Skip to content

Releases: openziti/ziti

v0.28.2

21 Jun 22:10
@github-actions github-actions
v0.28.2
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
53009d9
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.28.2

Release 0.28.2

What's New

  • IMPORTANT: If you update your OpenZiti binaries to this version or later (which can be done easily with the getZiti() function, you will need to migrate any existing network that has been developed using OpenZiti v0.27.5 or earlier binaries as the new binaries will expect the new environment variable names. A function performMigration() has been provided in the ziti-cli-script.sh for this purpose. Simply source the latest ziti-cli-script.sh, and your current network's .env file, then run performMigration() to update environment variable name references. If the migration process cannot find your existing environment file in the default location, you will need to provide the path to the migration function, ex: performMigration <path-to-environment-file>
  • If you were using the ZITI_HOME environment variable to configure where your ziti CLI profiles were stored, you should now use ZITI_CONFIG_DIR instead.

Component Updates and Bug Fixes

Assets 7
Loading

v0.28.1

09 Jun 20:22
@github-actions github-actions
v0.28.1
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
a3c1f7e
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.28.1

Release 0.28.1

What's New

  • ziti CLI now trims jwt files specified for login preventing a confusing invalid header field value for "Authorization"
    error when trying to use -e flag

Router Health Check Changes

The link health check on routers now supports an initial delay configuration.


healthChecks:
  linkCheck:
    minLinks: 1
    interval: 30s
    initialDelay: 5s

The health check will also now start with an initial state of unhealthy, unless minLinks is set to zero.

Finally, link checks now include the addresses associated with the links:

    {
        "details": [
            {
                "linkId": "6a72EtnLib5nUvjhVLuHOb",
                "destRouterId": "5uUxuQ3u6Q",
                "latency": 2732886.5,
                "addresses": {
                    "ack": {
                        "localAddr": "tcp:127.0.0.1:4023",
                        "remoteAddr": "tcp:127.0.0.1:33520"
                    },
                    "payload": {
                        "localAddr": "tcp:127.0.0.1:4023",
                        "remoteAddr": "tcp:127.0.0.1:33504"
                    }
                }
            }
        ],
        "healthy": true,
        "id": "link.health",
        "lastCheckDuration": "53.213µs",
        "lastCheckTime": "2023-06-01T18:35:11Z"
    }

Event Changes

AMQP Event Writer Changes

A new field is available to the AMQP Event Writer. bufferSize denotes how many messages ziti will hold during AMQP connection outages. Any messages exceeding this limit will be logged and dropped.

Example configuration:

events:
  jsonLogger:
    subscriptions:
      - type: fabric.circuits
    handler:
      type: amqp
      format: json
      url: "amqp://localhost:5672" 
      queue: ziti
      durable: true      //default:true
      autoDelete: false  //default:false
      exclusive: false   //default:false
      noWait: false      //default:false
      bufferSize: 50     //default:50

Component Updates and Bug Fixes

Assets 7
Loading

v0.28.0

26 May 18:29
@github-actions github-actions
v0.28.0
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
64a46e4
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.28.0

Release 0.28.0

What's New

  • Event changes
    • Added AMQP event writter for events
    • Add entity change events for auditing or external integration
    • Add usage event filtering
    • Add annotations to circuit events
  • CLI additions for ziti to login with certificates or external-jwt-signers
  • NOTE: ziti edge login flag changes:
    • -c flag has been changed to map to --client-cert
    • --cert is now --ca and has no short flag representation
    • -e/--ext-jwt allows a user to supply a file containing a jwt used with ext-jwt-signers to login
    • -c/--client-cert allows a certificate to be supplied to login (used with -k/--client-key)
    • -k/--client-key allows a key to be supplied to login (used with -c/--client-cert)
  • Config type changes
    • address fields in intercept.v1, host.v1, and host.v2 config types now permit hostnames with underscores.
  • Edge Router/Tunneler now supports setting default UDP idle timeout/check interval

Event Changes

AMPQ Event Writer

Previously events could only be emitted to a file. They can now also be emitted to an AMQP endpoint.

Example configuration:

events:
  jsonLogger:
    subscriptions:
      - type: fabric.circuits
    handler:
      type: amqp
      format: json
      url: "amqp://localhost:5672" 
      queue: ziti
      durable: true      //default:true
      autoDelete: false  //default:false
      exclusive: false   //default:false
      noWait: false      //default:false

Entity Change Events

OpenZiti can now be configured to emit entity change events. These events describe the changes when entities stored in the
bbolt database are created, updated or deleted.

Note that events are emitted during the transaction. They are emitted at the end, so it's unlikely, but possible that an event will be emitted for a change which is rolled back. For this reason a following event will emitted when the change is committed. If a system crashes after commit, but before the committed event can be emitted, it will be emitted on the next startup.

Example configuration:

events:
  jsonLogger:
    subscriptions:
      - type: entityChange
        include:
          - services
          - identities
    handler:
      type: file
      format: json
      path: /tmp/ziti-events.log

See the related issue for discussion: openziti/fabric#562

Example output:

{
  "namespace": "entityChange",
  "eventId": "326faf6c-8123-42ae-9ed8-6fd9560eb567",
  "eventType": "created",
  "timestamp": "2023-05-11T21:41:47.128588927-04:00",
  "metadata": {
    "author": {
      "type": "identity",
      "id": "ji2Rt8KJ4",
      "name": "Default Admin"
    },
    "source": {
      "type": "rest",
      "auth": "edge",
      "localAddr": "localhost:1280",
      "remoteAddr": "127.0.0.1:37578",
      "method": "POST"
    },
    "version": "v0.0.0"
  },
  "entityType": "services",
  "isParentEvent": false,
  "initialState": null,
  "finalState": {
    "id": "6S0bCGWb6yrAutXwSQaLiv",
    "createdAt": "2023-05-12T01:41:47.128138887Z",
    "updatedAt": "2023-05-12T01:41:47.128138887Z",
    "tags": {},
    "isSystem": false,
    "name": "test",
    "terminatorStrategy": "smartrouting",
    "roleAttributes": [
      "goodbye",
      "hello"
    ],
    "configs": null,
    "encryptionRequired": true
  }
}

{
  "namespace": "entityChange",
  "eventId": "326faf6c-8123-42ae-9ed8-6fd9560eb567",
  "eventType": "committed",
  "timestamp": "2023-05-11T21:41:47.129235443-04:00"
}

Usage Event Filtering

Usage events, version 3, can now be filtered based on type.

The valid types include:

  • ingress.rx
  • ingress.tx
  • egress.rx
  • egress.tx
  • fabric.rx
  • fabric.tx

Example configuration:

events:
  jsonLogger:
    subscriptions:
      - type: fabric.usage
        version: 3
        include:
          - ingress.rx
          - egress.rx

Circuit Event Annotations

Circuit events initiated from the edge are now annotated with clientId, hostId and serviceId, to match usage events. The client and host ids are identity ids.

Example output:

 {
  "namespace": "fabric.circuits",
  "version": 2,
  "event_type": "created",
  "circuit_id": "0CEjWYiw6",
  "timestamp": "2023-05-05T11:44:03.242399585-04:00",
  "client_id": "clhaq7u7600o4ucgdpxy9i4t1",
  "service_id": "QARLLTKjqfLZytmSsIqba",
  "terminator_id": "7ddcd421-2b00-4b49-9ac0-8c78fe388c30",
  "instance_id": "",
  "creation_timespan": 1014280,
  "path": {
    "nodes": [
      "U7OwPtfjg",
      "a4rC9DrZ3"
    ],
    "links": [
      "7Ru3hoxsssZzUNOyvd8Jcb"
    ],
    "ingress_id": "K9lD",
    "egress_id": "rQLK",
    "initiator_local_addr": "100.64.0.1:1234",
    "initiator_remote_addr": "100.64.0.1:37640",
    "terminator_local_addr": "127.0.0.1:45566",
    "terminator_remote_addr": "127.0.0.1:1234"
  },
  "link_count": 1,
  "path_cost": 392151,
  "tags": {
    "clientId": "U7OwPtfjg",
    "hostId": "a4rC9DrZ3",
    "serviceId": "QARLLTKjqfLZytmSsIqba"
  }
}

ER/T UDP Settings

The edge router tunneler now allows configuring a timeout and check interval for tproxy UDP intercepts. By default intercepted UDP
connections will be closed after five minutes of no traffic, checking every thirty seconds. The configuration is done in the router
config file, in the options for the tunnel module. Note that these configuration options only apply to tproxy intercepts, not to
proxy or host side UDP connections.

Example configuration:

listeners:
  - binding: tunnel
    options:
      mode: tproxy
      udpIdleTimeout: 10s
      udpCheckInterval: 5s

Component Updates and Bug Fixes

Read more
Assets 7
Loading

v0.27.9

12 Apr 18:34
@github-actions github-actions
v0.27.9
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
5739c54
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.9

Release 0.27.9

What's New

  • Refactored the websocket transport to fix a concurrency issue
  • v0.27.6 changed delete behaviors to error if the entity was not found. This release reverts that behavior.

Component Updates and Bug Fixes

Assets 7
Loading

v0.27.8

06 Apr 14:12
@github-actions github-actions
v0.27.8
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
c0d3368
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.8

Release 0.27.8

What's New

  • CLI additions for auth policies and external JWT signers
  • Performance improvements for listing services

Component Updates and Bug Fixes

Assets 7
Loading

v0.27.7

30 Mar 14:05
@github-actions github-actions
v0.27.7
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
0e4eb56
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.7

Release 0.27.7

What's New

  • This release updates the build to use Go 1.20
Assets 7
Loading

v0.27.6

29 Mar 14:06
@github-actions github-actions
v0.27.6
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
9e11c91
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.6

