[keycloak-user] backup strategy

Stian Thorgersen sthorger at redhat.com
Wed Feb 7 06:16:23 EST 2018


Export simply iterates over the data available and if it's changed while
it's doing so (admin changes some config, users does something, etc..) that
can result in inconsistent data that simply won't even work.

On 7 February 2018 at 12:02, Knurr, Michael <Michael.Knurr at adesso.ch> wrote:

> Hi Stian
>
>
>
> I am a bit confused by this answer. Especially because I already brought
> up this question last November and got the advice from Sebasien Blanc to
> „just start another instance“.
>
>
>
> You had a thought whether using a DB tool would be more efficient.
>
> http://lists.jboss.org/pipermail/keycloak-user/2017-November/012156.html
>
>
>
> Can you explain why there is a chance that we would get inconsistent data?
>
>
>
>
>
> Cheers
>
> Michael
>
>
>
> *Von:* Stian Thorgersen [mailto:sthorger at redhat.com]
> *Gesendet:* Mittwoch, 7. Februar 2018 10:56
> *An:* Knurr, Michael <Michael.Knurr at adesso.ch>
> *Cc:* Corentin Dupont <corentin.dupont at gmail.com>; keycloak-user <
> keycloak-user at lists.jboss.org>
> *Betreff:* Re: [keycloak-user] backup strategy
>
>
>
> Exporting while live is really not recommended as you can get inconsistent
> data that you won't be able to use.
>
>
>
> On 7 Feb 2018 10:46 am, "Knurr, Michael" <Michael.Knurr at adesso.ch> wrote:
>
> Hi Corentin
>
> For my Keycloak installation I am doing daily exports/backups to the file
> system. Especially the question "how to make it stop" gave me a major
> headache.
>
> In order to work around this problem, I wrote  a script which does all the
> work for me. You can just schedule it in crontab and it will start a second
> keycloak instance, do the export and eventually kill the second instance. I
> uploaded it as a gist, so you may also use it if you like:
> https://gist.github.com/michaelknurr/a8f1941c6f40c0d784b1e467fbc694ba
>
> Cheers
> Michael
>
> -----Ursprüngliche Nachricht-----
> Von: Corentin Dupont [mailto:corentin.dupont at gmail.com]
> Gesendet: Dienstag, 6. Februar 2018 12:09
> An: keycloak-user <keycloak-user at lists.jboss.org>
> Betreff: [keycloak-user] backup strategy
>
>
> Hi guys,
> I wonder what the backup strategy is?
> Is it good practice to export regularly all Keycloak configuration?
>
> I can export with the command:
> ./keycloak/bin/standalone.sh -Dkeycloak.migration.action=export
> -Dkeycloak.migration.provider=singleFile
> -Dkeycloak.migration.file=export-`date +"%m-%d-%y"`.json
> -Djboss.http.port=8888 -Djboss.https.port=9999
> -Djboss.management.http.port=7777
>
> It exports the current configuration (realms, users...).
> I set different ports so it can run concurently with the running instance
> of keycloak.
> I can set a cron job with the command, but unfortunately this command need
> to be stopped by Ctrl-C.
>
> -> How to make it stop after the export?
>
> Other question, the export need to be run on the same container than
> Keycloak, but this is not very practical in a Cloud setting. I use Amazon
> ECS, so I have to log in the VM and then the container. I have then to
> extract the file with various scp.
> Is there any way to make this easier (i.e. with an API command)?
>
> Cheers
> Corentin
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>


More information about the keycloak-user mailing list