Local development setup issues

Hello team, I need some help in debugging below issue on my local setup. I am new to the ziti world and i was trying to run the dev setup locally to try the product.

branch - main
commit - bb128596bd20adfe3fd84e5285b9d8622d1badf0
Operating system - Linux ashish-ubuntu 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
go version- go1.23.0 linux/amd64

I have installed ziti locally by following this doc- ziti/doc/002-local-dev.md at main · openziti/ziti · GitHub

Problem

I am trying to run development setup locally by following this document - ziti/doc/003-local-deploy.md at main · openziti/ziti · GitHub

I have generated ctrl-config.yml using the given command in the doc and also generated ctrl.db file using ziti controller edge init ./db/ctrl-config.yml -u <username> -p <password>

ziti controller edge init seems to be running fine with no errors-

[ 0.694] INFO ziti/controller/server.NewController: edge controller instance id: cm5m0qzdo0000hs35anqov1sj  
[ 0.694] INFO ziti/controller/server.(*Controller).Initialize: initializing edge  
[ 0.706] INFO ziti/controller/internal/policy.NewSessionEnforcer: {frequency=[5s] sessionTimeout=[30m0s]} session enforcer configured  
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: edge controller: shutting down...  
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: edge controller: stopped  
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: fabric controller: shutting down...  
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: fabric controller: stopped  
[ 0.717] INFO ziti/controller/server.(*Controller).Shutdown: shutdown complete  
[ 0.717] INFO ziti/controller/subcmd.NewEdgeInitializeCmd.func2: Ziti Edge initialization complete

ziti controller run command shows below output on terminal -

[ 0.660] INFO ziti/controller/server.NewController: edge controller instance id: cm5m0teo800004h35e42brjry  
[ 0.660] INFO ziti/controller/server.(*Controller).Initialize: initializing edge  
[ 0.671] INFO ziti/controller/internal/policy.NewSessionEnforcer: {sessionTimeout=[30m0s] frequency=[5s]} session enforcer configured  
[ 0.672] INFO ziti/controller/server.(*Controller).Run: starting edge  
[ 0.672] INFO ziti/controller.(*Controller).Run.GoroutinesPoolMetricsConfigF.func1.1: {idleTime=[10s] poolType=[pool.listener.ctrl] minWorkers=[1] maxWorkers=[16] maxQueueSize=[1]} starting goroutine pool  
[ 0.672] INFO channel/v3.(*UnderlayDispatcher).Run: started  
[ 0.674] INFO ziti/controller/server.(*Controller).checkEdgeInitialized: edge initialized  
[ 0.827] INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on 0.0.0.0:1280 for server client-management with APIs: [edge-management edge-client fabric edge-oidc]  
[ 0.836] INFO ziti/controller/network.(*Network).Run: started

question - I see edge controller instance id in both cases is different. is that expected?

Now, after running ziti edge login -u <username> -p <password> I see tls bad certificate error log on the controller


184.594] ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[127.0.0.1:52310] error=[remote error: tls: bad certificate]} handshake failed

Now, when i try to create edge router i get this response -


error: error creating edge-routers instance in Ziti Edge Controller at https://localhost:1280/edge/management/v1. Status code: 500 Internal Server Error, Server returned: {  
    "error": {  
        "cause": {  
            "code": "UNHANDLED",  
            "message": "could not get enrollment signer: could not determine enrollment signer: could not find a configured server certificate that matches hostname [ashish-ubuntu] in root controller identity nor in xweb identities"  
        },  
        "code": "UNHANDLED",  
        "message": "An unhandled error occurred",  
        "requestId": "RSRrNUSiO"  
    },  
    "meta": {  
        "apiEnrollmentVersion": "0.0.1",  
        "apiVersion": "0.0.1"  
    }  
}

and the controller logs show-

[ 307.254] ERROR ziti/controller/env.(*AppEnv).getEnrollmentTlsCert: {hostnameErrors=[[could not find a configured server certificate that matches hostname [ashish-ubuntu] could not find a configured server certificate that matches hostname [ashish-ubuntu]]]} could not find a server certificate for the edge.api.address host [ashish-ubuntu]

I suspect there is some misconfiguration on my side but i would appreciate any debug pointers.

Hi @AshishNaware, welcome to the community and to OpenZiti (and BrowZer/zrok)!

In my opinion, if you are trying to get things working locally and want to start a small, local dev stack, it's easiest to simply run the ziti edge quickstart command. Or, if you want to persist your environment, ziti edge quickstart --home /some/permanent/path/here

If you can compile the ziti CLI (something like go build ./... from the root of the checkout, for example), then you can very easily have an ephemeral (or persistent) environment in no time using that command.

Hope that helps! :slight_smile:

1 Like