Using daml script with tls enabled ledger

Questions
,
1

Trying to initialise my ledger using the following command,

daml script --dar $DAR_FILE --script-name Setup:setup --ledger-host "$LEDGER_HOST" --ledger-port 6865 --wall-clock-time --pem /home/daml/keys/tls8.pem --crt /home/daml/keys/tls.crt --cacrt /home/daml/keys/tls.crt --access-token-file /home/daml/accesstoken

The ledger is TLS enabled. DAML SDK 1.2.0

The script doesn’t return and stuck with the below message,

ug 20, 2020 10:56:14 AM io.grpc.netty.GrpcSslContexts defaultSslProvider
INFO: Jetty ALPN unavailable (this may be normal)
java.lang.ClassNotFoundException: org/eclipse/jetty/alpn/ALPN
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:348)
	at io.grpc.netty.JettyTlsUtil.isJettyAlpnConfigured(JettyTlsUtil.java:64)
	at io.grpc.netty.GrpcSslContexts.findJdkProvider(GrpcSslContexts.java:241)
	at io.grpc.netty.GrpcSslContexts.defaultSslProvider(GrpcSslContexts.java:221)
	at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:144)
	at io.grpc.netty.GrpcSslContexts.forClient(GrpcSslContexts.java:93)
	at com.daml.ledger.api.tls.TlsConfiguration.client(TlsConfiguration.scala:32)
	at com.daml.lf.engine.script.RunnerMain$.$anonfun$main$7(RunnerMain.scala:115)
	at scala.Option.flatMap(Option.scala:271)
	at com.daml.lf.engine.script.RunnerMain$.main(RunnerMain.scala:115)
	at com.daml.sdk.SdkMain$.main(SdkMain.scala:21)
	at com.daml.sdk.SdkMain.main(SdkMain.scala)

Exception in thread "main" java.lang.IllegalStateException: Could not find TLS ALPN provider; no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available
	at io.grpc.netty.GrpcSslContexts.defaultSslProvider(GrpcSslContexts.java:233)
	at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:144)
	at io.grpc.netty.GrpcSslContexts.forClient(GrpcSslContexts.java:93)
	at com.daml.ledger.api.tls.TlsConfiguration.client(TlsConfiguration.scala:32)
	at com.daml.lf.engine.script.RunnerMain$.$anonfun$main$7(RunnerMain.scala:115)
	at scala.Option.flatMap(Option.scala:271)
	at com.daml.lf.engine.script.RunnerMain$.main(RunnerMain.scala:115)
	at com.daml.sdk.SdkMain$.main(SdkMain.scala:21)
	at com.daml.sdk.SdkMain.main(SdkMain.scala)

Let me know, what’s missing here? This is working without TLS.

1 Like
2

Hi @senrav,

Which operating system and architecture are you running on? Our JVM components (Sandbox, the JSON API, daml triggers and daml script) rely on the netty-tcnative library for TLS support. That library relies on native code bundled in the JAR so it’s not quite as portable as you might expect for a JVM component.

Judging from the fact that you are using the daml script command which relies on native code before it calls the JAR, you seem to be on x86_64 so that shouldn’t be the issue. If you are on Alpine Linux, try installing libc6-compat.

It would also be great if you could show us the whole output that you get from the daml script command. It might have more clues as to what exactly is failing.

1 Like
3

There was also a bug with how the CLI parameters for daml script and daml trigger are parsed if you try to use client certificates. That isn’t the issue you are seeing here but you will probably run into this once you have addressed the issue with netty-tcnative.

The bug is fixed in the latest snapshot.

1 Like
4

We were on 1.2.0 SDK which was based on Alpine. Using the snapshot image solved this. Thanks @cocreature!!

1 Like