docker-kong-oidx image used with POSTGRES: unable to start
pixime opened this issue · comments
Hello all,
I am desperately trying to use the image with POSTGRES. Here is my docker-compose:
kong:
image: docker-kong-oidc:2.3.3-2
user: "${KONG_USER:-kong}"
depends_on:
- kong-db
environment:
- KONG_LOG_LEVEL=info
- KONG_ADMIN_ACCESS_LOG=/dev/stdout
- KONG_ADMIN_ERROR_LOG=/dev/stderr
- KONG_ADMIN_GUI_ACCESS_LOG=/dev/stdout
- KONG_ADMIN_GUI_ERROR_LOG=/dev/stderr
- KONG_PORTAL_API_ACCESS_LOG=/dev/stdout
- KONG_PORTAL_API_ERROR_LOG=/dev/stderr
- KONG_PROXY_ACCESS_LOG=/dev/stdout
- KONG_PROXY_ERROR_LOG=/dev/stderr
- KONG_ANONYMOUS_REPORTS=false
- KONG_CLUSTER_LISTEN=off
- 'KONG_LUA_PACKAGE_PATH=/opt/?.lua;/opt/?/init.lua;;'
- KONG_NGINX_WORKER_PROCESSES=1
- 'KONG_PLUGINS=bundled,oidc'
- 'KONG_ADMIN_LISTEN=0.0.0.0:8001'
- 'KONG_PROXY_LISTEN=0.0.0.0:8000, 0.0.0.0:8443 http2 ssl'
- 'KONG_STATUS_LISTEN=0.0.0.0:8100'
- KONG_NGINX_DAEMON=off
- 'KONG_X_SESSION_MEMCACHE_PORT=''1234'''
- KONG_X_SESSION_COMPRESSOR=zlib
- KONG_DATABASE=postgres
- KONG_PG_DATABASE=${KONG_PG_DATABASE:-kong}
- KONG_PG_HOST=kong-db
- KONG_PG_USER=${KONG_PG_USER:-kong}
- KONG_PG_PASSWORD_FILE=/run/secrets/kong_postgres_password
secrets:
- kong_postgres_password
networks:
- kong-net
ports:
- "8000:8000/tcp"
- "127.0.0.1:8001:8001/tcp"
- "8443:8443/tcp"
- "127.0.0.1:8444:8444/tcp"
healthcheck:
test: ["CMD", "kong", "health"]
interval: 10s
timeout: 10s
retries: 10
restart: on-failure
deploy:
restart_policy:
condition: on-failure
And there is the output I got from my kong-idc container on start:
kong_1 | 2021/04/09 14:42:49 [error] 1#0: init_by_lua error: /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: New migrations available; run 'kong migrations up' to proceed
kong_1 | stack traceback:
kong_1 | [C]: in function 'error'
kong_1 | /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: in function 'check_state'
kong_1 | /usr/local/share/lua/5.1/kong/init.lua:456: in function 'init'
kong_1 | init_by_lua:3: in main chunk
kong_1 | nginx: [error] init_by_lua error: /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: New migrations available; run 'kong migrations up' to proceed
kong_1 | stack traceback:
kong_1 | [C]: in function 'error'
kong_1 | /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: in function 'check_state'
kong_1 | /usr/local/share/lua/5.1/kong/init.lua:456: in function 'init'
kong_1 | init_by_lua:3: in main chunk
compose_kong_1 exited with code 1
I tried to use the image in db-less mode and it's work fine.
I also have in my docker-compose.yml services for migrations:
kong-migrations:
image: "${KONG_DOCKER_TAG:-kong:latest}"
command: kong migrations bootstrap
depends_on:
- kong-db
environment:
KONG_DATABASE: postgres
KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
KONG_PG_HOST: kong-db
KONG_PG_USER: ${KONG_PG_USER:-kong}
KONG_PG_PASSWORD_FILE: /run/secrets/kong_postgres_password
secrets:
- kong_postgres_password
networks:
- kong-net
restart: on-failure
deploy:
restart_policy:
condition: on-failure
kong-migrations-up:
image: "${KONG_DOCKER_TAG:-kong:latest}"
command: kong migrations up && kong migrations finish
depends_on:
- kong-db
environment:
KONG_DATABASE: postgres
KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
KONG_PG_HOST: kong-db
KONG_PG_USER: ${KONG_PG_USER:-kong}
KONG_PG_PASSWORD_FILE: /run/secrets/kong_postgres_password
secrets:
- kong_postgres_password
networks:
- kong-net
restart: on-failure
deploy:
restart_policy:
condition: on-failure
I have cleaned my POSTGRES volume and down/up many times, but I still got the same results.
I would also like to point out that using the standard version of Kong works fine:
image: "${KONG_DOCKER_TAG:-kong:latest}"
user: "${KONG_USER:-kong}"
depends_on:
- kong-db
environment:
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_ADMIN_LISTEN: '0.0.0.0:8001'
KONG_DATABASE: postgres
KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
KONG_PG_HOST: kong-db
KONG_PG_USER: ${KONG_PG_USER:-kong}
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_PG_PASSWORD_FILE: /run/secrets/kong_postgres_password
secrets:
- kong_postgres_password
networks:
- kong-net
ports:
- "8000:8000/tcp"
- "127.0.0.1:8001:8001/tcp"
- "8443:8443/tcp"
- "127.0.0.1:8444:8444/tcp"
healthcheck:
test: ["CMD", "kong", "health"]
interval: 10s
timeout: 10s
retries: 10
restart: on-failure
deploy:
restart_policy:
condition: on-failure
Thanks for your help
Prepared a simple test in tree/master/test/docker-compose.
It works fine for me. Looking closely, indeed, at the first attempt, the kong container fails with the message you reported. That is because the database is not yet migrated. But, the container will be restarted automatically by Docker, so will eventually start, when the migration finishes.
kong_1 | 2021/04/12 12:35:49 [error] 1#0: init_by_lua error: /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: New migrations available; run 'kong migrations up' to proceed
kong_1 | stack traceback:
kong_1 | [C]: in function 'error'
kong_1 | /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: in function 'check_state'
kong_1 | /usr/local/share/lua/5.1/kong/init.lua:456: in function 'init'
kong_1 | init_by_lua:3: in main chunk
kong_1 | nginx: [error] init_by_lua error: /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: New migrations available; run 'kong migrations up' to proceed
kong_1 | stack traceback:
kong_1 | [C]: in function 'error'
kong_1 | /usr/local/share/lua/5.1/kong/cmd/utils/migrations.lua:20: in function 'check_state'
kong_1 | /usr/local/share/lua/5.1/kong/init.lua:456: in function 'init'
kong_1 | init_by_lua:3: in main chunk
kong-migrations_1 | migrating oauth2 on database 'kong'...
kong-migrations_1 | oauth2 migrated up to: 000_base_oauth2 (executed)
kong-migrations_1 | oauth2 migrated up to: 003_130_to_140 (executed)
kong-migrations_1 | oauth2 migrated up to: 004_200_to_210 (executed)
kong-migrations_1 | oauth2 migrated up to: 005_210_to_211 (executed)
kong-migrations_1 | migrating ip-restriction on database 'kong'...
kong-migrations_1 | ip-restriction migrated up to: 001_200_to_210 (executed)
kong-migrations_1 | migrating jwt on database 'kong'...
kong-migrations_1 | jwt migrated up to: 000_base_jwt (executed)
kong-migrations_1 | jwt migrated up to: 002_130_to_140 (executed)
kong-migrations_1 | jwt migrated up to: 003_200_to_210 (executed)
kong-migrations_1 | migrating basic-auth on database 'kong'...
kong-migrations_1 | basic-auth migrated up to: 000_base_basic_auth (executed)
kong-migrations_1 | basic-auth migrated up to: 002_130_to_140 (executed)
kong-migrations_1 | basic-auth migrated up to: 003_200_to_210 (executed)
kong-migrations_1 | migrating key-auth on database 'kong'...
kong-migrations_1 | key-auth migrated up to: 000_base_key_auth (executed)
kong-migrations_1 | key-auth migrated up to: 002_130_to_140 (executed)
kong-migrations_1 | key-auth migrated up to: 003_200_to_210 (executed)
kong-migrations_1 | migrating session on database 'kong'...
kong-migrations_1 | session migrated up to: 000_base_session (executed)
kong-migrations_1 | session migrated up to: 001_add_ttl_index (executed)
kong-migrations_1 | migrating acl on database 'kong'...
kong-migrations_1 | acl migrated up to: 000_base_acl (executed)
kong-migrations_1 | acl migrated up to: 002_130_to_140 (executed)
kong-migrations_1 | acl migrated up to: 003_200_to_210 (executed)
kong-migrations_1 | acl migrated up to: 004_212_to_213 (executed)
kong-migrations_1 | migrating response-ratelimiting on database 'kong'...
kong-migrations_1 | response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed)
kong-migrations_1 | migrating bot-detection on database 'kong'...
kong-migrations_1 | bot-detection migrated up to: 001_200_to_210 (executed)
kong-migrations_1 | migrating acme on database 'kong'...
kong-migrations_1 | acme migrated up to: 000_base_acme (executed)
kong-migrations_1 | 41 migrations processed
kong-migrations_1 | 41 executed
kong-migrations_1 | Database is up-to-date
docker-compose_kong_1 exited with code 1
docker-compose_kong-migrations_1 exited with code 0
docker-compose_kong-migrations_1 exited with code 0
kong-migrations-up_1 | aborted: another node is performing database changes
docker-compose_kong-migrations-up_1 exited with code 0
docker-compose_kong-migrations-up_1 exited with code 0
kong_1 | 2021/04/12 12:35:51 [info] 1#0: [lua] openssl.lua:5: using ffi, OpenSSL version linked: 101010af
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: using the "epoll" event method
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: openresty/1.17.8.2
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: built by gcc 10.2.1 20201203 (Alpine 10.2.1_pre1)
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: OS: Linux 5.9.16-050916-generic
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: getrlimit(RLIMIT_NOFILE): 1048576:1048576
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: start worker processes
kong_1 | 2021/04/12 12:35:51 [notice] 1#0: start worker process 23
kong_1 | 2021/04/12 12:35:51 [notice] 23#0: *1 [lua] warmup.lua:78: single_dao(): Preloading 'services' into the core_cache..., context: init_worker_by_lua*
kong_1 | 2021/04/12 12:35:51 [notice] 23#0: *1 [lua] warmup.lua:115: single_dao(): finished preloading 'services' into the core_cache (in 0ms), context: init_worker_by_lua*
kong_1 | 2021/04/12 12:35:51 [info] 23#0: *1 [kong] handler.lua:56 [acme] acme renew timer started on worker 0, context: init_worker_by_lua*
Check out the docker-compose file, that is almost the exact copy of the original sample from Kong, I have only added the option to override postgres version and added your env variables above.
I get this error when run ./test.sh
/usr/local/share/lua/5.1/kong/plugins/oidc/handler.lua:1: module 'kong.plugins.base_plugin' not found:No Lu aRocks module found for kong.plugins.base_plugin no field package.preload['kong.plugins.base_plugin'] no file '/opt/kong/plugins/base_plugin.lua' no file '/opt/kong/plugins/base_plugin/init.lua' no file '/usr/local/openresty/site/lualib/kong/plugins/base_plugin.ljbc' no file '/usr/local/openresty/site/lualib/kong/plugins/base_plugin/init.ljbc' no file '/usr/local/openresty/lualib/kong/plugins/base_plugin.ljbc' no file '/usr/local/openresty/lualib/kong/plugins/base_plugin/init.ljbc' no file '/usr/local/openresty/site/lualib/kong/plugins/base_plugin.lua' no file '/usr/local/openresty/site/lualib/kong/plugins/base_plugin/init.lua' no file '/usr/local/openresty/lualib/kong/plugins/base_plugin.lua' no file '/usr/local/openresty/lualib/kong/plugins/base_plugin/init.lua' no file './kong/plugins/base_plugin.lua' no file '/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/kong/plugins/base_plugin.lua' no file '/usr/local/share/lua/5.1/kong/plugins/base_plugin.lua' no file '/usr/local/share/lua/5.1/kong/plugins/base_plugin/init.lua' no file '/usr/local/openresty/luajit/share/lua/5.1/kong/plugins/base_plugin.lua' no file '/usr/local/openresty/luajit/share/lua/5.1/kong/plugins/base_plugin/init.lua' no file '/home/kong/.luarocks/share/lua/5.1/kong/plugins/base_plugin.lua' no file '/home/kong/.luarocks/share/lua/5.1/kong/plugins/base_plugin/init.lua' no file '/usr/local/openresty/site/lualib/kong/plugins/base_plugin.so' no file '/usr/local/openresty/lualib/kong/plugins/base_plugin.so' no file './kong/plugins/base_plugin.so' no file '/usr/local/lib/lua/5.1/kong/plugins/base_plugin.so' no file '/usr/local/openresty/luajit/lib/lua/5.1/kong/plugins/base_plugin.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file '/home/kong/.luarocks/lib/lua/5.1/kong/plugins/base_plugin.so' no file '/usr/local/openresty/site/lualib/kong.so' no file '/usr/local/openresty/lualib/kong.so' no file './kong.so' no file '/usr/local/lib/lua/5.1/kong.so' no file '/usr/local/openresty/luajit/lib/lua/5.1/kong.so' no file '/usr/local/lib/lua/5.1/loadall.so' no file '/home/kong/.luarocks/lib/lua/5.1/kong.so'
./test.sh
Created container: 8414f3c7190b8b3979846860ac289992c93fde4e2edf18615abcdd8776707faf
Host: headers.4tools.net
Connection: keep-alive
X-Forwarded-For: 172.17.0.1
X-Forwarded-Proto: http
X-Forwarded-Host: localhost
X-Forwarded-Port: 180
X-Forwarded-Path: /request.php
X-Real-IP: 172.17.0.1
User-Agent: curl/7.81.0
Accept: */*
Success!!!
Deleted container: docker-kong-oidc