Ok. I hope this helps… Here are the commands/notes I show in the video. @markamind I think you can start from the bullet labeled “HERE IS THE FIX”.
Things done before the video starts:
-
Create VCN
-
Create Subnet
-
Create Security List
-
opened ports 8441-8443
-
used netcat
ncto very ports were open -
create instance named openziti09b
-
opened LOCAL firewall in firewalld with:
sudo firewall-cmd --zone=public --add-port=8441/tcp --permanent sudo firewall-cmd --zone=public --add-port=8442/tcp --permanent sudo firewall-cmd --zone=public --add-port=8443/tcp --permanent sudo systemctl restart firewalld -
disable selinux - didn’t troubleshoot but SELINUX prevented the systemd units from working
sudo cp /etc/selinux/config /etc/selinux/config.back sudo sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config sudo /usr/sbin/setenforce 0 -
installed golang using instructions from here
-
installing golang via that link puts go into /usr/local/go/bin/go, so i also added
/usr/local/go/bin/to my path in .bashrc -
Installed git using:
sudo dnf install git -y
Steps in the video Discourse Help - OCI Quickstart - unlisted - YouTube
-
RERAN expressInstall with EXTERNAL_DNS set to the EXTERNAL_IP! This was important - due to Oracle Cloud. Unlike AWS oracle doesn’t give your compute instances a DNS name.
export EXTERNAL_DNS="$(curl -s eth0.me)" -
HERE IS THE FIX the quickstart is putting the hostname into the router configuration. To fix that you need to edit the configuration finding the hostname and replacing it with the external IP address. Then you need to deleting/recreate the edge router. Only do this after successfully running quickstart.
# set a variable and use this in the next three commands routerName=clintozapr09b-edge-router ziti edge delete edge-router ${routerName} ziti edge create edge-router ${routerName} -t -a "public" -o ${routerName}.jwt ziti-router enroll ~/.ziti/quickstart/clintozapr09b/${routerName}.yaml -j ${routerName}.jwt -
installed ZAC by following the ZAC install guide
Making sure it all works:
Once I had the ZAC running and fixed the bug I was able to verify the golang http example was working by running the zitified server/client and testing with my local browser…
-
created four identities: one for the golang server, one for the client, one for my desktop, one for my mobile.
-
i enrolled the server/client for immediate use.
-
identities were created using
-a "http-clients"so that i could make one ‘dial’ policy and use the attributeziti edge create identity service golang.http.server -o $HOME/golang.http.server.jwt ziti edge enroll $HOME/golang.http.server.jwt ziti edge create identity service golang.http.client -a "http-clients" -o $HOME/golang.http.client.jwt ziti edge enroll $HOME/golang.http.client.jwt ziti edge create identity service golang.http.desktop.client -a "http-clients" -o $HOME/golang.http.desktop.client.jwt ziti edge create identity service golang.http.mobile.client -a "http-clients" -o $HOME/golang.http.mobile.client.jwt -
created the one needed config, the service, and two policies…
ziti edge create config golanghttp-intercept.v1 intercept.v1 '{"protocols":["tcp"],"addresses":["golanghttp.zitified"], "portRanges":[{"low":1234, "high":2345}]}' ziti edge create service golanghttp --configs 'golanghttp-intercept.v1' ziti edge create service-policy golanghttp-bind-policy Bind --identity-roles '@golang.http.server' --service-roles '@golanghttp' ziti edge create service-policy golanghttp-dial-policy Dial --identity-roles '#http-clients' --service-roles '@golanghttp' -
cloned the golang sdk for demo use:
git clone GitHub - openziti/sdk-golang: Ziti SDK for Golang “${ZITI_HOME}/sdk-golang”
cd “${ZITI_HOME}/sdk-golang/exercises/http/server/zitified” -
ran the zitified simple-server
go run simple-server.go "$HOME/golang.http.server.json" "golanghttp" -
ran the zitified simple-client
go run simple-client.go $HOME/golang.http.client.json golanghttp -
opened this url in desktop browser and saw the expected results