-
Bug
-
Resolution: Done
-
Undefined
-
None
-
False
-
-
False
-
-
Before reporting an issue
[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
core
Describe the bug
Trying to upgrade to v26.4.x from v26.3.x I'm encountering this error during boot:
ERROR: liquibase.exception.ValidationFailedException: Validation Failed:
1 changesets check sum
META-INF/jpa-changelog-2.5.0.xml::2.5.0-unicode-oracle::hmlnarik@redhat.com was: 9:737ee933fd399814ed5e24f3b1bbe39d but is now: 9:079cdb96663947f8d468ce038156d7a5
Upon inspection, it is indeed 9:737ee933fd399814ed5e24f3b1bbe39d in the database:
| ID | AUTHOR | FILENAME | DATEEXECUTED | ORDEREXECUTED | EXECTYPE | MD5SUM | DESCRIPTION | COMMENTS | TAG | LIQUIBASE | CONTEXTS | LABELS | DEPLOYMENT_ID |
| ---------------------- | --------------------- | ---------------------------------- | ------------------------- | --------------- | --------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | ----------- | ---------- | -------- | --------------- | |
| 2.5.0-unicode-oracle | hmlnarik@redhat.com | META-INF/jpa-changelog-2.5.0.xml | 2021-08-20 07:49:13.000 | 34 | MARK_RAN | 9:737ee933fd399814ed5e24f3b1bbe39d | modifyDataType columnName=DESCRIPTION, tableName=AUTHENTICATION_FLOW; modifyDataType columnName=DESCRIPTION, tableName=CLIENT_TEMPLATE; modifyDataType columnName=DESCRIPTION, tableName=RESOURCE_SERVER_POLICY; modifyDataType columnName=DESCRIPTION,... | 3.5.4 | 9445738227 |
That migration seems to have been run in our initial deployment with keycloak v14.x.
It seems that checksums for that migration were initially added here: https://github.com/keycloak/keycloak/commit/7c1d6eae431be5bcea976e67e099c8fe4391118d
Such migration was later updated here: https://github.com/keycloak/keycloak/commit/33283de8edeb286be5a21acf9b62d7081aa67905
And lastly here: https://github.com/keycloak/keycloak/commit/8b35fa58de6c4297391da04e9f1bec21260ec356
I'm guessing commit https://github.com/keycloak/keycloak/commit/33283de8edeb286be5a21acf9b62d7081aa67905 is the relevant one for our case since it is the one that introduces the version 9 of liquibase's checksum algorithm.
I would suspect that the hash added in that commit was calculated with the inclusion of the default schema name introduced in that very same commit, while the one we have in our database corresponds to the original string.
The weird thing is that such change was shipped with keycloak v26.2.0, which we successfully upgraded to (v26.2.4) earlier this year and included new migrations. We also then upgraded to v26.3.1 which had migrations for v26.3.0 and also for v26.2.6. So... were checksums skipped until recently?
Version
v26.4.1
Regression
[x] The issue is a regression
Expected behavior
Upgrading to a new version shouldn't break because changes on liquibase migration check sums.
Actual behavior
Upgrade fails on verifying checksums for migrations ran long time ago.
How to Reproduce?
Hard to tell.
In our specific case, we were sitting on v26.3.3 and trying to upgrade to v26.4.0 or v26.4.1 breaks.
Anything else?
Upgrading from v26.3.3 to v26.3.5 works. I'm guessing because between those two versions there have no new migrations to run so it doesn't invoke the liquibase checksum verification.
- links to
