I am working through the steps required to run the Python SDK on an Oracle Linux server
You will find some background here
https://openziti.discourse.group/t/setting-up-httpbin-for-the-docker-compose-config/617/12
This is what I have narrowed down the problem to.. something related to permissions.. but I do not know how to troubleshoot.
any tips would be greatly appreciated
running Python SDK scripts locally
I have Python installed on my Mac.. and installed the latest version of the OpenZiti Python SDK.
I have httpbin running on a remote server
I have a ziti controller that has the ziti terminator setup
I have the desktop tunneller operating to intercept the traffic
So.. when I run the command
python3 h-ziti-p.py
All works as expected... confirming that the Pythond SDK operates as expected.
running Python SDK scripts on a remote compute
I modified the Docker compose to include and instance of httpbin
-
I confirmed that this worked by logging into the docker_ziti-console_1 container
-
I setup a tunneler and confirmed that the following worked
curl http://localhost:2000/json
-
I also tested the service using the zcurl command
./curlz http://private.httpbin.srv:2000/json
When I run the same command, I receive a different error
python3 h-ziti-p.py
Failed to establish a new connection: [Errno -2] Name or service not known',))
This had me baffled for a while.. until I ran the same command under the su user.
sudo python3 h-ziti-p.py
AttributeError: module 'openziti' has no attribute 'monkeypatch'
While this yields a different error message, it may not be very helpful..
.. when running under the su user.. it appears that its not loading the Python SDK correctly.
.. I also realise there are issues with running python under the su user.. so that this may not be a viable alternative to test the script.
I do have one thought that has now crossed my mind… as I am not an expert in Docker.
Maybe… I need to run the Python SDK from within a container for it to work.
Would this be the only way for it to work?
I have made some progress.. but cannot understand what I am doing wrong.
When I setup the server environment using the following to test the use of a tunneller
the curlz generates the correct output
./curlz http://private.httpbin.srv:2000/json
ziti edge create config httpbin.client.v1 ziti-tunneler-client.v1 '{ "hostname" : "httpbin.ziti", "port" : 2000 }'
ziti edge create service private.httpbin.srv --configs httpbin.client.v1 -a "httpbin-services"
ziti edge create terminator "private.httpbin.srv" "ziti-private-blue" tcp:httpbin:80
ziti edge create service-policy httpbin-dial-policy Dial --identity-roles '#postgres-clients' --service-roles '#httpbin-services'
however.. when I set it up as follows to test the use of the intercept
the curlz cannot locate the service
./curlz http://private.httpbin.srv:2000/json
ziti edge create config httpbin.intercept.v1 intercept.v1 '{"protocols":["tcp"],"addresses":["httpbin.ziti"], "portRanges":[{"low":2000, "high":2000}]}'
ziti edge create config httpbin.host.v1 host.v1 '{"protocol":"tcp", "address":"httpbin", "port":80}'
ziti edge create service private.httpbin.svc --configs httpbin.intercept.v1, httpbin.host.v1
ziti edge create terminator "private.httpbin.svc" "ziti-private-blue" tcp:httpbin:80
ziti edge create service-policy httpbin.policy.dial Dial --service-roles "@private.httpbin.svc" --identity-roles '#postgres-clients'
ziti edge create service-policy httpbin.policy.bind Bind --service-roles "@private.httpbin.svc" --identity-roles "#bluerouters"
So.. something must be wrong with the second config.. but I am quite lost as to what and why
I fixed one problem.. I had a space in between the intercept and the host.
this statement was the other problem..
ziti edge create service-policy httpbin-dial-policy Dial --identity-roles '#postgres-clients' --service-roles '#httpbin-services'
where I needed to set the identity-roles as follows
--identity-roles "@ziti-edge-router"
Now I get my terminator.. yeah..
the zcurl command works now.. but I still cannot run the python script yet
I am still getting the same error.. unable to locate the service.. so it must be some type of permission that I am getting wrong