Quickstart errors on a Raspberry Pi

Hello,

I’m just trying to start with the expressInstall method to mess around and see how things work, but I’m getting walled at the start with the following error (that does not seem to stop the script):

                          _   _     _
                    ____ (_) | |_  (_)
                   |_  / | | | __| | |
                    / /  | | | |_  | |
                   /___| |_|  \__| |_|
-------------------------------------------------------------

This script will make it trivial to setup a very simple environment locally which will allow you to start
learning ziti. This environment is suitable for development work only and is not a decent representation of
a fully redundant production-caliber network.

Please note that this script will write files to your home directory into a directory named .ziti.
For you this location will be: /home/pi/.ziti/quickstart

Prerequisites confirmed
Let's get started creating your local development network!



___________   _______________________________________^__
 ___   ___ |||  ___   ___   ___    ___ ___  |   __  ,----\
|   | |   |||| |   | |   | |   |  |   |   | |  |  | |_____\
|___| |___|||| |___| |___| |___|  | O | O | |  |  |        \
           ||| ===== EXPRESS ==== |___|___| |  |__|         )
___________|||______________________________|______________/
           |||                                        /--------
-----------'''---------------------------------------'



******** Setting Up Environment ********
using default ZITI_HOME: /home/pi/.ziti/quickstart/ran
ZITI HOME SET TO: /home/pi/.ziti/quickstart/ran
ZITI_BINARIES_VERSION: v0.27.5
Downloading https://github.com/openziti/ziti/releases/download/v0.27.5/ziti-linux-arm-0.27.5.tar.gz
ziti-linux-arm64-0.27.5.tar.gz to /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-linux-arm-0.27.5.tar.gz
ziti-linux-arm64-0.27.5.tar.gz
UNZIPPING /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-linux-arm-0.27.5.tar.gz
ziti-linux-arm64-0.27.5.tar.gz into: /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-v0.27.5
tar: /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-linux-arm-0.27.5.tar.gz\nziti-linux-arm64-0.27.5.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
mv: cannot stat '/home/pi/.ziti/quickstart/ran/ziti-bin/ziti': No such file or directory
Marking executables at /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-v0.27.5 executable
chmod: cannot access '/home/pi/.ziti/quickstart/ran/ziti-bin/ziti-v0.27.5/*': No such file or directory
Generating new network with name: ran
ZITI_NETWORK set to: ran
Do you want to keep the generated admin password

(I cut the remainder off.)

The weird part is the inability to unpack the archive — it seems to have the arm and arm64 version filenames concat together with a \n separator for some reason (near the UNZIPPING line). I’m not sure if I missed something obvious, so please let me know what other info I can pull out that might be helpful or relevant.

Any info would be greatly helpful. Thank you!

Hi @Himekaidou, welcome to OpenZiti and welcome to the community!

Seems like there’s a bug in the quickstart for rasp pi… What kind of pi do you have? I actually don’t own any (tried to buy one last year but no supply and gave up), trying this for myself is hard, sadly. If you know what kind of pi it is, perhaps another community member could try it out and debug.

When I had this problem recently, it was because I had manually downloaded an arm binary instead of an arm64 one. I see the stray \n you’re talking about in there: ziti-linux-arm-0.27.5.tar.gz\nziti-linux-arm64-0.27.5.tar.gz: Cannot open… That’s odd for sure.

There’s an alternate method to try for the quickstart though. it’s not QUITE as short as one line, but I think it’s short enough.

You can do the following:

# makes a directory somewhere and moves you to it
export ZITI_BIN_DIR=$HOME/.ziti/bin
mkdir -p $ZITI_BIN_DIR
cd $ZITI_BIN_DIR

# pulls the binaries you want/need
wget https://github.com/openziti/ziti/releases/download/v0.27.5/ziti-linux-arm-0.27.5.tar.gz
tar xvf ziti-linux-arm-0.27.5.tar.gz

# sets the ZITI_BIN_DIR to where the untarred files are, sources the install script and then runs expressInstall
export ZITI_BIN_DIR=$ZITI_BIN_DIR/ziti
source /dev/stdin <<< "$(wget -qO- https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh)"
expressInstall

If you can pull the binaries down manually, verify they are executable (just run the command to make sure you don’t get that error) then set ZITI_BIN_DIR, it should work.

Hope that helps.

Definitely helped! It’s a Pi 4 Model B, just for reference. uname -a gives Linux ran 5.15.56-v7l+ #1575 SMP Fri Jul 22 20:29:46 BST 2022 armv7l GNU/Linux. Manually running the downloaded arm binaries seemed to work fine.

It still had the tar errors at the top, but continued and used the ZITI_BIN_DIR set later on. The expressInstall appeared to complete successfully, but there was a bit of weirdness. During the PKI part, it tried to generate server and client certs twice, the first time successful, the second time resulting in “key exists”:

Creating server cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net / 127.0.0.1
Using CA name:  ran-intermediate
Success
Creating client cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net
Using CA name:  ran-intermediate
Success

Creating server cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net
key exists
Creating client cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net
key exists

When the expressInstall script completed, I could start the controller but not the edge router, as the /home/pi/.ziti/quickstart/ran/pki/routers/ran-edge-router/ directory that it was looking for keys in was completely empty. The other dirs in the pki folder (root-ca, intermediate, intermediate_spurious_intermediate, and others) did have various certs/keyfiles/misc in them.

This makes me think the router enrollment didn't succeed. That can happen usually for one of two reasons, the controller never started properly, and the edge router never was able to be created in the first place, or the controller started but there's a config problem preventing the router from connecting.

The flow should be:

• configure pki
• configure controller
• run controller, make sure it starts
• login to controller
• create edge router
• enroll edge router
• print success mesage

Here's what that last few bits should look like... (i ran on my WSL instance so I ran a different download: ziti-linux-amd64-0.27.5.tar.gz, not that it 'should' matter)

image1031×639 57 KB

You can see at the top it says there's a controller log file (/home/cd/.ziti/quickstart/sg3/sg3.log in my case) and there is a router created and enrolled:

edge router configuration file written to: /home/cd/.ziti/quickstart/sg3/sg3-edge-router.yaml
----------  Creating edge-router sg3-edge-router....
----------  Enrolling edge-router sg3-edge-router....

Controller stopped.
Edge Router enrolled. Controller stopped.

Can you look in that controller log for any errors? Also would you post the entire quickstart log here (or DM to me if you don't want to post here, but there's nothing really secret in those logs imo). I'd like to see if anything pops out to me

The controller log does appear to have two errors (one is an info line but reads as an error…):

[   2.245]    INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on 0.0.0.0:1280 for server client-management with APIs: [edge-management edge-client fabric]
[   3.592]    INFO : http: TLS handshake error from 127.0.0.1:58882: remote error: tls: bad certificate
[  51.908]    INFO ziti/ziti/controller.waitForShutdown: shutting down ziti-controller

and

[  51.909]   ERROR channel/v2.(*UnderlayDispatcher).Run: {error=[closed]} error accepting connection

For the quickstart log, are you referring to the stuff that the script spits out as it’s running? Here it is (with just the password edited out):

                          _   _     _
                    ____ (_) | |_  (_)
                   |_  / | | | __| | |
                    / /  | | | |_  | |
                   /___| |_|  \__| |_|
-------------------------------------------------------------

This script will make it trivial to setup a very simple environment locally which will allow you to start
learning ziti. This environment is suitable for development work only and is not a decent representation of
a fully redundant production-caliber network.

Please note that this script will write files to your home directory into a directory named .ziti.
For you this location will be: /home/pi/.ziti/quickstart

Prerequisites confirmed
Let's get started creating your local development network!



___________   _______________________________________^__
 ___   ___ |||  ___   ___   ___    ___ ___  |   __  ,----\
|   | |   |||| |   | |   | |   |  |   |   | |  |  | |_____\
|___| |___|||| |___| |___| |___|  | O | O | |  |  |        \
           ||| ===== EXPRESS ==== |___|___| |  |__|         )
___________|||______________________________|______________/
           |||                                        /--------
-----------'''---------------------------------------'



