Adding port to Intercept or Host adds another terminator

I have a ziti overlay where I have a controller, console, edge router, edge tunnel and ZEDW. For this, I have an edge tunnel running on linux (dont think this is relevant).

I have a service pointing to the terminator on Linux, which will go through edge router. On the service (pointing to the linux edge tunnel) I have SSH and HTTP enabled. That is fine and all works. However, when I add a port to the intercept or if I have a port to the host configuration, I end up with another terminator (additional two when configuring all up). However, if I delete the service, and then recreate after I add the configs, I get one terminator for all the services (it deletes the three and then creates one). I was expecting that the terminator would be modified or replaced with an updated version as opposed to adding more. For this, I did this through the ZAC so may be different on the command line.

So, here, is the result after I added 9392 to the bind/intercept configurations

ziti@f39c5a9a35ef:/openziti$ ziti edge list terminators
╭──────┬──────────────────┬────────────────────────────────┬─────────┬─────────────────────────────────────────────┬──────────┬──────┬────────────┬──────────────╮
│ ID   │ SERVICE          │ ROUTER                         │ BINDING │ ADDRESS                                     │ IDENTITY │ COST │ PRECEDENCE │ DYNAMIC COST │
├──────┼──────────────────┼────────────────────────────────┼─────────┼─────────────────────────────────────────────┼──────────┼──────┼────────────┼──────────────┤
│ 8YXO │  ltvulscan01.svc │ zitiedgerouter.thesmithcave.nz │ edge    │ hosted:9b25d875-e423-468e-8d33-8ce58110db3f │          │    0 │ default    │            2 │
│ de4n │  ltvulscan01.svc │ zitiedgerouter.thesmithcave.nz │ edge    │ hosted:909c7ea3-2d4f-48b9-ae14-0204853ccda6 │          │    0 │ default    │           20 │
│ dl28 │  ltvulscan01.svc │ zitiedgerouter.thesmithcave.nz │ edge    │ hosted:2ed6baeb-a105-4b36-b13b-3fc67a6ffd7f │          │    0 │ default    │            2 │
╰──────┴──────────────────┴────────────────────────────────┴─────────┴─────────────────────────────────────────────┴──────────┴──────┴────────────┴──────────────╯

ziti@f39c5a9a35ef:/openziti$ ziti edge list services   
╭────────────┬──────────────────┬────────────┬─────────────────────┬────────────╮
│ ID         │ NAME             │ ENCRYPTION │ TERMINATOR STRATEGY │ ATTRIBUTES │
│            │                  │  REQUIRED  │                     │            │
├────────────┼──────────────────┼────────────┼─────────────────────┼────────────┤
│ av6FtKfKTW │  ltvulscan01.svc │ true       │ smartrouting        │            │
╰────────────┴──────────────────┴────────────┴─────────────────────┴────────────╯

I cannot find the other commands I want, so here are some screenshots. Now I first came across this issue when I added port 80 alongside of port 22, so I deleted the service and re-created and then only got one terminator. So, all of this post shows what happens when I added 9392 into the Intercept/Host configs

image1044×661 67.7 KB

image631×801 37.4 KB

image637×649 29.5 KB

Is this expected behaviour?

On a slight (un)related note - you can add a service name with a space ( ) at the beginning and this is allowed. I had not noticed as I was cutting/pasting. It was only when I was dumping some command line results from there that I noticed the indentation. This is on ZAC 2.3.4. I will log a bug for this.

Just so I understand, other than the apparent odd terminator behavior, nothing is malfunctioning, right? You’ve just noticed an oddity and are looking to understand ‘why’. Right? This probably needs @plorenz to comment on the terminator behavior.

I just want to make sure there’s not a problem happening in there.

As for the space at the begging thing, in the UI those should probably be trimmed. Thanks for the issue.

Yeah. No problem - justify oddness and wanting to understand why:-). And that issue for space was also logged 16 days ago as well.

Yeah, I noticed when I looked at it. I’ve asked @jeremy.tellier to give some of those ZAC issues some thought. Should have some updates in ZAC soon

I will trim the inputs in the UI but the service should probably kick that back too.

I think this is likely a bug in in the tunneler sdk. Depending on implementation, the terminator should either be unchanged or replaced, but not added to.