Ziti fabric list routers Status code: 401 Unauthorized

Quick check to see if you have any tips.

I receive a 401 when running the following command.

ziti fabric list routers

The machine that I am running this command on as a vanilla quickinstall version

I have made no further changes… other than log out.

I have loaded up the environment variables again…

I have also started both the controller and edge router using the following commands.

. ./ziti-cli-functions.sh && startZitiController

. ./ziti-cli-functions.sh && startExpressEdgeRouter

Is there any thing specific that I should investigate

To offer some more insights… this is what is returned when I run the psz command


opc 39243 1 0 Mar22 ? 00:02:41 /home/opc/. ziti /quickstart/instance-20220317-1005/ ziti -bin/ ziti -v0.25.3/ ziti -controller run /home/opc/. ziti /quickstart/instance-000000/instance-0000000.yaml

Think I am getting closer.. don't know.. but do you need to use the zitilogin command before you run other ziti commands?

When I run it.. I get a command not found.

This happens because ${ZITI_EDGE_ROUTER_RAWNAME} is not configured... even after I load the env file

Not really sure what name it should be..

Maybe I need to add it in manually

-bash: zitilogin: command not found
[1]+ Exit 2 "${ZITI_BIN_DIR}/ziti-router" run "${ZITI_HOME_OS_SPECIFIC}/${ZITI_EDGE_ROUTER_RAWNAME}.yaml" > "${log_file}" 2>&1

think I found the answer.. apparently there is a time limit to enrol and edge router.. which is captured 34:00 in the following video.. (great ziti tv session by the way :slight_smile:

This happened because I needed to take a pause for a few days until I could return to it..

So I will restart from the beginning.. though before doing so.. I will work out how to enrol an edge router .. not sure just yet

I found this info re enrolling…


right now the quickstarts focus on making it a quick, one-liner action. the wget fetches the ziti-cli-functions.sh and sources it. When you come back to that shell - you need to fetch/source it again or you need to just fetch it and bring it local and source it each time. that’s how you’ll get access to the aliases like zitiLogin.

I am very happy you watched the ziti tv and saw the section related to session timeouts. Yes you need to issue ziti login if you get a 401. the alias zitiLogin uses environment variables from the .env file in the quickstart home folder. you’ll find your user/password in that file. We do this - so that you bash command history doesn’t have the username/password in it (a classic thing attackers look for if they gain access to your linux machine)

if you create a router - and don’t enroll it immediately, the correct/easiest thing to do is just delete the router ziti edge delete edge-router ${router.name} and then just recreate it/enroll it when you are ready. Same thing happens to me when i forget and get busy. Remember by default that enrollment is only valid for 10m so - it’s easy to get distracted and have that problem

1 Like

Thanks… sometimes it takes me a few days to follow up… very helpful