Node SDK is hanging at await ziti.init

ferjep · August 18, 2025, 1:53pm

Hello everybody

I’m new to using OpenZiti and this whole zero trust concep. I have a MeteorJS application that I want it to be under a OpenZiti docker compose configuration and be able to later connect to Redis and MongoDB, that’s the plan.

I have used the simplified docker compose example and added my service configuration as:

  app-dev:
    image: docker.io/jorgenvatle/meteor-base:3.3.1
    container_name: app-dev
    depends_on:
      ziti-controller:
        condition: service_healthy
    volumes:
      - ${HOME}/app-files:/root/app-files
      - ../../:/home/node/app
      - ziti-fs:/persistent
    working_dir: /home/node/app
    environment:
      - IS_DOCKER=true
      - ROOT_URL=http://localhost:3000
      - MONGO_URL=mongodb://localhost:27017,localhost:27018,localhost:27019/
      - ZITI_IDENTITY_FILE=/persistent/ziti-identities/app.identity.json
    command: meteor --port 6001 --settings settings-development.docker.json --exclude-archs "web.browser, web.browser.legacy, web.cordova"
    networks:
      - ziti

Then within the ziti-controller container I have created the identity and enrolled it successfully under the path seen in the ZITI_IDENTITY_FILE env.

This is the code in the app

import ziti from "@openziti/ziti-sdk-nodejs";

const zitiIdentityFile = process.env.ZITI_IDENTITY_FILE;

await ziti.init(zitiIdentityFile).catch((err) => console.error(err));
console.log('ZITI INITIALIZED');

But ziti.init does not console.error anything. It just hangs in the await and does nothing else. The file it's found and it exists, the container has the right network.

I know OpenZiti is not only creating an identity and that's it, but I wanted to start from somewhere fist and start learning and creating the necessary configs along the way.

PD: This is the docker service config for the development mode, which will connect to my host Redis and MongoDB instances (they will not be in a docker container), in the production configuration it will connect to these services that are hosted externally, for both scenarios I will need Tunnelers, right?

ekoby · August 18, 2025, 2:47pm

Hello @ferjep and welcome to OpenZiti!

can you set ZITI_LOG environment variable to at least 4 and see what that produces?

ferjep · August 18, 2025, 2:53pm

Hi there, thanks for helping me out.

I have set the log level through ziti.setLogLevel and used 5

[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) [        0.005] DEBUG    ziti-sdk-nodejs//home/runner/work/ziti-sdk-nodejs/ziti-sdk-nodejs/src/ziti_init.c:272 _ziti_init(): initializing
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) [        0.005] DEBUG    ziti-sdk-nodejs//home/runner/work/ziti-sdk-nodejs/ziti-sdk-nodejs/src/ziti_init.c:302 _ziti_init(): config_file_name: /persistent/ziti-identities/app.identity.json
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) (82)[        0.000]    INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=5/VERBOSE
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) (82)[        0.000]    INFO ziti-sdk:utils.c:167 ziti_log_init() Ziti C SDK version 1.4.4 @g9a16a32(HEAD) starting at (2025-08-18T14:51:46.361)
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) [        0.005] DEBUG    ziti-sdk-nodejs//home/runner/work/ziti-sdk-nodejs/ziti-sdk-nodejs/src/ziti_init.c:342 _ziti_init(): ziti_load_config => 0
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) [        0.005] DEBUG    ziti-sdk-nodejs//home/runner/work/ziti-sdk-nodejs/ziti-sdk-nodejs/src/ziti_init.c:346 _ziti_init(): ziti_context_init => 0
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) [        0.005] DEBUG    ziti-sdk-nodejs//home/runner/work/ziti-sdk-nodejs/ziti-sdk-nodejs/src/ziti_init.c:358 _ziti_init(): ziti_context_set_options => 0
[app-dev]                        | W20250818-14:51:46.362(0)? (STDERR) [        0.005] DEBUG    ziti-sdk-nodejs//home/runner/work/ziti-sdk-nodejs/ziti-sdk-nodejs/src/ziti_init.c:362 _ziti_init(): ziti_context_run => 0
[app-dev]                        | W20250818-14:51:46.364(0)? (STDERR) (82)[        0.129]    INFO ziti-sdk:ziti.c:519 ziti_start_internal() ztx[0] enabling Ziti Context
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]    INFO ziti-sdk:ziti.c:536 ziti_start_internal() ztx[0] using tlsuv[v0.33.6/OpenSSL 3.0.16 11 Feb 2025]
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]    INFO ziti-sdk:ziti_ctrl.c:626 ziti_ctrl_init() ctrl[(null):] using https://ziti-edge-controller:1280/edge/client/v1
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]   DEBUG ziti-sdk:ziti_ctrl.c:640 ziti_ctrl_init() ctrl[ziti-edge-controller:1280] ziti controller client initialized
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129] VERBOSE ziti-sdk:ziti_ctrl.c:145 start_request() ctrl[ziti-edge-controller:1280] starting GET[/version]
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]    INFO ziti-sdk:ziti.c:614 ztx_init_controller() ztx[0] Loading ziti context with controller[https://ziti-edge-controller:1280/edge/client/v1]
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]   DEBUG ziti-sdk:ziti.c:545 ziti_start_internal() ztx[0] using metrics interval: 6
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]   DEBUG ziti-sdk:ziti.c:218 ziti_set_unauthenticated() ztx[0] setting auth_state[0] to 0
[app-dev]                        | W20250818-14:51:46.367(0)? (STDERR) (82)[        0.129]   DEBUG ziti-sdk:ziti_ctrl.c:379 ziti_ctrl_clear_api_session() ctrl[ziti-edge-controller:1280] clearing api session token for ziti_controller
[app-dev]                        | W20250818-14:51:46.368(0)? (STDERR) (82)[        0.129]   DEBUG ziti-sdk:ziti_ctrl.c:1065 ctrl_paging_req() ctrl[ziti-edge-controller:1280] starting paging request GET[/external-jwt-signers]
[app-dev]                        | W20250818-14:51:46.368(0)? (STDERR) (82)[        0.129] VERBOSE ziti-sdk:ziti_ctrl.c:1070 ctrl_paging_req() ctrl[ziti-edge-controller:1280] requesting /external-jwt-signers?limit=25&offset=0
[app-dev]                        | W20250818-14:51:46.368(0)? (STDERR) (82)[        0.129] VERBOSE ziti-sdk:ziti_ctrl.c:145 start_request() ctrl[ziti-edge-controller:1280] starting GET[/external-jwt-signers?limit=25&offset=0]

By the way, the @openziti/ziti-sdk-nodejs package version is the latest available: 0.20.0

TheLumberjack · August 20, 2025, 3:20pm

If you let it sit there for a few minutes, does anymore output come out? Can you somehow ensure / prove the node container can connect to the controller using the hostname and port: ziti-edge-controller:1280?

ferjep · August 20, 2025, 4:39pm

Nope, I let it for a good while and nothing else came back.

An yes, the app container can see the controller container, I made a curl from the app container to https://ziti-edge-controller:1280/edge/client/v1 and got a response instantly

TheLumberjack · August 20, 2025, 5:51pm

The fact that you didn't get any output is... odd. I have a very similar app but it behaves very differently (it works).

$ cat index.js
import ziti from '@openziti/ziti-sdk-nodejs';

const zitiIdentityFile  = process.env.ZITI_IDENTITY_FILE;
await ziti.init( zitiIdentityFile ).catch(( err ) => { /* probably exit */ });

console.log('ZITI INITIALIZED');

However, if I edit the identity file and I change the port i never get the "ZITI INITIALIZED" message. I do however get continued output every 15s like I would expect:

$ ZITI_LOG=4 node index.js
(node:210833) [MODULE_TYPELESS_PACKAGE_JSON] Warning: Module type of file:///tmp/ziti-node-test/index.js is not specified and it doesn't parse as CommonJS.
Reparsing as ES module because module syntax was detected. This incurs a performance overhead.
To eliminate this warning, add "type": "module" to /tmp/ziti-node-test/package.json.
(Use `node --trace-warnings ...` to show where the warning was created)
(210833)[        0.000]    INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=4/DEBUG
(210833)[        0.000]    INFO ziti-sdk:utils.c:167 ziti_log_init() Ziti C SDK version 1.4.4 @g9a16a32(HEAD) starting at (2025-08-20T17:47:00.158)
(210833)[        0.034]    INFO ziti-sdk:ziti.c:519 ziti_start_internal() ztx[0] enabling Ziti Context
(210833)[        0.034]    INFO ziti-sdk:ziti.c:536 ziti_start_internal() ztx[0] using tlsuv[v0.33.6/OpenSSL 3.0.16 11 Feb 2025]
(210833)[        0.034]    INFO ziti-sdk:ziti_ctrl.c:626 ziti_ctrl_init() ctrl[(null):] using https://ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441/edge/client/v1
(210833)[        0.034]   DEBUG ziti-sdk:ziti_ctrl.c:640 ziti_ctrl_init() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] ziti controller client initialized
(210833)[        0.034]    INFO ziti-sdk:ziti.c:614 ztx_init_controller() ztx[0] Loading ziti context with controller[https://ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441/edge/client/v1]
(210833)[        0.034]   DEBUG ziti-sdk:ziti.c:545 ziti_start_internal() ztx[0] using metrics interval: 6
(210833)[        0.034]   DEBUG ziti-sdk:ziti.c:218 ziti_set_unauthenticated() ztx[0] setting auth_state[0] to 0
(210833)[        0.034]   DEBUG ziti-sdk:ziti_ctrl.c:379 ziti_ctrl_clear_api_session() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] clearing api session token for ziti_controller
(210833)[        0.034]   DEBUG ziti-sdk:ziti_ctrl.c:1065 ctrl_paging_req() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] starting paging request GET[/external-jwt-signers]


