Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ak server stuck in migration Applying authentik_core.0029_provider_backchannel_applications_and_more... #9866

Closed
EdungDivinefavour opened this issue May 26, 2024 · 6 comments · Fixed by #10409
Closed

ak server stuck in migration Applying authentik_core.0029_provider_backchannel_applications_and_more... #9866

EdungDivinefavour opened this issue May 26, 2024 · 6 comments · Fixed by #10409
Labels
bug Something isn't working

Comments

@EdungDivinefavour
Copy link

EdungDivinefavour commented May 26, 2024
edited
Loading

Describe the bug
I followed all the steps in the Authentik full development setup here, and when I run ak serve, it runs forever and seems to get stuck In the step authentik_core.0029_provider_backchannel_applications_and_more...

To Reproduce

  1. Follow the steps in the documentation, ensure to use the docker-compose.yml from the scripts folder as mentioned in the documentation

  2. Run ak server

Expected behavior
I expect the server to start running without any issues

Logs

(authentik-py3.12) edungdivinefavour@Edungs-MacBook-Pro AuthentikClone % ak server
{"event":"Loaded config","level":"debug","path":"inbuilt-default","timestamp":"2024-05-25T21:27:40-03:00"}
{"event":"Loaded config","level":"debug","path":"/Users/edungdivinefavour/Documents/AuthentikClone/authentik/lib/default.yml","timestamp":"2024-05-25T21:27:40-03:00"}
{"event":"Loaded config","level":"debug","path":"/Users/edungdivinefavour/Documents/AuthentikClone/local.env.yml","timestamp":"2024-05-25T21:27:40-03:00"}
{"event":"Loaded config from environment","level":"debug","timestamp":"2024-05-25T21:27:40-03:00"}
INFO[0000] Starting Debug server                         listen="0.0.0.0:9900" logger=authentik.go_debugger
DEBU[0000] Starting gunicorn                             args="[dev_server]" cmd=./manage.py logger=authentik.router.unicorn
INFO[0000] Starting Metrics server                       listen="0.0.0.0:9300" logger=authentik.router.metrics
INFO[0000] Starting HTTP server                          listen="0.0.0.0:9000" logger=authentik.router
DEBU[0000] starting healthcheck                          logger=authentik.router.unicorn
INFO[0000] Starting HTTPS server                         listen="0.0.0.0:9443" logger=authentik.router
{"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683260.37202, "file": "/Users/edungdivinefavour/Documents/AuthentikClone/authentik/lib/default.yml"}
{"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683260.3731709, "file": "/Users/edungdivinefavour/Documents/AuthentikClone/local.env.yml"}
{"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1716683260.4270442}
{"event": "PostgreSQL connection successful", "level": "info", "logger": "authentik.lib.config", "timestamp": 1716683260.5960221}
{"event": "Redis Connection successful", "level": "info", "logger": "authentik.lib.config", "timestamp": 1716683260.6071439}
{"event": "Finished authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1716683260.607172}
2024-05-25 21:27:40 [info     ] waiting to acquire database lock
2024-05-25 21:27:40 [info     ] Migration needs to be applied  migration=install_id.py
2024-05-25 21:27:40 [info     ] Migration finished applying    migration=install_id.py
2024-05-25 21:27:40 [info     ] Migration needs to be applied  migration=template_schema.py
2024-05-25 21:27:40 [info     ] Migration finished applying    migration=template_schema.py
2024-05-25 21:27:40 [info     ] applying django migrations    
DEBU[0001] backend not alive yet                         logger=authentik.router.unicorn
{"event": "Booting authentik", "level": "info", "logger": "authentik.lib.config", "timestamp": 1716683261.142705, "version": "2024.4.2"}
{"event": "Enabled authentik enterprise", "level": "info", "logger": "authentik.lib.config", "timestamp": 1716683261.144177}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.15051, "path": "authentik.enterprise.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.153541, "path": "authentik.sources.ldap.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.1577458, "path": "authentik.outposts.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.15951, "path": "authentik.crypto.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.160429, "path": "authentik.enterprise.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.163209, "path": "authentik.policies.reputation.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.165789, "path": "authentik.providers.scim.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.168577, "path": "authentik.sources.plex.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.1726432, "path": "authentik.sources.oauth.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.174948, "path": "authentik.events.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.176509, "path": "authentik.admin.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.1801689, "path": "authentik.stages.authenticator_totp.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.190069, "path": "authentik.enterprise.providers.microsoft_entra.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.1922529, "path": "authentik.enterprise.providers.google_workspace.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1716683261.196193, "path": "authentik.blueprints.settings"}
2024-05-26T00:27:41.465860 [warning  ] Failed to load MMDB database   [authentik.events.context_processors.mmdb] domain_url=None exc=FileNotFoundError(2, 'No such file or directory') path=/geoip/GeoLite2-ASN.mmdb pid=60660 schema_name=public
2024-05-26T00:27:41.466257 [warning  ] Failed to load MMDB database   [authentik.events.context_processors.mmdb] domain_url=None exc=FileNotFoundError(2, 'No such file or directory') path=/geoip/GeoLite2-City.mmdb pid=60660 schema_name=public
2024-05-26T00:27:41.796989 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.tenants domain_url=None module=authentik.tenants.checks pid=60660 schema_name=public
2024-05-26T00:27:41.797300 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.tenants domain_url=None module=authentik.tenants.signals pid=60660 schema_name=public
2024-05-26T00:27:41.874736 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.admin domain_url=None module=authentik.admin.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.875038 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.admin domain_url=None module=authentik.admin.signals pid=60660 schema_name=public
2024-05-26T00:27:41.875532 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.crypto domain_url=None module=authentik.crypto.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.887127 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.flows domain_url=None module=authentik.flows.signals pid=60660 schema_name=public
2024-05-26T00:27:41.896287 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.outposts domain_url=None module=authentik.outposts.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.896601 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.outposts domain_url=None module=authentik.outposts.signals pid=60660 schema_name=public
2024-05-26T00:27:41.896848 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.policies.reputation domain_url=None module=authentik.policies.reputation.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.897059 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.policies.reputation domain_url=None module=authentik.policies.reputation.signals pid=60660 schema_name=public
2024-05-26T00:27:41.900480 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.policies domain_url=None module=authentik.policies.signals pid=60660 schema_name=public
2024-05-26T00:27:41.900699 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.providers.proxy domain_url=None module=authentik.providers.proxy.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.900892 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.providers.proxy domain_url=None module=authentik.providers.proxy.signals pid=60660 schema_name=public
2024-05-26T00:27:41.901300 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.providers.scim domain_url=None module=authentik.providers.scim.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.901716 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.providers.scim domain_url=None module=authentik.providers.scim.signals pid=60660 schema_name=public
2024-05-26T00:27:41.902181 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.rbac domain_url=None module=authentik.rbac.signals pid=60660 schema_name=public
2024-05-26T00:27:41.904539 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.sources.ldap domain_url=None module=authentik.sources.ldap.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.905242 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.sources.ldap domain_url=None module=authentik.sources.ldap.signals pid=60660 schema_name=public
2024-05-26T00:27:41.907659 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.sources.oauth domain_url=None module=authentik.sources.oauth.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.907892 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.sources.saml domain_url=None module=authentik.sources.saml.signals pid=60660 schema_name=public
2024-05-26T00:27:41.908110 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.sources.scim domain_url=None module=authentik.sources.scim.signals pid=60660 schema_name=public
2024-05-26T00:27:41.908279 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.stages.authenticator_duo domain_url=None module=authentik.stages.authenticator_duo.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.908483 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.stages.authenticator_static domain_url=None module=authentik.stages.authenticator_static.signals pid=60660 schema_name=public
2024-05-26T00:27:41.925711 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.stages.authenticator_webauthn domain_url=None module=authentik.stages.authenticator_webauthn.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.925914 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.stages.email domain_url=None module=authentik.stages.email.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.926819 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.core domain_url=None module=authentik.core.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.926872 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.core domain_url=None module=authentik.core.signals pid=60660 schema_name=public
2024-05-26T00:27:41.927153 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise domain_url=None module=authentik.enterprise.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.927352 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise domain_url=None module=authentik.enterprise.signals pid=60660 schema_name=public
2024-05-26T00:27:41.927613 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise.providers.google_workspace domain_url=None module=authentik.enterprise.providers.google_workspace.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.927831 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise.providers.google_workspace domain_url=None module=authentik.enterprise.providers.google_workspace.signals pid=60660 schema_name=public
2024-05-26T00:27:41.928007 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise.providers.microsoft_entra domain_url=None module=authentik.enterprise.providers.microsoft_entra.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.928203 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise.providers.microsoft_entra domain_url=None module=authentik.enterprise.providers.microsoft_entra.signals pid=60660 schema_name=public
2024-05-26T00:27:41.929702 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.enterprise.providers.rac domain_url=None module=authentik.enterprise.providers.rac.signals pid=60660 schema_name=public
2024-05-26T00:27:41.929853 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.events domain_url=None module=authentik.events.tasks pid=60660 schema_name=public
2024-05-26T00:27:41.929903 [info     ] Imported related module        [authentik.blueprints.apps] app_name=authentik.events domain_url=None module=authentik.events.signals pid=60660 schema_name=public
2024-05-26T00:27:41.954854 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.tenants domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.956067 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.admin domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.956139 [debug    ] App does not define API URLs   [authentik.api.v3.urls] app_name=authentik.api domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.957579 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.crypto domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.960672 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.flows domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.963524 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.outposts domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.964488 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies.dummy domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.965119 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies.event_matcher domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.965411 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies.expiry domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.965690 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies.expression domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.965961 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies.password domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.966300 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies.reputation domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.969434 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.policies domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.970309 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.providers.ldap domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.984515 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.providers.oauth2 domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.985429 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.providers.proxy domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.986093 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.providers.radius domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.991552 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.providers.saml domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.992989 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.providers.scim domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.995564 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.rbac domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.995881 [debug    ] App does not define API URLs   [authentik.api.v3.urls] app_name=authentik.recovery domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.997025 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.sources.ldap domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.998480 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.sources.oauth domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:41.999656 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.sources.plex domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.001165 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.sources.saml domain_url=None pid=60660 schema_name=public
DEBU[0002] backend not alive yet                         logger=authentik.router.unicorn
2024-05-26T00:27:42.117068 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.sources.scim domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.117989 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.authenticator_duo domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.118416 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.authenticator_sms domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.118925 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.authenticator_static domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.119426 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.authenticator_totp domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.120304 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.authenticator_validate domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.120782 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.authenticator_webauthn domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.121059 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.captcha domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.121493 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.consent domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.122156 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.deny domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.122606 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.dummy domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.122988 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.email domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.123264 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.identification domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.123765 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.invitation domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.124065 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.password domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.124477 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.prompt domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.124737 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.user_delete domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.124989 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.user_login domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.125327 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.user_logout domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.125620 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.stages.user_write domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.126265 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.brands domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.126417 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.blueprints domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.191310 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.core domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.191563 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.enterprise domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.192585 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.enterprise.providers.google_workspace domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.193338 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.enterprise.providers.microsoft_entra domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.194830 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.enterprise.providers.rac domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.195293 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.enterprise.stages.source domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.196965 [debug    ] Mounted API URLs               [authentik.api.v3.urls] app_name=authentik.events domain_url=None pid=60660 schema_name=public
2024-05-26T00:27:42.208151 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=api/ app_name=authentik.api domain_url=None namespace=authentik_api pid=60660 schema_name=public
2024-05-26T00:27:42.208242 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=flows/ app_name=authentik.flows domain_url=None namespace=authentik_flows pid=60660 schema_name=public
2024-05-26T00:27:42.208796 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint= app_name=authentik.providers.oauth2 domain_url=None namespace=authentik_providers_oauth2_root pid=60660 schema_name=public
2024-05-26T00:27:42.208880 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=application/o/ app_name=authentik.providers.oauth2 domain_url=None namespace=authentik_providers_oauth2 pid=60660 schema_name=public
2024-05-26T00:27:42.208946 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=application/saml/ app_name=authentik.providers.saml domain_url=None namespace=authentik_providers_saml pid=60660 schema_name=public
2024-05-26T00:27:42.209042 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=recovery/ app_name=authentik.recovery domain_url=None namespace=authentik_recovery pid=60660 schema_name=public
2024-05-26T00:27:42.209095 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=source/oauth/ app_name=authentik.sources.oauth domain_url=None namespace=authentik_sources_oauth pid=60660 schema_name=public
2024-05-26T00:27:42.209144 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=source/saml/ app_name=authentik.sources.saml domain_url=None namespace=authentik_sources_saml pid=60660 schema_name=public
2024-05-26T00:27:42.209191 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint=source/scim/ app_name=authentik.sources.scim domain_url=None namespace=authentik_sources_scim pid=60660 schema_name=public
2024-05-26T00:27:42.209254 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint= app_name=authentik.core domain_url=None namespace=authentik_core pid=60660 schema_name=public
2024-05-26T00:27:42.209301 [debug    ] Mounted URLs                   [authentik.root.urls] app_mountpoint= app_name=authentik.enterprise.providers.rac domain_url=None namespace=authentik_providers_rac pid=60660 schema_name=public
[standard:public] === Starting migration
[standard:public] Operations to perform:
[standard:public]   Apply all migrations: auth, authentik_blueprints, authentik_brands, authentik_core, authentik_crypto, authentik_enterprise, authentik_events, authentik_flows, authentik_outposts, authentik_policies, authentik_policies_dummy, authentik_policies_event_matcher, authentik_policies_expiry, authentik_policies_expression, authentik_policies_password, authentik_policies_reputation, authentik_providers_google_workspace, authentik_providers_ldap, authentik_providers_microsoft_entra, authentik_providers_oauth2, authentik_providers_proxy, authentik_providers_rac, authentik_providers_radius, authentik_providers_saml, authentik_providers_scim, authentik_rbac, authentik_sources_ldap, authentik_sources_oauth, authentik_sources_plex, authentik_sources_saml, authentik_sources_scim, authentik_stages_authenticator_duo, authentik_stages_authenticator_sms, authentik_stages_authenticator_static, authentik_stages_authenticator_totp, authentik_stages_authenticator_validate, authentik_stages_authenticator_webauthn, authentik_stages_captcha, authentik_stages_consent, authentik_stages_deny, authentik_stages_dummy, authentik_stages_email, authentik_stages_identification, authentik_stages_invitation, authentik_stages_password, authentik_stages_prompt, authentik_stages_source, authentik_stages_user_delete, authentik_stages_user_login, authentik_stages_user_logout, authentik_stages_user_write, authentik_tenants, contenttypes, guardian, sessions
[standard:public] Running migrations:
[standard:public]   Applying contenttypes.0001_initial...
[standard:public]  OK
[standard:public]   Applying contenttypes.0002_remove_content_type_name...
[standard:public]  OK
[standard:public]   Applying auth.0001_initial...
[standard:public]  OK
[standard:public]   Applying auth.0002_alter_permission_name_max_length...
[standard:public]  OK
[standard:public]   Applying auth.0003_alter_user_email_max_length...
[standard:public]  OK
[standard:public]   Applying auth.0004_alter_user_username_opts...
[standard:public]  OK
[standard:public]   Applying auth.0005_alter_user_last_login_null...
[standard:public]  OK
[standard:public]   Applying auth.0006_require_contenttypes_0002...
[standard:public]  OK
[standard:public]   Applying auth.0007_alter_validators_add_error_messages...
[standard:public]  OK
[standard:public]   Applying auth.0008_alter_user_username_max_length...
[standard:public]  OK
[standard:public]   Applying auth.0009_alter_user_last_name_max_length...
[standard:public]  OK
[standard:public]   Applying auth.0010_alter_group_name_max_length...
[standard:public]  OK
[standard:public]   Applying auth.0011_update_proxy_permissions...
[standard:public]  OK
[standard:public]   Applying auth.0012_alter_user_first_name_max_length...
[standard:public]  OK
[standard:public]   Applying authentik_policies.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_policies.0002_auto_20200528_1647...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0001_squashed_0007_auto_20200703_2059...
[standard:public]  OK
[standard:public]   Applying authentik_blueprints.0001_initial...
DEBU[0003] backend not alive yet                         logger=authentik.router.unicorn
[standard:public]  OK
[standard:public]   Applying authentik_blueprints.0002_blueprintinstance_content...
[standard:public]  OK
[standard:public]   Applying authentik_blueprints.0003_alter_blueprintinstance_name...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0008_default_flows...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0009_source_flows...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0010_provider_flows...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0011_flow_title...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0012_auto_20200908_1542_squashed_0017_auto_20210329_1334...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0018_oob_flows...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0019_alter_flow_background_squashed_0024_alter_flow_compatibility_mode...
[standard:public]  OK
[standard:public]   Applying authentik_crypto.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_core.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_providers_saml.0001_squashed_0005_remove_samlprovider_processor_path...
[standard:public]  OK
[standard:public]   Applying authentik_core.0002_auto_20200523_1133_squashed_0011_provider_name_temp...
[standard:public]  OK
[standard:public]   Applying authentik_providers_saml.0006_remove_samlprovider_name...
[standard:public]  OK
[standard:public]   Applying authentik_crypto.0002_create_self_signed_kp...
[standard:public]  OK
[standard:public]   Applying authentik_providers_oauth2.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_providers_oauth2.0002_oauth2provider_sub_mode...
[standard:public]  OK
[standard:public]   Applying authentik_providers_oauth2.0003_auto_20200916_2129...
[standard:public]  OK
[standard:public]   Applying authentik_providers_oauth2.0004_remove_oauth2provider_post_logout_redirect_uris...
[standard:public]  OK
[standard:public]   Applying authentik_providers_oauth2.0005_auto_20200920_1240...
[standard:public]  OK
[standard:public]   Applying authentik_providers_oauth2.0006_remove_oauth2provider_name...
[standard:public]  OK
[standard:public]   Applying authentik_core.0012_auto_20201003_1737_squashed_0016_auto_20201202_2234...
DEBU[0004] backend not alive yet                         logger=authentik.router.unicorn
[standard:public]  OK
[standard:public]   Applying authentik_core.0017_managed...
[standard:public]  OK
[standard:public]   Applying authentik_core.0018_auto_20210330_1345_squashed_0028_alter_token_intent...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0020_flowtoken...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0021_auto_20211227_2103...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0022_flow_layout...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0023_flow_denied_action...
[standard:public]  OK
[standard:public]   Applying authentik_policies.0003_auto_20200908_1542...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0002_auto_20200920_1859...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0003_auto_20210222_1821...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0004_prompt_sub_text...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0005_alter_prompt_field_key...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0006_alter_prompt_type...
[standard:public]  OK
[standard:public]   Applying authentik_stages_prompt.0007_prompt_placeholder_expression...
[standard:public]  OK
[standard:public]   Applying authentik_crypto.0003_certificatekeypair_managed...
[standard:public]  OK
[standard:public]   Applying authentik_brands.0001_squashed_0005_tenant_web_certificate...
[standard:public]  OK
[standard:public]   Applying authentik_brands.0002_tenant_flow_user_settings...
[standard:public]  OK
[standard:public]   Applying authentik_brands.0003_tenant_attributes...
[standard:public]  OK
[standard:public]   Applying authentik_brands.0004_tenant_flow_device_code...
[standard:public]  OK
[standard:public]   Applying authentik_brands.0005_tenantuuid_to_branduuid...
[standard:public]  OK
[standard:public]   Applying authentik_brands.0006_brand_authentik_b_domain_b9b24a_idx_and_more...
[standard:public]  OK
[standard:public]   Applying authentik_rbac.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_rbac.0002_systempermission...
[standard:public]  OK
[standard:public]   Applying authentik_rbac.0003_alter_systempermission_options...
[standard:public]  OK
[standard:public]   Applying authentik_tenants.0001_initial...
[standard:public]  OK
[standard:public]   Applying authentik_tenants.0002_tenant_default_token_duration_and_more...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0024_flow_authentication...
[standard:public]  OK
[standard:public]   Applying authentik_flows.0025_alter_flowstagebinding_evaluate_on_plan_and_more...
[standard:public]  OK
[standard:public]   Applying authentik_core.0019_application_group...
[standard:public]  OK
[standard:public]   Applying authentik_core.0020_application_open_in_new_tab...
[standard:public]  OK
[standard:public]   Applying authentik_core.0021_source_user_path_user_path...
[standard:public]  OK
[standard:public]   Applying authentik_core.0022_alter_group_parent...
[standard:public]  OK
[standard:public]   Applying authentik_core.0023_source_authentik_c_slug_ccb2e5_idx_and_more...
[standard:public]  OK
[standard:public]   Applying authentik_core.0024_source_icon...
[standard:public]  OK
[standard:public]   Applying authentik_core.0025_alter_provider_authorization_flow...
[standard:public]  OK
[standard:public]   Applying authentik_providers_scim.0001_squashed_0006_rename_parent_group_scimprovider_filter_group...
DEBU[0005] backend not alive yet                         logger=authentik.router.unicorn
[standard:public]  OK
[standard:public]   Applying authentik_providers_ldap.0001_squashed_0005_ldapprovider_search_mode...
[standard:public]  OK
[standard:public]   Applying authentik_providers_ldap.0002_ldapprovider_bind_mode...
[standard:public]  OK
[standard:public]   Applying authentik_core.0026_alter_propertymapping_name_alter_provider_name...
[standard:public]  OK
[standard:public]   Applying authentik_core.0027_alter_user_uuid...
[standard:public]  OK
[standard:public]   Applying authentik_core.0028_provider_authentication_flow...
[standard:public]  OK
[standard:public]   Applying authentik_core.0029_provider_backchannel_applications_and_more...
DEBU[0006] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0007] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0008] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0009] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0010] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0011] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0012] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0013] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0014] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0015] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0016] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0017] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0018] backend not alive yet                         logger=authentik.router.unicorn
DEBU[0019] backend not alive yet                         logger=authentik.router.unicorn

Version and Deployment (please complete the following information):

  • authentik version: [e.g. 2024.4.2]
  • Deployment: [e.g. docker-compose]

Docker compose

services:
  postgresql:
    container_name: postgres
    image: docker.io/library/postgres:16
    platform: linux/amd64
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      POSTGRES_HOST_AUTH_METHOD: trust
      POSTGRES_DB: authentik
    ports:
      - 127.0.0.1:5432:5432
    restart: always

  redis:
    container_name: redis
    image: docker.io/library/redis
    platform: linux/amd64
    ports:
      - 127.0.0.1:6379:6379
    restart: always
    
  s3:
    container_name: s3
    image: docker.io/zenko/cloudserver
    platform: linux/amd64
    environment:
      REMOTE_MANAGEMENT_DISABLE: "1"
      SCALITY_ACCESS_KEY_ID: accessKey1
      SCALITY_SECRET_ACCESS_KEY: secretKey1
    ports:
      - 8020:8000
    volumes:
      - ./s3-data:/usr/src/app/localData
      - ./s3-metadata:/usr/scr/app/localMetadata
    restart: always

  spotlight:
    container_name: spotlight
    image: ghcr.io/getsentry/spotlight
    platform: linux/amd64
    ports:
      - 127.0.0.1:8969:8969
    restart: always

volumes:
  db-data:
    driver: local
  s3-data:
    driver: local
  s3-metadata:
    driver: local

Docker postgres logs


2024-05-25 21:27:13 ********************************************************************************
2024-05-25 21:27:13 WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
2024-05-25 21:27:13          anyone with access to the Postgres port to access your database without
2024-05-25 21:27:13          a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
2024-05-25 21:27:13          documentation about "trust":
2024-05-25 21:27:13          https://www.postgresql.org/docs/current/auth-trust.html
2024-05-25 21:27:13          In Docker's default configuration, this is effectively any other
2024-05-25 21:27:13          container on the same system.
2024-05-25 21:27:13 
2024-05-25 21:27:13          It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
2024-05-25 21:27:13          it with "-e POSTGRES_PASSWORD=password" instead to set a password in
2024-05-25 21:27:13          "docker run".
2024-05-25 21:27:13 ********************************************************************************
2024-05-25 21:27:14 initdb: warning: enabling "trust" authentication for local connections
2024-05-25 21:27:14 initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
2024-05-25 21:27:13 The files belonging to this database system will be owned by user "postgres".
2024-05-25 21:27:13 This user must also own the server process.
2024-05-25 21:27:13 
2024-05-25 21:27:13 The database cluster will be initialized with locale "en_US.utf8".
2024-05-25 21:27:13 The default database encoding has accordingly been set to "UTF8".
2024-05-25 21:27:13 The default text search configuration will be set to "english".
2024-05-25 21:27:13 
2024-05-25 21:27:13 Data page checksums are disabled.
2024-05-25 21:27:13 
2024-05-25 21:27:13 fixing permissions on existing directory /var/lib/postgresql/data ... ok
2024-05-25 21:27:13 creating subdirectories ... ok
2024-05-25 21:27:13 selecting dynamic shared memory implementation ... posix
2024-05-25 21:27:13 selecting default max_connections ... 100
2024-05-25 21:27:13 selecting default shared_buffers ... 128MB
2024-05-25 21:27:13 selecting default time zone ... Etc/UTC
2024-05-25 21:27:13 creating configuration files ... ok
2024-05-25 21:27:13 running bootstrap script ... ok
2024-05-25 21:27:14 performing post-bootstrap initialization ... ok
2024-05-25 21:27:14 syncing data to disk ... ok
2024-05-25 21:27:14 
2024-05-25 21:27:14 
2024-05-25 21:27:14 Success. You can now start the database server using:
2024-05-25 21:27:14 
2024-05-25 21:27:14     pg_ctl -D /var/lib/postgresql/data -l logfile start
2024-05-25 21:27:14 
2024-05-25 21:27:15 waiting for server to start....2024-05-26 00:27:15.078 UTC [49] LOG:  starting PostgreSQL 16.3 (Debian 16.3-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2024-05-25 21:27:15 2024-05-26 00:27:15.081 UTC [49] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-05-25 21:27:15 2024-05-26 00:27:15.091 UTC [52] LOG:  database system was shut down at 2024-05-26 00:27:14 UTC
2024-05-25 21:27:15 2024-05-26 00:27:15.105 UTC [49] LOG:  database system is ready to accept connections
2024-05-25 21:27:15  done
2024-05-25 21:27:15 server started
2024-05-25 21:27:15 CREATE DATABASE
2024-05-25 21:27:15 
2024-05-25 21:27:15 
2024-05-25 21:27:15 /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
2024-05-25 21:27:15 
2024-05-25 21:27:15 2024-05-26 00:27:15.781 UTC [49] LOG:  received fast shutdown request
2024-05-25 21:27:15 waiting for server to shut down....2024-05-26 00:27:15.785 UTC [49] LOG:  aborting any active transactions
2024-05-25 21:27:15 2024-05-26 00:27:15.798 UTC [49] LOG:  background worker "logical replication launcher" (PID 55) exited with exit code 1
2024-05-25 21:27:15 2024-05-26 00:27:15.799 UTC [50] LOG:  shutting down
2024-05-25 21:27:15 2024-05-26 00:27:15.800 UTC [50] LOG:  checkpoint starting: shutdown immediate
2024-05-25 21:27:15 2024-05-26 00:27:15.845 UTC [50] LOG:  checkpoint complete: wrote 922 buffers (5.6%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.013 s, sync=0.023 s, total=0.046 s; sync files=301, longest=0.005 s, average=0.001 s; distance=4255 kB, estimate=4255 kB; lsn=0/1911FA0, redo lsn=0/1911FA0
2024-05-25 21:27:15 2024-05-26 00:27:15.962 UTC [1] LOG:  starting PostgreSQL 16.3 (Debian 16.3-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
2024-05-25 21:27:15 2024-05-26 00:27:15.966 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2024-05-25 21:27:15 2024-05-26 00:27:15.966 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2024-05-25 21:27:15 2024-05-26 00:27:15.970 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-05-25 21:27:15 2024-05-26 00:27:15.982 UTC [65] LOG:  database system was shut down at 2024-05-26 00:27:15 UTC
2024-05-25 21:27:16 2024-05-26 00:27:15.998 UTC [1] LOG:  database system is ready to accept connections
2024-05-25 21:27:40 2024-05-26 00:27:40.698 UTC [70] WARNING:  there is already a transaction in progress
2024-05-25 21:27:15 2024-05-26 00:27:15.856 UTC [49] LOG:  database system is shut down
2024-05-25 21:27:15  done
2024-05-25 21:27:15 server stopped
2024-05-25 21:27:15 
2024-05-25 21:27:15 PostgreSQL init process complete; ready for start up.
2024-05-25 21:27:15
@EdungDivinefavour EdungDivinefavour added the bug Something isn't working label May 26, 2024
@boesr
Copy link
Contributor

boesr commented Jun 11, 2024

I can reproduce that

@boesr
Copy link
Contributor

boesr commented Jun 17, 2024

The error can be bypassed when adding backchannel_application_id and the corresponding foreign key to the authentik.public.authentik_core_provider table, as well as is_backchannel. Afterwards, I removed the migration lines in authentik/core/migrations/0029_provider_backchannel_applications_and_more.py.

Every change to the authentik.public.authentik_core_provider during the migration seems to lead to a hanging process. Maybe there is some broken lock setting? Unfortunately the application still cannot be run because now the following error is thrown:

django.db.utils.ProgrammingError: relation "authentik_outposts_dockerserviceconnection" does not exist
LINE 1: ...ntik_outposts_dockerserviceconnection"."tls" FROM "authentik...

@boesr
Copy link
Contributor

boesr commented Jun 17, 2024

The docker error is thrown by docker = DockerServiceConnection.objects.filter(local=True).first() (line 40 of authentik/outposts/migrations/0001_squashed_0017_outpost_managed.py)

@boesr
Copy link
Contributor

boesr commented Jun 17, 2024
edited
Loading

@EdungDivinefavour the version https://github.com/goauthentik/authentik/tree/version-2024.4 is working

@local-it-dev local-it-dev mentioned this issue Jun 19, 2024
Open
6 tasks
This was referenced Jun 20, 2024
Closed
Open
@Salvoxia
Copy link

Salvoxia commented Jul 6, 2024

I'm seeing the same issue when bootstrapping a completely fresh instance of 2024.6.0 using the Helm Chart and an empty database. The pod that first gets the database lock will be stuck on
Applying authentik_core.0029_provider_backchannel_applications_and_more....
When testing the same with a new docker-compose stack, everything came up just fine.

My values.yaml looks like this (nothing special in there that should have any influence on that I guess):

## Globally shared configuration for authentik components.
global:
  # Default image used by all authentik components. For GeoIP configuration, see the geoip values below.
  image:
    # -- Overrides the global authentik whose default is the chart appVersion
    tag: 2024.6.0
    # -- If defined, an image digest applied to all authentik deployments
  volumeMounts:
    - mountPath: /media
      name: media
  volumes:
    - name: media
      persistentVolumeClaim:
        claimName: authentik-media
        storageClass: longhorn
        size: 100m
  env: 
    - name: AUTHENTIK_POSTGRESQL__USER
      valueFrom:
        secretKeyRef:
          name: authentik-database-app-user
          key: username
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-database-app-user
          key: password
    - name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__USER
      valueFrom:
        secretKeyRef:
          name: authentik-database-app-user
          key: username
    - name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-database-app-user
          key: password
    - name: AUTHENTIK_LOG_LEVEL
      value: debug
  envFrom:
    - configMapRef:  
        name: authentik-env-variables
    - secretRef:
        name: authentik-credentials
## Authentik configuration
authentik:
  # -- Log level for server and worker
  log_level: info
  # -- Secret key used for cookie singing and unique user IDs,
  # don't change this after the first install
  secret_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
## authentik server
server:
  # -- The number of server pods to run
  replicas: 2
  # -- Init containers to add to the authentik server pod
  ## Note: Supports use of custom Helm templates
  initContainers: 
    volume-permissions:
      name: volume-permissions
      image: busybox
      command: ["sh", "-c", "chown -R 1000:1000 /media"]
      volumeMounts:
        - name: media
          mountPath: /media
  # -- Labels to be added to the authentik server pods
  podLabels:
    app.kubernetes.io/service: authentik-server
## authentik worker
worker:
  # -- The number of worker pods to run
  replicas: 2

  # -- Labels to be added to the authentik worker pods
  podLabels:
    app.kubernetes.io/service: authentik-worker

@Niich
Copy link

Niich commented Jul 7, 2024

I was able to get the migrations to finish by editing the local.env.yaml and removing the read_replicas: section.

...
outposts:
  container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
  disable_embedded_outpost: false
postgresql:
  # read_replicas:
  #   '0': {}
  user: postgres
  host: localhost
...

The error seems to be caused by the backport_is_backchannel function in 0029_provider_backchannel_applications_and_more.py. When the config specifies that there is a read replica, but there really isn't, the db_for_read function returns an alias that leads back to the single instance DB. Django then tried to perform a SELECT while the previous transaction is still active and locking the relevant table.

I'm not sure where the best place to fix this is since its technically a 'user error' by supplying an invalid config. But it took quite a while for me to locate the problem, so it might be a good idea to at least do some more validation on the read_replica configs to notify the user they have submitted a potentially invalid config.

@rissson rissson mentioned this issue Jul 8, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

core: fix migrations missing using db_alias goauthentik/authentik
4 participants
@Salvoxia @Niich @EdungDivinefavour @boesr