[keycloak-user] Inifnispan problems upgrading 1.7.0.Final to 2.0.0.Final

Kevin Thorpe kevin.thorpe at p-i.net
Tue Aug 9 10:01:54 EDT 2016


Not according to your base image:
[kevin at kev-c7-test pi-keycloak]$ docker run -ti --entrypoint /bin/bash
jboss/keycloak-mysql:2.0.0.Final -s
Unable to find image 'jboss/keycloak-mysql:2.0.0.Final' locally
2.0.0.Final: Pulling from jboss/keycloak-mysql
a3ed95caeb02: Pull complete
da71393503ec: Pull complete
eb78add5bf3f: Pull complete
046239789b53: Pull complete
364eb6df56ec: Pull complete
21beacec2ed4: Pull complete
b0c6b264da5a: Pull complete
1cb268ec5855: Pull complete
5400749767a0: Pull complete
710ca18f9c2a: Pull complete
76d4c31a5749: Pull complete
4763ae5ce42d: Pull complete
3929a1cda72b: Pull complete
840a187f62cf: Pull complete
Digest:
sha256:cce1b09f3423851f72ee93c87d66d8de4663e7b231a2158cfbaef6846701c7ec
Status: Downloaded newer image for jboss/keycloak-mysql:2.0.0.Final
[jboss at ccef1862480f ~]$ vi keycloak/standalone/configuration/standalone.xml


snipped out the infinispan config:
            <cache-container name="keycloak"
jndi-name="infinispan/Keycloak">
                <local-cache name="realms"/>
                <local-cache name="users">
                    <eviction max-entries="10000" strategy="LRU"/>
                </local-cache>
                <local-cache name="sessions"/>
                <local-cache name="offlineSessions"/>
                <local-cache name="loginFailures"/>
                <local-cache name="work"/>
                <local-cache name="realmVersions">
                    <transaction mode="BATCH" locking="PESSIMISTIC"/>
                </local-cache>
                <local-cache name="authorization">
                    <eviction max-entries="100" strategy="LRU"/>
                </local-cache>
            </cache-container>





*Kevin Thorpe*
VP Enterprise Platform

www.p-i.net | @PI_150 <https://twitter.com/@PI_150>

*T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
<%2B44%20%280%29808%20204%200344> *
*150 Buckingham Palace Road, London, SW1W 9TR, UK*



*SAVE PAPER - THINK BEFORE YOU PRINT!*

____________________________________________________________________

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.

On 9 August 2016 at 13:22, Marek Posolda <mposolda at redhat.com> wrote:

> Hmm... Actually I am not 100% sure what you did, but from the error
> message, it's very clear that configuration of your infinispan caches in
> standalone.xml is out-dated. In Keycloak 2.0 it should look like this:
>
>             <cache-container name="keycloak" jndi-name="infinispan/
> Keycloak">
>                 <local-cache name="realms"/>
>                 <local-cache name="users"/>
>                 <local-cache name="sessions"/>
>                 <local-cache name="offlineSessions"/>
>                 <local-cache name="loginFailures"/>
>                 <local-cache name="work"/>
>                 <local-cache name="realmVersions">
>                     <transaction mode="BATCH" locking="PESSIMISTIC"/>
>                 </local-cache>
>             </cache-container>
>
> Marek
>
>
>
> On 08/08/16 15:57, Kevin Thorpe wrote:
>
> Also, the standalone.xml is yours from the keycloak-mysql image with just
> the https-listener and our security-realm added using saxon/xslt in the
> same way as you deploy it
>
>
>
> *Kevin Thorpe*
> VP Enterprise Platform
>
> <http://www.p-i.net/>www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>
> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
> 7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
> <%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
> On 8 August 2016 at 13:48, Marek Posolda <mposolda at redhat.com> wrote:
>
>> From your logs, it seems the problem is related to migration infinispan
>> caches. It looks that you don't have defined some of those caches in
>> standalone.xml.
>>
>> Generally it's recommended to use Keycloak with keycloak-server
>> distribution and upgrade process is like this:
>> - You stop your Keycloak 1.7.0.Final server
>> - You download the Keycloak-server 2.0.0.Final distribution and you just
>> configure the DB ( datasource ) to point to same DB like previously was
>> Keycloak 1.7.0
>> - You start Keycloak and liquibase make sure to upgrade your DB.
>>
>> Note that with this approach, you don't need to care about any changes,
>> which was done in standalone.xml or keycloak-server.json or other files
>> between Keycloak 1.7 or 2.0.
>>
>> Marek
>>
>>
>> On 08/08/16 14:27, Shiva Saxena wrote:
>>
>> Hi,
>>
>> You can try setting the "databaseSchema" to "update" in "connectionsJpa".
>>
>> Here is the migration guide doc URL
>>
>>
>> <https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.0/topics/MigrationFromOlderVersions.html>
>> https://keycloak.gitbooks.io/server-adminstration-guide/cont
>> ent/v/2.0/topics/MigrationFromOlderVersions.html
>>
>> On Mon, Aug 8, 2016 at 4:47 PM, Kevin Thorpe < <kevin.thorpe at p-i.net>
>> kevin.thorpe at p-i.net> wrote:
>>
>>> Hi,
>>>      I'm having problems upgrading from 1.7.0.Final to 2.0.0.Final. I'm
>>> using the Docker images on which we build our own images to add https with
>>> our certs, our theme and a small patch to match our LDAP configuration. The
>>> new image of 2.0.0 works fine with a brand new database but doesn't start
>>> up with the existing database. Do I need to upgrade via an earlier release
>>> to modify the db?
>>>
>>> I've attached the startup logs. I don't know enough to  see what's wrong.
>>>
>>> *Kevin Thorpe*
>>> VP Enterprise Platform
>>>
>>> <http://www.p-i.net/>www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>
>>> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
>>> 7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
>>> <%2B44%20%280%29808%20204%200344> *
>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>
>>>
>>>
>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>
>>> ____________________________________________________________________
>>>
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they are
>>> addressed. If you have received this email in error please notify the
>>> system manager. This message contains confidential information and is
>>> intended only for the individual named. If you are not the named addressee
>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>> the sender immediately by e-mail if you have received this e-mail by
>>> mistake and delete this e-mail from your system. If you are not the
>>> intended recipient you are notified that disclosing, copying, distributing
>>> or taking any action in reliance on the contents of this information is
>>> strictly prohibited.
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>> --
>> Best Regards
>> *Shiva Saxena*
>> *Blog <http://metalop.com/> | Linkedin
>> <http://in.linkedin.com/in/shivasaxena/> | StackOverflow
>> <http://stackoverflow.com/users/2490343/shiva>*
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/fe20e7f0/attachment-0001.html 


More information about the keycloak-user mailing list