Make sure it is not possible to run snapshot server against production DB by default #30364
Description
Description
Make sure that it is not possible to run snapshot server against production DB as this is pretty much the invalid situation. When people try to use production DB against snapshot server ( server version like 999.0.0 ), it signals the situation, which is very likely incorrect. It can lead to the broken/inconsistent data in the database and the issues like the one described below.
Original title
Check for 999.0.0 in MIGRATION_MODEL breaks Keycloak instances without documented workaround
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
operator core (edited by @mabartos )
Describe the bug
Feel free to move this to a discussion.
After updating Keycloak to version 25.0.0 one of our Keycloak instances failed to start with the following error message:
Incorrect state of migration. You are trying to run server version '25.0.0' against a database which was migrated to snapshot version '999.0.0'. Databases that have been migrated to a snapshot version can't be migrated to a released version of Keycloak or to a more recent snapshot version.
That check makes sense and there was an advisory in the Keycloak 24 Update notes regarding the operator accidentally deploying a snapshot. We never hit that issue (knowingly), but we must have mistakenly run a snapshot in an update a few versions ago already:
select * from migration_model ;
id | version | update_time
-------+---------+-------------
33jeh | 21.0.1 | ...
84vyx | 21.0.2 | ...
uz6gn | 21.1.0 | ...
37dtv | 21.1.1 | ...
jxdii | 21.1.2 | ...
e4cpa | 22.0.0 | ...
nmk0o | 22.0.1 | ...
r21q6 | 22.0.2 | ...
gn2wq | 22.0.3 | ...
2mtf8 | 999.0.0 | ...
Needless to say that the database update we took prior to the upgrade wasn't of much help and we didn't notice the problem because Keycloak never complained about this during the last updates and there were no operational problems.
Version
25.0.0
Regression
- The issue is a regression
Expected behavior
The error message helps the user how to trigger the correct migrations and a note of that "breaking change" is in the release notes.
Actual behavior
The error message is hard to search and no official guidance on how to get out of this is provided. Especially when the accidental run of the snapshot could already be quite some time in the past.
How to Reproduce?
- Run a nightly.
- Run Keycloak 25.
Anything else?
No response