Merge pull request #1476 from openziti/issue-1468_require_min_len_pas…

…sword Add a password requirement check for ZITI_PWD
openziti · Oct 30, 2023 · dd1cc71 · dd1cc71
2 parents ea476ba + a631899
commit dd1cc71
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -38,6 +38,9 @@ If the rate limiter is enabled, the following metrics will be produced:
 * github.com/openziti/ziti: [v0.30.5 -> v0.30.6](https://github.com/openziti/ziti/compare/v0.30.5...v0.30.6)
     * [Issue #1445](https://github.com/openziti/ziti/issues/1445) - Add controller update guardrail
     * [Issue #1442](https://github.com/openziti/ziti/issues/1442) - Network watchdog not shutting down when controller shuts down
+    * [Issue #1468](https://github.com/openziti/ziti/issues/1468) - Quickstart was consuming controller initialization failures. Failures now cause quickstart to fail.
+    * [Issue #1465](https://github.com/openziti/ziti/issues/1465) - Upgrade functions `getZiti` and `performMigration` were only functional on Mac OS, now they are functional for Linux and Mac OSs.
+    * [Issue #1217](https://github.com/openziti/ziti/issues/1217) - Quickstart was improperly handling special characters in `ZITI_PWD`. Special characters are now supported for `ZITI_PWD` in quickstart functions.
 
 
 # Release 0.30.5

diff --git a/quickstart/docker/docker-compose.yml b/quickstart/docker/docker-compose.yml
@@ -2,6 +2,11 @@ version: '2.4'
 services:
   ziti-controller:
     image: "${ZITI_IMAGE}:${ZITI_VERSION}"
+    healthcheck:
+      test: curl -m 1 -s -k https://${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS:-ziti-edge-controller}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}/edge/client/v1/version
+      interval: 1s
+      timeout: 3s
+      retries: 30
     env_file:
       - ./.env
     ports:
@@ -32,7 +37,8 @@ services:
   ziti-controller-init-container:
     image: "${ZITI_IMAGE}:${ZITI_VERSION}"
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     environment:
       - ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS:-ziti-edge-controller}
       - ZITI_CTRL_EDGE_ADVERTISED_PORT=${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}
@@ -57,7 +63,8 @@ services:
     env_file:
       - ./.env
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     ports:
       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_LISTENER_BIND_PORT:-10080}:${ZITI_ROUTER_LISTENER_BIND_PORT:-10080}
@@ -84,7 +91,8 @@ services:
     env_file:
       - ./.env
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     ports:
       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_WSS_PORT:-3023}:${ZITI_ROUTER_WSS_PORT:-3023}
       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_LISTENER_BIND_PORT:-10081}:${ZITI_ROUTER_LISTENER_BIND_PORT:-10081}
@@ -113,7 +121,8 @@ services:
     env_file:
       - ./.env
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     environment:
       - ZITI_CTRL_ADVERTISED_ADDRESS=${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller}
       - ZITI_CTRL_ADVERTISED_PORT=${ZITI_CTRL_ADVERTISED_PORT:-6262}
@@ -135,7 +144,8 @@ services:
     env_file:
       - ./.env
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     environment:
       - ZITI_CTRL_ADVERTISED_ADDRESS=${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller}
       - ZITI_CTRL_ADVERTISED_PORT=${ZITI_CTRL_ADVERTISED_PORT:-6262}
@@ -156,7 +166,8 @@ services:
     env_file:
       - ./.env
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     environment:
       - ZITI_CTRL_ADVERTISED_ADDRESS=${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller}
       - ZITI_CTRL_ADVERTISED_PORT=${ZITI_CTRL_ADVERTISED_PORT:-6262}
@@ -194,7 +205,8 @@ services:
       - ZITI_CTRL_NAME=${ZITI_CTRL_NAME:-ziti-edge-controller}
       - PORTTLS=8443
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     ports:
       - ${ZITI_INTERFACE:-0.0.0.0}:8443:8443
     volumes:

diff --git a/quickstart/docker/image/run-controller.sh b/quickstart/docker/image/run-controller.sh
@@ -1,6 +1,14 @@
 #!/bin/bash
 ziti_controller_cfg="${ZITI_HOME}/ziti-edge-controller.yaml"
 
+# Global Variables
+ASCI_RESTORE='\033[0m'
+ASCI_RED='\033[00;31m'
+
+function RED {  # Generally used for ERROR
+  echo "${ASCI_RED}${1-}${ASCI_RESTORE}"
+}
+
 if [[ "${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS-}" == "" ]]; then export ZITI_CTRL_EDGE_ADVERTISED_ADDRESS="ziti-edge-controller"; fi
 if [[ "${ZITI_CTRL_NAME-}" == "" ]]; then export ZITI_CTRL_NAME="${ZITI_NETWORK}-controller"; fi
 
@@ -35,6 +43,10 @@ if [ ! -f "${ZITI_HOME}/access-control.init" ]; then
 
   # initialize the database with the admin user:
   "${ZITI_BIN_DIR}/ziti" controller edge init "${ZITI_HOME}/${ZITI_CTRL_NAME}.yaml" -u "${ZITI_USER}" -p "${ZITI_PWD}"
+  if [[ "$?" != 0 ]]; then
+    echo -e "$(RED "  --- There was an error while initializing the controller ---")"
+    exit 1
+  fi
 else
   echo "system has been initialized. starting the process."
   # don't move the sourcing of the file. yes it's duplicated but it needs to be here

diff --git a/quickstart/docker/image/ziti-cli-functions.sh b/quickstart/docker/image/ziti-cli-functions.sh
@@ -1024,6 +1024,11 @@ function initializeController {
 
   log_file="${ZITI_HOME-}/${ZITI_CTRL_NAME}-init.log"
   "${ZITI_BIN_DIR-}/ziti" controller edge init "${ZITI_HOME}/${ZITI_CTRL_NAME}.yaml" -u "${ZITI_USER-}" -p "${ZITI_PWD}" &> "${log_file}"
+  retVal=$?
+  if [[ "${retVal}" != 0 ]]; then
+    echo -e "$(RED "  --- There was an error while initializing the controller, check the logs at ${log_file} ---")"
+    return 1
+  fi
   echo -e "${ZITI_CTRL_NAME} initialized. See $(BLUE "${log_file}") for details"
 }
 
@@ -1085,7 +1090,9 @@ function expressInstall {
 
   echo -e "$(PURPLE "********         Setting Up Controller        ********")"
   createControllerConfig
-  initializeController
+  if ! initializeController; then
+    return 1
+  fi
   startController
   echo "waiting for the controller to come online to allow the edge router to enroll"
   _wait_for_controller

diff --git a/quickstart/docker/simplified-docker-compose.yml b/quickstart/docker/simplified-docker-compose.yml
@@ -1,6 +1,11 @@
 services:
   ziti-controller:
     image: "${ZITI_IMAGE}:${ZITI_VERSION}"
+    healthcheck:
+      test: curl -m 1 -s -k https://${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS:-ziti-edge-controller}:${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}/edge/client/v1/version
+      interval: 1s
+      timeout: 3s
+      retries: 30
     env_file:
       - ./.env
     ports:
@@ -28,7 +33,8 @@ services:
   ziti-controller-init-container:
     image: "${ZITI_IMAGE}:${ZITI_VERSION}"
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     environment:
       - ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS:-ziti-edge-controller}
       - ZITI_CTRL_EDGE_ADVERTISED_PORT=${ZITI_CTRL_EDGE_ADVERTISED_PORT:-1280}
@@ -48,7 +54,8 @@ services:
     env_file:
       - ./.env
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     ports:
       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
       - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_LISTENER_BIND_PORT:-10080}:${ZITI_ROUTER_LISTENER_BIND_PORT:-10080}
@@ -80,7 +87,8 @@ services:
       - ZITI_CTRL_NAME=${ZITI_CTRL_NAME:-ziti-edge-controller}
       - PORTTLS=8443
     depends_on:
-      - ziti-controller
+      ziti-controller:
+        condition: service_healthy
     ports:
       - ${ZITI_INTERFACE:-0.0.0.0}:8443:8443
     volumes: