Worker won't reconnect to Redis after a connection drop

**Describe the bug**
When the worker disconnects from the Redis container for any reason (in my case, updating the Redis container), the worker fails to reconnect and ends up stuck in an unhealthy state until manually restarted. This also causes it to break its connection with Authentik.

**To Reproduce**
1. Set up both the worker and Redis in a running, healthy state.
2. Stop the Redis container until the worker starts logging out connection issues, attempting to reconnect.
3. Start the Redis container.
4. The worker will enter an unhealthy state after the Redis container starts back up, and will no longer connect back to Authentik.

**Expected behavior**
The worker should be able to recover from a dropped connection automatically without needing a manual restart.

**Logs**
```{"event": "consumer: Connection to broker lost. Trying to re-establish the connection...", "exception": [{"exc_type": "ConnectionError", "exc_value": "Connection closed by server.", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/celery/worker/consumer/consumer.py", "line": "", "lineno": 340, "locals": {"blueprint": "<celery.worker.consumer.consumer.Consumer.Blueprint object at 0x14bbbbae45c0>", "connection_retry": "True", "connection_retry_type": "broker_connection_retry", "exc": "ConnectionError('Connection closed by server.')", "is_connection_loss_on_startup": "False", "recoverable_errors": "\"(<class 'amqp.exceptions.ConnectionError'>, <class 'kombu.exceptions.Inconsisten\"+200", "self": "<Consumer: celery@5065c8b0cc6b (running)>"}, "name": "start"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/celery/bootsteps.py", "line": "", "lineno": 116, "locals": {"i": "7", "parent": "<Consumer: celery@5065c8b0cc6b (running)>", "self": "<celery.worker.consumer.consumer.Consumer.Blueprint object at 0x14bbbbae45c0>", "step": "<step: event loop>"}, "name": "start"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/celery/worker/consumer/consumer.py", "line": "", "lineno": 742, "locals": {"c": "<Consumer: celery@5065c8b0cc6b (running)>", "self": "<step: event loop>"}, "name": "start"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/celery/worker/loops.py", "line": "", "lineno": 97, "locals": {"RUN": "1", "blueprint": "<celery.worker.consumer.consumer.Consumer.Blueprint object at 0x14bbbbae45c0>", "clock": "<LamportClock: 44163>", "connection": "<Connection: redis://redis-authentik:6379/0 at 0x14bbbb93d790>", "consumer": "'<Consumer: [<Queue authentik -> <Exchange authentik(direct) bound to chan:1> -> '+271", "errors": "\"(<class 'amqp.exceptions.ConnectionError'>, <class 'kombu.exceptions.Inconsisten\"+200", "hbrate": "3.0", "heartbeat": "120", "heartbeat_error": "[None]", "hub": "<Hub@0x14bbbb909610: R:0 W:0>", "loop": "<generator object Hub.create_loop at 0x14bbbbbde980>", "obj": "<Consumer: celery@5065c8b0cc6b (running)>", "on_task_received": "'<function Consumer.create_task_handler.<locals>.on_task_received at 0x14bbbb86da'+3", "qos": "<kombu.common.QoS object at 0x14bbbcb04650>", "update_qos": "<bound method QoS.update of <kombu.common.QoS object at 0x14bbbcb04650>>"}, "name": "asynloop"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/kombu/asynchronous/hub.py", "line": "", "lineno": 373, "locals": {"ERR": "24", "Empty": "<class '_queue.Empty'>", "KeyError": "<class 'KeyError'>", "READ": "1", "StopIteration": "<class 'StopIteration'>", "WRITE": "4", "cb": "'<bound method Transport.on_readable of <kombu.transport.redis.Transport object a'+18", "cbargs": "(32,)", "consolidate": "set()", "consolidate_callback": "'<function AsynPool._create_write_handlers.<locals>.schedule_writes at 0x14bbbb86'+5", "event": "1", "events": "[(32, 1)]", "fd": "32", "fire_timers": "<bound method Hub.fire_timers of <Hub@0x14bbbb909610: R:0 W:0>>", "general_error": "False", "generator": "<class 'generator'>", "hub_remove": "<bound method Hub.remove of <Hub@0x14bbbb909610: R:0 W:0>>", "item": "'<bound method Consumer._flush_events of <Consumer: celery@5065c8b0cc6b (running)'+2", "min": "<built-in function min>", "next": "<built-in function next>", "on_tick": "'{<function AsynPool._create_write_handlers.