Grpc: UNKNOWN: unauthorized ip address:

I am upgrading to dgraph image: dgraph/dgraph:v20.07.0 from v20.03.01
Java client: <dgraph4j.version>20.03.1</dgraph4j.version> (no upgrade on java client is available)

this error is observed on performing any action

java.lang.RuntimeException: The alter encountered an execution exception:
	at io.dgraph.DgraphAsyncClient.lambda$runWithRetries$2(DgraphAsyncClient.java:214)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
	at co.elastic.apm.agent.impl.async.SpanInScopeRunnableWrapper.run(SpanInScopeRunnableWrapper.java:64)
	at java.base/java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1426)
	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177)
Caused by: java.util.concurrent.ExecutionException: io.grpc.StatusRuntimeException: UNKNOWN: unauthorized ip address: 172.20.0.1
	at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
	at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
	at io.dgraph.DgraphAsyncClient.lambda$runWithRetries$2(DgraphAsyncClient.java:182)
	... 8 common frames omitted
Caused by: io.grpc.StatusRuntimeException: UNKNOWN: unauthorized ip address: 172.20.0.1
	at io.grpc.Status.asRuntimeException(Status.java:533)
	at io.grpc.stub.ClientCalls$StreamObserverToCallListenerAdapter.onClose(ClientCalls.java:449)
	at io.grpc.PartialForwardingClientCallListener.onClose(PartialForwardingClientCallListener.java:39)
	at io.grpc.ForwardingClientCallListener.onClose(ForwardingClientCallListener.java:23)
	at io.grpc.ForwardingClientCallListener$SimpleForwardingClientCallListener.onClose(ForwardingClientCallListener.java:40)
	at io.grpc.internal.CensusStatsModule$StatsClientInterceptor$1$1.onClose(CensusStatsModule.java:700)
	at io.grpc.PartialForwardingClientCallListener.onClose(PartialForwardingClientCallListener.java:39)
	at io.grpc.ForwardingClientCallListener.onClose(ForwardingClientCallListener.java:23)
	at io.grpc.ForwardingClientCallListener$SimpleForwardingClientCallListener.onClose(ForwardingClientCallListener.java:40)
	at io.grpc.internal.CensusTracingModule$TracingClientInterceptor$1$1.onClose(CensusTracingModule.java:399)
	at io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:521)
	at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:66)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.close(ClientCallImpl.java:641)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.access$700(ClientCallImpl.java:529)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInternal(ClientCallImpl.java:703)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:692)
	at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37)
	at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:123)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)

@abhimanyusinghgaur

/alter in now an admin endpoint in dgraph v20.07.x and so it requires IP whitelisting. You need to use --whitelist flag to bring up dgraph alpha in v20.07.x. Use that flag to specify a list of whitelisted IPs which can communicate with the alpha server. See here for how to do that. See here for a list of endpoints which are now admin endpoints and require IP whitelisting with several other things.

are the helm charts not released with configurable whitelist variable in values.yaml?

@joaquin will be able to help you with helm charts.

Hello @vtomar,

You can specify whitelist and other configuration options with helm chart values.yaml using configuration file (yaml, json, hcl, toml, properties) or environment variables.

For an example config file using properties, you can add the following to myvalues.yaml when using the helm chart:

alpha:
  configFile:
    config.properties: |
      whitelist=10.0.0.0/8,172.0.0.0/8,192.168.0.0/16

As an alternative, you can also use environment variables for a custom myvalues.yaml when using the helm chart.

alpha:
  extraEnvs:
    - name: DGRAPH_ALPHA_WHITELIST
      value: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16

Whichever path, you can then deploy this with:

helm repo add dgraph https://charts.dgraph.io
helm install test --values myvalues.yaml dgraph/dgraph
1 Like