Hi! As the title says, I'm running into ERROR: for ziti-edge-router-wss when trying to run docker-compose. I'm was following the quickstart guide and openziti youtube video. Not sure what to do or what is needed to debug my issue. Thanks in advance!
Hi @JoeJoe, welcome to the community and to OpenZiti!
Can you give me a bit more information? Did you pull down the 'complex' docker compose, the one intended for learning and run it?
If you can give me the steps you're doing, I'll try to recreate your issue locally.
I just ran these commands and my environment seemed to come online without a problem:
curl -so docker-compose.yaml https://get.openziti.io/dock/docker-compose.yml
curl -so .env https://get.openziti.io/dock/.env
docker compose --project-name docker up
Maybe tell me what os you're running too and exactly which commands you ran?
Can you give me a bit more information?
Of course!
Did you pull down the 'complex' docker compose, the one intended for learning and run it?
No clue, I'm assuming so. I ran the same curl command to pull the compose file
If you can give me the steps you're doing, I'll try to recreate your issue locally.
I ran the same curl commands but for running the container, all I did was sudo docker-compose up Using the docker-compose package
Maybe tell me what os you're running too
Ubuntu 22.04.1
exactly which commands you ran?
curl -so docker-compose.yaml https://get.openziti.io/dock/docker-compose.yml
curl -so .env https://get.openziti.io/dock/.env
sudo docker-compose up
One or multiple of my attempts to run the container were still up. Stopping and pruning all docker containers and rerunning docker-compose. Oops
Result, issue is still there. Maybe not enough system resources available? Running on a Proxmox vm with 2gb ram and 1 core. Here is the error I get in full.
ERROR: for ziti-edge-router-wss Container "1339e33f62ec" is unhealthy.
ERROR: Encountered errors while bringing up the project.
Deleted the yaml and .env, pruned all containers, and started fresh. Ran the three commands I said I had ran and still getting the same error.
I'd say you should probably try the "simplified" docker compose... Local - Docker Compose | OpenZiti
It only starts a controller and router and the ziti admin console.
it's here: ziti/quickstart/docker/simplified-docker-compose.yml at release-next · openziti/ziti · GitHub
I dunno why you're getting this error. I'd honestly expect 2G of ram to be enough. The 1 core though, I'd definitely encourage at least two (2), but still it shouldn't be a problem, I wouldn't think...
Thanks Lumberjack! I'll give the simplified a shot! If I still run into issues I'll bump the vm to 2 cores and report back!
With simplified, I ran into
ERROR: for ziti-console Container "2226c6a9b87d" is unhealthy.
ERROR: Encountered errors while bringing up the project.
Issue persisted after giving the ram 2 cores.
I see the docker containers up so does this mean it's built and ran fine? I wouldn't expect any containers up if there was an error
Booting up a fresh Ubuntu-server 22.04.1 vm with 2gb ram and 2 cores currently. Will report back
That's so strange... I wonder what and how it's determined to be healthy or not. If you can login to the container, I'd say it's up and running. You'll likely want to customize it if you access the environment from outside of docker though. The docker (not compose) example and/or this other recent thread will probably be important to you. They show the environment variables that are needed to customize the docker environment for external addresses so the config files are generated for proper configuration outside the docker network. Looking at the docker .env file there might be one or two env vars missing in there that you'll probably have to add. I must admit I've not used the docker-based quickstarts for a while to recall how much effort there will be to get them working more generically. hopefully the other discourse posts and doc will make it clear and you'll find what you need.
I don't have a proxmox setup, but this issue makes me want to try it out to see if there is something proxmox does to (falsely?) report a failure when bringing up the project?
Update on the fresh install with 2 cores and 2gb ram on Ubuntu server 22.04.1 using Proxmox hypervisor 8.0.3. Using docker-compose apt package to build the container.
ERROR: for ziti-edge-router Container "1e649231f926" is unhealthy.
ERROR: Encountered errors while bringing up the project.
Yea, no idea what is considering the container unhealthy. Not exactly too sure how to bring up the ziti interface but I tried port 1280, 10080 , 3022, 8443, 6262. How can I determine if everything is built correctly? Also, going to try out the docker (not compose) route you mentioned. Apologies for the noobish questions, understanding this is a bit much for my undegrad c.s brain haha.
My main reason using openziti was to avoid cloudflare zero trust to tunnel my fileserver to use in Vercel that is hosting my django site and serve static files. Want to be sure my fileserver is secure before exposing to the world wide web.
I see someone else mentioning health check for the docker compose and running into issues. Maybe related? Maybe not?
Would you be willing to run it outside of proxmox? I don't know if anyone else in our community has used OpenZiti with proxmox, but I'm surprised it's seeming to have an issue still... 
Yeah, certainly. that's a great use case. Also if you haven't read/seen it you might like this blog:
Got 5 Minutes? Secure Your Python Website with Zero Trust. You could always go the CloudZiti route too - it's a free OpenZiti overlay network that NetFoundry would run and maintain for you. That's always an option.
How'd you 'try' those ports? I recommend you use openssl to connect to the ports to test for liveliness like:
openssl s_client -connect your.ip.or.host:1280
That'll at least tell you if the port is alive and listening.
I'll put a feeler out to the broader NetFoundry team to see if anyone's got a proxmox instance to test this with... Unfortunately, I'm not sure where to go without being able to replicate it myself...
Oh also - if you haven't seen it this crossed my reddit today:
https://old.reddit.com/r/webdev/comments/1b14bty/netlify_just_sent_me_a_104k_bill_for_a_simple/
Same basic setup as you but they got DDoS'ed and it was "a thing". Netlify not Vercel, but same basic idea! 
So keeping your site secure is a good idea!
Yes, I'll go ahead and attempt it outside of proxmox. I can run a VM in VirtualBox and test it there as well. By "try" the ports, I meant to tried connecting to them to see which one would bring up a ziti web interface. Change everything in the .env and yaml from 0.0.0.0 to the vm's ip address 192.168.1.6 to try plug 192.168.1.6:1280 into chrome and see if I can find the ziti interface.
Thank you so much for the help and suggestions! Truly appreciate it! All of it is gold to me!
I'll report back on testing on Vbox and we'll see if any issues arise. Dont want to flood the post with too much gibbergabber. Thank you again!
FWIW there's another discourse thread ongoing right now where someone is clearly using ziti successfully in proxmox 
I just happened to notice it -- figured i'd point out that it should be fine...
Hmm, maybe a user error I'm assuming or docker-compose apt package error. Tried again on Ubuntu server 22.04.1 on Vbox and received
ERROR: for ziti-edge-router Container "be41a402aa9a" is unhealthy.
ERROR: for ziti-console Container "be41a402aa9a" is unhealthy.
ERROR: for ziti-controller-init-container Container "be41a402aa9a" is unhealthy.
ERROR: Encountered errors while bringing up the project.
The only difference I see is I'm using the docker-compose apt package and maybe iso? Running Ubuntu server minimized and no luck. I'll try removing the docker-compose package and installing it manually
Here is a history of my commands
1 ls
2 mkdir oziti
3 cd oziti/
4 curl
5 curl -so docker-compose.yaml https://get.openziti.io/dock/simplified-docker-compose.yml
6 curl -so .env https://get.openziti.io/dock/.env
7 sudo apt install docker-compose
8 sudo docker-compose up
Again, I'll take a look at using just Docker and take a look a the proxmox thread
oooh interesting. i definitely use docker compose not docker-compose and I install it using the simple bash script as found here Install Docker Engine on Ubuntu | Docker Docs
maybe that's the issue?
Didn't work either. Doesn't seem I can upload a txt file and jpg comes out to too many files. I'll paste the whole output here.
u22@laptop:~/oziti$ sudo docker compose up
[+] Running 4/4
** 
Container oziti_ziti-controller_1 Recrea... 0.2s**
** Container oziti-ziti-edge-router-1 Creat... 0.2s**
** Container oziti-ziti-console-1 Created 0.3s**
** Container oziti-ziti-controller-init-container-1 Created 0.2s**
Attaching to ziti-console-1, ziti-controller-1, ziti-controller-init-container-1, ziti-edge-router-1
ziti-controller-1 | system has not been initialized. initializing...
ziti-controller-1 | Populating environment variables
ziti-controller-1 | ZITI_NETWORK overridden: ziti
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_USER overridden: admin
ziti-controller-1 | Do you want to keep the generated admin password 'tATR0WJrdKSlgA0usf1yl_NGRmrl-NeL'? (Y/n) INFO: using ZITI_PWD=tATR0WJrdKSlgA0usf1yl_NGRmrl-NeL
ziti-controller-1 | ZITI_BIN_DIR overridden: /var/openziti/ziti-bin
ziti-controller-1 | ZITI_CTRL_NAME overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_PORT overridden: 1280
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_ADDRESS overridden: ziti-edge-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_ADDRESS overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_PORT overridden: 6262
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_ENV_FILE overridden: /persistent/ziti.env
ziti-controller-1 | Your OpenZiti environment has been set up successfully.
ziti-controller-1 |
ziti-controller-1 | A file with all pertinent environment values was created here: /persistent/ziti.env
ziti-controller-1 |
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ARCH already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BINARIES_FILE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BINARIES_VERSION already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BIN_DIR already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BIN_ROOT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_ADVERTISED_ADDRESS already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_ADVERTISED_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_ADVERTISED_ADDRESS already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_ADVERTISED_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_IP_OVERRIDE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_EDGE_IDENTITY_ENROLLMENT_DURATION already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ENV_FILE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_HOME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_IMAGE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_INTERFACE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_NETWORK already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_OSTYPE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_CA already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_EDGE_INTERMEDIATE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_EDGE_ROOTCA_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_INTERMEDIATE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_KEY already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_ROOTCA_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_SERVER_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_CA already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_KEY already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_SERVER_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_CERT_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_INTERMEDIATE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_KEY already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_ROOTCA_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PWD already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_ENROLLMENT_DURATION already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_LISTENER_BIND_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_SCRIPTS already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_SHARED already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_USER already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_VERSION already set. using existing value
ziti-controller-1 |
ziti-controller-1 | adding /var/openziti/ziti-bin to the path
ziti-controller-1 | Populating environment variables
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_USER overridden: admin
ziti-controller-1 | ZITI_PWD overridden: tATR0WJrdKSlgA0usf1yl_NGRmrl-NeL
ziti-controller-1 | ZITI_PKI overridden: /persistent/pki
ziti-controller-1 | ZITI_PKI_SIGNER_CERT_NAME overridden: ziti-signing
ziti-controller-1 | ZITI_PKI_SIGNER_ROOTCA_NAME overridden: ziti-signing-root-ca
ziti-controller-1 | ZITI_PKI_SIGNER_INTERMEDIATE_NAME overridden: ziti-signing-intermediate
ziti-controller-1 | ZITI_PKI_SIGNER_CERT overridden: /persistent/pki/signing.pem
ziti-controller-1 | ZITI_PKI_SIGNER_KEY overridden: /persistent/pki/ziti-signing-intermediate/keys/ziti-signing-intermediate.key
ziti-controller-1 | ZITI_BIN_DIR overridden: /var/openziti/ziti-bin
ziti-controller-1 | ZITI_CTRL_NAME overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_EDGE_NAME overridden: ziti-edge-controller
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_PORT overridden: 1280
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_ADDRESS overridden: ziti-edge-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_ADDRESS overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_PORT overridden: 6262
ziti-controller-1 | ZITI_PKI_CTRL_ROOTCA_NAME overridden: ziti-controller-root-ca
ziti-controller-1 | ZITI_PKI_CTRL_INTERMEDIATE_NAME overridden: ziti-controller-intermediate
ziti-controller-1 | ZITI_PKI_CTRL_EDGE_ROOTCA_NAME overridden: ziti-edge-controller-root-ca
ziti-controller-1 | ZITI_PKI_CTRL_EDGE_INTERMEDIATE_NAME overridden: ziti-edge-controller-intermediate
ziti-controller-1 | ZITI_PKI_CTRL_SERVER_CERT overridden: /persistent/pki/ziti-controller-intermediate/certs/ziti-controller-server.chain.pem
ziti-controller-1 | ZITI_PKI_CTRL_KEY overridden: /persistent/pki/ziti-controller-intermediate/keys/ziti-controller-server.key
ziti-controller-1 | ZITI_PKI_CTRL_CA overridden: /persistent/pki/cas.pem
ziti-controller-1 | ZITI_PKI_CTRL_CERT overridden: /persistent/pki/ziti-controller-intermediate/certs/ziti-controller-client.cert
ziti-controller-1 | ZITI_PKI_EDGE_CERT overridden: /persistent/pki/ziti-edge-controller-intermediate/certs/ziti-edge-controller-client.cert
ziti-controller-1 | ZITI_PKI_EDGE_SERVER_CERT overridden: /persistent/pki/ziti-edge-controller-intermediate/certs/ziti-edge-controller-server.chain.pem
ziti-controller-1 | ZITI_PKI_EDGE_KEY overridden: /persistent/pki/ziti-edge-controller-intermediate/keys/ziti-edge-controller-server.key
ziti-controller-1 | ZITI_PKI_EDGE_CA overridden: /persistent/pki/ziti-edge-controller-root-ca/certs/ziti-edge-controller-root-ca.cert
ziti-controller-1 | ZITI_ROUTER_NAME overridden: ziti-edge-router
ziti-controller-1 | ZITI_ROUTER_PORT overridden: 3022
ziti-controller-1 | ZITI_ROUTER_LISTENER_BIND_PORT overridden: 10080
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_ENV_FILE overridden: /persistent/ziti.env
ziti-controller-1 | Your OpenZiti environment has been set up successfully.
ziti-controller-1 |
ziti-controller-1 | A file with all pertinent environment values was created here: /persistent/ziti.env
ziti-controller-1 |
ziti-controller-1 | Generating PKI
ziti-controller-1 | Creating CA: ziti-controller-root-ca
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating CA: ziti-edge-controller-root-ca
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating CA: ziti-signing-root-ca
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-controller-root-ca ziti-controller-intermediate 1
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-edge-controller-root-ca ziti-edge-controller-intermediate 1
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-signing-root-ca ziti-signing-intermediate_grandparent_intermediate 2
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-signing-intermediate_grandparent_intermediate ziti-signing-intermediate 1
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 |
ziti-controller-1 | Creating server cert from ca: ziti-controller-intermediate for localhost,ziti,ziti-controller,ziti-edge-controller
ziti-controller-1 | key exists
ziti-controller-1 | Creating client cert from ca: ziti-controller-intermediate for localhost,ziti,ziti-controller,ziti-edge-controller
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | Creating server cert from ca: ziti-edge-controller-intermediate for localhost,ziti,ziti-edge-controller
ziti-controller-1 | key exists
ziti-controller-1 | Creating client cert from ca: ziti-edge-controller-intermediate for localhost,ziti,ziti-edge-controller
ziti-controller-1 | key exists
ziti-controller-1 |
ziti-controller-1 | PKI generated successfully
ziti-controller-1 |
ziti-controller-1 |
ziti-controller-1 | /persistent/ziti-edge-controller.yaml doesn't exist. Generating config file
ziti-controller-1 |
ziti-controller-1 | adding controller root CA to ca bundle: /persistent/pki/ziti-controller-root-ca/certs/ziti-controller-root-ca.cert
ziti-controller-1 | adding signing root CA to ZITI_PKI_CTRL_CA: /persistent/pki/cas.pem
ziti-controller-1 | wrote CA file to: /persistent/pki/cas.pem
ziti-controller-1 | adding parent intermediate CA to ZITI_PKI_SIGNER_CERT: /persistent/pki/signing.pem
ziti-controller-1 | adding grandparent intermediate CA to ZITI_PKI_SIGNER_CERT: /persistent/pki/signing.pem
ziti-controller-1 | wrote signer cert file to: /persistent/pki/signing.pem
ziti-controller-1 | This will overwrite the existing file, continue? (y/N) Controller configuration file written to: /persistent/ziti-controller.yaml
*ziti-controller-1 | [ 0.068] INFO storage/boltz.(migrationManager).Migrate.func1: edge datastore is up to date at version 35
ziti-controller-1 | [ 0.077] INFO ziti/common/metrics.ConfigureGoroutinesPoolMetrics.GoroutinesPoolMetricsConfigF.func1.1: {maxQueueSize=[100] minWorkers=[0] maxWorkers=[100] idleTime=[30s] poolType=[pool.router.messaging]} starting goroutine pool
*ziti-controller-1 | [ 0.082] INFO ziti/controller/network.(Network).showOptions: network = {
ziti-controller-1 | "CreateCircuitRetries": 2,
ziti-controller-1 | "CycleSeconds": 60,
ziti-controller-1 | "EnableLegacyLinkMgmt": false,
ziti-controller-1 | "InitialLinkLatency": 65000000000,
ziti-controller-1 | "IntervalAgeThreshold": 0,
ziti-controller-1 | "MetricsReportInterval": 60000000000,
ziti-controller-1 | "MinRouterCost": 10,
ziti-controller-1 | "PendingLinkTimeout": 10000000000,
ziti-controller-1 | "RouteTimeout": 10000000000,
ziti-controller-1 | "RouterConnectChurnLimit": 60000000000,
ziti-controller-1 | "RouterComm": {
ziti-controller-1 | "QueueSize": 100,
ziti-controller-1 | "MaxWorkers": 100
ziti-controller-1 | },
ziti-controller-1 | "Smart": {
ziti-controller-1 | "RerouteFraction": 0.02,
ziti-controller-1 | "RerouteCap": 4,
ziti-controller-1 | "MinCostDelta": 15
ziti-controller-1 | }
ziti-controller-1 | }
*ziti-controller-1 | [ 0.088] INFO ziti/controller.(Controller).showOptions: ctrl = {
ziti-controller-1 | "OutQueueSize": 4,
ziti-controller-1 | "MaxQueuedConnects": 1,
ziti-controller-1 | "MaxOutstandingConnects": 16,
ziti-controller-1 | "ConnectTimeout": 5000000000,
ziti-controller-1 | "DelayRxStart": false,
ziti-controller-1 | "WriteTimeout": 0,
ziti-controller-1 | "NewListener": null,
ziti-controller-1 | "AdvertiseAddress": null,
ziti-controller-1 | "RouterHeartbeatOptions": {
ziti-controller-1 | "sendInterval": 10000000000,
ziti-controller-1 | "checkInterval": 1000000000,
ziti-controller-1 | "closeUnresponsiveTimeout": 30000000000
ziti-controller-1 | },
ziti-controller-1 | "PeerHeartbeatOptions": {
ziti-controller-1 | "sendInterval": 10000000000,
ziti-controller-1 | "checkInterval": 1000000000,
ziti-controller-1 | "closeUnresponsiveTimeout": 30000000000
ziti-controller-1 | }
ziti-controller-1 | }
ziti-controller-1 | [ 0.948] INFO ziti/controller/server.NewController: edge controller instance id: clt6a05wa0000jzocfgr2ln38
*ziti-controller-1 | [ 0.957] INFO ziti/controller/server.(Controller).Initialize: initializing edge
ziti-controller-1 | [ 0.960] INFO ziti/controller/internal/policy.NewSessionEnforcer: {sessionTimeout=[30m0s] frequency=[5s]} session enforcer configured
ziti-controller-1 | [ 0.972] FATAL ziti/controller/subcmd.NewEdgeInitializeCmd.func2: already initialized: Ziti Edge default admin already defined
ziti-controller-1 | --- There was an error while initializing the controller ---
ziti-controller-1 exited with code 1
dependency failed to start: container oziti-ziti-controller-1 exited (1)
Maybe Ubuntu 22.04.1 live server minimized iso issue? Only thing I can rule out. Using virtualbox
do a docker compose down -v and then docker compose up and see what happens. that final error there looks like it's got something left over in the volume from previous attempts.
Stopped previous container, pruned containers, did docker down, still an issue.
u22@laptop:~/oziti$ sudo docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0ddc331210d5 openziti/quickstart:latest "/var/openziti/scrip…" 51 seconds ago Up 49 seconds (healthy) 0.0.0.0:1280->1280/tcp, 0.0.0.0:6262->6262/tcp oziti-ziti-controller-1
u22@laptop:~/oziti$ sudo docker stop 0ddc331210d5
0ddc331210d5
u22@laptop:~/oziti$ sudo docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
d91f1388e5f6f1ed10e989eabd33fcb0c084dd96d39025d58c53444481467713
25e1beb515a296aec73ace618f761ce0b967664455a476d3def64b97ef183d7e
742958ecd5bfed4a5f448b430fb7f7184065b3416ae26ced503fdcd2ddef96d1
0ddc331210d52bc53eb5e6799ebb256e3163776d0d8b23d09881a1a81d1112f0Total reclaimed space: 0B
u22@laptop:~/oziti$ sudo docker compose down -v
[+] Running 2/2
u22@laptop:~/oziti$ sudo docker compose up
[+] Running 6/6
Attaching to ziti-console-1, ziti-controller-1, ziti-controller-init-container-1, ziti-edge-router-1
ziti-controller-1 | system has not been initialized. initializing...
ziti-controller-1 | Populating environment variables
ziti-controller-1 | ZITI_NETWORK overridden: ziti
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_USER overridden: admin
ziti-controller-1 | Do you want to keep the generated admin password 'yrfY72kLGV0Eh8z5D9W5h7fPDDdKTP42'? (Y/n) INFO: using ZITI_PWD=yrfY72kLGV0Eh8z5D9W5h7fPDDdKTP42
ziti-controller-1 | ZITI_BIN_DIR overridden: /var/openziti/ziti-bin
ziti-controller-1 | ZITI_CTRL_NAME overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_PORT overridden: 1280
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_ADDRESS overridden: ziti-edge-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_ADDRESS overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_PORT overridden: 6262
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_ENV_FILE overridden: /persistent/ziti.env
ziti-controller-1 | Your OpenZiti environment has been set up successfully.
ziti-controller-1 |
ziti-controller-1 | A file with all pertinent environment values was created here: /persistent/ziti.env
ziti-controller-1 |
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ARCH already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BINARIES_FILE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BINARIES_VERSION already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BIN_DIR already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_BIN_ROOT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_ADVERTISED_ADDRESS already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_ADVERTISED_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_ADVERTISED_ADDRESS already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_ADVERTISED_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_IP_OVERRIDE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_EDGE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_CTRL_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_EDGE_IDENTITY_ENROLLMENT_DURATION already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ENV_FILE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_HOME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_IMAGE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_INTERFACE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_NETWORK already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_OSTYPE already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_CA already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_EDGE_INTERMEDIATE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_EDGE_ROOTCA_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_INTERMEDIATE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_KEY already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_ROOTCA_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_CTRL_SERVER_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_CA already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_KEY already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_EDGE_SERVER_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_CERT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_CERT_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_INTERMEDIATE_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_KEY already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PKI_SIGNER_ROOTCA_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_PWD already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_ENROLLMENT_DURATION already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_LISTENER_BIND_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_NAME already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_ROUTER_PORT already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_SCRIPTS already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_SHARED already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_USER already set. using existing value
ziti-controller-1 | NOT OVERRIDING: env var ZITI_VERSION already set. using existing value
ziti-controller-1 |
ziti-controller-1 | adding /var/openziti/ziti-bin to the path
ziti-controller-1 | Populating environment variables
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_USER overridden: admin
ziti-controller-1 | ZITI_PWD overridden: yrfY72kLGV0Eh8z5D9W5h7fPDDdKTP42
ziti-controller-1 | ZITI_PKI overridden: /persistent/pki
ziti-controller-1 | ZITI_PKI_SIGNER_CERT_NAME overridden: ziti-signing
ziti-controller-1 | ZITI_PKI_SIGNER_ROOTCA_NAME overridden: ziti-signing-root-ca
ziti-controller-1 | ZITI_PKI_SIGNER_INTERMEDIATE_NAME overridden: ziti-signing-intermediate
ziti-controller-1 | ZITI_PKI_SIGNER_CERT overridden: /persistent/pki/signing.pem
ziti-controller-1 | ZITI_PKI_SIGNER_KEY overridden: /persistent/pki/ziti-signing-intermediate/keys/ziti-signing-intermediate.key
ziti-controller-1 | ZITI_BIN_DIR overridden: /var/openziti/ziti-bin
ziti-controller-1 | ZITI_CTRL_NAME overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_EDGE_NAME overridden: ziti-edge-controller
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_PORT overridden: 1280
ziti-controller-1 | ZITI_CTRL_EDGE_ADVERTISED_ADDRESS overridden: ziti-edge-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_ADDRESS overridden: ziti-controller
ziti-controller-1 | ZITI_CTRL_ADVERTISED_PORT overridden: 6262
ziti-controller-1 | ZITI_PKI_CTRL_ROOTCA_NAME overridden: ziti-controller-root-ca
ziti-controller-1 | ZITI_PKI_CTRL_INTERMEDIATE_NAME overridden: ziti-controller-intermediate
ziti-controller-1 | ZITI_PKI_CTRL_EDGE_ROOTCA_NAME overridden: ziti-edge-controller-root-ca
ziti-controller-1 | ZITI_PKI_CTRL_EDGE_INTERMEDIATE_NAME overridden: ziti-edge-controller-intermediate
ziti-controller-1 | ZITI_PKI_CTRL_SERVER_CERT overridden: /persistent/pki/ziti-controller-intermediate/certs/ziti-controller-server.chain.pem
ziti-controller-1 | ZITI_PKI_CTRL_KEY overridden: /persistent/pki/ziti-controller-intermediate/keys/ziti-controller-server.key
ziti-controller-1 | ZITI_PKI_CTRL_CA overridden: /persistent/pki/cas.pem
ziti-controller-1 | ZITI_PKI_CTRL_CERT overridden: /persistent/pki/ziti-controller-intermediate/certs/ziti-controller-client.cert
ziti-controller-1 | ZITI_PKI_EDGE_CERT overridden: /persistent/pki/ziti-edge-controller-intermediate/certs/ziti-edge-controller-client.cert
ziti-controller-1 | ZITI_PKI_EDGE_SERVER_CERT overridden: /persistent/pki/ziti-edge-controller-intermediate/certs/ziti-edge-controller-server.chain.pem
ziti-controller-1 | ZITI_PKI_EDGE_KEY overridden: /persistent/pki/ziti-edge-controller-intermediate/keys/ziti-edge-controller-server.key
ziti-controller-1 | ZITI_PKI_EDGE_CA overridden: /persistent/pki/ziti-edge-controller-root-ca/certs/ziti-edge-controller-root-ca.cert
ziti-controller-1 | ZITI_ROUTER_NAME overridden: ziti-edge-router
ziti-controller-1 | ZITI_ROUTER_PORT overridden: 3022
ziti-controller-1 | ZITI_ROUTER_LISTENER_BIND_PORT overridden: 10080
ziti-controller-1 | ZITI_HOME overridden: /persistent
ziti-controller-1 | ZITI_ENV_FILE overridden: /persistent/ziti.env
ziti-controller-1 | Your OpenZiti environment has been set up successfully.
ziti-controller-1 |
ziti-controller-1 | A file with all pertinent environment values was created here: /persistent/ziti.env
ziti-controller-1 |
ziti-controller-1 | Generating PKI
ziti-controller-1 | Creating CA: ziti-controller-root-ca
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 | Creating CA: ziti-edge-controller-root-ca
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 | Creating CA: ziti-signing-root-ca
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-controller-root-ca ziti-controller-intermediate 1
ziti-controller-1 | Using CA name: ziti-controller-root-ca
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-edge-controller-root-ca ziti-edge-controller-intermediate 1
ziti-controller-1 | Using CA name: ziti-edge-controller-root-ca
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-signing-root-ca ziti-signing-intermediate_grandparent_intermediate 2
ziti-controller-1 | Using CA name: ziti-signing-root-ca
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 | Creating intermediate: ziti-signing-intermediate_grandparent_intermediate ziti-signing-intermediate 1
ziti-controller-1 | Using CA name: ziti-signing-intermediate_grandparent_intermediate
ziti-controller-1 | Success
ziti-controller-1 |
ziti-controller-1 |
ziti-controller-1 | Creating server cert from ca: ziti-controller-intermediate for localhost,ziti,ziti-controller,ziti-edge-controller / 127.0.0.1
ziti-controller-1 | Using CA name: ziti-controller-intermediate
dependency failed to start: container oziti-ziti-controller-1 is unhealthy
and what's docker version and docker compose version show ?
$ docker version
Client: Docker Engine - Community
Version: 25.0.3
API version: 1.44
Go version: go1.21.6
Git commit: 4debf41
Built: Tue Feb 6 21:13:09 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 25.0.3
API version: 1.44 (minimum version 1.24)
Go version: go1.21.6
Git commit: f417435
Built: Tue Feb 6 21:13:09 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
$ docker compose version
Docker Compose version v2.24.5
@qrkourier -- anything in here stick out to you??? this is... strange...