Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZET keeps trying to use disabled identity #644

Open
qrkourier opened this issue May 4, 2023 · 4 comments
Open

ZET keeps trying to use disabled identity #644

qrkourier opened this issue May 4, 2023 · 4 comments

Comments

@qrkourier
Copy link
Member

Expectation: disabling an identity suppresses all log activity and outgoing connection attempts related to that identity

Observation: I used the desktop UI on Linux to toggle an identity off, but ZET keeps trying to use the inactive identity, so the log is full of WARN and ERROR messages about the unreachable controller. This doesn't prevent the active identities from functioning, but it adds a lot of noise when working with multiple identities.

Example logs while identity with identifier /opt/openziti/etc/identities/miniziti-client.json is Active: false.

May 04 13:45:27 kpop4 ziti-edge-tunnel[276821]: (276821)[      285.374]   ERROR ziti-sdk:ziti_ctrl.c:155 ctrl_resp_cb() ctrl[minicontroller.ziti] request failed: -113(host is unreachable)
May 04 13:45:27 kpop4 ziti-edge-tunnel[276821]: (276821)[      285.374]    WARN ziti-sdk:ziti.c:1451 api_session_cb() ztx[2] failed to get api session from ctrl[https://minicontroller.ziti:443] api_session_state[1] CONTROLLER_UNAVAILABLE[-15] host is unreachable

❯ ziti-edge-tunnel tunnel_status|sed -E 's/(^received\sresponse\s<|>$)//g'|jq '.Data.Identities[]|{Identifier: .Identifier, Active: .Active}'
{
  "Identifier": "/opt/openziti/etc/identities/miniziti-client.json",
  "Active": false
}
# ... output truncated to highlight the relevant identifier
@qrkourier
Copy link
Member Author

I can still reproduce this in 0.22.20.

$ ziti-edge-tunnel on_off_identity -i /opt/openziti/etc/identities/miniziti-client.json -o f
received response <{"Success":true,"Data":{"Command":"IdentityOnOff","Data":{"Identifier":"/opt/openziti/etc/identities/miniziti-client.json","OnOff":false}},"Code":0}
>

$ ziti-edge-tunnel tunnel_status|sed -E 's/(^received\sresponse\s<|>$)//g'|jq '.Data.Identities[]|select(.Identifier == "/opt/openziti/etc/identities/miniziti-client.json")|.Active'
false

$ jq .ztAPI /opt/openziti/etc/identities/miniziti-client.json                                                               
"https://miniziti-controller.192.168.49.2.sslip.io:443"
Feb 13 10:59:12 mira valgrind[314990]: (314990)[   476791.297]    WARN ziti-sdk:ziti.c:1597 api_session_cb() ztx[9] failed to get api session from ctrl[https://miniziti-controller.192.168.49.2.sslip.io:443] api_session_state[1] CONTROLLER_UNAVAILABLE[-16] host is unreachable

@dovholuknf dovholuknf mentioned this issue Aug 15, 2024
Closed
@dovholuknf
Copy link
Member

i'm pretty sure this duplicates #630

@qrkourier
Copy link
Member Author

qrkourier commented Aug 15, 2024
edited
Loading

#630 is about remembering a disabled status so it stays disabled, but this one's about a disabled identity not really being disabled right away because it keeps talking to the controller, which is similar to #672.

@dovholuknf
Copy link
Member

Yes. It's the same thing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qrkourier @dovholuknf