******** Setting Up Environment ********
using default ZITI_HOME: /home/pi/.ziti/quickstart/ran
ZITI HOME SET TO: /home/pi/.ziti/quickstart/ran
ZITI_BINARIES_VERSION: v0.27.5
Using ZITI_BIN_DIR: /home/pi/.ziti/bin/ziti
Downloading https://github.com/openziti/ziti/releases/download/v0.27.5/ziti-linux-arm-0.27.5.tar.gz
ziti-linux-arm64-0.27.5.tar.gz to /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-linux-arm-0.27.5.tar.gz
ziti-linux-arm64-0.27.5.tar.gz
UNZIPPING /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-linux-arm-0.27.5.tar.gz
ziti-linux-arm64-0.27.5.tar.gz into: /home/pi/.ziti/bin/ziti
tar: /home/pi/.ziti/quickstart/ran/ziti-bin/ziti-linux-arm-0.27.5.tar.gz\nziti-linux-arm64-0.27.5.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
mv: cannot stat '/home/pi/.ziti/quickstart/ran/ziti-bin/ziti': No such file or directory
Marking executables at /home/pi/.ziti/bin/ziti executable
Generating new network with name: ran
ZITI_NETWORK set to: ran
Do you want to keep the generated admin password 'password removed'? (Y/n)
INFO: using ZITI_PWD=password removed
env file written to: /home/pi/.ziti/quickstart/ran/ran.env
environment file sourced from: /home/pi/.ziti/quickstart/ran/ran.env
Checking if Controller's port (6262) is available
Checking if Edge Router's port (3022) is available
Checking if Edge Controller's port (1280) is available
Checking if Controller Management Plane's port (10000) is available


******** Setting Up Public Key Infrastructure ********
Generating PKI
Creating CA: ran-root-ca
Success

Creating CA: ran-root-ca
key exists

Creating CA: ran-signing-root-ca
Success

Creating intermediate: ran-root-ca ran-intermediate 1
Using CA name:  ran-root-ca
Success

Creating intermediate: ran-root-ca ran-intermediate 1
key exists

Creating intermediate: ran-signing-root-ca ran-signing-intermediate_spurious_intermediate 2
Using CA name:  ran-signing-root-ca
Success

Creating intermediate: ran-signing-intermediate_spurious_intermediate ran-signing-intermediate 1
Using CA name:  ran-signing-intermediate_spurious_intermediate
Success


Creating server cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net / 127.0.0.1
Using CA name:  ran-intermediate
Success
Creating client cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net
Using CA name:  ran-intermediate
Success

Creating server cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net
key exists
Creating client cert from ca: ran-intermediate for ran,localhost,ran,ran,ziti.broken-mirror.net
key exists



******** Setting Up Controller ********
wrote CA file to: /home/pi/.ziti/quickstart/ran/pki/cas.pem
Controller configuration file written to: /home/pi/.ziti/quickstart/ran/ran.yaml
ziti-controller initialized. see /home/pi/.ziti/quickstart/ran/ran-init.log for details
[1] 11085
ziti-controller started as process id: 11085. log located at: /home/pi/.ziti/quickstart/ran/ran.log
waiting for the controller to come online to allow the edge router to enroll
waiting for https://ran:1280
Token: 556eff7b-1a28-43b7-85c3-c2a679f484f2
Saving identity 'default' to /home/pi/.ziti/quickstart/ran/ziti-cli.json


******** Setting Up Edge Routers ********
----------  Creating an edge router policy allowing all identities to connect to routers with a #public attribute
----------  Creating a service edge router policy allowing all services to use #public edge routers
USING ZITI_EDGE_ROUTER_RAWNAME: ran-edge-router
Creating server cert from ca: ran-intermediate for ran-edge-router,localhost,127.0.0.1,ran / 127.0.0.1
Using CA name:  ran-intermediate
Success
Creating client cert from ca: ran-intermediate for ran-edge-router,localhost,127.0.0.1,ran
Using CA name:  ran-intermediate
Success

edge router configuration file written to: /home/pi/.ziti/quickstart/ran/ran-edge-router.yaml
----------  Creating edge-router ran-edge-router....
----------  Enrolling edge-router ran-edge-router....

Controller stopped.
Edge Router enrolled. Controller stopped.

Congratulations. Express setup complete!
Start your Ziti Controller by running the function: startController
Start your Ziti Edge Router by running : startRouter


pi@ran:~ $

Yeah that’s the stuff I was looking for. So everything appears to have run properly. The edge router was created…
When you run startController and then startRouter what does the corresponding log for the router show, it should error for some reason.

I assume it isn’t able to contact the controller, which should be at “whatever your hostname” is on port 6262.

Let’s look in that log for clues next.

The controller appears to start without issue (as in, does not exit immediately). Controller log for reference, after running startController:

pi@ran:~/.ziti/quickstart/ran $ cat ran.log
[   0.032]    INFO ziti/ziti/controller.run: {build-date=[2023-02-13T21:49:17Z] os=[linux] version=[v0.27.5] go-version=[go1.19.5] nodeId=[ran] arch=[arm] revision=[3d9801e73809]} starting ziti-controller
[   0.032]    INFO fabric/events.(*Dispatcher).eventLoop: event dispatcher: started
[   0.033]    INFO storage/boltz.(*migrationManager).Migrate.func1: fabric datastore is up to date at version 5
[   0.038]    INFO fabric/controller/network.(*Network).showOptions: network = {
  "CycleSeconds": 60,
  "Smart": {
    "RerouteFraction": 0.02,
    "RerouteCap": 4,
    "MinCostDelta": 15
  },
  "RouteTimeout": 10000000000,
  "CreateCircuitRetries": 2,
  "CtrlChanLatencyInterval": 10000000000,
  "PendingLinkTimeout": 10000000000,
  "MinRouterCost": 10,
  "RouterConnectChurnLimit": 60000000000,
  "InitialLinkLatency": 65000000000,
  "MetricsReportInterval": 60000000000
}
[   0.038]    INFO fabric/controller.(*Controller).showOptions: ctrl = {
  "OutQueueSize": 4,
  "MaxQueuedConnects": 1,
  "MaxOutstandingConnects": 16,
  "ConnectTimeout": 1000000000,
  "DelayRxStart": false,
  "WriteTimeout": 0,
  "NewListener": null,
  "AdvertiseAddress": null
}
[   1.751]    INFO edge/controller/server.NewController: edge controller instance id: clec3p8d90000cia0l65tzb1l
[   1.752]    INFO edge/controller/server.(*Controller).Initialize: initializing edge
[   1.772]    INFO storage/boltz.(*migrationManager).Migrate.func1: edge datastore is up to date at version 29
[   1.777]    INFO edge/controller/internal/policy.NewSessionEnforcer: {frequency=[5s] sessionTimeout=[30m0s]} session enforcer configured
[   1.778]    INFO edge/controller/server.(*Controller).Run: starting edge
[   1.778]    INFO fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1: {poolType=[pool.listener.ctrl] minWorkers=[1] maxWorkers=[16] idleTime=[10s] maxQueueSize=[1]} starting goroutine pool
[   1.779]    INFO channel/v2.(*UnderlayDispatcher).Run: started
[   1.795]    INFO edge/controller/server.(*Controller).checkEdgeInitialized: edge initialized
[   1.796]    INFO fabric/controller/network.(*Network).Run: started
[   2.256]    INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on 0.0.0.0:1280 for server client-management with APIs: [edge-management edge-client fabric]

For the router…

The error in the log is the first line and is that it can’t find the key (because the directory it’s looking for it in is empty):

pi@ran:~/.ziti/quickstart/ran $ cat ran-edge-router.log
[   0.003]   ERROR ziti/ziti/router.run: {os=[linux] error=[unable to load identity (open /home/pi/.ziti/quickstart/ran/pki/routers/ran-edge-router/server.key: no such file or directory)] build-date=[2023-02-13T21:49:17Z] revision=[3d9801e73809] arch=[arm] version=[v0.27.5] go-version=[go1.19.5] configFile=[/home/pi/.ziti/quickstart/ran/ran-edge-router.yaml]} error loading ziti-router config
panic: unable to load identity (open /home/pi/.ziti/quickstart/ran/pki/routers/ran-edge-router/server.key: no such file or directory)

goroutine 1 [running]:
github.com/openziti/ziti/ziti/router.run(0x3f80300, {0x3c10148, 0x1, 0x1})
        github.com/openziti/ziti/ziti/router/run.go:67 +0x13b0
github.com/spf13/cobra.(*Command).execute(0x3f80300, {0x3c10130, 0x1, 0x1})
        github.com/spf13/cobra@v1.6.1/command.go:920 +0x714
github.com/spf13/cobra.(*Command).ExecuteC(0x3f80180)
        github.com/spf13/cobra@v1.6.1/command.go:1044 +0x418
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/cobra@v1.6.1/command.go:968
github.com/openziti/ziti/ziti/router.Execute()
        github.com/openziti/ziti/ziti/router/root.go:74 +0x18
main.main()
        github.com/openziti/ziti/ziti-router/main.go:51 +0x14

Directory to show what it looks like (eg, nothing in the edge router one):

pi@ran:~/.ziti/quickstart/ran $ ls /home/pi/.ziti/quickstart/ran/pki/routers/ran-edge-router/
pi@ran:~/.ziti/quickstart/ran $ ls /home/pi/.ziti/quickstart/ran/pki/
cas.pem           ran-root-ca               ran-signing-intermediate_spurious_intermediate  routers
ran-intermediate  ran-signing-intermediate  ran-signing-root-ca
pi@ran:~/.ziti/quickstart/ran $

But that’s so strange. The router must not be enrolling properly. I’ll have to check back in tomorrow, I can’t debug the problem due to the lack of a pi and I’ll be on leave for a week so my availability to help is probably going to be sporadic

No worries! I’ll continue tinkering a bit and see whether anything else turns up. At least it’s easy to reset the quickstart in case anything messes up!

Hi @Himekaidou, if you still have your environment up, can you provide the contents of your router enrollment log? Based on the information you’ve provided, it should be /home/pi/.ziti/quickstart/ran/ran-edge-router.enrollment.log

We’ve tried reproducing it with another Raspberry Pi 4 but without any luck so we’re going to need to get information from you specifically to figure this out. I appreciate you working with us to resolve this issue.

Just popping in real quick to say that it’ll be a bit delayed by a week or so since some work stuff came up, but I’ll get that once I have access to it again. Sorry for the trouble!

No trouble at all, thanks for your support and helping us improve OpenZiti.

Sorry for taking so long to reply!

I see that particular log has the following:

[   0.014]   FATAL edge/router/enroll.(*RestEnroller).Enroll: {cause=[could not retrieve token URL certificate: could not contact remote server [https://ziti.broken-mirror.net:1280]: Get "https://ziti.broken-mirror.net:1280": dial tcp 47.154.58.170:1280: connect: connection refused]} failed to parse JWT

I then attempted to open port 1280 on the firewall (it was not mentioned in the quickstart guide, so I only had the suggest 8440-8443 opened).

This resulted in

[  41.568]    INFO edge/router/enroll.(*RestEnroller).Enroll: registration complete

which seems to be a good sign.

However, ran-edge-router.log then complained about not being able to reach port 6262, so I opened that as well. Everything seemed to set up right (I’m assuming those aren’t needed as open ports, so I’ll try editing /etc/hosts so that it won’t hit the firewall next time).

However…

Controller starts up fine, but crashes when I start the router.

ran-edge-router.log:

[   0.058]    INFO ziti/ziti/router.run: {revision=[3d9801e73809] arch=[arm] build-date=[2023-02-13T21:49:17Z] routerId=[25ndDrUA0] go-version=[go1.19.5] configFile=[/home/pi/.ziti/quickstart/ran/ran-edge-router.yaml] os=[linux] version=[v0.27.5]} starting ziti-router
[   0.059]    INFO fabric/router/forwarder.(*Faulter).run: started
[   0.059]    INFO fabric/router/forwarder.(*Scanner).run: started
[   0.059]    INFO fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1: {poolType=[pool.link.dialer] minWorkers=[0] idleTime=[30s] maxQueueSize=[1000] maxWorkers=[32]} starting goroutine pool
[   0.059]    INFO fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1: {idleTime=[30s] poolType=[pool.route.handler] minWorkers=[0] maxWorkers=[128] maxQueueSize=[1000]} starting goroutine pool
[   0.060] WARNING edge/router/internal/edgerouter.(*Config).LoadConfigFromMap: Invalid heartbeat interval [0] (min: 60, max: 10), setting to default [60]
[   0.061]    INFO fabric/router.(*Router).initializeCtrlEndpoints: controller endpoints file [/home/pi/.ziti/quickstart/ran/endpoints] doesn't exist. Using initial endpoints from config
[   0.061]    INFO fabric/router.(*Router).showOptions: ctrl = {"OutQueueSize":4,"MaxQueuedConnects":1,"MaxOutstandingConnects":16,"ConnectTimeout":1000000000,"DelayRxStart":false,"WriteTimeout":0}
[   0.061]    INFO fabric/router.(*Router).showOptions: metrics = {"ReportInterval":60000000000,"MessageQueueSize":10}
[   0.061]    INFO fabric/router.(*Router).initializeHealthChecks: starting health check with ctrl ping initially after 15s, then every 30s, timing out after 15s
[   0.062]    INFO fabric/router.(*Router).startXlinkDialers: started Xlink dialer with binding [transport]
[   0.062]    INFO fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1: {idleTime=[10s] poolType=[pool.listener.link] minWorkers=[1] maxWorkers=[16] maxQueueSize=[1]} starting goroutine pool
[   0.062]    INFO fabric/router.(*Router).startXlinkListeners: started Xlink listener with binding [transport] advertising [tls:ziti.broken-mirror.net:10080]
[   0.063]    INFO edge/router/xgress_edge.(*listener).Listen: {address=[tls:0.0.0.0:3022]} starting channel listener
[   0.063]    INFO fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1: {poolType=[pool.listener.xgress_edge] minWorkers=[1] maxQueueSize=[1] maxWorkers=[16] idleTime=[10s]} starting goroutine pool
[   0.063]    INFO fabric/router.(*Router).startXgressListeners: created xgress listener [edge] at [tls:0.0.0.0:3022]
[   0.063]    INFO edge/router/xgress_edge.(*Acceptor).Run: starting
[   0.063]    INFO fabric/router.(*Router).startXgressListeners: created xgress listener [tunnel] at []
[   0.064]    INFO fabric/router.(*Router).startControlPlane: router configured with 1 controller endpoints
[   0.064]    INFO fabric/router.(*Router).startControlPlane: connecting to controller at endpoing [tls:ziti.broken-mirror.net:6262]
[   0.425]    INFO edge/router/fabric.(*StateManagerImpl).StartHeartbeat: heartbeat starting
[   0.429]    INFO edge/router/xgress_edge_tunnel.(*tunneler).Start: {mode=[host]} creating interceptor
[   0.429]    INFO edge/router/xgress_edge.(*CertExpirationChecker).Run: waiting 8615h59m3.117828007s to renew certificates
[   0.442]   ERROR channel/v2.(*reconnectingImpl).Rx [u{reconnecting}->i{0Z4p}]: {error=[EOF]} rx error. closed peer and starting reconnection process
[   0.442]    INFO channel/v2.(*reconnectingImpl).pingInstance [u{reconnecting}->i{0Z4p}]: starting
[   0.442]    INFO channel/v2.(*reconnectingImpl).pingInstance [u{reconnecting}->i{0Z4p}]: exiting
[   0.442]   ERROR channel/v2.(*reconnectingDialer).Reconnect [u{reconnecting}->i{0Z4p} @tls:ziti.broken-mirror.net:6262]: unable to ping (use of closed network connection)
[   0.457] WARNING edge/tunnel/dns.flushDnsCaches: {error=[exit status 1]} unable to flush dns caches, consider adding a dns flush to your restart process
[   0.458]   ERROR channel/v2.(*reconnectingDialer).Reconnect [u{reconnecting}->i{0Z4p} @tls:ziti.broken-mirror.net:6262]: reconnection attempt [#1] failed (read tcp 192.168.42.8:43996->47.154.58.170:6262: read: connection reset by peer)
panic: unaligned 64-bit atomic operation

goroutine 118 [running]:
runtime/internal/atomic.panicUnaligned()
        runtime/internal/atomic/unaligned.go:8 +0x24
runtime/internal/atomic.Load64(0x45a8354)
        runtime/internal/atomic/atomic_arm.s:280 +0x14
github.com/openziti/channel/v2.(*heartbeater).Tx(0x45a8330, 0x4586080, {0x21a28b4, 0x4ac4240})
        github.com/openziti/channel/v2@v2.0.27/heartbeater.go:82 +0x1b8
github.com/openziti/channel/v2.(*channelImpl).txer(0x4ac4240)
        github.com/openziti/channel/v2@v2.0.27/impl.go:422 +0x984
created by github.com/openziti/channel/v2.(*channelImpl).startMultiplex
        github.com/openziti/channel/v2@v2.0.27/impl.go:287 +0x128

ran.log

[   0.030]    INFO ziti/ziti/controller.run: {os=[linux] nodeId=[ran] version=[v0.27.5] go-version=[go1.19.5] arch=[arm] revision=[3d9801e73809] build-date=[2023-02-13T21:49:17Z]} starting ziti-controller
[   0.031]    INFO fabric/events.(*Dispatcher).eventLoop: event dispatcher: started
[   0.031]    INFO storage/boltz.(*migrationManager).Migrate.func1: fabric datastore is up to date at version 5
[   0.034]    INFO fabric/controller/network.(*Network).showOptions: network = {
  "CycleSeconds": 60,
  "Smart": {
    "RerouteFraction": 0.02,
    "RerouteCap": 4,
    "MinCostDelta": 15
  },
  "RouteTimeout": 10000000000,
  "CreateCircuitRetries": 2,
  "CtrlChanLatencyInterval": 10000000000,
  "PendingLinkTimeout": 10000000000,
  "MinRouterCost": 10,
  "RouterConnectChurnLimit": 60000000000,
  "InitialLinkLatency": 65000000000,
  "MetricsReportInterval": 60000000000
}
[   0.034]    INFO fabric/controller.(*Controller).showOptions: ctrl = {
  "OutQueueSize": 4,
  "MaxQueuedConnects": 1,
  "MaxOutstandingConnects": 16,
  "ConnectTimeout": 1000000000,
  "DelayRxStart": false,
  "WriteTimeout": 0,
  "NewListener": null,
  "AdvertiseAddress": null
}
[   1.711]    INFO edge/controller/server.NewController: edge controller instance id: clezt21tk0000loa03d50b2ol
[   1.712]    INFO edge/controller/server.(*Controller).Initialize: initializing edge
[   1.731]    INFO storage/boltz.(*migrationManager).Migrate.func1: edge datastore is up to date at version 29
[   1.736]    INFO edge/controller/internal/policy.NewSessionEnforcer: {frequency=[5s] sessionTimeout=[30m0s]} session enforcer configured
[   1.737]    INFO edge/controller/server.(*Controller).Run: starting edge
[   1.738]    INFO fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1: {poolType=[pool.listener.ctrl] minWorkers=[1] maxWorkers=[16] maxQueueSize=[1] idleTime=[10s]} starting goroutine pool
[   1.739]    INFO channel/v2.(*UnderlayDispatcher).Run: started
[   1.755]    INFO edge/controller/server.(*Controller).checkEdgeInitialized: edge initialized
[   1.757]    INFO fabric/controller/network.(*Network).Run: started
[   2.229]    INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on 0.0.0.0:1280 for server client-management with APIs: [edge-management edge-client fabric]
[  13.173]    INFO fabric/controller/handler_ctrl.(*bindHandler).BindChannel: {routerVersion=[v0.27.5] routerId=[25ndDrUA0]} router supports heartbeats
[  13.173]    INFO fabric/controller/handler_ctrl.(*CtrlAccepter).Bind: {routerId=[25ndDrUA0]} accepted new router connection [r/25ndDrUA0]
[  13.184]    INFO edge/controller/env.(*Broker).RouterConnected.func1: {routerId=[25ndDrUA0] routerName=[ran-edge-router] routerFingerprint=[0x4afad78]} broker detected edge router with id 25ndDrUA0 connecting
[  13.184]    INFO edge/controller/sync_strats.(*InstantStrategy).RouterConnected: {routerName=[ran-edge-router] sync_strategy=[instant] routerFingerprint=[0x4afad78] syncStatus=[SYNC_QUEUED] routerId=[25ndDrUA0]} edge router connected, adding to sync routerConnectedQueue
[  13.186]    INFO edge/controller/sync_strats.(*InstantStrategy).hello: {routerId=[25ndDrUA0] routerTxId=[3NS7DSSnn] routerName=[ran-edge-router] routerFingerprint=[0x4afad78] routerChannelIsOpen=[true] strategy=[instant]} edge router sync starting
[  13.186]    INFO edge/controller/sync_strats.(*InstantStrategy).hello: {routerTxId=[3NS7DSSnn] routerName=[ran-edge-router] routerFingerprint=[0x4afad78] routerChannelIsOpen=[true] strategy=[instant] routerId=[25ndDrUA0] syncStatus=[SYNC_HELLO]} sending edge router hello
[  13.188]    INFO fabric/controller/handler_ctrl.(*xctrlCloseHandler).HandleClose [ch{25ndDrUA0}->u{classic}->i{0Z4p}]: closing Xctrl instances
[  13.188] WARNING fabric/controller/handler_ctrl.(*closeHandler).HandleClose: {routerId=[25ndDrUA0]} disconnected
[  13.189]   ERROR channel/v2.(*channelImpl).rxer [ch{25ndDrUA0}->u{classic}->i{0Z4p}]: rx error (read tcp 192.168.42.8:6262->192.168.42.1:43980: use of closed network connection)
panic: unaligned 64-bit atomic operation

