Cray System Management Documentation > Cray System Management (CSM) Administration Guide > security and authentication > Keycloak Service Recovery

Keycloak Service Recovery

The following covers redeploying the Keycloak service and restoring the data.

Prerequisites

The system is fully installed and has transitioned off of the LiveCD.
All activities required for site maintenance are complete.
A backup or export of the data already exists.
The latest CSM documentation has been installed on the master nodes. See Check for Latest Documentation.
The Cray CLI is configured on the node where the procedure is being performed. See Configure the Cray CLI.

Service recovery for Keycloak

(ncn-mw#) Verify that a backup of the Keycloak Postgres data exists.
1. Set and export the CRAY_CREDENTIALS environment variable.
  
  This will permit simple CLI operations that are needed for the command in the next step. See Authenticate an Account with the Command Line.
2. Verify that a completed backup exists.
```
cray artifacts list postgres-backup --format json | jq -r '.artifacts[].Key | select(contains("keycloak"))'
```
  Example output:
```
keycloak-postgres-2022-09-14T02:10:05.manifest
keycloak-postgres-2022-09-14T02:10:05.psql
```
3. Unset the CRAY_CREDENTIALS environment variable and remove the temporary token file.
```
unset CRAY_CREDENTIALS
rm -v /tmp/setup-token.json
```

(ncn-mw#) Uninstall the chart and wait for the resources to terminate.

Uninstall the chart.

helm uninstall -n services cray-keycloak

Example output:

release "cray-keycloak" uninstalled

Wait for the resources to terminate.

watch "kubectl get pods -n services | grep keycloak | grep -v 'keycloak-users-localize\|keycloak-vcs-user'"

Example output:

No resources found in services namespace.

(ncn-mw#) Redeploy the chart and wait for the resources to start.

Follow the Redeploying a Chart procedure with the following specifications:

Chart name: cray-keycloak
Base manifest name: platform
When reaching the step to update customizations, no edits need to be made to the customizations file.

When reaching the step to validate that the redeploy was successful, perform the following step:

Only follow this step as part of the previously linked chart redeploy procedure.

Wait for the resources to start.

watch "kubectl get pods -n services | grep keycloak"

Example output:

cray-keycloak-0                                                   2/2     Running     0          32m
cray-keycloak-1                                                   2/2     Running     0          32m
cray-keycloak-2                                                   2/2     Running     0          32m
keycloak-postgres-0                                               3/3     Running     0          32m
keycloak-postgres-1                                               3/3     Running     0          31m
keycloak-postgres-2                                               3/3     Running     0          30m
keycloak-setup-1-9kdl2                                            0/2     Completed   0          32m
keycloak-users-localize-1-jjb9b                                   2/2     Running     0          32m
keycloak-vcs-user-1-gqftw                                         0/2     Completed   0          31m
keycloak-wait-for-postgres-1-xt4nv                                0/2     Completed   0          32m

(ncn-mw#) Restore the critical data.

See Restore Postgres for Keycloak.