Keycloak 14 (Wildfly) to 19 (Quarkus) upgrade times out
382 views
Skip to first unread message
Morten Jønby
Aug 22, 2022, 10:02:23 AM8/22/22
to Keycloak User
Hi.
We are running Keycloak in Kubernetes (AKS) using codecentric image.
We are testing upgrade of Keycloak 14 using Wildfly to version 19 using Quarkus.
We have 333 realms in the database being upgraded.
The pod keeps getting restarted.
We have increased the startupProbe values and we have also tried setting
quarkus.transaction-manager.default-transaction-timeout=PT20M via a ConfigMap.
I have attached a snippet of the container log.
We don't have the knowledge to "recognize" what's actually going on.
Any help is highly appreciated.
Br,
Morten
Björn Pedersen
Aug 23, 2022, 2:54:19 AM8/23/22
to Keycloak User
I would recommend to stay with KC18 for now, KC19 does still have some problems.
Then make sure that the configuration( some things need do be done during the 'build' phase) and deployment of any custom SPI implementations has been
adopted to the quarkus way ( again, this probaly requries a custom image build, see e.g. [1]).
Paul Robert Marino
Aug 23, 2022, 3:28:35 AM8/23/22
to Björn Pedersen, Keycloak User
I concur with the recommendation to stick with 18 that said if you
read the upgrade guide you will find that there are as of 19 index
size limits set on the automatic schema updates so you may need to do
them manually or adjust the settings.
I tried going to 19 and had to role back using database restore
because it just didnt work correctly.
The main reason not to go to 19 is it has some stability issues due to
the interface and backend changes especially if you use SAML; many
have been patched in the nightly version but many are still being
discovered.
An other compelling reason it that the latest release of RedHat SSO
(included with JBOSS EAP ) was bumped to keycloak 18.0.2
lastly that's a lot of versions to jump in one shot. I would not
expect all to go smoothly first updating to 17 (possibly with a 16 in
the middle) then 18 is probably the safest route.
read the upgrade guide you will find that there are as of 19 index
size limits set on the automatic schema updates so you may need to do
them manually or adjust the settings.
I tried going to 19 and had to role back using database restore
because it just didnt work correctly.
The main reason not to go to 19 is it has some stability issues due to
the interface and backend changes especially if you use SAML; many
have been patched in the nightly version but many are still being
discovered.
An other compelling reason it that the latest release of RedHat SSO
(included with JBOSS EAP ) was bumped to keycloak 18.0.2
lastly that's a lot of versions to jump in one shot. I would not
expect all to go smoothly first updating to 17 (possibly with a 16 in
the middle) then 18 is probably the safest route.
Morten Jønby
Aug 23, 2022, 5:40:38 AM8/23/22
to Paul Robert Marino, Björn Pedersen, Keycloak User
Hi Paul and Björn.
Thanks for your valuable input!
We seemed to get past the upgrade timing out. Seems that when enabling debug log level, that in itself slows down the upgrade.
Once we went back to INFO level, but still increased startupProbe failure threshold, the upgrade took 7 minutes.
BUT, BUT, BUT .... As I said, we have 333 realms, and the Admin Console NEVER loads! We even tried with the old Admin Console. It doesn't load.
And we can't see what the server is doing.
Do you have any suggestions to what's going on? We are used to (on version 14) that Admin Console took a while to load, but it did....
------
Mvh. Morten--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CAPJdpdAdmK3bkyFkK2nwQLA7WzVeCFUDk8XjBQjRpELtOKAUtg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages