1echo 2echo *** WARNING *** 3echo 4echo ** If the following embed-server command fails, manual intervention is needed. 5echo ** In such case, remove any <extension> and <subsystem> declarations referring 6echo ** to the removed smallrye modules from the standalone-ha.xml file and rerun this script. 7echo ** For details, see Migration Changes section in the Upgrading guide. 8echo ** We apologize for this inconvenience. 9echo 10 11embed-server --server-config=standalone-ha.xml 12 13echo *** Begin Migration *** 14echo 15 16# Migrate from 1.8.1 to 1.9.1 17if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource 18 echo Adding replicated-cache=work to keycloak cache container... 19 /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC) 20 echo 21end-if 22# realmVersions cache deprecated in 2.1.0 23#if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource 24# echo Adding local-cache=realmVersions to keycloak cache container... 25# /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY) 26# /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH) 27# echo 28#end-if 29 30# Migrate from 1.9.1 to 1.9.2 31if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy) 32 echo Adding eviction strategy to keycloak users cache container... 33 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU) 34 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000) 35 echo 36end-if 37 38# Migrate from 1.9.2 to 2.0.0 39# NO CHANGES 40 41# Migrate from 2.0.0 to 2.1.0 42if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource 43 echo Removing deprecated cache 'realmVersions' 44 /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove 45 echo 46end-if 47 48# Migrate kecloak-server.json (deprecated in 2.2.0) 49if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type=spi) 50 echo Migrating keycloak-server.json to server cofig xml... 51 /subsystem=keycloak-server/:migrate-json 52 echo 53end-if 54 55set persistenceProvider=jpa 56if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers) 57 echo Updating provider to default value 58 /subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*]) 59 echo 60end-if 61if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default) 62 echo Undefining default theme... 63 /subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default) 64 echo 65end-if 66if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir) 67 echo Updating theme dir to default value 68 /subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes) 69 echo 70end-if 71 72# Migrate from 2.1.0 to 2.2.0 73if (outcome == failed) of /extension=org.jboss.as.deployment-scanner/:read-resource 74 echo Adding deployment-scanner extension... 75 /extension=org.jboss.as.deployment-scanner/:add(module=org.jboss.as.deployment-scanner) 76 echo 77end-if 78if (outcome == failed) of /subsystem=deployment-scanner/:read-resource 79 echo Adding deployment-scanner... 80 /subsystem=deployment-scanner/:add 81 echo 82end-if 83if (outcome == failed) of /subsystem=deployment-scanner/scanner=default/:read-resource 84 echo Adding scanner=default 85 /subsystem=deployment-scanner/scanner=default/:add(path=deployments,relative-to=jboss.server.base.dir,runtime-failure-causes-rollback=${jboss.deployment.scanner.rollback.on.failure:false},scan-interval=5000) 86 echo 87end-if 88 89if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource 90 # In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache 91 try 92 echo 93 /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1) 94 echo Added distributed-cache=authorization 95 catch 96 end-try 97end-if 98 99if (result == update) of /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema) 100 echo Updating connectionsJpa default properties... 101 /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema) 102 /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true) 103 /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update) 104 /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql) 105 echo 106end-if 107if (outcome == failed) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource 108 echo Adding spi=userFederatedStorage... 109 /subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider) 110 echo 111end-if 112if (outcome == failed) of /subsystem=keycloak-server/spi=jta-lookup/:read-resource 113 echo Adding spi=jta-lookup... 114 /subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss}) 115 /subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true) 116 echo 117end-if 118 119# Migrate from 2.2.0 to 2.2.1 120# NO CHANGES 121 122# Migrate from 2.2.1 to 2.3.0 123if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource 124 echo Adding local-cache=keys to keycloak cache container... 125 /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY) 126 echo 127end-if 128if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false) 129 echo Updating eviction and expiration in local-cache=keys... 130 /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU) 131 /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000) 132 /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000) 133 echo 134end-if 135if (outcome == failed) of /subsystem=keycloak-server/spi=publicKeyStorage/:read-resource 136 echo Adding spi=publicKeyStorage... 137 /subsystem=keycloak-server/spi=publicKeyStorage/:add 138 /subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true) 139 echo 140end-if 141 142# Migrate from 2.3.0 to 2.4.0 143if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource 144 echo Replacing invalidation-cache=users with local-cache=users 145 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove 146 /subsystem=infinispan/cache-container=keycloak/local-cache=users/:add 147 echo 148end-if 149if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false) 150 echo Updating eviction in local-cache=users 151 /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU) 152 /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000) 153 echo 154end-if 155if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource 156 echo Replacing invalidation-cache=realms with local-cache=realms 157 /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove 158 /subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add 159 echo 160end-if 161 162 163# Migrate from 2.4.0 to 2.5.0 164if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy) 165 echo Adding eviction strategy to keycloak realms cache... 166 /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU) 167 /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000) 168 echo 169end-if 170 171# Migrate from 2.5.0 to 2.5.1 172# NO CHANGES 173 174# Migrate 2.5.1 to 2.5.4 175if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation) 176 echo Changing ejb cache locking to REPEATABLE_READ 177 /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ) 178 echo 179end-if 180 181if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource 182 echo Removing Hibernate immutable-entity cache 183 /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove 184end-if 185 186 187# Migrate from 2.5.4 to 3.0.0 188if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false) 189 echo Removing default provider for eventsStore 190 /subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider) 191 echo 192end-if 193 194if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false) 195 echo Removing declaration for user SPI 196 /subsystem=keycloak-server/spi=realm/:remove 197 echo 198end-if 199 200if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false) 201 echo Removing declaration for user SPI 202 /subsystem=keycloak-server/spi=user/:remove 203 echo 204end-if 205 206if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false) 207 echo Removing declaration for userFederatedStorage SPI 208 /subsystem=keycloak-server/spi=userFederatedStorage/:remove 209 echo 210end-if 211 212if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false) 213 echo Removing declaration for authorizationPersister SPI 214 /subsystem=keycloak-server/spi=authorizationPersister/:remove 215 echo 216end-if 217 218if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource 219 echo Adding userCache SPI 220 /subsystem=keycloak-server/spi=userCache/:add 221 /subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true) 222 echo 223end-if 224 225if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource 226 echo Adding realmCache SPI 227 /subsystem=keycloak-server/spi=realmCache/:add 228 /subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true) 229 echo 230end-if 231 232if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false) 233 echo Adding 'default' as default provider for connectionsInfinispan 234 /subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default) 235 echo 236end-if 237 238# Migrate from 3.0.0 to 3.2.0 239if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource 240 echo Adding distributed-cache=authenticationSessions to keycloak cache container... 241 /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1) 242 echo 243end-if 244 245if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource 246 echo Adding distributed-cache=actionTokens to keycloak cache container... 247 /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2) 248 /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE) 249 /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1) 250 /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000) 251 /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1) 252 echo 253end-if 254 255if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource 256 echo Replacing distributed-cache=authorization with local-cache=authorization 257 /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove 258 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add 259 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU) 260 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000) 261 echo 262end-if 263 264# Migrate from 3.2.0 to 3.2.1 265# NO CHANGES 266 267# Migrate from 3.2.1 to 3.3.0 268if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource 269 echo Adding keystore to ApplicationRealm... 270 /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost) 271 echo 272end-if 273 274if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource 275 echo Adding elytron extension... 276 /extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron) 277 echo 278end-if 279 280if (outcome == failed) of /subsystem=elytron/:read-resource 281 echo Adding elytron subsystem 282 /subsystem=elytron:add 283 /subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron) 284 /subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl) 285 /subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl]) 286 /subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) 287 /subsystem=elytron/identity-realm=local/:add(identity="$local") 288 /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) 289 /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) 290 /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}]) 291 /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) 292 /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) 293 /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) 294 /subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}]) 295 /subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}]) 296 /subsystem=elytron/provider-http-server-mechanism-factory=global/:add 297 /subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]) 298 /subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}]) 299 /subsystem=elytron/provider-sasl-server-factory=global/:add 300 /subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}]) 301 /subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"}) 302 /subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]) 303 /subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}]) 304 /subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers) 305 /subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto]) 306 echo 307end-if 308 309if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource 310 echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote 311 /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio) 312 echo 313end-if 314 315if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource 316 echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote 317 /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting) 318 echo 319end-if 320 321if (result == ASYNC) of /subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode) 322 echo Setting SYNC mode for web cache-container 323 /subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC) 324 echo 325end-if 326 327if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode) 328 echo Setting SYNC mode for ejb cache-container 329 /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC) 330 echo 331end-if 332 333if (result == undefined) of /subsystem=jgroups/channel=ee/:read-attribute(name=cluster) 334 echo Setting cluster attribute to ejb in jgroups subsystem 335 /subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb) 336 echo 337end-if 338 339if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) 340 echo Unsetting socket-binding from udp FD_SOCK protocol 341 # it has to be done via remove and add, because socket-binding is not writable attribute 342 /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove 343 /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add 344 echo 345end-if 346 347if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FD/:read-resource 348 echo Replacing tcp FD protocol with FD_ALL 349 /subsystem=jgroups/stack=tcp/protocol=FD/:remove 350 /subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add 351 echo 352end-if 353 354if (result != undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding) 355 echo Unsetting socket-binding from tcp FD_SOCK protocol 356 # it has to be done via remove and add, because socket-binding is not writable attribute 357 /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove 358 /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add 359 echo 360end-if 361 362if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource 363 echo Adding http-invoker to default-host 364 /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm) 365 echo 366end-if 367 368if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2) 369 echo Enabling http2 for default http-listener 370 /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true) 371 echo 372end-if 373 374if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource 375 echo Adding https-listener 376 /subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true) 377 echo 378end-if 379 380if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource 381 echo Removing socket-binding jgroups-tcp-fd 382 /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:remove 383 echo 384end-if 385 386if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource 387 echo Removing socket-binding jgroups-udp-fd 388 /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:remove 389 echo 390end-if 391 392if (result == 224.0.1.105) of /socket-binding-group=standard-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address) 393 echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address 394 /socket-binding-group=standard-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105}) 395 echo 396end-if 397 398# Migrate from 3.3.0 to 3.4.0 399if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource 400 echo Removing X-Powered-By and Server headers from Keycloak responses... 401 /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove 402 /subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove 403 /subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove 404 /subsystem=undertow/configuration=filter/response-header=server-header/:remove 405 echo 406end-if 407 408if (outcome == success) of /subsystem=jdr/:read-resource 409 echo Removing jdr subsystem and extension 410 /subsystem=jdr/:remove 411 /extension=org.jboss.as.jdr/:remove 412 echo 413end-if 414 415if (outcome == success) of /subsystem=jsf/:read-resource 416 echo Removing jsf subsystem and extension 417 /subsystem=jsf/:remove 418 /extension=org.jboss.as.jsf/:remove 419 echo 420end-if 421 422if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:read-resource 423 echo Adding distributed-cache=clientSessions to keycloak cache container... 424 /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:add(mode=SYNC,owners=1) 425 echo 426end-if 427 428if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:read-resource 429 echo Adding distributed-cache=offlineClientSessions to keycloak cache container... 430 /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:add(mode=SYNC,owners=1) 431 echo 432end-if 433 434if (outcome == failed) of /subsystem=keycloak-server/spi=x509cert-lookup/:read-resource 435 echo Adding spi=x509cert-lookup... 436 /subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default}) 437 /subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true) 438 echo 439end-if 440 441# Migrate from 4.2.0 to 4.3.0 442if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/:read-resource 443 echo Adding spi=hostname... 444 /subsystem=keycloak-server/spi=hostname/:add(default-provider=request) 445 /subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true) 446 echo 447end-if 448 449# Migrate from 4.3.0 to 4.4.0 450if (outcome == failed) of /subsystem=elytron/permission-set=login-permission/:read-resource 451 echo Adding permission-set=login-permission to elytron 452 /subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]) 453 /subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]) 454 /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings) 455 /subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}]) 456 echo 457end-if 458 459 460if (result == org.hibernate.infinispan) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=module) 461 echo Update hibernate cache module 462 /subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache) 463 echo 464end-if 465if (outcome == success) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=default-cache) 466 echo Remove default cache from hibernate cache 467 /subsystem=infinispan/cache-container=hibernate:undefine-attribute(name=default-cache) 468 echo 469end-if 470if (result == ASYNC) of /subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:read-attribute(name=mode) 471 echo Switching mode for timestamps cache from ASYNC to SYNC 472 /subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:write-attribute(name=mode, value=SYNC) 473 echo 474end-if 475 476if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource 477 echo Removing eviction from hibernate entity cache and replacing with object-memory 478 /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove 479 /subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000) 480 echo 481end-if 482if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/distributed-cache=local-query/eviction=EVICTION:read-resource 483 echo Removing eviction from hibernate local-query cache and replacing with object-memory 484 /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove 485 /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000) 486 echo 487end-if 488 489if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource 490 echo Removing eviction from keycloak realms cache and replacing with object-memory 491 /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove 492 /subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000) 493 echo 494end-if 495if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource 496 echo Removing eviction from keycloak users cache and replacing with object-memory 497 /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove 498 /subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000) 499 echo 500end-if 501if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource 502 echo Removing eviction from keycloak authorization cache and replacing with object-memory 503 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove 504 /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000) 505 echo 506end-if 507if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource 508 echo Removing eviction from keycloak keys cache and replacing with object-memory 509 /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove 510 /subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000) 511 echo 512end-if 513 514if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FRAG2:read-resource 515 echo Upgrade jgroups protocol from FRAG2 to FRAG3 for tcp stack 516 /subsystem=jgroups/stack=tcp/protocol=FRAG2:remove 517 /subsystem=jgroups/stack=tcp/protocol=FRAG3:add() 518 echo 519end-if 520if (outcome == success) of /subsystem=jgroups/stack=udp/protocol=FRAG2:read-resource 521 echo Upgrade jgroups protocol from FRAG2 to FRAG3 for udp stack 522 /subsystem=jgroups/stack=udp/protocol=FRAG2:remove 523 /subsystem=jgroups/stack=udp/protocol=FRAG3:add() 524 echo 525end-if 526if (outcome == success) of /subsystem=remoting/configuration=endpoint:read-resource 527 echo Remove endpoint from remoting configuration 528 /subsystem=remoting/configuration=endpoint:remove 529 echo 530end-if 531if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-attribute(name=port) 532 /socket-binding-group=standard-sockets/socket-binding=jgroups-mping:undefine-attribute(name=port) 533end-if 534if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=modcluster:read-attribute(name=port) 535 /socket-binding-group=standard-sockets/socket-binding=modcluster:undefine-attribute(name=port) 536end-if 537 538if (outcome == success) of /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource 539 echo Changing JNDI reference in connectionsInfinispan SPI 540 /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties) 541 /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak}) 542 echo 543end-if 544 545# Migrate from 4.4.0 to 4.5.0 546if (outcome == failed) of /subsystem=core-management/:read-resource 547 echo Adding core-management extension 548 /extension=org.wildfly.extension.core-management/:add 549 echo Adding subsystem core-management 550 /subsystem=core-management/:add 551 echo 552end-if 553 554# Migrate from 4.5.0 to 4.6.0 555if (outcome == success) of /subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource 556 echo Removing application-http-authentication from elytron subsystem 557 /subsystem=elytron/http-authentication-factory=application-http-authentication:remove 558 echo 559end-if 560 561if (result == undefined) of /subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false) 562 echo Setting node-identifier attribute of core-environment element in transactions subsystem 563 /subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}") 564 echo 565end-if 566 567if (outcome == success) of /subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value) 568 try 569 /subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove 570 echo Remove port_range property from UDP transport type of udp stack 571 catch 572 echo 573 end-try 574end-if 575 576if (outcome == success) of /subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value) 577 try 578 /subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove 579 echo Remove port_range property from TCP transport type of tcp stack 580 catch 581 echo 582 end-try 583end-if 584 585# Migrate from 4.8.3 to 5.0.0 586if (outcome == failed) of /subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource 587 echo Adding io.jaegertracing.Configuration logger 588 /subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN) 589 echo 590end-if 591 592# Migrate from 5.0.0 to 6.0.0 593if (result == NON_XA) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode) 594 echo Removing NON_XA transaction mode from infinispan/hibernate/entity 595 /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode) 596 echo 597end-if 598 599if (result == false) of /subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled) 600 echo Adding statistics-enabled expression to ExampleDS datasource 601 /subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}) 602 echo 603end-if 604 605if (result == false) of /subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled) 606 echo Adding statistics-enabled expression to KeycloakDS datasource 607 /subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}) 608 echo 609end-if 610 611if (result == false) of /subsystem=ejb3/:read-attribute(name=statistics-enabled) 612 echo Adding statistics-enabled expression to ejb3 subsystem 613 /subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}) 614 echo 615end-if 616 617if (result == false) of /subsystem=transactions/:read-attribute(name=statistics-enabled) 618 echo Adding statistics-enabled expression to transactions subsystem 619 /subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}) 620 echo 621end-if 622 623if (result == false) of /subsystem=undertow/:read-attribute(name=statistics-enabled) 624 echo Adding statistics-enabled expression to undertow subsystem 625 /subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}) 626 echo 627end-if 628 629if (result == false) of /subsystem=webservices/:read-attribute(name=statistics-enabled) 630 echo Adding statistics-enabled expression to webservices subsystem 631 /subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}}) 632 echo 633end-if 634 635if (outcome == failed) of /extension=org.jboss.as.weld/:read-resource 636 echo Adding weld extension 637 /extension=org.jboss.as.weld/:add 638 echo 639end-if 640 641if (outcome == failed) of /subsystem=weld/:read-resource 642 echo Adding weld subsystem 643 /subsystem=weld/:add 644 echo 645end-if 646 647## KEYCLOAK-16723 / KEYCLOAK-16907: 648## 649## Loading of MicroProfile SmallRye config, health, and metrics extensions & subsystems got removed 650## as part of upgrading to Wildfly 22. See [WFLY-14203], [WFLY-14151], and [WFLY-14108] for details 651 652# Migrate from 6.0.1 to 7.0.0 653if (outcome == success) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource 654 echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem 655 /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove 656 echo 657end-if 658 659if (outcome == failed) of /subsystem=infinispan/cache-container=web/distributed-cache=routing:read-resource 660 echo Adding distributed cache routing to web cache container to infinispan subsystem 661 /subsystem=infinispan/cache-container=web/distributed-cache=routing/:add 662 echo 663end-if 664 665if (outcome == failed) of /subsystem=infinispan/cache-container=web/replicated-cache=sso:read-resource 666 echo Adding replicated cache sso to web cache container to infinispan subsystem 667 /subsystem=infinispan/cache-container=web/replicated-cache=sso/:add 668 /subsystem=infinispan/cache-container=web/replicated-cache=sso/component=locking/:add(isolation=REPEATABLE_READ) 669 /subsystem=infinispan/cache-container=web/replicated-cache=sso/component=transaction/:add(mode=BATCH) 670 echo 671end-if 672 673if (outcome == failed) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource 674 echo Adding jgroups-tcp-fd socket binding to socket binding group 675 /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:add(interface=private,port=57600) 676 echo 677end-if 678 679if (outcome == failed) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource 680 echo Adding jgroups-udp-fd socket binding to socket binding group 681 /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:add(interface=private,port=54200) 682 echo 683end-if 684 685if (result == undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding) 686 echo Adding socket-binding for FD_SOCK protocol for tcp stack in jgroups subsystem 687 /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-tcp-fd) 688 echo 689end-if 690 691if (result == undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) 692 echo Adding socket-binding for FD_SOCK protocol for