Hello team, I need some help in debugging below issue on my local setup. I am new to the ziti world and i was trying to run the dev setup locally to try the product.
branch - main
commit - bb128596bd20adfe3fd84e5285b9d8622d1badf0
Operating system - Linux ashish-ubuntu 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
go version- go1.23.0 linux/amd64
I have installed ziti locally by following this doc- ziti/doc/002-local-dev.md at main · openziti/ziti · GitHub
Problem
I am trying to run development setup locally by following this document - ziti/doc/003-local-deploy.md at main · openziti/ziti · GitHub
I have generated ctrl-config.yml using the given command in the doc and also generated ctrl.db file using ziti controller edge init ./db/ctrl-config.yml -u <username> -p <password>
ziti controller edge init seems to be running fine with no errors-
[ 0.694] INFO ziti/controller/server.NewController: edge controller instance id: cm5m0qzdo0000hs35anqov1sj
[ 0.694] INFO ziti/controller/server.(*Controller).Initialize: initializing edge
[ 0.706] INFO ziti/controller/internal/policy.NewSessionEnforcer: {frequency=[5s] sessionTimeout=[30m0s]} session enforcer configured
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: edge controller: shutting down...
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: edge controller: stopped
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: fabric controller: shutting down...
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: fabric controller: stopped
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: shutdown complete
[ 0.717] INFO ziti/controller/subcmd.NewEdgeInitializeCmd.func2: Ziti Edge initialization complete
ziti controller run command shows below output on terminal -
[ 0.660] INFO ziti/controller/server.NewController: edge controller instance id: cm5m0teo800004h35e42brjry
[ 0.660] INFO ziti/controller/server.(*Controller).Initialize: initializing edge
[ 0.671] INFO ziti/controller/internal/policy.NewSessionEnforcer: {sessionTimeout=[30m0s] frequency=[5s]} session enforcer configured
[ 0.672] INFO ziti/controller/server.(*Controller).Run: starting edge
[ 0.672] INFO ziti/controller.(*Controller).Run.GoroutinesPoolMetricsConfigF.func1.1: {idleTime=[10s] poolType=[pool.listener.ctrl] minWorkers=[1] maxWorkers=[16] maxQueueSize=[1]} starting goroutine pool
[ 0.672] INFO channel/v3.(*UnderlayDispatcher).Run: started
[ 0.674] INFO ziti/controller/server.(*Controller).checkEdgeInitialized: edge initialized
[ 0.827] INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on 0.0.0.0:1280 for server client-management with APIs: [edge-management edge-client fabric edge-oidc]
[ 0.836] INFO ziti/controller/network.(*Network).Run: started
question - I see edge controller instance id in both cases is different. is that expected?
Now, after running ziti edge login -u <username> -p <password>
I see tls bad certificate error log on the controller
184.594] ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[127.0.0.1:52310] error=[remote error: tls: bad certificate]} handshake failed
Now, when i try to create edge router i get this response -
error: error creating edge-routers instance in Ziti Edge Controller at https://localhost:1280/edge/management/v1. Status code: 500 Internal Server Error, Server returned: {
"error": {
"cause": {
"code": "UNHANDLED",
"message": "could not get enrollment signer: could not determine enrollment signer: could not find a configured server certificate that matches hostname [ashish-ubuntu] in root controller identity nor in xweb identities"
},
"code": "UNHANDLED",
"message": "An unhandled error occurred",
"requestId": "RSRrNUSiO"
},
"meta": {
"apiEnrollmentVersion": "0.0.1",
"apiVersion": "0.0.1"
}
}
and the controller logs show-
[ 307.254] ERROR ziti/controller/env.(*AppEnv).getEnrollmentTlsCert: {hostnameErrors=[[could not find a configured server certificate that matches hostname [ashish-ubuntu] could not find a configured server certificate that matches hostname [ashish-ubuntu]]]} could not find a server certificate for the edge.api.address host [ashish-ubuntu]
I suspect there is some misconfiguration on my side but i would appreciate any debug pointers.