Questions about Linux tunnelers

I have some questuions about the Linux tunneler:

In the guide, it says:

My first question is that what it means for:

# paste the contents of the enrollment token JWT file and press Ctrl+D

?

Should I just copy the JWT content and past it after the “>/dev/null” ? and press Ctrl+D, which will exit the terminal ?

My second question is “Place an enrollment token JWT file or identity config JSON file in /opt/openziti/etc/identities”. Are the JWT file or identity config JSON file generated by ZEDS and I downloaded ?

The thrid question is how to start the Tunneler. If I run the command line, it fails:

nick@nick:~$ sudo systemctl enable --now ziti-edge-tunnel.service
Job for ziti-edge-tunnel.service failed because of unavailable resources or another system error.
See "systemctl status ziti-edge-tunnel.service" and "journalctl -xeu ziti-edge-tunnel.service" for details.
nick@nick:~$ systemctl status ziti-edge-tunnel.service
● ziti-edge-tunnel.service - Ziti Edge Tunnel
     Loaded: loaded (/etc/systemd/system/ziti-edge-tunnel.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: resources) since Fri 2023-05-19 14:39:27 PDT; 2s ago
        CPU: 0
nick@nick:~$ journalctl -xeu ziti-edge-tunnel.service
May 19 14:39:40 nick systemd[1]: ziti-edge-tunnel.service: Failed to run 'start-pre' task: No such file or directory
May 19 14:39:40 nick systemd[1]: ziti-edge-tunnel.service: Failed with result 'resources'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit ziti-edge-tunnel.service has entered the 'failed' state with result 'resources'.
May 19 14:39:40 nick systemd[1]: Failed to start Ziti Edge Tunnel.
░░ Subject: A start job for unit ziti-edge-tunnel.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit ziti-edge-tunnel.service has finished with a failure.
░░ 
░░ The job identifier is 13787 and the job result is failed.


You should hit return at the end of the sudo line (after the >/dev/null), then hit paste, then Ctrl+d. The Ctrl+d will be sent to the tee command, causing it to end and the file to be written. You should not exit the terminal since the signal should be handled by tee, and not sent to your terminal.

Are the JWT file or identity config JSON file generated by ZEDS and I downloaded ?

ZEDS will generate a JWT file you can download. You can convert that to a json file by enrolling the identity (e.g., via the ziti or ziti-edge-tunnel command as described here), but based on that doc I expect if ziti-edge-tunnel.service sees a JWT file in that directory it will automatically attempt to enroll using that file to create the JSON identity file.

Thank you for your responds:

I have run the echo server successfully, by the command line:

python ziti-echo-server.py </path/to/id.json> <name-of-service>

However, I have trouble to test it with Netcat.
I am using a Windows10 machine

>ncat --version
Ncat: Version 7.93 ( https://nmap.org/ncat )

>ncat "python.echo.ziti" 80
Ncat: Could not resolve hostname "python.echo.ziti": No such host is known. . QUITTING.

>ncat "pyechoserv1 pysample Z29vZ2xlLW9hdXRoMnwxMTgzODUwMjgzNjQ4MjE4MDM4NzA=" 80
Ncat: Could not resolve hostname "pyechoserv1 pysample Z29vZ2xlLW9hdXRoMnwxMTgzODUwMjgzNjQ4MjE4MDM4NzA=": No such host is known. . QUITTING.

In the picture below, there are two identities, which are “pyechoclient” and “pyecho”. The “pyecho” is being used by the python program. And, the “pyechoclient” is being used for the Ziti Tunneler on current Windows machine.


After we login to the Tunneler with pyechoclient’s JWT file, we can even see the service “pyechoserv1 pysample Z29vZ2xlLW9h…” on port 80.

And the python echo service is listening the port 80:


image

Is there any idea about the error ?

>ncat --version
Ncat: Version 7.93 ( https://nmap.org/ncat )

>ncat "python.echo.ziti" 80
Ncat: Could not resolve hostname "python.echo.ziti": No such host is known. . QUITTING.

>ncat "pyechoserv1 pysample Z29vZ2xlLW9hdXRoMnwxMTgzODUwMjgzNjQ4MjE4MDM4NzA=" 80
Ncat: Could not resolve hostname "pyechoserv1 pysample Z29vZ2xlLW9hdXRoMnwxMTgzODUwMjgzNjQ4MjE4MDM4NzA=": No such host is known. . QUITTING.