From 549d4f659bd410d404b8a2be65bc7ecd96a6323e Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 20 Dec 2023 13:14:05 -0500 Subject: [PATCH 01/16] deprecate --already-initialized and imply the same behavior when --home ZITI_HOME is set and ZITI_HOME/db exists on subsequent runs --- ziti/cmd/edge/quickstart.go | 137 +++++++++++++++++++----------------- 1 file changed, 71 insertions(+), 66 deletions(-) diff --git a/ziti/cmd/edge/quickstart.go b/ziti/cmd/edge/quickstart.go index b77b3bb91..431549b0f 100644 --- a/ziti/cmd/edge/quickstart.go +++ b/ziti/cmd/edge/quickstart.go @@ -65,7 +65,7 @@ func NewQuickStartCmd(out io.Writer, errOut io.Writer, context context.Context) cmd := &cobra.Command{ Use: "quickstart", Short: "runs a Controller and Router in quickstart mode", - Long: `runs a Controller and Router in quickstart mode. By default, this will create a totally ephemeral network, only valid while running.`, + Long: "runs a Controller and Router as a single process; state is deleted on exit unless --home", Run: func(cmd *cobra.Command, args []string) { options.out = out options.errOut = errOut @@ -75,7 +75,7 @@ func NewQuickStartCmd(out io.Writer, errOut io.Writer, context context.Context) cmd.Flags().StringVarP(&options.Username, "username", "u", "", "Username to use when creating the Ziti Edge Controller. default: admin") cmd.Flags().StringVarP(&options.Password, "password", "p", "", "Password to use for authenticating to the Ziti Edge Controller. default: admin") - cmd.Flags().BoolVar(&options.AlreadyInitialized, "already-initialized", false, "Specifies the PKI does not need to be created and the db does not need to be initialized. Recommended to be combined with --home. If --home is not specified the environment will be destroyed on shutdown! default: false") + cmd.Flags().BoolVar(&options.AlreadyInitialized, "already-initialized", false, "deprecated and implied by --home on subsequent runs") cmd.Flags().StringVar(&options.Home, "home", "", "Sets the directory the environment should be installed into. Defaults to a temporary directory. If specified, the environment will not be removed on exit.") cmd.Flags().StringVar(&options.ControllerAddress, "ctrl-address", "", "Sets the advertised address for the control plane and API. current: "+currentCtrlAddy) @@ -121,6 +121,7 @@ func (o *QuickstartOpts) run(ctx context.Context) { } if o.Password == "" { o.Password = "admin" + logrus.Warn("using default password") } ctrlYaml := o.Home + "/ctrl.yaml" @@ -140,13 +141,19 @@ func (o *QuickstartOpts) run(ctx context.Context) { routerName = routerNameFromEnv } + if o.AlreadyInitialized { + logrus.Warn("deprecated option --already-initialized has no effect and is internally implied by --home on subsequent runs") + } + dbDir := o.Home + "/db" - _, _ = fmt.Fprintf(os.Stdout, "creating the tmp dir [%v] for the database.\n\n", dbDir) - _ = os.MkdirAll(dbDir, 0o777) + if _, err := os.Stat(dbDir); !os.IsNotExist(err) { + o.AlreadyInitialized = true + } else { + _ = os.MkdirAll(dbDir, 0o777) + logrus.Debugf("made directory '%s'", dbDir) - o.createMinimalPki() + o.createMinimalPki() - if !o.AlreadyInitialized { ctrl := create.NewCmdCreateConfigController() ctrl.SetArgs([]string{ fmt.Sprintf("--output=%s", ctrlYaml), @@ -303,69 +310,67 @@ func (o *QuickstartOpts) run(ctx context.Context) { } func (o *QuickstartOpts) createMinimalPki() { - if !o.AlreadyInitialized { - where := o.Home + "/pki" - fmt.Println("emitting a minimal PKI") - - //ziti pki create ca --pki-root="$pkiDir" --ca-file="root-ca" --ca-name="root-ca" - ca := pki.NewCmdPKICreateCA(o.out, o.errOut) - ca.SetArgs([]string{ - fmt.Sprintf("--pki-root=%s", where), - fmt.Sprintf("--ca-file=%s", "root-ca"), - fmt.Sprintf("--ca-name=%s", "root-ca"), - }) - pkiErr := ca.Execute() - if pkiErr != nil { - logrus.Fatal(pkiErr) - } + where := o.Home + "/pki" + fmt.Println("emitting a minimal PKI") + + //ziti pki create ca --pki-root="$pkiDir" --ca-file="root-ca" --ca-name="root-ca" + ca := pki.NewCmdPKICreateCA(o.out, o.errOut) + ca.SetArgs([]string{ + fmt.Sprintf("--pki-root=%s", where), + fmt.Sprintf("--ca-file=%s", "root-ca"), + fmt.Sprintf("--ca-name=%s", "root-ca"), + }) + pkiErr := ca.Execute() + if pkiErr != nil { + logrus.Fatal(pkiErr) + } - //ziti pki create intermediate --pki-root "$pkiDir" --ca-name "root-ca" --intermediate-name "intermediate-ca" --intermediate-file "intermediate-ca" --max-path-len "1" - intermediate := pki.NewCmdPKICreateIntermediate(o.out, o.errOut) - intermediate.SetArgs([]string{ - fmt.Sprintf("--pki-root=%s", where), - fmt.Sprintf("--ca-name=%s", "root-ca"), - fmt.Sprintf("--intermediate-name=%s", "intermediate-ca"), - fmt.Sprintf("--intermediate-file=%s", "intermediate-ca"), - "--max-path-len=1", - }) - intErr := intermediate.Execute() - if intErr != nil { - logrus.Fatal(intErr) - } + //ziti pki create intermediate --pki-root "$pkiDir" --ca-name "root-ca" --intermediate-name "intermediate-ca" --intermediate-file "intermediate-ca" --max-path-len "1" + intermediate := pki.NewCmdPKICreateIntermediate(o.out, o.errOut) + intermediate.SetArgs([]string{ + fmt.Sprintf("--pki-root=%s", where), + fmt.Sprintf("--ca-name=%s", "root-ca"), + fmt.Sprintf("--intermediate-name=%s", "intermediate-ca"), + fmt.Sprintf("--intermediate-file=%s", "intermediate-ca"), + "--max-path-len=1", + }) + intErr := intermediate.Execute() + if intErr != nil { + logrus.Fatal(intErr) + } - //ziti pki create server --pki-root="${ZITI_HOME}/pki" --ca-name "intermediate-ca" --server-name "server" --server-file "server" --dns "localhost,${ZITI_HOSTNAME}" - svr := pki.NewCmdPKICreateServer(o.out, o.errOut) - var ips = "127.0.0.1,::1" - ip_override := os.Getenv("ZITI_CTRL_EDGE_IP_OVERRIDE") - if ip_override != "" { - ips = ips + "," + ip_override - } - svr.SetArgs([]string{ - fmt.Sprintf("--pki-root=%s", where), - fmt.Sprintf("--ca-name=%s", "intermediate-ca"), - fmt.Sprintf("--server-name=%s", "server"), - fmt.Sprintf("--server-file=%s", "server"), - fmt.Sprintf("--dns=%s,%s", "localhost", helpers.GetCtrlAdvertisedAddress()), - fmt.Sprintf("--ip=%s", ips), - }) - svrErr := svr.Execute() - if svrErr != nil { - logrus.Fatal(svrErr) - } + //ziti pki create server --pki-root="${ZITI_HOME}/pki" --ca-name "intermediate-ca" --server-name "server" --server-file "server" --dns "localhost,${ZITI_HOSTNAME}" + svr := pki.NewCmdPKICreateServer(o.out, o.errOut) + var ips = "127.0.0.1,::1" + ip_override := os.Getenv("ZITI_CTRL_EDGE_IP_OVERRIDE") + if ip_override != "" { + ips = ips + "," + ip_override + } + svr.SetArgs([]string{ + fmt.Sprintf("--pki-root=%s", where), + fmt.Sprintf("--ca-name=%s", "intermediate-ca"), + fmt.Sprintf("--server-name=%s", "server"), + fmt.Sprintf("--server-file=%s", "server"), + fmt.Sprintf("--dns=%s,%s", "localhost", helpers.GetCtrlAdvertisedAddress()), + fmt.Sprintf("--ip=%s", ips), + }) + svrErr := svr.Execute() + if svrErr != nil { + logrus.Fatal(svrErr) + } - //ziti pki create client --pki-root="${ZITI_HOME}/pki" --ca-name "intermediate-ca" --client-name "client" --client-file "client" --key-file "server" - client := pki.NewCmdPKICreateClient(o.out, o.errOut) - client.SetArgs([]string{ - fmt.Sprintf("--pki-root=%s", where), - fmt.Sprintf("--ca-name=%s", "intermediate-ca"), - fmt.Sprintf("--client-name=%s", "client"), - fmt.Sprintf("--client-file=%s", "client"), - fmt.Sprintf("--key-file=%s", "server"), - }) - clientErr := client.Execute() - if clientErr != nil { - logrus.Fatal(clientErr) - } + //ziti pki create client --pki-root="${ZITI_HOME}/pki" --ca-name "intermediate-ca" --client-name "client" --client-file "client" --key-file "server" + client := pki.NewCmdPKICreateClient(o.out, o.errOut) + client.SetArgs([]string{ + fmt.Sprintf("--pki-root=%s", where), + fmt.Sprintf("--ca-name=%s", "intermediate-ca"), + fmt.Sprintf("--client-name=%s", "client"), + fmt.Sprintf("--client-file=%s", "client"), + fmt.Sprintf("--key-file=%s", "server"), + }) + clientErr := client.Execute() + if clientErr != nil { + logrus.Fatal(clientErr) } } From a148bc7740f44d4b9cf85857564c72770a317c52 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 20 Dec 2023 14:28:13 -0500 Subject: [PATCH 02/16] decommission --already-initialized --- ziti/cmd/edge/quickstart.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ziti/cmd/edge/quickstart.go b/ziti/cmd/edge/quickstart.go index 431549b0f..63ef709c6 100644 --- a/ziti/cmd/edge/quickstart.go +++ b/ziti/cmd/edge/quickstart.go @@ -75,8 +75,7 @@ func NewQuickStartCmd(out io.Writer, errOut io.Writer, context context.Context) cmd.Flags().StringVarP(&options.Username, "username", "u", "", "Username to use when creating the Ziti Edge Controller. default: admin") cmd.Flags().StringVarP(&options.Password, "password", "p", "", "Password to use for authenticating to the Ziti Edge Controller. default: admin") - cmd.Flags().BoolVar(&options.AlreadyInitialized, "already-initialized", false, "deprecated and implied by --home on subsequent runs") - cmd.Flags().StringVar(&options.Home, "home", "", "Sets the directory the environment should be installed into. Defaults to a temporary directory. If specified, the environment will not be removed on exit.") + cmd.Flags().StringVar(&options.Home, "home", "", "persistent state directory") cmd.Flags().StringVar(&options.ControllerAddress, "ctrl-address", "", "Sets the advertised address for the control plane and API. current: "+currentCtrlAddy) cmd.Flags().Int16Var(&options.ControllerPort, "ctrl-port", int16(defautlCtrlPort), "Sets the port to use for the control plane and API. current: "+currentCtrlPort) @@ -100,6 +99,8 @@ func (o *QuickstartOpts) run(ctx context.Context) { tmpDir, _ := os.MkdirTemp("", "quickstart") o.Home = tmpDir o.cleanOnExit = true + } else { + logrus.Infof("persistent state dir '%s' will not be removed on exit", o.Home) } if o.ControllerAddress != "" { _ = os.Setenv(constants.CtrlAdvertisedAddressVarName, o.ControllerAddress) @@ -121,7 +122,6 @@ func (o *QuickstartOpts) run(ctx context.Context) { } if o.Password == "" { o.Password = "admin" - logrus.Warn("using default password") } ctrlYaml := o.Home + "/ctrl.yaml" @@ -141,10 +141,6 @@ func (o *QuickstartOpts) run(ctx context.Context) { routerName = routerNameFromEnv } - if o.AlreadyInitialized { - logrus.Warn("deprecated option --already-initialized has no effect and is internally implied by --home on subsequent runs") - } - dbDir := o.Home + "/db" if _, err := os.Stat(dbDir); !os.IsNotExist(err) { o.AlreadyInitialized = true From bf2837fa984ceaa63d8ee18233cdef627e5adea1 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 21 Dec 2023 12:41:37 -0500 Subject: [PATCH 03/16] reword quickstart messages --- ziti/cmd/edge/quickstart.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ziti/cmd/edge/quickstart.go b/ziti/cmd/edge/quickstart.go index 63ef709c6..b201fb84e 100644 --- a/ziti/cmd/edge/quickstart.go +++ b/ziti/cmd/edge/quickstart.go @@ -65,7 +65,7 @@ func NewQuickStartCmd(out io.Writer, errOut io.Writer, context context.Context) cmd := &cobra.Command{ Use: "quickstart", Short: "runs a Controller and Router in quickstart mode", - Long: "runs a Controller and Router as a single process; state is deleted on exit unless --home", + Long: "runs a Controller and Router in quickstart mode with a temporary Ziti home directory; suitable for testing and development", Run: func(cmd *cobra.Command, args []string) { options.out = out options.errOut = errOut @@ -75,7 +75,7 @@ func NewQuickStartCmd(out io.Writer, errOut io.Writer, context context.Context) cmd.Flags().StringVarP(&options.Username, "username", "u", "", "Username to use when creating the Ziti Edge Controller. default: admin") cmd.Flags().StringVarP(&options.Password, "password", "p", "", "Password to use for authenticating to the Ziti Edge Controller. default: admin") - cmd.Flags().StringVar(&options.Home, "home", "", "persistent state directory") + cmd.Flags().StringVar(&options.Home, "home", "", "permanent Ziti home directory") cmd.Flags().StringVar(&options.ControllerAddress, "ctrl-address", "", "Sets the advertised address for the control plane and API. current: "+currentCtrlAddy) cmd.Flags().Int16Var(&options.ControllerPort, "ctrl-port", int16(defautlCtrlPort), "Sets the port to use for the control plane and API. current: "+currentCtrlPort) @@ -100,7 +100,7 @@ func (o *QuickstartOpts) run(ctx context.Context) { o.Home = tmpDir o.cleanOnExit = true } else { - logrus.Infof("persistent state dir '%s' will not be removed on exit", o.Home) + logrus.Infof("permanent Ziti --home '%s' will not be removed on exit", o.Home) } if o.ControllerAddress != "" { _ = os.Setenv(constants.CtrlAdvertisedAddressVarName, o.ControllerAddress) From 773779e77e893284635f8f234271d91cbd5562d0 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 8 Jan 2024 10:58:27 -0500 Subject: [PATCH 04/16] stop saying 'Ziti' --- ziti/cmd/edge/quickstart.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ziti/cmd/edge/quickstart.go b/ziti/cmd/edge/quickstart.go index b201fb84e..d861a4462 100644 --- a/ziti/cmd/edge/quickstart.go +++ b/ziti/cmd/edge/quickstart.go @@ -65,17 +65,17 @@ func NewQuickStartCmd(out io.Writer, errOut io.Writer, context context.Context) cmd := &cobra.Command{ Use: "quickstart", Short: "runs a Controller and Router in quickstart mode", - Long: "runs a Controller and Router in quickstart mode with a temporary Ziti home directory; suitable for testing and development", + Long: "runs a Controller and Router in quickstart mode with a temporary directory; suitable for testing and development", Run: func(cmd *cobra.Command, args []string) { options.out = out options.errOut = errOut options.run(context) }, } - cmd.Flags().StringVarP(&options.Username, "username", "u", "", "Username to use when creating the Ziti Edge Controller. default: admin") - cmd.Flags().StringVarP(&options.Password, "password", "p", "", "Password to use for authenticating to the Ziti Edge Controller. default: admin") + cmd.Flags().StringVarP(&options.Username, "username", "u", "", "Admin username, default: admin") + cmd.Flags().StringVarP(&options.Password, "password", "p", "", "Admin password, default: admin") - cmd.Flags().StringVar(&options.Home, "home", "", "permanent Ziti home directory") + cmd.Flags().StringVar(&options.Home, "home", "", "permanent directory") cmd.Flags().StringVar(&options.ControllerAddress, "ctrl-address", "", "Sets the advertised address for the control plane and API. current: "+currentCtrlAddy) cmd.Flags().Int16Var(&options.ControllerPort, "ctrl-port", int16(defautlCtrlPort), "Sets the port to use for the control plane and API. current: "+currentCtrlPort) @@ -100,7 +100,7 @@ func (o *QuickstartOpts) run(ctx context.Context) { o.Home = tmpDir o.cleanOnExit = true } else { - logrus.Infof("permanent Ziti --home '%s' will not be removed on exit", o.Home) + logrus.Infof("permanent --home '%s' will not be removed on exit", o.Home) } if o.ControllerAddress != "" { _ = os.Setenv(constants.CtrlAdvertisedAddressVarName, o.ControllerAddress) From ebf5609316a833cc02d0d227d26a43623f756153 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 8 Jan 2024 11:01:59 -0500 Subject: [PATCH 05/16] mention quickstart flag deprecation in changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4cf472c07..f73e4c093 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# Release 0.31.5 + +## What's New + +* ziti edge quickstart command deprecates redundant --already-initialized flag. The identical behavior is implied by --home. + # Release 0.31.4 ## What's New From 7ffd59dfc25e75666fc8305cdbe0dbec3ca8f02f Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 24 Nov 2023 11:27:09 -0500 Subject: [PATCH 06/16] add minimal quickstart docker project --- dist/cloudfront/get.openziti.io/routes.yml | 4 + quickstart/docker/.gitignore | 3 +- quickstart/docker/minimal/Dockerfile | 5 + quickstart/docker/minimal/README.md | 113 +++++++++++++++++++++ quickstart/docker/minimal/compose.yml | 57 +++++++++++ 5 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 quickstart/docker/minimal/Dockerfile create mode 100644 quickstart/docker/minimal/README.md create mode 100644 quickstart/docker/minimal/compose.yml diff --git a/dist/cloudfront/get.openziti.io/routes.yml b/dist/cloudfront/get.openziti.io/routes.yml index b6e5a1d75..ca0a087c3 100644 --- a/dist/cloudfront/get.openziti.io/routes.yml +++ b/dist/cloudfront/get.openziti.io/routes.yml @@ -38,3 +38,7 @@ - get: /zdew/ raw: /openziti/desktop-edge-win/main/release-streams/ file: latest.json + +- get: /minimal/ + raw: /openziti/ziti/{{GITHUB_SHA}}/quickstart/docker/minimal/ + file: compose.yml diff --git a/quickstart/docker/.gitignore b/quickstart/docker/.gitignore index 31e10f210..2c291eaa5 100644 --- a/quickstart/docker/.gitignore +++ b/quickstart/docker/.gitignore @@ -1 +1,2 @@ -ziti-bin +*/ziti-bin/** +*/persistent/** diff --git a/quickstart/docker/minimal/Dockerfile b/quickstart/docker/minimal/Dockerfile new file mode 100644 index 000000000..423015b44 --- /dev/null +++ b/quickstart/docker/minimal/Dockerfile @@ -0,0 +1,5 @@ +FROM debian:bookworm-slim + +COPY ./build/ziti /usr/local/bin/ + +CMD ["ziti"] diff --git a/quickstart/docker/minimal/README.md b/quickstart/docker/minimal/README.md new file mode 100644 index 000000000..2eef53a82 --- /dev/null +++ b/quickstart/docker/minimal/README.md @@ -0,0 +1,113 @@ +# minimal Docker quickstart + +Run `ziti edge quickstart` in a container while persisting configs, PKI, database, etc. in the same directory `./persistent/`. + +## Run Ziti + +1. In this "minimal" sub-directory, pull the container images. + + ```bash + docker compose pull + ``` + +2. Run the project. + + ```bash + docker compose up --detach + ``` + +3. Modify the state in `./persistent/`, and bounce the container. + + ```bash + docker compose up --force-recreate --detach + ``` + +4. Observe the logs + + ```bash + docker compose logs quickstart --follow + ``` + +5. Run the CLI inside the quickstart environment. + + ```bash + docker compose exec quickstart ziti edge list identities + ``` + + ```buttonless title="Output" + ╭────────────┬───────────────────┬─────────┬────────────┬─────────────╮ + │ ID │ NAME │ TYPE │ ATTRIBUTES │ AUTH-POLICY │ + ├────────────┼───────────────────┼─────────┼────────────┼─────────────┤ + │ ZS1YAo4Gnj │ quickstart-router │ Router │ │ Default │ + │ cOmDAo4Gb │ Default Admin │ Default │ │ Default │ + ╰────────────┴───────────────────┴─────────┴────────────┴─────────────╯ + results: 1-2 of 2 + ``` + +## Develop Ziti + +This replaces the `ziti` binary that's running the quickstart. + +1. In the top-level directory of the `ziti` project, build the binary. + + ```bash + go build -o ./build ./... + ``` + + The build command can also be run from this "minimal" sub-directory. + + ```bash + go build -o ../../../build ../../../... + ``` + +2. In the "minimal" sub-directory, with `Dockerfile` present: + + ```bash + docker compose up --detach --build + ``` + +### Troubleshooting + +#### Changing File Locations + +The Compose project file `compose.yml` and `Dockerfile` have file paths that represent the assumption they're placed in +a sub-directory three levels deep in a checked-out copy of the `openziti/ziti` source repository. This allows the Dockerfile +to copy the built binary from the top-level directory `./build`. You can move these files outside the source tree if you +adjust the paths in both files. + +#### Building `ziti` in the Dockerfile + +If the binary you build on your host doesn't run in the container due to an environment issue, such as a GLIBC version +mismatch, you have the option to build `ziti` in the container every time you run `up --build`. + +Change `Dockerfile` like this, and run `docker compose up --detach --build` to build the checked-out source tree and run +the quickstart with the build. + +```dockerfile +FROM golang:1.20-bookworm AS builder +WORKDIR /app +COPY go.mod go.sum ./ +RUN go mod download +COPY . . +RUN go build -o ./build/ ./... + +FROM debian:bookworm-slim +COPY --from=builder /app/build/ziti /usr/local/bin/ + +CMD ["ziti"] +``` + +#### Gotcha - Clobbering the Container Image + +With `docker compose up --build`, the container image specified in `image` is replaced with the one built from the Dockerfile. +This clobbers any image you may have pulled from the registry unless you change the value of `image` or comment the line. + +```yaml + # commenting "image" avoids clobbering the image pulled from the registry + # image: ${ZITI_QUICK_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_QUICK_TAG:-latest} + build: + context: ${ZITI_SRC_ROOT:-../../../} + dockerfile: ./quickstart/docker/minimal/Dockerfile +``` + +Next time you run `docker compose pull` the image from the registry will be refreshed in the local cache. diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/minimal/compose.yml new file mode 100644 index 000000000..293a6ae3b --- /dev/null +++ b/quickstart/docker/minimal/compose.yml @@ -0,0 +1,57 @@ +services: + initialize: + image: busybox + command: chown -Rc ${ZIGGY_UID:-1000} /persistent + user: root + environment: + HOME: /persistent + # PFXLOG_NO_JSON: "true" + volumes: + - ./persistent:/persistent + quickstart: + depends_on: + initialize: + condition: service_completed_successfully + image: ${ZITI_QUICK_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_QUICK_TAG:-latest} + restart: unless-stopped + build: + context: ${ZITI_SRC_ROOT:-../../../} + dockerfile: ./quickstart/docker/minimal/Dockerfile + args: {} + networks: + quickstart: + # this allows other containers to use the external DNS name to reach the quickstart container inside the docker + # network + aliases: + - ${EXTERNAL_DNS} + entrypoint: + - bash + - -euc + - | + if [[ -d /persistent/db ]] + then + echo "INFO: not initializing. Delete state directory ./persistent/ to reset quickstart." + ZITI_CMD+=" --already-initialized" + else + echo "INFO: initializing quickstart in state directory ./persistent/" + ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-127.0.0.1}"\ + " --router-address ${EXTERNAL_DNS:-127.0.0.1}"\ + " --password ${ZITI_PWD:-admin}" + fi + echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" + exec ziti "$${@}" $${ZITI_CMD} + command: -- edge quickstart --home /persistent + user: ${ZIGGY_UID:-1000} + environment: + HOME: /persistent + PFXLOG_NO_JSON: "true" + volumes: + - ./persistent:/persistent + ports: + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280} + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} + +# define a custom network so that we can also define a DNS alias for the quickstart container +networks: + quickstart: + driver: bridge \ No newline at end of file From 6ab3b153f7e462e35ca274840ad6873e6fb2ffdf Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 21 Dec 2023 13:49:02 -0500 Subject: [PATCH 07/16] stop using decommissioned option --already-initialized --- quickstart/docker/minimal/compose.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/minimal/compose.yml index 293a6ae3b..1bf107fc0 100644 --- a/quickstart/docker/minimal/compose.yml +++ b/quickstart/docker/minimal/compose.yml @@ -23,21 +23,14 @@ services: # this allows other containers to use the external DNS name to reach the quickstart container inside the docker # network aliases: - - ${EXTERNAL_DNS} + - ${EXTERNAL_DNS:-null} entrypoint: - bash - -euc - | - if [[ -d /persistent/db ]] - then - echo "INFO: not initializing. Delete state directory ./persistent/ to reset quickstart." - ZITI_CMD+=" --already-initialized" - else - echo "INFO: initializing quickstart in state directory ./persistent/" - ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-127.0.0.1}"\ + ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-127.0.0.1}"\ " --router-address ${EXTERNAL_DNS:-127.0.0.1}"\ " --password ${ZITI_PWD:-admin}" - fi echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" exec ziti "$${@}" $${ZITI_CMD} command: -- edge quickstart --home /persistent From 0b29e24a6556a0a2ccccd72781ec36e3547d9142 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 9 Jan 2024 17:29:33 -0500 Subject: [PATCH 08/16] try to enable external ip advertisement for minimal compose --- quickstart/docker/minimal/compose.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/minimal/compose.yml index 1bf107fc0..5213485b8 100644 --- a/quickstart/docker/minimal/compose.yml +++ b/quickstart/docker/minimal/compose.yml @@ -23,13 +23,13 @@ services: # this allows other containers to use the external DNS name to reach the quickstart container inside the docker # network aliases: - - ${EXTERNAL_DNS:-null} + - ${EXTERNAL_DNS:-${EXTERNAL_IP:-null}} entrypoint: - bash - -euc - | - ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-127.0.0.1}"\ - " --router-address ${EXTERNAL_DNS:-127.0.0.1}"\ + ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-${EXTERNAL_IP:-127.0.0.1}}"\ + " --router-address ${EXTERNAL_DNS:-${EXTERNAL_IP:-127.0.0.1}}"\ " --password ${ZITI_PWD:-admin}" echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" exec ziti "$${@}" $${ZITI_CMD} @@ -47,4 +47,8 @@ services: # define a custom network so that we can also define a DNS alias for the quickstart container networks: quickstart: - driver: bridge \ No newline at end of file + driver: bridge + driver_opts: + com.docker.network.bridge.enable_icc: "true" + com.docker.network.bridge.enable_ip_masquerade: "true" + com.docker.network.bridge.hairpin_mode: "true" From 8d9b8e5e5bdcc26d2ac4e63b7da6d26182dc2db0 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 9 Jan 2024 18:09:33 -0500 Subject: [PATCH 09/16] Revert "try to enable external ip advertisement for minimal compose" This reverts commit 0b29e24a6556a0a2ccccd72781ec36e3547d9142. --- quickstart/docker/minimal/compose.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/minimal/compose.yml index 5213485b8..1bf107fc0 100644 --- a/quickstart/docker/minimal/compose.yml +++ b/quickstart/docker/minimal/compose.yml @@ -23,13 +23,13 @@ services: # this allows other containers to use the external DNS name to reach the quickstart container inside the docker # network aliases: - - ${EXTERNAL_DNS:-${EXTERNAL_IP:-null}} + - ${EXTERNAL_DNS:-null} entrypoint: - bash - -euc - | - ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-${EXTERNAL_IP:-127.0.0.1}}"\ - " --router-address ${EXTERNAL_DNS:-${EXTERNAL_IP:-127.0.0.1}}"\ + ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-127.0.0.1}"\ + " --router-address ${EXTERNAL_DNS:-127.0.0.1}"\ " --password ${ZITI_PWD:-admin}" echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" exec ziti "$${@}" $${ZITI_CMD} @@ -47,8 +47,4 @@ services: # define a custom network so that we can also define a DNS alias for the quickstart container networks: quickstart: - driver: bridge - driver_opts: - com.docker.network.bridge.enable_icc: "true" - com.docker.network.bridge.enable_ip_masquerade: "true" - com.docker.network.bridge.hairpin_mode: "true" + driver: bridge \ No newline at end of file From 717d4b2ed9d3dbf9ce7fe4dd98813e23f0ec139d Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 10 Jan 2024 09:33:45 -0500 Subject: [PATCH 10/16] set container image tag until ziti 0.32.0 --- quickstart/docker/minimal/.env | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 quickstart/docker/minimal/.env diff --git a/quickstart/docker/minimal/.env b/quickstart/docker/minimal/.env new file mode 100644 index 000000000..19cd77223 --- /dev/null +++ b/quickstart/docker/minimal/.env @@ -0,0 +1,2 @@ +# required until ziti 0.32.0 +ZITI_QUICK_TAG=release-next \ No newline at end of file From 6a5993b2bd2d43b1e83db651fa04f6e0d19a7e6b Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 16 Jan 2024 10:28:06 -0500 Subject: [PATCH 11/16] stop creating a shortcut route to the minimal Docker quickstart --- dist/cloudfront/get.openziti.io/routes.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/dist/cloudfront/get.openziti.io/routes.yml b/dist/cloudfront/get.openziti.io/routes.yml index ca0a087c3..b6e5a1d75 100644 --- a/dist/cloudfront/get.openziti.io/routes.yml +++ b/dist/cloudfront/get.openziti.io/routes.yml @@ -38,7 +38,3 @@ - get: /zdew/ raw: /openziti/desktop-edge-win/main/release-streams/ file: latest.json - -- get: /minimal/ - raw: /openziti/ziti/{{GITHUB_SHA}}/quickstart/docker/minimal/ - file: compose.yml From 19adc3d2f8de0549afba267a1a47353d6210691c Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 16 Jan 2024 11:21:17 -0500 Subject: [PATCH 12/16] document the ZITI_SRC_ROOT env var; document how to switch from bind mount to named vol; --- quickstart/docker/minimal/README.md | 5 +++++ quickstart/docker/minimal/compose.yml | 14 ++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/quickstart/docker/minimal/README.md b/quickstart/docker/minimal/README.md index 2eef53a82..ddad1857c 100644 --- a/quickstart/docker/minimal/README.md +++ b/quickstart/docker/minimal/README.md @@ -66,6 +66,11 @@ This replaces the `ziti` binary that's running the quickstart. docker compose up --detach --build ``` + By adding this `--build` option to the `up` command, the container image is built from the Dockerfile with your + locally built `ziti` binary instead of pulling the default `openziti/ziti-cli` container image from Docker Hub. In + the `compose.yml`, the Docker build context is defined with environment variable `ZITI_SRC_ROOT` which defaults to + `../../../` (three levels up from this directory at the top level of a Git working copy of the source repo). + ### Troubleshooting #### Changing File Locations diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/minimal/compose.yml index 1bf107fc0..3aa40d345 100644 --- a/quickstart/docker/minimal/compose.yml +++ b/quickstart/docker/minimal/compose.yml @@ -37,9 +37,14 @@ services: user: ${ZIGGY_UID:-1000} environment: HOME: /persistent - PFXLOG_NO_JSON: "true" + PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}" volumes: + # store the quickstart state on the Docker host in the same directory as this compose.yml file - ./persistent:/persistent + # store the quickstart state in a named volume; you must comment the bind mount above, uncomment the named mount + # below, and set permissions on the named volume if you choose this alternative, e.g.: + # docker compose run --entrypoint='' --user=0 quickstart chmod -Rc 1777 /persistent + # - persistent:/persistent ports: - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280} - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} @@ -47,4 +52,9 @@ services: # define a custom network so that we can also define a DNS alias for the quickstart container networks: quickstart: - driver: bridge \ No newline at end of file + driver: bridge + +volumes: + # unused unless you choose to store the quickstart state in a named volume; see comment in quickstart service above + persistent: + driver: local \ No newline at end of file From 80976e5486b82432a54b97089245a6a261bafef7 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 16 Jan 2024 11:30:35 -0500 Subject: [PATCH 13/16] call it 'naked ziti' as in pasta that's not dressed (no sauce), instead of 'minimal' --- quickstart/docker/{minimal => naked}/.env | 0 quickstart/docker/{minimal => naked}/Dockerfile | 0 quickstart/docker/{minimal => naked}/README.md | 0 quickstart/docker/{minimal => naked}/compose.yml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename quickstart/docker/{minimal => naked}/.env (100%) rename quickstart/docker/{minimal => naked}/Dockerfile (100%) rename quickstart/docker/{minimal => naked}/README.md (100%) rename quickstart/docker/{minimal => naked}/compose.yml (100%) diff --git a/quickstart/docker/minimal/.env b/quickstart/docker/naked/.env similarity index 100% rename from quickstart/docker/minimal/.env rename to quickstart/docker/naked/.env diff --git a/quickstart/docker/minimal/Dockerfile b/quickstart/docker/naked/Dockerfile similarity index 100% rename from quickstart/docker/minimal/Dockerfile rename to quickstart/docker/naked/Dockerfile diff --git a/quickstart/docker/minimal/README.md b/quickstart/docker/naked/README.md similarity index 100% rename from quickstart/docker/minimal/README.md rename to quickstart/docker/naked/README.md diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/naked/compose.yml similarity index 100% rename from quickstart/docker/minimal/compose.yml rename to quickstart/docker/naked/compose.yml From 620165264e22d71276220bbb29f2806aad9b6182 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 16 Jan 2024 11:43:27 -0500 Subject: [PATCH 14/16] stop calling it 'naked'; clarify there are two use case alternatives: run-only (official release) or build-and-run (local ziti build) --- quickstart/docker/{naked => minimal}/.env | 0 quickstart/docker/{naked => minimal}/Dockerfile | 0 quickstart/docker/{naked => minimal}/README.md | 10 +++++++--- quickstart/docker/{naked => minimal}/compose.yml | 0 4 files changed, 7 insertions(+), 3 deletions(-) rename quickstart/docker/{naked => minimal}/.env (100%) rename quickstart/docker/{naked => minimal}/Dockerfile (100%) rename quickstart/docker/{naked => minimal}/README.md (88%) rename quickstart/docker/{naked => minimal}/compose.yml (100%) diff --git a/quickstart/docker/naked/.env b/quickstart/docker/minimal/.env similarity index 100% rename from quickstart/docker/naked/.env rename to quickstart/docker/minimal/.env diff --git a/quickstart/docker/naked/Dockerfile b/quickstart/docker/minimal/Dockerfile similarity index 100% rename from quickstart/docker/naked/Dockerfile rename to quickstart/docker/minimal/Dockerfile diff --git a/quickstart/docker/naked/README.md b/quickstart/docker/minimal/README.md similarity index 88% rename from quickstart/docker/naked/README.md rename to quickstart/docker/minimal/README.md index ddad1857c..fabf528d6 100644 --- a/quickstart/docker/naked/README.md +++ b/quickstart/docker/minimal/README.md @@ -1,9 +1,12 @@ -# minimal Docker quickstart +# minimal Ziti Docker quickstart -Run `ziti edge quickstart` in a container while persisting configs, PKI, database, etc. in the same directory `./persistent/`. +This Docker Compose project runs `ziti edge quickstart` in a container while persisting configs, PKI, database, etc. in the same directory `./persistent/`. ## Run Ziti +This is the primary use case for this project: running the `ziti edge quickstart` command in the official +`openziti/ziti-cli` container image. + 1. In this "minimal" sub-directory, pull the container images. ```bash @@ -46,7 +49,8 @@ Run `ziti edge quickstart` in a container while persisting configs, PKI, databas ## Develop Ziti -This replaces the `ziti` binary that's running the quickstart. +This is a secondary use case for this Docker Compose project that replaces the `ziti` binary in the container image with +the one you build locally with `go build` before running the `ziti edge quickstart` command. 1. In the top-level directory of the `ziti` project, build the binary. diff --git a/quickstart/docker/naked/compose.yml b/quickstart/docker/minimal/compose.yml similarity index 100% rename from quickstart/docker/naked/compose.yml rename to quickstart/docker/minimal/compose.yml From 7a1bb9a17d0e59ad69a80aa98be194e7dd752c15 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 16 Jan 2024 13:37:15 -0500 Subject: [PATCH 15/16] call the minimal quickstart the 'all-in-one quickstart' --- .../docker/{minimal => all-in-one}/.env | 0 .../docker/{minimal => all-in-one}/Dockerfile | 0 .../docker/{minimal => all-in-one}/README.md | 0 .../{minimal => all-in-one}/compose.yml | 25 ++++++++++--------- 4 files changed, 13 insertions(+), 12 deletions(-) rename quickstart/docker/{minimal => all-in-one}/.env (100%) rename quickstart/docker/{minimal => all-in-one}/Dockerfile (100%) rename quickstart/docker/{minimal => all-in-one}/README.md (100%) rename quickstart/docker/{minimal => all-in-one}/compose.yml (72%) diff --git a/quickstart/docker/minimal/.env b/quickstart/docker/all-in-one/.env similarity index 100% rename from quickstart/docker/minimal/.env rename to quickstart/docker/all-in-one/.env diff --git a/quickstart/docker/minimal/Dockerfile b/quickstart/docker/all-in-one/Dockerfile similarity index 100% rename from quickstart/docker/minimal/Dockerfile rename to quickstart/docker/all-in-one/Dockerfile diff --git a/quickstart/docker/minimal/README.md b/quickstart/docker/all-in-one/README.md similarity index 100% rename from quickstart/docker/minimal/README.md rename to quickstart/docker/all-in-one/README.md diff --git a/quickstart/docker/minimal/compose.yml b/quickstart/docker/all-in-one/compose.yml similarity index 72% rename from quickstart/docker/minimal/compose.yml rename to quickstart/docker/all-in-one/compose.yml index 3aa40d345..5462497c9 100644 --- a/quickstart/docker/minimal/compose.yml +++ b/quickstart/docker/all-in-one/compose.yml @@ -7,8 +7,11 @@ services: HOME: /persistent # PFXLOG_NO_JSON: "true" volumes: - - ./persistent:/persistent - quickstart: + # store the quickstart state in a named volume; you must comment the bind mount below, uncomment this named mount + - persistent:/persistent + # store the quickstart state on the Docker host in the same directory as this compose.yml file + # - ./persistent:/persistent + minimal: depends_on: initialize: condition: service_completed_successfully @@ -19,8 +22,8 @@ services: dockerfile: ./quickstart/docker/minimal/Dockerfile args: {} networks: - quickstart: - # this allows other containers to use the external DNS name to reach the quickstart container inside the docker + minimal: + # this allows other containers to use the external DNS name to reach the minimal container inside the docker # network aliases: - ${EXTERNAL_DNS:-null} @@ -39,22 +42,20 @@ services: HOME: /persistent PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}" volumes: + # store the quickstart state in a named volume; you must comment the bind mount below, uncomment this named mount + - persistent:/persistent # store the quickstart state on the Docker host in the same directory as this compose.yml file - - ./persistent:/persistent - # store the quickstart state in a named volume; you must comment the bind mount above, uncomment the named mount - # below, and set permissions on the named volume if you choose this alternative, e.g.: - # docker compose run --entrypoint='' --user=0 quickstart chmod -Rc 1777 /persistent - # - persistent:/persistent + # - ./persistent:/persistent ports: - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280} - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} -# define a custom network so that we can also define a DNS alias for the quickstart container +# define a custom network so that we can also define a DNS alias for the minimal container networks: - quickstart: + minimal: driver: bridge volumes: - # unused unless you choose to store the quickstart state in a named volume; see comment in quickstart service above + # unused unless you choose to store the minimal minimal state in a named volume; see comment in quickstart service above persistent: driver: local \ No newline at end of file From b2e88e0649b27ace24db1c24ed785c6853d184da Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 16 Jan 2024 13:37:53 -0500 Subject: [PATCH 16/16] also manage the controller and router listening ports; organize the compose file to make its function more obvious --- quickstart/docker/all-in-one/compose.yml | 53 +++++++++++++----------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/quickstart/docker/all-in-one/compose.yml b/quickstart/docker/all-in-one/compose.yml index 5462497c9..81b67186b 100644 --- a/quickstart/docker/all-in-one/compose.yml +++ b/quickstart/docker/all-in-one/compose.yml @@ -1,30 +1,15 @@ services: - initialize: - image: busybox - command: chown -Rc ${ZIGGY_UID:-1000} /persistent - user: root - environment: - HOME: /persistent - # PFXLOG_NO_JSON: "true" - volumes: - # store the quickstart state in a named volume; you must comment the bind mount below, uncomment this named mount - - persistent:/persistent - # store the quickstart state on the Docker host in the same directory as this compose.yml file - # - ./persistent:/persistent - minimal: - depends_on: - initialize: - condition: service_completed_successfully + quickstart: image: ${ZITI_QUICK_IMAGE:-docker.io/openziti/ziti-cli}:${ZITI_QUICK_TAG:-latest} restart: unless-stopped build: context: ${ZITI_SRC_ROOT:-../../../} - dockerfile: ./quickstart/docker/minimal/Dockerfile + dockerfile: ./quickstart/docker/all-in-one/Dockerfile args: {} networks: - minimal: - # this allows other containers to use the external DNS name to reach the minimal container inside the docker - # network + quickstart: + # this allows other containers to use the same external DNS name to reach the quickstart container from within the + # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding aliases: - ${EXTERNAL_DNS:-null} entrypoint: @@ -32,7 +17,9 @@ services: - -euc - | ZITI_CMD+=" --ctrl-address ${EXTERNAL_DNS:-127.0.0.1}"\ + " --ctrl-port ${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}"\ " --router-address ${EXTERNAL_DNS:-127.0.0.1}"\ + " --router-port ${ZITI_ROUTER_PORT:-3022}"\ " --password ${ZITI_PWD:-admin}" echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" exec ziti "$${@}" $${ZITI_CMD} @@ -42,20 +29,38 @@ services: HOME: /persistent PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}" volumes: - # store the quickstart state in a named volume; you must comment the bind mount below, uncomment this named mount + # store the quickstart state in a named volume; "initialize" service's mount must remain aligned to set the owner on + # "up" - persistent:/persistent # store the quickstart state on the Docker host in the same directory as this compose.yml file # - ./persistent:/persistent ports: - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280} - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} + depends_on: + initialize: + condition: service_completed_successfully + # this service is used to initialize the persistent volume by setting the owner to the UID of the user running the + # quickstart container + initialize: + image: busybox + command: chown -Rc ${ZIGGY_UID:-1000} /persistent + user: root + environment: + HOME: /persistent + # PFXLOG_NO_JSON: "true" + volumes: + # store the quickstart state in a named volume; this mount must align with the "quickstart" service's mount + - persistent:/persistent + # store the quickstart state on the Docker host in the same directory as this compose.yml file + # - ./persistent:/persistent -# define a custom network so that we can also define a DNS alias for the minimal container +# define a custom network so that we can also define a DNS alias for the quickstart container networks: - minimal: + quickstart: driver: bridge volumes: - # unused unless you choose to store the minimal minimal state in a named volume; see comment in quickstart service above + # this will not be used if you switch from named volume to bind mount volume persistent: driver: local \ No newline at end of file