Unable to add service using config

Hello,
When i create a service configuration through ziti console. Then go to services and click add and try to select the configuration i just created i get an error in docker logs.

When i select host.v1 i get this error:

ziti-controller-1                 | [ 483.115]   ERROR ziti/controller/internal/routes.ListWithEnvelopeFactory: {cause=[INVALID_FILTER: The filter query supplied is invalid: Unexpected symbol: "NH" at line: 1 column: 31. line: 1, column: 31, symbol: NH]} could not convert list
ziti-controller-1                 | [ 483.121]   ERROR ziti/controller/internal/routes.ListWithEnvelopeFactory: {cause=[INVALID_FILTER: The filter query supplied is invalid: Unexpected symbol: "NH" at line: 1 column: 31. line: 1, column: 31, symbol: NH]} could not convert list

When i select host.v2 i get this error:

ziti-controller-1                 | [ 520.293]   ERROR ziti/controller/internal/routes.ListWithEnvelopeFactory: {cause=[INVALID_FILTER: The filter query supplied is invalid: Unexpected symbol: "host.v" at line: 1 column: 31. line: 1, column: 31, symbol: host.v]} could not convert list
ziti-controller-1                 | [ 520.298]   ERROR ziti/controller/internal/routes.ListWithEnvelopeFactory: {cause=[INVALID_FILTER: The filter query supplied is invalid: Unexpected symbol: "host.v" at line: 1 column: 31. line: 1, column: 31, symbol: host.v]} could not convert list

I'm using docker compose if that matters.
Hope someone can help me fix this so i can add my services.

Controller: v1.2.1
ZAC: 3.6.1

Regards
Linlz

Hi @linlz welcome to the community and to OpenZiti (and zrok/BrowZer)!

I'll try this myself. You can always use the ziti CLI for these sorts of operations if there's a problem in the ZAC.

Can you share your exact steps you used? That would be very helpful for me to help you better. Thanks for providing the controller/zac versions, that helps. I'll give it a try, I'm just worried that I'm not going to do it the same as you, so knowing how you did it will help.

I'll reply back in a bit

I made an intercept config:

image1121×813 60 KB

made a host config:

image1129×1026 78.5 KB

made a service, selecting the host and intercept:

image1133×777 60.7 KB

It was able to be saved. So yeah, I'll need your exact steps to reproduce please

Happy to help in any way i can tho

I did a fresh install with the docker compose file and env file from the guide.

Commented out web-test-blue section of docker-compose.yml.
Changed these lines and the user and password in env file:

ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=ziti.domain.com
ZITI_CTRL_ADVERTISED_ADDRESS=ziti.domain.com
ZITI_CTRL_EDGE_IP_OVERRIDE=123.123.123.123

ran it with docker compose up -d

and then created three configurations.

1:

{
  "name": "Lan_config",
  "configTypeId": "SomeIdHere",
  "data": {
    "forwardProtocol": true,
    "forwardAddress": true,
    "forwardPort": true,
    "allowedAddresses": [
      "10.10.10.0/24"
    ],
    "allowedPortRanges": [
      {
        "low": 1,
        "high": 65535
      }
    ],
    "allowedProtocols": [
      "tcp",
      "udp"
    ],
    "httpChecks": [],
    "portChecks": []
  },
  "tags": {}
}

2:

{
  "name": "Serverlan_config",
  "configTypeId": "SomeIdHere",
  "data": {
    "forwardProtocol": true,
    "forwardAddress": true,
    "forwardPort": true,
    "allowedAddresses": [
      "172.16.1.0/24"
    ],
    "allowedPortRanges": [
      {
        "low": 1,
        "high": 65535
      }
    ],
    "allowedProtocols": [
      "tcp",
      "udp"
    ],
    "httpChecks": [],
    "portChecks": []
  },
  "tags": {}
}

3 (Just to test v2):

{
  "name": "Serverlan_config_v2",
  "configTypeId": "host.v2",
  "data": {
    "terminators": [
      {
        "allowedAddresses": [
          "172.16.1.0/24"
        ],
        "allowedPortRanges": [
          {
            "high": 65535,
            "low": 1
          }
        ],
        "allowedProtocols": [
          "tcp",
          "udp"
        ],
        "forwardAddress": true,
        "forwardPort": true,
        "forwardProtocol": true
      }
    ]
  },
  "tags": {}
}

Thats all i changed.

Screenshot 2024-11-23 162718729×674 28.3 KB

And then the errors from previous post.

Hi @linlz, sorry you're having trouble adding your service config. I was able to reproduce the issue you're seeing using docker compose, which seems to be with the "filter by config type" query on the service create/edit form. There are a couple workarounds you can try while we put together a fix:

@TheLumberjack mentioned the CLI as a possibility for editing your service, but if you prefer using the ZAC you can also add the config to your service by updating it in the JSON view. This is of course not ideal but should help get you unstuck in the meantime. To manually add the config to your service you can switch to the JSON view of the service using the toggle in the header:

Screen Shot 2024-11-23 at 10.55.45 AM2398×624 65.2 KB

From there you can edit the configs property which is a string array of config ID's. If you don't know the ID of your config you can find it in the same JSON view of the config you want to add:

svc-cfg-edit1920×1924 292 KB

After you've added the configId, you can click save and then re-open the config to confirm it was added.

I've created a ticket for this issue here in the ziti-console project in github, and should have a fix included in the next release of ZAC. Thanks for reporting!

If interested, you can also choose to use the SPA-based version of ZAC (vs the node-based version) by following these steps, which doesn't seem to have this bug:

download a zac version you want from outside of docker (to avoid having to install things in the container):

mkdir zacs
ZAC_VERSION="3.6.1"
wget -O ./zacs/v${ZAC_VERSION}-download.zip https://github.com/openziti/ziti-console/releases/download/app-ziti-console-v${ZAC_VERSION}/ziti-console.zip
unzip ./zacs/v${ZAC_VERSION}-download.zip -d ./zacs/v${ZAC_VERSION}

sed the controller file for use with zac

docker compose exec ziti-controller sed -i 's@#- binding@- binding@g' /persistent/ziti-controller.yaml
docker compose exec ziti-controller sed -i 's@#  options@  options@g' /persistent/ziti-controller.yaml
docker compose exec ziti-controller sed -i 's@#    location.*$@    location: "'/persistent/zac'"@g' /persistent/ziti-controller.yaml

copy the zac files into the container (you can mount them if you prefer):

docker compose cp ./zacs/v${ZAC_VERSION} ziti-controller:/persistent/zac

restart the controller:

docker compose restart ziti-controller

access your "SPA-based" ZAC:

source .env # get the docker env vars on your shell
echo "SPA (not node) ZAC located at: https://$ZITI_CTRL_EDGE_ADVERTISED_ADDRESS/$ZITI_CTRL_EDGE_ADVERTISED_PORT/zac"

If you go this route, you can remove the zac container from the compose file too as it won't be needed. You could also choose to just mount in the downloaded zac files if you prefer that to copying them into the container... i just demonstrated it this way cause it's a bit easier, you should be able to just 'copy/paste' all these commands

Thanks for all your help.
But im having some trouble adding the service with json and it gives me an unkown error.

Here is the json im trying to import:

{
  "name": "Lan access",
  "roleAttributes": [],
  "configs": [
    "NH5p4FpGR"
  ],
  "encryptionRequired": true,
  "terminatorStrategy": "smartrouting",
  "tags": {}
}

Hope you can help me with what im missing

Regards
Linlz

What do you mean by "unknown" error? Can you share the screenshot or the developer tools console?

The ID seems like maybe it's short? All my ID's are much longer, For example, one is: 58ZuBEngLr5bWZi87simJA.

Are you sure you copied the right ID?

The ziti CLI is pretty easy to use if you want to go that route and will allow you to use names. For example, after using ziti edge login ${hostname} -u ${username} -y, you could create a service with: `ziti edge create service 'Lan Access' --configs '@config-name-here``.

Configuration:

Screenshot 2024-11-25 1357331162×1065 182 KB

Service creation:

Screenshot 2024-11-25 1358001197×1119 25.8 KB

Dev console:

Screenshot 2024-11-25 1358461017×744 55.4 KB

I followed you cli commands and those did the trick.
Thanks!

Yah, you have the wrong ID. you used "config type id", not "id"

If you look at Ryan's post he shows "ID", which is longer.

image598×436 63 KB

AH well cool. Glad you got the ziti CLI working for you. Im sure we'll get this fixed asap... thanks for letting us know and glad to konw you're moving along

@linlz This should now be resolved with the 3.6.2 release of ZAC. Let us know if you're still seeing any issues though. Thanks!

Great.
I did a docker compose pull and it did update and restart but the error persists.
But the version of ZAC is still the same. Controller: v1.2.1 ZAC: 3.6.1
Has the update been pushed to docker?

Yes the container was published. I just did a docker compose pull and I can see the ziti-console get pulled down. I suspect you need to recreate the ziti-console container.

If you run docker compose images, do you see the correct container image id dca9596c329e?

CONTAINER                                         REPOSITORY            TAG                 IMAGE ID            SIZE
complex-docker-ziti-console-1                     openziti/zac          latest              dca9596c329e        1.02GB
complex-docker-ziti-controller-1                  openziti/quickstart   latest              078ec94ba6cf        332MB
complex-docker-ziti-controller-init-container-1   openziti/quickstart   latest              078ec94ba6cf        332MB
complex-docker-ziti-edge-router-1                 openziti/quickstart   latest              078ec94ba6cf        332MB
complex-docker-ziti-edge-router-wss-1             openziti/quickstart   latest              078ec94ba6cf        332MB
complex-docker-ziti-fabric-router-br-1            openziti/quickstart   latest              078ec94ba6cf        332MB
complex-docker-ziti-private-blue-1                openziti/quickstart   latest              078ec94ba6cf        332MB
complex-docker-ziti-private-red-1                 openziti/quickstart   latest              078ec94ba6cf        332MB

ziti-console 3.6.2:

Hello again,
for some reason the console ziti image has no repo and tag?
Any idea on what i could have done to cause this?

CONTAINER                                   REPOSITORY            TAG                 IMAGE ID            SIZE
openziti-ziti-console-1                     <none>                <none>              0b0e92483923        1.02GB

I did a docker compose down and did another docker compose pull and started everything back up and now it has the correct version so ignore my last post.