https://www.ory.sh/ logo
Join Slack
Powered by
Hi All, I am interested in learning about Keto cur...
# ory-selfhosting
n
Hi All, I am interested in learning about Keto currently evaluating it for our internal Authorisation system and trying to install via docker setup. Config
Copy code
version: v0.8.0-alpha.2
 
log:
 format: json
 leak_sensitive_values: false
 level: debug
 
serve:
 read:
   host: localhost
   port: 4466
 write:
   host: localhost
   port: 4467
 
namespaces: 
 - accounts
 
#dsn: memory
dsn: <postgres://keto:keto@localhost:5432/keto>
Steps followed:
Copy code
export KETO_WRITE_REMOTE=localhost:4467
export KETO_READ_REMOTE=localhost:4466


$ keto status
neither flag --read-remote nor env var KETO_READ_REMOTE are set, falling back to 127.0.0.1:4466
SERVING
$ keto migrate up -c config/keto.yml
I am getting following error when I run 
keto relation-tuple create config/myAccountEditableByTarak.json
Copy code
neither flag --write-remote nor env var KETO_WRITE_REMOTE are set, falling back to 127.0.0.1:4467
Error doing the request: rpc error: code = Unavailable desc = error reading from server: EOF
JSON
Copy code
{
  "namespace": "accounts",
  "object": "person-uuid-1",
  "relation": "owner",
  "subject_id": "person-uuid-1"
}
Also, I am not able to connect to REST API as well. IS there any additional configuration required for the setup?
m
Are you able to run the quickstart with docker-compose without problems?
Also, I am not able to connect to REST API as well.
Sounds like a problem with docker. Not sure where to start but how are the logs for Keto looking?
n
I agree had few issues with docker setup - had to dig in the code and understand the logic around. I can raise a PR for it but didn't got chance to look at contribution doco yet. TLDR; There seem to be a dependency on couple of things • the default config is not setup for namespace • There seem to be dependency on 
config/relation-tuples
director for default setup (either it needs to have some example relationships or keto-init setup) Mine looks like this
Copy code
keto-init:
    image: oryd/keto:v0.8.0-alpha.2
    environment:
      - KETO_WRITE_REMOTE=keto:4467
    volumes:
      - type: bind
        source: .
        target: /etc
    command: relation-tuple create /etc/config/action-tuples && relation-tuple create /etc/config/action-tuples
    restart: on-failure
With REST API, i thought it because we are not exposing the port, but when I fixed the app errors, It API seemed to work OK !
Not sure where to start but how are the logs for Keto looking?
With logs - with this specific problem it was not clear that there is an issue with namespace or tuple setup!
m
I see, glad that you were able to resolve it. Did I understand you correctly that the above command is needed to have Keto run in Docker out of the box? Is there anything we can improve easily ?
n
To run out of the box - there are couple of things needs to be add default namespace config, and for 
keto-init
to run and test the cat example - you need the folder and 
relation-tuples
required to be checked in
above example is just I was trying to setup locally
Also, the logs are not stating any issues that the namespace is not configured as per the relation tuple when keto is restarting - may be logs can be improved for this scenario
54 Views
Open in Slack
PreviousNext
Powered by