zitadel
zitadel copied to clipboard
Published
20 hours ago •
zitadel
zitadel
[Bug]: Cannot create initial machine user following docs
Preflight Checklist
- [X] I could not find a solution in the documentation, the existing issues or discussions
- [ ] I have joined the ZITADEL chat
Environment
Self-hosted
Version
v2.49.1
Database
PostgreSQL
Database Version
16
Describe the problem caused by this bug
After following official docs that creates service account during initializing zitadel, I got following errors:
time="2024-04-08T11:00:45Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=02_assets
time="2024-04-08T11:00:45Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=03_default_instance
time="2024-04-08T11:00:45Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=03_default_instance
time="2024-04-08T11:00:45Z" level=warning msg="add unique constraint failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/v3/unique_constraints.go:74" error="ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505)"
time="2024-04-08T11:00:45Z" level=error msg="migration failed" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:68" error="ID=V3-DKcYh Message=Errors.Instance.Domain.AlreadyExists Parent=(ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505))" name=03_default_instance
time="2024-04-08T11:00:45Z" level=fatal msg="migration failed" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:210" error="ID=V3-DKcYh Message=Errors.Instance.Domain.AlreadyExists Parent=(ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505))" name=03_default_instance
docker compose:
services:
zitadel:
image: ghcr.io/zitadel/zitadel:v2.49.1
container_name: zitadel
command: 'start-from-init --masterkeyFromEnv --steps /config/steps.yaml --config /config/config.yaml --config /config/secret.yaml'
env_file:
- ./env/zitadel-masterkey.env
- ./env/zitadel-db.env
depends_on:
zitadel-db:
condition: 'service_healthy'
restart: always
networks:
zitadel:
private:
volumes:
- ./config/zitadel:/config:ro
- ./test:/machinekey
zitadel-db:
image: postgres:16-alpine
container_name: zitadel-db
restart: always
env_file:
- ./env/zitadel-db.env
volumes:
- /data/zitadel-db:/var/lib/postgresql/data
networks:
zitadel:
healthcheck:
test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
interval: '10s'
timeout: '30s'
retries: 5
start_period: '20s'
networks:
private:
external: true
zitadel:
config.yaml
Port: 8080
ExternalPort: 443
ExternalDomain: "redacted"
ExternalSecure: true
TLS:
Enabled: false
DefaultInstance:
DomainPolicy:
UserLoginMustBeDomain: true
LoginPolicy:
AllowRegister: false
Org:
Machine:
Machine:
Username: root
Name: root
MachineKey:
Type: 1
LogStore:
Access:
Stdout:
Enabled: true
secrets.yaml
Database:
postgres:
Host: zitadel-db
Port: 5432
Database: zitadel
User:
Username: zitadel
Password: zitadel
SSL:
Mode: disable
Admin:
Username: postgres
Password: postgres
SSL:
Mode: disable
steps.yaml
FirstInstance:
MachineKeyPath: /machinekey/root-sa.json
Org:
# Human:
# UserName: admin
# Password: "Password1!"
# Email:
# Verified: false
Machine:
Machine:
Username: root
Name: root
MachineKey:
Type: 1
To reproduce
- Follow https://zitadel.com/docs/self-hosting/deploy/compose#docker-compose-with-service-account
Screenshots
No response
Expected behavior
No response
Operating System
No response
Relevant Configuration
No response
Additional Context
No response
Hm, out of curiosity, what happens if you delete the database and try again?
Hm that is sad.
It is strange that your migration gets stuck in an early place.
Let me try to reproduce this. Can you share your docker version?
I just tested the example and it worked.
What happens if you start with docker compose up?
That's strange... I can't get past this error trying from another machine
docker version
Client: Docker Engine - Community
Version: 26.0.0
API version: 1.45
Go version: go1.21.8
Git commit: 2ae903e
Built: Wed Mar 20 15:17:48 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.0.0
API version: 1.45 (minimum version 1.24)
Go version: go1.21.8
Git commit: 8b79278
Built: Wed Mar 20 15:17:48 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker compose up
WARN[0000] /home/f/test/docker-compose.yaml: `version` is obsolete
[+] Running 1/1
✔ zitadel Pulled 0.9s
[+] Running 3/1
✔ Network test_zitadelnet Created 0.1s
✔ Container test-db-1 Created 0.0s
✔ Container test-zitadel-1 Created 0.0s
Attaching to db-1, zitadel-1
db-1 | The files belonging to this database system will be owned by user "postgres".
db-1 | This user must also own the server process.
db-1 |
db-1 | The database cluster will be initialized with locale "en_US.utf8".
db-1 | The default database encoding has accordingly been set to "UTF8".
db-1 | The default text search configuration will be set to "english".
db-1 |
db-1 | Data page checksums are disabled.
db-1 |
db-1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok
db-1 | creating subdirectories ... ok
db-1 | selecting dynamic shared memory implementation ... posix
db-1 | selecting default max_connections ... 100
db-1 | selecting default shared_buffers ... 128MB
db-1 | selecting default time zone ... UTC
db-1 | creating configuration files ... ok
db-1 | running bootstrap script ... ok
db-1 | sh: locale: not found
db-1 | 2024-04-09 01:25:29.828 UTC [31] WARNING: no usable system locales were found
db-1 | performing post-bootstrap initialization ... ok
db-1 | syncing data to disk ... ok
db-1 |
db-1 | initdb: warning: enabling "trust" authentication for local connections
db-1 | initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
db-1 |
db-1 | Success. You can now start the database server using:
db-1 |
db-1 | pg_ctl -D /var/lib/postgresql/data -l logfile start
db-1 |
db-1 | waiting for server to start....2024-04-09 01:25:30.297 UTC [37] LOG: starting PostgreSQL 16.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014, 64-bit
db-1 | 2024-04-09 01:25:30.298 UTC [37] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db-1 | 2024-04-09 01:25:30.301 UTC [40] LOG: database system was shut down at 2024-04-09 01:25:30 UTC
db-1 | 2024-04-09 01:25:30.304 UTC [37] LOG: database system is ready to accept connections
db-1 | done
db-1 | server started
db-1 |
db-1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
db-1 |
db-1 | 2024-04-09 01:25:30.404 UTC [37] LOG: received fast shutdown request
db-1 | waiting for server to shut down....2024-04-09 01:25:30.406 UTC [37] LOG: aborting any active transactions
db-1 | 2024-04-09 01:25:30.418 UTC [37] LOG: background worker "logical replication launcher" (PID 43) exited with exit code 1
db-1 | 2024-04-09 01:25:30.419 UTC [38] LOG: shutting down
db-1 | 2024-04-09 01:25:30.420 UTC [38] LOG: checkpoint starting: shutdown immediate
db-1 | 2024-04-09 01:25:30.425 UTC [38] LOG: checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.002 s, sync=0.001 s, total=0.007 s; sync files=2, longest=0.001 s, average=0.001 s; distance=0 kB, estimate=0 kB; lsn=0/14F0498, redo lsn=0/14F0498
db-1 | 2024-04-09 01:25:30.436 UTC [37] LOG: database system is shut down
db-1 | done
db-1 | server stopped
db-1 |
db-1 | PostgreSQL init process complete; ready for start up.
db-1 |
db-1 | 2024-04-09 01:25:30.532 UTC [1] LOG: starting PostgreSQL 16.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014, 64-bit
db-1 | 2024-04-09 01:25:30.533 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
db-1 | 2024-04-09 01:25:30.533 UTC [1] LOG: listening on IPv6 address "::", port 5432
db-1 | 2024-04-09 01:25:30.535 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db-1 | 2024-04-09 01:25:30.538 UTC [51] LOG: database system was shut down at 2024-04-09 01:25:30 UTC
db-1 | 2024-04-09 01:25:30.542 UTC [1] LOG: database system is ready to accept connections
db-1 | 2024-04-09 01:25:39.489 UTC [60] FATAL: role "root" does not exist
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:73"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify user" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_user.go:39" username=zitadel
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_database.go:39" database=zitadel
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify grant" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_grant.go:34" database=zitadel user=zitadel
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify zitadel" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:78" database=zitadel
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify system" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:39"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify encryption keys" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:44"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify projections" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:49"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify eventstore" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:54"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify events tables" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:59"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify system sequence" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:64"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify unique constraints" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:69"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="setup started" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:90"
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=14_events_push
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=14_events_push
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=01_tables
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=01_tables
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=02_assets
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=02_assets
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:40Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:41Z" level=error msg="migration failed" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:68" error="open /machinekey/zitadel-admin-sa.json: permission denied" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:41Z" level=fatal msg="migration failed" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:210" error="open /machinekey/zitadel-admin-sa.json: permission denied" name=03_default_instance
zitadel-1 exited with code 0
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:73"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify user" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_user.go:39" username=zitadel
db-1 | 2024-04-09 01:25:41.792 UTC [158] ERROR: role "zitadel" already exists
db-1 | 2024-04-09 01:25:41.792 UTC [158] STATEMENT: CREATE USER "zitadel" WITH PASSWORD 'zitadel'
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_database.go:39" database=zitadel
db-1 | 2024-04-09 01:25:41.798 UTC [159] ERROR: database "zitadel" already exists
db-1 | 2024-04-09 01:25:41.798 UTC [159] STATEMENT: CREATE DATABASE "zitadel"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify grant" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_grant.go:34" database=zitadel user=zitadel
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify zitadel" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:78" database=zitadel
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify system" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:39"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify encryption keys" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:44"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify projections" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:49"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify eventstore" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:54"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify events tables" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:59"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify system sequence" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:64"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="verify unique constraints" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:69"
zitadel-1 | time="2024-04-09T01:25:41Z" level=info msg="setup started" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:90"
zitadel-1 | time="2024-04-09T01:25:42Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=14_events_push
zitadel-1 | time="2024-04-09T01:25:42Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=01_tables
zitadel-1 | time="2024-04-09T01:25:42Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=02_assets
zitadel-1 | time="2024-04-09T01:25:42Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:42Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=03_default_instance
db-1 | 2024-04-09 01:25:43.049 UTC [239] ERROR: duplicate key value violates unique constraint "unique_constraints_pkey"
db-1 | 2024-04-09 01:25:43.049 UTC [239] DETAIL: Key (instance_id, unique_type, unique_field)=(, instance_domain, localhost) already exists.
db-1 | 2024-04-09 01:25:43.049 UTC [239] STATEMENT: INSERT INTO eventstore.unique_constraints (
db-1 | instance_id
db-1 | , unique_type
db-1 | , unique_field
db-1 | ) VALUES
db-1 | ($1, $2, $3), ($4, $5, $6), ($7, $8, $9), ($10, $11, $12), ($13, $14, $15), ($16, $17, $18), ($19, $20, $21), ($22, $23, $24), ($25, $26, $27), ($28, $29, $30), ($31, $32, $33), ($34, $35, $36), ($37, $38, $39), ($40, $41, $42), ($43, $44, $45), ($46, $47, $48), ($49, $50, $51), ($52, $53, $54), ($55, $56, $57), ($58, $59, $60), ($61, $62, $63), ($64, $65, $66)
zitadel-1 | time="2024-04-09T01:25:43Z" level=warning msg="add unique constraint failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/v3/unique_constraints.go:74" error="ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505)"
zitadel-1 | time="2024-04-09T01:25:43Z" level=error msg="migration failed" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:68" error="ID=V3-DKcYh Message=Errors.Instance.Domain.AlreadyExists Parent=(ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505))" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:43Z" level=fatal msg="migration failed" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:210" error="ID=V3-DKcYh Message=Errors.Instance.Domain.AlreadyExists Parent=(ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505))" name=03_default_instance
zitadel-1 exited with code 1
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:73"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify user" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_user.go:39" username=zitadel
db-1 | 2024-04-09 01:25:43.495 UTC [242] ERROR: role "zitadel" already exists
db-1 | 2024-04-09 01:25:43.495 UTC [242] STATEMENT: CREATE USER "zitadel" WITH PASSWORD 'zitadel'
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify database" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_database.go:39" database=zitadel
db-1 | 2024-04-09 01:25:43.501 UTC [243] ERROR: database "zitadel" already exists
db-1 | 2024-04-09 01:25:43.501 UTC [243] STATEMENT: CREATE DATABASE "zitadel"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify grant" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_grant.go:34" database=zitadel user=zitadel
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify zitadel" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:78" database=zitadel
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify system" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:39"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify encryption keys" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:44"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify projections" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:49"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify eventstore" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:54"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify events tables" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:59"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify system sequence" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:64"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify unique constraints" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_zitadel.go:69"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="setup started" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:90"
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=14_events_push
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=01_tables
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=02_assets
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="verify migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:43" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:43Z" level=info msg="starting migration" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:66" name=03_default_instance
db-1 | 2024-04-09 01:25:44.544 UTC [323] ERROR: duplicate key value violates unique constraint "unique_constraints_pkey"
db-1 | 2024-04-09 01:25:44.544 UTC [323] DETAIL: Key (instance_id, unique_type, unique_field)=(, instance_domain, localhost) already exists.
db-1 | 2024-04-09 01:25:44.544 UTC [323] STATEMENT: INSERT INTO eventstore.unique_constraints (
db-1 | instance_id
db-1 | , unique_type
db-1 | , unique_field
db-1 | ) VALUES
db-1 | ($1, $2, $3), ($4, $5, $6), ($7, $8, $9), ($10, $11, $12), ($13, $14, $15), ($16, $17, $18), ($19, $20, $21), ($22, $23, $24), ($25, $26, $27), ($28, $29, $30), ($31, $32, $33), ($34, $35, $36), ($37, $38, $39), ($40, $41, $42), ($43, $44, $45), ($46, $47, $48), ($49, $50, $51), ($52, $53, $54), ($55, $56, $57), ($58, $59, $60), ($61, $62, $63), ($64, $65, $66)
zitadel-1 | time="2024-04-09T01:25:44Z" level=warning msg="add unique constraint failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/v3/unique_constraints.go:74" error="ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505)"
zitadel-1 | time="2024-04-09T01:25:44Z" level=error msg="migration failed" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:68" error="ID=V3-DKcYh Message=Errors.Instance.Domain.AlreadyExists Parent=(ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505))" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:44Z" level=fatal msg="migration failed" caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:210" error="ID=V3-DKcYh Message=Errors.Instance.Domain.AlreadyExists Parent=(ERROR: duplicate key value violates unique constraint \"unique_constraints_pkey\" (SQLSTATE 23505))" name=03_default_instance
zitadel-1 | time="2024-04-09T01:25:45Z" level=info msg="initialization started" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/init.go:73"
zitadel-1 | time="2024-04-09T01:25:45Z" level=info msg="verify user" caller="/home/runner/work/zitadel/zitadel/cmd/initialise/verify_user.go:39" username=zitadel
db-1 | 2024-04-09 01:25:45.216 UTC [326] ERROR: role "zitadel" already exists
db-1 | 2024-04-09 01:25:45.216 UTC [326] STATEMENT: CREATE USER "zitadel" WITH PASSWORD 'zitadel'
Hm it still works
Can you tell me a little bot on what linux you are using? Maybe I can reproduce then.
I'm running ubuntu 22.04 using nix-shell. I don't think the issue is with the OS/docker. Isn't docker a tool to solve "it only works on my machine"?
Did you define any human user first? I'm not sure what's happening either...
I'm running ubuntu 22.04 using nix-shell. I don't think the issue is with the OS/docker. Isn't docker a tool to solve "it only works on my machine"?
Did you define any human user first? I'm not sure what's happening either...
Haha yeah sometimes we saw weird problems around the networking when switching between linux and macos or windows.
Let me try again with your shared example in the initial comment (if that is what you are still using)
@finzzz try replacing "CMD-SHELL" with "CMD" in healthcheck section. it works for me on windows11
@finzzz Your indentation in config.yaml is wrong.
You have to push "Org" one level like this:
Port: 8080
ExternalPort: 443
ExternalDomain: "redacted"
ExternalSecure: true
TLS:
Enabled: false
DefaultInstance:
DomainPolicy:
UserLoginMustBeDomain: true
LoginPolicy:
AllowRegister: false
Org:
Machine:
Machine:
Username: root
Name: root
MachineKey:
Type: 1
LogStore:
Access:
Stdout:
Enabled: true
@finzzz @fforootd I experienced the same error. Here is my step.config
# See: https://raw.githubusercontent.com/zitadel/zitadel/main/cmd/setup/steps.yaml
# By using the FirstInstance section, you can overwrite the DefaultInstance configuration for the first instance created by zitadel setup.
FirstInstance:
# The machine key from the section FirstInstance.Org.Machine.MachineKey is written to the MachineKeyPath.
MachineKeyPath: /machinekey/zitadel-admin-sa.json # ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH
# The personal access token from the section FirstInstance.Org.Machine.Pat is written to the PatPath.
PatPath: # ZITADEL_FIRSTINSTANCE_PATPATH
InstanceName: myinstance # ZITADEL_FIRSTINSTANCE_INSTANCENAME
DefaultLanguage: de # ZITADEL_FIRSTINSTANCE_DEFAULTLANGUAGE
Org:
Name: myorg # ZITADEL_FIRSTINSTANCE_ORG_NAME
# In the FirstInstance.Org.Machine section, the initial organization's admin user with the role IAM_OWNER is defined.
# ZITADEL either creates a human user or a machine user.
# If FirstInstance.Org.Machine.Machine is defined, a service user is created with the IAM_OWNER role, not a human user.
Machine:
Machine:
Username: machineuser # ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME
Name: machineuser # ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME
MachineKey:
# date format: 2023-01-01T00:00:00Z
ExpirationDate: # ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_EXPIRATIONDATE
# Currently, the only supported value is 1 for JSON
Type: 1 # ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE
Pat:
# date format: 2023-01-01T00:00:00Z
ExpirationDate: # ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE
CorrectCreationDate:
FailAfter: 5m # ZITADEL_CORRECTCREATIONDATE_FAILAFTER
AddEventCreatedAt:
BulkAmount: 100 # ZITADEL_ADDEVENTCREATEDAT_BULKAMOUNT
The error does not pop up if I specify a human user next to the machine user. I'm using the latest docker image. Any ideas why this is the case? Thanks!
Cannot confirm but more like a hunch: I checked https://github.com/zitadel/zitadel/blob/cd6b452fc9f185142085eb9a9cd62197b0d27cb5/cmd/setup/03.go#L101-L123 and it looks like that the FirstInstance.Org.Human seems to be mandatory and the FirstInstance.Org.Machine is rather optional.
I merely cannot validate the claim from the upstream steps config comment:
# In the FirstInstance.Org.Machine section, the initial organization's admin user with the role IAM_OWNER is defined. # ZITADEL either creates a human user or a machine user. # If FirstInstance.Org.Machine.Machine is defined, a service user is created with the IAM_OWNER role, not a human user.
@fforootd can you confirm my hunch? :)
AFAIU I have to specify a human and machine user with the human user not being created - so what is the point exactly? :D
I think up to zitadel version 2.53.0 it was an XOR if you use a human or machine user to bootstrap zitadel.
I had the same issue on Linux, but not on MacOS. I mount host directory (non-existent) to retrieve machine keys. There were "unique_constraints_pkey" errors in zitadel logs, but also there were "permission denied" errors regarding mounted directory. Running container as root or giving 777 permissions to host directory fixed this issue.
upd: https://github.com/moby/moby/issues/45919#issuecomment-2205669702 seems related to my case upd: I use v2.53.2
