Live loader does not work with TLS

[vipulmathur]

What version of Dgraph are you using?

v1.0.17

Have you tried reproducing the issue with latest release?

No. I can't use v1.1.x yet due to the breaking changes.

What is the hardware spec (RAM, OS)?

Not sure if it matters to the issue, but I am using Arch Linux on a Dell XPS 15 with 16GB RAM.

Steps to reproduce the issue (command/config used to run Dgraph).

These steps are based on the documentation at: https://docs.dgraph.io/deploy/#tls-configuration and the contributed samples at: https://github.com/dgraph-io/dgraph/tree/v1.0.17/contrib/tlstest

1. Generate certificates and bring up zero and alpha:

dgraph cert -n localhost -c live
dgraph zero
dgraph alpha --lru_mb 1024 -z localhost:5080 --tls_dir ./tls

2. Copy this (or any other) sample file data.rdf.gz into the current directory.

3. Try live load

dgraph live -d localhost:9080 --tls_dir ./tls -r data.rdf.gz -z localhost:5080

Expected behaviour and actual result.

Expected the live load to go through, as per the documentation: https://docs.dgraph.io/deploy/#tls-options

However, the following error is shown:

I0905 03:05:09.840878   24229 init.go:88]

Dgraph version   : v1.0.17
Commit SHA-1     : 42deb299
Commit timestamp : 2019-08-30 12:46:31 -0700
Branch           : HEAD
Go version       : go1.12.7

...

2019/09/05 03:05:09 While trying to setup connection to Dgraph alpha. error: open tls/client.crt: no such file or directory

The last line points to a missing expectation of client.crt in the tls directory, contrary to the linked documentation that suggests that the client.live.crt and client.live.key that are generated would be sufficient.

At this point, I renamed the files:

mv tls/client.live.crt tls/client.crt
mv tls/client.live.key tls/client.key

Repeating the live load command now gives:

I0905 03:10:48.695846   24510 init.go:88]

Dgraph version   : v1.0.17
Commit SHA-1     : 42deb299
Commit timestamp : 2019-08-30 12:46:31 -0700
Branch           : HEAD
Go version       : go1.12.7

...

Creating temp client directory at /tmp/x134925780
badger 2019/09/05 03:10:48 INFO: All 0 tables opened in 0s
2019/09/05 03:10:58 Unable to connect to zero, Is it running at localhost:5080? error: context deadline exceeded

There are no errors in the logs for zero and alpha and zero is definitely running at localhost:5080. Last message on alpha's log is:

I0905 02:59:51.470943   23919 groups.go:734] Got Zero leader: localhost:5080

[martinmr]

I am able to get live loader to work on master with the same setup for zero and alpha with this command: dgraph live -a localhost:9080 --tls_cacert ./tls/ca.crt --tls_cert ./tls/client.live.crt -f somedatafile.rdf.gz -z localhost:5080.

The issue seems to be that 1.0 does not have a flag to specify the client cert.

@gitlw can you take a look at this? In particular, why can't you specify a client cert in 1.0. It looks like dgraph is trying to make a guess but I don't think it's working too well.

[gitlw]

Closing this issue as it has been addressed in #3936