Using the ziti-sdk-jvm

SDK Questions
81

oops! :slight_smile: glad you got it sorted.

1 Like
82

The most recent iteration of the ziti-sdk-jvm Postgres example, when I look at docker-compose.yml it already has the postgres in there:

version: '2.4'
services:
  ziti-controller:
    image: "${ZITI_IMAGE}:${ZITI_VERSION}"
    env_file:
      - ./.env
    ports:
      - "1280:1280"
    networks:
      ziti:
        aliases:
          - ziti-edge-controller
    volumes:
      - ziti-fs:/openziti
    entrypoint:
      - "/var/openziti/scripts/run-controller.sh"  # I edited this line or it does not work


  ziti-edge-router:
    image: "${ZITI_IMAGE}:${ZITI_VERSION}"
    depends_on:
      - ziti-controller
    environment:
      - ZITI_CONTROLLER_RAWNAME="${ZITI_CONTROLLER_RAWNAME}"
      - ZITI_EDGE_CONTROLLER_RAWNAME="${ZITI_EDGE_CONTROLLER_RAWNAME}"
      - ZITI_EDGE_ROUTER_RAWNAME=ziti-edge-router
      - ZITI_EDGE_ROUTER_ROLES=public
    ports:
      - "3022:3022"
    networks:
      ziti:
        aliases:
          - ziti-edge-router
    volumes:
      - ziti-fs:/openziti
    entrypoint: /bin/bash
    command: "/openziti/scripts/run-router.sh edge"

  postgres-db:
    image: postgres
    #ports:
    #  - 5432:5432
    networks:
      - ziti
    volumes:
     # Uncomment to save sql data between container restarts
      - ./data/db:/var/lib/postgresql/data
      - ./postgres-setup.sh:/docker-entrypoint-initdb.d/postgres-setup.sh
    environment:
      - POSTGRES_DB=postgres
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres

  database-tunneler:
    image: 'netfoundry/ziti-tunnel:latest'
    depends_on:
      - ziti-edge-router
    networks:
      - ziti
    volumes:
      - ./tunnel:/netfoundry
    environment:
      - NF_REG_NAME=databaseTunneler
    command:
      - host

networks:
  ziti:
    driver: bridge
volumes:
  ziti-fs:

However, I had to edit the entry point for the controller to get the containers started. Still, the tunneler and edge router seem to exit so I checked what was wrong with docker logs

