Page MenuHomeSoftware Heritage
Create Task
Maniphest T3171

Upgrade keycloak version
Closed, MigratedEdits Locked
Actions

Description

Our current docker environment [1] is more advanced (version 12) [1] than our current
production instance (version 10) [2].

We should consider upgrading and maybe stick to the same version between those 2
environments (from the upgrade version moment onward).

[1]

+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml exec keycloak cat /opt/jboss/keycloak/version.txt
Keycloak - Version 12.0.3

[2]

ssh kelvingrove cat /opt/keycloak/version.txt
Keycloak - Version 10.0.2

Revisions and Commits

rSPSITE puppet-swh-site
D5323rSPSITE5a46b7487fce keycloak/deposit: Drop option direct_grant_flow

Related Objects

Event Timeline

ardumont triaged this task as Normal priority.Mar 24 2021, 5:01 PM
ardumont created this task.

I'll check if i can reproduce the error in docker through downgrading keycloak to the same version first.

anlambert added a subscriber: anlambert.Mar 24 2021, 5:09 PM

Important information if we want to upgrade Keycloak to its latest version in production:

Since Keycloak 12, it is no longer possible to use a custom theme from a directory symbolic link.

Related Keycloak issue: https://issues.redhat.com/browse/KEYCLOAK-17048.

Currently the swh theme for keycloak is installed through a symbolic link in puppet manifest.

This must be changed to perform a raw copy of the theme otherwise the Keycloak Web UI will not work after the upgrade.

Related to D5119.

ardumont updated the task description. (Show Details)EditedMar 24 2021, 5:59 PM

@anlambert Thanks for the heads up ^

I'll check if i can reproduce the error in docker through downgrading keycloak to the same version first.

Nope, I cannot. So the problem lies elsewhere.
I'll rewrote the task description to abstract away from this issue.

In our docker declaration:

-FROM jboss/keycloak
+FROM jboss/keycloak:10.0.2

Then:

$ swh-doco-keycloak build keycloak
+ cd /home/tony/work/inria/repo/swh/swh-environment/docker
+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml build keycloak
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Building keycloak
Sending build context to Docker daemon  13.31kB

Step 1/13 : FROM jboss/keycloak:10.0.2
10.0.2: Pulling from jboss/keycloak
...

$ swh-doco-keycloak up -d
+ cd /home/tony/work/inria/repo/swh/swh-environment/docker
+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml up -d
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
docker_keycloak-db_1 is up-to-date
...
Recreating docker_keycloak_1 ...
...
Recreating docker_keycloak_1 ... done
...

With that, it's faster but that creates unrelated problem (P987).

So doco down -v then up -d is best.

After that, my usual tests but no issues.

[1] P987

ardumont added a comment.EditedMar 24 2021, 6:03 PM

So the problem lies elsewhere.

For the sake of exhaustiveness, it's a configuration issue in the swh-deposit client
(configured in keycloak).
We need to drop the "direct_grant_no_otp-SoftwareHeritageStaging" override (section
"Authentication Flow Overrides")

Related to D5323

ardumont updated the task description. (Show Details)Mar 24 2021, 6:04 PM
ardumont added a revision: D5323: keycloak/deposit: Drop option direct_grant_flow.Mar 24 2021, 6:08 PM
ardumont added a commit: rSPSITE5a46b7487fce: keycloak/deposit: Drop option direct_grant_flow.Mar 24 2021, 6:21 PM
ardumont removed ardumont as the assignee of this task.Mar 26 2021, 6:24 PM
vsellier mentioned this in T3579: Meta-task: upgrade infrastructure to Debian Bullseye.Sep 16 2021, 6:00 PM
ardumont mentioned this in T3807: Migrate kelvingrove (keycloak) to bullseye.Dec 15 2021, 10:02 AM
gitlab-migration closed this task as Migrated.Oct 19 2022, 6:02 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal