Authentik: Worker Fails To Recover From DB Connection Loss

Introduction

This article addresses a critical issue encountered in authentik, where the worker process fails to recover from a closed database connection. This problem can lead to service disruptions and impact the overall reliability of the authentik deployment. This document describes the bug, the steps to reproduce it, the expected behavior, and a workaround. We will also delve into the technical details of the issue, analyze the logs, and suggest potential solutions. Understanding this issue and its resolution is crucial for maintaining a stable and robust authentik infrastructure.

Describe the Bug

The core issue is that the authentik worker process does not automatically reconnect to the database after a connectivity loss. When the database connection is interrupted, the worker enters a state where it cannot process tasks, leading to a degradation of service. The consumer restarts but the functionality is not recovered until the service is restarted. This behavior indicates that no reconnection attempt is being made by the worker. Furthermore, the health checks are not triggered, which means that the system fails to detect the problem and initiate a recovery process automatically. Although the django_db_errors_total metric does increase, this does not translate into a corrective action.

How to Reproduce

To reproduce this bug, you can simulate a database connectivity loss. In the reported case, the setup involves a replicated HAProxy in front of a PostgreSQL database. Cycling the proxy, which interrupts the database connection, triggers the issue. This can be replicated by:

1. Setting up an authentik instance with a PostgreSQL database.
2. Placing a HAProxy instance in front of the PostgreSQL database for high availability.
3. Simulating a connection interruption by cycling the HAProxy.
4. Observing the worker logs for connection errors.
5. Checking if the worker automatically reconnects to the database.

This setup effectively mimics a real-world scenario where network issues or database maintenance can lead to connection interruptions. By following these steps, you can verify the bug and test any potential fixes.

Expected Behavior

The expected behavior is that the authentik worker should automatically reconnect to the database after losing connectivity. This is a standard requirement for any robust application that relies on a database. Alternatively, if the worker cannot reconnect to the database, the health check should be triggered. This would allow the system to detect the issue and potentially initiate a recovery process, such as restarting the worker or alerting an administrator. In essence, the system should be resilient to temporary database outages and ensure minimal disruption to the service.

Additional Context

As a temporary workaround, the user has modified the worker health check to include a check for the django_db_errors_total metric. The amended health check is as follows:

healthcheck:
  test: >
    ak healthcheck &&
    if curl -s localhost:9300/metrics | grep django_db_errors_total;
    then false;
    fi

This workaround forces the health check to fail if database errors are detected, which triggers a restart of the worker. While this mitigates the issue, it is not an ideal solution as it relies on detecting errors rather than preventing them in the first place. It also introduces a delay between the occurrence of the error and the restart of the worker.

The deployment method used is Docker, and the version of authentik is 2025.10.2. This information is crucial for identifying the scope of the issue and determining if it affects other versions or deployment methods.

Relevant Log Output

The log output provides valuable insights into the nature of the problem. The key log messages are:

{"event": "Consumer encountered a connection error: the connection is closed", "level": "critical", "logger": "dramatiq.worker.ConsumerThread(default)", "timestamp": "2025-12-02T23:37:04.211192"}
{"domain_url": null, "event": "Database error encountered", "exc": "OperationalError('the connection is closed')", "level": "warning", "logger": "django_dramatiq_postgres.broker", "pid": 57, "schema_name": "public", "timestamp": "2025-12-02T23:37:04.210856"}
{"event": "Restarting consumer in 3.00 seconds.", "level": "info", "logger": "dramatiq.worker.ConsumerThread(default)", "timestamp": "2025-12-02T23:37:01.208377"}
{"event": "Consumer encountered a connection error: the connection is closed", "level": "critical", "logger": "dramatiq.worker.ConsumerThread(default)", "timestamp": "2025-12-02T23:37:01.208174"}
{"domain_url": null, "event": "Database error encountered", "exc": "OperationalError('the connection is closed')", "level": "warning", "logger": "django_dramatiq_postgres.broker", "pid": 57, "schema_name": "public", "timestamp": "2025-12-02T23:37:01.207834"}
{"event": "Restarting consumer in 3.00 seconds.", "level": "info", "logger": "dramatiq.worker.ConsumerThread(default)", "timestamp": "2025-12-02T23:36:58.205207"}
{"event": "Consumer encountered a connection error: the connection is closed", "level": "critical", "logger": "dramatiq.worker.ConsumerThread(default)", "timestamp": "2025-12-02T23:36:58.205045"}

These logs clearly indicate that the worker is encountering a connection error and that the connection is closed. The OperationalError('the connection is closed') message confirms that the database connection is the root cause of the issue. The logs also show that the consumer is being restarted, but this does not resolve the problem, as the worker fails to reconnect.

Root Cause Analysis

The root cause of this issue likely lies in the way the authentik worker handles database connections. It appears that the worker does not have a mechanism for automatically reconnecting to the database after a connection loss. This could be due to a missing retry mechanism or an improperly configured connection pool. Additionally, the health checks are not configured to detect this specific type of failure, which further exacerbates the problem. A thorough review of the authentik codebase, particularly the parts related to database connections and health checks, is necessary to identify the exact cause.

Potential Solutions

Several solutions can be considered to address this issue:

1. Implement a retry mechanism: The worker should be configured to automatically retry database connections after a failure. This can be achieved by using a library or framework that provides retry functionality, such as tenacity in Python.
2. Configure a connection pool: A connection pool can help manage database connections more efficiently and ensure that connections are available when needed. This can be achieved by using a library such as psycopg2 for PostgreSQL.
3. Improve health checks: The health checks should be enhanced to detect database connection issues. This can be done by adding a check that specifically verifies the database connection status.
4. Implement circuit breaker pattern: A circuit breaker pattern can prevent the worker from repeatedly trying to connect to the database if it is unavailable. This can help reduce the load on the database and prevent the worker from becoming unresponsive.
5. Review database connection settings: The database connection settings, such as timeout values and keep-alive settings, should be reviewed to ensure they are appropriate for the environment.

Conclusion

The issue of the authentik worker failing to recover from a closed database connection is a critical one that can lead to service disruptions. The lack of automatic reconnection and the failure of health checks to detect the problem exacerbate the issue. By implementing the solutions outlined above, such as adding a retry mechanism, configuring a connection pool, and improving health checks, the reliability and robustness of authentik can be significantly improved. Regular monitoring and testing of database connectivity are also essential to prevent future occurrences of this issue.

For more information on database connection management and best practices, you can refer to the official PostgreSQL documentation: PostgreSQL Documentation.