ziti-tunnel-sdk-c
ziti-tunnel-sdk-c copied to clipboard
openziti
ZET keeps trying to use disabled identity
Expectation: disabling an identity suppresses all log activity and outgoing connection attempts related to that identity
Observation: I used the desktop UI on Linux to toggle an identity off, but ZET keeps trying to use the inactive identity, so the log is full of WARN and ERROR messages about the unreachable controller. This doesn't prevent the active identities from functioning, but it adds a lot of noise when working with multiple identities.
Example logs while identity with identifier /opt/openziti/etc/identities/miniziti-client.json is Active: false.
May 04 13:45:27 kpop4 ziti-edge-tunnel[276821]: (276821)[ 285.374] ERROR ziti-sdk:ziti_ctrl.c:155 ctrl_resp_cb() ctrl[minicontroller.ziti] request failed: -113(host is unreachable)
May 04 13:45:27 kpop4 ziti-edge-tunnel[276821]: (276821)[ 285.374] WARN ziti-sdk:ziti.c:1451 api_session_cb() ztx[2] failed to get api session from ctrl[https://minicontroller.ziti:443] api_session_state[1] CONTROLLER_UNAVAILABLE[-15] host is unreachable
❯ ziti-edge-tunnel tunnel_status|sed -E 's/(^received\sresponse\s<|>$)//g'|jq '.Data.Identities[]|{Identifier: .Identifier, Active: .Active}'
{
"Identifier": "/opt/openziti/etc/identities/miniziti-client.json",
"Active": false
}
# ... output truncated to highlight the relevant identifier
I can still reproduce this in 0.22.20.
$ ziti-edge-tunnel on_off_identity -i /opt/openziti/etc/identities/miniziti-client.json -o f
received response <{"Success":true,"Data":{"Command":"IdentityOnOff","Data":{"Identifier":"/opt/openziti/etc/identities/miniziti-client.json","OnOff":false}},"Code":0}
>
$ ziti-edge-tunnel tunnel_status|sed -E 's/(^received\sresponse\s<|>$)//g'|jq '.Data.Identities[]|select(.Identifier == "/opt/openziti/etc/identities/miniziti-client.json")|.Active'
false
$ jq .ztAPI /opt/openziti/etc/identities/miniziti-client.json
"https://miniziti-controller.192.168.49.2.sslip.io:443"
Feb 13 10:59:12 mira valgrind[314990]: (314990)[ 476791.297] WARN ziti-sdk:ziti.c:1597 api_session_cb() ztx[9] failed to get api session from ctrl[https://miniziti-controller.192.168.49.2.sslip.io:443] api_session_state[1] CONTROLLER_UNAVAILABLE[-16] host is unreachable
#630 is about remembering a disabled status so it stays disabled, but this one's about a disabled identity not really being disabled right away because it keeps talking to the controller, which is similar to #672.