Python SDK: troubleshooting ziti-echo-server.py sample

SDK Questions
1

What am I trying to do

I want to run the following, that creates an echo host

export ZITI_IDENTITIES=/mnt/v/temp/httpbin-identity.json
python3 ziti-echo-server.py $ZITI_IDENTITIES private-httpbin

https://github.com/openziti/ziti-sdk-py/blob/main/sample/ziti-echo-server.py

What error am I getting

    0.442]    WARN ziti-sdk:ziti_ctrl.c:90 code_to_error() unmapped error code: COULD_NOT_VALIDATE
[        0.442]   ERROR ziti-sdk:connect.c:456 connect_get_net_session_cb() conn[0.0] failed to get session for service[private-httpbin]: COULD_NOT_VALIDATE(The supplied request contains an invalid document or no valid accept content were available, see cause)
[        0.442]    WARN ziti-sdk:zitilib.c:674 on_ziti_bind() failed to bind fd[10] err[-34/WTF: programming error]

this suggests that there is a problem with the configuration..

What have I done to investigate

  1. confirmed the following scripts work
export ZITI_IDENTITIES=/mnt/v/temp/httpbin-identity.json
python3 h-ziti-p.py

export ZITI_IDENTITIES=/mnt/v/temp/httpbin-identity.json
python3 http-get.py http://httpbin.ziti:2000/json

this suggests that the configuration and intercept are working as expected

  1. confirmed the following service tests work
export ZITI_SDK_CONFIG=/mnt/v/temp/httpbin-identity.json
./curlz http://private-httpbin:2000/json

this suggests that the configuration and service are working as expected

  1. I have reproduced this error on my desktop and server

I thought I could isolate the problem by running the script locally on my desktop, but I received the same error message

  1. I have checked the policy advisor
OKAY : httpbin-identity (1) -> private-httpbin (4) Common Routers: (1/1) Dial: Y Bind: N 

OKAY : ziti-private-blue (2) -> private-httpbin (4) Common Routers: (2/2) Dial: N Bind: Y
  1. I have done a full reset of the docker container

docker-compose down -v

Questions that I have about this script

What I dont understand about this script is the code that performs the dialing

server = ztx.bind(service)

You will notice that there is no port number mentioned.. I was not expecting this

When I used the ./curlz example above, I needed to pass in a port number
./curlz http://private-httpbin:2000/json

So.. to confirm that this was not the problem.. I ran the following, which added the port number to the service name... as happens with the curlz example

python3 ziti-echo-server.py "/mnt/v/temp/httpbin-identity.json" "private-httpbin:2000"

This gives a slightly different error message.. but still fails


[        0.223]    INFO ziti-sdk:channel.c:219 new_ziti_channel() ch[0] (ziti-edge-router@tls://ziti-edge-router:3022) new channel for ztx[0] identity[httpbin-identity]
[        0.223]    INFO ziti-sdk:channel.c:731 reconnect_channel() ch[0] reconnecting NOW
[        0.293]    WARN ziti-sdk:zitilib.c:674 on_ziti_bind() failed to bind fd[12] err[-17/Service not available]

Any tips?

2

I now have this working… part of the problem was that I did not really understand what was required for it to work.

For this particular example, what you are doing is creating a host on the ziti overlay that acts as a listener… which you can then call from a client using a tunneller on your desktop.

Let me know if you need help… and I can share more details about how I resolved this.