Docker Compose errors

I will fully admit I'm still a fresh user of docker So I'm sure I'm missing something obvious.

I'm trying to spin up my first controller following the instructions at: Deploy the Controller with Docker | OpenZiti

I copied the commands there, changing the password to what I wanted and the IP address to match my servers' public IP. I'm getting the following output:

chown-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.TcRzEexZoo'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.U6aDGP9QD6'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.E0WLmJ83XH'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.CWPi8SSSgP'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.De0OEioEbG'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.gWsMXNDa27'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.zrAjEgYI8w'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.ms9nHWVRM2'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.G4xR11THTU'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.xo2iBKxKN1'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.94ThKGSCql'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.sYZpozLITH'
ziti-controller-1 exited with code 1

Hey there :waving_hand:

I'll try to trigger the same problem with an IP address. You might be running into the assumption - in the Docker/Linux setup scripts - that the Ziti controller advertises an FQDN, not an IP, since it's highly intrusive to change the address in the future.

Also, a near future release explicitly supports advertising a controller address as an IPv4, but it's probably better to use an FQDN from a DNS zone you control.

OK
It seemed like the only real error I'm seeing is about setting up the admin user/pass. The instructions only specify setting the password so I wasn't sure if that was what messed up.

1 Like

As a followup, I did make a FQDN for my install and verified it has propogated. Tried using that for my ZITI_CTRL_ADVERTISED_ADDRESS= and I get the same output when attempting to compose the container.

1 Like

Will you please try pulling latest if you didn't already? I couldn't trigger that issue with an FQDN.

❯ cd $(mktemp -d)

❯ wget https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
--2025-04-17 15:23:42--  https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
Resolving get.openziti.io (get.openziti.io)... 143.204.29.81, 143.204.29.65, 143.204.29.56, ...
Connecting to get.openziti.io (get.openziti.io)|143.204.29.81|:443... connected.     
HTTP request sent, awaiting response... 200 OK
Length: 2361 (2.3K) [text/plain]
Saving to: ‘compose.yml’

compose.yml                                100%[======================================================================================>]   2.31K  --.-KB/s    in 0s      

2025-04-17 15:23:43 (95.9 MB/s) - ‘compose.yml’ saved [2361/2361]

❯ docker compose down --volumes
[+] Running 1/1
 ✔ Volume tmpciozm9nnch_ziti-controller  Removed                                                                                                                     0.0s 

❯ docker compose pull
[+] Pulling 2/2
 ✔ chown-controller Pulled                                                                                                                                           1.6s 
 ✔ ziti-controller Pulled                                                                                                                                            0.5s 

❯ ZITI_PWD="mypass" \
ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.127.21.71.0.sslip.io \
    docker compose up

Theory: your ziti controller is partially initialized because some but not all required inputs were available on the first run (there could be an init time bug that made this possible, resulting in an undefined state). If this is the case, and you haven't built anything important on your network, you can destroy the state and try again now that you have all the input values ready to go.

docker compose down --volumes
1 Like

Not sure, but I'm getting the same issue. I changed the domain name for posting since this is a public forum but otherwise this is verbatim

ubuntu@openziti:~$ sudo docker compose down --volumes
[+] Running 5/5
:check_mark: Container ubuntu-ziti-controller-1 Removed 0.1s
:check_mark: Container ubuntu-chown-controller-1 Removed 0.0s
:check_mark: Volume ubuntu_ziti-controller Removed 0.1s
:check_mark: Network ubuntu_default Remove... 0.2s
:check_mark: Network ubuntu_ziti Removed 0.3s
ubuntu@openziti:~$ ls
compose.yml
ubuntu@openziti:~$ rm compose.yml
ubuntu@openziti:~$ wget https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
--2025-04-17 21:25:22-- https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
Resolving get.openziti.io (get.openziti.io)... 3.171.61.127, 3.171.61.102, 3.171.61.53, ...
Connecting to get.openziti.io (get.openziti.io)|3.171.61.127|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2361 (2.3K) [text/plain]
Saving to: ‘compose.yml’

compose.yml 100%[===================>] 2.31K --.-KB/s in 0s

2025-04-17 21:25:22 (417 MB/s) - ‘compose.yml’ saved [2361/2361]

ubuntu@openziti:~$ sudo docker compose pull
[+] Pulling 2/2
:check_mark: ziti-controller Pulled 0.3s
:check_mark: chown-controller Pulled 0.3s
ubuntu@openziti:~$ ZITI_PWD="mypass" \

ZITI_CTRL_ADVERTISED_ADDRESS=zt.domainredacted.com
sudo docker compose up
[+] Running 5/5
:check_mark: Network ubuntu_ziti Created 0.2s
:check_mark: Network ubuntu_default Create... 0.3s
:check_mark: Volume "ubuntu_ziti-controller" Created 0.0s
:check_mark: Container ubuntu-chown-controller-1 Created 0.2s
:check_mark: Container ubuntu-ziti-controller-1 Created 0.2s
Attaching to chown-controller-1, ziti-controller-1
chown-controller-1 exited with code 0
ziti-controller-1 | Success
ziti-controller-1 | Using CA name: root
ziti-controller-1 | Success
ziti-controller-1 | Using CA name: intermediate
ziti-controller-1 | Success
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.lF3zkS9tjO'
ziti-controller-1 exited with code 0
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.MZy0hx6eoH'
ziti-controller-1 exited with code 0
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: see output in '/tmp/tmp.NRM9ZR4L3k'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.CFZOweCiDt'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.vKMEO47FDd'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.Iq1jwcxsQh'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.bnNnodekAc'
ziti-controller-1 exited with code 1
ziti-controller-1 | INFO: config file exists in /ziti-controller/config.yml
ziti-controller-1 |
ziti-controller-1 | Provide a configuration in '/ziti-controller' or generate with:
ziti-controller-1 | * Set vars in'/opt/openziti/etc/controller/bootstrap.env'
ziti-controller-1 | * Run '/opt/openziti/etc/controller/bootstrap.bash'
ziti-controller-1 | * Run 'systemctl enable --now ziti-controller.service'
ziti-controller-1 |
ziti-controller-1 | ERROR: unable to create default admin in database because ZITI_USER and ZITI_PWD must both be set
ziti-controller-1 | WARN: set VERBOSE=1 or DEBUG=1 for more output
ziti-controller-1 | WARN: see output in '/tmp/tmp.NKRd2jp5dQ'
ziti-controller-1 exited with code 1

w Enable Watch

It's because the vars are not inherited by docker process when running with sudo. You have some alternatives.

  1. add $USER to group docker (sudo usermod -aG docker $USER;newgrp docker) so you don't need sudo
  2. use sudo -E to pass-through $USER's env to docker process env
  3. declare the env vars after sudo, e.g., sudo ZITI_PWD="mypass" docker compose up

Ah that makes sense. Like I said I'm still a bit of a docker/linux noob. In other environments I was able to run docker without needing to sudo it.

Yep! Long term, the most convenient way is probably to add yourself to group docker. You just have to also run newgrp docker for each terminal session until you restart all login sessions by logging out completely or rebooting.

Yes thanks. I'm sure I will be back. I had setup the quickstart locally however now I'm trying to roll out with the controller on an oracle instance and router locally. One step down.

1 Like

Please start a topic or thread in this forum if you encounter any issues! Now that you've run the quickstart and have an idea of what you need, the deployments for Docker, Linux, and Kubernetes are the bricks with which you can build. I'd be very interested in helping smooth out any wrinkles you notice along the way and learning how you're using this tech.