OpenZiti Edge Router 설치

🔌 라우터 생성 및 등록

Controller 정보 확인

curl -s eth0.me           # Controller 공인 IP 확인
echo $ZITI_CTRL_ADVERTISED_PORT       # Fabric Port: 8440
echo $ZITI_CTRL_EDGE_ADVERTISED_PORT  # Management Port: 8441
echo $ZITI_PWD                        # 관리자 비밀번호

openziti@Azure-Controller:~$ curl -s eth0.me
X.X.X.X
openziti@Azure-Controller:~$ echo echo $ZITI_CTRL_ADVERTISED_PORT
echo 8440
openziti@Azure-Controller:~$ echo $ZITI_CTRL_EDGE_ADVERTISED_PORT
8441
openziti@Azure-Controller:~$ echo $ZITI_PWD
*********

curl -s eth0.me           # Controller 공인 IP 확인
echo $ZITI_CTRL_ADVERTISED_PORT       # Fabric Port: 8440
echo $ZITI_CTRL_EDGE_ADVERTISED_PORT  # Management Port: 8441
echo $ZITI_PWD                        # 관리자 비밀번호

openziti@Azure-Controller:~$ curl -s eth0.me
X.X.X.X
openziti@Azure-Controller:~$ echo echo $ZITI_CTRL_ADVERTISED_PORT
echo 8440
openziti@Azure-Controller:~$ echo $ZITI_CTRL_EDGE_ADVERTISED_PORT
8441
openziti@Azure-Controller:~$ echo $ZITI_PWD
*********

🏠 온프레미스 Private 라우터 생성 (OP-PRIVATE-ER)

Step 1 — 라우터 VM에 SSH 접속 후 설치 파일 다운로드/압축해제

wget https://github.com/netfoundry/ziti_router_auto_enroll/releases/latest/download/ziti_router_auto_enroll.tar.gz
tar xf ziti_router_auto_enroll.tar.gz

wget https://github.com/netfoundry/ziti_router_auto_enroll/releases/latest/download/ziti_router_auto_enroll.tar.gz
tar xf ziti_router_auto_enroll.tar.gz

Step 2 — 라우터 생성 및 등록 (한 번에 실행)

sudo ./ziti_router_auto_enroll -f -n \
  --controller X.X.X.X \
  --controllerFabricPort 8440 \
  --controllerMgmtPort 8441 \
  --adminUser admin \
  --adminPassword '*******' \
  --disableHealthChecks \
  --autoTunnelListener \
  --routerName OP-PRIVATE-ERXX

sudo ./ziti_router_auto_enroll -f -n \
  --controller X.X.X.X \
  --controllerFabricPort 8440 \
  --controllerMgmtPort 8441 \
  --adminUser admin \
  --adminPassword '*******' \
  --disableHealthChecks \
  --autoTunnelListener \
  --routerName OP-PRIVATE-ERXX

실행결과

openziti@op-private-er:~$ sudo ./ziti_router_auto_enroll -f -n   --controller 20.X.X.X   --controllerFabricPort 8440   --controllerMgmtPort 8441   --adminUser admin   --adminPassword *******' --disableHealthChecks   --autoTunnelListener   --routerName OP-PRIVATE-ER
Service ziti-router.service stop successful.
Removing previous binaries
Writing jwt file: OP-PRIVATE-ER_enrollment.jwt
Version not specified, going to check with controller
Found version 1.6.14
Downloading file: https://github.com/openziti/ziti/releases/download/v1.6.14/ziti-linux-amd64-1.6.14.tar.gz
Downloading: 100%|██████████████████████████████████████████████████████████████████████████████████████████████████████| 52.2M/52.2M [00:01<00:00, 28.2MiB/s]
Successfully downloaded file
Starting binary install
Installing service unit file
Service ziti-router daemon-reload successful.
Creating config file
Starting Router Enrollment
Successfully enrolled Ziti
Starting Ubuntu DNS setup
Service systemd-networkd restart successful.
Service systemd-resolved restart successful.
Service ziti-router.service start successful.
Service ziti-router.service enable successful.

openziti@op-private-er:~$ sudo ./ziti_router_auto_enroll -f -n   --controller 20.X.X.X   --controllerFabricPort 8440   --controllerMgmtPort 8441   --adminUser admin   --adminPassword *******' --disableHealthChecks   --autoTunnelListener   --routerName OP-PRIVATE-ER
Service ziti-router.service stop successful.
Removing previous binaries
Writing jwt file: OP-PRIVATE-ER_enrollment.jwt
Version not specified, going to check with controller
Found version 1.6.14
Downloading file: https://github.com/openziti/ziti/releases/download/v1.6.14/ziti-linux-amd64-1.6.14.tar.gz
Downloading: 100%|██████████████████████████████████████████████████████████████████████████████████████████████████████| 52.2M/52.2M [00:01<00:00, 28.2MiB/s]
Successfully downloaded file
Starting binary install
Installing service unit file
Service ziti-router daemon-reload successful.
Creating config file
Starting Router Enrollment
Successfully enrolled Ziti
Starting Ubuntu DNS setup
Service systemd-networkd restart successful.
Service systemd-resolved restart successful.
Service ziti-router.service start successful.
Service ziti-router.service enable successful.

Step 3 — 라우터 상태 확인

systemctl status ziti-router

systemctl status ziti-router