ZAC Invalid Edge Controller - but successful login

I’m currently testing openziti and the related web interface the admin console.
I’ve set up the controller and admin console according to your docs in EKS (see: Install OpenZiti Controller in Kubernetes | OpenZiti) with versions of controller v0.28.1 and zac v2.7.3. So far everything worked.

But when I tried to add a new edge controller at the zac login page I got the error: “Invalid Edge Controller”. I also checked your other posts and made sure to use https.

The strange thing is, that although this error appears - I can reload the page and choose the edge controller I tried to set and I can even login without a problem. But the error in setting the controller persists.

If you launch ZAC at the terminal and add the “debug” command like

“node server.js debug” then try and add the server you will see the error that you are getting from the controller. Can you reply with that so I can determine what may be happening?


This is what I get in the logs (already in debug mode):

Calling Controller:
Controller: Returned: {"data":{"apiVersions":{"edge":{"v1":{"apiBaseUrls":["",""],"path":"/edge/client/v1"}},"edge-client":{"v1":{"apiBaseUrls":["",""],"path":"/edge/client/v1"}},"edge-management":{"v1":{"apiBaseUrls":[""],"path":"/edge/management/v1"}}},"buildDate":"2023-06-09T20:07:49Z","revision":"f9a62c0baf1c","runtimeVersion":"go1.20.4","version":"v0.28.1"},"meta":{}}

Controller: Returned string: {"data":{"apiVersions":{"edge":{"v1":{"apiBaseUrls":["",""],"path":"/edge/client/v1"}},"edge-client":{"v1":{"apiBaseUrls":["",""],"path":"/edge/client/v1"}},"edge-management":{"v1":{"apiBaseUrls":[""],"path":"/edge/management/v1"}}},"buildDate":"2023-06-09T20:07:49Z","revision":"f9a62c0baf1c","runtimeVersion":"go1.20.4","version":"v0.28.1"},"meta":{}}

(I only replaced some parts of the urls for compliance)

First, Hi @janst, welcome to OpenZiti and to the community! :slight_smile:

the url that you provide in that field needs to be addressable from where the ZAC is deployed. If you go to that running ZAC, can it reach the controller in question?

Hi @TheLumberjack ,
thank you ! :slight_smile:

yes it can reach it - from inside the cluster, as well also from outside of the K8s cluster.( TLS-passthrough) Also, I can successfully login using both urls.

It the ZAC wasn't able to reach the controller, the ZAC could not login - but it can. The error "Invalid Edge Controller" only appears when I try to add a new edge controller.

I can reload the page and choose the edge controller I tried to set and I can even login without a problem

Oh i missed that way up on the original post. AND i misread the title of this post too! :man_facepalming: Sorry about that.

So you can login successfully, but you get the angry growler that something happens until you refresh the page? Is that the situation? You aren't deploying/redeploying the controllers or anything like that, right?

Is the flow just:

  • deploy ZAC somewhere...
  • use helm to install a new openziti controller
  • go to zac
    • add the new url to zac
    • login, things work
  • use helm to deploy another openziti network
  • go to zac
    • add the new url to zac
    • get the grumpy growler until you refresh,
    • choose the 'new' controller you just added
    • login - it works

Is that the flow ? Or if not... Can you correct it? It'll be helpful to know just how you're using it...

Also it might be useful to open dev tools to see if anything is in the console that might help

No problem :wink:

The flow is almost the one I’m talking about. It is:

  • deploy the openziti controller using helm
  • deploy ZAC using helm
  • go to zac webpage
    • add the new url to zac
    • encounter the “invalid edge controller” error
  • reload the zac webpage
    • choose the ‘new’ controller you just added
    • login - it works

Ah, and it’s just a ‘one time thing’? The very first time you add it to a whole new installation?

no, it happens over and over - everytime I try to add the / a controller
To me, it looks like a bug, but perhaps I misconfigured sth ?

No it’s a bug in ZAC imo, i hit it too but I can’t actually reproduce it when I want to! :slight_smile: I was hoping you had a set of steps that happen for you over and over, so that i could finally reproduce it and get @jeremy.tellier to fix it :slight_smile: I am sure once we can faithfully reproduce it he can fix it fast…

What I’m stuck on is when you say: “it happens over and over - everytime I try to add the / a controller”.

Are you adding more than one controller? For me, once i add the controller it’s there in the dropdown list and i just pick it and use it. You must be doing something just a little bit differently, or over and over… At least you did it enough times to get annoyed by it, sign up to discourse and report it! :slight_smile: so it must be more than just one time i figure! hehe

ya you are kind of right :wink:

by over and over I mean I just select " add a new controller" and then try to add an already added controller a second time :slight_smile:

btw. this I get in the devtools as a reponse for the request that is sent:

error: "Invalid Edge Controller",…}
"Invalid Edge Controller"

Also I have two different urls - meaning was - to add a controller, as I can on the one hand reach the controller inside the cluster ( all ziti stuff is in one K8s namespace) and on the other hand reach it via the internet ( so going out of the VPC and back in…)

But this should not influence the issue, as I encountered it already in the beginning - before I tried to connect “cluster-internally”

Well I do see that I have an issue where I am not printing out the real error, it should be displaying “Invalid Edge Controller” then the json error that is returned. Let me get that patched real quick so we can get a better idea of why the body of the return has an error.

1 Like

The good news is, I have been able to replicate the issue… The bad news is, I have been able to replicate the issue… I will let you know when I push a fix.

@janst - Try pulling down the latest ZAC and let me know if you still get the issue would you? Thanks for bringing this to light!

Hi @jeremy.tellier,
I’ve pulled ZAC 2.7.6 and I still get the same error.

Invalid Edge Controller

Error {"data":{"apiVersions":{"edge":{"v1":{"apiBaseUrls":["",""],"path":"/edge/client/v1"}},"edge-client":{"v1":{"apiBaseUrls":["",""],"path":"/edge/client/v1"}},"edge-management":{"v1":{"apiBaseUrls":[""],"path":"/edge/management/v1"}}},"buildDate":"2023-06-09T20:07:49Z","revision":"f9a62c0baf1c","runtimeVersion":"go1.20.4","version":"v0.28.1"},"meta":{}}

Well back to the drawing board, lemme take a look and get back to you.

Pull down 2.7.7 and let me know if that fixes the issue @janst

I cannot pull as it is not on DockerHub :slight_smile: