-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build packages with cmake presets and vcpkg #641
Conversation
… a sufficient openssl version.
…untu instead of Debian; build with vcpack preset
The Focal DEB installs, and I got a few good functional Ziti service results, but sporadic failures as well with logs like these corresponding with each attempt to connect to a Ziti service. I verified the service was authorized with the tunnel_status command. I reproduced this result in a Focal VM and Focal LXC container and could not reproduce it during the same time frame on my Jammy workstation using an identity from the same ZEDS app. $ journalctl -lfu ziti-edge-tunnel
#... truncated
May 03 23:20:26 ubuntu2004.localdomain ziti-edge-tunnel[639]: (639)[ 349.625] ERROR ziti-sdk:channel.c:853 on_channel_connect_internal() ch[1] failed to connect [-103/software caused connection abort]
May 03 23:20:26 ubuntu2004.localdomain ziti-edge-tunnel[639]: (639)[ 349.626] ERROR ziti-sdk:channel.c:853 on_channel_connect_internal() ch[2] failed to connect [-103/software caused connection abort]
May 03 23:20:26 ubuntu2004.localdomain ziti-edge-tunnel[639]: (639)[ 349.627] WARN ziti-sdk:connect.c:1523 process_edge_message() conn[0.7/Closed] data[432 bytes] received in state[Closed]
May 03 23:20:28 ubuntu2004.localdomain ziti-edge-tunnel[639]: (639)[ 351.737] ERROR ziti-sdk:channel.c:483 dispatch_message() ch[0] received message without conn_id or for unknown connection ct[ED72] conn_id[7] |
Summary of package test
|
Ubuntu 14 Trusty install error indicates EDIT: Ubuntu 16 Xenial has the same issue as Trusty.
|
The |
Seems that on the older distributions, the One approach is to set the unit directory for these distro packages builds via |
On RedHat8, I encountered the same WARN log that I saw yesterday on Focal coinciding with an empty reply from the Ziti service. This is the first occurence of the anomaly during this batch.
Link to post about this above from yesterday, Wed 3rd at 19:27 EDT. UpdateI wasn't able to reproduce this issue after switching from ZEDS to my OpenZiti lab network. |
Ubuntu 18 Bionic install errors
|
|
Adjusts systemd unit directory for older Ubuntu distribution packages.
The install failures on bionic and earlier manifest with this:
The polkit configuration that the postinstall script drops into /var/lib/polkit-1/localauthority/10-vendor.d/ziti-edge-tunnel.pkla seems to be correct:
However the version of systemd on bionic and earlier does not expose the SetLinkLLMNR method through polkit. Indeed, the associated action isn't registered:
The method was exposed with this commit, which was released with systemd v243. Bionic has v237:
So we need to do something else on bionic. @sabedevops mentioned the possibility of dropping privileges only after dns has been configured so that we can munge resolv.conf on the older rh distros. Delaying the drop would also help in this situation, too. |
I confirmed that registering the additional actions with 18.04 Bionic's polkitd did not allow SetLinkLLMNR. I borrowed the actions from 20.04 Focal for this test. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
advancing package fixes with pre-existing issues related to drop-privs that are being worked in another issue
Set up and use vcpkg when building packages
also, fixes #639