openziti · dovholuknf · Jun 8, 2022 · Jun 5, 2022 · Jun 5, 2022 · Jun 6, 2022
@@ -2,4 +2,12 @@
 ZITI_IMAGE=openziti/quickstart
 ZITI_VERSION=latest
 ZITI_CONTROLLER_RAWNAME=ziti-controller
-ZITI_EDGE_CONTROLLER_RAWNAME=ziti-edge-controller
+ZITI_EDGE_CONTROLLER_RAWNAME=ziti-edge-controller
+
+## Additional variables to override. 
+#ZITI_EDGE_CONTROLLER_RAWNAME=some.other.name.com
+#ZITI_EDGE_CTRL_ADVERTISED_HOST_PORT=some.other.name.com:1280
+#ZITI_CTRL_ADVERTISED_ADDRESS=some.other.name.com
+#ZITI_EDGE_CONTROLLER_HOSTNAME=some.other.name.com
+#ZITI_CONTROLLER_HOSTNAME=some.other.name.com
+#ZITI_EDGE_CONTROLLER_IP_OVERRIDE=20.20.20.20
@@ -621,7 +621,7 @@ function pki_client_server {
   fi
 
   if ! test -f "${ZITI_PKI}/${ZITI_CA_NAME_local}/keys/${file_name}-server.key"; then
-    echo "Creating server cert from ca: ${ZITI_CA_NAME_local} for ${allow_list}"
+    echo "Creating server cert from ca: ${ZITI_CA_NAME_local} for ${allow_list} / ${ip_local}"
     "${ZITI_BIN_DIR-}/ziti" pki create server --pki-root="${ZITI_PKI_OS_SPECIFIC}" --ca-name "${ZITI_CA_NAME_local}" \
           --server-file "${file_name}-server" \
           --dns "${allow_list}" --ip "${ip_local}" \
@@ -781,10 +781,15 @@ function createPki {
   pki_create_intermediate "${ZITI_SPURIOUS_INTERMEDIATE}" "${ZITI_SIGNING_INTERMEDIATE_NAME}" 1
 
   echo " "
-  pki_allow_list="${ZITI_CONTROLLER_HOSTNAME},localhost,127.0.0.1"
-  if [[ "$EXTERNAL_DNS" != "" ]]; then pki_allow_list="$pki_allow_list,$EXTERNAL_DNS"; fi
-  pki_client_server "${pki_allow_list}" "${ZITI_CONTROLLER_INTERMEDIATE_NAME}" "${ZITI_CONTROLLER_IP_OVERRIDE-}" "${ZITI_CONTROLLER_HOSTNAME}"
-  pki_client_server "${ZITI_EDGE_CONTROLLER_HOSTNAME},localhost,127.0.0.1" "${ZITI_EDGE_CONTROLLER_INTERMEDIATE_NAME}" "${ZITI_EDGE_CONTROLLER_IP_OVERRIDE-}" "${ZITI_EDGE_CONTROLLER_HOSTNAME}"
+  pki_allow_list_dns="${ZITI_CONTROLLER_HOSTNAME},localhost,$(hostname)"
+  if [[ "${ZITI_EDGE_CONTROLLER_HOSTNAME}" != "" ]]; then pki_allow_list_dns="${pki_allow_list_dns},${ZITI_EDGE_CONTROLLER_HOSTNAME}"; fi
+  if [[ "${EXTERNAL_DNS}" != "" ]]; then pki_allow_list_dns="${pki_allow_list_dns},${EXTERNAL_DNS}"; fi
+  pki_allow_list_ip="127.0.0.1"
+  if [[ "${ZITI_EDGE_CONTROLLER_IP_OVERRIDE}" != "" ]]; then pki_allow_list_ip="${pki_allow_list_ip},${ZITI_EDGE_CONTROLLER_IP_OVERRIDE}"; fi
+  if [[ "${EXTERNAL_IP}" != "" ]]; then pki_allow_list_ip="${pki_allow_list_ip},${EXTERNAL_IP}"; fi
+
+  pki_client_server "${pki_allow_list_dns}" "${ZITI_CONTROLLER_INTERMEDIATE_NAME}" "${pki_allow_list_ip}" "${ZITI_CONTROLLER_HOSTNAME}"
+  pki_client_server "${pki_allow_list_dns}" "${ZITI_EDGE_CONTROLLER_INTERMEDIATE_NAME}" "${pki_allow_list_ip}" "${ZITI_EDGE_CONTROLLER_HOSTNAME}"
 }
 
 

@@ -18,10 +18,32 @@ services:
     entrypoint:
       - "/openziti/scripts/run-controller.sh"
 
+  ziti-controller-init-container:
+    image: "${ZITI_IMAGE}:${ZITI_VERSION}"
+    depends_on:
+      - ziti-controller
+    environment:
+      - ZITI_CONTROLLER_RAWNAME="${ZITI_CONTROLLER_RAWNAME}"
+      - ZITI_EDGE_CONTROLLER_RAWNAME="${ZITI_EDGE_CONTROLLER_RAWNAME}"
+    env_file:
+      - ./.env
+    networks:
+      zitiblue:
+        aliases:
+          - ziti-edge-controller-init-container
+      zitired:
+        aliases:
+          - ziti-edge-controller-init-container
+    volumes:
+      - ziti-fs:/openziti
+    entrypoint:
+      - "/openziti/scripts/access-control.sh"
+
   ziti-edge-router:
     image: "${ZITI_IMAGE}:${ZITI_VERSION}"
     environment:
       - ZITI_EDGE_ROUTER_RAWNAME=ziti-edge-router
+      - ZITI_EDGE_ROUTER_ROLES=public
     depends_on:
       - ziti-controller
     ports: