You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ziti Edge Tunneler for Linux seems to put a lot of useful stuff in directories that are read-only on "immutable" distros like Fedora Atomic, e.g /opt/ and /usr/.
Since the systemd service file (when enabled) in /etc/systemd/system/multi-user.target.wants/ziti-edge-tunnel.service is just a symlink to /usr/lib/systemd/system/ziti-edge-tunnel.service, changing the systemd service must be done by creating a drop-in snippet in /etc/systemd/system/ziti-edge-tunnel.service.d/.
This drop-in file makes the systemd service load identities from a read-write directory (make sure it exists first!) instead of the read-only (and therefore broken) default location of /opt/openziti/etc/identities/:
[Service]
ExecStart=
ExecStart=/opt/openziti/bin/ziti-edge-tunnel run --verbose=${ZITI_VERBOSE} --dns-ip-range=${ZITI_DNS_IP_RANGE} --identity-dir=/etc/openziti/identities
Read-only shenanigans might be related to these (non-fatal) errors:
april 02 18:33:53 fedora ziti-edge-tunnel[365643]: (365643)[ 0.055] ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not copy config file [/var/lib/ziti/config.json] to backup config file, the config might not exists at the moment
april 02 18:33:53 fedora ziti-edge-tunnel[365643]: (365643)[ 0.055] ERROR ziti-edge-tunnel:instance-config.c:142 save_tunnel_status_to_file() Could not open config file /var/lib/ziti/config.json to store the tunnel status data
The config file exists, so that's not the problem:
Ziti Edge Tunneler for Linux seems to put a lot of useful stuff in directories that are read-only on "immutable" distros like Fedora Atomic, e.g
/opt/
and/usr/
.Since the systemd service file (when enabled) in
/etc/systemd/system/multi-user.target.wants/ziti-edge-tunnel.service
is just a symlink to/usr/lib/systemd/system/ziti-edge-tunnel.service
, changing the systemd service must be done by creating a drop-in snippet in/etc/systemd/system/ziti-edge-tunnel.service.d/
.This drop-in file makes the systemd service load identities from a read-write directory (make sure it exists first!) instead of the read-only (and therefore broken) default location of
/opt/openziti/etc/identities/
:Read-only shenanigans might be related to these (non-fatal) errors:
The config file exists, so that's not the problem:
Related forum post
The text was updated successfully, but these errors were encountered: