Automating Keycloak Cluster Upgrades with Ansible: A Practical Demonstration

A Keycloak cluster must stay up to date. Automating with Ansible simplifies maintenance, strengthens security, and reduces operational costs.

Keycloak is a critical component of any IT infrastructure, whether it’s used internally or exposed externally. Keeping Keycloak up to date is essential to:

  • Patch security vulnerabilities quickly

  • Leverage the latest features

  • Ensure stability and compliance of IAM infrastructure

But manually updating a Keycloak cluster can be tedious and time-consuming.

➡️ In this article, we show how to automate Keycloak cluster upgrades with Ansible, saving time while improving reliability and security.

1. Keycloak Cluster Context

For our demo, we use a Keycloak cluster with 3 nodes:

  • keycloak-srv-1
  • keycloak-srv-2
  • keycloak-srv-3

The initial version running across the cluster is 26.2.0.

keycloak/rhbk ansible high availability

2. Why Automate Keycloak Upgrades?

  • Security : apply critical patches without delay.
  • Consistency : ensure all nodes are upgraded without error.
  • Time savings (less than a minute): drastically reduce upgrade duration.
  • Reliability : avoid human errors in manual upgrades.

3. Automating the Upgrade with Ansible

We prepared an Ansible playbook that takes the target version as a parameter.

Key aspects:

  • Cluster-wide execution (all nodes upgraded)
  • Logs redirected to /dev/null to avoid Ansible’s verbose output and keep results clear (for demonstration purposes)
  • The time command used to measure the exact duration

keycloak/rhbk upgrade via ansible

4. Demo: Upgrading from 26.2.0 to 26.2.1

  • Upgrade launched to version 26.2.1
  • Duration: 28 seconds
  • Verification: all three servers successfully running 26.2.1

keycloak/rhbk dashboard 26.2.0

keycloak/rhbk dashboard 26.2.1

5. Second Test: Upgrading to 26.2.3

In practice, some minor versions can be skipped if they don’t include critical fixes, or if they only address bugs in features not used by our organization. We therefore upgraded our cluster directly to version 26.2.3, which fixes security vulnerabilities.

  • Duration: 29 seconds
  • Verification: all three servers running 26.2.3

➡️ A full cluster upgrade completed in under 30 seconds.

keycloak/rhbk upgrade to 26.2.3 via ansible

keycloak/rhbk dashboard 26.2.3

6. Benefits for CIOs and IT Managers

This automation approach provides:

  • Enhanced security : fast and consistent patching
  • Operational efficiency : cluster upgrade in under one minute
  • Industrialized IT processes : integration with CI/CD pipelines
  • Reliability : all nodes aligned on the same version

Conclusion

With Ansible, upgrading a Keycloak cluster becomes fast, reliable, and secure, even in mission-critical environments.

➡️ If you are planning to secure, operate, and automate Keycloak administration, including backups, we can help.

📩 Contact us to discuss your Keycloak integration and infrastructure needs.

Posts

ANSIDEV

Product

Company

Support

ANSIDEV SASU au capital de 10 000 € | 28 avenue du 19 mars 1962. 78370 Plaisir. France | R.C.S. Versailles 883 562 035