nicfragale / ha-netfoundry Goto Github PK

Hey!
Thank you for sharing your plug-in!
I'm having issues getting the service up and running. I believe there are config file handling issues.
Any ideas what I could do?

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/profile.sh
cont-init: info: /etc/cont-init.d/profile.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun ziti-edge-tunnel (no readiness notification)
s6-rc: info: service legacy-services successfully started
[15:17:17] NOTICE: Starting NetFoundry ZITI...
[15:17:17] INFO: with SUPERVISOR_TOKEN "xxx...".
[15:17:17] INFO: with IdentityDirectory "/share/NetFoundry/identities".
[15:17:17] INFO: with ResolutionRange "100.64.64.0/18".
[15:17:17] INFO: with UpstreamResolver "x.x.x.x".
[15:17:17] INFO: with LogLevel "3".
[15:17:17] INFO: with EnrollmentJWT "xxxx...xxxx".
[15:17:17] NOTICE: ZITI EDGE TUNNEL - PREINIT BEGIN
mode of '/opt/NetFoundry/scripts' changed to 0700 (rwx------)
mode of '/opt/NetFoundry/scripts/startup.sh' changed to 0700 (rwx------)
mode of '/opt/NetFoundry/scripts/zetdisplay.sh' changed to 0700 (rwx------)
mode of '/opt/NetFoundry/scripts/infodisplay.sh' changed to 0700 (rwx------)
[15:17:17] NOTICE: ZITI EDGE TUNNEL - ENROLL BEGIN
(152)[ 0.000] INFO ziti-sdk:utils.c:199 ziti_log_set_level() set log level: root=3/INFO
(152)[ 0.000] INFO ziti-sdk:utils.c:168 ziti_log_init() Ziti C SDK version 0.35.4 @9756522(HEAD) starting at (2023-12-07T14:17:17.160)
(152)[ 0.000] INFO ziti-sdk:utils.c:199 ziti_log_set_level() set log level: root=3/INFO
(152)[ 0.000] INFO ziti-sdk:utils.c:168 ziti_log_init() Ziti C SDK version 0.35.4 @9756522(HEAD) starting at (2023-12-07T14:17:17.160)
(152)[ 0.000] INFO ziti-sdk:ziti_enroll.c:90 ziti_enroll() Ziti C SDK version 0.35.4 @9756522(HEAD) starting enrollment at (2023-12-07T14:17:17.160)
(152)[ 0.000] ERROR ziti-sdk:jwt.c:26 parse_jwt_content() jwt input lacks a dot
(152)[ 0.000] ERROR ziti-sdk:ziti_enroll.c:125 ziti_enroll() /opt/NetFoundry/build/_deps/ziti-sdk-c-src/library/ziti_enroll.c:107 - load_jwt(opts->jwt, ecfg, &ecfg->zejh, &ecfg->zej) => -4 (JWT has invalid format)
(152)[ 0.000] ERROR ziti-edge-tunnel:ziti-edge-tunnel.c:2140 enroll_cb() enrollment failed: enroll failed(-4)
[15:17:22] NOTICE: ZITI EDGE TUNNEL - [0/Thu Dec 7 15:17:22 CET 2023] [PID:152] [END:ENROLL]
[15:17:22] NOTICE: ZITI EDGE TUNNEL - ENROLL END
[15:17:22] INFO: IDENTITIES: []
[15:17:22] INFO: ZITI_DNS_IP: 100.64.64.1
[15:17:22] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
[15:17:22] INFO: Assisting application "nginx" has been started with syntax options "".
[15:17:22] INFO: Assisting application "php-fpm81" has been started with syntax options "".
[15:17:22] INFO: INIT STRING: [/opt/NetFoundry/ziti-edge-tunnel run -I /share/NetFoundry/identities -d 100.64.64.0/18 -u 192.168.1.1 -v 3]
[15:17:22] NOTICE: ZITI EDGE TUNNEL - PREINIT END
[15:17:22] NOTICE: ZITI EDGE TUNNEL - PROGRAM BEGIN
(190)[ 0.000] INFO ziti-sdk:utils.c:199 ziti_log_set_level() set log level: root=3/INFO
(190)[ 0.000] INFO ziti-sdk:utils.c:168 ziti_log_init() Ziti C SDK version 0.35.4 @9756522(HEAD) starting at (2023-12-07T14:17:22.269)
(190)[ 0.000] INFO ziti-edge-tunnel:instance-config.c:86 load_tunnel_status_from_file() Loading config file from /var/lib/ziti/config.json
(190)[ 0.000] ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json. This is normal if this is a new install or if the config file was removed manually
(190)[ 0.000] ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json.backup. This is normal if this is a new install or if the config file was removed manually
(190)[ 0.000] WARN ziti-edge-tunnel:instance-config.c:98 load_tunnel_status_from_file() Config files /var/lib/ziti/config.json and the backup file cannot be read or they do not exist, will create a new config file or the old one will be overwritten
(190)[ 0.000] INFO tunnel-sdk:ziti_tunnel.c:60 create_tunneler_ctx() Ziti Tunneler SDK (0.22.12)
(190)[ 0.000] INFO tunnel-cbs:ziti_dns.c:168 seed_dns() DNS configured with range 100.64.64.0 - 100.64.127.255 (16382 ips)
(190)[ 0.000] INFO tunnel-cbs:ziti_dns.c:232 ziti_dns_set_upstream() DNS upstream is set to x.x.x.x:53
(190)[ 0.000] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1698 run_tunneler_loop() Loading identity files from /share/NetFoundry/identities
(190)[ 0.000] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1624 make_socket_path() effective group set to 'ziti' (gid=99)
(190)[ 0.008] WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
(190)[ 0.008] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 0.008] ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not copy config file [/var/lib/ziti/config.json] to backup config file, the config might not exists at the moment
(190)[ 0.008] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 5.461] WARN tunnel-cbs:ziti_dns.c:762 on_upstream_packet() unexpected DNS response: too large
(190)[ 7.268] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 7.268] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 18.955] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 18.955] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 22.475] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 22.475] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 139.672] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 139.672] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp

https://github.com/NicFragale/HA-NetFoundry/tree/main/openziti#readme

What does it do, and how does it work?

After updating to the new version the addon does not start anymore. I uninstalled and reinstalled the addon, but this didn't help.

Here are the logs from the addon:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/profile.sh
cont-init: info: /etc/cont-init.d/profile.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun ziti-edge-tunnel (no readiness notification)
s6-rc: info: service legacy-services successfully started
[16:16:57] NOTICE: Starting Ziti-Edge-Tunnel...
[16:16:58] INFO: with SUPERVISOR_TOKEN  :"dcb63a5e25...".
[16:16:58] INFO: with IdentityDirectory :"/share/openziti/identities".
[16:16:58] INFO: with ResolutionRange   :"100.64.64.0/18".
[16:16:58] INFO: with UpstreamResolver  :"192.168.128.1".
[16:16:58] INFO: with LogLevel          :"2".
[16:16:58] NOTICE: ZITI-EDGE-TUNNEL: PREINIT BEGIN
[16:16:58] INFO: Runtime version is "0.22.22".
[16:16:58] INFO: Architecture is "aarch64".
[16:16:58] INFO: ZITI-EDGE-TUNNEL: ENROLLMENT NOT REQUESTED
[16:16:58] INFO: IDENTITY: [/share/openziti/identities/ZTID-20240215_114559.json]
[16:16:58] INFO: ZITI_DNS_IP: 100.64.64.1
[16:16:58] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
[16:16:58] INFO: Assisting application "nginx" has been started with syntax options "NONE".
[16:16:58] INFO: Assisting application "php-fpm82" has been started with syntax options "NONE".
[16:16:58] INFO: INIT STRING: [/opt/openziti/ziti-edge-tunnel run -I /share/openziti/identities -u 192.168.128.1 -v 2]
[16:16:58] NOTICE: ZITI-EDGE-TUNNEL: PREINIT END
[16:16:58] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM BEGIN
(186)[        0.000]   ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json. This is normal if this is a new install or if the config file was removed manually
(186)[        0.000]   ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json.backup. This is normal if this is a new install or if the config file was removed manually
(186)[        0.000]    WARN ziti-edge-tunnel:instance-config.c:98 load_tunnel_status_from_file() Config files /var/lib/ziti/config.json and the backup file cannot be read or they do not exist, will create a new config file or the old one will be overwritten
(186)[        0.000]    WARN ziti-edge-tunnel:instance.c:40 find_tunnel_identity() Identity ztx[/share/openziti/identities/ZTID-20240215_114559.json] is not loaded yet or already removed.
(186)[        0.093]    WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
(186)[        0.094]   ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not copy config file [/var/lib/ziti/config.json] to backup config file, the config might not exists at the moment
[16:17:03] INFO: UPDATED RESOLV CONFIGURATION
[16:17:03] NOTICE: ZITI-EDGE-TUNNEL: [0/Fri Feb 23 16:17:03 CET 2024] [PID:186] [END:MAIN LOOP]
/opt/openziti/scripts/startup.sh: line 217:   186 Trace/breakpoint trap   (core dumped) /bin/bash -c "${RUNTIME} ${RUNTIMEOPTS}"
[16:17:03] INFO: Setup of system resolver via REST to [192.168.128.1] succeeded.
[16:17:03] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM END
[16:17:03] NOTICE: Stopped Ziti-Edge-Tunnel...
[16:17:04] NOTICE: Starting Ziti-Edge-Tunnel...
[16:17:04] INFO: with SUPERVISOR_TOKEN  :"dcb63a5e25...".
[16:17:04] INFO: with IdentityDirectory :"/share/openziti/identities".
[16:17:04] INFO: with ResolutionRange   :"100.64.64.0/18".
[16:17:04] INFO: with UpstreamResolver  :"192.168.128.1".
[16:17:04] INFO: with LogLevel          :"2".
[16:17:05] NOTICE: ZITI-EDGE-TUNNEL: PREINIT BEGIN
[16:17:05] INFO: Runtime version is "0.22.22".
[16:17:05] INFO: Architecture is "aarch64".
[16:17:05] INFO: ZITI-EDGE-TUNNEL: ENROLLMENT NOT REQUESTED
[16:17:05] INFO: IDENTITY: [/share/openziti/identities/ZTID-20240215_114559.json]
[16:17:05] INFO: ZITI_DNS_IP: 100.64.64.1
[16:17:05] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
174 173 172 171 170
[16:17:05] WARNING: Assisting application "nginx" is already running.
181 180 179
[16:17:05] WARNING: Assisting application "php-fpm82" is already running.
[16:17:05] INFO: INIT STRING: [/opt/openziti/ziti-edge-tunnel run -I /share/openziti/identities -u 192.168.128.1 -v 2]
[16:17:05] NOTICE: ZITI-EDGE-TUNNEL: PREINIT END
[16:17:05] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM BEGIN
(291)[        0.067]    WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
[16:17:10] NOTICE: ZITI-EDGE-TUNNEL: [0/Fri Feb 23 16:17:10 CET 2024] [PID:291] [END:MAIN LOOP]
/opt/openziti/scripts/startup.sh: line 217:   291 Trace/breakpoint trap   (core dumped) /bin/bash -c "${RUNTIME} ${RUNTIMEOPTS}"
[16:17:10] INFO: Setup of system resolver via REST to [192.168.128.1] succeeded.
[16:17:10] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM END
[16:17:10] NOTICE: Stopped Ziti-Edge-Tunnel...
[16:17:11] NOTICE: Starting Ziti-Edge-Tunnel...
[16:17:11] INFO: with SUPERVISOR_TOKEN  :"dcb63a5e25...".
[16:17:11] INFO: with IdentityDirectory :"/share/openziti/identities".
[16:17:11] INFO: with ResolutionRange   :"100.64.64.0/18".
[16:17:11] INFO: with UpstreamResolver  :"192.168.128.1".
[16:17:11] INFO: with LogLevel          :"2".
[16:17:11] NOTICE: ZITI-EDGE-TUNNEL: PREINIT BEGIN
[16:17:11] INFO: Runtime version is "0.22.22".
[16:17:11] INFO: Architecture is "aarch64".
[16:17:11] INFO: ZITI-EDGE-TUNNEL: ENROLLMENT NOT REQUESTED
[16:17:11] INFO: IDENTITY: [/share/openziti/identities/ZTID-20240215_114559.json]
[16:17:11] INFO: ZITI_DNS_IP: 100.64.64.1
[16:17:11] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
174 173 172 171 170
[16:17:11] WARNING: Assisting application "nginx" is already running.
181 180 179
[16:17:11] WARNING: Assisting application "php-fpm82" is already running.
[16:17:11] INFO: INIT STRING: [/opt/openziti/ziti-edge-tunnel run -I /share/openziti/identities -u 192.168.128.1 -v 2]
[16:17:12] NOTICE: ZITI-EDGE-TUNNEL: PREINIT END
[16:17:12] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM BEGIN
(393)[        0.068]    WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
[16:17:17] NOTICE: ZITI-EDGE-TUNNEL: [0/Fri Feb 23 16:17:17 CET 2024] [PID:393] [END:MAIN LOOP]
/opt/openziti/scripts/startup.sh: line 217:   393 Trace/breakpoint trap   (core dumped) /bin/bash -c "${RUNTIME} ${RUNTIMEOPTS}"
[16:17:17] INFO: Setup of system resolver via REST to [192.168.128.1] succeeded.
[16:17:17] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM END
[16:17:17] NOTICE: Stopped Ziti-Edge-Tunnel...

Hi,

I'm trying to test this out and running into an issue getting it to work behind a Caddy reverse proxy.

I'd previously gotten it to work using a separate machine on my home network and tunneling over

Caddy->EdgeTunnel(cloud Linux)->OpenZiti->EdgeTunnel(Local Linux)->HomeAssistant(raspberry pi)

Caddyfile

hass.example.com {
  reverse_proxy hass.home.ziti:8123
}

Intercept for hass.home.ziti:8123 with the host pointing to 192.168.x.x:8123

but switching to using the plugin just ends up with a bad request even after updating the trusted proxies to include 100.64.0.0/16

Caddyfile

hass.example.com {
  reverse_proxy hassio.home.ziti # tried hassio.home.ziti:8123 as well
}

Intercept for hassio.home.ziti on port 80 (tried 8123 as well) pointing to localhost:8123. The cloud machine can curl hassio.home.ziti successfully.