Comments (6)
Niich
commented on August 28, 2024
1
I was able to get the migrations to finish by editing the local.env.yaml and removing the read_replicas: section.
...
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
disable_embedded_outpost: false
postgresql:
# read_replicas:
# '0': {}
user: postgres
host: localhost
...The error seems to be caused by the backport_is_backchannel function in 0029_provider_backchannel_applications_and_more.py. When the config specifies that there is a read replica, but there really isn't, the db_for_read function returns an alias that leads back to the single instance DB. Django then tried to perform a SELECT while the previous transaction is still active and locking the relevant table.
I'm not sure where the best place to fix this is since its technically a 'user error' by supplying an invalid config. But it took quite a while for me to locate the problem, so it might be a good idea to at least do some more validation on the read_replica configs to notify the user they have submitted a potentially invalid config.
from authentik.
boesr
commented on August 28, 2024
I can reproduce that
from authentik.
boesr
commented on August 28, 2024
The error can be bypassed when adding backchannel_application_id and the corresponding foreign key to the authentik.public.authentik_core_provider table, as well as is_backchannel. Afterwards, I removed the migration lines in authentik/core/migrations/0029_provider_backchannel_applications_and_more.py.
Every change to the authentik.public.authentik_core_provider during the migration seems to lead to a hanging process. Maybe there is some broken lock setting? Unfortunately the application still cannot be run because now the following error is thrown:
django.db.utils.ProgrammingError: relation "authentik_outposts_dockerserviceconnection" does not exist
LINE 1: ...ntik_outposts_dockerserviceconnection"."tls" FROM "authentik...from authentik.
boesr
commented on August 28, 2024
The docker error is thrown by docker = DockerServiceConnection.objects.filter(local=True).first() (line 40 of authentik/outposts/migrations/0001_squashed_0017_outpost_managed.py)
from authentik.
boesr
commented on August 28, 2024
@EdungDivinefavour the version https://github.com/goauthentik/authentik/tree/version-2024.4 is working
from authentik.
Salvoxia
commented on August 28, 2024
I'm seeing the same issue when bootstrapping a completely fresh instance of 2024.6.0 using the Helm Chart and an empty database. The pod that first gets the database lock will be stuck on
Applying authentik_core.0029_provider_backchannel_applications_and_more....
When testing the same with a new docker-compose stack, everything came up just fine.
My values.yaml looks like this (nothing special in there that should have any influence on that I guess):
## Globally shared configuration for authentik components.
global:
# Default image used by all authentik components. For GeoIP configuration, see the geoip values below.
image:
# -- Overrides the global authentik whose default is the chart appVersion
tag: 2024.6.0
# -- If defined, an image digest applied to all authentik deployments
volumeMounts:
- mountPath: /media
name: media
volumes:
- name: media
persistentVolumeClaim:
claimName: authentik-media
storageClass: longhorn
size: 100m
env:
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: authentik-database-app-user
key: username
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-database-app-user
key: password
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__USER
valueFrom:
secretKeyRef:
name: authentik-database-app-user
key: username
- name: AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-database-app-user
key: password
- name: AUTHENTIK_LOG_LEVEL
value: debug
envFrom:
- configMapRef:
name: authentik-env-variables
- secretRef:
name: authentik-credentials
## Authentik configuration
authentik:
# -- Log level for server and worker
log_level: info
# -- Secret key used for cookie singing and unique user IDs,
# don't change this after the first install
secret_key: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
## authentik server
server:
# -- The number of server pods to run
replicas: 2
# -- Init containers to add to the authentik server pod
## Note: Supports use of custom Helm templates
initContainers:
volume-permissions:
name: volume-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /media"]
volumeMounts:
- name: media
mountPath: /media
# -- Labels to be added to the authentik server pods
podLabels:
app.kubernetes.io/service: authentik-server
## authentik worker
worker:
# -- The number of worker pods to run
replicas: 2
# -- Labels to be added to the authentik worker pods
podLabels:
app.kubernetes.io/service: authentik-workerfrom authentik.
Related Issues (20)
- AMR MFA field not being sent to OIDC client?
- Blueprint validation failures not returned to web UI
- How to use apache2 auth_openidc? HOT 2
- Redirect failing on initial login HOT 1
- 404 errors for flows on full development environment HOT 1
- authentik Embedded Outpost Proxy Doesn't work when there are many Providers HOT 1
- UI is messed up when forcing light mode with system set to dark mode
- Nextcloud SAML: Found an Attribute element with duplicated Name HOT 1
- What is the TLS version of the OIDC provider of Authentik?
- Authentik occasionally times out HOT 1
- Add documentation surrounding configuring PhotoPrism in Integrations section of website HOT 1
- How about semantic versioning? HOT 1
- No outposts found with given token, ensure the given token corresponds to an authenitk Outpost HOT 2
- Docker Compose Setup Does Not Work on MacOS or Other POSIX OSes
- Application icons disappear after a few weeks
- GET /api/v3/flows/executor/google-enrollment-flow/
- Discord docs expression policy doubt
- Getting 500 error on subpages
- (1, 'failed to sign') when using ECDSA certificate for SAML HOT 3
- LDAP outpost doesn't work with if user has TOTP HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.