embed-host-controller --domain-config=domain.xml # Early versions of keycloak used "ha" for the clustered profile name. # Yours maybe be something completely different. set clusteredProfile=auth-server-clustered # keycloak-server.json is not normally on this path. set pathToJson=../domain/configuration/keycloak-server.json echo echo *** Begin Migration of /profile=$clusteredProfile *** echo # Migrate from 1.8.1 to 1.9.1 if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource echo Adding replicated-cache=work to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC) echo end-if # realmVersions cache deprecated in 2.1.0 #if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource # echo Adding local-cache=realmVersions to keycloak cache container... # /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY) # /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH) # echo #end-if # Migrate from 1.9.1 to 1.9.2 if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy) echo Adding eviction strategy to keycloak users cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000) echo end-if # Migrate from 1.9.2 to 2.0.0 # NO CHANGES # Migrate from 2.0.0 to 2.1.0 if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource echo Removing deprecated cache 'realmVersions' /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove echo end-if # Migrate kecloak-server.json (deprecated in 2.2.0) if (result == []) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-children-names(child-type=spi) echo Migrating keycloak-server.json to keycloak-server subsystem... /profile=$clusteredProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson) echo end-if if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-attribute(name=providers) echo Updating provider to default value /profile=$clusteredProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*]) echo end-if if (result == keycloak) of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default) echo Undefining default theme... /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default) echo end-if if (result == expression "${jboss.server.config.dir}/themes") of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir) echo Updating theme dir to default value /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes) echo end-if set persistenceProvider=jpa # Migrate from 2.1.0 to 2.2.0 if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource # In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache try echo /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1) echo Added distributed-cache=authorization catch end-try end-if if (result == update) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema) echo Updating connectionsJpa default properties... /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema) /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true) /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update) /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource echo Adding spi=userFederatedStorage... /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:read-resource echo Adding spi=jta-lookup... /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss}) /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true) echo end-if # Migrate from 2.2.0 to 2.2.1 # NO CHANGES # Migrate from 2.2.1 to 2.3.0 if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource echo Adding local-cache=keys to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY) echo end-if if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false) echo Updating eviction and expiration in local-cache=keys... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:read-resource echo Adding spi=publicKeyStorage... /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:add /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true) echo end-if # Migrate from 2.3.0 to 2.4.0 if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource echo Replacing invalidation-cache=users with local-cache=users /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/:add echo end-if if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false) echo Updating eviction in local-cache=users /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000) echo end-if if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource echo Replacing invalidation-cache=realms with local-cache=realms /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add echo end-if # Migrate from 2.4.0 to 2.5.0 if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy) echo Adding eviction strategy to keycloak realms cache... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000) echo end-if # Migrate from 2.5.0 to 2.5.1 # NO CHANGES # Migrate 2.5.1 to 2.5.4 if (result != REPEATABLE_READ) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation) echo Changing ejb cache locking to REPEATABLE_READ /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ) echo end-if if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource echo Removing Hibernate immutable-entity cache /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove end-if # Migrate from 2.5.4 to 3.0.0 if (result == jpa) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false) echo Removing default provider for eventsStore /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider) echo end-if if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false) echo Removing declaration for user SPI /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:remove echo end-if if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false) echo Removing declaration for user SPI /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:remove echo end-if if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false) echo Removing declaration for userFederatedStorage SPI /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove echo end-if if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false) echo Removing declaration for authorizationPersister SPI /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:read-resource echo Adding userCache SPI /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:add /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:read-resource echo Adding realmCache SPI /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:add /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true) echo end-if if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false) echo Adding 'default' as default provider for connectionsInfinispan /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default) echo end-if # Migrate from 3.0.0 to 3.1.0 # NO CHANGES # Migrate from 3.1.0 to 3.2.0 if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource echo Adding distributed-cache=authenticationSessions to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource echo Adding distributed-cache=actionTokens to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1) echo end-if if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource echo Replacing distributed-cache=authorization with local-cache=authorization /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU) /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000) echo end-if # Migrate from 3.2.0 to 3.2.1 # NO CHANGES # Migrate from 3.2.1 to 3.3.0 if (outcome == failed) of /profile=$clusteredProfile/subsystem=core-management/:read-resource try echo Trying to add core-management extension /extension=org.wildfly.extension.core-management/:add echo catch echo Wasn't able to add core-management extension, it should be already added by migrate-domain-standalone.cli echo end-try echo Adding subsystem core-management /profile=$clusteredProfile/subsystem=core-management/:add echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-resource try echo Trying to add elytron extension /extension=org.wildfly.extension.elytron/:add echo catch echo Wasn't able to add elytron extension, it should be already added by migrate-domain-standalone.cli echo end-try echo Adding subsystem elytron /profile=$clusteredProfile/subsystem=elytron/:add /profile=$clusteredProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron) /profile=$clusteredProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl) /profile=$clusteredProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl]) /profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) /profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") /profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}]) /profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) /profile=$clusteredProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}]) /profile=$clusteredProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add /profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}]) /profile=$clusteredProfile/subsystem=elytron/provider-sasl-server-factory=global/:add /profile=$clusteredProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}]) /profile=$clusteredProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"}) /profile=$clusteredProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}]) /profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers) /profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto]) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource echo Adding channel-creation-options READ_TIMEOUT and MAX_OUTBOUND_MESSAGES to ejb3 remote /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio) /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting) echo end-if if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode) echo Setting SYNC mode for web cache-container /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC) echo end-if if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode) echo Setting SYNC mode for ejb cache-container /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC) echo end-if if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:read-attribute(name=cluster) echo Setting cluster attribute to ejb in jgroups subsystem /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb) echo end-if if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) echo Unsetting socket-binding from udp FD_SOCK protocol # it has to be done via remove and add, because socket-binding is not writable attribute /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add echo end-if if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:read-resource echo Replacing tcp FD protocol with FD_ALL /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:remove /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add echo end-if if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding) echo Unsetting socket-binding from tcp FD_SOCK protocol # it has to be done via remove and add, because socket-binding is not writable attribute /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource echo Adding http-invoker to default-host /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm) echo end-if if (result == false) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2) echo Enabling http2 for default http-listener /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource echo Adding https-listener /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true) echo end-if if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource echo Removing socket-binding jgroups-tcp-fd /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove echo end-if if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource echo Removing socket-binding jgroups-udp-fd /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove echo end-if if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address) echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105}) echo end-if # Migrate from 3.3.0 to 3.4.0 if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource echo Removing X-Powered-By and Server headers from Keycloak responses... /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove /profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove /profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove end-if if (outcome == success) of /profile=$clusteredProfile/subsystem=jdr/:read-resource echo Removing jdr subsystem and extension /profile=$clusteredProfile/subsystem=jdr/:remove echo try echo Trying to remove jdr extension /extension=org.jboss.as.jdr/:remove echo catch echo Wasn't able to remove jdr extension, Should be removed by migrate-domain-standalone.cli echo end-try end-if if (outcome == success) of /profile=$clusteredProfile/subsystem=jsf/:read-resource echo Removing jsf subsystem and extension /profile=$clusteredProfile/subsystem=jsf/:remove echo try echo Trying to remove jsf extension /extension=org.jboss.as.jsf/:remove echo catch echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-standalone.cli echo end-try end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:read-resource echo Adding distributed-cache=offlineClientSessions to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:add(mode=SYNC,owners=1) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:read-resource echo Adding distributed-cache=clientSessions to keycloak cache container... /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:add(mode=SYNC,owners=1) echo end-if if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/:read-resource echo Adding spi=x509cert-lookup... /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default}) /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true) echo end-if echo *** End Migration of /profile=$clusteredProfile ***