`ex-secure-daml-infra` refapp UI build error when following docs using yarn, script using npm is working

When I try to build the UI of the ex-secure-daml-infra refapp as per the documentation, using yarn, I get an error. See the instructions here: ex-secure-daml-infra/BuildSteps.md at 487ed79b1a62f0bd543ee7213e63337245dcbcb7 · digital-asset/ex-secure-daml-infra · GitHub

This line isn’t correct, but fixing it only helps with the codegen.

Instead of this:

daml codegen js .daml/dist/ex-secure-daml-infra-0.1.0.dar -o daml.js

this is correct:

daml codegen js .daml/dist/ex-secure-daml-infra-0.0.1.dar -o daml.js

But this doesn’t work:

cd ui
yarn install

I get this error message:

gyorgybalazsi@BGY ui % yarn install
yarn install v1.22.5
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 🔨  Building fresh packages...
success Saved lockfile.
✨  Done in 0.10s.

It seems that yarn cannot use the package.json-template file.

The ./build.sh script mentioned in the TechNote: Certificate Revocation chapter works. It uses npm instead of yarn.

Thank you for reporting this. I will updated instructions. Switched to npm for the UI and the first is a typo. I’ll correct in the repo.

Also note that most of the steps are done in build.sh script. This has been switched to use bpm instead of yarn. This also uses the template file to set various values. I use

./clean.sh
./build.sh
./run-docker.sh
./run-root-ocsp.sh; ./run-ocsp.sh <= optional unless testing OCSP certificate revocation (separate Technote)
./run-sandbox.sh
etc, etc

@nycnewman this might help. After running ./run-docker.sh I get the following errors in Docker Desktop (on a Mac):

daml-postgres

The files belonging to this database system will be owned by user "postgres".

This user must also own the server process.


The database cluster will be initialized with locale "en_US.utf8".

The default database encoding has accordingly been set to "UTF8".

The default text search configuration will be set to "english".


Data page checksums are disabled.


fixing permissions on existing directory /var/lib/postgresql/data ... ok

creating subdirectories ... ok

selecting dynamic shared memory implementation ... posix

selecting default max_connections ... 100

selecting default shared_buffers ... 128MB

selecting default time zone ... Etc/UTC

creating configuration files ... ok

running bootstrap script ... ok

performing post-bootstrap initialization ... ok

syncing data to disk ... ok


Success. You can now start the database server using:


pg_ctl -D /var/lib/postgresql/data -l logfile start


waiting for server to start....2021-04-09 18:12:08.474 UTC [48] LOG: starting PostgreSQL 12.6 (Debian 12.6-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit

2021-04-09 18:12:08.479 UTC [48] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"

2021-04-09 18:12:08.520 UTC [49] LOG: database system was shut down at 2021-04-09 18:12:07 UTC

2021-04-09 18:12:08.533 UTC [48] LOG: database system is ready to accept connections

done

server started


/usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/init-userdb.sh

/usr/local/bin/docker-entrypoint.sh: /docker-entrypoint-initdb.d/init-userdb.sh: /bin/bash: bad interpreter: Permission denied

daml-nginx

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration

/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/

/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh

10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist

/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh

/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh

/docker-entrypoint.sh: Configuration complete; ready for start up

2021/04/09 18:17:05 [emerg] 1#1: cannot load certificate "/data/certs/server/certs/web-chain.acme.com.cert.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/server/certs/web-chain.acme.com.cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

nginx: [emerg] cannot load certificate "/data/certs/server/certs/web-chain.acme.com.cert.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/server/certs/web-chain.acme.com.cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

daml-envoyproxy

[2021-04-09 18:17:07.537][9][warning][runtime] [source/common/runtime/runtime_features.cc:20] Unable to use runtime singleton for feature envoy.reloadable_features.activate_fds_next_event_loop

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:295] initializing epoch 0 (base id=0, hot restart version=11.104)

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:297] statically linked extensions:

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.filters.http: envoy.buffer, envoy.cors, envoy.csrf, envoy.ext_authz, envoy.fault, envoy.filters.http.adaptive_concurrency, envoy.filters.http.admission_control, envoy.filters.http.aws_lambda, envoy.filters.http.aws_request_signing, envoy.filters.http.buffer, envoy.filters.http.cache, envoy.filters.http.compressor, envoy.filters.http.cors, envoy.filters.http.csrf, envoy.filters.http.decompressor, envoy.filters.http.dynamic_forward_proxy, envoy.filters.http.dynamo, envoy.filters.http.ext_authz, envoy.filters.http.fault, envoy.filters.http.grpc_http1_bridge, envoy.filters.http.grpc_http1_reverse_bridge, envoy.filters.http.grpc_json_transcoder, envoy.filters.http.grpc_stats, envoy.filters.http.grpc_web, envoy.filters.http.gzip, envoy.filters.http.header_to_metadata, envoy.filters.http.health_check, envoy.filters.http.ip_tagging, envoy.filters.http.jwt_authn, envoy.filters.http.lua, envoy.filters.http.on_demand, envoy.filters.http.original_src, envoy.filters.http.ratelimit, envoy.filters.http.rbac, envoy.filters.http.router, envoy.filters.http.squash, envoy.filters.http.tap, envoy.grpc_http1_bridge, envoy.grpc_json_transcoder, envoy.grpc_web, envoy.gzip, envoy.health_check, envoy.http_dynamo_filter, envoy.ip_tagging, envoy.lua, envoy.rate_limit, envoy.router, envoy.squash

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.resolvers: envoy.ip

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.dubbo_proxy.filters: envoy.filters.dubbo.router

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.compression.decompressor: envoy.compression.gzip.decompressor

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.filters.listener: envoy.filters.listener.http_inspector, envoy.filters.listener.original_dst, envoy.filters.listener.original_src, envoy.filters.listener.proxy_protocol, envoy.filters.listener.tls_inspector, envoy.listener.http_inspector, envoy.listener.original_dst, envoy.listener.original_src, envoy.listener.proxy_protocol, envoy.listener.tls_inspector

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.dubbo_proxy.serializers: dubbo.hessian2

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.retry_priorities: envoy.retry_priorities.previous_priorities

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.filters.udp_listener: envoy.filters.udp.dns_filter, envoy.filters.udp_listener.udp_proxy

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.access_loggers: envoy.access_loggers.file, envoy.access_loggers.http_grpc, envoy.access_loggers.tcp_grpc, envoy.file_access_log, envoy.http_grpc_access_log, envoy.tcp_grpc_access_log

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] http_cache_factory: envoy.extensions.http.cache.simple

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.health_checkers: envoy.health_checkers.redis

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.udp_listeners: raw_udp_listener

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.thrift_proxy.transports: auto, framed, header, unframed

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.transport_sockets.upstream: envoy.transport_sockets.alts, envoy.transport_sockets.quic, envoy.transport_sockets.raw_buffer, envoy.transport_sockets.tap, envoy.transport_sockets.tls, raw_buffer, tls

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.grpc_credentials: envoy.grpc_credentials.aws_iam, envoy.grpc_credentials.default, envoy.grpc_credentials.file_based_metadata

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.dubbo_proxy.route_matchers: default

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.filters.network: envoy.client_ssl_auth, envoy.echo, envoy.ext_authz, envoy.filters.network.client_ssl_auth, envoy.filters.network.direct_response, envoy.filters.network.dubbo_proxy, envoy.filters.network.echo, envoy.filters.network.ext_authz, envoy.filters.network.http_connection_manager, envoy.filters.network.kafka_broker, envoy.filters.network.local_ratelimit, envoy.filters.network.mongo_proxy, envoy.filters.network.mysql_proxy, envoy.filters.network.postgres_proxy, envoy.filters.network.ratelimit, envoy.filters.network.rbac, envoy.filters.network.redis_proxy, envoy.filters.network.rocketmq_proxy, envoy.filters.network.sni_cluster, envoy.filters.network.sni_dynamic_forward_proxy, envoy.filters.network.tcp_proxy, envoy.filters.network.thrift_proxy, envoy.filters.network.zookeeper_proxy, envoy.http_connection_manager, envoy.mongo_proxy, envoy.ratelimit, envoy.redis_proxy, envoy.tcp_proxy

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.internal_redirect_predicates: envoy.internal_redirect_predicates.allow_listed_routes, envoy.internal_redirect_predicates.previous_routes, envoy.internal_redirect_predicates.safe_cross_scheme

[2021-04-09 18:17:07.537][9][info][main] [source/server/server.cc:299] envoy.transport_sockets.downstream: envoy.transport_sockets.alts, envoy.transport_sockets.quic, envoy.transport_sockets.raw_buffer, envoy.transport_sockets.tap, envoy.transport_sockets.tls, raw_buffer, tls

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.tracers: envoy.dynamic.ot, envoy.lightstep, envoy.tracers.datadog, envoy.tracers.dynamic_ot, envoy.tracers.lightstep, envoy.tracers.opencensus, envoy.tracers.xray, envoy.tracers.zipkin, envoy.zipkin

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.thrift_proxy.protocols: auto, binary, binary/non-strict, compact, twitter

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.upstreams: envoy.filters.connection_pools.http.generic, envoy.filters.connection_pools.http.http, envoy.filters.connection_pools.http.tcp

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.compression.compressor: envoy.compression.gzip.compressor

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.resource_monitors: envoy.resource_monitors.fixed_heap, envoy.resource_monitors.injected_resource

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.clusters: envoy.cluster.eds, envoy.cluster.logical_dns, envoy.cluster.original_dst, envoy.cluster.static, envoy.cluster.strict_dns, envoy.clusters.aggregate, envoy.clusters.dynamic_forward_proxy, envoy.clusters.redis

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.stats_sinks: envoy.dog_statsd, envoy.metrics_service, envoy.stat_sinks.dog_statsd, envoy.stat_sinks.hystrix, envoy.stat_sinks.metrics_service, envoy.stat_sinks.statsd, envoy.statsd

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.thrift_proxy.filters: envoy.filters.thrift.rate_limit, envoy.filters.thrift.router

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.dubbo_proxy.protocols: dubbo

[2021-04-09 18:17:07.538][9][info][main] [source/server/server.cc:299] envoy.retry_host_predicates: envoy.retry_host_predicates.omit_canary_hosts, envoy.retry_host_predicates.omit_host_metadata, envoy.retry_host_predicates.previous_hosts

[2021-04-09 18:17:07.554][9][warning][misc] [source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.api.v2.listener.FilterChain Using deprecated option 'envoy.api.v2.listener.FilterChain.tls_context' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.

[2021-04-09 18:17:07.554][9][warning][misc] [source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.api.v2.listener.Filter Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.

[2021-04-09 18:17:07.555][9][info][main] [source/server/server.cc:315] HTTP header map info:

[2021-04-09 18:17:07.557][9][info][main] [source/server/server.cc:318] request header map: 496 bytes: :authority,:method,:path,:protocol,:scheme,accept,accept-encoding,access-control-request-method,authorization,cache-control,connection,content-encoding,content-length,content-type,expect,grpc-accept-encoding,grpc-timeout,keep-alive,origin,proxy-connection,referer,te,transfer-encoding,upgrade,user-agent,via,x-client-trace-id,x-envoy-attempt-count,x-envoy-decorator-operation,x-envoy-downstream-service-cluster,x-envoy-downstream-service-node,x-envoy-expected-rq-timeout-ms,x-envoy-external-address,x-envoy-force-trace,x-envoy-hedge-on-per-try-timeout,x-envoy-internal,x-envoy-ip-tags,x-envoy-max-retries,x-envoy-original-path,x-envoy-original-url,x-envoy-retriable-header-names,x-envoy-retriable-status-codes,x-envoy-retry-grpc-on,x-envoy-retry-on,x-envoy-upstream-alt-stat-name,x-envoy-upstream-rq-per-try-timeout-ms,x-envoy-upstream-rq-timeout-alt-response,x-envoy-upstream-rq-timeout-ms,x-forwarded-client-cert,x-forwarded-for,x-forwarded-proto,x-ot-span-context,x-request-id

[2021-04-09 18:17:07.557][9][info][main] [source/server/server.cc:318] request trailer map: 72 bytes:

[2021-04-09 18:17:07.557][9][info][main] [source/server/server.cc:318] response header map: 352 bytes: :status,access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-expose-headers,access-control-max-age,cache-control,connection,content-encoding,content-length,content-type,date,etag,grpc-message,grpc-status,keep-alive,location,proxy-connection,referer,server,transfer-encoding,upgrade,vary,via,x-envoy-attempt-count,x-envoy-decorator-operation,x-envoy-degraded,x-envoy-immediate-health-check-fail,x-envoy-ratelimited,x-envoy-upstream-canary,x-envoy-upstream-healthchecked-cluster,x-envoy-upstream-service-time,x-request-id

[2021-04-09 18:17:07.557][9][info][main] [source/server/server.cc:318] response trailer map: 96 bytes: grpc-message,grpc-status

[2021-04-09 18:17:07.560][9][info][main] [source/server/server.cc:389] admin address: 0.0.0.0:9901

[2021-04-09 18:17:07.562][9][debug][main] [source/server/overload_manager_impl.cc:184] No overload action is configured for envoy.overload_actions.shrink_heap.

[2021-04-09 18:17:07.562][9][debug][main] [source/server/overload_manager_impl.cc:184] No overload action is configured for envoy.overload_actions.stop_accepting_connections.

[2021-04-09 18:17:07.563][9][debug][main] [source/server/overload_manager_impl.cc:184] No overload action is configured for envoy.overload_actions.stop_accepting_connections.

[2021-04-09 18:17:07.563][9][debug][main] [source/server/overload_manager_impl.cc:184] No overload action is configured for envoy.overload_actions.stop_accepting_connections.

[2021-04-09 18:17:07.563][9][debug][main] [source/server/overload_manager_impl.cc:184] No overload action is configured for envoy.overload_actions.stop_accepting_connections.

[2021-04-09 18:17:07.564][9][info][main] [source/server/server.cc:555] runtime: layers:

- name: base

static_layer:

{}

- name: admin

admin_layer:

{}

[2021-04-09 18:17:07.565][9][info][config] [source/server/configuration_impl.cc:103] loading tracing configuration

[2021-04-09 18:17:07.565][9][info][config] [source/server/configuration_impl.cc:69] loading 0 static secret(s)

[2021-04-09 18:17:07.565][9][info][config] [source/server/configuration_impl.cc:75] loading 1 cluster(s)

[2021-04-09 18:17:07.566][13][debug][grpc] [source/common/grpc/google_async_client_impl.cc:49] completionThread running

[2021-04-09 18:17:07.567][9][debug][misc] [source/common/filesystem/posix/filesystem_impl.cc:138] Unable to determine canonical path for /data/certs/intermediate/certs/ca-chain.cert.pem: No such file or directory

[2021-04-09 18:17:07.568][9][debug][init] [source/common/init/watcher_impl.cc:27] ClusterImplBase destroyed

[2021-04-09 18:17:07.568][9][debug][init] [source/common/init/watcher_impl.cc:27] init manager Cluster ledger.acme.com_6865 destroyed

[2021-04-09 18:17:07.569][9][critical][main] [source/server/server.cc:101] error initializing configuration '/etc/edge.yaml': Invalid path: /data/certs/intermediate/certs/ca-chain.cert.pem

[2021-04-09 18:17:07.569][9][debug][grpc] [source/common/grpc/google_async_client_impl.cc:39] Joining completionThread

[2021-04-09 18:17:07.569][13][debug][grpc] [source/common/grpc/google_async_client_impl.cc:72] completionThread exiting

[2021-04-09 18:17:07.569][9][debug][grpc] [source/common/grpc/google_async_client_impl.cc:41] Joined completionThread

[2021-04-09 18:17:07.570][9][info][main] [source/server/server.cc:704] exiting

[2021-04-09 18:17:07.570][9][debug][main] [source/common/access_log/access_log_manager_impl.cc:16] destroying access logger /tmp/admin_access.log

[2021-04-09 18:17:07.570][9][debug][main] [source/common/access_log/access_log_manager_impl.cc:19] destroyed access loggers

[2021-04-09 18:17:07.571][9][debug][init] [source/common/init/watcher_impl.cc:27] init manager RTDS destroyed

[2021-04-09 18:17:07.571][9][debug][init] [source/common/init/watcher_impl.cc:27] RDTS destroyed

[2021-04-09 18:17:07.571][9][debug][init] [source/common/init/watcher_impl.cc:27] init manager Server destroyed

Invalid path: /data/certs/intermediate/certs/ca-chain.cert.pem

PostgresQL

Make sure that pg-init/init-userdb.sh has execute bit set.

chmod u+x pg-initdb/init-userdb.sh

I thought I had committed that to the repo but the issue is that the user setup script is failing (thus “bad interpreter” error) and so “ledger” user does not exist.

NGINX

The issue here is that the certificates are not being loaded int the container correctly. This sometimes happens if the make-certs.sh failed to run correctly. You might see this as a directory instead of a file in the <PROJECT-DIR>/certs/server/certs/ directory. Docker get slightly upset if a file doesn’t exist when attempting to mount into a container.

Envoy

Looks like same issues. Certs not created correctly.

Generally I run

In env.sh

CLIENT_CERT_AUTH=TRUE
LOCAL_JWT_SIGNING=TRUE      < assume you don't want Auth0 and UI
DOCKER_COMPOSE=FALSE
OCSP_CHECKING=""

Then

./clean.sh
./build.sh
./run-docker.sh     <= Starts NGINX, PostgresQL and Envoy

In new Window

./run-sandbox.sh    <= and yes this name is outdated as we are using Postgres driver

In new window

./init-ledger.sh     <= sets up initial ledger parties and contracts
./run-json-api.sh

In new window

./run-auth-service.sh     <= Local dummy oAuth service for Python bot

In new window

./run-trigger.sh

in new window

./run-python-bot.sh

In new window

./run-navigator.sh      <= run Navigator and allow interaction with model

in New window to run tests

./test-tls.sh
./test-grpc.sh
./test-json.sh
./test-script.sh

Excellent, thanks @nycnewman in this way it works perfectly.