udp stack in jgroups subsystem 693 /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-udp-fd) 694 echo 695end-if 696 697if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled) 698 echo Disabling Truststore Provider 699 /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false) 700 echo Removing deprecated option 701 /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled) 702 echo 703end-if 704 705# Migrate from 7.0.0 to 8.0.0 706 707if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time) 708 echo Changing thread pool keepalive of ejb3 subsystem 709 /subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60) 710 /subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS) 711 echo 712end-if 713 714if (result == UP) of /subsystem=microprofile-health-smallrye:read-attribute(name=empty-liveness-checks-status) 715 echo Adding empty-liveness-checks-status attribute to microprofile-health-smallrye subsystem 716 /subsystem=microprofile-health-smallrye:write-attribute(name=empty-liveness-checks-status, value=${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}) 717 echo 718end-if 719 720if (result == UP) of /subsystem=microprofile-health-smallrye:read-attribute(name=empty-readiness-checks-status) 721 echo Adding empty-readiness-checks-status attribute to microprofile-health-smallrye subsystem 722 /subsystem=microprofile-health-smallrye:write-attribute(name=empty-readiness-checks-status, value=${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}) 723 echo 724end-if 725 726if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/provider=default/:read-resource 727 echo Adding default hostname provider 728 /subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true) 729end-if 730 731if (result == request) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider) 732 echo Switching from request to default hostname provider 733 734 /subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default) 735end-if 736 737if (result != fixed) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider) 738 try 739 /subsystem=keycloak-server/spi=hostname/provider=fixed:remove 740 echo Removed config for unused fixed hostname provider 741 catch 742 end-try 743end-if 744 745# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final) 746 747if (result != org.keycloak.keycloak-model-infinispan) of /subsystem=infinispan/cache-container=keycloak:read-attribute(name=module) 748 echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x 749 /subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan) 750 echo 751end-if 752 753# Migrate from 11.0.0 to 12.0.0 754 755if (result != expression "${jboss.mail.server.host:localhost}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=host) 756 echo Adding host expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem 757 /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=host, value=expression "${jboss.mail.server.host:localhost}") 758 echo 759end-if 760 761if (result != expression "${jboss.mail.server.port:25}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=port) 762 echo Adding port expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem 763 /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=port, value=expression "${jboss.mail.server.port:25}") 764 echo 765end-if 766 767# Migrate from 12.0.0 to 13.0.0 768 769## KEYCLOAK-16723 / KEYCLOAK-16907: 770## 771## Based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] remove MicroProfile SmallRye config, health, and metrics if present 772 773if (outcome == success) of /subsystem=microprofile-config-smallrye/:read-resource 774 echo Removing microprofile-config-smallrye subsystem... 775 /subsystem=microprofile-config-smallrye/:remove 776 echo 777end-if 778 779if (outcome == success) of /extension=org.wildfly.extension.microprofile.config-smallrye/:read-resource 780 echo Removing microprofile.config-smallrye extension... 781 /extension=org.wildfly.extension.microprofile.config-smallrye/:remove 782 echo 783end-if 784 785if (outcome == success) of /subsystem=microprofile-health-smallrye/:read-resource 786 echo Removing microprofile-health-smallrye subsystem... 787 /subsystem=microprofile-health-smallrye/:remove 788 echo 789end-if 790 791if (outcome == success) of /extension=org.wildfly.extension.microprofile.health-smallrye/:read-resource 792 echo Removing microprofile.health-smallrye extension... 793 /extension=org.wildfly.extension.microprofile.health-smallrye/:remove 794 echo 795end-if 796 797if (outcome == success) of /subsystem=microprofile-metrics-smallrye/:read-resource 798 echo Removing microprofile-metrics-smallrye subsystem... 799 /subsystem=microprofile-metrics-smallrye/:remove 800 echo 801end-if 802 803if (outcome == success) of /extension=org.wildfly.extension.microprofile.metrics-smallrye/:read-resource 804 echo Removing microprofile.metrics-smallrye extension... 805 /extension=org.wildfly.extension.microprofile.metrics-smallrye/:remove 806 echo 807end-if 808 809## Yet based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] load 810## org.wildfly.extension.health/org.wildfly.extension.metrics extensions & subsystems instead 811 812if (outcome == failed) of /extension=org.wildfly.extension.health:read-resource 813 echo Adding WildFly extension for health... 814 /extension=org.wildfly.extension.health:add(module=org.wildfly.extension.health) 815 echo 816end-if 817 818if (outcome == failed) of /subsystem=health:read-resource 819 echo Adding Wildfly subsystem for health... 820 /subsystem=health:add(security-enabled=false) 821 echo 822end-if 823 824if (outcome == failed) of /extension=org.wildfly.extension.metrics:read-resource 825 echo Adding Wildfly extension for base metrics... 826 /extension=org.wildfly.extension.metrics:add(module=org.wildfly.extension.metrics) 827 echo 828end-if 829 830if (outcome == failed) of /subsystem=metrics:read-resource 831 echo Adding Wildfly subsystem for base metrics... 832 /subsystem=metrics:add(exposed-subsystems=[*],security-enabled=false) 833 echo 834end-if 835 836if (result == "Keycloak") of :read-attribute(name=product-name) 837 echo Adding base metrics subsystem prefix to Keycloak... 838 /subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:wildfly}) 839 echo 840else 841 echo Adding base metrics subsystem prefix to RH-SSO... 842 /subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:jboss}) 843 echo 844end-if 845 846## Add ability to make use of automatically generated self-signed certificate with Elytron, 847## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final 848 849if (outcome == failed) of /subsystem=elytron/key-store=applicationKS:read-resource 850 echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem... 851 /subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS) 852 /subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore) 853 /subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.server.config.dir) 854 echo 855end-if 856 857if (outcome == failed) of /subsystem=elytron/key-manager=applicationKM:read-resource 858 echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem... 859 /subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password}) 860 /subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost) 861 echo 862end-if 863 864if (outcome == failed) of /subsystem=elytron/server-ssl-context=applicationSSC:read-resource 865 echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem... 866 /subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM) 867 echo 868end-if 869 870## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG 871if (result == 0) of /subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period) 872 echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds) 873 /subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L) 874 echo 875end-if 876 877## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG 878if (result == 0) of /subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period) 879 echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds) 880 /subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L) 881 echo 882end-if 883 884## Set value of JPA default-datasource from empty string to 'undefined' 885if (outcome == success) && (result == "") of /subsystem=jpa:read-attribute(name=default-datasource) 886 echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined' 887 /subsystem=jpa:undefine-attribute(name=default-datasource) 888 echo 889end-if 890 891# Migrate from 14.0.0 to 15.0.0 892 893# Add expiration lifespan configuration to every distributed and replicated cache. 894if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/component=expiration/:read-attribute(name=lifespan) 895 echo Setting expiration lifespan for 'work' replicated-cache 896 /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 897 echo 898end-if 899if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/component=expiration/:read-attribute(name=lifespan) 900 echo Setting expiration lifespan for 'sessions' replicated-cache 901 /subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 902 echo 903end-if 904if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/component=expiration/:read-attribute(name=lifespan) 905 echo Setting expiration lifespan for 'clientSessions' distributed-cache 906 /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 907 echo 908end-if 909if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/component=expiration/:read-attribute(name=lifespan) 910 echo Setting expiration lifespan for 'offlineSessions' distributed-cache 911 /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 912 echo 913end-if 914if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/component=expiration/:read-attribute(name=lifespan) 915 echo Setting expiration lifespan for 'offlineClientSessions' distributed-cache 916 /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 917 echo 918end-if 919if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/component=expiration/:read-attribute(name=lifespan) 920 echo Setting expiration lifespan for 'authenticationSessions' distributed-cache 921 /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 922 echo 923end-if 924if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/component=expiration/:read-attribute(name=lifespan) 925 echo Setting expiration lifespan for 'loginFailures' distributed-cache 926 /subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 927 echo 928end-if 929if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:read-attribute(name=lifespan) 930 echo Setting expiration lifespan for 'actionTokens' distributed-cache 931 /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=lifespan,value=900000000000000000) 932 echo 933end-if 934 935# Migrate from 15.0.0 to 16.0.0 936 937if (outcome == failed) of /subsystem=infinispan/cache-container=hibernate/local-cache=pending-puts/:read-resource 938 echo Add pending-puts local cache clustered and expiration time 60000L 939 /subsystem=infinispan/cache-container=hibernate/local-cache=pending-puts/:add 940 /subsystem=infinispan/cache-container=hibernate/local-cache=pending-puts/component=expiration/:write-attribute(name=max-idle,value=60000L) 941 echo 942end-if 943 944echo *** End Migration *** 945