Ziti edge client is running but not showing on ZAC

kashif · August 23, 2023, 1:22pm

Hi,
I installed this time tunneler on Ubuntu 20 LTS using this doc (Linux | OpenZiti) and it installed

● ziti-edge-tunnel.service - Ziti Edge Tunnel
     Loaded: loaded (/etc/systemd/system/ziti-edge-tunnel.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-08-23 16:00:02 +03; 37s ago
   Main PID: 1954367 (ziti-edge-tunne)
      Tasks: 5 (limit: 4631)
     Memory: 6.3M
     CGroup: /system.slice/ziti-edge-tunnel.service
             └─1954367 /opt/openziti/bin/ziti-edge-tunnel run --verbose=2 --dns-ip-range=100.64.0.1/10 --identity-dir=/opt/openziti/etc/identities

ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO ziti-sdk:utils.c:188 ziti_log_set_level() set log level: root=3/INFO
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO tunnel-sdk:ziti_tunnel.c:60 create_tunneler_ctx() Ziti Tunneler SDK (v0.22.5-local)
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO tunnel-cbs:ziti_dns.c:168 seed_dns() DNS configured with range 100.64.0.0 - 100.127.255.255 (4194302 ips)
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1695 run_tunneler_loop() Loading identity files from /opt/openziti/etc/identities
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1621 make_socket_path() effective group set to 'ziti' (gid=998)
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    WARN ziti-edge-tunnel:ziti-edge-tunnel.c:1665 make_socket_path() failed to set ownership of /tmp/.ziti to 998:998: Operation not permitted (err>
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    WARN ziti-edge-tunnel:ziti-edge-tunnel.c:1709 run_tunneler_loop() One or more socket servers did not properly start.
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.031]    INFO ziti-edge-tunnel:resolvers.c:68 init_libsystemd() Initializing libsystemd
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.032]    INFO ziti-edge-tunnel:resolvers.c:356 try_libsystemd_resolver() systemd-resolved selected as DNS resolver manager
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.051]    INFO ziti-edge-tunnel:resolvers.c:400 dns_update_systemd_resolved() Setting wildcard routing only domain on interface: ziti0

Failed to add match 'xe': Invalid argument
root@ztn:~# journalctl -xe
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO tunnel-sdk:ziti_tunnel.c:60 create_tunneler_ctx() Ziti Tunneler SDK (v0.22.5-local)
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO tunnel-cbs:ziti_dns.c:168 seed_dns() DNS configured with range 100.64.0.0 - 100.127.255.255 (4194302 ips)
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1695 run_tunneler_loop() Loading identity files from /opt/openziti/etc/identities
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1621 make_socket_path() effective group set to 'ziti' (gid=998)
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    WARN ziti-edge-tunnel:ziti-edge-tunnel.c:1665 make_socket_path() failed to set ownership of /tmp/.ziti to 998:998: Operation not permitted (err>
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    WARN ziti-edge-tunnel:ziti-edge-tunnel.c:1709 run_tunneler_loop() One or more socket servers did not properly start.
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.031]    INFO ziti-edge-tunnel:resolvers.c:68 init_libsystemd() Initializing libsystemd
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.032]    INFO ziti-edge-tunnel:resolvers.c:356 try_libsystemd_resolver() systemd-resolved selected as DNS resolver manager
ztn ziti-edge-tunnel[1954367]: (1954367)[        0.051]    INFO ziti-edge-tunnel:resolvers.c:400 dns_update_systemd_resolved() Setting wildcard routing only domain on interface: ziti0
ztn systemd-resolved[1936493]: Flushed all caches.
ztn systemd-resolved[1936493]: Resetting learnt feature levels on all servers.
ztn NetworkManager[901]: <info>  [1692795602.3793] device (ziti0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
ztn NetworkManager[901]: <info>  [1692795602.3818] device (ziti0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
ztn NetworkManager[901]: <info>  [1692795602.3825] device (ziti0): Activation: starting connection 'ziti0' (a90480d7-1257-403b-9de7-1d4008f8b756)
ztn NetworkManager[901]: <info>  [1692795602.3826] device (ziti0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
ztn NetworkManager[901]: <info>  [1692795602.3829] device (ziti0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
ztn NetworkManager[901]: <info>  [1692795602.3838] device (ziti0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
ztn NetworkManager[901]: <info>  [1692795602.3841] device (ziti0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')

But it is not showing on ZAC and after I restart

root@ztn:~# systemctl status ziti-edge-tunnel.service
● ziti-edge-tunnel.service - Ziti Edge Tunnel
     Loaded: loaded (/etc/systemd/system/ziti-edge-tunnel.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Wed 2023-08-23 16:18:02 +03; 1s ago
    Process: 1959570 ExecStartPre=/opt/openziti/bin/ziti-edge-tunnel.sh (code=exited, status=1/FAILURE)

---
-- A start job for unit ziti-edge-tunnel.service has begun execution.
--
-- The job identifier is 140416.
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.000]    INFO ziti-sdk:utils.c:188 ziti_log_set_level() set log level: root=3/INFO
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.000]    INFO ziti-sdk:utils.c:188 ziti_log_set_level() set log level: root=3/INFO
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.000]    INFO ziti-sdk:ziti_enroll.c:90 ziti_enroll() Ziti C SDK version 0.33.4 @27bac90(HEAD) starting enrollment at (2023-08-23T13:18:41.319)
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.056]   ERROR ziti-sdk:ziti_ctrl.c:154 ctrl_resp_cb() ctrl[ztn.io] request failed: -103(software caused connection abort)
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.056]   ERROR ziti-sdk:ziti_enroll.c:234 enroll_cb() failed to enroll with controller: https://ztn.io:8441 CONTROLLER_UNAVAILABLE (software ca>
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.056]   ERROR ziti-edge-tunnel:ziti-edge-tunnel.c:2137 enroll_cb() enrollment failed: CONTROLLER_UNAVAILABLE(-3)
ztn ziti-edge-tunnel.sh[1959776]: ERROR: failed to enroll http-server.jwt in /opt/openziti/etc/identities
ztn systemd[1]: ziti-edge-tunnel.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- An ExecStartPre= process belonging to unit ziti-edge-tunnel.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
ztn systemd[1]: ziti-edge-tunnel.service: Failed with result 'exit-code'.

What could be wrong?

Thank you

TheLumberjack · August 23, 2023, 1:27pm

kashif:

ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.056]   ERROR ziti-sdk:ziti_enroll.c:234 enroll_cb() failed to enroll with controller: https://ztn.s-apps.io:8441 CONTROLLER_UNAVAILABLE (software ca>
ztn ziti-edge-tunnel.sh[1959780]: (1959780)[        0.056]   ERROR ziti-edge-tunnel:ziti-edge-tunnel.c:2137 enroll_cb() enrollment failed: CONTROLLER_UNAVAILABLE(-3)

These errors make me think you haven't seen the PSA I put out the other day. If you have deployed your network using the quickstart before yesterday, you'll want to take the actions mentioned in that post. PSA - quickstart change for latest tunnelers and c/python/swift/node sdk

The quickstart had a bug that worked with older ziti-edge-tunnelers but not the latest one. It comes down to modifying a setting in the controller's config file and recreating the "CA" file for the controller (see the post for details).

Once you fix the controller, recreate this identity and reenroll it I think it should be fine.

sabedevops · August 23, 2023, 1:37pm

Can you confirm whether /tmp/.ziti exists and is perhaps owned by root? (I wonder if we don't chown this directory in our upgrade script since the drop from the root to the ziti user)

ztn ziti-edge-tunnel[1954367]: (1954367)[        0.000]    WARN ziti-edge-tunnel:ziti-edge-tunnel.c:1665 make_socket_path() failed to set ownership of /tmp/.ziti to 998:998: Operation not permitted (err>

kashif · August 24, 2023, 9:59am

Yes, I didn't read that post and thank you do much the quick fix of bug.

I updated the system and the client machine is now connected without recreating identity. Is it better to recreate the identity?

kashif · August 24, 2023, 10:01am

There is now no such error after updating.

Thank you for pointing this issue out. I think it will not occur if installed latest version of OpenZiti.

TheLumberjack · August 24, 2023, 10:08am

If you're in the testing and learning phase, it's easier to just recreate the identity yeah.

Glad to hear. Were you able to confirm whether /tmp/.ziti existed and was owned by root (or not) ?

kashif · August 24, 2023, 10:40am

If you're in the testing and learning phase, it's easier to just recreate the identity yeah.

Done

root@ztn:~# ls -l /tmp/.ziti
total 0
srwxrwxrwx 1 root ziti 0 ziti-edge-tunnel-event.sock
srwxrwxrwx 1 root ziti 0 ziti-edge-tunnel.sock

Thank you for your kind support.

Topic		Replies	Views
Intermittent Connectivity Issues: ziti-edge-tunnel Support	4	12	November 21, 2024
Slow response and sometimes website inaccessible	9	190	December 12, 2023
Tunneler installation on raspberry pi Tunneler Apps	21	632	March 18, 2023
Instruction for Tunneler usage Ziti Overlay	2	264	February 1, 2023
Service still can be accessed either IP or testpage.ziti	15	238	August 21, 2023

Ziti edge client is running but not showing on ZAC

Related topics