Grpc: UNKNOWN: unauthorized ip address:

vtomar · September 14, 2020, 6:50am

I am upgrading to dgraph image: dgraph/dgraph:v20.07.0 from v20.03.01
Java client: <dgraph4j.version>20.03.1</dgraph4j.version> (no upgrade on java client is available)

this error is observed on performing any action

java.lang.RuntimeException: The alter encountered an execution exception:
	at io.dgraph.DgraphAsyncClient.lambda$runWithRetries$2(DgraphAsyncClient.java:214)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
	at co.elastic.apm.agent.impl.async.SpanInScopeRunnableWrapper.run(SpanInScopeRunnableWrapper.java:64)
	at java.base/java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1426)
	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177)
Caused by: java.util.concurrent.ExecutionException: io.grpc.StatusRuntimeException: UNKNOWN: unauthorized ip address: 172.20.0.1
	at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
	at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
	at io.dgraph.DgraphAsyncClient.lambda$runWithRetries$2(DgraphAsyncClient.java:182)
	... 8 common frames omitted
Caused by: io.grpc.StatusRuntimeException: UNKNOWN: unauthorized ip address: 172.20.0.1
	at io.grpc.Status.asRuntimeException(Status.java:533)
	at io.grpc.stub.ClientCalls$StreamObserverToCallListenerAdapter.onClose(ClientCalls.java:449)
	at io.grpc.PartialForwardingClientCallListener.onClose(PartialForwardingClientCallListener.java:39)
	at io.grpc.ForwardingClientCallListener.onClose(ForwardingClientCallListener.java:23)
	at io.grpc.ForwardingClientCallListener$SimpleForwardingClientCallListener.onClose(ForwardingClientCallListener.java:40)
	at io.grpc.internal.CensusStatsModule$StatsClientInterceptor$1$1.onClose(CensusStatsModule.java:700)
	at io.grpc.PartialForwardingClientCallListener.onClose(PartialForwardingClientCallListener.java:39)
	at io.grpc.ForwardingClientCallListener.onClose(ForwardingClientCallListener.java:23)
	at io.grpc.ForwardingClientCallListener$SimpleForwardingClientCallListener.onClose(ForwardingClientCallListener.java:40)
	at io.grpc.internal.CensusTracingModule$TracingClientInterceptor$1$1.onClose(CensusTracingModule.java:399)
	at io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:521)
	at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:66)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.close(ClientCallImpl.java:641)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.access$700(ClientCallImpl.java:529)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInternal(ClientCallImpl.java:703)
	at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:692)
	at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37)
	at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:123)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)

@abhimanyusinghgaur

abhimanyusinghgaur · September 14, 2020, 6:57am

/alter in now an admin endpoint in dgraph v20.07.x and so it requires IP whitelisting. You need to use --whitelist flag to bring up dgraph alpha in v20.07.x. Use that flag to specify a list of whitelisted IPs which can communicate with the alpha server. See here for how to do that. See here for a list of endpoints which are now admin endpoints and require IP whitelisting with several other things.

vtomar · September 14, 2020, 7:35am

are the helm charts not released with configurable whitelist variable in values.yaml?

abhimanyusinghgaur · September 14, 2020, 7:37am

@joaquin will be able to help you with helm charts.

joaquin · November 12, 2020, 10:06pm

Hello @vtomar,

You can specify whitelist and other configuration options with helm chart values.yaml using configuration file (yaml, json, hcl, toml, properties) or environment variables.

For an example config file using properties, you can add the following to myvalues.yaml when using the helm chart:

alpha:
  configFile:
    config.properties: |
      whitelist=10.0.0.0/8,172.0.0.0/8,192.168.0.0/16

As an alternative, you can also use environment variables for a custom myvalues.yaml when using the helm chart.

alpha:
  extraEnvs:
    - name: DGRAPH_ALPHA_WHITELIST
      value: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16

Whichever path, you can then deploy this with:

helm repo add dgraph https://charts.dgraph.io
helm install test --values myvalues.yaml dgraph/dgraph

Topic		Replies	Views
Grpc Error Issues untagged , dgraphnet	9	2214	October 31, 2021
Exception in Graph java client while connecting to Remote Graph DB Dgraph	2	2517	June 26, 2019
I got an unauthorized error when alter the schema in v20.07.0 version Users schema , dgraph	3	1430	July 29, 2020
Simple.py description: Error received from peer grpc_message:unauthorized ip address Dgraph status:accepted , area:documentation , ticket:created	5	2905	September 17, 2020
I don't find avaliabel java client version？ Dgraph Clients untagged , dgraph4j	12	1252	July 11, 2020

Grpc: UNKNOWN: unauthorized ip address:

Related topics