Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux ziti-edge-tunneler incompatibilities with immutable distros (Fedora Atomic, etc) #1890

Open
ruzko opened this issue Apr 2, 2024 · 0 comments
Open

Linux ziti-edge-tunneler incompatibilities with immutable distros (Fedora Atomic, etc) #1890

ruzko opened this issue Apr 2, 2024 · 0 comments

Comments

@ruzko
Copy link

ruzko commented Apr 2, 2024

Ziti Edge Tunneler for Linux seems to put a lot of useful stuff in directories that are read-only on "immutable" distros like Fedora Atomic, e.g /opt/ and /usr/.
Since the systemd service file (when enabled) in /etc/systemd/system/multi-user.target.wants/ziti-edge-tunnel.service is just a symlink to /usr/lib/systemd/system/ziti-edge-tunnel.service, changing the systemd service must be done by creating a drop-in snippet in /etc/systemd/system/ziti-edge-tunnel.service.d/.

This drop-in file makes the systemd service load identities from a read-write directory (make sure it exists first!) instead of the read-only (and therefore broken) default location of /opt/openziti/etc/identities/:

[Service]
ExecStart=
ExecStart=/opt/openziti/bin/ziti-edge-tunnel run --verbose=${ZITI_VERBOSE} --dns-ip-range=${ZITI_DNS_IP_RANGE} --identity-dir=/etc/openziti/identities

Read-only shenanigans might be related to these (non-fatal) errors:

april 02 18:33:53 fedora ziti-edge-tunnel[365643]: (365643)[        0.055]   ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not copy config file [/var/lib/ziti/config.json] to backup config file, the config might not exists at the moment
april 02 18:33:53 fedora ziti-edge-tunnel[365643]: (365643)[        0.055]   ERROR ziti-edge-tunnel:instance-config.c:142 save_tunnel_status_to_file() Could not open config file /var/lib/ziti/config.json to store the tunnel status data

The config file exists, so that's not the problem:

ls -l /var/lib/ziti
totalt 8
-rw-r--r--. 1 root ziti 849 mars  30 23:51 config.json
-rw-r--r--. 1 root ziti 398 mars  30 12:22 config.json.backup

 cat /var/lib/ziti/config.json
{
	"Active":true,
	"Duration":0,
	"StartTime":"2024-03-30T11:30:09.078533Z",
	"Identities":[{
		"Name":"laptopClient1",
		"Identifier":"laptopClient1.json",
		"FingerPrint":"laptopClient1",
		"Active":false,
		"Loaded":false,
		"IdFileStatus":false,
		"MfaEnabled":false,
		"MfaNeeded":false,
		"Metrics":{
			"Up":0,
			"Down":0
			},
		"MfaMinTimeout":0,
		"MfaMaxTimeout":0,
		"MfaMinTimeoutRem":0,
		"MfaMaxTimeoutRem":0,
		"MinTimeoutRemInSvcEvent":0,
		"MaxTimeoutRemInSvcEvent":0,
		"Deleted":false,
		"Notified":false
		}],
	"IpInfo":{
		"Ip":"100.64.0.1",
		"Subnet":"255.192.0.0",
		"MTU":65535,
		"DNS":"100.64.0.2"
		},
	"LogLevel":"info",
	"ServiceVersion":{
		"Version":"v0.22.26",
		"Revision":"local",
		"BuildDate":"Wed-03/27/2024-17:02:35-UTC"
		},
	"TunIpv4":"100.64.0.1",
	"TunIpv4Mask":10,
	"AddDns":false,
	"ApiPageSize":25
	}

Related forum post
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ruzko