https://www.ory.sh/ logo
Join Slack
Powered by
That does seem to work. Meaning I can export from ...
# ory-selfhosting
p
That does seem to work. Meaning I can export from an old kratos database into json. Then import into a new kratos database. But I have to add new passwords. This is not ideal. Is there a way to export identiies with hashed passwords from a v05.5.-alpha.1 kratos release?
s
so you cannot export or import the hashes?
p
Not sure. How do I do that? How do I export the hashes with a v0.5.5-alpha.1 release? This is the version and the cli --help that I see.
Copy code
/ $ kratos version
Version:                        v0.5.5-alpha.1
Build Commit:   83aedcb885acb96c5deb39fff675d5f0528af32d
Build Timestamp:        2020-12-09T11:10:11Z
/ $ kratos 
Usage:
  kratos [command]

Available Commands:
  hashers     This command contains helpers around hashing.
  help        Help about any command
  identities  Tools to interact with remote identities
  jsonnet     Helpers for linting and formatting JSONNet code
  migrate     Various migration helpers
  remote      Helpers and management for remote ORY Kratos instances
  serve       Run the ORY Kratos server
  version     Show the build version, build time, and git hash

Flags:
  -c, --config string   Path to config file. Supports .json, .yaml, .yml, .toml. Default is "$HOME/.kratos.(yaml|yml|toml|json)"
  -h, --help            help for kratos

Use "kratos [command] --help" for more information about a command.
/ $
The way I "exported" the existing identities was to run 
kratos identities list -e <http://localhost:4434> --format json-pretty
. This gets me the id json schema data, but not hashes.
I did have some success in exporting the postgres data then importing it into the new new kratos postgres db. When I do that, I can see the id tables in the database. Kratos does not see them though. That is 
kratos list identities
does not list the ids. (The dsn is pointing to the correct database...)
Any ideas on this would be very much appreciated.
s
You will have to change the nid column to the value your existing identities have
p
Can you explain that more? What is the export process?
Or where and how do I change the nid column?
I do see the 
nid
column and that it is empty for my imported identities. You're saying I need to set the nid to just be the same value for all ids.
Copy code
psql -U postgres oauth
update identities set nid = 'thevalue';
Seemed to work!
...although I stlll cannot login as a user. But that's progress.
The kratos error 
the provided credentials are invalid, check for spelling mistakes in your password or username, email address, or phone number
. Thoughts?
s
why do you do that export and import in the first place? maybe there is a better way to do it
p
I've tried a few things. I would like an easier way if there is one.
The export/import was all I could think of to cleanly move/copy the data.
s
but what problem are you solving
p
This is a good question. I'm just upgrading kratos from v0.5.5 alpha to the latest version. And I want to keep my existing identity data.
(I have also tweaked the identity schema a bit.)
We have moved from a custom install to a helm install for Ory components, thus the redo/upgrade.
s
ok in that case you should just do the update with the same database and the migrations will take care of everything
no export/import needed
p
This is what I thought originally. I couldn't get it to work. I will try it again. Thanks.
s
why did it not work?
p
I do not recall and I've been trying a few things. I will try it again now. I have stopped kratos and postgres and am just copying the original database files to the new location. I will then spin up postgres and kratos again.
Looks like the firs thing is a large jump in postgres version. 
9.6.24
vs 
14.4
. This may be why I went down the export/import path. When I spin up with the copied data, postgres does not read the kratos database.
s
kratos should work with both versions
p
I think postgres itself is having trouble reading the older data.
s
ok but why upgrade postgres then? is there no guide on how to do that?
p
I'm upgrading all the things while I have a chance to. Maybe this is not a good idea.
s
yeah try one at a time 😂
p
Yeah, I think I will. 😄
Thanks for the chat.
For anyone playing along at home, this seems to have worked. I'm running an older version of postgres (9.x) with the newest kratos and our existing 9.x postgres database. The plan was to update all applications to a helm install on our k8s cluster. This included the postgres that kratos uses. This was fine until we saw that the newest postgres helm install does not understand our older version of postgres data. To make matters more difficult, there is no 9.x postgres helm install so I needed to not install postgres via helm, but just install it by hand (via ansible k8s deployment/service/pvc). Thanks again Patrick for the hand-holding and question asking.
...although it looks like authentication still fails. Which is odd and not expected. Alas.
Looks like cipher or hashers are different now. This is using the helm-install of kratos.
2 Views
Open in Slack
PreviousNext
Powered by