Ubuntu Tunneller register with controller

1

Hello
I have installed the tunneller on ubuntu machine and now trying to register it with controller. I have created the identity on controller but don't find any commands on ubuntu (tunneller) side how to register it with controller.
I created the identities on controller named (ssh-server) and then download the token file. Copy the content and then create the file on Ubuntu under this directory (/opt/openziti/etc/identities) with name ssh-server.jwt. and then ran the command as per the document.

sudo ziti-edge-tunnel add --jwt "$(< /opt/openziti/etc/identities/ssh-server.jwt)" --identity ssh-server

follwoing message received
received response <{"Success":false,"Error":"enrollment failed","Code":500}

any suggestion on this ?

2

Here's two ways to enroll an identity i.e. "add an identity" in the tunneler.

  1. Preferred: install package and start the tunneler service and send IPC command to add identity

    sudo ziti-edge-tunnel add --jwt "$(< ./ssh-server.jwt)" --identity ssh-server

  2. Alternatively: copy JWT to identity dir and restart the tunneler service

    sudo mv ./ssh-server.jwt /opt/openziti/etc/identities/
sudo chown -Rc ziti:ziti /tmp/.ziti/ /opt/openziti/etc/identities/

The first way is preferred because it avoids restarting the tunneler and managing permissions.

You tried to use the first method but got an error. It could be because your regular user doesn't have permission to read the JWT file. You could modify your command like this if that's the case.

sudo ziti-edge-tunnel add --jwt "$(sudo cat /opt/openziti/etc/identities/ssh-server.jwt)" --identity ssh-server

The value of --jwt must be the literal string of the JWT.

Another possibility is the token is expired or malformed. Let me know if you need more help.

The running service might print a helpful error message when the enrollment fails.

You can increase verbosity by setting DEBUG log level.

sudo ziti-edge-tunnel set_log_level --loglevel DEBUG

Then follow the service's verbose output:

sudo journalctl -lfu ziti-edge-tunnel.service