Setting up httpbin for the Docker Compose config

Building/Development
1

Quick check to see if anyone can help me.

I can installed the httpbin by using the following commands

docker run -p 80:80 kennethreitz/httpbin

test service
curl http://localhost:80/json

This works.. but then I have problems with integrating it with the Docker Compose configuration.

I want to use this environment.. and service to perform the Python test scripts.

With my current configuration... I used an external contoller to perform the tests which all worked.

Now.. I want to work out how to get it all setup inside the Docker Compose example..

I tried using the following settings

let me know if I am missing anything.

ziti edge create config httpbin.intercept.v1 intercept.v1 '{"protocols":["tcp"],"addresses":["httpbin.ziti"], "portRanges":[{"low":2000, "high":2000}]}'

ziti edge create config httpbin.host.v1 host.v1 '{"protocol":"tcp", "address":"localhost","port":80 }'

ziti edge create service httpbin.svc --configs httpbin.intercept.v1,httpbin.host.v1 -a "httpbin-services"

ziti edge create service-policy httpbin.policy.dial Dial --identity-roles '#postgres-clients' --service-roles '#httpbin-services'

ziti edge create service-policy httpbin.policy.bind Bind --identity-roles '@ziti-edge-router' --service-roles '#httpbin-services'

.. maybe what I need to do is to install in the yaml file
.. but I really don't know how to do this..

2

When I test the serviceā€¦ this is the error ā€œName or service not knownā€

PSā€¦ I have confirmed that there is a terminator is running

I have also confirmed that the identity being used has dial access to the service using policy advisor

3

Hello

Just looking at your config...

This is going to be a problem. In the docker run command -p 80:80 means to listen on the host on port 80. From the local machine, opening a browser going to localhost:80 will work. However, within docker, localhost is not the host that it is running on. You want to use the host IP address instead of localhost in your definition.

Now, if you expand your ziti docker-compose by creating an httpbin definiton, you can refer to it by its service name defined in the docker-compose file and drop the host binding ports.

An example file, not tested,

  ...
  ziti-console:
    image: openziti/zac
    environment:
      - ZAC_SERVER_CERT_CHAIN=/openziti/pki/ziti-controller-intermediate/certs/ziti-controller-server.cert
      - ZAC_SERVER_KEY=/openziti/pki/ziti-controller-intermediate/keys/ziti-controller-server.key
    depends_on:
      - ziti-controller
    restart: always
    ports:
      - "1408:1408"
      - "18443:8443"
    volumes:
      - prod-ziti-fs:/openziti
      - type: bind
        source: /opt/container/prod/openziti/ziti-edge-controller-server.key
        target: /usr/src/app/server.key
      - type: bind
        source: /opt/container/prod/openziti/ziti-edge-controller-server.chain.pem
        target: /usr/src/app/server.chain.pem
    networks:
      - zitiblue
      - zitired
  httpbin:
    image: kennethreitz/httpbin
    networks:
      - zitiblue
      - zitired
#   ports: 
#     - "80:80"

Of course, you are only interested in the 7 lines starting with httpbin:. The preceding ziti-console definition is only there for formatting. YAML files are very pedantic about spacing, like Python.
Anyway, if you add this to your ziti docker-compose then you should be able to use this command instead

ziti edge create config httpbin.host.v1 host.v1 ā€˜{ā€œprotocolā€:ā€œtcpā€, ā€œaddressā€:ā€œhttpbinā€,ā€œportā€:80 }ā€™

By the way, the ports definition is commented out, as you wont need this unless you want to access service across the local physical (underlay) network, aka troubleshooting.

Note: by defining httpbin in the one docker-compose file means its service name is its DNS name and is available to the other containers, hence why I suggest it. Ideally, those services may not exist in the same docker-compose file, so binding ports to the host network is one way to run services in different docker-compose files.

