Keycloak
1 前言
一个问题,一篇文章,一出故事。
本章将测试Red Hat build of Keycloak的升级。
2 最佳实践
2.1 测试环境
2.2 升级前的备份
2.2.1 下载并解压新版软件包
wget --no-check-certificate https://access.redhat.com/cspdownload/xxx/xxx/rhbk-26.4.9/rhbk-26.4.9.zip unzip rhbk-26.4.9.zip
以上只是下载演示,如果不能下载请从如下连接下载,本章将下载“Red Hat build of Keycloak 26.4.9 Server”作为部署的软件包。
https://access.redhat.com/products/red-hat-build-of-keycloak
2.2.2 备份源代码
mkdir -p /data/backup tar -cvf /data/backup/rhbk-26.2.5_data.tar /opt/keycloak/rhbk-26.2.5/
2.2.3 备份数据库
mysqldump -uroot -p keycloak > /data/backup/keyclaok_database.sql
2.2.4 定制keycloak服务
systemctl stop keycloak
注:如果是集群,请停止所有节点。
2.3 部署新版本软件包
2.3.1 部署软件包
mv rhbk-26.4.9 /opt/keycloak/
2.3.2 设置环境变量
vim /etc/profile.d/rhbk.sh
输入如下配置,
export RHBK_HOME=/opt/keycloak/rhbk-26.4.9
export PATH=${RHBK_HOME}/bin:$PATH
另外,如果想快速配置,可使用如下命令,
echo 'export RHBK_HOME=/opt/keycloak/rhbk-26.4.9' > /etc/profile.d/rhbk.sh
echo 'export PATH=${RHBK_HOME}/bin:$PATH' >> /etc/profile.d/rhbk.sh
配置完成后,可使用如下命令导入环境变量,
source /etc/profile
然后,你需要使用如下命令测试环境变量的声明,
kc.sh -V
可见如下输出,
Keycloak 26.4.9.redhat-00001 JVM: 17.0.12 (Red Hat, Inc. OpenJDK 64-Bit Server VM 17.0.12+7-LTS) OS: Linux 5.14.0-503.11.1.el9_5.x86_64 amd64
2.3.3 部署目录
rm /etc/keycloak ln -s /opt/keycloak/rhbk-26.4.9/conf /etc/keycloak chown keycloak:keycloak -R /opt/keycloak/rhbk-26.4.9/
2.3.4 迁移旧配置
cp -a /opt/keycloak/rhbk-26.2.5/conf/keycloak.conf /opt/keycloak/rhbk-26.4.9/conf/
cp -a /opt/keycloak/rhbk-26.2.5/conf/cache-ispn.xml /opt/keycloak/rhbk-26.4.9/conf/
cp -a /opt/keycloak/rhbk-26.2.5/conf/*.{crt,key} /opt/keycloak/rhbk-26.4.9/conf/
cp -a /opt/keycloak/rhbk-26.2.5/providers/*.jar /opt/keycloak/rhbk-26.4.9/providers/
cp -a /opt/keycloak/rhbk-26.2.5/themes/* /opt/keycloak/rhbk-26.4.9/themes/
2.3.5 测试服务启动
sudo -u keycloak bash -c 'export KEYCLOAK_ADMIN=admin;export KEYCLOAK_ADMIN_PASSWORD=adminpwd;/opt/keycloak/rhbk-26.4.9/bin/kc.sh start'
如果遇到如下问题,你可能需要升级你的数据库,
ERROR: Failed to start server in (production) mode ERROR: [PersistenceUnit: keycloak-default] Unable to build Hibernate SessionFactory ERROR: Persistence unit 'keycloak-default' was configured to run with a database version of at least '10.6.0', but the actual version is '10.5.22'. Consider upgrading your database. Alternatively, rebuild your application with 'jakarta.persistence.database-product-version=10.5.22' (but this may disable some features and/or impact performance negatively).
你可能需要参阅如下步骤升级数据库然后再试,
2.3.6 修改服务启动脚本
vim /etc/systemd/system/keycloak.service
配置修改如下,
[Unit] Description=Redhat build of Keycloak (RHBK) Requires=network.target After=syslog.target network.target [Service] Type=simple User=keycloak Group=keycloak WorkingDirectory=/opt/keycloak/rhbk-26.4.9 Environment="KEYCLOAK_ADMIN=admin" Environment="KEYCLOAK_ADMIN_PASSWORD=adminpwd" ExecStart=/usr/bin/bash -c '/opt/keycloak/rhbk-26.4.9/bin/kc.sh start' Restart=on-failure StandardOutput=journal LimitNOFILE=102642 [Install] WantedBy=multi-user.target
配置修改后,你需要使用如下命令重载配置,
systemctl daemon-reload
然后,使用如下命令启动服务并检查服务状态,
systemctl start keycloak systemctl status keycloak
参阅文档
==============
https://docs.redhat.com/zh-cn/documentation/red_hat_build_of_keycloak/26.4/html-single/upgrading_guide/index#upgrading
https://docs.redhat.com/zh-cn/documentation/red_hat_build_of_keycloak/26.4/html-single/upgrading_guide/index#intro
没有评论