Report a Dgraph Bug
When using Dgraph Root CA installed in System CA, dgraph increment
or dgraph live
will stack trace.
What version of Dgraph are you using?
v20.03.4
Have you tried reproducing the issue with the latest release?
yes
What is the hardware spec (RAM, OS)?
$sw_vers
ProductName: Mac OS X
ProductVersion: 10.14.6
BuildVersion: 18G103
Steps to reproduce the issue (command/config used to run Dgraph).
Steps
# create certificates/keys
dgraph cert -n localhost,dgraph.test -c dgraphuser
# install root ca into system
sudo security add-trusted-cert \
-d -r trustRoot \
-k /Library/Keychains/System.keychain \
./tls/ca.crt
# run dgraph alpha/zero
docker-compose up -d
# run tests - use clients
###### SUCCESS
curl https://localhost:8080/health | jq
###### FAIL: STACK TRACE
dgraph increment --tls_server_name "localhost" --tls_use_system_ca
###### FAIL: STACK TRACE
dgraph live \
--tls_server_name localhost \
--tls_use_system_ca \
-f ./data/1million.rdf.gz \
-s ./data/1million.schema \
-a localhost:9080 \
-z localhost:5080
docker-compose: .env
DGRAPH_ALPHA_TLS_CLIENT_AUTH=VERIFYIFGIVEN
DGRAPH_VERSION=v20.03.4
docker-compose.yaml
# docker-compose.yaml
version: "3.5"
services:
tls-zero1:
image: dgraph/dgraph:$DGRAPH_VERSION
container_name: tls-zero1
working_dir: /data/zero1
ports:
- 5080:5080
- 6080:6080
command: dgraph zero --my=tls-zero1:5080 --replicas 1 --idx 1
tls-alpha1:
image: dgraph/dgraph:$DGRAPH_VERSION
container_name: tls-alpha1
working_dir: /data/alpha1
volumes:
- type: bind
source: ./tls/
target: /tls
read_only: true
environment:
DGRAPH_ALPHA_TLS_DIR: /tls
DGRAPH_ALPHA_TLS_CLIENT_AUTH: ${DGRAPH_ALPHA_TLS_CLIENT_AUTH}
ports:
- 8080:8080
- 9080:9080
command: dgraph alpha --my=tls-alpha1:7080 --lru_mb=1024 --zero=tls-zero1:5080
Expected behaviour and actual result.
After installing Dgraph Root CA ./ca.crt
into the system, it should work without the need to explicitly specify the ca.crt
.
This works fine for curl but fails for dgraph increment
and dgraph live
Curl Works Fine
Before, this was required --cacert ./tls/ca.crt
, but it is no longer needed:
curl https://localhost:8000/health
Crash Using Increment
You need to include --tls_cacert ./tls/ca.crt
or dgraph increment
stack traces:
$ dgraph increment --tls_server_name "localhost" --tls_use_system_ca
[Decoder]: Using assembly version of decoder
Running transaction with dgraph endpoint: localhost:9080
2020/08/31 14:52:12 --tls_cacert is required for enabling TLS
github.com/dgraph-io/dgraph/x.LoadClientTLSConfig
/ext-go/1/src/github.com/dgraph-io/dgraph/x/tls_helper.go:113
github.com/dgraph-io/dgraph/x.GetDgraphClient
/ext-go/1/src/github.com/dgraph-io/dgraph/x/x.go:762
github.com/dgraph-io/dgraph/dgraph/cmd/counter.run
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/counter/increment.go:172
github.com/dgraph-io/dgraph/dgraph/cmd/counter.init.0.func1
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/counter/increment.go:45
github.com/spf13/cobra.(*Command).execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
github.com/spf13/cobra.(*Command).ExecuteC
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
github.com/spf13/cobra.(*Command).Execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
github.com/dgraph-io/dgraph/dgraph/cmd.Execute
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/root.go:70
main.main
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/main.go:78
runtime.main
/usr/local/go/src/runtime/proc.go:203
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1373
While loading TLS configuration
github.com/dgraph-io/dgraph/x.Checkf
/ext-go/1/src/github.com/dgraph-io/dgraph/x/error.go:51
github.com/dgraph-io/dgraph/x.GetDgraphClient
/ext-go/1/src/github.com/dgraph-io/dgraph/x/x.go:763
github.com/dgraph-io/dgraph/dgraph/cmd/counter.run
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/counter/increment.go:172
github.com/dgraph-io/dgraph/dgraph/cmd/counter.init.0.func1
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/counter/increment.go:45
github.com/spf13/cobra.(*Command).execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
github.com/spf13/cobra.(*Command).ExecuteC
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
github.com/spf13/cobra.(*Command).Execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
github.com/dgraph-io/dgraph/dgraph/cmd.Execute
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/root.go:70
main.main
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/main.go:78
runtime.main
/usr/local/go/src/runtime/proc.go:203
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1373
Crash Using Live Loader
You need to include --tls_cacert ./tls/ca.crt
or dgraph increment
stack traces:
$ dgraph live --tls_server_name localhost --tls_use_system_ca -f ./data/1million.rdf.gz -s ./data/1million.schema -a localhost:9080 -z localhost:5080
[Decoder]: Using assembly version of decoder
I0831 14:59:10.590105 41449 init.go:99]
Dgraph version : v20.03.1
Dgraph SHA-256 : cbd3c7fd96d08f6b78259a10e03d70ab85a4afd3c9a4c68daac6358fe84a4b6e
Commit SHA-1 : c201611d6
Commit timestamp : 2020-04-24 13:53:41 -0700
Branch : HEAD
Go version : go1.14.1
For Dgraph official documentation, visit https://docs.dgraph.io.
For discussions about Dgraph , visit http://discuss.dgraph.io.
To say hi to the community , visit https://dgraph.slack.com.
Licensed variously under the Apache Public License 2.0 and Dgraph Community License.
Copyright 2015-2020 Dgraph Labs, Inc.
Running transaction with dgraph endpoint: localhost:9080
2020/08/31 14:59:10 --tls_cacert is required for enabling TLS
github.com/dgraph-io/dgraph/x.LoadClientTLSConfig
/ext-go/1/src/github.com/dgraph-io/dgraph/x/tls_helper.go:113
github.com/dgraph-io/dgraph/x.GetDgraphClient
/ext-go/1/src/github.com/dgraph-io/dgraph/x/x.go:762
github.com/dgraph-io/dgraph/dgraph/cmd/live.run
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/live/run.go:435
github.com/dgraph-io/dgraph/dgraph/cmd/live.init.0.func1
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/live/run.go:119
github.com/spf13/cobra.(*Command).execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
github.com/spf13/cobra.(*Command).ExecuteC
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
github.com/spf13/cobra.(*Command).Execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
github.com/dgraph-io/dgraph/dgraph/cmd.Execute
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/root.go:70
main.main
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/main.go:78
runtime.main
/usr/local/go/src/runtime/proc.go:203
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1373
While loading TLS configuration
github.com/dgraph-io/dgraph/x.Checkf
/ext-go/1/src/github.com/dgraph-io/dgraph/x/error.go:51
github.com/dgraph-io/dgraph/x.GetDgraphClient
/ext-go/1/src/github.com/dgraph-io/dgraph/x/x.go:763
github.com/dgraph-io/dgraph/dgraph/cmd/live.run
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/live/run.go:435
github.com/dgraph-io/dgraph/dgraph/cmd/live.init.0.func1
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/live/run.go:119
github.com/spf13/cobra.(*Command).execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:830
github.com/spf13/cobra.(*Command).ExecuteC
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
github.com/spf13/cobra.(*Command).Execute
/go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
github.com/dgraph-io/dgraph/dgraph/cmd.Execute
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/cmd/root.go:70
main.main
/ext-go/1/src/github.com/dgraph-io/dgraph/dgraph/main.go:78
runtime.main
/usr/local/go/src/runtime/proc.go:203
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1373