1. Summary: PostgreSQL version check during Keycloak upgrade is insufficient in multi-node UCS environments with domain-wide database usage. 2. Product: Keycloak (UCS App) Version: 26.1.4-ucs2 Component: Upgrade Script / Pre-Install Check Platform: UCS 5.x, multi-node (Primary/Backup) 3. Description: During an attempt to upgrade the Keycloak app to version `26.1.4-ucs2` on a UCS **Backup** node, the upgrade process fails due to a version check that incorrectly detects an outdated PostgreSQL 11 instance. However, in the given UCS domain, Keycloak is **installed and actively used on the Backup node**, where it is connected to a PostgreSQL 15 instance. A PostgreSQL 11 instance exists on the **Primary** node, but it is unused and leftover from a previous test installation of Keycloak, which was later removed. This behavior appears to be caused by the upgrade script assuming the local PostgreSQL version (on the Primary) is in use, rather than verifying the actual database configuration of the active Keycloak instance. As a result, the upgrade is unnecessarily blocked, even though the PostgreSQL version actively used by Keycloak (v15) meets all requirements. 4. Steps to Reproduce: * Install Keycloak on a UCS Primary node using PostgreSQL 11, then uninstall it. * Install Keycloak on the UCS Backup node using PostgreSQL 15, and configure it for production use. * Attempt to upgrade Keycloak on the Backup node. * Observe that the upgrade fails due to a PostgreSQL 11 version check, despite the actual Keycloak database running on PostgreSQL 15. 5. Observed Output: It seems you are using Postgres 11 as the database management system for Keycloak. Starting with Keycloak 26, at least Postgres 12 is required. Please update Postgres. You may want to follow this article: https://help.univention.com/t/updating-from-postgresql-11-to-postgresql-15/22162 You can skip this test with by setting UCR variable "keycloak/check-postgres-version" to "false". But be aware that Keycloak 26 will not work with PostgreSQL 11. Running prescript of 5.0/keycloak=26.1.4-ucs2 failed. Aborting... 6. Expected Behavior: The upgrade process should: * Identify the actual PostgreSQL instance that is being used by Keycloak (including domain-wide configurations). * In multi-node UCS domains, determine the **active Keycloak database host** rather than assuming the local instance is in use. * Provide clear, actionable output indicating **on which system** the relevant PostgreSQL version must be updated (if necessary). 7. Suggested Solutions: * Extend the upgrade script to determine the **configured Keycloak database host and version**, instead of relying on local PostgreSQL detection. * Clearly output which node is hosting the active Keycloak database and what version it is running. * Optionally provide a list of all PostgreSQL instances across UCS nodes and highlight the one actively used by Keycloak. * If a version mismatch is detected, specify which system the required PostgreSQL upgrade needs to be performed on. 8. System Environment Example: On DC-Backup (active Keycloak database): root@ucs5backup:~# pg_lsclusters -h 15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log On DC-Primary (no longer used for Keycloak): root@ucs5primary:~# pg_lsclusters -h 11 main 5432 online postgres /var/lib/postgresql/11/main /var/log/postgresql/postgresql-11-main.log