Firezone-postgres failed to migrate database

Hi all

I would like to use firezone via docker. Then I installed it like the following:

root#:/etc# apt-get install docker-ce docker-ce-cli docker-compose-plugin
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  docker-buildx-plugin docker-ce-rootless-extras docker-scan-plugin libslirp0 slirp4netns
Suggested packages:
  aufs-tools cgroupfs-mount | cgroup-lite
The following NEW packages will be installed: docker-buildx-plugin docker-ce docker-ce-cli docker-ce-rootless-extras docker-compose-plugin
  docker-scan-plugin libslirp0 slirp4netns
0 upgraded, 9 newly installed, 0 to remove and 21 not upgraded.
Need to get 79.3 MB/111 MB of archives.
After this operation, 396 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 bullseye/stable amd64 docker-buildx-plugin amd64 0.10.2-1~debian.11~bullseye [25.9 MB]
Get:2 bullseye/stable amd64 docker-ce-cli amd64 5:23.0.0-1~debian.11~bullseye [13.2 MB]
Get:3 bullseye/stable amd64 docker-ce amd64 5:23.0.0-1~debian.11~bullseye [21.9 MB]
Get:4 bullseye/stable amd64 docker-ce-rootless-extras amd64 5:23.0.0-1~debian.11~bullseye [8,758 kB]
Get:5 bullseye/stable amd64 docker-compose-plugin amd64 2.15.1-1~debian.11~bullseye [9,572 kB]
Fetched 79.3 MB in 8s (10.5 MB/s)
Selecting previously unselected package
(Reading database ... 112380 files and directories currently installed.)
Preparing to unpack .../0-containerd.io_1.6.16-1_amd64.deb ...
Unpacking (1.6.16-1) ...
Selecting previously unselected package docker-buildx-plugin.
Preparing to unpack .../1-docker-buildx-plugin_0.10.2-1~debian.11~bullseye_amd64.deb ...
Unpacking docker-buildx-plugin (0.10.2-1~debian.11~bullseye) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../2-docker-ce-cli_5%3a23.0.0-1~debian.11~bullseye_amd64.deb ...
Unpacking docker-ce-cli (5:23.0.0-1~debian.11~bullseye) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../3-docker-ce_5%3a23.0.0-1~debian.11~bullseye_amd64.deb ...
Unpacking docker-ce (5:23.0.0-1~debian.11~bullseye) ...
Selecting previously unselected package docker-ce-rootless-extras.
Preparing to unpack .../4-docker-ce-rootless-extras_5%3a23.0.0-1~debian.11~bullseye_amd64.deb ...
Unpacking docker-ce-rootless-extras (5:23.0.0-1~debian.11~bullseye) ...
Selecting previously unselected package docker-compose-plugin.
Preparing to unpack .../5-docker-compose-plugin_2.15.1-1~debian.11~bullseye_amd64.deb ...
Unpacking docker-compose-plugin (2.15.1-1~debian.11~bullseye) ...
Selecting previously unselected package docker-scan-plugin.
Preparing to unpack .../6-docker-scan-plugin_0.23.0~debian-bullseye_amd64.deb ...
Unpacking docker-scan-plugin (0.23.0~debian-bullseye) ...
Selecting previously unselected package libslirp0:amd64.
Preparing to unpack .../7-libslirp0_4.4.0-1+deb11u2_amd64.deb ...
Unpacking libslirp0:amd64 (4.4.0-1+deb11u2) ...
Selecting previously unselected package slirp4netns.
Preparing to unpack .../8-slirp4netns_1.0.1-2_amd64.deb ...
Unpacking slirp4netns (1.0.1-2) ...
Setting up docker-scan-plugin (0.23.0~debian-bullseye) ...
Setting up docker-buildx-plugin (0.10.2-1~debian.11~bullseye) ...
Setting up (1.6.16-1) ...
Installing new version of config file /etc/containerd/config.toml ...
Setting up docker-compose-plugin (2.15.1-1~debian.11~bullseye) ...
Setting up docker-ce-cli (5:23.0.0-1~debian.11~bullseye) ...
Setting up libslirp0:amd64 (4.4.0-1+deb11u2) ...
Setting up docker-ce-rootless-extras (5:23.0.0-1~debian.11~bullseye) ...
Setting up slirp4netns (1.0.1-2) ...
Setting up docker-ce (5:23.0.0-1~debian.11~bullseye) ...
Installing new version of config file /etc/default/docker ...
Installing new version of config file /etc/init.d/docker ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...
Scanning processes...
Scanning candidates...
Scanning linux images...

Running kernel seems to be up-to-date.

Restarting services...

docker seems nice :

root# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:aa0cc8055b82dc2509bed2e19b275c8f463506616377219d9642221ab53cf9fe
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:

For more examples and ideas, visit:

Then I download automatic install script:

root#: bash <(curl -fsSL 18603f733541394-088fa21b05270d-26021051-1fa400-18603f73355147a
Enter the administrator email you'd like to use for logging into this Firezone instance: admin@mydomain
Enter the desired installation directory (/root/.firezone):
Enter the external URL that will be used to access this instance. (https://heimdall):
Would you like to enable automatic SSL cert provisioning? Requires a valid DNS record and port 80 to be reachable. (Y/n): n
Could we email you to ask for product feedback? Firezone depends heavily on input from users like you to steer development. (Y/n): n
Firezone collects crash and performance logs to help us improve the product. Would you like to disable this? (N/y): Y
Press <ENTER> to install or Ctrl-C to abort.

[+] Running 1/1
 ⠿ Container firezone-postgres-1  Started                                                                               1.5s
Waiting for DB to boot...
firezone-postgres-1  |
firezone-postgres-1  | PostgreSQL Database directory appears to contain a database; Skipping initialization
firezone-postgres-1  |
firezone-postgres-1  | 2023-02-02 13:36:18.512 UTC [1] LOG:  starting PostgreSQL 15.1 (Debian 15.1-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
firezone-postgres-1  | 2023-02-02 13:36:18.513 UTC [1] LOG:  listening on IPv4 address "", port 5432
firezone-postgres-1  | 2023-02-02 13:36:18.513 UTC [1] LOG:  listening on IPv6 address "::", port 5432
firezone-postgres-1  | 2023-02-02 13:36:18.523 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
firezone-postgres-1  | 2023-02-02 13:36:18.532 UTC [27] LOG:  database system was shut down at 2023-02-02 13:34:51 UTC
firezone-postgres-1  | 2023-02-02 13:36:18.547 UTC [1] LOG:  database system is ready to accept connections
Resetting DB password...

Migrating DB...
[+] Running 1/0
 ⠿ Container firezone-postgres-1  Running                                                                               0.0s
13:36:30.002 [error] Could not create schema migrations table. This error usually happens due to the following:

  * The database does not exist
  * The "schema_migrations" table, which Ecto uses for managing
    migrations, was defined by another library
  * There is a deadlock while migrating (such as using concurrent
    indexes with a migration_lock)

To fix the first issue, run "mix ecto.create".

To address the second, you can run "mix ecto.drop" followed by
"mix ecto.create". Alternatively you may configure Ecto to use
another table and/or repository for managing migrations:

    config :fz_http, FzHttp.Repo,
      migration_source: "some_other_table_for_schema_migrations",
      migration_repo: AnotherRepoForSchemaMigrations

The full error report is shown below.

** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2966ms. This means requests are coming in and your connection pool cannot serve them fast enough. You can address this by:

  1. Ensuring your database is available and that you can connect to it
  2. Tracking down slow queries and making sure they are running fast enough
  3. Increasing the pool_size (although this increases resource consumption)
  4. Allowing requests to wait longer by increasing :queue_target and :queue_interval

See DBConnection.start_link/2 for more information

    (ecto_sql 3.9.2) lib/ecto/adapters/sql.ex:913: Ecto.Adapters.SQL.raise_sql_call_error/1
    (elixir 1.14.3) lib/enum.ex:1658: Enum."-map/2-lists^map/1-0-"/2
    (ecto_sql 3.9.2) lib/ecto/adapters/sql.ex:1005: Ecto.Adapters.SQL.execute_ddl/4
    (ecto_sql 3.9.2) lib/ecto/migrator.ex:677: Ecto.Migrator.verbose_schema_migration/3
    (ecto_sql 3.9.2) lib/ecto/migrator.ex:491: Ecto.Migrator.lock_for_migrations/4
    (ecto_sql 3.9.2) lib/ecto/migrator.ex:403:
    (ecto_sql 3.9.2) lib/ecto/migrator.ex:146: Ecto.Migrator.with_repo/3
    nofile:1: (file)

I don’t know what is mix.ecto create. What can I do ?
Do I need a separate database ? Or using firezone container is enough ?

Thanks for help


Made an account just to say I’m in the same boat currently - looks like the firezone docker container isn’t using the password set within the .env file…

Steps followed were the Docker manual install steps

21:08:02.587 [error] Postgrex.Protocol (#PID<0.164.0>) failed to connect: ** (Postgrex.Error) FATAL 28P01 (invalid_password) password authentication failed for user "postgres"
21:08:02.587 [error] Postgrex.Protocol (#PID<0.163.0>) failed to connect: ** (Postgrex.Error) FATAL 28P01 (invalid_password) password authentication failed for user "postgres"
21:08:05.018 [error] Postgrex.Protocol (#PID<0.164.0>) failed to connect: ** (Postgrex.Error) FATAL 28P01 (invalid_password) password authentication failed for user "postgres"
21:08:05.327 [error] Postgrex.Protocol (#PID<0.163.0>) failed to connect: ** (Postgrex.Error) FATAL 28P01 (invalid_password) password authentication failed for user "postgres"

I’ll update here if I find where this needs to be set😅

@hanhunhon Try resetting the postgres user password and see if that helps:

docker compose -f $HOME/.firezone/docker-compose.yml exec -it postgres psql -h localhost -U postgres -c "ALTER ROLE postgres WITH PASSWORD '$DATABASE_PASSWORD'"

Thanks Jamil, I’ve tried that to no luck unfortunately

Managed to spend some more time on this & after staring at the config files for a while I spotted the issue!

The Traefik compose file/wiki page doesn’t include an environment variable for the Database password…

I’ve updated my compose file to use the syntax for referencing the .env file here & have successfully ran the migrate script :slight_smile:

@Erwann this is likely the issue you were encountering as well!

Hi @hanhunhon , All,

I have the same issue… @hanhunhon, could you explain in more detail how you fixed the issue? What exactly do I need to add to the .env file? The link is broken.