How to open a proactive case for patching or upgrading RH-SSO/Red Hat build of Keycloak

Environment

• Red Hat Single Sign On (RH-SSO)
• Red Hat build of Keycloak

Issue

• Upgrading production Red Hat Single Sign-On / Red Hat build of Keycloak
• How to open a case to notify Red Hat of upgrades taking place so appropriate resources are available?
• What information is useful for Red Hat support when opening a proactive ticket for weekend or after hours work?

Resolution

Introduction - what is a Proactive Case?

Proactive cases are a way for Premium customers to provide an advance notice to Red Hat Support of planned upgrades, migrations, patching, or any other maintenance activity. Typically, these events happen outside regular business hours.
Having prior knowledge of the planned activity provides Red Hat with an opportunity to ensure the right information is made available to better prepare technical support should you encounter an issue.

Note: New installations do not entitle a Proactive Case, as they do not fit with the Severity Level Definitions for Severity 1. For issues encountered during new installations, please open a regular Support Case.

Prerequisites

• The account must have active Premium JBoss Middleware subscriptions or active Premium Openshift subscriptions.
  • For more information, read Subscription Requirements for Red Hat Single Sign-On (RH-SSO) or Subscriptions or Entitlements Requirements for Red Hat build of Keycloakarticles.
• Proactive Cases should be submitted a few days before the activity is scheduled to begin (preferably 7-14 days in advance)
  • If the activity requires weekend coverage, please open the Proactive Case no less than 5 days before the upcoming activity.
• In order to allocate the most appropriate engineer from different teams, no matter where they may be worldwide, Proactive Support Cases are conducted in the English language only.
• It is recommended to familiarize yourself with the Reference Guide for Engaging with Red Hat Support article, which provides best practices for engaging Red Hat Support.
  • You can also refer to the This content is not included.Best Practices for Engaging with Red Hat Support blog post
• If you have a Technical Account Manager (TAM), a Solution Architect (SA), or a Customer Success Manager (CSM) - please engage them when planning a Proactive Case.

Opening a Proactive Case Support Case

Provide all relevant details for the upcoming event, that will help communicate what change(s) are taking place. Required information:

• Case title: should be a title that summarizes the case preceded by [PROACTIVE].

• Severity: - open the case on a Severity level of 3. When the activity begins the Severity will be raised to 1 by Red Hat engineers so that the proper resources be allocated if an issue arises.

• Description: Describe as detailed as possible the environment and applications that would be affected by the upgrade, other components that would be patched at same time, the patch that will be applied, etc. The description should also include the following information:

  • Exact version of RH-SSO/Red Hat build of Keycloak.
  • What is the Platform?
    • If Openshift
      • Exact version of Openshift
      • Is a RH-SSO template (which template: passthrough or TLS termination) or Operator install?
    • If VM/bare metal
      • Exact OS and version
      • Is a RHEL Package or Zip installation?
  • What type of installation? (Standalone or cluster mode)
    • If Cluster mode
      • Is a standalone-ha or domain?
      • Clustering mechanism: tcping or multicast (default)?
  • What is the RH-SSO/Red Hat build of Keycloak database backend?

• Date / Time of Event: Information of the maintenance window with Timezone (preferably referencing the offset from UTC).

• Contact information: Primary and secondary contact name, emails and phone number (with region code) of the people that will perform the update.

• Data Attachments: Capture the following information and upload it to the case:

  • Log file: server.log
  • Configuration files:
    • For container image typically YAML but may include other configuration if using custom images
    • For RH-SSO running on bare-metal, EAP xml file (typically, standalone.xml or domain.xml)
    • For RHBK running on bare-metal, keycloak.conf file
  • Exported realms as described in Exporting a RH-SSO Realm
  • Custom SPIs if applicable

Running into issues during the patch or upgrade
If any issues are found during the patching or upgrading of the RH-SSO/Red Hat build of Keycloak, proceed with:

1. Open a support ticket addressing the issue while referencing the number of the Proactive Case.
2. Report the new support ticket number in the Proactive Case opened.

Example of a Proactive Case:

• Case Title:

[PROACTIVE] - Red Hat Single Sign On 7.3 to 7.6 upgrade

• Case Description:

Hello,

We are planning to update Red Hat Single Sign On 7.3.4 to 7.6 which our production applications uses to login. 

Exact version of RH-SSO: 7.6.0.GA
What is the Platform?
     - Red Hat Enterprise Linux Server release 7.9
     - Zip installation
What kind of installation?
     - standalone-ha
     - tcpping

  Maintenance Window Information:
  - Date - Saturday, April 10th - Sunday, April 11th, 2021
  - Time frame - 3 hours
  - Timezone - IST (UTC+05:30)
  - Start Time - 23h00min, UTC+5:30
  - End Time - 02h00min, UTC+5:30
  - Rollback window - 1 hour

  Primary Contact Information:
  - Name: Jane Doe
  - Email: jane.doe@example.com
  - Phone: +1-123-456-7890

  Secondary Contact Information:
  - Name: John Doe
  - Email: john.doe@example.com
  - Phone: +1-123-456-7891

• Case Attachments:

- server.log 
- realm-export.json
- keycloak.conf
- user-storage-jpa.jar

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.