`ziti edge controller create identity user` causing error

Hi @markamind,
Thanks much, when I try out this cmd ziti edge controller create identity user "NewUser" -o NewUser.jwt
, it gives me error, saying unknown shorthand flag: 'o' in -o. Let me know if I’m missing something. Thanks.

Have a look through these commands… it may help with the structure.

Here is an example to create an identity called “server.id” that is linked to a service called “service.endpoint”

ziti edge create identity device server.id -a service.endpoint -o server.jwt

This took me ages to work out… and then there was those terminators.

tip: terminators are only created when you start a host… so for them to be created… you need to run a service on the server that starts up the listener for a specific port… or range of ports (using an intercept)


1 Like

After a couple of trials, I got into unauthorised access, something like below

ziti edge create identity device "${server_identity}" -a "${service_name}"ServerEndpoints -o "${server_identity}".jwt

error: error creating identities instance in Ziti Edge Controller at https://sig56/edge/management/v1. Status code: 401 Unauthorized, Server returned: {
    "error": {
        "code": "UNAUTHORIZED",
        "message": "The request could not be completed. The session is not authorized or the credentials are invalid",
        "requestId": "lP-RAlbui"
    "meta": {
        "apiEnrollmentVersion": "0.0.1",
        "apiVersion": "0.0.1"
curl eth0.me

Any clue plz?

ahh… I believe you are very close.

try this before you run the command


This creates a token on your controller so that you can run ziti commands like enroll etc


hmmm! thanks worked for me.

I modified that as ziti edge login :smile:

@afzal442 Can you please let me know where you found this command string?

ziti edge controller create identity user

I ask because I have seen this in some older documentation so I’d like to see if we can update or remove the docs.

Also, regarding your latest message @markamind has you covered, you just need to zitiLogin if you see that UNAUTHORIZED error.

Yes @gberl002 , sure!
the associated link to that Creating an Identity | Ziti

1 Like

We removed ‘controller’ a long time ago from commands like this and looks like we missed some spots it was referenced.

Seems like this ‘breaks’ that command! :frowning: i’ll get that fixed up. The ‘correct’ command is to just remove ‘controller’

ziti edge controller create identity user "NewUser" -o NewUser.jwt

As for the UNAUTHORIZED issue - as you discovered your session just timed out and you needed to login again

1 Like

I’m on it @dovholuknf

Having that said I went through the examples associated with go-sdk, I am struggling with running the application. I tried out like for server.go → go run simple-server.go "$HOME/srv.conf” eth2,
similarly for client → go run simple-client.go "$HOME/cli.conf” 80

Before that I enrolled the jwt as ziti edge enroll --jwt ${jwt_file} --out ${identity_config_file}.
Any hint plz? :small_airplane:
cc @dovholuknf

I can give you a bunch of commands that will get this up and running. I’ll do that and get back to you in a few minutes… :slight_smile:

1 Like

Follow a quickstart, make sure you can login and issue ziti cli commands (i think you’re here already)

open two terminal windows
git clone git@github.com:openziti/sdk-golang.git
terminal 1: cd sdk-golang/exercises/http/server/zitified
terminal 1: ziti edge create identity user server.id -o server.id.jwt
terminal 1: ziti edge enroll server.id.jwt

terminal 2: cd sdk-golang/exercises/http/client/zitified
terminal 2: ziti edge create identity user client.id -o client.id.jwt
terminal 2: ziti edge enroll client.id.jwt

terminal 1: ziti edge create service simple-http-service
terminal 1: ziti edge create service-policy simple-http-service-bind Bind --service-roles '@simple-http-service' --identity-roles '@server.id'
terminal 1: ziti edge create service-policy simple-http-service-dial Dial --service-roles '@simple-http-service' --identity-roles '@client.id'

Here comes the payoff :slight_smile:

terminal 2: go run simple-client.go client.id.json simple-http-service
Hello response: zitified hello from sg3
Add Result: zitified a+b=1+2=3
1 Like

hey @dovholuknf, thanks much for your kind help. So now when I try to restart my ziti controller, startZitiController: command not found causes the issue. Or maybe I missed somewhere. Thanks

Any hint plz?

cc @markamind

There are two approaches to starting / stoping services

  1. via cmd file (my preference for testing)
  2. via system control.

If you want to do it via command… you need to download a local copy of the ziti-cli-functions.sh file used to conduct the Quick Install

With this in a local directory… the following should work

. ./ziti-cli-functions.sh && startZitiController

to start the edge router, you need to set the following variable first

. ./ziti-cli-functions.sh && startExpressEdgeRouter

In case you did setup the system command, it would be something like

sudo systemctl start ziti-controller
sudo systemctl stop ziti-controller

sudo systemctl start ziti-edge-router
sudo systemctl stop ziti-edge-router

sudo systemctl start ziti-console
sudo systemctl stop ziti-console

Hope that helps :slight_smile:

Sorry @markamind, could you tell me where I can find local copy of the ziti-cli-functions.sh file to download? Thanks.
FYI, I have this development setup with no docker.

the file is the quick start install script.

# now download, source, and execute the expressInstall function
source /dev/stdin <<< "$(wget -qO- https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh)"; expressInstall

It gets cached during the install… then automatically cleaned up

1 Like

@afzal442 there’s a section of the doc that covers this here Local - No Docker | Ziti

In the case you close your shell and you want to get the same environment variables back into your shell, you can just source the “env” file that is placed into the location you specified. For example, if you ran the example above where the deployed files went to ${HOME}/.ziti/quickstart/newfolder you would find an “env” file at ${HOME}/.ziti/quickstart/newfolder/newfolder.env and source it:

source ${HOME}/.ziti/quickstart/newfolder/newfolder.env

~ % zitiLogin
Token: aa1c7fb0-85d9-4a79-86b2-5df450c5b4de
Saving identity 'default' to ${HOME}/.ziti/quickstart/newfolder/ziti-cli.json

Hope that’s enough of a hint for you :slight_smile:

Oh, I realize I answered the question wrongly. You could choose to source the script from the web (like @markamind shows) every time with just running the same command (without the expressInstall function call)

source /dev/stdin <<< "$(wget -qO- https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh)";

or you can just wget the file and put it somewhere ‘cached’:

wget -q -O /tmp/ziti-cli-functions.sh https://raw.githubusercontent.com/openziti/ziti/release-next/quickstart/docker/image/ziti-cli-functions.sh

then you can source THAT file when you want:

source /tmp/ziti-cli-functions.sh

I would get the latest ziti-cli-functions.sh now and then in case there’s bug fixes :slight_smile:

1 Like

hmmm! sounds good.

every time with just running the same command (without the expressInstall function call)

Yep, I did that in those ways. It’ll be nice if we can add it on docs as well so that one can’t miss this step while starting ziti controller again. Thanks :smile: