klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ npm version
{
‘io.netfoundry.zac’: ‘2.5.7’,
npm: ‘7.5.2’,
node: ‘12.22.12’,
v8: ‘7.8.279.23-node.57’,
uv: ‘1.40.0’,
zlib: ‘1.2.11’,
brotli: ‘1.0.9’,
ares: ‘1.17.1’,
modules: ‘72’,
nghttp2: ‘1.43.0’,
napi: ‘8’,
llhttp: ‘2.1.6’,
http_parser: ‘2.9.4’,
openssl: ‘1.1.1n’,
cldr: ‘37.0’,
icu: ‘67.1’,
tz: ‘2019c’,
unicode: ‘13.0’
}
As stated, your node is too old. It states that you need 14+ for node. Please upgrade your node environment. I’d recommend 16+
you need node to run one of these versions:
required: { node: ‘^14.17.0 || ^16.13.0 || >=18.0.0’ }`
but the current node is v12:
current: { node: ‘v12.22.12’, npm: ‘7.5.2’ }
Hi:
I opened another terminal to install newest version of node.
Then, when I go back to the terminal I run the ziti-consle to run npm install again, it shows:
should I restart everything ?
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ npm install
node:internal/modules/cjs/loader:1063
throw err;
^
Error: Cannot find module ‘semver’
Require stack:
- /usr/share/nodejs/npm/lib/utils/unsupported.js
- /usr/share/nodejs/npm/lib/cli.js
- /usr/share/nodejs/npm/bin/npm-cli.js
at Module._resolveFilename (node:internal/modules/cjs/loader:1060:15)
at Module._load (node:internal/modules/cjs/loader:905:27)
at Module.require (node:internal/modules/cjs/loader:1127:19)
at require (node:internal/modules/helpers:112:18)
at Object. (/usr/share/nodejs/npm/lib/utils/unsupported.js:1:16)
at Module._compile (node:internal/modules/cjs/loader:1246:14)
at Module._extensions…js (node:internal/modules/cjs/loader:1300:10)
at Module.load (node:internal/modules/cjs/loader:1103:32)
at Module._load (node:internal/modules/cjs/loader:942:12)
at Module.require (node:internal/modules/cjs/loader:1127:19) {
code: ‘MODULE_NOT_FOUND’,
requireStack: [
‘/usr/share/nodejs/npm/lib/utils/unsupported.js’,
‘/usr/share/nodejs/npm/lib/cli.js’,
‘/usr/share/nodejs/npm/bin/npm-cli.js’
]
}
Node.js v19.5.0
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ npm version
node:internal/modules/cjs/loader:1063
throw err;
^
Error: Cannot find module ‘semver’
Require stack:
- /usr/share/nodejs/npm/lib/utils/unsupported.js
- /usr/share/nodejs/npm/lib/cli.js
- /usr/share/nodejs/npm/bin/npm-cli.js
at Module._resolveFilename (node:internal/modules/cjs/loader:1060:15)
at Module._load (node:internal/modules/cjs/loader:905:27)
at Module.require (node:internal/modules/cjs/loader:1127:19)
at require (node:internal/modules/helpers:112:18)
at Object. (/usr/share/nodejs/npm/lib/utils/unsupported.js:1:16)
at Module._compile (node:internal/modules/cjs/loader:1246:14)
at Module._extensions…js (node:internal/modules/cjs/loader:1300:10)
at Module.load (node:internal/modules/cjs/loader:1103:32)
at Module._load (node:internal/modules/cjs/loader:942:12)
at Module.require (node:internal/modules/cjs/loader:1127:19) {
code: ‘MODULE_NOT_FOUND’,
requireStack: [
‘/usr/share/nodejs/npm/lib/utils/unsupported.js’,
‘/usr/share/nodejs/npm/lib/cli.js’,
‘/usr/share/nodejs/npm/bin/npm-cli.js’
]
}
Node.js v19.5.0
@jeremy.tellier – does ZAC work with node 19? I feel like maybe node 19 made a change?
Hi:
I have changed it to node 18.13.
In another terminal it shows:
klabzhao@klabzhao:~$ npm version
{
npm: ‘8.19.3’,
node: ‘18.13.0’,
v8: ‘10.2.154.23-node.21’,
uv: ‘1.44.2’,
zlib: ‘1.2.13’,
brotli: ‘1.0.9’,
ares: ‘1.18.1’,
modules: ‘108’,
nghttp2: ‘1.51.0’,
napi: ‘8’,
llhttp: ‘6.0.10’,
uvwasi: ‘0.0.13’,
openssl: ‘3.0.7+quic’,
cldr: ‘42.0’,
icu: ‘72.1’,
tz: ‘2022f’,
unicode: ‘15.0’,
ngtcp2: ‘0.8.1’,
nghttp3: ‘0.7.0’
}
However, in the terminal I run ziti, it shows:
klabzhao@klabzhao:~$ npm install
node:internal/modules/cjs/loader:1042
throw err;
^
Error: Cannot find module ‘semver’
Require stack:
- /usr/share/nodejs/npm/lib/utils/unsupported.js
- /usr/share/nodejs/npm/lib/cli.js
- /usr/share/nodejs/npm/bin/npm-cli.js
at Module._resolveFilename (node:internal/modules/cjs/loader:1039:15)
at Module._load (node:internal/modules/cjs/loader:885:27)
at Module.require (node:internal/modules/cjs/loader:1105:19)
at require (node:internal/modules/cjs/helpers:103:18)
at Object. (/usr/share/nodejs/npm/lib/utils/unsupported.js:1:16)
at Module._compile (node:internal/modules/cjs/loader:1218:14)
at Module._extensions…js (node:internal/modules/cjs/loader:1272:10)
at Module.load (node:internal/modules/cjs/loader:1081:32)
at Module._load (node:internal/modules/cjs/loader:922:12)
at Module.require (node:internal/modules/cjs/loader:1105:19) {
code: ‘MODULE_NOT_FOUND’,
requireStack: [
‘/usr/share/nodejs/npm/lib/utils/unsupported.js’,
‘/usr/share/nodejs/npm/lib/cli.js’,
‘/usr/share/nodejs/npm/bin/npm-cli.js’
]
}
Node.js v18.13.0
klabzhao@klabzhao:~$ npm version
node:internal/modules/cjs/loader:1042
throw err;
^
Error: Cannot find module ‘semver’
Require stack:
- /usr/share/nodejs/npm/lib/utils/unsupported.js
- /usr/share/nodejs/npm/lib/cli.js
- /usr/share/nodejs/npm/bin/npm-cli.js
at Module._resolveFilename (node:internal/modules/cjs/loader:1039:15)
at Module._load (node:internal/modules/cjs/loader:885:27)
at Module.require (node:internal/modules/cjs/loader:1105:19)
at require (node:internal/modules/cjs/helpers:103:18)
at Object. (/usr/share/nodejs/npm/lib/utils/unsupported.js:1:16)
at Module._compile (node:internal/modules/cjs/loader:1218:14)
at Module._extensions…js (node:internal/modules/cjs/loader:1272:10)
at Module.load (node:internal/modules/cjs/loader:1081:32)
at Module._load (node:internal/modules/cjs/loader:922:12)
at Module.require (node:internal/modules/cjs/loader:1105:19) {
code: ‘MODULE_NOT_FOUND’,
requireStack: [
‘/usr/share/nodejs/npm/lib/utils/unsupported.js’,
‘/usr/share/nodejs/npm/lib/cli.js’,
‘/usr/share/nodejs/npm/bin/npm-cli.js’
]
}
Node.js v18.13.0
I just did this:
klabzhao@klabzhao:~$ node -v
v19.5.0
klabzhao@klabzhao:~$ sudo npm cache clean -f
sudo npm install -g n
sudo n stable
npm WARN using --force Recommended protections disabled.
