[keycloak-user] backup strategy

Stian Thorgersen sthorger at redhat.com
Wed Feb 7 04:56:26 EST 2018 

Exporting while live is really not recommended as you can get inconsistent
data that you won't be able to use.

On 7 Feb 2018 10:46 am, "Knurr, Michael" <Michael.Knurr at adesso.ch> wrote:

Hi Corentin

For my Keycloak installation I am doing daily exports/backups to the file
system. Especially the question "how to make it stop" gave me a major
headache.

In order to work around this problem, I wrote  a script which does all the
work for me. You can just schedule it in crontab and it will start a second
keycloak instance, do the export and eventually kill the second instance. I
uploaded it as a gist, so you may also use it if you like:
https://gist.github.com/michaelknurr/a8f1941c6f40c0d784b1e467fbc694ba

Cheers
Michael

-----Ursprüngliche Nachricht-----
Von: Corentin Dupont [mailto:corentin.dupont at gmail.com]
Gesendet: Dienstag, 6. Februar 2018 12:09
An: keycloak-user <keycloak-user at lists.jboss.org>
Betreff: [keycloak-user] backup strategy

Hi guys,
I wonder what the backup strategy is?
Is it good practice to export regularly all Keycloak configuration?

I can export with the command:
./keycloak/bin/standalone.sh -Dkeycloak.migration.action=export
-Dkeycloak.migration.provider=singleFile
-Dkeycloak.migration.file=export-`date +"%m-%d-%y"`.json
-Djboss.http.port=8888 -Djboss.https.port=9999
-Djboss.management.http.port=7777

It exports the current configuration (realms, users...).
I set different ports so it can run concurently with the running instance
of keycloak.
I can set a cron job with the command, but unfortunately this command need
to be stopped by Ctrl-C.

-> How to make it stop after the export?

Other question, the export need to be run on the same container than
Keycloak, but this is not very practical in a Cloud setting. I use Amazon
ECS, so I have to log in the VM and then the container. I have then to
extract the file with various scp.
Is there any way to make this easier (i.e. with an API command)?

Cheers
Corentin


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list