AT
Apache TinkerPop9mo ago
skywalker_101010

Docker yaml authentication settings (gremlinserver.authentication) question

Does anyone have any experience setting up authentication on Docker by using the supplied .yaml file? I'm having trouble passingin a map to properly set one of the options: gremlinserver.authentication.config. Additional info, but not related to the my main problem: I have a file with the contents of username/password pairs which follow the schema: username:password (sha256) This file is located within the docker instance at: /etc/opt/janusgraph/janusgraph-credentials-server.properties However, gremlin server expects credentialsDb as a map and docker wants a string. Therefore I seem unable to configure this property. Here are the relevant parts of my docker .yaml file: 
services:
  janusgraph:
    image: docker.io/janusgraph/janusgraph:latest
    restart: "on-failure"
    container_name: janusgraph-server-1
    environment:
      JANUS_PROPS_TEMPLATE: cql
      janusgraph.storage.hostname: 192.168.1.44
      janusgraph.storage.port: 9042
      janusgraph.storage.username: cassandra
      janusgraph.storage.password: cassandra
      janusgraph.query.batch.enabled: true
      janusgraph.query.batch.limited: false
      janusgraph.index.search.elasticsearch.interface: REST_CLIENT
      gremlinserver.evaluationTimeout: 180000
      gremlinserver.authentication.authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator
      gremlinserver.authentication.config: {"credentialsDb": "/etc/opt/janusgraph/janusgraph-credentials-server.properties"} # <--- Source of problem
    ports:
      - "8182:8182"
    networks:
      - web
    healthcheck:
      test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
      interval: 10s
      timeout: 30s
      retries: 3
    volumes:
      - /home/user/janusgraph-credentials-server.properties:/etc/opt/janusgraph/janusgraph-credentials-server.properties:ro
services:
  janusgraph:
    image: docker.io/janusgraph/janusgraph:latest
    restart: "on-failure"
    container_name: janusgraph-server-1
    environment:
      JANUS_PROPS_TEMPLATE: cql
      janusgraph.storage.hostname: 192.168.1.44
      janusgraph.storage.port: 9042
      janusgraph.storage.username: cassandra
      janusgraph.storage.password: cassandra
      janusgraph.query.batch.enabled: true
      janusgraph.query.batch.limited: false
      janusgraph.index.search.elasticsearch.interface: REST_CLIENT
      gremlinserver.evaluationTimeout: 180000
      gremlinserver.authentication.authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator
      gremlinserver.authentication.config: {"credentialsDb": "/etc/opt/janusgraph/janusgraph-credentials-server.properties"} # <--- Source of problem
    ports:
      - "8182:8182"
    networks:
      - web
    healthcheck:
      test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
      interval: 10s
      timeout: 30s
      retries: 3
    volumes:
      - /home/user/janusgraph-credentials-server.properties:/etc/opt/janusgraph/janusgraph-credentials-server.properties:ro
Solution:
Due to gremlin server expecting a map, but docker being unable to pass it to the server in the format that is expected.
I think you simply have a slight misunderstanding of the YAML format here. YAML is basically a nested map of maps. Now, if your YAML looks like this: ...
Jump to solution
5 Replies
Florian Hockmann
Florian Hockmann9mo ago
However, gremlin server expects credentialsDb as a map and docker wants a string.
What do you mean by this exactly? Can you please share any errors you are getting caused by this? Also, did you write this YAML file by hand and then mount / COPY it into the Docker container or was it generated via env vars from the JanusGraph Docker startup logic?
skywalker_101010
skywalker_101010OP9mo ago
Hi @Florian Hockmann - it was the original docker file from the Janusgraph Github with slight customizations to the configuration per the guide on https://github.com/JanusGraph/janusgraph-docker. "The environment variables supported by the JanusGraph image are summarized below." janusgraph.* Any JanusGraph configuration option to override in the template properties file, specified with an outer janusgraph namespace (e.g., janusgraph.storage.hostname). See JanusGraph Configuration for available options. gremlinserver.* Any Gremlin Server configuration option to override in the default configuration (YAML) file, specified with an outer gremlinserver namespace (e.g., gremlinserver.threadPoolWorker). You can set or update nested options using additional dots (e.g., gremlinserver.graphs.graph). See Gremlin Server Configuration for available options. See Gremlin Server Environment Variable Syntax section below for help editing gremlin server configuration using environment variables. Has anyone here added authentication configs via gremlinserver.authentication.config by passing in a map? Or is everyone just using the standard authentication mechanism, no user or password? When removing authentication, the docker file spins up fine, but making an attempt to turn on authentication breaks it. Due to gremlin server expecting a map, but docker being unable to pass it to the server in the format that is expected. Am I formatting the map incorrectly? How have others found success? Testing: It's incredibly easy to test and reproduce. Take your already deployed docker file and try to spin up another instance by passing in a custom config via gremlinserver.authentication.config.
Solution
Florian Hockmann
Florian Hockmann9mo ago
Due to gremlin server expecting a map, but docker being unable to pass it to the server in the format that is expected.
I think you simply have a slight misunderstanding of the YAML format here. YAML is basically a nested map of maps. Now, if your YAML looks like this: 
a:
  b:
    c: test
a:
  b:
    c: test
then you can change the value of c via the JanusGraph Docker container by passing the environment variable gremlinserver.a.b.c=newvalue
Florian Hockmann
Florian Hockmann9mo ago
It also doesn't matter if you're using indentation or curly braces here. So the document could also look like this: 
a: {
  b: {
    c: test
  }
}
a: {
  b: {
    c: test
  }
}
So the two options you want to configure, can be configured via env vars with JanusGraph like this: gremlinserver.authentication.authenticator="org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator" and gremlinserver.authentication.config.credentialsDb="/etc/opt/janusgraph/janusgraph-credentials-server.properties" credentialsDb is just another entry under gremlinserver.authentication.config
skywalker_101010
skywalker_101010OP9mo ago
@Florian Hockmann - Thank you for your help. This worked and got me to my next step of troubleshooting, but for anyone trying make sure you replace = (equal) with a : (colon). 
yaml: line 21: could not find expected ':'
yaml: line 21: could not find expected ':'
Want results from more Discord servers?
Add your server