After testing keycloak exploratory, I want to setup an installation script. First for local development and later for the test servers. I exported my manually configured realm into a json file (tried UI export and during startup, but seems to be the same except for passwords, like the doc says). But the import of my realm gives me a headache. It seems that a lot of configuration is missing. Like my User Storage Provider. I tried import on startup. This deletes the realm first if it already exists and then imports my realm. Result is a completely naked realm. After that I tried import via admin CLI. Update and partial import. But there are also a lot of configurations missing. Most values are default though, I think.
Commands I used:
For startup: ./standalone.sh -Djboss.socket.binding.port-offset=100 -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/vagrant/export.json
With admin CLI:
First created the realm ./kcadm.sh create realms -s realm=myrealm -s enabled=true
Next try: ./kcdadm.sh update realms/myrealm -f /vagrant/export.json
Would be nice to understand the differences of the different approaches. Especially because the import via startup keeps the server running. Is there an advantage?
I found one way the import works. Deleting the realm and creating a new one via UI. Add realm â select file â Create. That puzzles me even more, cause the json file seems to be good. All other ways do not import the UserStorageProvider. Can anyone tell me what happens on the server if I do the import via âAdd realmâ?
Itâs possible to setup my environment now, but it is really bad for automation, getting environments fast and reproducible.
What I also discovered is, that after deleting the realm and importing it via startup, the realm doesnât appear in the UI. But I canât create a new one.
Logs while importing via startup:
07:04:12,984 INFO [org.keycloak.exportimport.singlefile.SingleFileImportProvider] (ServerService Thread Pool â 68) Full importing from file /vagrant/myrealm.json
07:04:15,318 INFO [org.keycloak.exportimport.util.ImportUtils] (ServerService Thread Pool â 68) Realm âmyrealmâ imported
07:04:15,396 INFO [org.keycloak.services] (ServerService Thread Pool â 68) KC-SERVICES0032: Import finished successfully
server.log while creating via UI:
2020-04-23 07:06:31,998 ERROR [org.keycloak.services.resources.admin.RealmsAdminResource] (default task-13) Conflict detected: org.keycloak.models.ModelDuplicateException: javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: could not execute statement
âŚ
Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key violation: âPRIMARY_KEY_624 ON PUBLIC.REALM(ID) VALUES (âmyrealmâ, 49)â; SQL statement:
I searched the issue tracker, but didnât find any issue that fits my problem. I donât get any error message (except for the case I mentioned when I try to import a realm again after a faulty realm import).
And there was one way the import worked. It seems there are a lot of ways to import json files and each works different.
And because there is one that works, it would be good to know the differences to identify the problem. There must be people where the import works, right?
Or is it better to just open an issue?
we also had a lot of trouble with keycloak import. Initial creation of the resource might worked fine but update existing configurations wonât work great.
Thats the reason why we create a tool https://github.com/adorsys/keycloak-config-cli to gain a expected configuration based on a keycloak export. Itâs useful if you want to stage your keycloak configuration.
