I tried upgrading my environment today and all other machines worked except primary (I know I need to upgrade primary first, but I was on autopilot today and wasn’t paying very good attention). Primary is stuck at errata263, backup and member servers are at errata291.
Keycloak failed to upgrade, so I thought I’d try to restart - no love.
I noticed this in /var/log/univention/appcenter.log:
2852 actions.upgrade 25-11-20 12:53:05 [ INFO]: Going to upgrade Keycloak (26.4.4-ucs1)
2852 actions.upgrade 25-11-20 12:53:06 [CRITICAL]: (must_have_candidate) The application is either not installed or no newer version is available
2852 actions.upgrade 25-11-20 12:53:06 [CRITICAL]: Unable to upgrade. Aborting...
2852 actions.upgrade 25-11-20 12:53:06 [ WARNING]: Failure will leave these apps untouched: keycloak
I tried: $ sudo univention-app logs keycloak says it’s not running, so I tried: $ sudo univention-app start keycloak
Starting keycloak ...
Starting keycloak ... failed
No containers to start
1
I noticed that it’s a docker container, so I thought I see what’s happening and tried $ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.software-univention.de/keycloak-keycloak 26.4.4-ucs1 6e6bc59b4d2e 3 days ago 610MB
docker.software-univention.de/keycloak-keycloak 26.3.5-ucs1 1fe735062171 5 weeks ago 604MB
Is there a way to revert to 26.3.5-ucs1 and try the upgrade again? How should I proceed?
~ $ sudo univention-app reinitialize keycloak
Saving data from old container (5.0/keycloak=26.4.4-ucs1)
Starting keycloak ...
Starting keycloak ... failed
No containers to start
1
Cannot read ucs/self/registration/check_email_verification while 5.0/keycloak=26.4.4-ucs1 is not running
Cannot read keycloak/password/change/endpoint while 5.0/keycloak=26.4.4-ucs1 is not running
Cannot read kc/db/url while 5.0/keycloak=26.4.4-ucs1 is not running
Cannot read kc/db/username while 5.0/keycloak=26.4.4-ucs1 is not running
Cannot read kc/db/password while 5.0/keycloak=26.4.4-ucs1 is not running
Cannot read kc/db/driver while 5.0/keycloak=26.4.4-ucs1 is not running
Cannot read kc/db/ping/datatype while 5.0/keycloak=26.4.4-ucs1 is not running
Running command: docker cp cee68f756f79f38913bdc4a8c1dfeb15a57b40f330bb7e76fd0e68a3e9f118bf:/etc/machine.secret /var/lib/univention-appcenter/apps/keycloak/machine.secret
Error: No such container:path: cee68f756f79f38913bdc4a8c1dfeb15a57b40f330bb7e76fd0e68a3e9f118bf:/etc/machine.secret
Command docker cp cee68f756f79f38913bdc4a8c1dfeb15a57b40f330bb7e76fd0e68a3e9f118bf:/etc/machine.secret /var/lib/univention-appcenter/apps/keycloak/machine.secret failed with: Error: No such container:path: cee68f756f79f38913bdc4a8c1dfeb15a57b40f330bb7e76fd0e68a3e9f118bf:/etc/machine.secret (1)
No container found. Unable to run store_data!
Removing old container
Removing network keycloak_appcenter_net
Network keycloak_appcenter_net not found.
Setting up new container (5.0/keycloak=26.4.4-ucs1)
Creating data directories for keycloak...
Registering UCR for keycloak
Marking 5.0/keycloak=26.4.4-ucs1 as installed
Adding localhost to LDAP object
Reloading apache2 configuration (via systemctl): apache2.service.
univention-postgresql was already set to manually installed.
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: No such file or directory
Is the server running locally and accepting connections on that socket?
Returncode 2 for query
But postgres is running:
~ $ sudo systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; preset: enabled)
Active: active (exited) since Thu 2025-11-20 12:48:55 EST; 9h ago
[ . . . ]
~ $ psql --version
psql (PostgreSQL) 15.14 (Univention 15.14-0+deb12u1A~5.2.3.202509101046)
But there’s nothing in /var/run/postgresql:
~ $ sudo ls -lah /var/run/postgresql/
total 0
drwxrwsr-x 2 postgres postgres 40 Nov 20 12:48 .
drwxr-xr-x 38 root root 1.4K Nov 20 22:10 ..