[keycloak-user] backup strategy

Corentin Dupont corentin.dupont at gmail.com
Wed Feb 7 05:36:20 EST 2018 

In the case of a MySQL DB, what do you recommend? I see they have several
kind of backups:
https://dev.mysql.com/doc/refman/5.7/en/backup-types.html

- Physical backup is just copying the DB files on the disk.
- Logical backup involves some tool as mysqldump. It creates lists of SQL
statements, so the data is more structured/editable.
Online or offline backup?


On Wed, Feb 7, 2018 at 10:57 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Absolutely. H2 is not recommended for production use.
>
> You may want to backup KC for as well, but that's for config data only so
> you'd only need to do that if you make configuration changes.
>
> On 7 Feb 2018 10:43 am, "Corentin Dupont" <corentin.dupont at gmail.com>
> wrote:
>
>> Good idea. By the way, we still use H2 database, so I guess it is
>> recommended to update to MySQL/postgreSQL?
>>
>>
>> On Wed, Feb 7, 2018 at 8:48 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> Export is not really that great for backups. It can be rather slow if
>>> you have loads of entries in the DB and it also requires the server to be
>>> stopped prior.
>>>
>>> You should rather use DB specific tools to backup the DB directly. That
>>> will be faster and more reliable as well.
>>>
>>> On 6 February 2018 at 16:05, Corentin Dupont <corentin.dupont at gmail.com>
>>> wrote:
>>>
>>>> Another question, can I import a configuration in Keycloak while it is
>>>> running or do I need to stop it?
>>>>
>>>>
>>>> On Tue, Feb 6, 2018 at 12:09 PM, Corentin Dupont <
>>>> corentin.dupont at gmail.com>
>>>> wrote:
>>>>
>>>> > Hi guys,
>>>> > I wonder what the backup strategy is?
>>>> > Is it good practice to export regularly all Keycloak configuration?
>>>> >
>>>> > I can export with the command:
>>>> > ./keycloak/bin/standalone.sh -Dkeycloak.migration.action=export
>>>> > -Dkeycloak.migration.provider=singleFile
>>>> -Dkeycloak.migration.file=export-`date
>>>> > +"%m-%d-%y"`.json -Djboss.http.port=8888 -Djboss.https.port=9999
>>>> > -Djboss.management.http.port=7777
>>>> >
>>>> > It exports the current configuration (realms, users...).
>>>> > I set different ports so it can run concurently with the running
>>>> instance
>>>> > of keycloak.
>>>> > I can set a cron job with the command, but unfortunately this command
>>>> need
>>>> > to be stopped by Ctrl-C.
>>>> >
>>>> > -> How to make it stop after the export?
>>>> >
>>>> > Other question, the export need to be run on the same container than
>>>> > Keycloak, but this is not very practical in a Cloud setting. I use
>>>> Amazon
>>>> > ECS, so I have to log in the VM and then the container. I have then to
>>>> > extract the file with various scp.
>>>> > Is there any way to make this easier (i.e. with an API command)?
>>>> >
>>>> > Cheers
>>>> > Corentin
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>

More information about the keycloak-user mailing list