I’, doing multiple tests on Ziti and specially with the new HA capabilities, however, I’m a bit stuck now. I have the following architecture:
The problem I’m facing, is that there’s no way I can make my private ER can forward the traffic to any destination, unless I manually create a terminator, which works if I just route a sigle port, but I want to forward all ports for this test.
These are the commands I’ve been using. I have tried not only my local server, but eth0.me to test that:
ziti edge create config "icarus-client" intercept.v1 '{"protocols":["tcp"],"addresses":["icarus.ziti.me"], "portRanges":[{"low":80, "high":80}]}'
ziti edge create config "icarus-server" host.v1 '{"protocol":"tcp", "address":"eth0.me","port":80}'
ziti edge create service icarus-cli --configs "icarus-client,icarus-server"
ziti edge create service-policy icarus.bind.policy Bind --service-roles '@icarus-cli' --identity-roles "@private1-edge-router,@private2-edge-router"
ziti edge create service-policy icarus.dial.policy Dial --service-roles '@icarus-cli' --identity-roles '@MyPC'
Everytime i tried to access from “MyPC” to icarus-cli service I received the same error:
ziti-controller[112054]: {"_context":"ch{UpQPrWloh}-\u003eu{classic}-\u003ei{WJ7o}","error":"service gBKkIuUASo has no terminators","file":"github.com/openziti/edge@v0.21.169/controller/handler_edge_ctrl/common.go:78","func":"github.com/openziti/edge/controller/handler_edge_ctrl.(*baseRequestHandler).returnError","level":"error","msg":"responded with error","operation":"create.circuit","routerId":"UpQPrWloh","time":"2022-04-29T17:12:12.897Z","token":"955984dc-2e79-4d85-a4d3-7fcdcbac1b94"}
However if I change the Bind policy to use the public ER instead of the private ones, it actually works and the terminator is properly created.
My Private ER where created with this command:
"${ZITI_BIN_DIR}/ziti" edge create edge-router "${ZITI_EDGE_ROUTER_NEW_NAME}" -o "${ZITI_EDGE_ROUTER_NEW_NAME}.jwt" -t
Any clues?
Thank you!
