How to Install & run ziti-edge-tunneller as a Service

Overview

ziti-edge-tunnelis a CLI and daemon that configures a transparent proxy for the OpenZiti Edge. This means the device where it is running will be able to connect to any OpenZiti services with DNS or IP address, and any servers that are reachable by the device may be published to the OpenZiti Network.

The purpose of the tunneller is to configure host access. This means all users and all processes on the host will share the same level of access. This is accomplished by configuring the OS to have an on-board OpenZiti DNS nameserver and IP routes for authorized OpenZiti Services

Follow the below steps to install and verify ZET as a service on Linux

Step 1: Create an endpoint and download JWT

Click here, for step by step process of creating an endpoint and downloading the JWT

Step 2: Install Curl

Curl is a command line tool that enables data transfer over various network protocols. Install curl using the below command

sudo apt-get install curl

vmware_PP2d8eHA3t.png

Step 3: Update Repository

 Use the below script to import the signing key, and add a package source to the repository list.

curl -sSLf https://raw.githubusercontent.com/openziti/ziti-tunnel-sdk-c/main/package-repos.gpg \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/openziti.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable jammy main' \
| sudo tee /etc/apt/sources.list.d/openziti.list >/dev/null

vmware_mJyLOCjQhW.pngvmware_vkqU4WZ5xY.png

Ubuntu Focal 20.04, Bionic 18.04, Xenial 16.04, Trusty 14.04

The script is the same as Jammy for these older Ubuntu releases, but you must substitute the correct Ubuntu release code name e.g. "focal" in place of "jammy" in the apt sources file.

Step 4: Update and Install ZET

update sources and install ziti-edge-tunnel using the below commands

sudo apt update
sudo apt install ziti-edge-tunnel

vmware_JHNW8OHrDo.pngvmware_UzdeaQpu4t.png

vmware_QaZ5xijFD4.png

You can see a successfully installed message as shown above.

Step 5: Enroll Endpoint

Enroll the identity by adding the JWT file or identity config JSON file in /opt/openziti/etc/identities

sudo cp Downloads/UbuntuEP.jwt /opt/oenziti/etc/identities

vmware_gGaScM6494.png

Step 6: Run ZET

Use the below command to start the ZET service. 

systemctl start ziti-edge-tunnel.service

vmware_nPAabGKEFQ.png

Note: The service needs to be restarted if the contents of the identities directory change

Step 7: Verify

Use the below command to check the status of the tunnel. 

systemctl status ziti-edge-tunnel.service

vmware_EZR13LCLp9.png

Once the ziti edge tunnel service started we can observe that the endpoint as registered on MOP.

chrome_vrok9sAiX6.png

Debian GNU/Linux

The script is the same as Ubuntu Jammy for Debian releases, but you should substitute the youngest Ubuntu release code name e.g. "focal" that is older than your release of Debian in place of "jammy" in the apt sources file. For simplicity's sake, the Ubuntu 18.04 "bionic" build is broadly compatible with modern Debian releases.

Installing the RPM (RHEL, CentOS, Rocky Linux, Fedora and Amazon Linux)

  1. Create a repo file like/etc/yum.repos.d/openziti.repomatching the appropriate example below for your OS.
  2. Runyum updateto refresh your repodata cache. Optionally, you may wish to also install all available updates.
  3. Runyum install ziti-edge-tunnelto install the RPM.
  4. Install an enroll token JWT file or identity config JSON file in/opt/openziti/etc/identities.
  5. Runsystemctl start ziti-edge-tunnel.service. The service needs to be restarted if the contents of the identities directory change.

RHEL, CentOS, and Rocky Linux

[OpenZiti]name=OpenZiti
baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat$releasever/$basearchenabled=1gpgcheck=0gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat$releasever/$basearch/repodata/repomd.xml.key
repo_gpgcheck=1

Fedora

[OpenZiti]name=OpenZiti
baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat8/$basearchenabled=1gpgcheck=0gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat8/$basearch/repodata/repomd.xml.key
repo_gpgcheck=1

Amazon Linux

[OpenZiti]name=OpenZiti
baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat7/$basearchenabled=1gpgcheck=0gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat7/$basearch/repodata/repomd.xml.key
repo_gpgcheck=1

 

Uninstalling the ziti edge tunnel:

sudo apt remove --purge ziti-edge-tunnel

Refer steps for installing the binary in place of the package here

Troubleshooting:

Refer the article on troubleshooting ziti edge tunnel for linux 

 

 

 

 

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.