Docker Compose errors

GoldenPSP · April 17, 2025, 6:08pm

I will fully admit I'm still a fresh user of docker So I'm sure I'm missing something obvious.

I'm trying to spin up my first controller following the instructions at: Deploy the Controller with Docker | OpenZiti

I copied the commands there, changing the password to what I wanted and the IP address to match my servers' public IP. I'm getting the following output:

chown-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.TcRzEexZoo'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.U6aDGP9QD6'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.E0WLmJ83XH'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.CWPi8SSSgP'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.De0OEioEbG'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.gWsMXNDa27'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.zrAjEgYI8w'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.ms9nHWVRM2'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.G4xR11THTU'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.xo2iBKxKN1'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.94ThKGSCql'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.sYZpozLITH'
ziti-controller-1 exited with code 1

qrkourier · April 17, 2025, 6:12pm

Hey there

I'll try to trigger the same problem with an IP address. You might be running into the assumption - in the Docker/Linux setup scripts - that the Ziti controller advertises an FQDN, not an IP, since it's highly intrusive to change the address in the future.

Also, a near future release explicitly supports advertising a controller address as an IPv4, but it's probably better to use an FQDN from a DNS zone you control.

GoldenPSP · April 17, 2025, 6:16pm

OK
It seemed like the only real error I'm seeing is about setting up the admin user/pass. The instructions only specify setting the password so I wasn't sure if that was what messed up.

GoldenPSP · April 17, 2025, 7:13pm

As a followup, I did make a FQDN for my install and verified it has propogated. Tried using that for my ZITI_CTRL_ADVERTISED_ADDRESS= and I get the same output when attempting to compose the container.

qrkourier · April 17, 2025, 8:24pm

Will you please try pulling latest if you didn't already? I couldn't trigger that issue with an FQDN.

❯ cd $(mktemp -d)

❯ wget https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
--2025-04-17 15:23:42--  https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
Resolving get.openziti.io (get.openziti.io)... 143.204.29.81, 143.204.29.65, 143.204.29.56, ...
Connecting to get.openziti.io (get.openziti.io)|143.204.29.81|:443... connected.     
HTTP request sent, awaiting response... 200 OK
Length: 2361 (2.3K) [text/plain]
Saving to: ‘compose.yml’

compose.yml                                100%[======================================================================================>]   2.31K  --.-KB/s    in 0s      

2025-04-17 15:23:43 (95.9 MB/s) - ‘compose.yml’ saved [2361/2361]

❯ docker compose down --volumes
[+] Running 1/1
 ✔ Volume tmpciozm9nnch_ziti-controller  Removed                                                                                                                     0.0s 

❯ docker compose pull
[+] Pulling 2/2
 ✔ chown-controller Pulled                                                                                                                                           1.6s 
 ✔ ziti-controller Pulled                                                                                                                                            0.5s 

❯ ZITI_PWD="mypass" \
ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.127.21.71.0.sslip.io \
    docker compose up

qrkourier · April 17, 2025, 8:29pm

Theory: your ziti controller is partially initialized because some but not all required inputs were available on the first run (there could be an init time bug that made this possible, resulting in an undefined state). If this is the case, and you haven't built anything important on your network, you can destroy the state and try again now that you have all the input values ready to go.

docker compose down --volumes

GoldenPSP · April 17, 2025, 9:31pm

Not sure, but I'm getting the same issue. I changed the domain name for posting since this is a public forum but otherwise this is verbatim

ubuntu@openziti:~$ sudo docker compose down --volumes
[+] Running 5/5
Container ubuntu-ziti-controller-1 Removed 0.1s
Container ubuntu-chown-controller-1 Removed 0.0s
Volume ubuntu_ziti-controller Removed 0.1s
Network ubuntu_default Remove... 0.2s
Network ubuntu_ziti Removed 0.3s
ubuntu@openziti:~$ ls
compose.yml
ubuntu@openziti:~$ rm compose.yml
ubuntu@openziti:~$ wget https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
--2025-04-17 21:25:22-- https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
Resolving get.openziti.io (get.openziti.io)... 3.171.61.127, 3.171.61.102, 3.171.61.53, ...
Connecting to get.openziti.io (get.openziti.io)|3.171.61.127|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2361 (2.3K) [text/plain]
Saving to: ‘compose.yml’

compose.yml 100%[===================>] 2.31K --.-KB/s in 0s

2025-04-17 21:25:22 (417 MB/s) - ‘compose.yml’ saved [2361/2361]

ubuntu@openziti:~$ sudo docker compose pull
[+] Pulling 2/2
ziti-controller Pulled 0.3s
chown-controller Pulled 0.3s
ubuntu@openziti:~$ ZITI_PWD="mypass" \

ZITI_CTRL_ADVERTISED_ADDRESS=zt.domainredacted.com
sudo docker compose up
[+] Running 5/5
Network ubuntu_ziti Created 0.2s
Network ubuntu_default Create... 0.3s
Volume "ubuntu_ziti-controller" Created 0.0s
Container ubuntu-chown-controller-1 Created 0.2s
Container ubuntu-ziti-controller-1 Created 0.2s
Attaching to chown-controller-1, ziti-controller-1
chown-controller-1 exited with code 0
ziti-controller-1 | Success
ziti-controller-1 | Using CA name: root
ziti-controller-1 | Success
ziti-controller-1 | Using CA name: intermediate
ziti-controller-1 | Success
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.lF3zkS9tjO'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.MZy0hx6eoH'
ziti-controller-1 exited with code 0
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.NRM9ZR4L3k'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.CFZOweCiDt'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.vKMEO47FDd'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.Iq1jwcxsQh'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.bnNnodekAc'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.NKRd2jp5dQ'
ziti-controller-1 exited with code 1

w Enable Watch

qrkourier · April 17, 2025, 9:36pm

It's because the vars are not inherited by docker process when running with sudo. You have some alternatives.

add $USER to group docker (sudo usermod -aG docker $USER;newgrp docker) so you don't need sudo
use sudo -E to pass-through $USER's env to docker process env
declare the env vars after sudo, e.g., sudo ZITI_PWD="mypass" docker compose up

GoldenPSP · April 17, 2025, 9:37pm

Ah that makes sense. Like I said I'm still a bit of a docker/linux noob. In other environments I was able to run docker without needing to sudo it.

qrkourier · April 17, 2025, 9:39pm

Yep! Long term, the most convenient way is probably to add yourself to group docker. You just have to also run newgrp docker for each terminal session until you restart all login sessions by logging out completely or rebooting.

GoldenPSP · April 17, 2025, 9:42pm

Yes thanks. I'm sure I will be back. I had setup the quickstart locally however now I'm trying to roll out with the controller on an oracle instance and router locally. One step down.

qrkourier · April 18, 2025, 3:14pm

Please start a topic or thread in this forum if you encounter any issues! Now that you've run the quickstart and have an idea of what you need, the deployments for Docker, Linux, and Kubernetes are the bricks with which you can build. I'd be very interested in helping smooth out any wrinkles you notice along the way and learning how you're using this tech.

Topic		Replies	Views
Docker compose setup failing with error on controller	8	64	September 23, 2024
Docker Compose for Oracle Linux: could not read configuration file [/persistent/ziti-edge-controller.yaml Ziti Overlay	5	260	January 29, 2023
Docker Compose: Cannot start service ziti-controller-init-container: Building/Development	8	427	June 4, 2022
All-in-one docker compose	46	369	October 23, 2024
How-to Start an OpenZiti Simple Instance with Docker Compose	0	750	August 11, 2023

Docker Compose errors

Related topics