500 error on CockroachDB Admin site?

As shown in the screenshot, the admin site does not work because the ajax requests returns 500. This is the case for the “Jobs”, “Statements” and “Databases” tabs, but “Metrics” and “Overview” was working fine.

The cluster was deployed on Docker swarm. Here is my compose file:

version: '3.4'
services:
  db:
    image: cockroachdb/cockroach:v19.2.4
    command:
      - start
      - --join=10.128.0.40:26257,10.170.0.4:26257
      - --cache=.25
      - --max-sql-memory=.25
      - --certs-dir=/run/secrets
      - --advertise-addr=10.128.0.40
      - --locality=country=us,region=us-central1,zone=us-central1-f
    ports:
      - 26257:26257
    volumes:
      - data:/cockroach/cockroach-data
    secrets:
      - source: ca-crt
        target: ca.crt
      - source: db-crt
        target: node.crt
      - source: db-key
        target: node.key
        mode: 0600
      - source: client-crt
        target: client.root.crt
      - source: client-key
        target: client.root.key
        mode: 0600
    stop_grace_period: 60s
    networks:
      - net
    deploy:
      mode: replicated
      replicas: 1
      labels:
        traefik.http.routers.cockroach.tls: 'true'
        traefik.http.routers.cockroach.service: cockroach
        traefik.http.routers.cockroach.entrypoints: web,websecure
        traefik.http.routers.cockroach.rule: Host(`db.cloud.cytoid.io`)
        traefik.http.services.cockroach.loadbalancer.server.port: '8080'
        traefik.http.services.cockroach.loadbalancer.server.scheme: https
        traefik.docker.lbswarm: 'true'
        traefik.docker.network: cockroach_net
        traefik.enable: 'true'
secrets:
  ca-crt:
    file: ./certs/ca.crt
  db-crt:
    file: ./certs/node.crt
  db-key:
    file: ./certs/node.key
  client-crt:
    file: ./certs/client.root.crt
  client-key:
    file: ./certs/client.root.key
networks:
  net:
    driver: overlay
    attachable: true
volumes:
  data:
    driver: local
    name: db

The node certificate was signed with the following hostnames:

I appreciate any help or hints that may help to resolve this problem.

Hi @neo,

I think you’re running into this issue. Some parts of the admin UI require the user to belong to the “admin” role, but assigning a user to that role currently requires an enterprise license. That is changing in the upcoming v20.1 release. In the meantime, however, we’ve updated a number of our tutorials around secure clusters to include a workaround. For example, see step 6 here: https://www.cockroachlabs.com/docs/stable/secure-a-cluster.html#step-3-use-the-built-in-sql-client.

INSERT INTO system.role_members (role, member, "isAdmin")
    VALUES ('admin', <username>, true);

Hope that helps. Please let me know.

Jesse

Forum post 3545 addresses a similar issue and provides a similar solution.