Describe the bug New deployment causes database errors, Authentik

I just tried <a href="https://docs.goauthentik.io/docs/installation/docker-compose" re

Alright, trying <a class="user-mention notranslate" data-hovercard-type="user" data-ho

New Deployment: ERROR: relation "authentik_tenants_tenant" does not exist at character 554 about authentik HOT 9 CLOSED

crltc commented on June 13, 2024 3

New Deployment: ERROR: relation "authentik_tenants_tenant" does not exist at character 554

from authentik.

Comments (9)

Meowcat285 commented on June 13, 2024

Same issue here when deploying

from authentik.

rissson commented on June 13, 2024

I just tried https://docs.goauthentik.io/docs/installation/docker-compose with postgres 16. I don't see any issue. Mind providing logs for the server and worker containers?

from authentik.

crltc commented on June 13, 2024

Postgres 16.2 & Authentik 2024.2.2

Authentik Environment Variables:

AUTHENTIK_SECRET_KEY=redacted
AUTHENTIK_REDIS__HOST=127.0.0.1
AUTHENTIK_REDIS__PORT=6379
AUTHENTIK_POSTGRESQL__HOST=127.0.0.1
AUTHENTIK_POSTGRESQL__PORT=5432
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD=redacted
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_LOG_LEVEL=debug
AUTHENTIK_PORT_HTTP=9000
AUTHENTIK_PORT_HTTPS=9443

Logs:
postgres.txt
server.txt
worker.txt

For troubleshooting, I will next try running this on bare docker rather than an orchestrator like Nomad.

Edit: Same error when deployed on a completely different machine running just plain old docker-compose. I copy and pasted the provided docker-compose example. Also important to note I'm not using an .env file but rather entering it directly.

from authentik.

rissson commented on June 13, 2024

I still am not able to replicate this. Would you mind providing the docker-compose.yml you're using?

from authentik.

mmenajr commented on June 13, 2024

I still am not able to replicate this. Would you mind providing the docker-compose.yml you're using?

I am also seeing the same issue just now after performing an upgrade from 2023.10 to 2024.2.2. Not sure if the same error will be seen on a fresh install and this version did have some notes that there were some changes to how it uses postgres now.

Database requirement changes
authentik now uses PostgreSQL schemas other than public.

If you have a custom PostgreSQL deployment, please ensure that the authentik user is allowed to create schemas. Usually, if the authentik user is owner of the database, it already can.

I double checked the link you sent with instruction docs as my docker compose is set to use postgres 12, not 16, but the compose that the docs have you pull also still shows 12 as well.

Here is my compose for reference:

version: "3.4"

services:
  postgresql:
    image: docker.io/library/postgres:12-alpine
    container_name: authentik_postgres
    volumes:
      - /srv/authentik/postgres/data:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    restart: unless-stopped
    env_file:
      - .env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s

  redis:
    image: docker.io/library/redis:alpine
    container_name: authentik_redis
    command: --save 60 1 --loglevel warning
    volumes:
      - /srv/authentik/redis/data:/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s

  server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest}
    container_name: authentik_server
    command: server
    volumes:
      - /srv/authentik/media:/media
      - /srv/authentik/templates:/templates
    ports:
      - 9000:9000
      - 9443:9443
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    restart: unless-stopped
    env_file:
      - .env
    depends_on:
      - postgresql
      - redis

  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest}
    container_name: authentik_worker
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    # user: root
    volumes:
      - /srv/authentik/media:/media
      - /srv/authentik/certs:/certs
      - /srv/authentik/templates:/templates
    restart: unless-stopped
    env_file:
      - .env
    depends_on:
      - postgresql
      - redis

volumes:
  database:
    driver: local
  redis:
    driver: local

from authentik.

crltc commented on June 13, 2024

To provide additional data points for troubleshooting, below is my docker-compose.yml that I tried on a bare docker install.

---
version: "3.4"
services:
  postgresql:
    image: docker.io/library/postgres:16
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    environment:
      POSTGRES_PASSWORD: redacted
      POSTGRES_USER: authentik
      POSTGRES_DB: authentik
  redis:
    image: docker.io/library/redis
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
  server:
    image: ghcr.io/goauthentik/server:2024.2.2
    restart: unless-stopped
    command: server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: redacted
      AUTHENTIK_SECRET_KEY: redacted
    ports:
      - "9000:9000"
      - "9443:9443"
  worker:
    image: ghcr.io/goauthentik/server:2024.2.2
    restart: unless-stopped
    command: worker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: redacted
      AUTHENTIK_SECRET_KEY: redacted
    user: root

from authentik.

rissson commented on June 13, 2024

Alright, trying @crltc's docker-compose, I indeed see some postgresql-1 | 2024-03-14 07:16:55.154 UTC [73] ERROR: relation "authentik_tenants_tenant" does not exist at character 554. However, that's expected as database migrations haven't run yet, and it doesn't prevent authentik to do those migrations, and eventually run.

from authentik.

crltc commented on June 13, 2024

I must have done something else wrong in my initial setup because I can now access and setup Authentik even though I still get the same errors in the logs, as well as some others below. I guess this thread will address the concerns people have when they see the errors. I will report back if there are any errors.

duplicate key error:

2024-03-15 01:40:17.669 UTC [96] ERROR:  duplicate key value violates unique constraint "authentik_flows_flow_slug_key"

and deadlock errors, which I assume is from the transaction conflict between server and worker ?

2024-03-15 01:39:43.408 UTC [1] LOG:  starting PostgreSQL 16.2 (Debian 16.2-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2024-03-15 01:39:43.409 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2024-03-15 01:39:43.409 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2024-03-15 01:39:43.416 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-03-15 01:39:43.425 UTC [30] LOG:  database system was shut down at 2024-03-15 01:39:41 UTC
2024-03-15 01:39:43.436 UTC [1] LOG:  database system is ready to accept connections
2024-03-15 01:40:09.446 UTC [59] ERROR:  deadlock detected
2024-03-15 01:40:09.446 UTC [59] DETAIL:  Process 59 waits for ShareLock on transaction 2609; blocked by process 61.
	Process 61 waits for ShareLock on transaction 2612; blocked by process 59.
	Process 59: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
	Process 61: UPDATE "authentik_flows_stage" SET "name" = 'default-authentication-login' WHERE "authentik_flows_stage"."stage_uuid" = '6b865f8f531441199b1bed2ea25f1dfe'::uuid
2024-03-15 01:40:09.446 UTC [59] HINT:  See server log for query details.
2024-03-15 01:40:09.446 UTC [59] CONTEXT:  while updating tuple (0,68) in relation "authentik_flows_stage"
2024-03-15 01:40:09.446 UTC [59] STATEMENT:  UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
2024-03-15 01:40:11.407 UTC [68] ERROR:  deadlock detected
2024-03-15 01:40:11.407 UTC [68] DETAIL:  Process 68 waits for ShareLock on transaction 2639; blocked by process 61.
	Process 61 waits for ShareLock on transaction 2642; blocked by process 68.
	Process 68: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
	Process 61: UPDATE "authentik_flows_stage" SET "name" = 'default-authentication-login' WHERE "authentik_flows_stage"."stage_uuid" = '6b865f8f531441199b1bed2ea25f1dfe'::uuid
2024-03-15 01:40:11.407 UTC [68] HINT:  See server log for query details.
2024-03-15 01:40:11.407 UTC [68] CONTEXT:  while updating tuple (0,68) in relation "authentik_flows_stage"
2024-03-15 01:40:11.407 UTC [68] STATEMENT:  UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
2024-03-15 01:40:14.194 UTC [75] ERROR:  deadlock detected
2024-03-15 01:40:14.194 UTC [75] DETAIL:  Process 75 waits for ShareLock on transaction 2681; blocked by process 69.
	Process 69 waits for ShareLock on transaction 2684; blocked by process 75.
	Process 75: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
	Process 69: UPDATE "authentik_flows_stage" SET "name" = 'default-authentication-login' WHERE "authentik_flows_stage"."stage_uuid" = '6b865f8f531441199b1bed2ea25f1dfe'::uuid

from authentik.

BeryJu commented on June 13, 2024

Since authentik is working for you now we'll close this; we'll continue to look into the SharedLock errors that you're getting above however it is quite unclear what is causing them.

from authentik.

New Deployment: ERROR: relation "authentik_tenants_tenant" does not exist at character 554 about authentik HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent