Comments (9)
Same issue here when deploying
from authentik.
I just tried https://docs.goauthentik.io/docs/installation/docker-compose with postgres 16. I don't see any issue. Mind providing logs for the server and worker containers?
from authentik.
Postgres 16.2 & Authentik 2024.2.2
Authentik Environment Variables:
AUTHENTIK_SECRET_KEY=redacted
AUTHENTIK_REDIS__HOST=127.0.0.1
AUTHENTIK_REDIS__PORT=6379
AUTHENTIK_POSTGRESQL__HOST=127.0.0.1
AUTHENTIK_POSTGRESQL__PORT=5432
AUTHENTIK_POSTGRESQL__USER=authentik
AUTHENTIK_POSTGRESQL__NAME=authentik
AUTHENTIK_POSTGRESQL__PASSWORD=redacted
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_LOG_LEVEL=debug
AUTHENTIK_PORT_HTTP=9000
AUTHENTIK_PORT_HTTPS=9443
Logs:
postgres.txt
server.txt
worker.txt
For troubleshooting, I will next try running this on bare docker rather than an orchestrator like Nomad.
Edit: Same error when deployed on a completely different machine running just plain old docker-compose. I copy and pasted the provided docker-compose example. Also important to note I'm not using an .env file but rather entering it directly.
from authentik.
I still am not able to replicate this. Would you mind providing the docker-compose.yml you're using?
from authentik.
I still am not able to replicate this. Would you mind providing the docker-compose.yml you're using?
I am also seeing the same issue just now after performing an upgrade from 2023.10 to 2024.2.2. Not sure if the same error will be seen on a fresh install and this version did have some notes that there were some changes to how it uses postgres now.
Database requirement changes
authentik now uses PostgreSQL schemas other than public.
If you have a custom PostgreSQL deployment, please ensure that the authentik user is allowed to create schemas. Usually, if the authentik user is owner of the database, it already can.
I double checked the link you sent with instruction docs as my docker compose is set to use postgres 12, not 16, but the compose that the docs have you pull also still shows 12 as well.
Here is my compose for reference:
version: "3.4"
services:
postgresql:
image: docker.io/library/postgres:12-alpine
container_name: authentik_postgres
volumes:
- /srv/authentik/postgres/data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
restart: unless-stopped
env_file:
- .env
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
redis:
image: docker.io/library/redis:alpine
container_name: authentik_redis
command: --save 60 1 --loglevel warning
volumes:
- /srv/authentik/redis/data:/data
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest}
container_name: authentik_server
command: server
volumes:
- /srv/authentik/media:/media
- /srv/authentik/templates:/templates
ports:
- 9000:9000
- 9443:9443
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
restart: unless-stopped
env_file:
- .env
depends_on:
- postgresql
- redis
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest}
container_name: authentik_worker
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
# user: root
volumes:
- /srv/authentik/media:/media
- /srv/authentik/certs:/certs
- /srv/authentik/templates:/templates
restart: unless-stopped
env_file:
- .env
depends_on:
- postgresql
- redis
volumes:
database:
driver: local
redis:
driver: local
from authentik.
To provide additional data points for troubleshooting, below is my docker-compose.yml that I tried on a bare docker install.
---
version: "3.4"
services:
postgresql:
image: docker.io/library/postgres:16
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
environment:
POSTGRES_PASSWORD: redacted
POSTGRES_USER: authentik
POSTGRES_DB: authentik
redis:
image: docker.io/library/redis
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
server:
image: ghcr.io/goauthentik/server:2024.2.2
restart: unless-stopped
command: server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: redacted
AUTHENTIK_SECRET_KEY: redacted
ports:
- "9000:9000"
- "9443:9443"
worker:
image: ghcr.io/goauthentik/server:2024.2.2
restart: unless-stopped
command: worker
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: redacted
AUTHENTIK_SECRET_KEY: redacted
user: root
from authentik.
Alright, trying @crltc's docker-compose, I indeed see some postgresql-1 | 2024-03-14 07:16:55.154 UTC [73] ERROR: relation "authentik_tenants_tenant" does not exist at character 554
. However, that's expected as database migrations haven't run yet, and it doesn't prevent authentik to do those migrations, and eventually run.
from authentik.
I must have done something else wrong in my initial setup because I can now access and setup Authentik even though I still get the same errors in the logs, as well as some others below. I guess this thread will address the concerns people have when they see the errors. I will report back if there are any errors.
duplicate key error:
2024-03-15 01:40:17.669 UTC [96] ERROR: duplicate key value violates unique constraint "authentik_flows_flow_slug_key"
and deadlock errors, which I assume is from the transaction conflict between server and worker ?
2024-03-15 01:39:43.408 UTC [1] LOG: starting PostgreSQL 16.2 (Debian 16.2-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2024-03-15 01:39:43.409 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2024-03-15 01:39:43.409 UTC [1] LOG: listening on IPv6 address "::", port 5432
2024-03-15 01:39:43.416 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-03-15 01:39:43.425 UTC [30] LOG: database system was shut down at 2024-03-15 01:39:41 UTC
2024-03-15 01:39:43.436 UTC [1] LOG: database system is ready to accept connections
2024-03-15 01:40:09.446 UTC [59] ERROR: deadlock detected
2024-03-15 01:40:09.446 UTC [59] DETAIL: Process 59 waits for ShareLock on transaction 2609; blocked by process 61.
Process 61 waits for ShareLock on transaction 2612; blocked by process 59.
Process 59: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
Process 61: UPDATE "authentik_flows_stage" SET "name" = 'default-authentication-login' WHERE "authentik_flows_stage"."stage_uuid" = '6b865f8f531441199b1bed2ea25f1dfe'::uuid
2024-03-15 01:40:09.446 UTC [59] HINT: See server log for query details.
2024-03-15 01:40:09.446 UTC [59] CONTEXT: while updating tuple (0,68) in relation "authentik_flows_stage"
2024-03-15 01:40:09.446 UTC [59] STATEMENT: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
2024-03-15 01:40:11.407 UTC [68] ERROR: deadlock detected
2024-03-15 01:40:11.407 UTC [68] DETAIL: Process 68 waits for ShareLock on transaction 2639; blocked by process 61.
Process 61 waits for ShareLock on transaction 2642; blocked by process 68.
Process 68: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
Process 61: UPDATE "authentik_flows_stage" SET "name" = 'default-authentication-login' WHERE "authentik_flows_stage"."stage_uuid" = '6b865f8f531441199b1bed2ea25f1dfe'::uuid
2024-03-15 01:40:11.407 UTC [68] HINT: See server log for query details.
2024-03-15 01:40:11.407 UTC [68] CONTEXT: while updating tuple (0,68) in relation "authentik_flows_stage"
2024-03-15 01:40:11.407 UTC [68] STATEMENT: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
2024-03-15 01:40:14.194 UTC [75] ERROR: deadlock detected
2024-03-15 01:40:14.194 UTC [75] DETAIL: Process 75 waits for ShareLock on transaction 2681; blocked by process 69.
Process 69 waits for ShareLock on transaction 2684; blocked by process 75.
Process 75: UPDATE "authentik_flows_stage" SET "name" = 'default-password-change-write' WHERE "authentik_flows_stage"."stage_uuid" = '75c111127f7a440fbc436f09b1b87231'::uuid
Process 69: UPDATE "authentik_flows_stage" SET "name" = 'default-authentication-login' WHERE "authentik_flows_stage"."stage_uuid" = '6b865f8f531441199b1bed2ea25f1dfe'::uuid
from authentik.
Since authentik is working for you now we'll close this; we'll continue to look into the SharedLock errors that you're getting above however it is quite unclear what is causing them.
from authentik.
Related Issues (20)
- Issues with Grafana HOT 1
- Unraid installation failed March 22, 2024
- How to map social login users (discord) to directory groups ? HOT 7
- Federate Authentik to LDAP from Authentik
- ak_call_policy calls always error
- Federation OIDC Groups
- Support for Yubico OTP
- TF updates don't refresh current user HOT 2
- Missing User Dashboard Icons HOT 5
- ArgoCD ?has_sso_error HOT 5
- exec: "dumb-init": executable file not found in $PATH: unknown HOT 1
- Authentik server and worker : Name or service not known HOT 2
- List of Applications a User can access isn't grouped together HOT 1
- Nested groups from AD/LDAP sync not working
- Sync more AD/LDAP attributes like displayName HOT 4
- Redis alternatives => Redis change license HOT 3
- Custom Captcha is at the bottom of the page HOT 2
- LDAP user sync is really slow HOT 8
- When selecting a group at the bottom of updating a user write stage, the drop down is not scrollable HOT 2
- Shows warning that user count exceeds license with three internal users on self hosted instance HOT 22
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.