(210833)[       15.044]    WARN ziti-sdk:ziti_ctrl.c:177 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] request failed: -110(connection timed out)
(210833)[       15.044]    WARN ziti-sdk:ziti_ctrl.c:335 internal_version_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] CONTROLLER_UNAVAILABLE(connection timed out)
(210833)[       15.044]    WARN ziti-sdk:ziti.c:1924 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/connection timed out
(210833)[       15.044]    WARN ziti-sdk:ziti_ctrl.c:177 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] request failed: -110(connection timed out)
(210833)[       15.044]    INFO ziti-sdk:ziti_ctrl.c:180 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] attempting to switch endpoint
(210833)[       15.044]    WARN ziti-sdk:ziti_ctrl.c:599 ctrl_next_ep() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] no controllers are online
(210833)[       15.044]    WARN ziti-sdk:ziti.c:655 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: connection timed out


(210833)[       20.050]   DEBUG ziti-sdk:ziti_ctrl.c:1065 ctrl_paging_req() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] starting paging request GET[/external-jwt-signers]
(210833)[       35.064]    WARN ziti-sdk:ziti_ctrl.c:177 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] request failed: -110(connection timed out)
(210833)[       35.064]    WARN ziti-sdk:ziti_ctrl.c:335 internal_version_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] CONTROLLER_UNAVAILABLE(connection timed out)
(210833)[       35.064]    WARN ziti-sdk:ziti.c:1924 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/connection timed out
(210833)[       35.064]    WARN ziti-sdk:ziti_ctrl.c:177 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] request failed: -110(connection timed out)
(210833)[       35.064]    INFO ziti-sdk:ziti_ctrl.c:180 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] attempting to switch endpoint
(210833)[       35.064]    WARN ziti-sdk:ziti_ctrl.c:599 ctrl_next_ep() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] no controllers are online
(210833)[       35.064]    WARN ziti-sdk:ziti.c:655 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: connection timed out


(210833)[       40.066]   DEBUG ziti-sdk:ziti_ctrl.c:1065 ctrl_paging_req() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] starting paging request GET[/external-jwt-signers]


(210833)[       55.084]    WARN ziti-sdk:ziti_ctrl.c:177 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] request failed: -110(connection timed out)
(210833)[       55.084]    WARN ziti-sdk:ziti_ctrl.c:335 internal_version_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] CONTROLLER_UNAVAILABLE(connection timed out)
(210833)[       55.084]    WARN ziti-sdk:ziti.c:1924 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/connection timed out
(210833)[       55.084]    WARN ziti-sdk:ziti_ctrl.c:177 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] request failed: -110(connection timed out)
(210833)[       55.084]    INFO ziti-sdk:ziti_ctrl.c:180 ctrl_resp_cb() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] attempting to switch endpoint
(210833)[       55.084]    WARN ziti-sdk:ziti_ctrl.c:599 ctrl_next_ep() ctrl[ec2-3-18-113-172.us-east-2.compute.amazonaws.com:28441] no controllers are online
(210833)[       55.084]    WARN ziti-sdk:ziti.c:655 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: connection timed out

Changing the hostname to be unresolvable has the same behavior as changing the port although the logs happen every 5s in that case (which I find interesting)...

I even went so far as to deny Dial and allow Bind access to the service for the identity, but it doesn't freeze... So far, I can't reproduce whatever you have done. The only difference I am not using docker. I can (and will) try with a docker container but I would expect the same results.

TheLumberjack · August 20, 2025, 6:31pm

I can't replicate the problem. Here are the exact steps I did are below. I also ensured my /etc/hosts contains:

127.0.0.1 ziti-edge-router ziti-controller ziti-edge-controller

console 1

clear
cd /tmp/
rm -rf /tmp/docker
mkdir docker
cd docker/
curl -so docker-compose.yaml https://get.openziti.io/dock/simplified-docker-compose.yml
curl -so .env https://get.openziti.io/dock/.env
ZITI_PWD=admin docker compose up

console 2

ping -c1 ziti-edge-router
ping -c1 ziti-edge-controller
ping -c1 ziti-controller

ziti edge login ziti-edge-controller:1280 -u admin -p admin -y
ziti edge create identity node-test -o node-test.jwt
ziti edge enroll node-test.jwt

ziti edge create config mgmtcfg-host.v1 host.v1 '{"protocol":"tcp", "address":"ziti-edge-controller", "port":1280}'
ziti edge create service dial-test --configs 'mgmtcfg-host.v1'
ziti edge create service-policy dial-test-dial Dial --service-roles '@dial-test' --identity-roles '@node-test'
ziti edge create service-policy dial-test-bind Bind --service-roles '@dial-test' --identity-roles '@ziti-edge-router'

node index.js

node

Topic		Replies	Views
Create Ziti Admin Console problem	45	1869	February 7, 2024
Ziti identity file not registering although it says it did	5	33	January 22, 2025
Quickstart doesn't work	13	67	June 23, 2025
Advice in Ziti docker compose deploy Support	28	230	August 28, 2024
How to implement OpenZiti for Next.js app	12	92	February 22, 2025

Node SDK is hanging at await ziti.init

console 1

console 2

Related topics