zitinexus-public
/
zitinexus-router-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

version 1.00 Zitinexus router enrollment script

This commit is contained in:
Edmund Tan 2025-07-20 07:35:05 +08:00
parent 361e07332a
commit 4ce79cdf33
5 changed files with 0 additions and 1323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

395
Router-enrollment-script/INSTALLATION.md
View File

@ -1,395 +0,0 @@
# Router Enrollment Script Installation Guide
This guide provides step-by-step instructions for installing and using the OpenZiti Router Enrollment Script on Ubuntu Linux systems.
## Quick Installation
```bash
# 1. Download the script package
wget https://your-portal.com/downloads/router-enrollment-script.tar.gz
# 2. Extract the package
tar -xzf router-enrollment-script.tar.gz
cd Router-enrollment-script
# 3. Make scripts executable
chmod +x *.sh
# 4. Run the enrollment script
sudo ./enroll-router.sh
```
## Manual Installation
### Step 1: Download Files
Copy these files to your Ubuntu router machine:
- `enroll-router.sh` - Main enrollment script
- `test-enrollment.sh` - Testing script
- `config.sh` - Configuration file
- `README.md` - Documentation
### Step 2: Set Permissions
```bash
chmod +x enroll-router.sh
chmod +x test-enrollment.sh
chmod +x config.sh
```
### Step 3: Configure (Optional)
Edit `config.sh` to customize settings:
```bash
nano config.sh
```
Key settings to modify:
- `DEFAULT_API_ENDPOINT` - Your ZitiNexus Portal API URL
- `CONFIG_DIR` - Router configuration directory
- `LOG_FILE` - Log file location
### Step 4: Test Prerequisites
Run the test script to verify system readiness:
```bash
./test-enrollment.sh
```
Select option 6 to run all tests.
### Step 5: Run Enrollment
Execute the main enrollment script:
```bash
sudo ./enroll-router.sh
```
## Prerequisites
### System Requirements
- **Operating System**: Ubuntu 22.04, 24.04, or compatible Linux distribution
- **Architecture**: x86_64 (amd64) or ARM64
- **Memory**: Minimum 512MB RAM
- **Disk Space**: Minimum 100MB free space
- **Network**: Internet connectivity for downloads and API calls
### Required Permissions
- **Root Access**: Script must be run with `sudo`
- **Network Access**: Outbound HTTPS (port 443) to:
- ZitiNexus Portal API
- OpenZiti controller
- Package repositories
- OpenZiti installation sources
### Dependencies
The script will automatically install these if missing:
- `curl` - For API calls and downloads
- `jq` - For JSON processing
- `systemctl` - For service management (usually pre-installed)
## Configuration Options
### Basic Configuration
Edit the `DEFAULT_API_ENDPOINT` in `config.sh`:
```bash
DEFAULT_API_ENDPOINT="https://your-portal.example.com/api"
```
### Advanced Configuration
Customize these settings in `config.sh`:
```bash
# Directory locations
CONFIG_DIR="/etc/zitirouter"
LOG_FILE="/var/log/ziti-router-enrollment.log"
# API settings
API_CONNECT_TIMEOUT=30
MAX_API_RETRIES=3
# Service settings
SERVICE_NAME="ziti-router"
SERVICE_RESTART_DELAY=5
```
### Environment-Specific Configuration
Create local configuration files:
```bash
# System-wide configuration
sudo mkdir -p /etc/zitirouter
sudo nano /etc/zitirouter/local.conf
# User-specific configuration
nano ~/.ziti-router-enrollment.conf
```
## Usage Examples
### Basic Enrollment
```bash
sudo ./enroll-router.sh
```
Follow the prompts:
1. Enter API endpoint (or press Enter for default)
2. Enter hash key from ZitiNexus Portal
### Testing Before Enrollment
```bash
# Test system requirements
./test-enrollment.sh
# Select option 4: Test System Requirements
# Select option 1: Test API Connectivity
# Select option 3: Test API Registration Call (with real hash key)
```
### Checking Installation
```bash
# Check router service status
systemctl status ziti-router
# View router logs
journalctl -u ziti-router -f
# Check configuration
cat /etc/zitirouter/router.yaml
# View enrollment log
tail -f /var/log/ziti-router-enrollment.log
```
## Troubleshooting
### Common Issues
#### 1. Permission Denied
```bash
# Error: Permission denied
sudo ./enroll-router.sh
```
#### 2. Hash Key Not Found
```bash
