesso.ch
Wed Feb 7 06:02:29 EST 2018


Hi Stian

I am a bit confused by this answer. Especially because I already brought up this question last November and got the advice from Sebasien Blanc to „just start another instance“.

You had a thought whether using a DB tool would be more efficient.
http://lists.jboss.org/pipermail/keycloak-user/2017-November/012156.html

Can you explain why there is a chance that we would get inconsistent data?


Cheers
Michael

Von: Stian Thorgersen [mailto:sthorger at redhat.com]
Gesendet: Mittwoch, 7. Februar 2018 10:56
An: Knurr, Michael <Michael.Knurr at adesso.ch>
Cc: Corentin Dupont <corentin.dupont at gmail.com>; keycloak-user <keycloak-user at lists.jboss.org>
Betreff: Re: [keycloak-user] backup strategy

Exporting while live is really not recommended as you can get inconsistent data that you won't be able to use.

On 7 Feb 2018 10:46 am, "Knurr, Michael" <Michael.Knurr at adesso.ch<mailto:Michael.Knurr at adesso.ch>> wrote:
Hi Corentin

For my Keycloak installation I am doing daily exports/backups to the file system. Especially the question "how to make it stop" gave me a major headache.

In order to work around this problem, I wrote  a script which does all the work for me. You can just schedule it in crontab and it will start a second keycloak instance, do the export and eventually kill the second instance. I uploaded it as a gist, so you may also use it if you like:
https://gist.github.com/michaelknurr/a8f1941c6f40c0d784b1e467fbc694ba

Cheers
Michael

-----Ursprüngliche Nachricht-----
Von: Corentin Dupont [mailto:corentin.dupont at gmail.com<mailto:corentin.dupont at gmail.com>]
Gesendet: Dienstag, 6. Februar 2018 12:09
An: keycloak-user <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Betreff: [keycloak-user] backup strategy

Hi guys,
I wonder what the backup strategy is?
Is it good practice to export regularly all Keycloak configuration?

I can export with the command:
./keycloak/bin/standalone.sh -Dkeycloak.migration.action=export
-Dkeycloak.migration.provider=singleFile
-Dkeycloak.migration.file=export-`date +"%m-%d-%y"`.json
-Djboss.http.port=8888 -Djboss.https.port=9999
-Djboss.management.http.port=7777

It exports the current configuration (realms, users...).
I set different ports so it can run concurently with the running instance of keycloak.
I can set a cron job with the command, but unfortunately this command need to be stopped by Ctrl-C.

-> How to make it stop after the export?

Other question, the export need to be run on the same container than Keycloak, but this is not very practical in a Cloud setting. I use Amazon ECS, so I have to log in the VM and then the container. I have then to extract the file with various scp.
Is there any way to make this easier (i.e. with an API command)?

Cheers
Corentin


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list