Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
migrate-standalone.cli broken since 16.0 release
See original GitHub issueDescribe the bug
The migration script, that the upgrade guide tells me to run after upgrading, fails to execute. This happens both on upgraded and fresh instances after for versions 16 and newer.
The problematic sections of the script:
- lines 253-257:
if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource echo Adding keystore to ApplicationRealm... /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost) echo end-if - lines 462-466
if (outcome == success) of /subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource echo Removing application-http-authentication from elytron subsystem /subsystem=elytron/http-authentication-factory=application-http-authentication:remove echo end-if
Removing these sections before running the script resolves the issue, e.g.:
sed -i '253,257d;462,466d' "$JBOSS_HOME/bin/migrate-standalone.cli"
Version
16 and newer
Expected behavior
Since the script is unchanged from keycloak 15’s version, the expected output would be identical to keycloak 15’s output:
bash-4.4$ "$JBOSS_HOME/bin/jboss-cli.sh" --file="$JBOSS_HOME/bin/migrate-standalone.cli"
*** WARNING ***
** If the following embed-server command fails, manual intervention is needed.
** In such case, remove any <extension> and <subsystem> declarations referring
** to the removed smallrye modules from the standalone.xml file and rerun this script.
** For details, see Migration Changes section in the Upgrading guide.
** We apologize for this inconvenience.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/opt/jboss/keycloak/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-15.0.1.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
*** Begin Migration ***
Adding eviction strategy to keycloak users cache container...
{"outcome" => "success"}
{"outcome" => "success"}
Updating authorization cache container..
{"outcome" => "success"}
{"outcome" => "success"}
Adding spi=userFederatedStorage...
{"outcome" => "success"}
Updating eviction and expiration in local-cache=keys...
{"outcome" => "success"}
{"outcome" => "success"}
{"outcome" => "success"}
Adding eviction strategy to keycloak realms cache...
{"outcome" => "success"}
{"outcome" => "success"}
Removing declaration for userFederatedStorage SPI
{"outcome" => "success"}
Updating eviction in local-cache=authorization...
{"outcome" => "success"}
Adding channel-creation-options READ_TIMEOUT to ejb3 remote
{"outcome" => "success"}
Removing eviction from hibernate entity cache and replacing with object-memory
{"outcome" => "success"}
{"outcome" => "success"}
Removing eviction from hibernate local-query cache and replacing with object-memory
{"outcome" => "success"}
{"outcome" => "success"}
Removing eviction from keycloak realms cache and replacing with object-memory
{"outcome" => "success"}
{"outcome" => "success"}
Removing eviction from keycloak users cache and replacing with object-memory
{"outcome" => "success"}
{"outcome" => "success"}
Removing eviction from keycloak authorization cache and replacing with object-memory
{"outcome" => "success"}
{"outcome" => "success"}
Removing eviction from keycloak keys cache and replacing with object-memory
{"outcome" => "success"}
{"outcome" => "success"}
Changing JNDI reference in connectionsInfinispan SPI
{"outcome" => "success"}
{"outcome" => "success"}
Removing READ_TIMEOUT option from remote service from ejb3 subsystem
{"outcome" => "success"}
{"outcome" => "success"}
Removed config for unused fixed hostname provider
Adding base metrics subsystem prefix to Keycloak...
{"outcome" => "success"}
Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
{"outcome" => "success"}
*** End Migration ***
Actual behavior
bash-4.4$ "$JBOSS_HOME/bin/jboss-cli.sh" --file="$JBOSS_HOME/bin/migrate-standalone.cli"
*** WARNING ***
** If the following embed-server command fails, manual intervention is needed.
** In such case, remove any <extension> and <subsystem> declarations referring
** to the removed smallrye modules from the standalone.xml file and rerun this script.
** For details, see Migration Changes section in the Upgrading guide.
** We apologize for this inconvenience.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/opt/jboss/keycloak/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-18.0.0.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
*** Begin Migration ***
Adding eviction strategy to keycloak users cache container...
{"outcome" => "success"}
{"outcome" => "success"}
Updating authorization cache container..
{"outcome" => "success"}
{"outcome" => "success"}
Adding spi=userFederatedStorage...
{"outcome" => "success"}
Updating eviction and expiration in local-cache=keys...
{"outcome" => "success"}
{"outcome" => "success"}
{"outcome" => "success"}
Adding eviction strategy to keycloak realms cache...
{"outcome" => "success"}
{"outcome" => "success"}
Removing declaration for userFederatedStorage SPI
{"outcome" => "success"}
Updating eviction in local-cache=authorization...
{"outcome" => "success"}
Adding keystore to ApplicationRealm...
Failed to get the list of the operation properties: "WFLYCTL0030: No resource definition is registered for address [
("core-service" => "management"),
("security-realm" => "ApplicationRealm"),
("server-identity" => "ssl")
]"
How to Reproduce?
- start a new blank keycloak instance, e.g.:
docker run --rm -it --name kc16 jboss/keycloak:16.0.0 - run the script, e.g.:
docker exec -it kc16 bash "$JBOSS_HOME/bin/jboss-cli.sh" --file="$JBOSS_HOME/bin/migrate-standalone.cli"
Anything else?
My assumption is that this broke with the WildFly / Elytron upgrade, which (according to Keycloak 16’s blog post) changed a lot about the configuration.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:14 (8 by maintainers)
Top Results From Across the Web
Upgrading Guide - Keycloak
Migration of old offline tokens. Migrating to 2.5.0. Changes to the Infinispan caches. Migrating to 2.4.0. Server SPI split into Server SPI ...
Read more >GitLab Release CLI tool
The GitLab Release CLI ( release-cli ) tool is a command-line tool for managing releases from the command line or from a CI/CD...
Read more >Migration from older versions | keycloak-documentation
So, the first thing to do as part of a migration is to copy those files to the new Keycloak server installation, replacing...
Read more >Standalone Sentry 9.13.0 Release and Upgrade Notes
After upgrading to 9.7.0, use the tlscheck command from the Standalone Sentry command line interface. (CLI) to check TSL compliance. See "Using ...
Read more >storybook/MIGRATION.md at next - GitHub
Upgrade CRA1 to babel 7; Migrate CRA1 while keeping babel 6. start-storybook opens browser; CLI Rename; Addon story parameters. From version 3.3.x to...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’d wait for Keycloak 17 which should hopefully be out today, then switch directly to the new Quarkus based distribution. Alternative is to compare your standalone file with the default in the version you have, then manually apply the same changes to the latest release. Bear in mind that how you configure Https and some other things have changed in the more recent versions of WildFly.
@stianst I don’t think this script can ever work again. It should be fixed or discarded.