Configuring zping

Zitifications
1

I noticed some pretty cool tools and thought to give them a go.

I thought to start with zping

Rather than recreate the identities.. I was going to use the same as I had setup for the zssh demo.

The commands that I ran to setup the environment are

ziti edge create service ziti-ping --configs zssh-server-host.v1

ziti edge create service-policy ziti-ping-binding Bind --service-roles '@ziti-ping' --identity-roles '@ssh.server.id'

ziti edge create service-policy ziti-ping-dialing Dial --service-roles '@ziti-ping --identity-roles '@ssh.client.id'

Then.. I used the following command to perform the test... after I have confirmed that the terminator was running

./zping client -c /Users/houst/.zssh/zssh.json -i http://golanghttp.zitified:2000

However.. when I do this.. I get the following error

Error dialing service error="service 'ziti-ping' not found"

Let me know if you have any ideas on what I am missing..

2

I realised that the client dial policy did not get created.. this is now fixed but I get a different error

$ ./zping client -c /Users/houst/.zssh/zssh.json -i http://golanghttp.zitified:2000

INFO[0000] connection to edge router using token 7b2de054-6195-4e2c-81f4-9b0ec7f87bcf
ERRO[0000] Error dialing service error="unable to dial service 'ziti-ping': dial failed: service oCI.T4Y8zs has no terminators"

I have had something like this before but cannot remember how to correct..

I think I need to setup a host.. but are not sure of the configuration

3

This is almost always a dial or bind policy issue. Usually misassigned policies for the identity. You figured that out on your own, nice!

This is almost always one of two things. You're dialing an endpoint which is offline or your dialing a service which is bound by a particular identity without specifying the dial options which indicate which identity to dial.

You can run ziti edge list terminators to see if any terminators exist. There needs to be one listed. If none are listed you have no identities binding the service online. If one is listed, it should be tied to an identity.

I expect you don't have any terminators and no identity has bound that service yet

4

Thanks.. getting close.. though I am thinking I am missing something.. maybe a quick demo would be helpful to illustrate.

I have confirmed that the endpoint [http://golanghttp.zitified:2000] is active using a Desktop tunneller.

Though the problem appears related to the ziti-ping service.

Is there something you need to run on the server for a terminator to appear?

or.. do you need to provide all access to the service policies.. so that the "client" can see the golanghttp service.

In short, I am not really sure what the ziti-ping service does or how to get its terminator going

5

Ahh.. think I found it.. I have not setup an addressable terminator

I was going to use something like this

ziti edge create config ziti-ping-server host.v1 '{"protocol":"tcp", "address":"127.0.0.1","port":22, "listenOptions": {"bindUsingEdgeIdentity":true} }'

Ahh.. and then I would need to reconfigure the service so that it uses this config...

will give it a go to see if it works

6

I ran the following... which I think creates the addressable terminator

not sure if it should be a host.v1.. or a tunneller.v1 etc..
also not sure about the port number.. as I did not see this being something used in a ping request

ziti edge create config ziti-ping-host.v1 host.v1 '{"protocol":"tcp", "address":"127.0.0.1","port":30, "listenOptions": {"bindUsingEdgeIdentity":true} }'

ziti edge create service ziti-ping --configs ziti-ping-host.v1

any tips re what else I can do?

7

hmm.. maybe this is the mistake that I am making

  1. Enroll the endpoints with the zping binary

So... does this mean that you need to enrol the identities using zping ... as opposed to another app like zssh?

I will set up a fresh config with new identities tomorrow..

8

Fresh identities are not necessary. It’d be helpful to see the list of things you did in a short list, maybe some bullets. Looking at the doc, I don’t see anywhere that you started the zping server. You will need zping running as ‘server’ somewhere:

./zping server -c zpingendpoint1.json
1 Like
9

If you’re interested in getting insight into the network, you can also try

ziti edge traceroute <service-name> -c <identity-config.json>

This will show route trip latency for each hop in the ziti circuit.

Cheers,
Paul

2 Likes
10

Ahh.. that will be the problem.. makes sense now :slight_smile:

11

This is very helpful.. thanks.. as it give me one more tool to investigate and understand problems. Nice :slight_smile:

12

Screen Shot 2022-05-10 at 5.46.22 am
Screen Shot 2022-05-10 at 5.46.22 am2244×718 253 KB

Thanks… got it working now… huge.

I realised that I needed to compile the app on the desktop and server… as they operate on different operating systems.

This helps me understand how it all connects together.

“That’s one small step for man, one giant leap for mankind.” Neil Armstrong

1 Like