<locals>.on_poll_start at 0x14bbbb86e'+5", "poll": "'<bound method _epoll.poll of <kombu.utils.eventio._epoll object at 0x14bbbb909c4'+3", "poll_timeout": "0.6841287589923013", "propagate": "\"(<class 'amqp.exceptions.ConnectionError'>, <class 'kombu.exceptions.Inconsisten\"+200", "readers": "{}", "scheduled": "\"[scheduled(eta=160334.849168924, priority=0, entry=<TimerEntry: _send(*('worker-\"+627", "self": "<Hub@0x14bbbb909610: R:0 W:0>", "sleep": "<built-in function sleep>", "tick_callback": "'<function AsynPool._create_write_handlers.<locals>.on_poll_start at 0x14bbbb86e3'+3", "to_consolidate": "[]", "todo": "set()", "writers": "{}"}, "name": "create_loop"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/kombu/transport/redis.py", "line": "", "lineno": 1343, "locals": {"fileno": "32", "self": "<kombu.transport.redis.Transport object at 0x14bbbb93edb0>"}, "name": "on_readable"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/kombu/transport/redis.py", "line": "", "lineno": 568, "locals": {"chan": "<kombu.transport.redis.Channel object at 0x14bbbb878920>", "fileno": "32", "self": "<kombu.transport.redis.MultiChannelPoller object at 0x14bbbb91d790>", "type": "LISTEN"}, "name": "on_readable"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/kombu/transport/redis.py", "line": "", "lineno": 912, "locals": {"c": "<redis.client.PubSub object at 0x14bbbc0cd700>", "ret": "[]", "self": "<kombu.transport.redis.Channel object at 0x14bbbb878920>"}, "name": "_receive"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/kombu/transport/redis.py", "line": "", "lineno": 922, "locals": {"c": "<redis.client.PubSub object at 0x14bbbc0cd700>", "response": "None", "self": "<kombu.transport.redis.Channel object at 0x14bbbb878920>"}, "name": "_receive_one"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/client.py", "line": "", "lineno": 824, "locals": {"block": "True", "conn": "Connection<host=redis-authentik,port=6379,db=0>", "self": "<redis.client.PubSub object at 0x14bbbc0cd700>", "timeout": "0", "try_read": "<function PubSub.parse_response.<locals>.try_read at 0x14bbbcc9a660>"}, "name": "parse_response"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/client.py", "line": "", "lineno": 800, "locals": {"args": "()", "command": "<function PubSub.parse_response.<locals>.try_read at 0x14bbbcc9a660>", "conn": "Connection<host=redis-authentik,port=6379,db=0>", "kwargs": "{}", "self": "<redis.client.PubSub object at 0x14bbbc0cd700>"}, "name": "_execute"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/retry.py", "line": "", "lineno": 49, "locals": {"do": "<function PubSub._execute.<locals>.<lambda> at 0x14bbc48b31a0>", "fail": "<function PubSub._execute.<locals>.<lambda> at 0x14bbbb9f3920>", "failures": "1", "self": "<redis.retry.Retry object at 0x14bbbb879ca0>"}, "name": "call_with_retry"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/client.py", "line": "", "lineno": 802, "locals": {"conn": "Connection<host=redis-authentik,port=6379,db=0>", "error": "ConnectionError('Connection closed by server.')", "self": "<redis.client.PubSub object at 0x14bbbc0cd700>"}, "name": "<lambda>"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/client.py", "line": "", "lineno": 789, "locals": {"conn": "Connection<host=redis-authentik,port=6379,db=0>", "error": "ConnectionError('Connection closed by server.')", "self": "<redis.client.PubSub object at 0x14bbbc0cd700>"}, "name": "_disconnect_raise_connect"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/retry.py", "line": "", "lineno": 46, "locals": {"do": "<function PubSub._execute.<locals>.<lambda> at 0x14bbc48b31a0>", "fail": "<function PubSub._execute.<locals>.<lambda> at 0x14bbbb9f3920>", "failures": "1", "self": "<redis.retry.Retry object at 0x14bbbb879ca0>"}, "name": "call_with_retry"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/client.py", "line": "", "lineno": 801, "locals": {"args": "()", "command": "<function PubSub.parse_response.<locals>.try_read at 0x14bbbcc9a660>", "kwargs": "{}"}, "name": "<lambda>"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/client.py", "line": "", "lineno": 822, "locals": {"block": "True", "conn": "Connection<host=redis-authentik,port=6379,db=0>", "timeout": "0"}, "name": "try_read"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/connection.py", "line": "", "lineno": 500, "locals": {"disable_decoding": "False", "disconnect_on_error": "False", "host_error": "redis-authentik:6379", "push_request": "True", "self": "Connection<host=redis-authentik,port=6379,db=0>"}, "name": "read_response"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/_parsers/resp2.py", "line": "", "lineno": 15, "locals": {"disable_decoding": "False", "pos": "0", "self": "<redis._parsers.resp2._RESP2Parser object at 0x14bbbb879c40>"}, "name": "read_response"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/_parsers/resp2.py", "line": "", "lineno": 25, "locals": {"disable_decoding": "False", "self": "<redis._parsers.resp2._RESP2Parser object at 0x14bbbb879c40>"}, "name": "_read_response"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/_parsers/socket.py", "line": "", "lineno": 115, "locals": {"buf": "<_io.BytesIO object at 0x14bbbb874cc0>", "data": "b''", "self": "<redis._parsers.socket.SocketBuffer object at 0x14bbbb879d30>"}, "name": "readline"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/redis/_parsers/socket.py", "line": "", "lineno": 68, "locals": {"buf": "<_io.BytesIO object at 0x14bbbb874cc0>", "current_pos": "0", "custom_timeout": "False", "data": "b''", "length": "None", "marker": "0", "raise_on_timeout": "True", "self": "<redis._parsers.socket.SocketBuffer object at 0x14bbbb879d30>", "sock": "<socket.socket [closed] fd=-1, family=2, type=1, proto=6>", "socket_read_size": "65536", "timeout": "<object object at 0x14bbcb6b9ce0>"}, "name": "_read_from_socket"}], "is_cause": false, "syntax_error": null}], "level": "warning", "logger": "celery.worker.consumer.consumer", "timestamp": 1713077143.2548668}
{"event": "/ak-root/venv/lib/python3.12/site-packages/celery/worker/consumer/consumer.py:391: CPendingDeprecationWarning: \nIn Celery 5.1 we introduced an optional breaking change which\non connection loss cancels all currently executed tasks with late acknowledgement enabled.\nThese tasks cannot be acknowledged as the connection is gone, and the tasks are automatically redelivered\nback to the queue. You can enable this behavior using the worker_cancel_long_running_tasks_on_connection_loss\nsetting. In Celery 5.1 it is set to False by default. The setting will be set to True by default in Celery 6.0.\n\n  warnings.warn(CANCEL_TASKS_BY_DEFAULT, CPendingDeprecationWarning)\n", "level": "warning", "logger": "py.warnings", "timestamp": 1713077143.2660928}
{"event": "/ak-root/venv/lib/python3.12/site-packages/celery/worker/consumer/consumer.py:507: CPendingDeprecationWarning: The broker_connection_retry configuration setting will no longer determine\nwhether broker connection retries are made during startup in Celery 6.0 and above.\nIf you wish to retain the existing behavior for retrying connections on startup,\nyou should set broker_connection_retry_on_startup to True.\n  warnings.warn(\n", "level": "warning", "logger": "py.warnings", "timestamp": 1713077143.2694874}
{"event": "consumer: Cannot connect to redis://redis-authentik:6379/0: Error 111 connecting to redis-authentik:6379. Connection refused..\nTrying again in 2.00 seconds... (1/100)\n", "level": "error", "logger": "celery.worker.consumer.consumer", "timestamp": 1713077143.27144}
{"event": "consumer: Cannot connect to redis://redis-authentik:6379/0: Error -2 connecting to redis-authentik:6379. Name or service not known..\nTrying again in 4.00 seconds... (2/100)\n", "level": "error", "logger": "celery.worker.consumer.consumer", "timestamp": 1713077145.4763987}
{"event": "consumer: Cannot connect to redis://redis-authentik:6379/0: Error -2 connecting to redis-authentik:6379. Name or service not known..\nTrying again in 6.00 seconds... (3/100)\n", "level": "error", "logger": "celery.worker.consumer.consumer", "timestamp": 1713077149.5093431}
{"event": "consumer: Cannot connect to redis://redis-authentik:6379/0: Error -2 connecting to redis-authentik:6379. Name or service not known..\nTrying again in 8.00 seconds... (4/100)\n", "level": "error", "logger": "celery.worker.consumer.consumer", "timestamp": 1713077155.543255}
{"event": "TenantAwareScheduler: Sending due task policies_reputation_save (authentik.policies.reputation.tasks.save_reputation) to all tenants", "level": "info", "logger": "tenant_schemas_celery.scheduler", "timestamp": 1713077160.0004525}
Process Beat:
Traceback (most recent call last):
  File "/ak-root/venv/lib/python3.12/site-packages/billiard/process.py", line 323, in _bootstrap
    self.run()
  File "/ak-root/venv/lib/python3.12/site-packages/celery/beat.py", line 718, in run
    self.service.start(embedded_process=True)
  File "/ak-root/venv/lib/python3.12/site-packages/celery/beat.py", line 643, in start
    interval = self.scheduler.tick()
               ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/celery/beat.py", line 353, in tick
    self.apply_entry(entry, producer=self.producer)
  File "/ak-root/venv/lib/python3.12/site-packages/tenant_schemas_celery/scheduler.py", line 97, in apply_entry
    for tenant in tenants:
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/query.py", line 400, in __iter__
    self._fetch_all()
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/query.py", line 1928, in _fetch_all
    self._result_cache = list(self._iterable_class(self))
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/query.py", line 91, in __iter__
    results = compiler.execute_sql(
              ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/sql/compiler.py", line 1560, in execute_sql
    cursor = self.connection.cursor()
             ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 316, in cursor
    return self._cursor()
           ^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/postgresql_backend/base.py", line 171, in _cursor
    cursor_for_search_path.execute('SET search_path = {0}'.format(','.join(formatted_search_paths)))
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 69, in execute
    return super().execute(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/psycopg/cursor.py", line 732, in execute
    raise ex.with_traceback(None)
psycopg.OperationalError: consuming input failed: terminating connection due to administrator command
server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.
{"event": "consumer: Cannot connect to redis://redis-authentik:6379/0: Error -2 connecting to redis-authentik:6379. Name or service not known..\nTrying again in 10.00 seconds... (5/100)\n", "level": "error", "logger": "celery.worker.consumer.consumer", "timestamp": 1713077163.5772495}
{"event": "/ak-root/venv/lib/python3.12/site-packages/celery/worker/consumer/consumer.py:507: CPendingDeprecationWarning: The broker_connection_retry configuration setting will no longer determine\nwhether broker connection retries are made during startup in Celery 6.0 and above.\nIf you wish to retain the existing behavior for retrying connections on startup,\nyou should set broker_connection_retry_on_startup to True.\n  warnings.warn(\n", "level": "warning", "logger": "py.warnings", "timestamp": 1713077173.5946565}
```

**Version and Deployment:**
-   Authentik version: 2024.2.2
-   Deployment: Docker (Unraid template)

**Additional context**
This issue was reported here a few months ago, but never received any response: https://github.com/goauthentik/authentik/issues/7521


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Worker won't reconnect to Redis after a connection drop #9252

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Worker won't reconnect to Redis after a connection drop #9252

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions