how to pass that minimum schema
The same way you have pass the empty one.
will u please eleborate … i want step by step process
I will eloborate my issue in detail
if i pass schema file which i exported, during bulk process i am facing error with schema is not matching.
Then i passed an empty schema file, data imported .
Now the issue is indices are not imported for predicates and in my previous version 1.0.15 type :uid are not list, but in the latest it is type : uid is list.
- Select all predicates that you need to be fixed and fix it.
- Create a TXT file called schema.txt (can be any type of text file) and put the predicates there.
- Start the Bulk
dgraph bulk -s schema.txt ...
There’s no way to fix that specific error without sanitation in your dataset. You need to find out what is happening.
- Check your dataset directly via some text editor or grep
- Or you can remove all predicates that has boolean from the schema.txt . And ignore this error.
This error is other thing. I have give to you a solution for the uid list issue. In the end, you gonna have to check your dataset anyway. That’s what I recommend. Understand why this is an empty string in a Boolean type.
I am Running Dgraph V20.07.3 on Kubernetes
I am accessing dgraph through LoadBalancer IP… i mean ratel UI.
Now, I want restrict the access to Ratel UI. How can I do that … is there password based authentication? OR TLS?
Can u help out…
Right now we don’t support this. In the future we gonna have a kind of password via HTTP. With a single “user” called Poor man’s ACL. I recommend that you don’t expose your cluster. Create a tunnel, a VPN or something to connect with Dgraph using Ratel.
Also, there are reverse proxies out there that you can put a simple authentication on top of it. But we don’t give support to it. It is up to you. Also, third parties authentication would not work with Ratel.
If you gonna use GraphQL, things get simple. Put the cluster behind a firewall and expose only
:808/graphql - And use the Auth (free feature) that comes with GraphQL. But to use DQL via Ratel and manage the cluster you have to have a VPN, tunnel or something.
In Doc’s there is something regarding Certificate…
Using Ratel UI with Client authentication
is it works with my setup…if so…how it works with my setup
Yes, it works. It is the TLS configuration. It is a bit complex, but it is recommended for your case. With TLS only clients with the certificate are able to communicate with the cluster.
can u please tell the steps how to configure.
it helps me a lot
Just follow the docs https://dgraph.io/docs/deploy/tls-configuration/#sidebar
I would recommend that you watch some video tutorials on youtube about TLS so you can understand the basics. That’s a type of thing that would require me to write a tutorial on this thread. For example, search on youtube “What is TLS”. You will found several videos with deep information about it.
I know about TLS, But need to how to configure…I followed these steps
I am following these steps
- Create rootCA and node certificates/keys
$ dgraph cert -n localhost
Copy the generated CA to the ca-certificates directory
$ cp /path/to/ca.crt /usr/local/share/ca-certificates/ca.crt
Update the CA store
$ sudo update-ca-certificates
- Starting Zero
$ dgraph zero --my localhost:5080
- Running alpha
$ dgraph alpha --lru_mb 5000 --zero localhost:5080
- Running Ratel UI
My question is where to pass Client Authentication Options & TLS options - means either in zero or alpha
While Pointing ratel to the https:// endpoint of alpha server i am not able to connect
How want u to look in to this please.
As you are using K8s, check these steps
About using Ratel with TLS, the docs shows how. But you basically need to install the certificate in the system.
I see, well there’s no YAML or something ready prior to this version.
If you follow the docs to the letter, you will succeed. As you can see below, all clients have flags to introduce the certificate and configure the authentication method. Also, the clients dgo, dgraph-js, and so on have their own way to configure the certificates documented on their repos.
➜ ~ dgraph zero -h | grep TLS --tls_cacert string The CA Cert file used to initiate server certificates. Required for enabling TLS. --tls_client_auth string Enable TLS client authentication (default "VERIFYIFGIVEN") --tls_internal_port_enabled (optional) enable inter node TLS encryption between cluster nodes.
➜ ~ dgraph alpha -h | grep TLS --tls_cacert string The CA Cert file used to initiate server certificates. Required for enabling TLS. --tls_client_auth string Enable TLS client authentication (default "VERIFYIFGIVEN") --tls_internal_port_enabled (optional) enable inter node TLS encryption between cluster nodes.
Bulk and live need the certs to be able to communicate with Zero and Alpha.
➜ ~ dgraph bulk -h | grep TLS --tls_cacert string The CA Cert file used to verify server certificates. Required for enabling TLS. --tls_internal_port_enabled enable inter node TLS encryption between cluster nodes.
➜ ~ dgraph live -h | grep TLS --slash_grpc_endpoint string Path to Slash GraphQL GRPC endpoint. If --slash_grpc_endpoint is set, all other TLS options and connection options will be ignored --tls_cacert string The CA Cert file used to verify server certificates. Required for enabling TLS. --tls_internal_port_enabled enable inter node TLS encryption between cluster nodes.
I have opened the following tickets related to this question.
It’s Really Great to see,I appreciate your guidance to resolve all my issues.
Thanks a lot MichelDiz.