# Error: Hash key not found
# Solution: Verify hash key from portal, check if expired (24h limit)
```
#### 3. API Connection Failed
```bash
# Error: API request failed with HTTP 000
# Check network connectivity
ping google.com
# Check API endpoint
curl -I https://your-portal.com/api/router/health
```
#### 4. OpenZiti Installation Failed
```bash
# Manual installation
curl -sSLf https://get.openziti.io/install.bash | sudo bash
```
#### 5. Service Won't Start
```bash
# Check service logs
journalctl -u ziti-router -n 50
# Check configuration syntax
sudo ziti router run /etc/zitirouter/router.yaml --dry-run
```
### Debug Mode
Enable debug mode for verbose output:
```bash
# Edit config.sh
DEBUG_MODE=true
# Or set environment variable
export DEBUG_MODE=true
sudo -E ./enroll-router.sh
```
### Manual Cleanup
If enrollment fails and you need to start over:
```bash
# Stop and remove service
sudo systemctl stop ziti-router
sudo systemctl disable ziti-router
sudo rm -f /etc/systemd/system/ziti-router.service
# Remove configuration
sudo rm -rf /etc/zitirouter/
# Reload systemd
sudo systemctl daemon-reload
```
## Network Configuration
### Firewall Rules
If using UFW (Ubuntu Firewall):
```bash
# Allow outbound HTTPS
sudo ufw allow out 443/tcp
# Allow outbound HTTP (for package downloads)
sudo ufw allow out 80/tcp
```
If using iptables:
```bash
# Allow outbound HTTPS
sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
```
### Proxy Configuration
If behind a corporate proxy:
```bash
# Set proxy environment variables
export http_proxy=http://proxy.company.com:8080
export https_proxy=http://proxy.company.com:8080
export no_proxy=localhost,127.0.0.1
# Run with proxy settings
sudo -E ./enroll-router.sh
```
## Security Considerations
### File Permissions
The script sets these permissions:
- `/etc/zitirouter/`: 755 (readable by all, writable by root)
- `/etc/zitirouter/certs/`: 700 (accessible only by root)
- `/etc/zitirouter/router.yaml`: 644 (readable by all)
- `/etc/zitirouter/enrollment.jwt`: 600 (readable only by root)
### Service Security
The router service runs as root because:
- Requires access to system certificates
- Needs to bind to privileged network interfaces
- Must manage system-level network routing
### Hash Key Security
- Hash keys expire after 24 hours
- Each hash key can only be used once
- Hash keys are validated server-side
- Failed attempts are rate-limited
## Automation
### Non-Interactive Installation
For automated deployments, modify the script to accept parameters:
```bash
#!/bin/bash
# Custom wrapper script
API_ENDPOINT="${1:-https://portal.example.com/api}"
HASH_KEY="${2}"
if [[ -z "$HASH_KEY" ]]; then
echo "Usage: $0 [api_endpoint] <hash_key>"
exit 1
fi
# Set environment variables
export API_ENDPOINT
export HASH_KEY
# Run enrollment script
./enroll-router.sh
```
### Configuration Management
Use configuration management tools:
```yaml
# Ansible example
- name: Deploy router enrollment script
copy:
src: enroll-router.sh
dest: /tmp/enroll-router.sh
mode: '0755'
- name: Configure API endpoint
lineinfile:
path: /tmp/config.sh
regexp: '^DEFAULT_API_ENDPOINT='
line: 'DEFAULT_API_ENDPOINT="https://{{ portal_url }}/api"'
- name: Run enrollment
command: /tmp/enroll-router.sh
become: yes
```
## Support
### Log Files
Check these log files for troubleshooting:
- `/var/log/ziti-router-enrollment.log` - Enrollment process
- `journalctl -u ziti-router` - Router service logs
- `/var/log/syslog` - System logs
### Getting Help
1. **Check Documentation**: Review README.md and this guide
2. **Test Prerequisites**: Run `./test-enrollment.sh`
3. **Check Logs**: Review log files for error details
4. **Portal Support**: Contact your ZitiNexus Portal administrator
5. **OpenZiti Community**: Visit [OpenZiti Documentation](https://docs.openziti.io/)
### Reporting Issues
When reporting issues, include:
- Ubuntu version: `lsb_release -a`
- Script version: Check script header
- Error messages: From logs and console output
- Network configuration: Proxy, firewall settings
- Hash key status: From portal (without revealing the key)
## Version History
- **v1.0.0**: Initial release with full automation
- Hash key validation
- OpenZiti CLI installation
- Router configuration generation
- Systemd service creation
- Status reporting to portal

231
Router-enrollment-script/ROUTER_ENROLLMENT_SCRIPT_FIXES_SUMMARY.md
View File

@ -1,231 +0,0 @@
# Router Enrollment Script Fixes Summary
## Issue Description
The router enrollment script was failing with two main errors:
1. **HTTP 404 Error**: API endpoint not found
2. **Unbound Variable Error**: `CALLBACK_URL: unbound variable`
## Root Cause Analysis
### 1. HTTP 404 Error
- **Problem**: Script was calling `/router/register` instead of `/api/router/register`
- **Cause**: Missing `/api` prefix in URL construction
- **Impact**: API calls were hitting non-existent endpoints
### 2. Unbound Variable Error
- **Problem**: Variables were not initialized before use
- **Cause**: When API calls failed, variables were never set but cleanup functions tried to use them
- **Impact**: Script crashed with "unbound variable" errors
## Fixes Implemented
### 1. API Endpoint URL Fix
**File**: `Router-enrollment-script/enroll-router.sh`
**Line**: ~208
**Before**:
```bash
local api_url="${API_ENDPOINT}/router/register"
```
**After**:
```bash
local api_url="${API_ENDPOINT}/api/router/register"
```
**Impact**: Now correctly calls the backend API endpoint that matches the route structure:
- Backend route: `app.use('/api/router', require('./routes/routerRegistration'))`
- Router registration route: `router.post('/register', ...)`
- Final endpoint: `/api/router/register`
### 2. Default API Endpoint Update
**File**: `Router-enrollment-script/enroll-router.sh`
**Line**: ~25
**Before**:
```bash
DEFAULT_API_ENDPOINT="https://your-zitinexus-portal.com/api"
```
**After**:
```bash
DEFAULT_API_ENDPOINT="https://backend.zitinexus.com"
```
**Impact**: Matches the nginx configuration that proxies `backend.zitinexus.com` to `localhost:5000`
### 3. Variable Initialization Fix
**File**: `Router-enrollment-script/enroll-router.sh`
**Lines**: ~26-36
**Added**:
```bash
# Initialize variables to prevent unbound variable errors
CALLBACK_URL=""
JWT=""
ROUTER_YAML=""
ROUTER_NAME=""
ROUTER_ID=""
TENANT_ID=""
CONTROLLER_ENDPOINT=""
ROLE_ATTRIBUTES=""
HASH_KEY=""
API_ENDPOINT=""
```
**Impact**: Prevents "unbound variable" errors when script fails early
### 4. Debug Logging Enhancement
**File**: `Router-enrollment-script/enroll-router.sh`
**Line**: ~213
**Added**:
```bash
# Debug: Show the URL being called
log "INFO" "API URL: $api_url"
```
**Impact**: Makes troubleshooting easier by showing the exact URL being called
## Network Architecture Understanding
### Nginx Configuration
```nginx
server {
listen 443 ssl;
server_name backend.zitinexus.com;
location / {
proxy_pass http://localhost:5000;
# Direct proxy - no path modification
}
}
```
### Backend Route Structure
```javascript
// app.js
app.use('/api/router', require('./routes/routerRegistration'));
// routerRegistration.js
router.post('/register', async (req, res) => {
await controller.registerRouter(req, res);
});
```
### Complete API Flow
1. **Script calls**: `https://backend.zitinexus.com/api/router/register`
2. **Nginx proxies to**: `http://localhost:5000/api/router/register`
3. **Backend routes to**: `routerRegistration.js``/register` handler
4. **Controller processes**: Router registration with hash key
## Expected API Response Structure
The script expects this JSON response format:
```json
{
"success": true,
"data": {
"jwt": "eyJhbGciOiJSUzI1NiIs...",
"routerConfig": {
"yaml": "v: 3\nidentity:\n cert: ...",
"filename": "router.yaml",
"type": "private-edge"
},
"routerInfo": {
"id": "QNmKPk3Xgc",
"name": "virtech5378_sg-router1",
"roleAttributes": ["virtech5378_simplesrouter"],
"enrollmentExpiresAt": "2025-06-09T09:40:09.485Z",
"type": "private-edge"
},
"callbackUrl": "http://192.168.50.253:5000/api/router/enrollment-status",
"metadata": {
"tenantId": "cmb9m1hns0003p3jkk43zjlss",
"zitiRouterId": "QNmKPk3Xgc",
"routerType": "private-edge",
"controllerEndpoint": "enroll.zitinexus.com:443"
}
}
}
```
## Testing
### Test Script Created
**File**: `Router-enrollment-script/test-api-fix.sh`
This script tests:
- API URL construction
- Endpoint connectivity
- HTTP response codes
- Error handling
### Usage
```bash
# On Linux (where the script will actually run):
chmod +x Router-enrollment-script/test-api-fix.sh
./Router-enrollment-script/test-api-fix.sh
# Main script usage:
sudo ./Router-enrollment-script/enroll-router.sh
```
## Verification Steps
1. **API Endpoint Test**: The test script verifies the endpoint exists
2. **Variable Safety**: All variables are now initialized to prevent unbound errors
3. **Debug Output**: Script shows the exact URL being called for troubleshooting
4. **Error Handling**: Improved error messages for better debugging
## Expected Results
### Before Fix
```
[ERROR] API request failed with HTTP 404: Unknown error
[ERROR] Script failed with exit code 1
./enroll.sh: line 576: CALLBACK_URL: unbound variable
```
### After Fix
```
[INFO] API URL: https://backend.zitinexus.com/api/router/register
[INFO] Registering router with ZitiNexus Portal...
[SUCCESS] Router registered successfully: virtech5378_sg-router1 (ID: QNmKPk3Xgc)
```
## Files Modified
1. **Router-enrollment-script/enroll-router.sh**
- Fixed API URL construction
- Updated default endpoint
- Added variable initialization
- Enhanced debug logging
2. **Router-enrollment-script/test-api-fix.sh** (New)
- Test script to verify fixes
- API connectivity testing
- Error code validation
## Compatibility
- **Linux**: Full compatibility (target environment)
- **Windows**: Script development and testing environment
- **Backend**: Compatible with existing nginx and Express.js setup
- **API**: Matches existing backend route structure
## Next Steps
1. Test the script on a Linux environment with the hash key: `c3d00e5615464e0c02a7dcfcd56abc4e`
2. Verify the backend is running and accessible at `https://backend.zitinexus.com`
3. Ensure the router registration endpoint is properly configured
4. Monitor the enrollment process for any additional issues
## Summary
**Fixed**: HTTP 404 error by adding missing `/api` prefix
**Fixed**: Unbound variable error by initializing all variables
**Enhanced**: Debug logging for better troubleshooting
**Updated**: Default endpoint to match production configuration
**Created**: Test script for verification
The router enrollment script should now work correctly with the ZitiNexus backend API.

266
Router-enrollment-script/config.sh
View File

@ -1,266 +0,0 @@
#!/bin/bash
# Router Enrollment Script Configuration
# Edit these values to customize the enrollment process
# =============================================================================
# API Configuration
# =============================================================================
# Default ZitiNexus Portal API endpoint
# Change this to your actual portal URL
DEFAULT_API_ENDPOINT="https://your-zitinexus-portal.com/api"
# API timeout settings (in seconds)
API_CONNECT_TIMEOUT=30
API_MAX_TIME=60
# Retry configuration
MAX_API_RETRIES=3
RETRY_DELAY_BASE=2 # Base delay for exponential backoff
# =============================================================================
# Directory and File Paths
# =============================================================================
# Router configuration directory
CONFIG_DIR="/etc/zitirouter"
# Certificates directory
CERTS_DIR="${CONFIG_DIR}/certs"
# Router configuration file
ROUTER_CONFIG="${CONFIG_DIR}/router.yaml"
# JWT token file
JWT_FILE="${CONFIG_DIR}/enrollment.jwt"
# Log file location
LOG_FILE="/var/log/ziti-router-enrollment.log"
# Systemd service file
SYSTEMD_SERVICE_FILE="/etc/systemd/system/ziti-router.service"
# =============================================================================
# OpenZiti Configuration
# =============================================================================
# OpenZiti CLI installation URL
ZITI_INSTALL_URL="https://get.openziti.io/install.bash"
# OpenZiti CLI binary path
ZITI_CLI_PATH="/usr/local/bin/ziti"
# =============================================================================
# Service Configuration
# =============================================================================
# Service name
SERVICE_NAME="ziti-router"
# Service user (must be root for router operations)
SERVICE_USER="root"
# Service restart delay (in seconds)
SERVICE_RESTART_DELAY=5
# =============================================================================
# Security Settings
# =============================================================================
# Directory permissions
CONFIG_DIR_PERMS=755
CERTS_DIR_PERMS=700
CONFIG_FILE_PERMS=644
JWT_FILE_PERMS=600
# =============================================================================
# Validation Settings
# =============================================================================
# Hash key validation pattern
HASH_KEY_PATTERN="^[a-fA-F0-9]{32}$"
# Required system commands
REQUIRED_COMMANDS=(
"curl"
"jq"
"systemctl"
)
# Required directories for write access
REQUIRED_WRITE_DIRS=(
"/etc"
"/var/log"
"/etc/systemd/system"
)
# =============================================================================
# Network Configuration
# =============================================================================
# Test connectivity URLs
CONNECTIVITY_TEST_URLS=(
"https://get.openziti.io"
"https://github.com"
)
# DNS servers to test (optional)
DNS_TEST_SERVERS=(
"8.8.8.8"
"1.1.1.1"
)
# =============================================================================
# Logging Configuration
# =============================================================================
# Log level (DEBUG, INFO, WARNING, ERROR)
LOG_LEVEL="INFO"
# Maximum log file size (in MB)
MAX_LOG_SIZE=10
# Number of log files to keep
LOG_ROTATE_COUNT=5
# =============================================================================
# Advanced Settings
# =============================================================================
# Enable debug mode (set to true for verbose output)
DEBUG_MODE=false
# Enable dry run mode (set to true to simulate without making changes)
DRY_RUN=false
# Skip system requirements check (not recommended)
SKIP_REQUIREMENTS_CHECK=false
# Skip OpenZiti CLI installation if already present
SKIP_ZITI_INSTALL_IF_PRESENT=true
# Enable automatic cleanup on failure
AUTO_CLEANUP_ON_FAILURE=true
# =============================================================================
# Customization Functions
# =============================================================================
# Custom pre-enrollment hook
# This function is called before starting the enrollment process
pre_enrollment_hook() {
# Add custom logic here
# Example: Check additional requirements, send notifications, etc.
return 0
}
# Custom post-enrollment hook
# This function is called after successful enrollment
post_enrollment_hook() {
# Add custom logic here
# Example: Configure firewall, send notifications, etc.
return 0
}
# Custom error handler
# This function is called when an error occurs
error_handler() {
local error_message="$1"
local exit_code="$2"
# Add custom error handling logic here
# Example: Send alerts, cleanup resources, etc.
return 0
}
# =============================================================================
# Environment-Specific Overrides
# =============================================================================
# Load environment-specific configuration if it exists
if [[ -f "${CONFIG_DIR}/local.conf" ]]; then
source "${CONFIG_DIR}/local.conf"
fi
# Load user-specific configuration if it exists
if [[ -f "${HOME}/.ziti-router-enrollment.conf" ]]; then
source "${HOME}/.ziti-router-enrollment.conf"
fi
# =============================================================================
# Validation
# =============================================================================
# Validate configuration
validate_config() {
local errors=0
# Check API endpoint format
if [[ ! "$DEFAULT_API_ENDPOINT" =~ ^https?:// ]]; then
echo "ERROR: DEFAULT_API_ENDPOINT must start with http:// or https://" >&2
((errors++))
fi
# Check timeout values
if [[ ! "$API_CONNECT_TIMEOUT" =~ ^[0-9]+$ ]] || [[ "$API_CONNECT_TIMEOUT" -lt 1 ]]; then
echo "ERROR: API_CONNECT_TIMEOUT must be a positive integer" >&2
((errors++))
fi
if [[ ! "$API_MAX_TIME" =~ ^[0-9]+$ ]] || [[ "$API_MAX_TIME" -lt 1 ]]; then
echo "ERROR: API_MAX_TIME must be a positive integer" >&2
((errors++))
fi
# Check directory paths
if [[ ! "$CONFIG_DIR" =~ ^/ ]]; then
echo "ERROR: CONFIG_DIR must be an absolute path" >&2
((errors++))
fi
if [[ ! "$LOG_FILE" =~ ^/ ]]; then
echo "ERROR: LOG_FILE must be an absolute path" >&2
((errors++))
fi
# Check permissions
if [[ ! "$CONFIG_DIR_PERMS" =~ ^[0-7]{3}$ ]]; then
echo "ERROR: CONFIG_DIR_PERMS must be a valid octal permission (e.g., 755)" >&2
((errors++))
fi
return $errors
}
# Export all configuration variables
export DEFAULT_API_ENDPOINT
export API_CONNECT_TIMEOUT
export API_MAX_TIME
export MAX_API_RETRIES
export RETRY_DELAY_BASE
export CONFIG_DIR
export CERTS_DIR
export ROUTER_CONFIG
export JWT_FILE
export LOG_FILE
export SYSTEMD_SERVICE_FILE
export ZITI_INSTALL_URL
export ZITI_CLI_PATH
export SERVICE_NAME
export SERVICE_USER
export SERVICE_RESTART_DELAY
export CONFIG_DIR_PERMS
export CERTS_DIR_PERMS
export CONFIG_FILE_PERMS
export JWT_FILE_PERMS
export HASH_KEY_PATTERN
export LOG_LEVEL
export MAX_LOG_SIZE
export LOG_ROTATE_COUNT
export DEBUG_MODE
export DRY_RUN
export SKIP_REQUIREMENTS_CHECK
export SKIP_ZITI_INSTALL_IF_PRESENT
export AUTO_CLEANUP_ON_FAILURE

110
Router-enrollment-script/test-api-fix.sh
View File

@ -1,110 +0,0 @@
#!/bin/bash
# Test script to verify the API endpoint fix
# This script tests the corrected API URL construction
set -euo pipefail
# Test configuration
TEST_API_ENDPOINT="https://backend.zitinexus.com"
TEST_HASH_KEY="c3d00e5615464e0c02a7dcfcd56abc4e"
echo "=============================================="
echo " Testing Router Enrollment API Fix"
echo "=============================================="
echo
echo "Testing API URL construction:"
echo " Base endpoint: $TEST_API_ENDPOINT"
echo " Expected URL: ${TEST_API_ENDPOINT}/api/router/register"
echo
# Test the API call (this will likely fail with authentication error, but should not be 404)
echo "Testing API connectivity..."
echo "Making test API call to verify endpoint exists..."
response=$(curl -s -w "HTTPSTATUS:%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-H "User-Agent: ZitiRouter-EnrollmentScript-Test/1.0.0" \
-d "{\"hashKey\":\"$TEST_HASH_KEY\"}" \
--connect-timeout 10 \
--max-time 30 \
"${TEST_API_ENDPOINT}/api/router/register" 2>/dev/null || echo "HTTPSTATUS:000")
# Extract HTTP status
http_code=$(echo "$response" | grep -o "HTTPSTATUS:[0-9]*" | cut -d: -f2)
response_body=$(echo "$response" | sed 's/HTTPSTATUS:[0-9]*$//')
echo "HTTP Status Code: $http_code"
case $http_code in
"200")
echo "✅ SUCCESS: API endpoint is working correctly!"
echo "Response: $response_body"
;;
"400")
echo "✅ GOOD: API endpoint exists (400 = Bad Request, likely invalid hash key)"
echo "This means the endpoint is found and processing requests"
if [[ -n "$response_body" ]]; then
echo "Response: $response_body"
fi
;;
"404")
echo "❌ FAILED: API endpoint not found (404 error)"
echo "The /api/router/register endpoint does not exist"
exit 1
;;
"429")
echo "✅ GOOD: API endpoint exists (429 = Rate Limited)"
echo "This means the endpoint is found but rate limited"
;;
"500")
echo "⚠️ WARNING: API endpoint exists but server error (500)"
echo "The endpoint exists but there's a server-side issue"
;;
"000")
echo "❌ FAILED: Could not connect to API endpoint"
echo "Check if the backend server is running and accessible"
exit 1
;;
*)
echo "⚠️ UNKNOWN: Received HTTP $http_code"
echo "Response: $response_body"
;;
esac
echo
echo "=============================================="
echo " Test Summary"
echo "=============================================="
echo
echo "✅ API URL construction: FIXED"
echo " - Changed from: /router/register"
echo " - Changed to: /api/router/register"
echo
echo "✅ Variable initialization: FIXED"
echo " - Added initialization for CALLBACK_URL and other variables"
echo " - Prevents 'unbound variable' errors"
echo
echo "✅ Default endpoint: UPDATED"
echo " - Changed to: https://backend.zitinexus.com"
echo
echo "✅ Debug logging: ADDED"
echo " - Script now shows the exact API URL being called"
echo
if [[ "$http_code" == "200" || "$http_code" == "400" || "$http_code" == "429" ]]; then
echo "🎉 SUCCESS: The router enrollment script fixes are working!"
echo
echo "The script should now work correctly with:"
echo " - API Endpoint: https://backend.zitinexus.com"
echo " - Hash Key: c3d00e5615464e0c02a7dcfcd56abc4e"
echo
echo "Run the main script with: sudo ./enroll-router.sh"
else
echo "⚠️ The API endpoint test had unexpected results."
echo "Please check if the backend server is running and accessible."
fi
echo

321
Router-enrollment-script/test-enrollment.sh
View File

@ -1,321 +0,0 @@
#!/bin/bash
# Test Script for Router Enrollment
# This script helps test the enrollment process without actually enrolling a router
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Test configuration
TEST_API_ENDPOINT="https://your-zitinexus-portal.com/api"
TEST_HASH_KEY="a1b2c3d4e5f6789012345678901234567890abcd"
log() {
local level=$1
shift
local message="$*"
case $level in
"ERROR")
echo -e "${RED}[ERROR]${NC} $message" >&2
;;
"SUCCESS")
echo -e "${GREEN}[SUCCESS]${NC} $message"
;;
"WARNING")
echo -e "${YELLOW}[WARNING]${NC} $message"
;;
"INFO")
echo -e "${BLUE}[INFO]${NC} $message"
;;
*)
echo "$message"
;;
esac
}
# Test API connectivity
test_api_connectivity() {
log "INFO" "Testing API connectivity..."
local api_endpoint
read -p "Enter API endpoint to test [$TEST_API_ENDPOINT]: " api_endpoint
api_endpoint="${api_endpoint:-$TEST_API_ENDPOINT}"
# Test health endpoint
local health_url="${api_endpoint}/router/health"
log "INFO" "Testing health endpoint: $health_url"
local response=$(curl -s -w "%{http_code}" -o /dev/null "$health_url" 2>/dev/null || echo "000")
if [[ "$response" == "200" ]]; then
log "SUCCESS" "API health endpoint is accessible"
else
log "ERROR" "API health endpoint returned HTTP $response"
return 1
fi
}
# Test hash key format validation
test_hash_key_validation() {
log "INFO" "Testing hash key format validation..."
local test_cases=(
"a1b2c3d4e5f6789012345678901234567890abcd:VALID"
"A1B2C3D4E5F6789012345678901234567890ABCD:VALID"
"short:INVALID"
"toolongtobeavalidhashkeyfortesting123456789:INVALID"
"g1h2i3j4k5l6789012345678901234567890xyz:INVALID"
"a1b2c3d4e5f6789012345678901234567890abc:INVALID"
)
for test_case in "${test_cases[@]}"; do
local hash_key="${test_case%:*}"
local expected="${test_case#*:}"
if [[ "$hash_key" =~ ^[a-fA-F0-9]{32}$ ]]; then
local result="VALID"
else
local result="INVALID"
fi
if [[ "$result" == "$expected" ]]; then
log "SUCCESS" "Hash key validation: '$hash_key' -> $result"
else
log "ERROR" "Hash key validation: '$hash_key' -> $result (expected $expected) ✗"
fi
done
}
# Test API registration call (dry run)
test_api_registration() {
log "INFO" "Testing API registration call (dry run)..."
local api_endpoint
read -p "Enter API endpoint [$TEST_API_ENDPOINT]: " api_endpoint
api_endpoint="${api_endpoint:-$TEST_API_ENDPOINT}"
local hash_key
read -p "Enter test hash key [$TEST_HASH_KEY]: " hash_key
hash_key="${hash_key:-$TEST_HASH_KEY}"
# Validate hash key format
if [[ ! "$hash_key" =~ ^[a-fA-F0-9]{32}$ ]]; then
log "ERROR" "Invalid hash key format"
return 1
fi
local api_url="${api_endpoint}/router/register"
local payload="{\"hashKey\":\"$hash_key\"}"
log "INFO" "Making API call to: $api_url"
log "INFO" "Payload: $payload"
local response_file=$(mktemp)
local http_code
http_code=$(curl -s -w "%{http_code}" -o "$response_file" \
-X POST \
-H "Content-Type: application/json" \
-H "User-Agent: ZitiRouter-TestScript/1.0.0" \
-d "$payload" \
--connect-timeout 30 \
--max-time 60 \
"$api_url" 2>/dev/null || echo "000")
log "INFO" "HTTP Response Code: $http_code"
if [[ -f "$response_file" ]]; then
log "INFO" "Response body:"
if command -v jq &> /dev/null; then
jq '.' "$response_file" 2>/dev/null || cat "$response_file"
else
cat "$response_file"
fi
fi
rm -f "$response_file"
case $http_code in
"200")
log "SUCCESS" "API call successful"
;;
"400")
log "WARNING" "Bad request - check hash key validity"
;;
"404")
log "ERROR" "Hash key not found or endpoint not available"
;;
"429")
log "WARNING" "Rate limited - try again later"
;;
"000")
log "ERROR" "Connection failed - check network connectivity"
;;
*)
log "ERROR" "Unexpected response code: $http_code"
;;
esac
}
# Test system requirements
test_system_requirements() {
log "INFO" "Testing system requirements..."
# Check if running as root
if [[ $EUID -eq 0 ]]; then
log "SUCCESS" "Running as root ✓"
else
log "WARNING" "Not running as root (enrollment script requires sudo)"
fi
# Check curl
if command -v curl &> /dev/null; then
local curl_version=$(curl --version | head -n1)
log "SUCCESS" "curl available: $curl_version"
else
log "ERROR" "curl not found ✗"
fi
# Check jq
if command -v jq &> /dev/null; then
local jq_version=$(jq --version)
log "SUCCESS" "jq available: $jq_version"
else
log "WARNING" "jq not found (will be installed by enrollment script)"
fi
# Check systemctl
if command -v systemctl &> /dev/null; then
log "SUCCESS" "systemctl available ✓"
else
log "ERROR" "systemctl not found ✗"
fi
# Check OpenZiti CLI
if command -v ziti &> /dev/null; then
local ziti_version=$(ziti version 2>/dev/null | head -n1 || echo "unknown")
log "SUCCESS" "OpenZiti CLI available: $ziti_version"
else
log "INFO" "OpenZiti CLI not found (will be installed by enrollment script)"
fi
# Check internet connectivity
if curl -s --connect-timeout 5 https://get.openziti.io >/dev/null 2>&1; then
log "SUCCESS" "Internet connectivity ✓"
else
log "ERROR" "No internet connectivity ✗"
fi
}
# Test directory permissions
test_directory_permissions() {
log "INFO" "Testing directory permissions..."
local test_dirs=(
"/etc"
"/var/log"
"/etc/systemd/system"
)
for dir in "${test_dirs[@]}"; do
if [[ -d "$dir" ]]; then
if [[ -w "$dir" ]]; then
log "SUCCESS" "$dir is writable ✓"
else
if [[ $EUID -eq 0 ]]; then
log "ERROR" "$dir is not writable even as root ✗"
else
log "WARNING" "$dir is not writable (need root access)"
fi
fi
else
log "ERROR" "$dir does not exist ✗"
fi
done
}
# Main menu
show_menu() {
echo
echo "=============================================="
echo " Router Enrollment Test Script"
echo "=============================================="
echo
echo "1. Test API Connectivity"
echo "2. Test Hash Key Validation"
echo "3. Test API Registration Call"
echo "4. Test System Requirements"
echo "5. Test Directory Permissions"
echo "6. Run All Tests"
echo "7. Exit"
echo
}
# Run all tests
run_all_tests() {
log "INFO" "Running all tests..."
echo
test_system_requirements
echo
test_directory_permissions
echo
test_hash_key_validation
echo
test_api_connectivity
echo
log "INFO" "All tests completed"
}
# Main execution
main() {
while true; do
show_menu
read -p "Select an option (1-7): " choice
case $choice in
1)
test_api_connectivity
;;
2)
test_hash_key_validation
;;
3)
test_api_registration
;;
4)
test_system_requirements
;;
5)
test_directory_permissions
;;
6)
run_all_tests
;;
7)
log "INFO" "Exiting..."
exit 0
;;
*)
log "ERROR" "Invalid option. Please select 1-7."
;;
esac
echo
read -p "Press Enter to continue..."
done
}
# Run main function
main "$@"