Unable to connect to headscale #610

New Issue

Closed

opened 2025-12-29 02:21:10 +01:00 by adam · 8 comments

adam commented 2025-12-29 02:21:10 +01:00

Owner

Copy Link

Originally created by @anton-livewyer on GitHub (Jan 11, 2024).

Bug description

Hi,

First of all want to say "Thank you" for such a cool product you build!

We have faced some issue with headscale server multiple times. The issue is that when tailscale client tries to connect to the headscale it gets could not register machine error returned in the browser (we use OIDC with Google provider). What happens on the server level at that time is:

1. the error ERR Failed to persist/update machine in the database error="database is locked (5) (SQLITE_BUSY)" handler=PollNetMap machine=<NODE_NAME> appears in the log
2. then the ERR Failed to persist/update machine in the database error="SQL logic error: cannot start a transaction within a transaction (1)" handler=PollNetMap machine=<NODE_NAME> error message just spamming the server log with different machine names in <NODE_NAME> field

I find it hard to say what exactly causing this but can definitely say that two times it happened after our two separate users updated their local macos tailscale clients to the latest version and were unable to connect to server after that. Also after this issue appears all the users who do a reconnect to the server get the same error. So from my understanding headscale tries to write some data to database when user connects but it's unable to do that because of the locked database.

According to the log message header the issue is linked to this function

Environment

• OS: Ubuntu 20.04
• Headscale version: 0.20.0
• Tailscale version: definitely occurred on MacOS 1.38.1
• Database: .sqlite file stored on the server

• Headscale is behind a (reverse) proxy
• Headscale runs in a container

To Reproduce

We were trying to reproduce this by downloading the older version of tailscale client (both windows and linux, don't have ability to test on mac), connecting to server and then updating the client to the latest version proposed by tailscale as it is the only way we are aware of that can cause this issue but we didn't have any success reproducing it so from my understanding this is the bug

Originally created by @anton-livewyer on GitHub (Jan 11, 2024). <!-- Before posting a bug report, discuss the behaviour you are expecting with the Discord community to make sure that it is truly a bug. The issue tracker is not the place to ask for support or how to set up Headscale. Bug reports without the sufficient information will be closed. Headscale is a multinational community across the globe. Our language is English. All bug reports needs to be in English. --> ## Bug description <!-- A clear and concise description of what the bug is. Describe the expected bahavior and how it is currently different. If you are unsure if it is a bug, consider discussing it on our Discord server first. --> Hi, First of all want to say "Thank you" for such a cool product you build! We have faced some issue with headscale server multiple times. The issue is that when tailscale client tries to connect to the headscale it gets `could not register machine` error returned in the browser (we use OIDC with Google provider). What happens on the server level at that time is: 1. the error `ERR Failed to persist/update machine in the database error="database is locked (5) (SQLITE_BUSY)" handler=PollNetMap machine=<NODE_NAME>` appears in the log 2. then the `ERR Failed to persist/update machine in the database error="SQL logic error: cannot start a transaction within a transaction (1)" handler=PollNetMap machine=<NODE_NAME>` error message just spamming the server log with different machine names in `<NODE_NAME>` field I find it hard to say what exactly causing this but can definitely say that two times it happened after our two separate users updated their local macos tailscale clients to the latest version and were unable to connect to server after that. Also after this issue appears all the users who do a reconnect to the server get the same error. So from my understanding headscale tries to write some data to database when user connects but it's unable to do that because of the locked database. According to the log message header the issue is linked to [this function](https://github.com/juanfont/headscale/blob/main/hscontrol/poll.go#L57) ## Environment <!-- Please add relevant information about your system. For example: - Version of headscale used - Version of tailscale client - OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version - Kernel version - The relevant config parameters you used - Log output --> - OS: Ubuntu 20.04 - Headscale version: 0.20.0 - Tailscale version: definitely occurred on MacOS `1.38.1` - Database: `.sqlite` file stored on the server <!-- We do not support running Headscale in a container nor behind a (reverse) proxy. If either of these are true for your environment, ask the community in Discord instead of filing a bug report. --> - [ ] Headscale is behind a (reverse) proxy - [ ] Headscale runs in a container ## To Reproduce <!-- Steps to reproduce the behavior. --> We were trying to reproduce this by downloading the older version of tailscale client (both windows and linux, don't have ability to test on mac), connecting to server and then updating the client to the latest version proposed by tailscale as it is the only way we are aware of that can cause this issue but we didn't have any success reproducing it so from my understanding this is the bug

adam added the stalebug labels 2025-12-29 02:21:10 +01:00

adam closed this issue 2025-12-29 02:21:10 +01:00

adam commented 2025-12-29 02:21:10 +01:00

Author

Owner

Copy Link

@TotoTheDragon commented on GitHub (Feb 11, 2024):

@anton-livewyer latest stable version is 0.22.3, is this reproducable in that version?

@TotoTheDragon commented on GitHub (Feb 11, 2024): @anton-livewyer latest stable version is 0.22.3, is this reproducable in that version?

adam commented 2025-12-29 02:21:11 +01:00

Author

Owner

Copy Link

@sthomson-wyn commented on GitHub (Feb 13, 2024):

We are seeing this on 0.22.3. Not sure if it's a coincidence, but a lot of our users upgraded their tailscale clients from 1.56.x client to 1.58.x today

@sthomson-wyn commented on GitHub (Feb 13, 2024): We are seeing this on 0.22.3. Not sure if it's a coincidence, but a lot of our users upgraded their tailscale clients from 1.56.x client to 1.58.x today

adam commented 2025-12-29 02:21:11 +01:00

Author

Owner

Copy Link

@sthomson-wyn commented on GitHub (Feb 13, 2024):

I'll also mention that this seems to occur after we restart our headscale deployment in kubernetes. I imagine that any brief overlap between pod uptimes may be the cause of db locking

@sthomson-wyn commented on GitHub (Feb 13, 2024): I'll also mention that this seems to occur after we restart our headscale deployment in kubernetes. I imagine that any brief overlap between pod uptimes may be the cause of db locking

adam commented 2025-12-29 02:21:11 +01:00

Author

Owner

Copy Link

@TotoTheDragon commented on GitHub (Feb 13, 2024):

I'll also mention that this seems to occur after we restart our headscale deployment in kubernetes. I imagine that any brief overlap between pod uptimes may be the cause of db locking

Yes, makes a lot of sense. I do not assume this would be fixed in v0.22, but I will make a ticket to make sure database is properly closed on kill in v0.23.

For your current use case switching to postgres might be a viable solution to the locking problem.

@TotoTheDragon commented on GitHub (Feb 13, 2024): > I'll also mention that this seems to occur after we restart our headscale deployment in kubernetes. I imagine that any brief overlap between pod uptimes may be the cause of db locking Yes, makes a lot of sense. I do not assume this would be fixed in v0.22, but I will make a ticket to make sure database is properly closed on kill in v0.23. For your current use case switching to postgres might be a viable solution to the locking problem.

adam commented 2025-12-29 02:21:11 +01:00

Author

Owner

Copy Link

@sthomson-wyn commented on GitHub (Feb 13, 2024):

We're currently switching to using a Statefulset instead of a Deployment (should've done that in the first place) to address the overlap.

Postgres is a good idea, we'll do that later too. Thanks @TotoTheDragon

@sthomson-wyn commented on GitHub (Feb 13, 2024): We're currently switching to using a Statefulset instead of a Deployment (should've done that in the first place) to address the overlap. Postgres is a good idea, we'll do that later too. Thanks @TotoTheDragon

adam commented 2025-12-29 02:21:11 +01:00

Author

Owner

Copy Link

@TotoTheDragon commented on GitHub (Feb 13, 2024):

We're currently switching to using a Statefulset instead of a Deployment (should've done that in the first place) to address the overlap.

Postgres is a good idea, we'll do that later too. Thanks @TotoTheDragon

Alright, whrn you have tested a new environment please let us know if anything has changed

@TotoTheDragon commented on GitHub (Feb 13, 2024): > We're currently switching to using a Statefulset instead of a Deployment (should've done that in the first place) to address the overlap. > > Postgres is a good idea, we'll do that later too. Thanks @TotoTheDragon Alright, whrn you have tested a new environment please let us know if anything has changed

adam commented 2025-12-29 02:21:12 +01:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (May 14, 2024):

This issue is stale because it has been open for 90 days with no activity.

@github-actions[bot] commented on GitHub (May 14, 2024): This issue is stale because it has been open for 90 days with no activity.

adam commented 2025-12-29 02:21:12 +01:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (May 21, 2024):

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions[bot] commented on GitHub (May 21, 2024): This issue was closed because it has been inactive for 14 days since being marked as stale.

adam referenced this issue 2025-12-29 02:30:25 +01:00

[PR #610] [MERGED] some GOOS do not support pie build, detect in makefile and fall back to non-pie build #1521

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

v0.28.0-beta.1

v0.27.2-rc.1

v0.27.1

v0.27.0

v0.27.0-beta.2

v0.27.0-beta.1

v0.26.1

v0.26.0

v0.26.0-beta.2

v0.26.0-beta.1

v0.25.1

v0.25.0

v0.25.0-beta.2

v0.24.3

v0.25.0-beta.1

v0.24.2

v0.24.1

v0.24.0

v0.24.0-beta.2

v0.24.0-beta.1

v0.23.0

v0.23.0-rc.1

v0.23.0-beta.5

v0.23.0-beta.4

v0.23.0-beta3

v0.23.0-beta2

v0.23.0-beta1

v0.23.0-alpha12

v0.23.0-alpha11

v0.23.0-alpha10

v0.23.0-alpha9

v0.23.0-alpha8

v0.23.0-alpha7

v0.23.0-alpha6

v0.23.0-alpha5

v0.23.0-alpha4

v0.23.0-alpha4-docker-ko-test9

v0.23.0-alpha4-docker-ko-test8

v0.23.0-alpha4-docker-ko-test7

v0.23.0-alpha4-docker-ko-test6

v0.23.0-alpha4-docker-ko-test5

v0.23.0-alpha-docker-release-test-debug2

v0.23.0-alpha-docker-release-test-debug

v0.23.0-alpha4-docker-ko-test4

v0.23.0-alpha4-docker-ko-test3

v0.23.0-alpha4-docker-ko-test2

v0.23.0-alpha4-docker-ko-test

v0.23.0-alpha3

v0.23.0-alpha2

v0.23.0-alpha1

v0.22.3

v0.22.2

v0.23.0-alpha-docker-release-test

v0.22.1

v0.22.0

v0.22.0-alpha3

v0.22.0-alpha2

v0.22.0-alpha1

v0.22.0-nfpmtest

v0.21.0

v0.20.0

v0.19.0

v0.19.0-beta2

v0.19.0-beta1

v0.18.0

v0.18.0-beta4

v0.18.0-beta3

v0.18.0-beta2

v0.18.0-beta1

v0.17.1

v0.17.0

v0.17.0-beta5

v0.17.0-beta4

v0.17.0-beta3

v0.17.0-beta2

v0.17.0-beta1

v0.17.0-alpha4

v0.17.0-alpha3

v0.17.0-alpha2

v0.17.0-alpha1

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.16.0-beta7

v0.16.0-beta6

v0.16.0-beta5

v0.16.0-beta4

v0.16.0-beta3

v0.16.0-beta2

v0.16.0-beta1

v0.15.0

v0.15.0-beta6

v0.15.0-beta5

v0.15.0-beta4

v0.15.0-beta3

v0.15.0-beta2

v0.15.0-beta1

v0.14.0

v0.14.0-beta2

v0.14.0-beta1

v0.13.0

v0.13.0-beta3

v0.13.0-beta2

v0.13.0-beta1

upstream/v0.12.4

v0.12.4

v0.12.3

v0.12.2

v0.12.2-beta1

v0.12.1

v0.12.0-beta2

v0.12.0-beta1

v0.11.0

v0.10.8

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.1

v0.6.0

v0.5.2

v0.5.1

v0.5.0

v0.4.0

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels

CLI

DERP

DNS

Nix

OIDC

SSH

bug

database

documentation

duplicate

enhancement

faq

good first issue

grants

help wanted

might-come

needs design doc

needs investigation

no-stale-bot

out of scope

performance

policy 📝

pull-request

Mirrored from GitHub Pull Request

question

regression

routes

stale

tags

tailscale-feature-gap

well described ❤️

wontfix

No Label bug stale

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#610