I'm trying to figure out what import/export best practices in keycloak version 3.3.0.CR1. As I see in keycloak official page import/export, was described they strategy. Here they example of export to single file json. Goint to /keycloak/bin folder and the run this:
./standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=keycloak-export.json
I logged in to k8s pod. After run this command I get errors:
12:23:32,045 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("management-interface" => "http-interface")
]) - failure description: {
"WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "java.net.BindException: Address already in use /127.0.0.1:9990"},
"WFLYCTL0288: One or more services were unable to start due to one or more indirect dependencies not being available." => {
"Services that were unable to start:" => ["org.wildfly.management.http.extensible.shutdown"],
"Services that may be the cause:" => ["jboss.remoting.remotingConnectorInfoService.http-remoting-connector"]
}
}
As I see, because to Keycloak server run on the same port where, I ran backup script. Here helm/keycloak values.yml:
Service:
Name: keycloak
Port: 8080
Type: ClusterIP
Deployment:
Image: jboss/keycloak
ImageTag: 2.5.1.Final
ImagePullPolicy: IfNotPresent
ContainerPort: 8080
KeycloakUser: Admin
KeycloakPassword: Admin
So server should be stopped before we ran this scripts? I can't stop keycloak process inside of pod, because ingress will close pod and will create new one. Any suggestions for any other way to export/import(backup/restore) data? Or I missing something?
P.S. I even tried UI import/export. Export work good, and I see all data. But import worked in half way. He Brought me all "Clients", but not my "Realm" and "User Federation". Is it possible?
To export a realm, you can use the export command. Your Keycloak server instance must not be started when invoking this command. To export a realm to a directory, you can use the --dir <dir> option. When exporting realms to a directory, the server is going to create separate files for each realm being exported.
Basically, you just have to start the exporting Keycloak instance on ports that are different from your main instance. I used something like this just now:
bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=keycloak-export.json -Djboss.http.port=8888 -Djboss.https.port=9999 -Djboss.management.http.port=7777
The important part are all the ports. If you get more error messages, you might need to add more properties (grep port standalone/configuration/standalone.xml
is your friend for finding out property names), but in the end, all error messages stop and you see this message instead:
09:15:26,550 INFO [org.keycloak.exportimport.singlefile.SingleFileExportProvider] (ServerService Thread Pool -- 52) Exporting model into file /opt/jboss/keycloak/keycloak-export.json
[...]
09:15:29,565 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 3.2.0.Final (WildFly Core 2.0.10.Final) started in 12156ms - Started 444 of 818 services (558 services are lazy, passive or on-demand)
Now you can stop the server with Ctrl-C, exit the container and copy the export file away with kubectl cp
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With