How to access fabric management API /fabric/v1

Support General Questions
1

I installed openziti with "host it anywhere", when i wanted to access https://${CONTROLLER_FQDN}:${Controller_Fabric_Port}/fabric/v1, but can not access it. The value of ${Controller_Fabric_Port} is 8440.

I changed the yaml of controller like this

ctrl:
  options:
    advertiseAddress: tls:ec*****.eu-central-1.compute.amazonaws.com:8440
  # (optional) settings
  # set the maximum number of connect requests that are buffered and waiting to be acknowledged (1 to 5000, default 1)
  #maxQueuedConnects:      1
  # the maximum number of connects that have  begun hello synchronization (1 to 1000, default 16)
  #maxOutstandingConnects: 16
  # the number of milliseconds to wait before a hello synchronization fails and closes the connection (30ms to 60000ms, default: 5000ms)
  #connectTimeoutMs:       5000
  listener:             tls:0.0.0.0:8440

.....
.....
web:
  # name - required
  # Provides a name for this listener, used for logging output. Not required to be unique, but is highly suggested.
  - name: client-management
    # bindPoints - required
    # One or more bind points are required. A bind point specifies an interface (interface:port string) that defines
    # where on the host machine the webListener will listen and the address (host:port) that should be used to
    # publicly address the webListener(i.e. mydomain.com, localhost, 127.0.0.1). This public address may be used for
    # incoming address resolution as well as used in responses in the API.
    bindPoints:
      #interface - required
      # A host:port string on which network interface to listen on. 0.0.0.0 will listen on all interfaces
      - interface: 0.0.0.0:8441
        # address - required
        # The public address that external incoming requests will be able to resolve. Used in request processing and
        # response content that requires full host:port/path addresses.
        address: ec*******.eu-central-1.compute.amazonaws.com:8441
      - interface: 0.0.0.0:8440
        address: ec*******.eu-central-1.compute.amazonaws.com:8440

at last , restart the controller

systemctl restart ziti-controller
2

It's on the same port as the management API. You should be able to access it using port :8441 without modifying your config file. Port 8440 is generally the port routers connect to the controller. I would undo those changes and use port 8441 and it should be fine.

3

I already have tried it, but can not found /fabric/v1.

image
image3574×360 85 KB

the resp is

{"data":{"apiVersions":{"edge":{"v1":{"apiBaseUrls":["https://ec2-3-71-46-43.eu-central-1.compute.amazonaws.com:8441/edge/client/v1"],"path":"/edge/client/v1"}},"edge-client":{"v1":{"apiBaseUrls":["https://ec2-3-71-46-43.eu-central-1.compute.amazonaws.com:8441/edge/client/v1"],"path":"/edge/client/v1"}},"edge-management":{"v1":{"apiBaseUrls":["https://ec2-3-71-46-43.eu-central-1.compute.amazonaws.com:8441/edge/management/v1"],"path":"/edge/management/v1"}}},"buildDate":"2024-05-30T16:36:13Z","capabilities":[],"revision":"82c4a7125227","runtimeVersion":"go1.22.3","version":"v1.1.3"},"meta":{}}

image
image2064×152 22 KB

{"error":{"cause":{"code":"UNHANDLED","message":"path /fabric/v1 was not found"},"code":"NOT_FOUND","message":"The resource requested was not found or is no longer available","requestId":"tttSq9Fvi"},"meta":{"apiEnrollmentVersion":"1.0.0","apiVersion":"1.0.0"}}
4

Can you check your config file? Under the web section there should be an apis list. The health-checks endpoint is not required, but the other three should be there.

    apis:
      - binding: health-checks
      - binding: fabric
      - binding: edge-management
      - binding: edge-client
5

Yes, The related configuration file is as follows:

web:
  - name: client-management
    bindPoints:
      - interface: 0.0.0.0:8441
        address: ec2-3-73-159-223.eu-central-1.compute.amazonaws.com:8441
    identity:
      ca:          "/.ziti/quickstart/ip-10-1-2-49/pki/ip-10-1-2-49-edge-controller-root-ca/certs/ip-10-1-2-49-edge-controller-root-ca.cert"
      key:         "/.ziti/quickstart/ip-10-1-2-49/pki/ip-10-1-2-49-edge-controller-intermediate/keys/ec2-3-73-159-223.eu-central-1.compute.amazonaws.com-server.key"
      server_cert: "/.ziti/quickstart/ip-10-1-2-49/pki/ip-10-1-2-49-edge-controller-intermediate/certs/ec2-3-73-159-223.eu-central-1.compute.amazonaws.com-server.chain.pem"
      cert:        "/.ziti/quickstart/ip-10-1-2-49/pki/ip-10-1-2-49-edge-controller-intermediate/certs/ec2-3-73-159-223.eu-central-1.compute.amazonaws.com-client.cert"
   apis:
      - binding: edge-management
        options: { }
      - binding: edge-client
        options: { }
      - binding: fabric
        options: { }
6

Try calling one of the fabric endpoints directly. The root of the fabric API doesn't have a handler.

$ curl -k -H 'zt-session: 84314ccc-637d-44a5-9152-3dc6c97acfe5' https://localhost:1280/fabric/v1/ | jq
{
  "error": {
    "cause": {
      "code": "UNHANDLED",
      "message": "path /fabric/v1/ was not found"
    },
    "code": "NOT_FOUND",
    "message": "The resource requested was not found or is no longer available",
    "requestId": "UZTv8dYbT"
  },
  "meta": {
    "apiEnrollmentVersion": "1.0.0",
    "apiVersion": "1.0.0"
  }
}

$ curl -k -H 'zt-session: 84314ccc-637d-44a5-9152-3dc6c97acfe5' https://localhost:1280/fabric/v1/links | jq
{
  "data": [],
  "meta": {
    "pagination": {
      "limit": 10,
      "offset": 0,
      "totalCount": 0
    }
  }
}

Cheers,
Paul

7

Thank you, Fabric API | OpenZiti, Is that mean the apis is no longer in use.

8

No, the Fabric API is still there, you just need to call its endpoints directly. So you should be able to reach things like:

  • /fabric/v1/circuits
  • /fabric/v1/links
  • /fabric/v1/terminators
  • /fabric/v1/routers
  • /fabric/v1/services

See ziti/controller/specs/swagger.yml at v1.1.4 · openziti/ziti · GitHub for specifics.

Paul