Dockerized zrok: error creating identities instance in Ziti Edge Controller

joheli · August 8, 2025, 10:29am

Still following the zrok self-hosting with docker tutorial I realized that the yolo and i'll-do-it-myself options currently return versions 1.1 and 1.0, respectively. Since the latter (1.0) conflicts with the latest windows zrok client (1.1) I thought changing to 1.1 server-side was a good idea.

Needless to say, I expected this to be a summer breeze.

But not so fast!

Here’s what I did and what happened then: i stopped yesterday´s success story with docker compose down -v, created a fresh directory and proceeded according to yolo. Yes, I also introduced the same edits as yesterday.

Now I get the following error (secrets xxx’d out):

zrok-frontend-1  | Token: xxx
zrok-frontend-1  | Saving identity 'default' to /var/lib/zrok-frontend/.config/ziti/ziti-cli.json
zrok-frontend-1  | error: error creating identities instance in Ziti Edge Controller at https://xxx:8440/edge/management/v1. Status code: 400 Bad Request, Server returned: {
zrok-frontend-1  |     "error": {
zrok-frontend-1  |         "cause": {
zrok-frontend-1  |             "field": "name",
zrok-frontend-1  |             "reason": "duplicate value 'public' in unique index on identities store",
zrok-frontend-1  |             "value": "public"
zrok-frontend-1  |         },
zrok-frontend-1  |         "code": "COULD_NOT_VALIDATE",
zrok-frontend-1  |         "message": "The supplied request contains an invalid document or no valid accept content were available, see cause",
zrok-frontend-1  |         "requestId": "xxx"
zrok-frontend-1  |     },
zrok-frontend-1  |     "meta": {
zrok-frontend-1  |         "apiEnrollmentVersion": "0.0.1",
zrok-frontend-1  |         "apiVersion": "0.0.1"
zrok-frontend-1  |     }
zrok-frontend-1  | }

The following attempts at fixing did not work:

deleting and pruning all docker volumes
deleting the sqlite3 database (since I thought it has retained the old account values)

Thank you for your great products and for any help you can provide.

Johannes

qrkourier · August 8, 2025, 6:38pm

Greetings, Johannes.

Your OpenZiti Controller still remembers the identity “public” created by the previous zrok instance, and probably a few other OpenZiti entities, so you must be maintaining that state separately from the Docker Compose project state you intentionally destroyed.

You can choose from three alternatives:

Destroy and re-initialize the OpenZiti Controller state.
Unboostrap the OpenZiti Controller with zrok admin unbootstrap, e.g., to delete things like identity “public”.
Surgically delete the OpenZiti entities that were created by the previous, destroyed zrok instance.

joheli · August 10, 2025, 8:19am

Thank, you, Ken!

Turns out I still had environment value ZITI_HOME set from a previous 0.4 installation. According to lines

    volumes:
      # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a
      # directory, ZITI_HOME
      - ${ZITI_HOME:-ziti_home}:/home/ziggy

in compose.yml a host volume was created and used.

I removed the environment variable plus the old directory it pointed to and it now works.

Thank you for your help and the important work you do.

Johannes

Topic		Replies	Views
Self-Hosted instance of Zrok with docker (401 Unauthorized) zrok	5	74	December 20, 2024
Error creating identities instance in Ziti Edge Controller Building/Development	17	375	April 6, 2022
Stuck on error conecting to ziti edge management	15	631	July 17, 2025
Zrok-zrok-frontend and zrok-zrok-controller stuck in Restarting zrok	1	152	May 28, 2024
Cannot create public shares zrok	11	98	August 25, 2025

Dockerized zrok: error creating identities instance in Ziti Edge Controller

Related topics