238 lines
No EOL
15 KiB
Text
238 lines
No EOL
15 KiB
Text
embed-host-controller --domain-config=domain.xml
|
|
|
|
# Early versions of keycloak used "ha" for the clustered profile name.
|
|
# Yours maybe be something completely different.
|
|
set clusteredProfile=auth-server-clustered
|
|
|
|
# keycloak-server.json is not normally on this path.
|
|
set pathToJson=../domain/configuration/keycloak-server.json
|
|
|
|
|
|
echo
|
|
echo *** Begin Migration of /profile=$clusteredProfile ***
|
|
echo
|
|
|
|
# Migrate from 1.8.1 to 1.9.1
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource
|
|
echo Adding replicated-cache=work to keycloak cache container...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC)
|
|
echo
|
|
end-if
|
|
# realmVersions cache deprecated in 2.1.0
|
|
#if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
|
|
# echo Adding local-cache=realmVersions to keycloak cache container...
|
|
# /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
|
|
# /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
|
|
# echo
|
|
#end-if
|
|
|
|
# Migrate from 1.9.1 to 1.9.2
|
|
if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy)
|
|
echo Adding eviction strategy to keycloak users cache container...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
|
|
echo
|
|
end-if
|
|
|
|
# Migrate from 1.9.2 to 2.0.0
|
|
# NO CHANGES
|
|
|
|
# Migrate from 2.0.0 to 2.1.0
|
|
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
|
|
echo Removing deprecated cache 'realmVersions'
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
|
|
echo
|
|
end-if
|
|
|
|
# Migrate kecloak-server.json (deprecated in 2.2.0)
|
|
if (result == []) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-children-names(child-type=spi)
|
|
echo Migrating keycloak-server.json to keycloak-server subsystem...
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson)
|
|
echo
|
|
end-if
|
|
|
|
set persistenceProvider=jpa
|
|
|
|
# Migrate from 2.1.0 to 2.2.0
|
|
# Do not add distributed-cache=authorization. This is now removed.
|
|
#if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
|
|
# echo Additing distributed-cache=authorization
|
|
# /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1)
|
|
# echo
|
|
#end-if
|
|
if (result == update) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
|
|
echo Updating connectionsJpa default properties...
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
|
|
echo
|
|
end-if
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
|
|
echo Adding spi=userFederatedStorage...
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
|
|
echo
|
|
end-if
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:read-resource
|
|
echo Adding spi=jta-lookup...
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
|
|
echo
|
|
end-if
|
|
|
|
# Migrate from 2.2.0 to 2.2.1
|
|
# NO CHANGES
|
|
|
|
# Migrate from 2.2.1 to 2.3.0
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
|
|
echo Adding local-cache=keys to keycloak cache container...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
|
|
echo
|
|
end-if
|
|
if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
|
|
echo Updating eviction and expiration in local-cache=keys...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
|
|
echo
|
|
end-if
|
|
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
|
|
echo Adding spi=publicKeyStorage...
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:add
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
|
|
echo
|
|
end-if
|
|
|
|
# Migrate from 2.3.0 to 2.4.0
|
|
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource
|
|
echo Replacing invalidation-cache=users with local-cache=users
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/:add
|
|
echo
|
|
end-if
|
|
if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false)
|
|
echo Updating eviction in local-cache=users
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
|
|
echo
|
|
end-if
|
|
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource
|
|
echo Replacing invalidation-cache=realms with local-cache=realms
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add
|
|
echo
|
|
end-if
|
|
|
|
|
|
# Migrate from 2.4.0 to 2.5.0
|
|
if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
|
|
echo Adding eviction strategy to keycloak realms cache...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
|
|
echo
|
|
end-if
|
|
|
|
# Migrate from 2.5.0 to 2.5.1
|
|
# NO CHANGES
|
|
|
|
# Migrate 2.5.1 to 2.5.4
|
|
if (result != REPEATABLE_READ) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
|
|
echo Changing ejb cache locking to REPEATABLE_READ
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
|
|
echo
|
|
end-if
|
|
|
|
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
|
|
echo Removing Hibernate immutable-entity cache
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
|
|
end-if
|
|
|
|
|
|
# Migrate from 2.5.4 to 3.0.0
|
|
if (result == jpa) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
|
|
echo Removing default provider for eventsStore
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
|
|
echo
|
|
end-if
|
|
|
|
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
|
|
echo Removing declaration for user SPI
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:remove
|
|
echo
|
|
end-if
|
|
|
|
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
|
|
echo Removing declaration for user SPI
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:remove
|
|
echo
|
|
end-if
|
|
|
|
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
|
|
echo Removing declaration for userFederatedStorage SPI
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
|
|
echo
|
|
end-if
|
|
|
|
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
|
|
echo Removing declaration for authorizationPersister SPI
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
|
|
echo
|
|
end-if
|
|
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:read-resource
|
|
echo Adding userCache SPI
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:add
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
|
|
echo
|
|
end-if
|
|
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
|
|
echo Adding realmCache SPI
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:add
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
|
|
echo
|
|
end-if
|
|
|
|
if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
|
|
echo Adding 'default' as default provider for connectionsInfinispan
|
|
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
|
|
echo
|
|
end-if
|
|
|
|
# Migrate from 3.0.0 to 3.2.0
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
|
|
echo Adding distributed-cache=authenticationSessions to keycloak cache container...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
|
|
echo
|
|
end-if
|
|
|
|
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
|
|
echo Adding distributed-cache=actionTokens to keycloak cache container...
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
|
|
echo
|
|
end-if
|
|
|
|
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
|
|
echo Replacing distributed-cache=authorization with local-cache=authorization
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
|
|
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
|
|
echo
|
|
end-if
|
|
|
|
# Migrate from 3.2.0 to 3.4.0
|
|
if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
|
|
echo Removing X-Powered-By and Server headers from Keycloak responses...
|
|
/profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
|
|
/profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
|
|
/profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
|
|
/profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove
|
|
end-if
|
|
|
|
echo *** End Migration of /profile=$clusteredProfile *** |