This local deployment README guides you to set up a running local Ziti stack. If you have not already built the apps in this repo you may go back
to the previous tutorial about getting set up for local development for build instructions. The remainder of the tutorial will assume you have installed all the apps so they can
be found in your shell's executable search PATH.
You will configure and run:
ziti controllerwith the provided demo certificate authority in./etc/caziti routeras an edge router
These commands require a running BASH shell. Windows users will need to use WSL, cygwin, a Linux virtual machine, or some other environment that supports BASH. The easiest thing might just be to use the shell that comes with git bashfor windows. WSL is maturing more and more: Mintty and WSL.
Also note that the ziti command may need to have the .exe suffix appended to the example commands.
The remainder of this local development tutorital will instruct you to run terminal commands with current working directory of the top-level of this checked-out repo. The generated configuration files will use filesystem paths that are relative to this directory.
Go ahead and create a ./db directory. Git is configured to ignore this directory and it will house the tutorial files. You may delete this directory to reset the tutorial.
mkdir -p ./dbBefore you can run the controller will initialize its configuration and database. We'll use the demo CA that's checked in to this repo in ./etc/ca.
ZITI_HOME=. \
ZITI_CTRL_ADVERTISED_ADDRESS=127.0.0.1 \
ZITI_CTRL_EDGE_ADVERTISED_HOST_PORT=127.0.0.1:1280 \
ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT=127.0.0.1:1280 \
ZITI_PKI_CTRL_CERT=./etc/ca/intermediate/certs/ctrl-client.cert.pem \
ZITI_PKI_CTRL_SERVER_CERT=./etc/ca/intermediate/certs/ctrl-server.cert.pem \
ZITI_PKI_CTRL_KEY=./etc/ca/intermediate/private/ctrl.key.pem \
ZITI_PKI_CTRL_CA=./etc/ca/intermediate/certs/ca-chain.cert.pem \
ZITI_PKI_SIGNER_CERT=./etc/ca/intermediate/certs/intermediate.cert.pem \
ZITI_PKI_SIGNER_KEY=./etc/ca/intermediate/private/intermediate.key.decrypted.pem \
ziti create config controller \
--output ./db/ctrl-config.ymlziti controller edge init ./db/ctrl-config.yml -u ADMIN_NAME -p ADMIN_PWEdge SDKs will connect to the running controller to authenticate and request a session. Leave the controller running in a terminal so that you may inspect the log messages.
ziti controller run ./db/ctrl-config.ymlYou will need a new terminal with current directory set to the top-level of this repo.This login step will save a session token in the ziti CLI's configuration cache.
ziti edge login -u ADMIN_NAME -p ADMIN_PWSubsequent ziti CLI commands will automatically reuse this session token. You'll need to perform this login step again when the token expires.
Request an enrollment token from the controller for router01.
ziti edge create edge-router router01 \
--jwt-output-file /tmp/router01.jwt \
--tunneler-enabledGenerate a configuration file for router01.
ZITI_HOME=./db \
ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=127.0.0.1 \
ZITI_ROUTER_NAME=localhost \
ziti create config router edge \
--routerName router01 \
--output ./db/router01-config.ymlEnroll router01 by presenting the token to the controller to receive a certificate in the filesystem location specified in the configuration file.
ziti router enroll --jwt /tmp/router01.jwt ./db/router01-config.ymlEdge SDKs will connect to the running edge router to connect to services. Leave the router process running in a terminal so you can monitor the log messages while you continue the tutorial in a new terminal.
ziti router run ./db/router01-config.ymlA service is an entity that stores metadata about a server application. The ziti CLI has an interactive tutorial to step you through creating your first service.
When prompted, select your running edge router router01.
ziti demo first-serviceIf you prefer, you may read the first-service tutorial as a web site
- The Go SDK examples illustrate embedding OpenZiti in both client and server applications.
- You may wish to know more about controller PKI.