Release 0.27.6

What's New

  • Makes inspect CLI more discoverable by adding subcommands for inspectable values
  • Adds new inspection allowing configs to be retrieved: ziti fabric inspect config
  • Many improvements to edge-router/tunneler hosting performance with large numbers of hosted services
    • Routers should no longer overwhelm controller while setting up or reestablishing hosting
  • Adds ability to disable router
  • Adds CLI command to compact offline bbolt database: ziti ops db compact <src> <dst>
  • Adds CLI command to re-enroll edge routers: ziti edge re-enroll edge-router
  • Routers can now be disabled. Connections to the controller from disabled routers will be rejected.
    • Disable with: ziti fabric update router <router-id> --disabled
    • Enable with: ziti fabric update router <router-id> --disabled=false

Component Updates and Bug Fixes

  • github.com/openziti/agent: v1.0.8 -> v1.0.10

  • github.com/openziti/channel/v2: v2.0.27 -> v2.0.53

    • Issue #83 - Improve protocol mismatch error(s)
    • Issue #93 - Fix atomic 64-bit alignment error on arm devices

  • github.com/openziti/edge: v0.24.125 -> v0.24.224

    • Issue #1373 - Add support for disabled flag to edge and transit routers
    • Issue #1374 - Multiple MFA enrollments cannot be cleaned up by administrators
    • Issue #1336 - xgress_edge_tunnel shouldn't stop/start host on control channel reconnect
    • Issue #1369 - Add missing entity type id for TransitRouter
    • Issue #1366 - Error message incorrectly state 'invalid api session' when it's an invalid session
    • Issue #1364 - Cache api-sessions for tunneler router so we don't need to unnecessarily create new sessions
    • Issue #1362 - Rate limit terminator creates for router/tunneler
    • Issue #1359 - Sessions creates should be idempotent
    • Issue #1355 - Handle duplicate create terminator requests if create terminator fails
    • Issue #1350 - Router event processing can deadlock
    • Issue #1329 - UDP connections can drop data if datagrams are > 10k in size
    • Issue #1310 - Creating a cert backed ext-jwt-signer causes nil dereference

  • github.com/openziti/edge-api: v0.25.6 -> v0.25.9

  • github.com/openziti/fabric: v0.22.24 -> v0.22.76

    • Issue #651 - Add router enable/disable mechanism
    • Issue #648 - Add rate limiter pool to router for operations with potential to flood the controller
    • Issue #610 - Fix router disconnect when endpoint removed from cluster
    • Issue #622 - fatal error: concurrent map iteration and map write in logContext.WireEntry
    • Issue #507 - Add configuration for control channel heartbeat
    • Issue #584 - Add cluster events
    • Issue #599 - Add release and transfer leadership commands
    • Issue #606 - Ensure consistent use of peer address
    • Issue #598 - Add support to fabric inspect to propagate inspect to other controllers
    • Issue #597 - Make raft settings configurable
    • Issue #604 - Don't create link dropped msg metric until channel bind time
    • Issue #638 - Fix atomic 64-bit alignment error on arm devices

  • github.com/openziti/foundation/v2: v2.0.10 -> v2.0.18

  • github.com/openziti/identity: v1.0.30 -> v1.0.42

  • github.com/openziti/runzmd: v1.0.9 -> v1.0.18

  • github.com/openziti/sdk-golang: v0.18.28 -> v0.18.76

    • Issue #356 - sdk connections should respect net.Conn deadline related API specifications

  • github.com/openziti/storage: v0.1.34 -> v0.1.45

  • github.com/openziti/transport/v2: v2.0.51 -> v2.0.68

  • github.com/openziti/jwks: v1.0.2 -> v1.0.3

  • github.com/openziti/metrics: v1.2.3 -> v1.2.16

  • github.com/openziti/ziti: v0.27.5 -> v0.27.6

    • Issue #1041 - Add ziti compact command to CLI
    • Issue #1032 - ziti edge create service fails silently if config names don't exist
    • Issue #1031 - Fixed quickstart bug with arm and arm64 ambiguity when running quickstart on arm architecture
Assets 7
Loading

v0.27.5

13 Feb 22:00
@github-actions github-actions
v0.27.5
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
7221811
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.5

Release 0.27.5

What's New

  • Fixes an issue with ziti CLI when using a globally trusted CA
  • Fixes bug where ziti agent stack was calling ziti agent stats
  • ziti controller/router no longer compare the running version with
    the latest from github by default. Set ZITI_CHECK_VERSION=true to
    enable this behavior

Component Updates and Bug Fixes

Assets 7
Loading

v0.27.4

08 Feb 02:13
@github-actions github-actions
v0.27.4
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
44b5899
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.4

Release 0.27.4

What's New

This release contains a fix for a controller deadlock

Component Updates and Bug Fixes

Assets 7
Loading

v0.27.3

03 Feb 20:04
@github-actions github-actions
v0.27.3
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
25bcb29
This commit was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.3

Release 0.27.3

What's New

  • Docker images for ziti CLI

  • New Raft interaction commands

    • raft-leave allows removal of controllers from the raft cluster
    • raft-list lists all connected controllers and their version/connected status
    • fabric raft list-members same info as the agent command, but over rest

Component Updates and Bug Fixes

Assets 7
Loading