Rollback cheat for Keycloak

General prerequisites

Before you start the rollback procedure, please make sure:

  • you have stopped your mgmt-keycloak container that was failing. Use docker ps to check the current running containers.

Run ./axual.sh stop mgmt mgmt-keycloak to stop the container

  • you should transfer the Keycloak’s database back to the node where mgmt-db runs, it will be used for importing the data and structure of the database.

If you are using a remote_db be sure you are performing the following procedure by a node that has connectivity to the remote database.

Rollback story: Keycloak is not working

In case something goes wrong with the Keycloak upgrade, follow these steps to rollback it to the previous Keycloak version

Cleanup Keycloak’s database

  1. Access Keycloak’s database with a MySQL/MariaDB client, like phpMyAdmin

  2. Truncate all the keycloak’s tables, the privileges for the Keycloak’s database must be maintained

  3. Restore the Keycloak database backup you’ve created while preparing for the upgrade

  4. Change your platform-config/clusters/{cluster-name}/keycloak.sh with the following version

    # Version of keycloak to run
KEYCLOAK_VERSION=11.0.2

  5. Start the Keycloak 11.0.2 container

    ./axual.sh start mgmt mgmt-keycloak

  6. Check logs to confirm the successful rollback of Keycloak

    docker logs -f --tail 400 mgmt-keycloak

Rollback story: Keycloak is not working and the database is lost

Should the Keycloak database is gone corrupted you might have to recreate it from scratch. To do so, follow the steps below:

  1. Revert your keycloak_version on platform-config/clusters/{cluster-name}/keycloak.sh

    # Version of keycloak to run
KEYCLOAK_VERSION=11.0.2

  2. Edit your platform-config/{cluster-name}/nodes.sh by adding the service keycloak-populate-db on your nodes’s mgmt_services

    Like this:

    NODE1_MGMT_SERVICES=localhost:mgmt-db,keycloak-populate-db

    This will re-create a clean keycloakdb to be used to import the exported Keycloak database

  3. Execute the axual.sh command to recreate the database

    ./axual.sh start mgmt keycloak-populate-db

  4. Import the Keycloak database with all data and structure via mysql

    docker exec -i mgmt-db mysql -uKEYCLOAK_DB_USER -pKEYCLOAK_DB_PASSWORD KEYCLOAK_DB_DATABASE < [path/to/sql/backup]

    If no errors you can now rollback

    ./axual.sh start mgmt mgmt-keycloak

  5. Check logs to confirm the successful rollback of Keycloak

    docker logs -f --tail 400 mgmt-keycloak