Upgrade from 15.1 to 16.1.0

snadmin · January 12, 2022, 5:32pm

I am upgrading from version 15.1 to 16.1.0. This is a standalone configuration and is using a local MySQL database backend. I went with a fresh copy of the latest 16.1.0 Keycloak tar file and am piece by piece moving configuration text from the 15.1 standalone.xml to the 16.1.0 standalone.xml. When I run the bin/jboss-cli.sh --file=bin/migrate-standalone.cli I get the following error:

Adding keystore to ApplicationRealm…
Failed to get the list of the operation properties: “WFLYCTL0030: No resource definition is registered for address [
(“core-service” => “management”),
(“security-realm” => “ApplicationRealm”),
(“server-identity” => “ssl”)
]”

I can successfully start a 16.1.0 instance with the piecemeal changes to the standalone.xml, but the migration script throws the above. Any suggestions on what I’m doing wrong?

dasniko · January 12, 2022, 6:51pm

Legacy security subsystem in Wildfly, which was already deprecated for long, was removed. You now have to use the Elytron subsystem for TLS/SSL handling. See Keycloak release notes for link to Wildfly docs!

Generally: never edit the standalone.xml manually. Always use CLI scripts!

snadmin · January 12, 2022, 7:04pm

https://groups.google.com/g/keycloak-user/c/sCLecv1JuZ0

I did work off info from this link. I’m using Apache2 as a reverse-proxy for my TLS/SSL needs.

dasniko · January 12, 2022, 7:35pm

You have an error telling you something about ssl and security realm which had been removed from Wildfly. So, deal with it and read the official docs. I don‘t care about other peoples lists, I stick to official docs and have always a working system.

regilero · September 9, 2022, 1:36pm

I’m pretty sure this is not the best answer to give on this problem.

Upgrade process is not an easy task, and finding the right documentation on this subject is also not an easy task.

On this specific problem it seems that the right way of running the bin/migrate-standalone.cli is by first editing it and removing past migrations. This error message is coming from old migrations which are not required (and the script is not a smart one, no test is done on the current version).

I found a reference to it in a very old migration documentation (Migration from older versions | keycloak-documentation that’s about Keycloak 3.2.0 ):

Lastly, you may want to examine the contents of the scripts before running. They show exactly what will be changed for each version. They also have values at the top of the script that you may need to change based on your environment.

That’s not present anymore in the current documentation, but others have reported that editing the migration scripts was the key feature for a successful run. And removing old migration is a safe edit.

Topic		Replies	Views
Upgrading keycloak Configuring the server upgrading	0	608	February 24, 2022
Keycloak upgrade to 16.1.0 fails Configuring the server upgrading	5	1022	January 4, 2022
Upgrading Keycloak from 11 to 20 (Docker) Getting advice upgrading	4	2322	December 9, 2022
Upgrade fails (11.0.3 to 15.1.0) : Address already in use Configuring the server	1	640	December 21, 2021
Where to get started / configuring SSL Configuring the server	1	2212	May 5, 2021

Upgrade from 15.1 to 16.1.0

Related Topics