Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ctrl-c not responsive when incorrect PKI used #2510

Open
dovholuknf opened this issue Oct 29, 2024 · 2 comments
Open

ctrl-c not responsive when incorrect PKI used #2510

dovholuknf opened this issue Oct 29, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@dovholuknf
Copy link
Member

dovholuknf commented Oct 29, 2024
edited
Loading

installed a network today and muffed the PKI. router would connect to the edge apis, but when it tried to connect to the control plane the PKI was invalid indicating:

[   4.769]   ERROR ziti/router/env.(*networkControllers).connectToControllerWithBackoff.func2: {endpoint=[tls:ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8440] error=[error connecting ctrl (tls: failed to verify certificate: x509: certificate is valid for ip-172-31-47-200, localhost, not ec2-3-18-113-172.us-east-2.compute.amazonaws.com)]} unable to connect controller
[   6.612]   ERROR ziti/router/env.(*networkControllers).connectToControllerWithBackoff.func2: {endpoint=[tls:ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8440] error=[error connecting ctrl (tls: failed to verify certificate: x509: certificate is valid for ip-172-31-47-200, localhost, not ec2-3-18-113-172.us-east-2.compute.amazonaws.com)]} unable to connect controller

all attempts to stop the process using ctrl-c without a kill failed. the process needed to be externally stopped

It also appears to have processed the ctrl-c. additional logs:

ocalhost, not ec2-3-18-113-172.us-east-2.compute.amazonaws.com)]} unable to connect controller
[   2.888]   ERROR ziti/router/env.(*networkControllers).connectToControllerWithBackoff.func2: {endpoint=[tls:ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8440] error=[error connecting ctrl (tls: failed to verify certificate: x509: certificate is valid for ip-172-31-47-200, localhost, not ec2-3-18-113-172.us-east-2.compute.amazonaws.com)]} unable to connect controller
[   3.703]    INFO ziti/ziti/router.waitForShutdown: shutting down ziti router
[   3.703]    INFO ziti/router/link.(*linkRegistryImpl).Shutdown: {linkCount=[0]} shutdown links in link registry
[   3.703] WARNING ziti/router/forwarder.(*Scanner).run: exited
[   3.703]    INFO transport/v2/tls.(*sharedListener).runAccept [tls:0.0.0.0:3022]: {error=[accept tcp [::]:3022: use of closed network connection]} listener closed, exiting
[   3.703]    INFO transport/v2/tls.(*sharedListener).runAccept [tls:0.0.0.0:3022]: exited
[   3.703]   ERROR agent.(*handler).listen: {error=[accept unix C:\Users\clint\AppData\Local\Temp/gops-agent.37076.sock: use of closed network connection]} error accepting gops connection, closing gops listener
[   3.703]   ERROR agent.(*handler).listen.func1: {error=[close unix C:\Users\clint\AppData\Local\Temp/gops-agent.37076.sock: use of closed network connection]} error closing gops listener
[   3.703]   ERROR ziti/router/forwarder.(*Faulter).run: exited
[   3.703]   ERROR ziti/router/xgress_edge.(*Acceptor).Run: error accepting (closed)
[   3.703] WARNING ziti/router/xgress_edge.(*Acceptor).Run: exiting
[   4.769]   ERROR ziti/router/env.(*networkControllers).connectToControllerWithBackoff.func2: {endpoint=[tls:ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8440] error=[error connecting ctrl (tls: failed to verify certificate: x509: certificate is valid for ip-172-31-47-200, localhost, not ec2-3-18-113-172.us-east-2.compute.amazonaws.com)]} unable to connect controller
[   6.612]   ERROR ziti/router/env.(*networkControllers).connectToControllerWithBackoff.func2: {endpoint=[tls:ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8440] error=[error connecting ctrl (tls: failed to verify certificate: x509: certificate is valid for ip-172-31-47-200, localhost, not ec2-3-18-113-172.us-east-2.compute.amazonaws.com)]} unable to connect controller
@dovholuknf dovholuknf added the bug Something isn't working label Oct 29, 2024
@Jameshclai
Copy link

The has been bothering me for a long time. I tried using expressInstall , Docker, and other methods to install the platform, but when I start the router, the PKI certification just keeps failing, as shown in the log messages mentioned above.

@dovholuknf
Copy link
Member Author

Hi @Jameshclai, we try to offer support via discourse over at https://openziti.discourse.group/. Would you mind posting an issue there? It's easier for us to provide help for situations like this. The only problems I've seen with the PKI similar to the above is when I tried to manually generate it using openssl.

If you're getting problems starting the router, would you post the logs over on discourse and let's have a conversation there?

thx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jameshclai @dovholuknf