I have use quickstart deployment openziti v1.5.4, create Controller and Edge router1 , it works find .
But i want create a new edge router2. I followed the router deployment setup , create a new router2. It's online in ZAC. It seems OK . But edge tunnel logs show
Jun 26 09:30:12 localhost.localdomain ziti-edge-tunnel[6217]: (6217)[ 931.719] INFO ziti-sdk:channel.c:775 reconnect_channel() ch[0] reconnecting in 33116ms (attempt = 16)
Jun 26 09:30:45 localhost.localdomain ziti-edge-tunnel[6217]: (6217)[ 964.835] ERROR ziti-sdk:channel.c:903 on_channel_connect_internal() ch[0] failed to connect to ER[test-edge-router2] [-111/connection refused]
Jun 26 09:30:45 localhost.localdomain ziti-edge-tunnel[6217]: (6217)[ 964.835] INFO ziti-sdk:channel.c:775 reconnect_channel() ch[0] reconnecting in 87030ms (attempt = 17)
Jun 26 09:32:13 localhost.localdomain ziti-edge-tunnel[6217]: (6217)[ 1051.865] ERROR ziti-sdk:channel.c:903 on_channel_connect_internal() ch[0] failed to connect to ER[test-edge-router2] [-111/connection refused]
On edge tunnel , I test telnet test-edge-router2 3022, It's OK.
What's the problem , it confuse me a lot.
my new edge router2 config.yml
v: 3
identity:
cert: "/var/lib/private/ziti-router/router.cert"
server_cert: "/var/lib/private/ziti-router/router.server.chain.cert"
key: "/var/lib/private/ziti-router/router.key"
ca: "/var/lib/private/ziti-router/router.cas"
#alt_server_certs:
# - server_cert: ""
# server_key: ""
ha:
enabled: false
ctrl:
endpoint: tls:test:1280
link:
dialers:
- binding: transport
listeners:
- binding: transport
bind: tls:0.0.0.0:3022
advertise: tls:localhost:3022
options:
outQueueSize: 4
listeners:
# bindings of edge and tunnel requires an "edge" section below
- binding: edge
address: tls:0.0.0.0:3022
options:
advertise: localhost:3022
connectTimeoutMs: 5000
getSessionTimeout: 60
- binding: tunnel
options:
mode: host #tproxy|host
edge:
csr:
country: US
province: NC
locality: Charlotte
organization: NetFoundry
organizationalUnit: Ziti
sans:
dns:
- localhost
- localhost
- localhost.localdomain
ip:
- "127.0.0.1"
- "::1"
#transport:
# ws:
# writeTimeout: 10
# readTimeout: 5
# idleTimeout: 120
# pongTimeout: 60
# pingInterval: 54
# handshakeTimeout: 10
# readBufferSize: 4096
# writeBufferSize: 4096
# enableCompression: true
forwarder:
latencyProbeInterval: 0
xgressDialQueueLength: 1000
xgressDialWorkerCount: 128
linkDialQueueLength: 1000
linkDialWorkerCount: 32
Hi @shujiepan, welcome to the community and to OpenZiti!
Thanks for posting your config file. I see you said you can telnet to test-edge-router2 but looking at your config it has two possible issues.
First your 'advertise' addresses are all 'localhost'. That's almost certainly not what you want since I expect the second router is on a different VM/host?
Also looking at your controller endpoint, it says "tls:test:1280". That means your router will need to be able to connect to the controller by opening a connection to host "test" on port "1280". That also seems wrong.
These things work find when the router and controller are on the same machine, but when you move the router to a different machine or stand up a new router these settings are important and are likely the cause of your problems.
Thank for you replay . I have sovle the problem.
The reason is I lost one step
“ziti create config router edge --routerName=test-edge-router2”
After I run this command , config.yml is modfiy again . And router2 it works .
[root@localhost ziti-router]# more config.yml
v: 3
identity:
cert: "/var/lib/private/ziti-router/router.cert"
server_cert: "/var/lib/private/ziti-router/router.server.chain.cert"
key: "/var/lib/private/ziti-router/router.key"
ca: "/var/lib/private/ziti-router/router.cas"
#alt_server_certs:
# - server_cert: ""
# server_key: ""
ha:
enabled: false
ctrl:
endpoint: tls:test:1280
link:
dialers:
- binding: transport
listeners:
- binding: transport
bind: tls:0.0.0.0:3022
advertise: tls:test-edge-router2:3022
options:
outQueueSize: 4
listeners:
# bindings of edge and tunnel requires an "edge" section below
- binding: edge
address: tls:0.0.0.0:3022
options:
advertise: test-edge-router2:3022
connectTimeoutMs: 5000
getSessionTimeout: 60
- binding: tunnel
options:
mode: host #tproxy|host
edge:
csr:
country: US
province: NC
locality: Charlotte
organization: NetFoundry
organizationalUnit: Ziti
sans:
dns:
- localhost
- test-edge-router2
- localhost.localdomain
ip:
- "127.0.0.1"
- "::1"
#transport:
# ws:
# writeTimeout: 10
# readTimeout: 5
# idleTimeout: 120
# pongTimeout: 60
# pingInterval: 54
# handshakeTimeout: 10
# readBufferSize: 4096
# writeBufferSize: 4096
# enableCompression: true
forwarder:
latencyProbeInterval: 0
xgressDialQueueLength: 1000
xgressDialWorkerCount: 128
linkDialQueueLength: 1000
linkDialWorkerCount: 32
But I still confuse the two setp, what's the use between them
1、/opt/openziti/etc/router/bootstrap.bash
2、ziti create config router edge --routerName=test-edge-router2
The bootstrap.bash runs the config generator command for you when you run it. It's trying to be helpful to reduce total commands you need to run.
Here's the configuration section of the Linux router guide: Router Deployment | OpenZiti
You can generate a router config automatically by supplying a few input values, migrate an existing configuration from another host or container, or you can hand-craft a router configuration yourself from scratch. The ziti create config router command is one way to start crafting a router config and it's used by bootstrap.bash when you elect to have the config generated for you by running that script.