Let's say I'm running a lambda(aws) or cloud run (gcp) and it is supposed to call one of my ziti services via http with ziti domain .
What are the patterns that can be adopted to make this work ?
Let's say I'm running a lambda(aws) or cloud run (gcp) and it is supposed to call one of my ziti services via http with ziti domain .
What are the patterns that can be adopted to make this work ?
Generally it does depend on what you're doing and how and i think you'll need to adopt an OpenZiti sdk. It's generally relatively easy to deploy that sort of solution on any compute anywhere.
There's a blog from a couple years ago that i think might help:
I tried running the code in cloudrun where I would deploy the code zipped with tunnel.json (that has client identity)
and would run
@functions_framework.http
def lambda_handler(request: flask.Request):
if not os.path.exists("tunnel.json"):
download_file_from_s3("ziti/tunnel.json","tunnel.json")
if os.path.exists("tunnel.json"):
## set the env ZITI_IDENTITIES
os.environ["ZITI_IDENTITIES"] = "tunnel.json"
print("ZITI_IDENTITIES",os.environ["ZITI_IDENTITIES"])
print("Enrolled successfully")
with openziti.monkeypatch():
## add retry logic
retries = 0
while retries < 10:
try:
print(f"Attempt {retries + 1} to fetch data from the app.")
## trace the requests
## print the tunnel.json
with open("tunnel.json", "r") as f:
print(f.read())
r = requests.get('http://testapp-app-c79824f1-8b5d-indexify.kloudsoft.co:8000/files/namespaces')
print(f"Response received with status code {r.status_code}")
print("json response is",r.json())
return {
'statusCode': 200,
'body': json.dumps(r.json())
}
except Exception as e:
retries += 1
print(f"Attempt {retries} failed: {e}")
time.sleep(1)
return jsonify({"error": "Failed to retrieve data after multiple attempts"}), 500
else:
download_file_from_s3("ziti/tunnel.json","tunnel.json")
return jsonify({"message": "Tunnel file not found, downloading..."}), 404
When I run the same thing in local I get response
(indexify) ➜ terraform-ovh-trino git:(main) ✗ python3 ziti.py
Enrolled successfully
ZITI_IDENTITIES tunnel.json
200
{'namespaces': [{'name': 'dev', 'created_at': 1747208546854}]}
(47783)[ 7.821] ERROR ziti-sdk:channel.c:904 on_channel_connect_internal() ch[1] failed to connect to ER[router5] [-3008/unknown node or service]
I am making sure I'm passing identity json and also setting up the right environment variables for openziti sdk to use it not sure why its not calling the ziti api in cloud run
While it shows error
(47783)[ 7.821] ERROR ziti-sdk:channel.c:904 on_channel_connect_internal() ch[1] failed to connect to ER[router5] [-3008/unknown node or service]
that seems normal because it is even returned in my local but the difference is in local I also get response from api request and then there is this extra line of error message
My guess is that your routers are not advertising a globally resolvable address and the lambda can't connect to your routers. I don't think this is a ziti-thing, per-se, other than how you have the overlay configured.
I don't think we'll be able to really help you with that issue though. Check "router5" (or all your rotuers) and make sure they are all resolvable from anywhere.
But in other machines that runs python script instead of cloudrun can actually reach that service so I confirmed router is resolvable
I don't think I'll be able to help here. I don't know how your lambda/cloudrun are setup. If it's not resolving the rotuers, you could try an ip address. You might need to check the network policies etc. It doesn't sound like an OpenZiti problem to me, sounds like a firewall/security group sort of thing
OK , I do see
Uncaught signal: 11, pid=10, tid=10, fault_addr=68904613304592.
as well at times.
just curious , if experienced this ?