Page MenuHomeSoftware Heritage

Upgrade keycloak version
Open, NormalPublic

Description

Our current docker environment [1] is more advanced (version 12) [1] than our current
production instance (version 10) [2].

We should consider upgrading and maybe stick to the same version between those 2
environments (from the upgrade version moment onward).

[1]

+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml exec keycloak cat /opt/jboss/keycloak/version.txt
Keycloak - Version 12.0.3

[2]

ssh kelvingrove cat /opt/keycloak/version.txt
Keycloak - Version 10.0.2

Event Timeline

ardumont triaged this task as Normal priority.Wed, Mar 24, 5:01 PM
ardumont created this task.

I'll check if i can reproduce the error in docker through downgrading keycloak to the same version first.

Important information if we want to upgrade Keycloak to its latest version in production:

Since Keycloak 12, it is no longer possible to use a custom theme from a directory symbolic link.

Related Keycloak issue: https://issues.redhat.com/browse/KEYCLOAK-17048.

Currently the swh theme for keycloak is installed through a symbolic link in puppet manifest.

This must be changed to perform a raw copy of the theme otherwise the Keycloak Web UI will not work after the upgrade.

Related to D5119.

@anlambert Thanks for the heads up ^


I'll check if i can reproduce the error in docker through downgrading keycloak to the same version first.

Nope, I cannot. So the problem lies elsewhere.
I'll rewrote the task description to abstract away from this issue.

In our docker declaration:

-FROM jboss/keycloak
+FROM jboss/keycloak:10.0.2

Then:

$ swh-doco-keycloak build keycloak
+ cd /home/tony/work/inria/repo/swh/swh-environment/docker
+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml build keycloak
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Building keycloak
Sending build context to Docker daemon  13.31kB

Step 1/13 : FROM jboss/keycloak:10.0.2
10.0.2: Pulling from jboss/keycloak
...

$ swh-doco-keycloak up -d
+ cd /home/tony/work/inria/repo/swh/swh-environment/docker
+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml up -d
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
docker_keycloak-db_1 is up-to-date
...
Recreating docker_keycloak_1 ...
...
Recreating docker_keycloak_1 ... done
...

With that, it's faster but that creates unrelated problem (P987).

So doco down -v then up -d is best.

After that, my usual tests but no issues.

[1] P987

So the problem lies elsewhere.

For the sake of exhaustiveness, it's a configuration issue in the swh-deposit client
(configured in keycloak).
We need to drop the "direct_grant_no_otp-SoftwareHeritageStaging" override (section
"Authentication Flow Overrides")

Related to D5323