New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to Keycloak 22.0.3 fails: Migration failed for change set META-INF/jpa-changelog-13.0.0.xml::default-roles::keycloak #23220
Comments
@lrozenblyum - thank for reporting this. Which kind of database are you using? |
@ahus1 PostgreSQL 12.13 |
I can confirm the issue is reproduced with older version of Keycloak (10.0.1 in our case) on PostgreSQL 14
As far as my investigation is correct: there's some duplicated INSERTs in generated SQL update script, related to default-role definitions in Keycloak Realms. There's no effect on newest Keycloak versions as default roles already exists there (since v15 if I'm not mistaken), that's why it only happens with ancient Keycloak versions |
There was a Liquibase version change between Keycloak 21.1.2 (4.16.1) and 22.0.3 (4.20.0) that may affect the migrations execution somehow. |
Thank you all for the report and additional information. I can confirm the bug. The culprit in this case is indeed a liquibase update. It tries to execute the same migration step twice: at org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate13_0_0_MigrateDefaultRoles.generateStatementsImpl(JpaUpdate13_0_0_MigrateDefaultRoles.java:47)
at org.keycloak.connections.jpa.updater.liquibase.custom.CustomKeycloakTask.generateStatements(CustomKeycloakTask.java:99)
at liquibase.change.custom.CustomChangeWrapper.generateStatements(CustomChangeWrapper.java:168)
at liquibase.changelog.ChangeSet.addSqlMdc(ChangeSet.java:1514)
at liquibase.changelog.ChangeSet.execute(ChangeSet.java:700) at org.keycloak.connections.jpa.updater.liquibase.custom.JpaUpdate13_0_0_MigrateDefaultRoles.generateStatementsImpl(JpaUpdate13_0_0_MigrateDefaultRoles.java:47)
at org.keycloak.connections.jpa.updater.liquibase.custom.CustomKeycloakTask.generateStatements(CustomKeycloakTask.java:99)
at liquibase.change.custom.CustomChangeWrapper.generateStatements(CustomChangeWrapper.java:168)
at liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1250)
at liquibase.changelog.ChangeSet.execute(ChangeSet.java:702) and obviously when it's executed second time it complains that the entry already exists. It affects only migration from older versions than 13 and the workaround for this (as stated above) is to migrate in two steps. Still it would be good to investigate a cause of the issue in liquibase or at least find out whether newer liquibase versions are also affected. |
Thanks for investigating and confirming this @vramik. Yet 2-stage update doesn't seem feasible for our use cases. It would be great to find out how to fix it properly in Keycloak... |
Maybe this issue may be relevant for reconsidering if it causes current problem? #21710 |
This issue also exists in upgrading to 22.0.3 from version 12.0.2. During first start of Keycloak 22.0.3, Liquibase migration fails:
Database is mysql 5.7 |
That's expectable, default-roles-[realm] released in KC v13, so they don't even exist in any previous versions and KC attempts to create it during upgrade |
…d twice Closes keycloak#23220 (cherry picked from commit 7f2f4aa) Conflicts: testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/zerodowntime/ZeroDowntimeTest.java
…d twice Closes keycloak#23220 Signed-off-by: Kamontat Chantrachirathumrong <14089557+kamontat@users.noreply.github.com>
Hi! As far as I can see this issue seems to be back on v24.0.1. Here is an example log output when migrating from before v13 to v24.0.1:
|
@kschroeder-of consider reporting a new ticket (with references to the current one and #9886) |
Before reporting an issue
Area
core
Describe the bug
Update from 8.0.1 to 22.0.3 fails.
Version
22.0.3
Expected behavior
Update from older Keycloak to newer should work
Actual behavior
During first start of Keycloak 22.0.3, Liquibase migration fails:
How to Reproduce?
Attempt to update Keycloak 8.0.1 to 22.0.3.
It worked to 21.*
Anything else?
Multiple people in the discussion #9886 confirm that the problem started to occur again in 22.*.
The text was updated successfully, but these errors were encountered: