Admin Console not connecting to Edge Controller

cmbryner · January 26, 2023, 1:21pm

I restarted the install when I first installed I got the following errors could this be causing my issue

cmbryner · January 26, 2023, 1:30pm

cmbryner · January 26, 2023, 1:35pm

It looks as if it is not trusting the CERT to do a TLS handshake

TheLumberjack · January 26, 2023, 2:27pm

That’s the case when you land at the controller’s endpoint in a “non-mTLS” way. That’s not the issue here. Also those node related warnings, I get them too when running locally.

You’re still having a problem, right? It’s almost like we need to make a small node test app to figure out what’s happening for you. I really cannot reproduce still, sadly.

cmbryner · January 26, 2023, 3:35pm

I am still having the problem when I connect it says the controller is not online which is strange because it is online and able to be navigated to and the tutorial works

cmbryner · January 26, 2023, 4:02pm

TheLumberjack · January 26, 2023, 4:54pm

@jeremy.tellier - could we perhaps make a small branch from ZAC with additional debug lines to see if we can narrow down where / how this is failing for @cmbryner ?

This is a first, for sure, for this type of problem, @cmbryner. Unfortunately (thankfully?) you’re the only one to have this issue so far. If we added more debugging (as I mention above), could you pull a particular branch and try it out? We can provide instructions here how to clone/checkout a branch.

cmbryner · January 26, 2023, 5:45pm

If you provided instructions I could do that and give a try.

TheLumberjack · January 26, 2023, 5:59pm

Great. One more thing just came to my mind, if you open “developer tools” when ZAC is having this problem, is there anything helpful/useful logged in the console logger? Maybe it’s browser related somehow?

As you suggested, yuou could try a whole different VM too, just to see the thing work on a different VM… At least then you could feel better that it’s somehow RHEL related

jeremy.tellier · January 26, 2023, 7:19pm

The errors above are not the ZAC error log, can you run “node ./server.js debug” from the ZAC folder ziti-console where ls shows server.js and server.cjs?

jeremy.tellier · January 26, 2023, 7:52pm

I just made sure every ZAC node package was at the latest and a new image is processing now for 2.5.5 but I don’t see request being newer than what was there. From what I can tell with the log above it times out trying to connect.

jeremy.tellier · January 27, 2023, 12:54pm

@cmbryner - Just released version 2.5.6 of ZAC which exposes the detail around what the request errors with, try that and let us know what the console window says after trying with that please, that should help with this mystery. Thanks!

cmbryner · January 31, 2023, 1:03pm

I never noticed this on the quickstart and went back to the original install and this message is consistent so it may be the controller install and not the admin console

TheLumberjack · January 31, 2023, 2:02pm

I was making a big long post about recreating the problem, and it seems like I’m finally able to reproduce the problem exactly… I’ll see if I can debug more and will follow-up later.

cmbryner · January 31, 2023, 4:00pm

The Tar wasn’t the problem after resolving the issue the same behavior occurs, the proxy messed with me

cmbryner · January 31, 2023, 4:01pm

Definitely interested in what you find

TheLumberjack · January 31, 2023, 6:03pm

Well… My problem was I had goofed up the port…

Here’s a bunch of steps to try and an accompanying video I made demonstrating/narrating the steps

stop / kill any running processes

systemctl stop ziti-console
systemctl stop ziti-router
systemctl stop ziti-controller
for pid in $(pgrep ziti); do kill -9 $pid; done

cleanup old install by removing it all

rm -rf $HOME/.ziti

source the setup file but don’t run expressInstall just yet

source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/quick/ziti-cli-functions.sh)";

run unsetZitiEnv

This is to make sure your shell is clean for the express install step. You don’t need
to do it this way if you start with a clean shell, but I’m demonstrating how you
clean up/start over this way and this is the safest way to do it

unsetZitiEnv

setup the password you want the controller to use

this step just makes it easier to setup the password you want to use first before
running expressInstall

ZITI_PWD="myziti"

Run expressInstall

expressInstall

source the .env file expressInstall creates

source $HOME/.ziti/quickstart/$(hostname -s)/$(hostname -s).env

start the controller:

startController

verify the controller is running

look at the log and make sure you see something like:

[ 0.703] INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on 0.0.0.0:1280 for server client-management with APIs: [edge-management edge-client fabric]

tail -5 $ZITI_HOME/$(hostname -s).log

issue zitiLogin or `ziti edge login` to verify you can login

zitiLogin

# you'll see something like this shown:
# Token: d93a89f3-0955-42e8-8457-fef514ae2980
# Saving identity 'default' to /root/.ziti/quickstart/localhost/ziti-cli.json

start the router

startRouter

look at the last 25 router log lines to make sure it’s running and seems fine

make sure you don’t see any ERROR and that the last lines look something like:

[ 2.522] INFO edge/tunnel/intercept.SetDnsInterceptIpRange: dns intercept IP range: 100.64.0.1 - 100.127.255.254

tail -25 $ZITI_HOME/$(hostname -s)-edge-router.log

install ZAC from source

git clone https://github.com/openziti/ziti-console.git "${ZITI_HOME}/ziti-console"

verify npm 8+ and node 16+ using `npm version’

npm version
{
  npm: '8.19.2',
  node: '16.18.1',
  ...
  ...
  ...

cd to code and run npm install manually

cd "${ZITI_HOME}/ziti-console"
npm install

setup zac for TLS

ln -s "${ZITI_PKI}/${ZITI_EDGE_CONTROLLER_HOSTNAME}-intermediate/certs/${ZITI_EDGE_CONTROLLER_HOSTNAME}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_EDGE_CONTROLLER_HOSTNAME}-intermediate/keys/${ZITI_EDGE_CONTROLLER_HOSTNAME}-server.key" "${ZITI_HOME}/ziti-console/server.key"

manually start ZAC and confirm both http/https listening in debug mode:

run node server debug

node server debug
Initializing TLS
TLS initialized on port: 8443
Ziti Server running on port 1408

cmbryner · January 31, 2023, 9:40pm

IT WORKS

and I know why there were 3 things that messed me up all self inflicted

the NPM version was jacked up somehow the image the company provided me with had npm 18 on rhel 7.9 (hint rhel 7.9 is not compatible with it at least not in the way they want it to be)
My compiler was misconfigured for the use of npm (that is on me, multiple projects and testing different things can do that)
Permissions on the server certifications was incorrect somehow don’t know how but they were different when I compared my working install to the broken

Now comes the fun part of taking this software for a joyride to see if it works in offline environments

cmbryner · January 31, 2023, 9:41pm

Thank you for all your help

TheLumberjack · January 31, 2023, 11:34pm

HEY HEY! Glad that it helped and that you got it working! Great to hear! Can’t wait to see what you end up using it for, let us know!