This local deployment README guides you to set up a running local Ziti stack. If you have not already built the apps in this repo you may go back
to the previous tutorial about getting set up for local development for build instructions. The remainder of the tutorial will assume you have installed all the apps so they can
be found in your shell's executable search PATH
.
You will configure and run:
ziti controller
with the provided demo certificate authority in./etc/ca
ziti router
as an edge router
These commands require a running BASH shell. Windows users will need to use WSL, cygwin, a Linux virtual machine, or some other environment that supports BASH. The easiest thing might just be to use the shell that comes with git bashfor windows. WSL is maturing more and more: Mintty and WSL.
Also note that the ziti
command may need to have the .exe
suffix appended to the example commands.
The remainder of this local development tutorital will instruct you to run terminal commands with current working directory of the top-level of this checked-out repo. The generated configuration files will use filesystem paths that are relative to this directory.
Go ahead and create a ./db
directory. Git is configured to ignore this directory and it will house the tutorial files. You may delete this directory to reset the tutorial.
mkdir -p ./db
Before you can run the controller will initialize its configuration and database. We'll use the demo CA that's checked in to this repo in ./etc/ca
.
ZITI_HOME=. \
ZITI_CTRL_LISTENER_ADDRESS=127.0.0.1 \
ZITI_CTRL_EDGE_LISTENER_HOST_PORT=127.0.0.1:1280 \
ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT=127.0.0.1:1280 \
ZITI_CTRL_IDENTITY_CERT=./etc/ca/intermediate/certs/ctrl-client.cert.pem \
ZITI_CTRL_IDENTITY_SERVER_CERT=./etc/ca/intermediate/certs/ctrl-server.cert.pem \
ZITI_CTRL_IDENTITY_KEY=./etc/ca/intermediate/private/ctrl.key.pem \
ZITI_CTRL_IDENTITY_CA=./etc/ca/intermediate/certs/ca-chain.cert.pem \
ZITI_SIGNING_CERT=./etc/ca/intermediate/certs/intermediate.cert.pem \
ZITI_SIGNING_KEY=./etc/ca/intermediate/private/intermediate.key.decrypted.pem \
ziti create config controller \
--output ./db/ctrl-config.yml
ziti controller edge init ./db/ctrl-config.yml -u ADMIN_NAME -p ADMIN_PW
Edge SDKs will connect to the running controller to authenticate and request a session. Leave the controller running in a terminal so that you may inspect the log messages.
ziti controller run ./db/ctrl-config.yml
You will need a new terminal with current directory set to the top-level of this repo.This login step will save a session token in the ziti
CLI's configuration cache.
ziti edge login -u ADMIN_NAME -p ADMIN_PW
Subsequent ziti
CLI commands will automatically re-use this session token. You'll need to perform this login step again when the token expires.
Request an enrollment token from the controller for router01.
ziti edge create edge-router router01 \
--jwt-output-file /tmp/router01.jwt \
--tunneler-enabled
Generate a configuration file for router01.
ZITI_HOME=./db \
ZITI_CTRL_ADVERTISED_ADDRESS=127.0.0.1 \
ZITI_EDGE_ROUTER_RAWNAME=localhost \
ziti create config router edge \
--routerName router01 \
--output ./db/router01-config.yml
Enroll router01 by presenting the token to the controller to receive a certificate in the filesystem location specified in the configuration file.
ziti router enroll --jwt /tmp/router01.jwt ./db/router01-config.yml
Edge SDKs will connect to the running edge router to connect to services. Leave the router process running in a terminal so you can monitor the log messages while you continue the tutorial in a new terminal.
ziti router run ./db/router01-config.yml
A service is an entity that stores metadata about a server application. The ziti
CLI has an interactive tutorial to step you through creating your first service.
When prompted, select your running edge router router01
.
ziti edge tutorial first-service
If you prefer, you may read the first-service tutorial as a web site
- The Go SDK examples illustrate embedding OpenZiti in both client and server applications.
- You may wish to know more about controller PKI.