diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli index b17853ae2a..4dd4e56f65 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli @@ -50,16 +50,35 @@ if (result == []) of /profile=$clusteredProfile/subsystem=keycloak-server/:read- /profile=$clusteredProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson) echo end-if +if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-attribute(name=providers) + echo Updating provider to default value + /profile=$clusteredProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*]) + echo +end-if +if (result == keycloak) of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default) + echo Undefining default theme... + /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default) + echo +end-if +if (result == expression "${jboss.server.config.dir}/themes") of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir) + echo Updating theme dir to default value + /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes) + echo +end-if set persistenceProvider=jpa # Migrate from 2.1.0 to 2.2.0 -# Do not add distributed-cache=authorization. This is now removed. -#if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource -# echo Additing distributed-cache=authorization -# /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1) -# echo -#end-if +if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource + # In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache + try + echo + /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1) + echo Added distributed-cache=authorization + catch + end-try +end-if + if (result == update) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema) echo Updating connectionsJpa default properties... /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema) @@ -194,13 +213,16 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/s echo end-if -if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false) +if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false) echo Adding 'default' as default provider for connectionsInfinispan /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default) echo end-if -# Migrate from 3.0.0 to 3.2.0 +# Migrate from 3.0.0 to 3.1.0 +# NO CHANGES + +# Migrate from 3.1.0 to 3.2.0 if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource echo Adding distributed-cache=authenticationSessions to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1) @@ -226,7 +248,120 @@ if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache echo end-if -# Migrate from 3.2.0 to 3.4.0 +# Migrate from 3.2.0 to 3.2.1 +# NO CHANGES + +# Migrate from 3.2.1 to 3.3.0 +if (outcome == failed) of /profile=$clusteredProfile/subsystem=core-management/:read-resource + try + echo Trying to add core-management extension + /extension=org.wildfly.extension.core-management/:add + echo + catch + echo Wasn't able to add core-management extension, it should be already added by migrate-domain-standalone.cli + echo + end-try + echo Adding subsystem core-management + /profile=$clusteredProfile/subsystem=core-management/:add + echo +end-if + +if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-resource + try + echo Trying to add elytron extension + /extension=org.wildfly.extension.elytron/:add + echo + catch + echo Wasn't able to add elytron extension, it should be already added by migrate-domain-standalone.cli + echo + end-try + echo Adding subsystem elytron + /profile=$clusteredProfile/subsystem=elytron/:add + /profile=$clusteredProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron) + /profile=$clusteredProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl) + /profile=$clusteredProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl]) + /profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) + /profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") + /profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) + /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] + /profile=$clusteredProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) + /profile=$clusteredProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) + /profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) + /profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) + /profile=$clusteredProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}]) + /profile=$clusteredProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add + /profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}]) + /profile=$clusteredProfile/subsystem=elytron/provider-sasl-server-factory=global/:add + /profile=$clusteredProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}]) + /profile=$clusteredProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"}) + /profile=$clusteredProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}]) + /profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers) + /profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto]) + echo +end-if + +if (outcome == failed) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource + echo Adding channel-creation-options READ_TIMEOUT and MAX_OUTBOUND_MESSAGES to ejb3 remote + /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio) + /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting) + echo +end-if + +if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode) + echo Setting SYNC mode for web cache-container + /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC) + echo +end-if + +if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode) + echo Setting SYNC mode for ejb cache-container + /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC) + echo +end-if + +if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) + echo Unsetting socket-binding from udp FD_SOCK protocol + # it has to be done via remove and add, because socket-binding is not writable attribute + /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove + /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add + echo +end-if + +if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:read-resource + echo Replacing tcp FD protocol with FD_ALL + /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:remove + /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add + echo +end-if + +if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding) + echo Unsetting socket-binding from tcp FD_SOCK protocol + # it has to be done via remove and add, because socket-binding is not writable attribute + /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove + /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add + echo +end-if + +if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource + echo Adding http-invoker to default-host + /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm) + echo +end-if + +if (result == false) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2) + echo Enabling http2 for default http-listener + /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true) + echo +end-if + +if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource + echo Adding https-listener + /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true) + echo +end-if + +# Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove @@ -235,4 +370,32 @@ if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server= /profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove end-if +if (outcome == success) of /profile=$clusteredProfile/subsystem=jdr/:read-resource + echo Removing jdr subsystem and extension + /profile=$clusteredProfile/subsystem=jdr/:remove + echo + try + echo Trying to remove jdr extension + /extension=org.jboss.as.jdr/:remove + echo + catch + echo Wasn't able to remove jdr extension, Should be removed by migrate-domain-standalone.cli + echo + end-try +end-if + +if (outcome == success) of /profile=$clusteredProfile/subsystem=jsf/:read-resource + echo Removing jsf subsystem and extension + /profile=$clusteredProfile/subsystem=jsf/:remove + echo + try + echo Trying to remove jsf extension + /extension=org.jboss.as.jsf/:remove + echo + catch + echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-standalone.cli + echo + end-try +end-if + echo *** End Migration of /profile=$clusteredProfile *** \ No newline at end of file diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli index be2b837c95..100808a172 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli @@ -62,6 +62,21 @@ if (result == []) of /profile=$standaloneProfile/subsystem=keycloak-server/:read /profile=$standaloneProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson) echo end-if +if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$standaloneProfile/subsystem=keycloak-server/:read-attribute(name=providers) + echo Updating provider to default value + /profile=$standaloneProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*]) + echo +end-if +if (result == keycloak) of /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default) + echo Undefining default theme... + /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default) + echo +end-if +if (result == expression "${jboss.server.config.dir}/themes") of /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir) + echo Updating theme dir to default value + /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes) + echo +end-if set persistenceProvider=jpa @@ -181,14 +196,16 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/ echo end-if -if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false) +if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false) echo Adding 'default' as default provider for connectionsInfinispan /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default) echo end-if +# Migrate from 3.0.0 to 3.1.0 +# NO CHANGES -# Migrate from 3.0.0 to 3.2.0 +# Migrate from 3.1.0 to 3.2.0 if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource echo Adding local-cache=authenticationSessions to keycloak cache container... /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY) @@ -205,7 +222,109 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache echo end-if -# Migrate from 3.2.0 to 3.4.0 +if (result == 100L) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=max-entries) + echo Updating eviction in local-cache=authorization... + /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000) + echo +end-if + +# Migrate from 3.2.0 to 3.2.1 +# NO CHANGES + +# Migrate from 3.2.1 to 3.3.0 +if (outcome == failed) of /profile=$standaloneProfile/subsystem=core-management/:read-resource + try + echo Trying to add core-management extension + /extension=org.wildfly.extension.core-management/:add + echo + catch + echo Wasn't able to add core-management extension, it should be already added by migrate-domain-clustered.cli + echo + end-try + echo Adding subsystem core-management + /profile=$standaloneProfile/subsystem=core-management/:add + echo +end-if + +if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/:read-resource + try + echo Trying to add elytron extension + /extension=org.wildfly.extension.elytron/:add + echo + catch + echo Wasn't able to add elytron extension, it should be already added by migrate-domain-clustered.cli + echo + end-try + echo Adding subsystem elytron + /profile=$standaloneProfile/subsystem=elytron/:add + /profile=$standaloneProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron) + /profile=$standaloneProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl) + /profile=$standaloneProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl]) + /profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) + /profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") + /profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) + /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] + /profile=$standaloneProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) + /profile=$standaloneProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) + /profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) + /profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) + /profile=$standaloneProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}]) + /profile=$standaloneProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add + /profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}]) + /profile=$standaloneProfile/subsystem=elytron/provider-sasl-server-factory=global/:add + /profile=$standaloneProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}]) + /profile=$standaloneProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"}) + /profile=$standaloneProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}]) + /profile=$standaloneProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers) + /profile=$standaloneProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto]) + echo +end-if + +if (outcome == failed) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource + echo Adding channel-creation-options READ_TIMEOUT and MAX_OUTBOUND_MESSAGES to ejb3 remote + /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio) + /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting) + echo +end-if + +if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=persistent:read-resource + echo Removing local-cache persistent from web cache-container + /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=persistent:remove + echo +end-if + +if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent:read-resource + echo Removing local-cache persistent from ejb cache-container + /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent:remove + echo +end-if + +if (result == local-query) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/:read-attribute(name=default-cache) + echo Removing default-cache from hibernate cache-container + /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/:undefine-attribute(name=default-cache) + echo +end-if + +if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource + echo Adding http-invoker to default-host + /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm) + echo +end-if + +if (result == false) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2) + echo Enabling http2 for default http-listener + /profile=$standaloneProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true) + echo +end-if + +if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource + echo Adding https-listener + /profile=$standaloneProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true) + echo +end-if + +# Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove @@ -214,4 +333,32 @@ if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server /profile=$standaloneProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove end-if +if (outcome == success) of /profile=$standaloneProfile/subsystem=jdr/:read-resource + echo Removing jdr subsystem and extension + /profile=$standaloneProfile/subsystem=jdr/:remove + echo + try + echo Trying to remove jdr extension + /extension=org.jboss.as.jdr/:remove + echo + catch + echo Wasn't able to remove jdr extension, it should be removed by migrate-domain-clustered.cli + echo + end-try +end-if + +if (outcome == success) of /profile=$standaloneProfile/subsystem=jsf/:read-resource + echo Removing jsf subsystem and extension + /profile=$standaloneProfile/subsystem=jsf/:remove + echo + try + echo Trying to remove jsf extension + /extension=org.jboss.as.jsf/:remove + echo + catch + echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-clustered.cli + echo + end-try +end-if + echo *** End Migration of /profile=$standaloneProfile *** \ No newline at end of file diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli index 18225e8050..50e51e6518 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli @@ -43,6 +43,21 @@ if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type= end-if set persistenceProvider=jpa +if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers) + echo Updating provider to default value + /subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*]) + echo +end-if +if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default) + echo Undefining default theme... + /subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default) + echo +end-if +if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir) + echo Updating theme dir to default value + /subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes) + echo +end-if # Migrate from 2.1.0 to 2.2.0 if (outcome == failed) of /extension=org.jboss.as.deployment-scanner/:read-resource @@ -60,12 +75,17 @@ if (outcome == failed) of /subsystem=deployment-scanner/scanner=default/:read-re /subsystem=deployment-scanner/scanner=default/:add(path=deployments,relative-to=jboss.server.base.dir,runtime-failure-causes-rollback=${jboss.deployment.scanner.rollback.on.failure:false},scan-interval=5000) echo end-if -# Do not add. This is now removed. -#if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource -# echo Adding distributed-cache=authorization -# /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1) -# echo -#end-if + +if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource + # In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache + try + echo + /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1) + echo Added distributed-cache=authorization + catch + end-try +end-if + if (result == update) of /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema) echo Updating connectionsJpa default properties... /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema) @@ -231,13 +251,135 @@ if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/distri echo end-if -# Migrate from 3.2.0 to 3.4.0 +# Migrate from 3.2.0 to 3.2.1 +# NO CHANGES + +# Migrate from 3.2.1 to 3.3.0 +if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource + echo Adding keystore to ApplicationRealm... + /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost) + echo +end-if + +if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource + echo Adding elytron extension... + /extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron) + echo +end-if + +if (outcome == failed) of /subsystem=elytron/:read-resource + echo Adding elytron subsystem + /subsystem=elytron:add + /subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron) + /subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl) + /subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl]) + /subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) + /subsystem=elytron/identity-realm=local/:add(identity="$local") + /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) + /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) + /subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] + /subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) + /subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) + /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) + /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) + /subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}]) + /subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}]) + /subsystem=elytron/provider-http-server-mechanism-factory=global/:add + /subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]) + /subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}]) + /subsystem=elytron/provider-sasl-server-factory=global/:add + /subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}]) + /subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"}) + /subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]) + /subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}]) + /subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers) + /subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto]) + echo +end-if + +if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource + echo Adding channel-creation-options READ_TIMEOUT and MAX_OUTBOUND_MESSAGES to ejb3 remote + /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio) + /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting) + echo +end-if + +if (result == ASYNC) of /subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode) + echo Setting SYNC mode for web cache-container + /subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC) + echo +end-if + +if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode) + echo Setting SYNC mode for ejb cache-container + /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC) + echo +end-if + +if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) + echo Unsetting socket-binding from udp FD_SOCK protocol + # it has to be done via remove and add, because socket-binding is not writable attribute + /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove + /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add + echo +end-if + +if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FD/:read-resource + echo Replacing tcp FD protocol with FD_ALL + /subsystem=jgroups/stack=tcp/protocol=FD/:remove + /subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add + echo +end-if + +if (result != undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding) + echo Unsetting socket-binding from tcp FD_SOCK protocol + # it has to be done via remove and add, because socket-binding is not writable attribute + /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove + /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add + echo +end-if + +if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource + echo Adding http-invoker to default-host + /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm) + echo +end-if + +if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2) + echo Enabling http2 for default http-listener + /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true) + echo +end-if + +if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource + echo Adding https-listener + /subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true) + echo +end-if + +# Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove /subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove /subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove /subsystem=undertow/configuration=filter/response-header=server-header/:remove + echo +end-if + +if (outcome == success) of /subsystem=jdr/:read-resource + echo Removing jdr subsystem and extension + /subsystem=jdr/:remove + /extension=org.jboss.as.jdr/:remove + echo +end-if + +if (outcome == success) of /subsystem=jsf/:read-resource + echo Removing jsf subsystem and extension + /subsystem=jsf/:remove + /extension=org.jboss.as.jsf/:remove + echo end-if echo *** End Migration *** \ No newline at end of file diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli index 3491bc519b..e348149eb1 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli @@ -55,6 +55,21 @@ if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type= /subsystem=keycloak-server/:migrate-json echo end-if +if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers) + echo Updating provider to default value + /subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*]) + echo +end-if +if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default) + echo Undefining default theme... + /subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default) + echo +end-if +if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir) + echo Updating theme dir to default value + /subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes) + echo +end-if set persistenceProvider=jpa @@ -195,8 +210,10 @@ if ((result.default-provider == undefined) && (result.provider.default.enabled = echo end-if +# Migrate from 3.0.0 to 3.1.0 +# NO CHANGES -# Migrate from 3.0.0 to 3.2.0 +# Migrate from 3.1.0 to 3.2.0 if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource echo Adding local-cache=authenticationSessions to keycloak cache container... /subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY) @@ -213,12 +230,124 @@ if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-c echo end-if -# Migrate from 3.2.0 to 3.4.0 +if (result == 100L) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=max-entries) + echo Updating eviction in local-cache=authorization... + /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000) + echo +end-if + +# Migrate from 3.2.0 to 3.2.1 +# NO CHANGES + +# Migrate from 3.2.1 to 3.3.0 +if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource + echo Adding keystore to ApplicationRealm... + /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost) + echo +end-if + +if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource + echo Adding elytron extension... + /extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron) + echo +end-if + +if (outcome == failed) of /subsystem=elytron/:read-resource + echo Adding elytron subsystem + /subsystem=elytron:add + /subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron) + /subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl) + /subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl]) + /subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) + /subsystem=elytron/identity-realm=local/:add(identity="$local") + /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) + /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) + /subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] + /subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) + /subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) + /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) + /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) + /subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}]) + /subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}]) + /subsystem=elytron/provider-http-server-mechanism-factory=global/:add + /subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]) + /subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}]) + /subsystem=elytron/provider-sasl-server-factory=global/:add + /subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}]) + /subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"}) + /subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]) + /subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}]) + /subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers) + /subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto]) + echo +end-if + +if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource + echo Adding channel-creation-options READ_TIMEOUT and MAX_OUTBOUND_MESSAGES to ejb3 remote + /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio) + /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting) + echo +end-if + +if (outcome == success) of /subsystem=infinispan/cache-container=web/local-cache=persistent:read-resource + echo Removing local-cache persistent from web cache-container + /subsystem=infinispan/cache-container=web/local-cache=persistent:remove + echo +end-if + +if (outcome == success) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent:read-resource + echo Removing local-cache persistent from ejb cache-container + /subsystem=infinispan/cache-container=ejb/local-cache=persistent:remove + echo +end-if + +if (result == local-query) of /subsystem=infinispan/cache-container=hibernate/:read-attribute(name=default-cache) + echo Removing default-cache from hibernate cache-container + /subsystem=infinispan/cache-container=hibernate/:undefine-attribute(name=default-cache) + echo +end-if + +if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource + echo Adding http-invoker to default-host + /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm) + echo +end-if + +if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2) + echo Enabling http2 for default http-listener + /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true) + echo +end-if + +if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource + echo Adding https-listener + /subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true) + echo +end-if + +# Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove /subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove /subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove /subsystem=undertow/configuration=filter/response-header=server-header/:remove + echo end-if + +if (outcome == success) of /subsystem=jdr/:read-resource + echo Removing jdr subsystem and extension + /subsystem=jdr/:remove + /extension=org.jboss.as.jdr/:remove + echo +end-if + +if (outcome == success) of /subsystem=jsf/:read-resource + echo Removing jsf subsystem and extension + /subsystem=jsf/:remove + /extension=org.jboss.as.jsf/:remove + echo +end-if + echo *** End Migration *** \ No newline at end of file