You can test the DNS by jumping onto any other container, ie ziti-console and type ping httpbin, or curl httpbin:80

Hope this helps

1 Like
4

Super awesomeā€¦ I really struggle with Dockerā€¦ where your insights are very helpful.

I will be smashing this out tomorrowā€¦

5

Quick update.. I was able to make some progress..

I accessed a container and successfully run the following

curl httpbin:80

However.. when I run the following commands... no terminator was created

any tips on how to fix this?
.. I have been mucking around with this for a while now and are completely stuck

ziti edge create config httpbin.intercept.v1 intercept.v1 '{"protocols":["tcp"],"addresses":["httpbin.ziti"], "portRanges":[{"low":2000, "high":2000}]}'

ziti edge create config httpbin.host.v1 host.v1 '{"protocol":"tcp", "address":"httpbin", "port":80}'

ziti edge create service private.httpbin.svc --configs httpbin.intercept.v1, httpbin.host.v1  

ziti edge create service-policy httpbin.policy.dial Dial --service-roles "@private.httpbin.svc" --identity-roles '#postgres-clients' 
ziti edge create service-policy httpbin.policy.bind Bind --service-roles "@private.httpbin.svc" --identity-roles "@ziti-edge-router"
6

I tried using this commandā€¦ which created the terminatorā€¦ but I don;t really know why I needed to run it.
ā€¦ i thought that the terminator was automatically created when its allocated to an edge router

ziti edge create terminator "private.httpbin.svc" "ziti-private-blue" tcp:httpbin:80

7

I checked that this worked by running the zcurl command

./curlz http://private.httpbin.svc:2000/json
INFO[0000] loading Ziti configuration from /mnt/v/temp/tunneler-id.json 
{
  "slideshow": {
    "author": "Yours Truly", 
    "date": "date of publication", 
    "slides": [
      {
        "title": "Wake up to WonderWidgets!", 
        "type": "all"
      }, 
      {
        "items": [
          "Why <em>WonderWidgets</em> are great", 
          "Who <em>buys</em> WonderWidgets"
        ], 
        "title": "Overview", 
        "type": "all"
      }
    ], 
    "title": "Sample Slide Show"
  }
}
8

This then brings me back to a problem with the address httpbin.ziti in the docker compose example.

Maybe I am doing something wrong

  1. I installed the python SDK on the server
  2. I updated the h-ziti-p.py file to point to httpbin.ziti

r = requests.get('http://httpbin.ziti:2000/json')

however, when I run the file

$ ZI

TI_IDENTITIES=/mnt/v/temp/tunneler-id.json
$ python3 h-ziti-p.py

The identity cannot find the intercept

requests.exceptions.ConnectionError: HTTPConnectionPool(host='httpbin.ziti', port=2000): Max retries exceeded with url: /json (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f22a3d74438>: Failed to establish a new connection: [Errno -2] Name or service not known',))

I know that the identity can access the intercept from the results using the zcurl command.

Soā€¦ I am a bit lost as to what I am missing for this to work

9

Do you need to run this within a container?

Would this mean that I need to install the Python SDK inside a container to test the sample exercise?

I am quite stuck right nowā€¦

10

Maybe something that is making it more complicated for me is that I am running this on the serverā€¦ not my local desktop.

Soā€¦ I think I could be missing the ā€œdesktopā€ tunnellerā€¦ to connect to the overlayā€¦ which I get when I use my desktop.

11

Thoughā€¦ if this is the caseā€¦ I am quite confusedā€¦ as you dont need to do this when you use the Java Postgres exampleā€¦

Any tips / suggestions ?

12

Actually.. I think I worked it out.. but not sure how to fix it.

The server is an Oracle Linux machine... and noticed the following

1 when I run the Java Postgres example using the OPC user.. it cannot find the terminator.. which is the exact problem I had..

So.. run the same command using root admin .. and it worked find..

phew.

.. so think if I run it under root admin it will probably work.

I will revert back.. as I am not 100% sure how to do this right now