Docker instance failing installation at database access
I am trying to install zitadel to replace authentik on my Ugreen NAS. Somehow it always fails at the database access step. I have setup .env file with all the variables, however something seems to be wrong. zitadel-db container boots up and is healthy. zitadel container fails trying to access database and does not find user/ incorrect password. Any help is much appreciated!
26 Replies
Hi there @Krishna! Thanks for reaching out. Let me loop in a member of our engineering team that can look into this and troubleshoot with you ☺️
Hi there
@Krishna do you have any trace logs for this issue ?
Additionally, can you share with us :
- the docker compose command, you are using
- the .env file
The compose command i used is <docker compose up -d>. The compose file is on my ugreen NAS that has docker installed. I have pangolin setup on a vps and currently using authentik as my IAM tool. Trying to move to zitadel as I like the UI and also seems to be lighter on resources that can free up my ram.
I think the issue is related to not gaining access to db due to not being root ? never had this issue with any of the services I installed. I ran this compose file as user with admin privileges anyway. This is the root user I use for all installs
Yes, the log on the PostgreSQL database is strange.
I don't know where the issue lies.
I have tried to launch the containers with your configuration.
The only problem I have is that the Zitadel first instance org user password is missing a special character.
Otherwise, I am able to connect to the Zitadel instance with the initial credentials.
So maybe, trying reset you postgresql database
I think the database have an old username/password value
I managed to get past the container error and now facing another issue when I login to the console/UI.
Oh I know why you have the root user log on the dB
It's the healthcheck, you need to escape the environement variable with
$$
That's a good news !!!! Well done
We don't have any clues in the logs
Have you tried setting the log level to debug?
You can set this environement varaible ZITADEL_LOG_LEVEL to DEBUGWill do this and take fresh set of logs
I had actually removed the health check to get it boot up without looping. I have now made changes to the compose file removing all references to env variables in hopes of getting it working with a simple setup. But still end up with fatal error in zitadel due to database access issue ! Weirdly, the DB container seems ok while causing issue with actual zitadel container !
This is not working ?
Do you delete all postgresql dB files ?
Here are a working example : https://gitlab.com/24-heures-insa/infra/-/blob/main/docker-compose-zitadel.yml?ref_type=heads
The .env file is here : https://gitlab.com/24-heures-insa/infra/-/blob/main/example.env?ref_type=heads
I think you only need this section :
I deleted all and started again with simple compose file and not including any env stuff. The container starts ok, but in the db container, i again see the same issue that I had when I got this working with env file. At every reset, use docker compose down --volumes to make sure i delete the volume and also delete and recreate the folder. I am guessing there is something wrong that is corrupting database
So this working ?
nope. Database container seems ok without issue in the logs, but main container seems to have authentication problem.. phew ! this one seems to be a hard nut to crack
That's pretty weird
Can you map the db port and run a tool to explore the dB?
Like : https://marketplace.visualstudio.com/items?itemName=cweijan.dbclient-jdbc
And see the user you have in the db ?
Database Client JDBC - Visual Studio Marketplace
Extension for Visual Studio Code - JDBC Adapter For Database Client
Never done this before. Will try
i am installing zitadel on my ugreen nas.. is it possible to set this jdbc connector on nas to watch th database?
Not sure
You can simply publish a port on the docker compose for the dB service
And in your laptop, you can connect with vscode to the database
Use the IP or fqdn of your NAS into the Host field
Otherwise you can :
- connect to the container with exec command =>
docker exec -it zitadel-db sh
- connect to the dB with psql tool => psql -U <user> -d <database>
- list the user with du command => \du+
/ # psql -U zitadeladmin password
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: database "password" does not exist
/ # psql -U zitadeladmin -d zitadel
psql (17.5)
Type "help" for help.
zitadel=# \du+
List of roles
Role name | Attributes | Description
--------------+------------------------------------------------------------+-------------
zitadeladmin | Superuser, Create role, Create DB, Replication, Bypass RLS |
zitadel=#
looks like the user exits and is assigned the role Superuser
my env file for the docker compose (picked up from your example) has the following DB users:
ZITADEL_DATABASE_NAME=zitadel
ZITADEL_DATABASE_USER_USER=zitadel
ZITADEL_DATABASE_USER_PASSWORD=zitadel # Change it for security
ZITADEL_DATABASE_ADMIN_USER=zitadeladmin
ZITADEL_DATABASE_ADMIN_PASSWORD=password # Change it for security
but i see only zitadeladmin as the user
I managed to have error free setup with a really dumb compose file as attached.. But I feel quite insecure to use it with this barebones compose file. To avoid issues, i just setup everything database related with one single name 'postgres' ! No idea why the other configs were having issues though.
@Titouan-Joseph thanks a lot for your support in actively helping me resolve the issue.. I managed to bring up the instance and login with admin user. Although the database was still showing couple of user/login related errors, it seems to be working. I am not sure if I must worry about these issues in the log but for now I ll try and set it up for a few logins and apps. This stack is consuming about 200MB ram in total which I guess will settle around 350 after adding my data. However, this will be a huge saving from nearly 2GB ram that my authentik stack is consuming. Hopefully this will be just as stable in the long run given the teething issues I still have
@Krishna, good news !
My pleasure
Haha, I see the point about the perfs, I choose Zitadel for this point instead of Authentick or keycloak
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@296267160576327693>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