+
Skip to content

fix: further refining logic and docs around import/export #40906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+21 −22
Open

fix: further refining logic and docs around import/export #40906

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ce6ec2c
fix: further refining logic and docs around import/export
shawkins Jul 3, 2025
0f1a728
Update importExport.adoc
shawkins Jul 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 20 additions & 13 deletions docs/guides/server/importExport.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,22 @@

In this {section}, you are going to understand the different approaches for importing and exporting realms using JSON files.

== Import / Export Commands

[NOTE]
====
Exporting and importing into single files can produce large files which may run the export / import process out of memory. If your database contains more than 50,000 users, export to a directory and not a single file.
The default count of users per file and per transaction is fifty, but you may use a much larger value if desired.
The default count of users per file is fifty, but you may use a much larger value if desired.

The `import` and `export` commands are essentially server launches that exit before bringing up the full server. They are not currently designed to be run from the same machine as a running server instance, which may result in port or other conflicts.

It is recommended that all {project_name} nodes are stopped prior to using the `kc.[sh|bat] export` command. This ensures that the results will have no consistency issues with user or realm modifications during the export.

It is required that all {project_name} nodes are stopped prior to performing an `kc.[sh|bat] import` command with the override option.
The command does not attach to the cache cluster, so realm deletion will not be handled correctly. You may also consider using the Admin API to delete realms that need to be overwritten prior to running the import.
====

== Providing options for database connection parameters
=== Providing options for database connection parameters

When using the `export` and the `import` commands below, {project_name} needs to know how to connect to the database where the information about realms, clients, users and other entities is stored.
As described in <@links.server id="configuration"/> that information can be provided as command line parameters, environment variables or a configuration file.
Expand All @@ -32,7 +37,7 @@ When doing this, remove the build time options from the command line and keep on

NOTE: if you do not use `--optimized` keep in mind that an `import` or `export` command may implicitly create or update an optimized build for you - if you are running the command from the same machine as a server instance, this may impact the next start of your server.

== Exporting a Realm to a Directory
=== Exporting a Realm to a Directory

To export a realm, you can use the `export` command. Your {project_name} server instance must not be started when invoking this command.

Expand All @@ -44,7 +49,7 @@ To export a realm to a directory, you can use the `--dir <dir>` option.

When exporting realms to a directory, the server is going to create separate files for each realm being exported.

=== Configuring how users are exported
==== Configuring how users are exported

You are also able to configure how users are going to be exported by setting the `--users <strategy>` option. The values available for this
option are:
Expand All @@ -61,27 +66,27 @@ If you are exporting users using the `different_files` strategy, you can set how

<@kc.export parameters="--dir <dir> --users different_files --users-per-file 100"/>

== Exporting a Realm to a File
=== Exporting a Realm to a File

To export a realm to a file, you can use the `--file <file>` option.

<@kc.export parameters="--file <file>"/>

When exporting realms to a file, the server is going to use the same file to store the configuration for all the realms being exported.

== Exporting a specific realm
=== Exporting a specific realm

If you do not specify a specific realm to export, all realms are exported. To export a single realm, you can use the `--realm` option as follows:

<@kc.export parameters="[--dir|--file] <path> --realm my-realm"/>

== Import File Naming Conventions
=== Import File Naming Conventions

When you export a realm specific file name conventions are used, which must also be used for importing from a directory or import at startup. The realm file to be imported must be named <realm name>-realm.json.
Regular and federated user files associated with a realm must be named <realm-name>-users-<file number>.json and <realm-name>-federated-users-<file number>.json. Failure to use this convention will result in errors or
user files not being imported.

== Importing a Realm from a Directory
=== Importing a Realm from a Directory

To import a realm, you can use the `import` command. Your {project_name} server instance must not be started when invoking this command.

Expand All @@ -98,13 +103,13 @@ you can set the `--override` option as follows:

By default, the `--override` option is set to `true` so that realms are always overridden with the new configuration.

== Importing a Realm from a File
=== Importing a Realm from a File

To import a realm previously exported in a single file, you can use the `--file <file>` option as follows:

<@kc.import parameters="--file <file>"/>

== Using Environment Variables within the Realm Configuration Files
=== Using Environment Variables within the Realm Configuration Files

You are able to use placeholders to resolve values from environment variables for any realm configuration.

Expand Down Expand Up @@ -135,11 +140,13 @@ realms and potentially lose state between server restarts.

To re-create realms you should explicitly run the `import` command prior to starting the server.

NOTE: The server will not fully start until the imports are complete.

== Importing and Exporting by using the Admin Console

You can also import and export a realm using the Admin Console. This functionality is
different from the other CLI options described in previous sections because the Admin Console offers only the capability to
_partially_ export a realm. In this case, the current realm settings, along with some resources like clients,
different from the other CLI options described in previous sections because the Admin Console requires the cluster to be online.
The Admin Console also offers only the capability to _partially_ export a realm. In this case, the current realm settings, along with some resources like clients,
roles, and groups, can be exported. The users for that realm _cannot_ be exported using this method.

NOTE: When using the Admin Console export, the realm and the selected resources are always exported to a file
Expand Down Expand Up @@ -176,7 +183,7 @@ Skip:: Skip the duplicate resources without aborting the process
Overwrite:: Replace the existing resources with the ones being imported.

NOTE: The Admin Console partial import can also import files created by the CLI `export` command. In other words, full exports created
by the CLI can be imported by using the Admin Console. If the file contains users, those users will also be available for importing into the
by the CLI can be imported by using the Admin Console. If the file contains users, those users will also be available for importing into the
current realm.

</@tmpl.guide>
10 changes: 1 addition & 9 deletions operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,7 @@ public void updateStatus(KeycloakRealmImportStatusBuilder status, KeycloakRealmI
status.addStartedMessage("Import Job started");
} else if (oldStatus.getSucceeded() != null && oldStatus.getSucceeded() > 0) {
if (!lastReportedStatus.isDone()) {
Log.info("Job finished performing a rolling restart of the deployment");
rollingRestart(realmCR, client); // could be based upon a hash annotation on the deployment instead
Log.info("Job finished");
}
status.addDone();
} else if (oldStatus.getFailed() != null && oldStatus.getFailed() > 0) {
Expand All @@ -147,11 +146,4 @@ private Integer getReadyReplicas(StatefulSet existingDeployment) {
return Optional.ofNullable(existingDeployment.getStatus()).map(StatefulSetStatus::getReadyReplicas).orElse(0);
}

private void rollingRestart(KeycloakRealmImport realmCR, KubernetesClient client) {
client.apps().statefulSets()
.inNamespace(realmCR.getMetadata().getNamespace())
.withName(realmCR.getSpec().getKeycloakCRName())
.rolling().restart();
}

}
Loading
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载