AT
Apache TinkerPopskywalker_101010

Docker yaml authentication settings (gremlinserver.authentication) question

Does anyone have any experience setting up authentication on Docker by using the supplied .yaml file? I'm having trouble passingin a map to properly set one of the options: gremlinserver.authentication.config. Additional info, but not related to the my main problem: I have a file with the contents of username/password pairs which follow the schema: username:password (sha256) This file is located within the docker instance at: /etc/opt/janusgraph/janusgraph-credentials-server.properties However, gremlin server expects credentialsDb as a map and docker wants a string. Therefore I seem unable to configure this property. Here are the relevant parts of my docker .yaml file: 
services:
  janusgraph:
    image: docker.io/janusgraph/janusgraph:latest
    restart: "on-failure"
    container_name: janusgraph-server-1
    environment:
      JANUS_PROPS_TEMPLATE: cql
      janusgraph.storage.hostname: 192.168.1.44
      janusgraph.storage.port: 9042
      janusgraph.storage.username: cassandra
      janusgraph.storage.password: cassandra
      janusgraph.query.batch.enabled: true
      janusgraph.query.batch.limited: false
      janusgraph.index.search.elasticsearch.interface: REST_CLIENT
      gremlinserver.evaluationTimeout: 180000
      gremlinserver.authentication.authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator
      gremlinserver.authentication.config: {"credentialsDb": "/etc/opt/janusgraph/janusgraph-credentials-server.properties"} # <--- Source of problem
    ports:
      - "8182:8182"
    networks:
      - web
    healthcheck:
      test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
      interval: 10s
      timeout: 30s
      retries: 3
    volumes:
      - /home/user/janusgraph-credentials-server.properties:/etc/opt/janusgraph/janusgraph-credentials-server.properties:ro
services:
  janusgraph:
    image: docker.io/janusgraph/janusgraph:latest
    restart: "on-failure"
    container_name: janusgraph-server-1
    environment:
      JANUS_PROPS_TEMPLATE: cql
      janusgraph.storage.hostname: 192.168.1.44
      janusgraph.storage.port: 9042
      janusgraph.storage.username: cassandra
      janusgraph.storage.password: cassandra
      janusgraph.query.batch.enabled: true
      janusgraph.query.batch.limited: false
      janusgraph.index.search.elasticsearch.interface: REST_CLIENT
      gremlinserver.evaluationTimeout: 180000
      gremlinserver.authentication.authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator
      gremlinserver.authentication.config: {"credentialsDb": "/etc/opt/janusgraph/janusgraph-credentials-server.properties"} # <--- Source of problem
    ports:
      - "8182:8182"
    networks:
      - web
    healthcheck:
      test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
      interval: 10s
      timeout: 30s
      retries: 3
    volumes:
      - /home/user/janusgraph-credentials-server.properties:/etc/opt/janusgraph/janusgraph-credentials-server.properties:ro
Solution:
Due to gremlin server expecting a map, but docker being unable to pass it to the server in the format that is expected.
I think you simply have a slight misunderstanding of the YAML format here. YAML is basically a nested map of maps. Now, if your YAML looks like this: ...
Florian Hockmann
Florian Hockmann80d ago
However, gremlin server expects credentialsDb as a map and docker wants a string.
What do you mean by this exactly? Can you please share any errors you are getting caused by this? Also, did you write this YAML file by hand and then mount / COPY it into the Docker container or was it generated via env vars from the JanusGraph Docker startup logic?
skywalker_101010
skywalker_10101080d ago
Hi @Florian Hockmann - it was the original docker file from the Janusgraph Github with slight customizations to the configuration per the guide on https://github.com/JanusGraph/janusgraph-docker. "The environment variables supported by the JanusGraph image are summarized below." janusgraph.* Any JanusGraph configuration option to override in the template properties file, specified with an outer janusgraph namespace (e.g., janusgraph.storage.hostname). See JanusGraph Configuration for available options. gremlinserver.* Any Gremlin Server configuration option to override in the default configuration (YAML) file, specified with an outer gremlinserver namespace (e.g., gremlinserver.threadPoolWorker). You can set or update nested options using additional dots (e.g., gremlinserver.graphs.graph). See Gremlin Server Configuration for available options. See Gremlin Server Environment Variable Syntax section below for help editing gremlin server configuration using environment variables. Has anyone here added authentication configs via gremlinserver.authentication.config by passing in a map? Or is everyone just using the standard authentication mechanism, no user or password? When removing authentication, the docker file spins up fine, but making an attempt to turn on authentication breaks it. Due to gremlin server expecting a map, but docker being unable to pass it to the server in the format that is expected. Am I formatting the map incorrectly? How have others found success? Testing: It's incredibly easy to test and reproduce. Take your already deployed docker file and try to spin up another instance by passing in a custom config via gremlinserver.authentication.config.
Solution
Florian Hockmann
Florian Hockmann79d ago
Due to gremlin server expecting a map, but docker being unable to pass it to the server in the format that is expected.
I think you simply have a slight misunderstanding of the YAML format here. YAML is basically a nested map of maps. Now, if your YAML looks like this: 
a:
  b:
    c: test
a:
  b:
    c: test
then you can change the value of c via the JanusGraph Docker container by passing the environment variable gremlinserver.a.b.c=newvalue
Florian Hockmann
Florian Hockmann79d ago
It also doesn't matter if you're using indentation or curly braces here. So the document could also look like this: 
a: {
  b: {
    c: test
  }
}
a: {
  b: {
    c: test
  }
}
So the two options you want to configure, can be configured via env vars with JanusGraph like this: gremlinserver.authentication.authenticator="org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator" and gremlinserver.authentication.config.credentialsDb="/etc/opt/janusgraph/janusgraph-credentials-server.properties" credentialsDb is just another entry under gremlinserver.authentication.config
skywalker_101010
skywalker_10101079d ago
@Florian Hockmann - Thank you for your help. This worked and got me to my next step of troubleshooting, but for anyone trying make sure you replace = (equal) with a : (colon). 
yaml: line 21: could not find expected ':'
yaml: line 21: could not find expected ':'
Want results from more Discord servers?
Add your server
More Posts
Gremlin Injection Attacks?Is anyone talking about or looking into attacks and mitigations for Gremlin Injection Attacks? That Returned vertex properties (JS client)Hi, I've got a question regarding the returned vertex value when using the JS client. How come non-aAnyone using Tinkerpop docker as a local Cosmos replacementRunning into some random issues. Looking for tips and tricks.Configuring Websockets connection to pass through a proxy serverHey, I'm working on making G.V() fully proxy aware, but I can't seem to get websockets connection tpython goblin vs spring-data-goblin for interactions with gremlin serverI want an OGM to interact with my gremlin server. What would be a good choice?Is there any open source version of data visualizer for aws neptune?Is there any open source version of data visualizer for aws neptune. I'll need it since it essentialDynamic select within query not working.Any insights or help would be greatly appreciated. I have to pass a list of lists in the format beAdding multiple properties to a vertex using gremlin-goHello Community, I have a question regarding how multiple properties can be added to a vertex using Is it possible to walk 2 different graphs using custom TraversalStrategy in Gremlin?I have 2 different graphs in 2 different Neptune cluster. Both of them can have few reference verticSideEffect a variable, Use it later after BarrierStep?I seek a query that builds a list and then needs to both sum the list's mapped values and divide theMemory issue on repeatI am traversing all nodes occuring in the same cluster given one of the nodes in that cluster. SurpWhich database should i use for my DJ set planning software?Hi, i want to develop a software that lets DJs plan a set (i.e. playlist) and i'm wondering if graphHow will i add unique values to the vertices or edge properties in NeptuneI can't get a doc regarding adding unique data through gremlin. Is there any way to do it, other thaNot getting result in hasId() but id().is() worksI don't get any response using g.V().hasId(48). But when i use g.V().id().is(48). it shows output. Sdotnet `Enumeration has not started. Call MoveNext` if I try to enumerate over a resultI recently try to use gremlin to created a graph and query this graph. Currently I get it working toI can't create an edge in aws neptune using gremlin. I can create vertices. but not edge.import { driver, process as gremlinProcess, structure } from "gremlin"; async function checkOut() {Iterating over responsesI've got a query akin to this in a python application using `gremlin-python`: ``` t = traversal().wAWS Neptune updating gremlin driver to 3.6.2 introduced many bugs to working queriesAfter updating Amazon Neptune engine version from 1.2.0.2 to 1.2.1.0 and the Gremlin.Net (C# nuget)