Quick start docker compose

abidinhadjali · February 5, 2025, 1:16pm

I tried the quick start with Docker Compose and created a client as an Ubuntu VM. However, I'm encountering an issue. I followed the steps from both the video and the documentation, but I'm still facing this problem.

TheLumberjack · February 5, 2025, 1:18pm

HI @abidinhadjali,

This isn't enough information to help us help you.

Look at the client logs first. Look for any errors or useful messages in the logs.

Next move to the routers and look at the router logs for helpful log messages

What error is shown in the log? Also what tunneler are you using?

abidinhadjali · February 5, 2025, 1:34pm

i try to see the logs in the client side :journalctl -u ziti-edge-tunnel -f
فيفري 05 10:59:54 hadjali-VirtualBox systemd[1]: ziti-edge-tunnel.service: Failed with result 'exit-code'.
فيفري 05 10:59:54 hadjali-VirtualBox systemd[1]: Stopped Ziti Edge Tunnel.
فيفري 05 10:59:54 hadjali-VirtualBox systemd[1]: Starting Ziti Edge Tunnel...
فيفري 05 10:59:54 hadjali-VirtualBox ziti-edge-tunnel.sh[3132]: NOTICE: no new JWT files in /opt/openziti/etc/identities/.jwt
فيفري 05 10:59:54 hadjali-VirtualBox systemd[1]: Started Ziti Edge Tunnel.
فيفري 05 10:59:54 hadjali-VirtualBox ziti-edge-tunnel[3135]: About to run tunnel service... ziti-edge-tunnel
-- Boot 3baeec7ea14c42a2ae67a3aa4eec1610 --
فيفري 05 13:24:44 hadjali-VirtualBox systemd[1]: Starting Ziti Edge Tunnel...
فيفري 05 13:24:44 hadjali-VirtualBox ziti-edge-tunnel.sh[2843]: NOTICE: no new JWT files in /opt/openziti/etc/identities/.jwt
فيفري 05 13:24:44 hadjali-VirtualBox systemd[1]: Started Ziti Edge Tunnel.
فيفري 05 13:24:44 hadjali-VirtualBox ziti-edge-tunnel[2846]: About to run tunnel service... ziti-edge-tunnel

TheLumberjack · February 5, 2025, 1:38pm

if your tunnelers is not running, of course you won't be able to connect. Start by diagnosing the tunneler. Please use code fences/blocks when posting logs for legibility. see Markdown Code Block: Including Code In .md Files - Markdown Land for help or use discourse's widget that helps you Formatting posts using markdown, BBCode, and HTML - Using Discourse - Discourse Meta

None of these logs are particularly useful for me to be able to help, i'm sorry to say. It might be better to run ziti-edge-tunnel directly in a console to start

abidinhadjali · February 9, 2025, 10:48am

when i try to curl http.ziti this is what it sees

[1472.081]   ERROR sdk-golang/ziti.(*ContextImpl).connectEdgeRouter: {router=[ziti-edge-router]} dial tcp: lookup ziti-edge-router on 127.0.0.1:53: server misbehaving
[1477.127]   ERROR ziti/tunnel.DialAndRun: {error=[unable to dial service 'http.svc': no edge routers connected in time] service=[http.svc]} tunnel failed

TheLumberjack · February 9, 2025, 12:53pm

Since you're using docker, this sounds like you forgot to add hosts entries for the docker containers. See: Local - Docker Compose | OpenZiti

I am pretty sure this is the issue and your tunneler cannot connect to the address advertised by the router.

abidinhadjali · February 9, 2025, 1:20pm

I followed the steps in the documentation carefully, but I still don't know where the problem is. The ping works correctly, but I don't fully understand your last answer.

nslookup http.ziti
;; Got recursion not available from 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	http.ziti
Address: 100.64.0.2
;; Got recursion not available from 127.0.0.1
** server can't find http.ziti: REFUSED

 ping ziti-private-red -c 1
PING ziti-private-red (172.19.0.4): 56 data bytes
64 bytes from 172.19.0.4: icmp_seq=0 ttl=64 time=3.169 ms
--- ziti-private-red ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.169/3.169/3.169/0.000 ms
ziti@b56664f52714:/persistent$ ping ziti-private-blue -c 1
PING ziti-private-blue (172.18.0.8): 56 data bytes
64 bytes from 172.18.0.8: icmp_seq=0 ttl=64 time=0.156 ms
--- ziti-private-blue ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.156/0.156/0.156/0.000 ms
ziti@b56664f52714:/persistent$  ping ziti-private-red -c 1
PING ziti-private-red (172.19.0.4): 56 data bytes
64 bytes from 172.19.0.4: icmp_seq=0 ttl=64 time=0.038 ms
--- ziti-private-red ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.038/0.038/0.038/0.000 ms

TheLumberjack · February 9, 2025, 1:51pm

On the computer running the tunneler, it needs to be able to connect to the controller and to at least one router. In the docker compose example, this means your tunneler will need to be able to connect to ziti-controller and ziti-edge-router.

If you attempt to connect to ziti-edge-router, I expect it cannot be pinged and you can't connect to it with openssl. Run:

openssl s_client -connect ziti-edge-router:3022

I expect it will not connect, because your tunneler machine has no route to the router

abidinhadjali · February 9, 2025, 2:37pm

Yes, you are right. Thank you very much.

Topic		Replies	Views
I think quickstart:0.30.1 broke something in the edge-tunnel connections	18	408	September 1, 2023
Ziti Edge Tunnel Docker container fails/exits Ziti Edge Tunnel	5	102	October 22, 2024
Linux Ziti Tunneler Add Identity Failed Ziti Edge Tunnel	34	335	May 31, 2024
Ziti identies are failing after upgrade of edge tunneler	23	139	October 22, 2024
Missing or Invalid CSR General Questions	23	130	May 1, 2024

Quick start docker compose

Related topics