nicfragale / ha-netfoundry Goto Github PK
View Code? Open in Web Editor NEWThe unofficial OpenZiti by NetFoundry Addon for Home Assistant
License: Apache License 2.0
The unofficial OpenZiti by NetFoundry Addon for Home Assistant
License: Apache License 2.0
Hey!
Thank you for sharing your plug-in!
I'm having issues getting the service up and running. I believe there are config file handling issues.
Any ideas what I could do?
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/profile.sh
cont-init: info: /etc/cont-init.d/profile.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun ziti-edge-tunnel (no readiness notification)
s6-rc: info: service legacy-services successfully started
[15:17:17] NOTICE: Starting NetFoundry ZITI...
[15:17:17] INFO: with SUPERVISOR_TOKEN "xxx...".
[15:17:17] INFO: with IdentityDirectory "/share/NetFoundry/identities".
[15:17:17] INFO: with ResolutionRange "100.64.64.0/18".
[15:17:17] INFO: with UpstreamResolver "x.x.x.x".
[15:17:17] INFO: with LogLevel "3".
[15:17:17] INFO: with EnrollmentJWT "xxxx...xxxx".
[15:17:17] NOTICE: ZITI EDGE TUNNEL - PREINIT BEGIN
mode of '/opt/NetFoundry/scripts' changed to 0700 (rwx------)
mode of '/opt/NetFoundry/scripts/startup.sh' changed to 0700 (rwx------)
mode of '/opt/NetFoundry/scripts/zetdisplay.sh' changed to 0700 (rwx------)
mode of '/opt/NetFoundry/scripts/infodisplay.sh' changed to 0700 (rwx------)
[15:17:17] NOTICE: ZITI EDGE TUNNEL - ENROLL BEGIN
(152)[ 0.000] INFO ziti-sdk:utils.c:199 ziti_log_set_level() set log level: root=3/INFO
(152)[ 0.000] INFO ziti-sdk:utils.c:168 ziti_log_init() Ziti C SDK version 0.35.4 @9756522(HEAD) starting at (2023-12-07T14:17:17.160)
(152)[ 0.000] INFO ziti-sdk:utils.c:199 ziti_log_set_level() set log level: root=3/INFO
(152)[ 0.000] INFO ziti-sdk:utils.c:168 ziti_log_init() Ziti C SDK version 0.35.4 @9756522(HEAD) starting at (2023-12-07T14:17:17.160)
(152)[ 0.000] INFO ziti-sdk:ziti_enroll.c:90 ziti_enroll() Ziti C SDK version 0.35.4 @9756522(HEAD) starting enrollment at (2023-12-07T14:17:17.160)
(152)[ 0.000] ERROR ziti-sdk:jwt.c:26 parse_jwt_content() jwt input lacks a dot
(152)[ 0.000] ERROR ziti-sdk:ziti_enroll.c:125 ziti_enroll() /opt/NetFoundry/build/_deps/ziti-sdk-c-src/library/ziti_enroll.c:107 - load_jwt(opts->jwt, ecfg, &ecfg->zejh, &ecfg->zej) => -4 (JWT has invalid format)
(152)[ 0.000] ERROR ziti-edge-tunnel:ziti-edge-tunnel.c:2140 enroll_cb() enrollment failed: enroll failed(-4)
[15:17:22] NOTICE: ZITI EDGE TUNNEL - [0/Thu Dec 7 15:17:22 CET 2023] [PID:152] [END:ENROLL]
[15:17:22] NOTICE: ZITI EDGE TUNNEL - ENROLL END
[15:17:22] INFO: IDENTITIES: []
[15:17:22] INFO: ZITI_DNS_IP: 100.64.64.1
[15:17:22] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
[15:17:22] INFO: Assisting application "nginx" has been started with syntax options "".
[15:17:22] INFO: Assisting application "php-fpm81" has been started with syntax options "".
[15:17:22] INFO: INIT STRING: [/opt/NetFoundry/ziti-edge-tunnel run -I /share/NetFoundry/identities -d 100.64.64.0/18 -u 192.168.1.1 -v 3]
[15:17:22] NOTICE: ZITI EDGE TUNNEL - PREINIT END
[15:17:22] NOTICE: ZITI EDGE TUNNEL - PROGRAM BEGIN
(190)[ 0.000] INFO ziti-sdk:utils.c:199 ziti_log_set_level() set log level: root=3/INFO
(190)[ 0.000] INFO ziti-sdk:utils.c:168 ziti_log_init() Ziti C SDK version 0.35.4 @9756522(HEAD) starting at (2023-12-07T14:17:22.269)
(190)[ 0.000] INFO ziti-edge-tunnel:instance-config.c:86 load_tunnel_status_from_file() Loading config file from /var/lib/ziti/config.json
(190)[ 0.000] ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json. This is normal if this is a new install or if the config file was removed manually
(190)[ 0.000] ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json.backup. This is normal if this is a new install or if the config file was removed manually
(190)[ 0.000] WARN ziti-edge-tunnel:instance-config.c:98 load_tunnel_status_from_file() Config files /var/lib/ziti/config.json and the backup file cannot be read or they do not exist, will create a new config file or the old one will be overwritten
(190)[ 0.000] INFO tunnel-sdk:ziti_tunnel.c:60 create_tunneler_ctx() Ziti Tunneler SDK (0.22.12)
(190)[ 0.000] INFO tunnel-cbs:ziti_dns.c:168 seed_dns() DNS configured with range 100.64.64.0 - 100.64.127.255 (16382 ips)
(190)[ 0.000] INFO tunnel-cbs:ziti_dns.c:232 ziti_dns_set_upstream() DNS upstream is set to x.x.x.x:53
(190)[ 0.000] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1698 run_tunneler_loop() Loading identity files from /share/NetFoundry/identities
(190)[ 0.000] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1624 make_socket_path() effective group set to 'ziti' (gid=99)
(190)[ 0.008] WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
(190)[ 0.008] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 0.008] ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not copy config file [/var/lib/ziti/config.json] to backup config file, the config might not exists at the moment
(190)[ 0.008] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 5.461] WARN tunnel-cbs:ziti_dns.c:762 on_upstream_packet() unexpected DNS response: too large
(190)[ 7.268] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 7.268] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 18.955] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 18.955] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 22.475] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 22.475] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
(190)[ 139.672] INFO ziti-edge-tunnel:resolvers.c:425 make_copy() attempting copy of: /etc/resolv.conf
(190)[ 139.672] INFO ziti-edge-tunnel:resolvers.c:439 make_copy() copy successful: /etc/resolv.conf.bkp
https://github.com/NicFragale/HA-NetFoundry/tree/main/openziti#readme
What does it do, and how does it work?
After updating to the new version the addon does not start anymore. I uninstalled and reinstalled the addon, but this didn't help.
Here are the logs from the addon:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/profile.sh
cont-init: info: /etc/cont-init.d/profile.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun ziti-edge-tunnel (no readiness notification)
s6-rc: info: service legacy-services successfully started
[16:16:57] NOTICE: Starting Ziti-Edge-Tunnel...
[16:16:58] INFO: with SUPERVISOR_TOKEN :"dcb63a5e25...".
[16:16:58] INFO: with IdentityDirectory :"/share/openziti/identities".
[16:16:58] INFO: with ResolutionRange :"100.64.64.0/18".
[16:16:58] INFO: with UpstreamResolver :"192.168.128.1".
[16:16:58] INFO: with LogLevel :"2".
[16:16:58] NOTICE: ZITI-EDGE-TUNNEL: PREINIT BEGIN
[16:16:58] INFO: Runtime version is "0.22.22".
[16:16:58] INFO: Architecture is "aarch64".
[16:16:58] INFO: ZITI-EDGE-TUNNEL: ENROLLMENT NOT REQUESTED
[16:16:58] INFO: IDENTITY: [/share/openziti/identities/ZTID-20240215_114559.json]
[16:16:58] INFO: ZITI_DNS_IP: 100.64.64.1
[16:16:58] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
[16:16:58] INFO: Assisting application "nginx" has been started with syntax options "NONE".
[16:16:58] INFO: Assisting application "php-fpm82" has been started with syntax options "NONE".
[16:16:58] INFO: INIT STRING: [/opt/openziti/ziti-edge-tunnel run -I /share/openziti/identities -u 192.168.128.1 -v 2]
[16:16:58] NOTICE: ZITI-EDGE-TUNNEL: PREINIT END
[16:16:58] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM BEGIN
(186)[ 0.000] ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json. This is normal if this is a new install or if the config file was removed manually
(186)[ 0.000] ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file No such file or directory cannot be opened due to /var/lib/ziti/config.json.backup. This is normal if this is a new install or if the config file was removed manually
(186)[ 0.000] WARN ziti-edge-tunnel:instance-config.c:98 load_tunnel_status_from_file() Config files /var/lib/ziti/config.json and the backup file cannot be read or they do not exist, will create a new config file or the old one will be overwritten
(186)[ 0.000] WARN ziti-edge-tunnel:instance.c:40 find_tunnel_identity() Identity ztx[/share/openziti/identities/ZTID-20240215_114559.json] is not loaded yet or already removed.
(186)[ 0.093] WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
(186)[ 0.094] ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not copy config file [/var/lib/ziti/config.json] to backup config file, the config might not exists at the moment
[16:17:03] INFO: UPDATED RESOLV CONFIGURATION
[16:17:03] NOTICE: ZITI-EDGE-TUNNEL: [0/Fri Feb 23 16:17:03 CET 2024] [PID:186] [END:MAIN LOOP]
/opt/openziti/scripts/startup.sh: line 217: 186 Trace/breakpoint trap (core dumped) /bin/bash -c "${RUNTIME} ${RUNTIMEOPTS}"
[16:17:03] INFO: Setup of system resolver via REST to [192.168.128.1] succeeded.
[16:17:03] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM END
[16:17:03] NOTICE: Stopped Ziti-Edge-Tunnel...
[16:17:04] NOTICE: Starting Ziti-Edge-Tunnel...
[16:17:04] INFO: with SUPERVISOR_TOKEN :"dcb63a5e25...".
[16:17:04] INFO: with IdentityDirectory :"/share/openziti/identities".
[16:17:04] INFO: with ResolutionRange :"100.64.64.0/18".
[16:17:04] INFO: with UpstreamResolver :"192.168.128.1".
[16:17:04] INFO: with LogLevel :"2".
[16:17:05] NOTICE: ZITI-EDGE-TUNNEL: PREINIT BEGIN
[16:17:05] INFO: Runtime version is "0.22.22".
[16:17:05] INFO: Architecture is "aarch64".
[16:17:05] INFO: ZITI-EDGE-TUNNEL: ENROLLMENT NOT REQUESTED
[16:17:05] INFO: IDENTITY: [/share/openziti/identities/ZTID-20240215_114559.json]
[16:17:05] INFO: ZITI_DNS_IP: 100.64.64.1
[16:17:05] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
174 173 172 171 170
[16:17:05] WARNING: Assisting application "nginx" is already running.
181 180 179
[16:17:05] WARNING: Assisting application "php-fpm82" is already running.
[16:17:05] INFO: INIT STRING: [/opt/openziti/ziti-edge-tunnel run -I /share/openziti/identities -u 192.168.128.1 -v 2]
[16:17:05] NOTICE: ZITI-EDGE-TUNNEL: PREINIT END
[16:17:05] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM BEGIN
(291)[ 0.067] WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
[16:17:10] NOTICE: ZITI-EDGE-TUNNEL: [0/Fri Feb 23 16:17:10 CET 2024] [PID:291] [END:MAIN LOOP]
/opt/openziti/scripts/startup.sh: line 217: 291 Trace/breakpoint trap (core dumped) /bin/bash -c "${RUNTIME} ${RUNTIMEOPTS}"
[16:17:10] INFO: Setup of system resolver via REST to [192.168.128.1] succeeded.
[16:17:10] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM END
[16:17:10] NOTICE: Stopped Ziti-Edge-Tunnel...
[16:17:11] NOTICE: Starting Ziti-Edge-Tunnel...
[16:17:11] INFO: with SUPERVISOR_TOKEN :"dcb63a5e25...".
[16:17:11] INFO: with IdentityDirectory :"/share/openziti/identities".
[16:17:11] INFO: with ResolutionRange :"100.64.64.0/18".
[16:17:11] INFO: with UpstreamResolver :"192.168.128.1".
[16:17:11] INFO: with LogLevel :"2".
[16:17:11] NOTICE: ZITI-EDGE-TUNNEL: PREINIT BEGIN
[16:17:11] INFO: Runtime version is "0.22.22".
[16:17:11] INFO: Architecture is "aarch64".
[16:17:11] INFO: ZITI-EDGE-TUNNEL: ENROLLMENT NOT REQUESTED
[16:17:11] INFO: IDENTITY: [/share/openziti/identities/ZTID-20240215_114559.json]
[16:17:11] INFO: ZITI_DNS_IP: 100.64.64.1
[16:17:11] INFO: Setup of system resolver via REST to [100.64.64.1] succeeded.
174 173 172 171 170
[16:17:11] WARNING: Assisting application "nginx" is already running.
181 180 179
[16:17:11] WARNING: Assisting application "php-fpm82" is already running.
[16:17:11] INFO: INIT STRING: [/opt/openziti/ziti-edge-tunnel run -I /share/openziti/identities -u 192.168.128.1 -v 2]
[16:17:12] NOTICE: ZITI-EDGE-TUNNEL: PREINIT END
[16:17:12] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM BEGIN
(393)[ 0.068] WARN ziti-edge-tunnel:tun.c:277 find_dns_updater() Adding ziti resolver to /etc/resolv.conf. Ziti DNS functionality may be impaired
[16:17:17] NOTICE: ZITI-EDGE-TUNNEL: [0/Fri Feb 23 16:17:17 CET 2024] [PID:393] [END:MAIN LOOP]
/opt/openziti/scripts/startup.sh: line 217: 393 Trace/breakpoint trap (core dumped) /bin/bash -c "${RUNTIME} ${RUNTIMEOPTS}"
[16:17:17] INFO: Setup of system resolver via REST to [192.168.128.1] succeeded.
[16:17:17] NOTICE: ZITI-EDGE-TUNNEL: PROGRAM END
[16:17:17] NOTICE: Stopped Ziti-Edge-Tunnel...
Hi,
I'm trying to test this out and running into an issue getting it to work behind a Caddy reverse proxy.
I'd previously gotten it to work using a separate machine on my home network and tunneling over
Caddy->EdgeTunnel(cloud Linux)->OpenZiti->EdgeTunnel(Local Linux)->HomeAssistant(raspberry pi)
Caddyfile
hass.example.com {
reverse_proxy hass.home.ziti:8123
}
Intercept for hass.home.ziti:8123
with the host pointing to 192.168.x.x:8123
but switching to using the plugin just ends up with a bad request even after updating the trusted proxies to include 100.64.0.0/16
Caddyfile
hass.example.com {
reverse_proxy hassio.home.ziti # tried hassio.home.ziti:8123 as well
}
Intercept for hassio.home.ziti
on port 80 (tried 8123 as well) pointing to localhost:8123
. The cloud machine can curl hassio.home.ziti
successfully.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.