How do I use ZAC with quickstart docker-compose?

I have started the docker containers specified in the quickstart guide (ziti/docker-compose.yml at release-next · openziti/ziti · GitHub), including the ZAC “ziti-console” container, using the default values on my local Windows machine.

I can access the ZAC web page at https:// localhost:8443/login (and http:// localhost:1408), but I don’t know what to put into the “EDGE CONTROLLER NAME” and “URL” fields.

I’ve tried various values, but get errors like “Edge Controller not Online” or “Invalid Edge Controller”.

  • https: //localhost:1280 for both fields
  • arbitrary name, plus URL https:// localhost:1280

@TheLumberjack : Are you able to update the quickstart documentation to give more details?

[Note: I don’t have spaces in my actual values, but I’ve needed to add them here to allow a new user to post]

Sure I can update the doc - this is somewhat ‘tricky’. The ZAC needs to be told where it will send data. When running in docker compose that ends up being “ziti-edge-controller” because the compose file sets up a docker network

image
image

Thank you! I thought I’d also tried ziti-controller (the name of the docker service), but not the name used in the network “aliases” field.

1 Like

I added three screenshots to the relevant ZAC doc section Installing Ziti Administration Console | Ziti

One of which covers using compose now. Thanks so much for the feedback thus far.

1 Like

The step for ZAC installation with docker compose the following commands are pointing to the wrong path.

docker cp docker_ziti-controller_1:/var/openziti/pki/ziti-edge-controller-intermediate/keys/ziti-edge-controller-server.key .
docker cp docker_ziti-controller_1:/var/openziti/pki/ziti-edge-controller-intermediate/certs/ziti-edge-controller-server.chain.pem .

For some reason I found them in

persistent/pki/ziti-edge-controller-intermediate/keys/ziti-edge-controller-server.key .

And even today I was not able to get in the controller :slight_smile:

Hi @Rastaban, welcome to OpenZiti and the forum! Yeah you’re right, those paths are out of date.

I’ve filed an issue to revisit this guide and make sure the steps are accurate: ZAC + compose section uses incorrect paths · Issue #448 · openziti/ziti-doc · GitHub

I’ll try to get to this or have someone else get to it soon. Thanks for pointing that out

Thanks for the answer. I love this project.
Just for curiosity. Did I miss the default admin password generation somewhere? I am trying to get in but I get a " The authentication request failed" error on the interface of the controller.
And this is what I get when I run in the controller bash

ziti edge login -u admin -p admin
Using controller url: https://ziti-edge-controller:1280/edge/management/v1 from identity 'default' in config file: /persistent/ziti-cli.json
error: unable to authenticate to https://ziti-edge-controller:1280/edge/management/v1. Status code: 401 Unauthorized, Server returned: {
    "error": {
        "code": "INVALID_AUTH",
        "message": "The authentication request failed",
        "requestId": "mEN92cEm-"
    },
    "meta": {
        "apiEnrollmentVersion": "0.0.1",
        "apiVersion": "0.0.1"
    }
}

Thanks for that @Rastaban! Glad you’re enjoing the project.

There’s another bug if you stop/start docker-compose over and over. The password that is emitted into the stashed .env file will get overwritten if you do that. You might be hitting that bug? docker env password is renewed at each `docker-compose up` · Issue #1013 · openziti/ziti · GitHub

The first time you start with compose right now, you will need to capture that password and not lose it because as I mentioned, it’ll get overwritten.

You can find the original password by using docker logs on the controller and going all the way back to the very, beginning log messages. It looks like this:

Do you want to keep the generated admin password 'ZqfiJmIRdjxN8k5X5ZTm8MXM6RxhGonc'? (Y/n) INFO: using ZITI_PWD=ZqfiJmIRdjxN8k5X5ZTm8MXM6RxhGonc

Hope that helps

FYI @Rastaban. Both of our compose files already deploy a ZAC. I updated the doc to simply inform you of that fact. Thanks for pointing this out. cheers