1. NetFoundry
  2. Docs & Guides
  3. Endpoints

How to Install & run ziti-edge-tunneller as a Service on Linux

Overview

ziti-edge-tunnelis a CLI and daemon that configures a transparent proxy for the OpenZiti Edge. This means the device where it is running will be able to connect to any OpenZiti services with DNS or IP address, and any servers that are reachable by the device may be published to the OpenZiti Network.

The latest ZET package can be downloaded from the repository.

Follow the below steps to install and verify ZET as a service on Linux

Step 1: Create an endpoint and download JWT

You need a enrollment token ( JWT) that is issued to you by your administrator of the NetFoundry console. If you have the registration token, proceed to step 2.

If you have to provision you endpoint, click here, for step by step process of creating an endpoint and downloading the JWT

Step 2: Install Curl

Curl is a command line tool that enables data transfer over various network protocols. Install curl using the below command

sudo apt-get install curl

vmware_PP2d8eHA3t.png

Step 3: Update Repository

 Use the below script to import the signing key, and add a package source to the repository list.

curl -sSLf https://raw.githubusercontent.com/openziti/ziti-tunnel-sdk-c/main/package-repos.gpg \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/openziti.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable jammy main' \
| sudo tee /etc/apt/sources.list.d/openziti.list >/dev/null

vmware_mJyLOCjQhW.pngvmware_vkqU4WZ5xY.png

Ubuntu Focal 20.04, Bionic 18.04, Xenial 16.04, Trusty 14.04

The script is the same as Jammy for these older Ubuntu releases, but you must substitute the correct Ubuntu release code name e.g. "focal" in place of "jammy" in the apt sources file.

Step 4: Update and Install ZET

update sources and install ziti-edge-tunnel using the below commands

sudo apt update
sudo apt install ziti-edge-tunnel

vmware_JHNW8OHrDo.pngvmware_UzdeaQpu4t.png

vmware_QaZ5xijFD4.png

You can see a successfully installed message as shown above.

Step 5: Enroll Endpoint

Enroll the identity by adding the JWT file or identity config JSON file in /opt/openziti/etc/identities

sudo cp Downloads/UbuntuEP.jwt /opt/oenziti/etc/identities

vmware_gGaScM6494.png

 

Step 6: Add current user to ziti group 

Ubuntu - $ sudo usermod --append --groups ziti <your-username>

 

Step 7: Run ZET

Use the below commands to start the ZET service. 

sudo systemctl enable --now ziti-edge-tunnel.service

Note: The service needs to be restarted if the contents of the identities directory change

 

Step 7: Verify

Use the below command to check the status of the tunnel. 

sudo systemctl status ziti-edge-tunnel.service

vmware_EZR13LCLp9.png

Once the ziti edge tunnel service started we can observe that the endpoint as registered on MOP.

chrome_vrok9sAiX6.png

Debian GNU/Linux

The script is the same as Ubuntu Jammy for Debian releases, but you should substitute the youngest Ubuntu release code name e.g. "focal" that is older than your release of Debian in place of "jammy" in the apt sources file. For simplicity's sake, the Ubuntu 18.04 "bionic" build is broadly compatible with modern Debian releases.

Installing the RPM (RHEL, CentOS, Rocky Linux, Fedora and Amazon Linux)

  1. Create a repo file like/etc/yum.repos.d/openziti.repomatching the appropriate example below for your OS.
  2. Runyum updateto refresh your repodata cache. Optionally, you may wish to also install all available updates.
  3. Runyum install ziti-edge-tunnelto install the RPM.
  4. Install an enroll token JWT file or identity config JSON file in/opt/openziti/etc/identities.
  5. Runsystemctl start ziti-edge-tunnel.service. The service needs to be restarted if the contents of the identities directory change.

RHEL, CentOS, and Rocky Linux

[OpenZiti]name=OpenZiti
baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat$releasever/$basearchenabled=1gpgcheck=0gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat$releasever/$basearch/repodata/repomd.xml.key
repo_gpgcheck=1

Fedora

[OpenZiti]name=OpenZiti
baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat8/$basearchenabled=1gpgcheck=0gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat8/$basearch/repodata/repomd.xml.key
repo_gpgcheck=1

Amazon Linux

[OpenZiti]name=OpenZiti
baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat7/$basearchenabled=1gpgcheck=0gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat7/$basearch/repodata/repomd.xml.key
repo_gpgcheck=1

 

Uninstalling the ziti edge tunnel:

sudo apt remove --purge ziti-edge-tunnel

Refer steps for installing the binary in place of the package here

Troubleshooting:

Refer the article on troubleshooting ziti edge tunnel for linux 

 

 

 

 

Articles in this section

See more
Was this article helpful?
1 out of 3 found this helpful

Comments

0 comments

Please sign in to leave a comment.