changed 1 package in 279ms
copying : node/18.13.0
installed : v18.13.0 (with npm 8.19.3)
klabzhao@klabzhao:~$ npm version
{
npm: ‘8.19.3’,
node: ‘18.13.0’,
v8: ‘10.2.154.23-node.21’,
uv: ‘1.44.2’,
zlib: ‘1.2.13’,
brotli: ‘1.0.9’,
ares: ‘1.18.1’,
modules: ‘108’,
nghttp2: ‘1.51.0’,
napi: ‘8’,
llhttp: ‘6.0.10’,
uvwasi: ‘0.0.13’,
openssl: ‘3.0.7+quic’,
cldr: ‘42.0’,
icu: ‘72.1’,
tz: ‘2022f’,
unicode: ‘15.0’,
ngtcp2: ‘0.8.1’,
nghttp3: ‘0.7.0’
}
klabzhao@klabzhao:~$
ooh. you need to be in the ziti-console checkout before running npm install…
cd $HOME/.ziti/quickstart/$(hostname -s)/ziti-console
then run npm install. i think you’re skipping some steps 
Some steps?
What steps I need to re-do?
If I just run “$HOME/.ziti/quickstart/klabzhao/ziti-console”, it still shows:
klabzhao@klabzhao:~$ cd
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ npm version
node:internal/modules/cjs/loader:1042
throw err;
^
Error: Cannot find module ‘semver’
Require stack:
- /usr/share/nodejs/npm/lib/utils/unsupported.js
- /usr/share/nodejs/npm/lib/cli.js
- /usr/share/nodejs/npm/bin/npm-cli.js
at Module._resolveFilename (node:internal/modules/cjs/loader:1039:15)
at Module._load (node:internal/modules/cjs/loader:885:27)
at Module.require (node:internal/modules/cjs/loader:1105:19)
at require (node:internal/modules/cjs/helpers:103:18)
at Object. (/usr/share/nodejs/npm/lib/utils/unsupported.js:1:16)
at Module._compile (node:internal/modules/cjs/loader:1218:14)
at Module._extensions…js (node:internal/modules/cjs/loader:1272:10)
at Module.load (node:internal/modules/cjs/loader:1081:32)
at Module._load (node:internal/modules/cjs/loader:922:12)
at Module.require (node:internal/modules/cjs/loader:1105:19) {
code: ‘MODULE_NOT_FOUND’,
requireStack: [
‘/usr/share/nodejs/npm/lib/utils/unsupported.js’,
‘/usr/share/nodejs/npm/lib/cli.js’,
‘/usr/share/nodejs/npm/bin/npm-cli.js’
]
}
Node.js v18.13.0
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ npm install
node:internal/modules/cjs/loader:1042
throw err;
^
Error: Cannot find module ‘semver’
Require stack:
- /usr/share/nodejs/npm/lib/utils/unsupported.js
- /usr/share/nodejs/npm/lib/cli.js
- /usr/share/nodejs/npm/bin/npm-cli.js
at Module._resolveFilename (node:internal/modules/cjs/loader:1039:15)
at Module._load (node:internal/modules/cjs/loader:885:27)
at Module.require (node:internal/modules/cjs/loader:1105:19)
at require (node:internal/modules/cjs/helpers:103:18)
at Object. (/usr/share/nodejs/npm/lib/utils/unsupported.js:1:16)
at Module._compile (node:internal/modules/cjs/loader:1218:14)
at Module._extensions…js (node:internal/modules/cjs/loader:1272:10)
at Module.load (node:internal/modules/cjs/loader:1081:32)
at Module._load (node:internal/modules/cjs/loader:922:12)
at Module.require (node:internal/modules/cjs/loader:1105:19) {
code: ‘MODULE_NOT_FOUND’,
requireStack: [
‘/usr/share/nodejs/npm/lib/utils/unsupported.js’,
‘/usr/share/nodejs/npm/lib/cli.js’,
‘/usr/share/nodejs/npm/bin/npm-cli.js’
]
}
Node.js v18.13.0
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$
I’m not a node expert. Googling that error brings me to stack overflow posts that have you run a lot of commands. I’m not sure what they do but this looks like some kind of node problem I don’t understand.
@jeremy.tellier – maybe @curt, do either of you know what might cause this particular issue with ZAC?
No problem, I will figure it out myself.
I am going to restart everything.
However, why when I open a new terminal , it shows:
klabzhao@klabzhao:~$ startController
bash: startController: command not found
klabzhao@klabzhao:~$ zitiLogin
bash: zitiLogin: command not found
klabzhao@klabzhao:~$
So, every time I restart the machine, where should I start with the ZITI ?
Yep. When you make a new terminal it won’t have the helper scripts sourced. If you make a new terminal, don’t forget to source that helper script by running:
source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/quick/ziti-cli-functions.sh)"
Those commands are functions provided by that script.
Try just running this in the directory, although you shouldn't have to....
npm install semver
I am still trying to see where that is used, but that will at least make it available to launch. Let me know if that works.
Hi:
Good news, I just successfully install the admin console, and now I can see all the things !
There are two things I just learned and want to share:
- Debian 11 stable works fine. However, there are some error could happen on Ubuntu 20 and 22 LTS.
- I installed the wrong version of nodejs. After the update, if ZITI shows error message while installation. Delete .ziti folder and reinstall ZITI from beginning can solve it .
Moreover, I still have some questions:
- How long time ZITI Console can run in the browser? If I do not touch my machine over night, is it going to time-out?
- If I want the ZITI system or Console run for a long time, and I do not need to worry about time-out issue, what should I do?
- While the Console install, there are still some error message. Even I can run the Console now, I still want to know the reason for the errors and are they serious problem? The message as following:
klabzhao@klabzhao:~$ source ${HOME}/.ziti/quickstart/newfolder/newfolder.env
bash: /home/klabzhao/.ziti/quickstart/newfolder/newfolder.env: No such file or directory
klabzhao@klabzhao:~$ git clone GitHub - openziti/ziti-console “${ZITI_HOME}/ziti-console”
Cloning into ‘/home/klabzhao/.ziti/quickstart/klabzhao/ziti-console’…
remote: Enumerating objects: 1709, done.
remote: Counting objects: 100% (116/116), done.
remote: Compressing objects: 100% (72/72), done.
remote: Total 1709 (delta 60), reused 72 (delta 37), pack-reused 1593
Receiving objects: 100% (1709/1709), 13.28 MiB | 5.37 MiB/s, done.
Resolving deltas: 100% (1134/1134), done.
klabzhao@klabzhao:~$ npm version
{
npm: ‘8.19.3’,
node: ‘18.13.0’,
v8: ‘10.2.154.23-node.21’,
uv: ‘1.44.2’,
zlib: ‘1.2.13’,
brotli: ‘1.0.9’,
ares: ‘1.18.1’,
modules: ‘108’,
nghttp2: ‘1.51.0’,
napi: ‘8’,
llhttp: ‘6.0.10’,
uvwasi: ‘0.0.13’,
openssl: ‘3.0.7+quic’,
cldr: ‘42.0’,
icu: ‘72.1’,
tz: ‘2022f’,
unicode: ‘15.0’,
ngtcp2: ‘0.8.1’,
nghttp3: ‘0.7.0’
}
klabzhao@klabzhao:~$ cd “${ZITI_HOME}/ziti-console”
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ npm install
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See There’s Math.random(), and then there’s Math.random() · V8 for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see Request’s Past, Present and Future · Issue #3142 · request/request · GitHub
added 143 packages, and audited 373 packages in 4s
22 packages are looking for funding
run npm fund for details
found 0 vulnerabilities
npm notice
npm notice New major version of npm available! 8.19.3 → 9.4.0
npm notice Changelog: Release v9.4.0 · npm/cli · GitHub
npm notice Run npm install -g npm@9.4.0 to update!
npm notice
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ ln -s “${ZITI_PKI}/${ZITI_EDGE_CONTROLLER_HOSTNAME}-intermediate/certs/${ZITI_EDGE_CONTROLLER_HOSTNAME}-server.chain.pem” “${ZITI_HOME}/ziti-console/server.chain.pem”
ln -s “${ZITI_PKI}/${ZITI_EDGE_CONTROLLER_HOSTNAME}-intermediate/keys/${ZITI_EDGE_CONTROLLER_HOSTNAME}-server.key” “${ZITI_HOME}/ziti-console/server.key”
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ createZacSystemdFile
sudo cp “${ZITI_HOME}/ziti-console.service” /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl enable --now ziti-console
ziti-console systemd file written to: /home/klabzhao/.ziti/quickstart/klabzhao/ziti-console.service
[sudo] password for klabzhao:
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ node “${ZITI_HOME}/ziti-console/server.js”
Initializing TLS
TLS initialized on port: 8443
Ziti Server running on port 1408
TLS initialized on port: 8443
node:events:491
throw er; // Unhandled ‘error’ event
^
Error: listen EADDRINUSE: address already in use :::1408
at Server.setupListenHandle [as _listen2] (node:net:1733:16)
at listenInCluster (node:net:1781:12)
at Server.listen (node:net:1869:7)
at Function.listen (/home/klabzhao/.ziti/quickstart/klabzhao/ziti-console/node_modules/express/lib/application.js:635:24)
at file:///home/klabzhao/.ziti/quickstart/klabzhao/ziti-console/server.js:1453:5
Emitted ‘error’ event on Server instance at:
at emitErrorNT (node:net:1760:8)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: ‘EADDRINUSE’,
errno: -98,
syscall: ‘listen’,
address: ‘::’,
port: 1408
}
Node.js v18.13.0
bash: Initializing: command not found
bash: TLS: command not found
bash: Ziti: command not found
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ sudo systemctl status ziti-console --lines=0 --no-pager
● ziti-console.service - Ziti-Console
Loaded: loaded (/etc/systemd/system/ziti-console.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-02-01 11:42:05 PST; 35s ago
Main PID: 2424847 (node)
Tasks: 11 (limit: 18693)
Memory: 27.8M
CPU: 376ms
CGroup: /system.slice/ziti-console.service
└─2424847 /usr/local/bin/node /home/klabzhao/.ziti/quickstart/klabzhao/ziti-console/server.js
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$ sudo ss -lntp | grep node
LISTEN 0 511 *:8443 : users:((“node”,pid=2424847,fd=19))
LISTEN 0 511 *:1408 : users:((“node”,pid=2424847,fd=18))
klabzhao@klabzhao:~/.ziti/quickstart/klabzhao/ziti-console$
One more thing:
In the Console, there is a message in left column, it shows:
An Error Occurred
The authentication request failed
Is it normal? or I need to fix it?
- How long time ZITI Console can run in the browser? If I do not touch my machine over night, is it going to time-out?
@jeremy.tellier - what is the auth timeout on a ziti-console login session?
- If I want the ZITI system or Console run for a long time, and I do not need to worry about time-out issue, what should I do?
@jeremy.tellier - can the user change the auth timeout for ziti-console?
- While the Console install, there are still some error message. Even I can run the Console now, I still want to know the reason for the errors and are they serious problem? The message as following:
Looks like more than one ziti-console running. this error: address already in use :::1408 looks like the ZAC (ziti-console) is running already. it’s trying to use the same port.
- In the Console, there is a message in left column, it shows: An Error Occurred The authentication request failed
I think this is related to the two servers running.
you should not see ‘errors’ when the console runs
-
We timeout session state by default now I believe express-session is 20 minutes. I am going to make this a launch option or a setting as well now that I am working on it. It does override the zt-session which is important, right now if zt-session times out, zac goes and starts up a new zt-session.
-
We would just sett the max age of the cookie to something astronomical.
-
See #1
-
I think I have my hands tied when this happens but lemme see if I can iterate the port.
All good stuff, I am looking to solidify this as much as possible this month!
Hi:
I am currently studying on OpenZiti.
There are some concept and ideas I am not clear:
- In OpenZiti network, What is the differences among SDK, Private / Public Edge Router, and API ?
- In the following, there are three images about Zero Trust Models, which are Application to Application A Deployment, Application to Host A Deployment, and Application to Router A Deployment, from OpenZiti documents. There are SDK icons and ZiTi icons placed in different places, why place those specific icons in specific locations ?
1.Application to Application A Deployment
2.Application to Host A Deployment
3.Application to Router A Deployment
Let’s start with definitions.
SDK-(Software Development Kit) - The SDK is any endpoint in the OpenZiti network in these cases that is not an Edge Router (which is fact uses an SDK for initiating/terminating connections, but we don’t refer to it that way.) The SDK is embedded in an application used to access the network to Dial (initiate) or Bind (host/terminate) services. As of now, the most common SDK application are the various clients published as part of the OpenZiti project, but there are others as well.
Edge Routers - Edge Routers form the “backbone” of the OpenZiti network as well as provide access to the fabric for SDK endpoints. SDK endpointss connect to the Edge Routers available by policy and select them for initiating services. The information about the selected Edge Router is sent to the Network Controller is a service request. The selection is based on the latency between the SDK and the various Edge Routers.
The terms Public and Private are used to describe whether or not the Edge router has a generally reachable Link Listener configured. When Edge Routers join the network, they send and receive information about the other ERs, including Link Listener addresses. ER’s on premise that are not routable initiate Link connections to those that are. For example, an ER in a data center may be behind a NAT process, and therefore not be addressable. It will reach out to the cloud-based (generally) ERs to form the links. These links are maintained persistently, and act as the channel for data transfer between routers. Private routers are not configured with routable Link Listeners, public routers are. There is a use case of private routers having link listeners within a routing system for latency and high availability reasons, so the internet routability of the router really determines public and private.
The APIs are the REST endpoints of the OpenZiti functions used for both management and common operations, like retrieving the services list, network configuration, making service requests, configuring the network, etc.
ZTNA/ZTHA/ZTAA are different deployment models, varying in complexity and security. ZTNA is an approximation of a VPN deployment. Services are configured on the Edge Routers and traffic is emitted into the IP space from the Edge Router into the IP network. This traffic traverses whatever network the ER is connected to, outside the OpenZiti space. This is the easiest to deploy, but the least secure, though the services can be socket defined (IP:PORT), they can also be an entire IP subnet. ZTHA uses a host based tunneler to terminate the traffic, meaning that up to the node itself, the traffic is within the control of the OpenZiti network. This allows a more controlled environment. ZTAA uses an application embedded SDK, so traffic is delivered directly to the application itself, passing thorugh all other nodes in an encrypted and protected state. Even the host’s IP stack cannot read the data stream, as the encryption/decryption is done in the application’s process space. Obviously, writing software to embed the SDK is the most difficult, however, it is also the most secure, and once done, opens a lot of deployment options, as the software can be deployed anywhere and given a network identity, accessing the OpenZiti network instance directly and without further infrastructure, anywhere that can route to the internet in an outbound fashion.
Though private Edge Routers are shown in each diagram, they are optional, not required. For ZTNA, it would be expected that private Edge Routers are used, but it is not strictly necessary. One could host services on a public Edge Router for access to internet routable locations if there was a desire to do so.
Thank you, it is much clear.
Really appreciate it.