Arango cluster Docker deployment with Auth

78 views
Skip to first unread message

Sai

unread,
Feb 6, 2024, 2:34:54 PM2/6/24
to ArangoDB
Hi everyone,

we are trying to bring up an Arango db cluster using docker compose and if i enable authentication using `ARANGO_ROOT_PASSWORD`. the server is not coming up.
I don't find any documentation or sample with authentication enabled for a docker cluster environment.

Can someone please suggest or help me on this.

Asif Kazi

unread,
Feb 6, 2024, 10:04:36 PM2/6/24
to ArangoDB
Any reason to use docker and not k8s?

The ARANGO_ROOT_PASSWORD is probably only going to work for a standalone server not a cluster.

If you are setting up a cluster you may have to use the REST API / Arangosh to set the password as outlined in the docs

Can you elaborate on server not coming up, what are the logs saying?

Sai

unread,
Feb 7, 2024, 12:23:50 AM2/7/24
to ArangoDB
Thanks for quick response @asif

we are using both docker compose and k8s deployments, k8s is working as expected.
here is the sample docker-compose file to deploy agents
agent:
    image: arangodb:latest
    restart: always
    network_mode: host
    mem_limit: 1G
    memswap_limit: 1G
    environment:
      ARANGO_ROOT_PASSWORD: foobar
    volumes:
      - /data:/var/lib/arangodb3
      - /config/agent.conf:/etc/arangodb3/arangod.conf

and the conf looks like:

[database]
directory = /var/lib/arangodb3
[server]
endpoint = tcp://0.0.0.0:8530
storage-engine = auto
authentication = true
# gather server statistics
statistics = true
[log]
level = info
file =  -
[agency]
activate = true
my-address = tcp://100.101.10.10:8530
size = 3
supervision = true


it is a 3 node deployment and agents are up and not joining with other agents if we specify the authentication, whereas things work as expected without authentication.

Thanks 

Asif Kazi

unread,
Feb 7, 2024, 8:03:22 AM2/7/24
to aran...@googlegroups.com
Do you see a cluster without authentication or 3 separate single severs ?
--
Asif Kazi
VP of Customer Success

 
415 Mission Street FL 37, San Francisco, CA 94104, United States
cell:       +1 925 314 5065
email:     asif...@arangodb.com
book a meeting here


--
You received this message because you are subscribed to a topic in the Google Groups "ArangoDB" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/arangodb/sBPCP_jTSb0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to arangodb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/arangodb/1c9d6043-76e0-4986-b971-3ebe8d64d69en%40googlegroups.com.

Sai

unread,
Feb 7, 2024, 11:05:12 AM2/7/24
to ArangoDB
I see a cluster with 3 nodes without authentication.

-
Sai.

Sai

unread,
Feb 7, 2024, 11:55:24 AM2/7/24
to ArangoDB
Hi Asif, 

Here are the compose files and configs used which works for agent 

agent:
    image: arangodb:latest
    restart: always
    network_mode: host
    mem_limit: 1G
    memswap_limit: 1G
    environment:
      ARANGO_ROOT_PASSWORD: foobar
      ARANGO_NO_AUTH: 0

    volumes:
      - /data:/var/lib/arangodb3
      - /config/agent.conf:/etc/arangodb3/arangod.conf

the above is same for all the 3 nodes and the agent.conf files are as below:
agent.conf 1:

[database]
directory = /var/lib/arangodb3
[server]
endpoint = tcp://0.0.0.0:8530
storage-engine = auto
authentication = true
# gather server statistics
statistics = true
[log]
level = info
file =  -
[agency]
activate = true
my-address = tcp://100.101.10.10:8530
size = 3
supervision = true

agent.conf 2 

[database]
directory = /var/lib/arangodb3
[server]
endpoint = tcp://0.0.0.0:8530
storage-engine = auto
authentication = true
# gather server statistics
statistics = true
[log]
level = info
file =  -
[agency]
activate = true
my-address = tcp://100.101.10.11:8530

size = 3
supervision = true

agent.conf 3

[database]
directory = /var/lib/arangodb3
[server]
endpoint = tcp://0.0.0.0:8530
storage-engine = auto
authentication = true
# gather server statistics
statistics = true
[log]
level = info
file =  -
[agency]
activate = true

my-address = tcp://100.101.10.12:8530


size = 3
supervision = true

endpoint = tcp://100.101.10.10:8530
endpoint = tcp://100.101.10.11:8530
endpoint = tcp://100.101.10.12:8530

Here is the agent log from agent 1
2024-02-07T08:32:21Z [1] INFO [fe333] {engines} RocksDB recovery starting, scanning WAL starting from sequence number 97, latest sequence number: 241, active log files: 4, files in archive: 0
2024-02-07T08:32:21Z [1] INFO [a4ec8] {engines} RocksDB recovery finished, WAL entries scanned: 147, recovery start sequence number: 97, latest WAL sequence number: 241, max tick value found in WAL: 0, last HLC value found in WAL: 1790228287477252097
2024-02-07T08:32:21Z [1] INFO [6ea38] {general} using endpoint 'http+tcp://0.0.0.0:8530' for non-encrypted requests
2024-02-07T08:32:21Z [1] INFO [cf3f4] {general} ArangoDB (version 3.11.6 [linux]) is ready for business. Have fun!
2024-02-07T08:32:21Z [1] INFO [d7476] {agency} Restarting agent from persistence ...
2024-02-07T08:32:21Z [1] INFO [9530f] {agency} Found majority of agents in agreement over active pool. Finishing startup sequence.
2024-02-07T08:32:21Z [1] INFO [79fd7] {agency} Activating agent.
2024-02-07T08:32:55Z [1] INFO [95b8d] {agency} Adding AGNT-285d3a0f-0c0b-4d35-9a91-c3ffa50a1562(tcp://100.101.10.12:8530) to agent pool
2024-02-07T08:32:55Z [1] INFO [95b8d] {agency} Adding AGNT-bddf23c8-52f1-4d77-bc51-353bce28cb87(tcp://100.101.10.11:8530) to agent pool
2024-02-07T08:33:03Z [1] INFO [53541] {agency} AGNT-c84c5fd3-eb3d-49c3-825a-c65f33d29128: changing term or votedFor, current role: Follower term 1 votedFor:
2024-02-07T08:33:03Z [1] INFO [53541] {agency} AGNT-c84c5fd3-eb3d-49c3-825a-c65f33d29128: changing term or votedFor, current role: Follower term 1 votedFor: AGNT-285d3a0f-0c0b-4d35-9a91-c3ffa50a1562
2024-02-07T08:33:03Z [1] INFO [29175] {agency} Setting role to follower in term 1

here is the screenshot of the dashboard
Screenshot 2024-02-07 at 08.51.05.png

Thanks.

Asif Kazi

unread,
Feb 7, 2024, 12:35:21 PM2/7/24
to aran...@googlegroups.com
Do you have some time on Friday, I can work with you on it

--
Asif Kazi
VP of Customer Success

 
415 Mission Street FL 37, San Francisco, CA 94104, United States
cell:       +1 925 314 5065
email:     asif...@arangodb.com
book a meeting here

To view this discussion on the web visit https://groups.google.com/d/msgid/arangodb/1a6bf6ed-fdd3-487c-b88b-8d485dd92b32n%40googlegroups.com.

Sai

unread,
Feb 7, 2024, 1:57:50 PM2/7/24
to aran...@googlegroups.com
Sure, I am available on Friday. Let me know how we can connect.

Thanks,
Sai.

To view this discussion on the web visit https://groups.google.com/d/msgid/arangodb/CAKP6rEz4xg6qFjd_y6hBAk%3D-2_CMe2teaAm%3Dr%3DqwxG4JPXe2dA%40mail.gmail.com.

Asif Kazi

unread,
Feb 7, 2024, 6:16:37 PM2/7/24
to aran...@googlegroups.com
What timezone are you in I am in Pacific, can you find time on my calendar?

--
Asif Kazi
VP of Customer Success

 
415 Mission Street FL 37, San Francisco, CA 94104, United States
cell:       +1 925 314 5065
email:     asif...@arangodb.com
book a meeting here

To view this discussion on the web visit https://groups.google.com/d/msgid/arangodb/CAM3XRfXJDhRGmhp5qo7HbVj3_ZSm%2BMi3kO4kwgPyBV5%3D7OzAWQ%40mail.gmail.com.

Sai

unread,
Feb 27, 2024, 4:28:35 PM2/27/24
to ArangoDB
Thanks Asif for all the help, now we are able to use starter and deploy cluster as needed.

While using arango starter is there a way to specify the docker mem_limit and memswap_limit for the agent, server and coordinator docker containers ?

-
Sai.

Asif Kazi

unread,
Feb 27, 2024, 4:35:42 PM2/27/24
to aran...@googlegroups.com

--
Asif Kazi
VP of Customer Success

 
415 Mission Street FL 37, San Francisco, CA 94104, United States
cell:       +1 925 314 5065
email:     asif...@arangodb.com
book a meeting here

To view this discussion on the web visit https://groups.google.com/d/msgid/arangodb/4168298c-6e38-4f39-83ad-04ef3731389an%40googlegroups.com.

Sai

unread,
Feb 27, 2024, 7:22:58 PM2/27/24
to ArangoDB
I tired them.. I unfortunately see only below supported for docker

     

      --docker.container string                   name of the docker container that is running this process

      --docker.endpoint string                    Endpoint used to reach the docker daemon (default "unix:///var/run/docker.sock")

      --docker.gc-delay duration                  Delay before stopped containers are garbage collected (default 10m0s)

      --docker.image string                       name of the Docker image to use to launch arangod instances (leave empty to avoid using docker) (default "arangodb/arangodb:latest")

      --docker.imagePullPolicy string             pull docker image from docker hub (Always|IfNotPresent|Never)

      --docker.net-host                           Run containers with --net=host (DEPRECATED: use --docker.net-mode=host instead)

      --docker.net-mode string                    Run containers with --net=<value>

      --docker.privileged                         Run containers with --privileged

      --docker.sync-image string                  name of the Docker image to use to launch arangosync instances

      --docker.tty                                Run containers with TTY enabled (default true)

      --docker.user string                        use the given name as user to run the Docker container


I am looking for mem_limit to be specific.


Thanks

Sai.

Reply all
Reply to author
Forward
0 new messages