From 906538e6aa42a5559c1f25d5c76a449b10f76328 Mon Sep 17 00:00:00 2001 From: vramik Date: Thu, 26 Oct 2017 11:21:48 +0200 Subject: [PATCH] KEYCLOAK-5749 Update migration scripts for WildFly 11 Final --- .../content/bin/migrate-domain-clustered.cli | 28 +++++++++++++++++-- .../content/bin/migrate-domain-standalone.cli | 22 +++++++++++++-- .../content/bin/migrate-standalone-ha.cli | 28 +++++++++++++++++-- .../content/bin/migrate-standalone.cli | 4 +-- 4 files changed, 70 insertions(+), 12 deletions(-) diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli index 4dd4e56f65..67cbd29aa7 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli @@ -283,9 +283,7 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-res /profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) /profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") /profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) - /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] - /profile=$clusteredProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) - /profile=$clusteredProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}]) /profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) @@ -320,6 +318,12 @@ if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-co echo end-if +if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:read-attribute(name=cluster) + echo Setting cluster attribute to ejb in jgroups subsystem + /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb) + echo +end-if + if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) echo Unsetting socket-binding from udp FD_SOCK protocol # it has to be done via remove and add, because socket-binding is not writable attribute @@ -361,6 +365,24 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=d echo end-if +if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource + echo Removing socket-binding jgroups-tcp-fd + /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove + echo +end-if + +if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource + echo Removing socket-binding jgroups-udp-fd + /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove + echo +end-if + +if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address) + echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address + /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105}) + echo +end-if + # Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli index 100808a172..121a090e9f 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli @@ -263,9 +263,7 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/:read-re /profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) /profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") /profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) - /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] - /profile=$standaloneProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) - /profile=$standaloneProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}]) /profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) @@ -324,6 +322,24 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server= echo end-if +if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource + echo Removing socket-binding jgroups-tcp-fd + /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove + echo +end-if + +if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource + echo Removing socket-binding jgroups-udp-fd + /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove + echo +end-if + +if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address) + echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address + /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105}) + echo +end-if + # Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli index 50e51e6518..c4692b3ea8 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli @@ -277,9 +277,7 @@ if (outcome == failed) of /subsystem=elytron/:read-resource /subsystem=elytron/identity-realm=local/:add(identity="$local") /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) - /subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] - /subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) - /subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}]) /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) @@ -317,6 +315,12 @@ if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-ca echo end-if +if (result == undefined) of /subsystem=jgroups/channel=ee/:read-attribute(name=cluster) + echo Setting cluster attribute to ejb in jgroups subsystem + /subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb) + echo +end-if + if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) echo Unsetting socket-binding from udp FD_SOCK protocol # it has to be done via remove and add, because socket-binding is not writable attribute @@ -358,6 +362,24 @@ if (outcome == failed) of /subsystem=undertow/server=default-server/https-listen echo end-if +if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource + echo Removing socket-binding jgroups-tcp-fd + /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:remove + echo +end-if + +if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource + echo Removing socket-binding jgroups-udp-fd + /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:remove + echo +end-if + +if (result == 224.0.1.105) of /socket-binding-group=standard-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address) + echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address + /socket-binding-group=standard-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105}) + echo +end-if + # Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli index e348149eb1..2085014c5a 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli @@ -262,9 +262,7 @@ if (outcome == failed) of /subsystem=elytron/:read-resource /subsystem=elytron/identity-realm=local/:add(identity="$local") /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) - /subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] - /subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) - /subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper) + /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}]) /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])