How can I expose GRPC external port 9080 for Dgraph alpha

Users Dgraph
1

To facilitate better answering of questions, if you have a question, please fill in the following info. Otherwise, please delete the template.

What I want to do

I have started dgraph alpha and dgraph zero , But Iam not able to connect using ip and port like 192.168.1.180:9080, it is only connected using localhost:9080

What I did

I have started dgraph alpha with blindall=true and whitelist 0.0.0.0/0

Dgraph metadata

dgraph version

Dgraph version : v23.1.0

2

Hey @shufilk,

This is network access issue. What happens when you

curl http://192.168.1.180:9080

If it times out and does not return something like this: curl: (1) Received HTTP/0.9 when not allowed, then there is a network configuration issue that you need to sort out.

How are you starting Dgraph (command-line, Docker, etc)?

3

Hey @matthewmcneely,

Thanks for reply.

It is not related network issue why because , telnet 192.168.1.180 9080 , is getting connected output.

I have used below starting command , where I used token as well, and this is a ubuntu 16 server.

dgraph alpha --my=192.168.1.108:7080 --zero=192.168.1.103:5080 --bindall=true --security "whitelist=0.0.0.0/0,localhost,192.168.1.180,192.168.1.0/16" --security "token=d2837127beff45a8a486775e1b" --expose_trace=0

After starting server Iam able to do /admin endpoint example login and create user everything working fine using localhost ,at the same time if I used IP address instead of localhost , it will not work , getting below error always, this is the error getting from not only for other server , it is not getting if I tried with same server where I started alpha.

FTL failed to login error="rpc error: code = Unknown desc = unauthorized ip address: 192.168.1.108"

4

I checked the code… the only place that error string appears is when checking whether the caller IP invoking an admin function is authorized (whitelisted).

Note that 0.0.0.0/0 covers all IP addresses, so the other entries are not needed.

A few more questions:

  1. What is the IP address of the computer on which the alpha is running?
  2. What is the IP address of the computer which is attempting to connect to the alpha?
  3. What code are you using that connects to the admin endpoint? Can you share relevant parts of that?
  4. Have you tried removing the -security token=XXX flag?

Finally, can you issue this CURL command and report the results back here:

curl --request POST \
    --header 'content-type: application/json' \
    --url http://localhost:8080/admin \
    --data '{"query":"query Config {\n  state {\n    groups {\n      members {\n        addr\n        groupId\n        id\n      }\n    }\n    zeros {\n      addr\n      groupId\n    }\n  }\n  health {\n    status\n    address\n    instance\n    version\n  }\n}"}'
5

Sorry @matthewmcneely Iam not given full details, I have added most of them now.

I have started alpha with two systems using below command, and this time I have removed token, IP address 192.168.1.103 and 192.168.1.108.

dgraph alpha --my=192.168.1.103:7080 --zero=192.168.1.103:5080 --bindall=true --security "whitelist=0.0.0.0/0" --expose_trace=0

and

dgraph alpha --my=192.168.1.103:7080 --zero=192.168.1.180:5080 --bindall=true --security "whitelist=0.0.0.0/0" --expose_trace=0

also I tested with single alpha system as well, same error only I got

"errors":[{"message":"resolving login failed because invalid username or password",

zero started using below command
dgraph zero --my=192.168.1.103:5080 --bindall=true --replicas 3 --raft idx=1 --expose_trace=0

I have trying to using /admin endpoint from the same system 192.168.1.103, in this system only alpha running.

below my command for login with admin endpoint .

curl http://localhost:8080/admin --silent --request POST \
  --header "Content-Type: application/graphql" \
  --upload-file login.graphql

cat login.graphql

mutation {
  login(userId: "groot", password: "password") {
    response {
      accessJWT
      refreshJWT
    }
  }
}

below error message getting while try to login using admin, I dont know why it is , but previously I got successful login using localhost , right now Iam getting error.

I0224 12:03:26.139685 3277648 http.go:239] namespace: 0. Got GraphQL request over HTTP.
I0224 12:03:26.139929 3277648 middlewares.go:223] GraphQL admin mutation. Name =  login
I0224 12:03:26.139935 3277648 login.go:39] Got login request
I0224 12:03:26.139966 3277648 server.go:1686] Got Login request from: "127.0.0.1:39272"
E0224 12:03:26.141021 3277648 access_ee.go:81] Authentication from address 127.0.0.1:39272 failed: unable to authenticate: invalid credentials
6

Can I get reply please, Do you have any solution for this issue.

7

Waiting for reply @matthewmcneely

8

@shufilk

To answer your latest question why the /login mutation was not working, that login procedure is available when you enable acl (in your example, I don’t see the --acl flag being set). I suggest that you spend time reading this page thoroughly: Access Control Lists - Enterprise features

Maybe get your cluster up and running without acls, etc. Then start adding in these features. Maybe turn on verbose logging which might reveal some problems. The code has several places where ACL-enabled clusters are started and tested (using Docker Compose). Maybe go through those to see where you might be misconfiguring.

I’d also like to point out that I, along with many others in these forums, volunteer my time here.