goroutine 89 [running]:
runtime/internal/atomic.panicUnaligned()
        runtime/internal/atomic/unaligned.go:8 +0x24
runtime/internal/atomic.Load64(0x4d6c264)
        runtime/internal/atomic/atomic_arm.s:280 +0x14
github.com/openziti/channel/v2.(*heartbeater).Tx(0x4d6c240, 0x4ab9b40, {0x23d3d84, 0x47b3a70})
        github.com/openziti/channel/v2@v2.0.27/heartbeater.go:82 +0x1b8
github.com/openziti/channel/v2.(*channelImpl).txer(0x47b3a70)
        github.com/openziti/channel/v2@v2.0.27/impl.go:422 +0x984
created by github.com/openziti/channel/v2.(*channelImpl).startMultiplex
        github.com/openziti/channel/v2@v2.0.27/impl.go:287 +0x128

Not sure where the panic is coming from. Running ziti on its own doesn’t immediately cause an error, it shows the usual CLI help text.

@Himekaidou thanks for getting back to us on this.

Are you still running the downloaded ARM binaries or are you running the ARM64? Your uname -a command you ran before seems to indicate you are running 32 bit Raspberry Pi OS so this error would make sense if you are using arm64 binaries.

The package I grabbed was named ziti-linux-arm-0.27.5.tar.gz.

Testing on the ziti executable itself:

pi@ran:~/.ziti/bin/ziti $ uname -a
Linux ran 5.15.56-v7l+ #1575 SMP Fri Jul 22 20:29:46 BST 2022 armv7l GNU/Linux
pi@ran:~/.ziti/bin/ziti $ file ./ziti
./ziti: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, Go BuildID=C33FWchpQy4c2xSu_FOf/JXWdnarCfxQulqjCg3c8/G7A4grg2_s3NtKQmS5sx/0g6NiBthj3ipUukDox8b, BuildID[sha1]=8ded5147d4ea92a12d4219cbaa32f580ca862f30, with debug_info, not stripped
pi@ran:~/.ziti/bin/ziti $ ./ziti

'ziti' is a CLI for working with a Ziti deployment.

Usage:
  ziti [command]

Available Commands:
  agent       Interact with ziti processes using the the IPC agent
  completion  Generate the autocompletion script for the specified shell
  controller  Ziti Controller
  create      Create a new resource
  edge        Manage the Edge components of a Ziti network using the Ziti Edge REST API
  fabric      Manage the Fabric components of a Ziti network using the Ziti Fabric REST and WebSocket APIs
  help        Help about any command
  learn       Tutorials and demos to help you learn about Ziti
  ops         Various utilities useful when operating a Ziti network
  pki         Manage a Ziti PKI
  router      Ziti Router

Flags:
  -h, --help      help for ziti
  -v, --version   version for ziti

Use "ziti [command] --help" for more information about a command.

It seems like the right one, unless I’m misinterpreting something!

No, you’re not misunderstanding anything. I just wanted to be sure you hadn’t accidentally been using the 64 bit binary on a 32 bit OS (the fact that expressInstall downloads the 64 bit version will have to be addressed). If you sourced the .env file it will recreate any alias you might have and point it to the 64 bit binaries that it downloaded. With that confirmed, I’m going to have to do some more research on my end to figure this out, it seems specific to Raspberry Pi 4 running 32 bit OS.

I’ll see if I can salvage my running Pi 4 for a day or so to troubleshoot this. Thanks again for your feedback, and stick with us, I’ll try to have something to provide as an update tomorrow.

@Himekaidou Good news, I found the issue in one of our packages, well, the issue relates to the compiler for the arm architecture, but I’ll have a fix coming soon. I just have to verify that nothing else is broken down the line from this.

Unfortunately, it will require waiting for a new release since the bug is in the binary file. I will keep you updated, thanks again for reporting this, we would not have found this without your feedback.

No worries, thank you so much for looking into it!

I’ll keep an eye out but I can mess around with it in a VM in the meantime, so no problem!

@Himekaidou The fix is in, we just have to wait for 0.27.6 to be released with the fix. I tested it myself on my Raspberry Pi 4 with 32-bit OS to confirm it works.

I also fixed the expressInstall bug that caused it to download the wrong binaries. That fix is actually deployed already, so you won’t have to separately download the arm binaries going forward.