I was running controller in ec2 machine in k3d , I tried to stop and start the instance and from there on I am not able to login ,
I get error
[ 30.001] INFO ziti/ziti/cmd/helpers.StandardErrorMessage: Connection error: Get https://myhost:1280/.well-known/est/cacerts: dial tcp ip:1280: i/o timeout
Unable to connect to the server: dial tcp ip:1280: i/o timeout
Issues in controller logs
{"cause":"apiSessions with id clx3h98191vcj0d6fjncquxci not found","enforcerId":"4a1a2acf-ccc2-4a25-af1f-8e82467dfb0b","enforcerName":"ServicePolicyEnforcer","file":"github.com/openziti/ziti/controller/server/controller.go:84","func":"github.com/openziti/ziti/controller/server.NewController.func1","level":"error","msg":"error running policy enforcer","time":"2024-07-06T16:31:36.966Z"}
Do I understand? You restarted your EC2 instance that was running K3D, and then you were no longer able to do ziti edge login
from another host.
If so, did K3D restart when you restarted the machine?
sorry , since IP was changed during machine restart , so it did not work
It sounds like you figured it out. Let us know if you get stuck again.
ya seems like if we lost of the advertising address of controller (domain) , there is no way to recover right , since routers and tunnels know the controller only by that address
It's important to use a DNS name for the controller address for this reason. That way, if the IP address of the controller changes you can update the DNS record and everything will continue working normally.
If the controller address changes then all existing enrollments will break, i.e., all enrolled identities and all enrolled routers will stop working.