(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm/samples/ziti-jdbc-postgresql/network$ docker-compose up -d
[+] Building 0.0s (0/0)                                                                                docker:default
[+] Running 5/5
 ✔ Network network_ziti                   Created                                                                0.1s 
 ✔ Container network-ziti-controller-1    Started                                                                0.1s 
 ✔ Container network-postgres-db-1        Started                                                                0.1s 
 ✔ Container network-ziti-edge-router-1   Started                                                                0.0s 
 ✔ Container network-database-tunneler-1  Started                                                                0.0s 
(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm/samples/ziti-jdbc-postgresql/network$ docker ps
CONTAINER ID   IMAGE                        COMMAND                  CREATED         STATUS         PORTS                                       NAMES
f27db5051290   postgres                     "docker-entrypoint.s…"   4 seconds ago   Up 3 seconds   5432/tcp                                    network-postgres-db-1
f2592230452c   openziti/quickstart:latest   "/var/openziti/scrip…"   4 seconds ago   Up 3 seconds   0.0.0.0:1280->1280/tcp, :::1280->1280/tcp   network-ziti-controller-1
(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm/samples/ziti-jdbc-postgresql/network$ docker ps -aq
3d5f7898cc1e
caa04a73e10e
f27db5051290
f2592230452c
(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm/samples/ziti-jdbc-postgresql/network$ docker logs 3d5f7898cc1e
DEBUG: waiting 1s for /netfoundry/databaseTunneler.json (or token) to appear
INFO: identity file /netfoundry/databaseTunneler.json does not exist
INFO: looking for /var/run/secrets/netfoundry.io/enrollment-token/databaseTunneler.jwt
INFO: looking for /enrollment-token/databaseTunneler.jwt
INFO: looking for /netfoundry/databaseTunneler.jwt
DEBUG: evaluating positionals: host
INFO: running "ziti tunnel host --identity /netfoundry/databaseTunneler.json "
{"error":"exec: \"resolvectl\": executable file not found in $PATH","file":"github.com/openziti/edge@v0.24.239/tunnel/dns/server.go:49","func":"github.com/openziti/edge/tunnel/dns.flushDnsCaches","level":"warning","msg":"unable to find systemd-resolve or resolvectl in path, consider adding a dns flush to your restart process","time":"2023-11-05T11:19:24.772Z"}
{"file":"github.com/openziti/edge@v0.24.239/tunnel/intercept/iputils.go:51","func":"github.com/openziti/edge/tunnel/intercept.SetDnsInterceptIpRange","level":"info","msg":"dns intercept IP range: 100.64.0.1 - 100.127.255.254","time":"2023-11-05T11:19:25.140Z"}
{"file":"github.com/openziti/ziti/ziti/tunnel/root.go:169","func":"github.com/openziti/ziti/ziti/tunnel.startIdentity","level":"info","msg":"loading identity: /netfoundry/databaseTunneler.json","time":"2023-11-05T11:19:25.140Z"}
{"file":"github.com/openziti/ziti/ziti/tunnel/root.go:172","func":"github.com/openziti/ziti/ziti/tunnel.startIdentity","level":"fatal","msg":"failed to load ziti configuration from /netfoundry/databaseTunneler.json: config file (/netfoundry/databaseTunneler.json) is not found ","time":"2023-11-05T11:19:25.140Z"}
/entrypoint.sh: line 25: kill: (9) - No such process
(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm/samples/ziti-jdbc-postgresql/network$ docker logs caa04a73e10e
/bin/bash: /openziti/scripts/run-router.sh: No such file or directory
(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm/samples/ziti-jdbc-postgresql/network$

The edge router, I am going to check to see if it's a similar problem with having the correct entry point path to the script but the tunneler I don't know how to solve that.

Edit:
I had to prefix the entry point for the edge router with /var/ to get it working but I am having trouble creating an identity for the tunneler container from within the controller container.

(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm$ docker ps
CONTAINER ID   IMAGE                        COMMAND                  CREATED              STATUS              PORTS                                       NAMES
986c087710b5   postgres                     "docker-entrypoint.s…"   About a minute ago   Up About a minute   5432/tcp                                    network-postgres-db-1
98ab8d9c8dc7   openziti/quickstart:latest   "/var/openziti/scrip…"   About a minute ago   Up About a minute   0.0.0.0:1280->1280/tcp, :::1280->1280/tcp   network-ziti-controller-1
(base) nyck33@nyck33-tt:/media/nyck33/1TB-backup/cybersec/openziti/ziti-sdk-jvm$ docker exec -it network-ziti-controller-1 /bin/sh
$ ziti edge create identity databaseTunneler -a 'databaseTunneler' -o databaseTunneler.jwt 
/bin/sh: 1: ziti: not found

Please advise when you have a moment.
Please also note that I just realized this is the ziti-jdbc-postgresql example and not the jdbc-postgres example for which there is the Youtube video at https://www.youtube.com/watch?v=s-skpw7bUfI&t=71s links to. I'll try that one now.

83

I don't expect things have changed in a year, but if you aren't successful do let us know and I'll revisit. I do like to keep videos fresh so that if anything has changed the latest video is up to date.

1 Like
84

I realize today I didn't post back this video here. My bad.... Here's an updated 2023 video I did the other day based on your request here....

I'm going to go through this live on Ziti TV today too, and show people how to do the same thing with Golang if that sounds interesting... Anyway, since I forgot to post it, here it is :wink: