situation
I created the client jwt file.. and transferred it to my mobile to enroll.. not sure exactly what happened.. but it did not work.. it could have timed out..
So.. I used the following command to delete the original client jwt file.. which completed successfully
ziti edge delete identity device “${client_identity}”
However.. when I attempted to recreate the client jwt file... I received the error message below..
This was the command
ziti edge create identity device "${client_identity}" -a "${service_name}"ClientEndpoints -o "${client_identity}".jwt
PS.. I had reloaded the env file so that all of the variables were correct.
outcome
This was the error
error: error creating identities instance in Ziti Edge Controller at https://instance-20220317-1005:1280/edge/management/v1. Status code: 500 Internal Server Error, Server returned: {
"error": {
"cause": {
"code": "UNHANDLED",
"message": "index on identities.name does not allow null or empty values"
},
"code": "UNHANDLED",
"message": "An unhandled error occurred",
"requestId": "G9OcRQdNm"
},
"meta": {
"apiEnrollmentVersion": "0.0.1",
"apiVersion": "0.0.1"
}
}
Ahh… think I worked it out… the ziti edge delete identity device “${client_identity}” command does not delete the jwt file… you have to do this manually… trying again now
still same error… I am going to change the name … this appears to work
I suspect your ‘advertised’ address is set wrong. You probably followed the “everything local (no docker)” quickstart and it’s using your hostname. You probably want to follow the “host it myself” quickstart that lets you change these things: Host Ziti Anywhere | Ziti
Which basically just boils down to setting a few env vars first (really just EXTERNAL_DNS) - then running quickstart
export EXTERNAL_DNS="ec2-18-100-100-100.us-east-2.compute.amazonaws.com"
export EXTERNAL_IP="$(curl -s eth0.me)"
export ZITI_EDGE_CONTROLLER_IP_OVERRIDE="${EXTERNAL_IP}"
export ZITI_EDGE_ROUTER_IP_OVERRIDE="${EXTERNAL_IP}"
export ZITI_EDGE_CONTROLLER_HOSTNAME="${EXTERNAL_DNS}"
export ZITI_EDGE_ROUTER_HOSTNAME="${EXTERNAL_DNS}"
export ZITI_EDGE_CONTROLLER_PORT=8441
export ZITI_EDGE_ROUTER_PORT=8442
# now download, source, and execute the expressInstall function
source /dev/stdin <<< "$(wget -qO- https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh)"; expressInstall
I just loaded up the env files… and the external_dns was empty… this is looking like the place to focus on.
I will amend the env file to include these … which is a step you do after the QuickInstall
will revert back once done
Actually.. I do have two questions about this..
#... in this example.. the variables are set before the quick install
does this order matter?
#.. in this example.. the ports are 8441.. and 8441.
I only have the following ports open and will use these instead
- 1280.. for ZITI_EDGE_CONTOLLER_PORT
- 6262.. fro ZITI_CTRL_PORT
Hmm... I also noticed ZITI_CTRL_MGMT_HOST_PORT.. using port 10000.. but I do not have this open
does this make any difference?
export ZITI_EDGE_CONTROLLER_PORT=8441
export ZITI_EDGE_ROUTER_PORT=8442
I should do a video where you started entirely local, then you want to move it all to “hosted” somewhere. The big problem with starting local is the PKI will use the hostname in your certs, and that won’t work if you ‘move’ the controller/router.
I’ll see if I can do a full video of a basic “public” install where anyone in the world could have access to the overlay. I can’t do it today is all - it’ll have to be tomorrow/later.
The ports I chose are just utterly random. You can use 443 and 80 if you like too… Port 10000 - don’t worry about. You’ll never need to work with that.
1 Like
Great… looking forward to it.
I started with a remote machine first… so the local issue is one problem I dont need to worry about.
though… hmm… maybe this is the issue as if the external DNS is embedded in the certificates… that maybe the problem… so you definitely want to set this before you run the quickinstall
ok… time to start from the start again… I did read that when I was getting started… but I must have forgotten about it…
Nothing like trial and error 
lots hacking on my behalf… sometimes I find this is the only way to learn
that is 100% how it works. If you crack them open and look at the SANS - those need to be set 'correctly'. If it's only using the local hostname - not the external DNS name you'll be out of luck. Peek at mine here: https://ec2-18-188-201-183.us-east-2.compute.amazonaws.com:8441/
1 Like
ahh… that is the issue… I will try again
This time I am going to use dig to validate my DNS name… as I am not sure what it is exactly… other than an IP address
1 Like
Yeah.. this is something I am doing wrong... I am a bit lost really..
I think I have the right full DNS path.. but now I get an error when I run
ziti edge create config "${service_name}"-host.v1 host.v1 '{"protocol":"tcp", "address":"localhost","port":'"${the_port}"', "listenOptions": {"bindUsingEdgeIdentity":true}}'
I was not getting this error when I did not set the external DNS override..
is there an extra thing I need to configure.. or port to open ?
RESTY 2022/04/06 12:48:03 ERROR Get "https://instance-20220317-1005.subnet03170958.vcn03170958.oraclevcn.com:1280/edge/management/v1/config-types?filter=id%3D"host.v1"": dial tcp 10.0.0.41:1280: connect: connection refused, Attempt 1
error: unable to list entities at https://instance-20220317-1005.subnet03170958.vcn03170958.oraclevcn.com:1280/edge/management/v1/config-types?filter=id%3D"host.v1" in Ziti Controller at https://instance-20220317-1005.subnet03170958.vcn03170958.oraclevcn.com:1280/edge/management/v1. Error: Get "https://instance-20220317-1005.subnet03170958.vcn03170958.oraclevcn.com:1280/edge/management/v1/config-types?filter=id%3D"host.v1"": dial tcp 10.0.0.41:1280: connect: connection refused
you’re getting confused between the zssh example - and a generic one. Don’t use:
“listenOptions”: {“bindUsingEdgeIdentity”:true}}
That’s where you’re going wrong. That requires a special kind of “intercept.v1” config to with DIAL options set too…
I’m working on postgres right now for the NYC Java UG meeting tonight (6:30 PM ET - dunno what time that is for you) but for postgres in docker i’m using something like:
ziti edge create config private-postgres-intercept.v1 intercept.v1 '{"protocols":["tcp"],"addresses":["postgres.zitified"], "portRanges":[{"low":5432, "high":5432}]}'
ziti edge create config private-postgres-host.v1 host.v1 '{"protocol":"tcp", "address":"postgres-db","port":5432}'
ziti edge create service private-postgres --configs 'private-postgres-intercept.v1','private-postgres-host.v1' -a "private-postgres-services"
The ListenOption is wrong for what you’re doing
That shows up in my ZDEW:
Then I can run:
psql -h postgres.zitified -U postgres
1 Like
ahh… will follow this up tomorrow… one step closer now… thanks
PS… is there a link to the zitified postgres server… I want to explore this next once I have this sorted
