Running GNU Taler in a container

Hello everybody,

A colleague, Guillaume Fe, tried to implement GNU Taler from scratch in a docker with Debian packages. He was unsuccessful. The same with Podman. The error came from SystemD, which doesn’t run in containers. To get around this problem, GF has implemented sandcastle NG: GitHub - guillaumefe/sandcastle-ng-by-Taler-forked-: https://git.taler.net/sandcastle-ng.git/tree/

The solution runs but no interface goes up. And, in the sandcastle container logs, the SystemD error also occurs. Here are our tests :
curl localhost:2019 # IPV4 - 404 not found
curl localhost:5432 # IPV4 - PostgreSQL, empty reply from webserver
curl localhost:8505 # IPV6 - Bank single page application
curl localhost:8301 # IPV6 - None
curl localhost:8021 # IPV6 - None
curl localhost:8080 # IPV6 - None

Questions :
1- Can sysVinit run GNU Taler applications? Or do you need SystemD?
2- Can GNU Taler run in Docker containers, which would themselves incorporate SystemD? Or is Podman necessarily required?
3- To date, are the sandcastle interfaces accessible when the project is correctly compiled? Is the fact that sandcastle’s Podman containers display SystemD errors blocking me? Does this explain why the interfaces don’t go up?
4- Is Guillaume Fe’s procedure, modelled on the GNU Taler auto (sandcastle-ng.git - Scripts for the deployment of Sandcastle (GNU Taler)), still functional?

The answer to our questions will help us steer our efforts in the right direction.
Thanks in advance.

PS: For you information: These curl tests have been conducted from inside the container which has been accessed with ./sandcastle-enter

@dvn do you know what is happening?

Hi there,

Well there are quite a few things to address in your post, but for one, the sandcastle-ng does work, but it requires you use podman because docker has issues with running systemd inside. As a side note, that is a strange way to fork a project, wherein there is no commit history from the original repo. It makes it challenging to identify any divergences.

As far as I know GNU Taler has no hard requirements on systemd, but the Debian packages do expect systemd to be available.

I’m not sure what you mean by “sandcastle interfaces”, can you explain?

Barring any major differences in Guillaume Fe’s fork, then running ./sandcastle-build followed by ./sandcastle-run should result in a container with the full Taler stack running.

Hi everybody,

Thank you for your feedback. I apologize for the delayed response.

About the forking process, we acknowledge the best practice of pushing the complete original repository, including its history, to GitHub. Plans are underway to restructure our repository to preserve its connection to the original project.

Docker Usage: Apologies for the previous unclear message. We did not attempt Docker for the sandcastle-ng but rather while following the developer documentation at Taler Developer Manual (10. Developer’s Manual — GNU Taler). We encountered issues but will resume this effort.

About systemd, it’s clear now that the Debian package requires systemd but not GNU Taler itself, thanks for pointing that out.

And for clarification when we refer to “interface,” we mean the web pages or user interfaces. Currently, for the sandcastle-ng project, we have containers up and running; however, the only active interface is served by the “Bank” container and is IPV6 accessible.

That leads to a key question for us : what should we be able to see or access, particularly in terms of user interfaces, to confidently consider our implementation a success?

Thank you for your guidance and patience.

1 Like

For example:

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ ./print-component-versions
buildconfig/exchange.tag is: v0.10.2
buildconfig/gnunet.tag is: v0.21.1
buildconfig/libeufin.tag is: v0.10.1
buildconfig/libmhd.tag is: v1.0.1
buildconfig/merchant-demos.tag is: v0.10.0
buildconfig/merchant.tag is: v0.10.2
buildconfig/sync.tag is: v0.10.1
buildconfig/wallet.tag is: v0.10.6

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ ./print-latest-versions
[!] exchange curr: v0.10.2 latest: v0.10.3-dev.1

merchant curr: v0.10.2 latest: v0.10.2
[!] merchant-demos curr: v0.10.0 latest: v0.10.1
[!] libeufin curr: v0.10.1 latest: v0.10.3-dev.1
[!] wallet curr: v0.10.6 latest: v0.10.8-dev.1
gnunet curr: v0.21.1 latest: v0.21.1
sync curr: v0.10.1 latest: v0.10.1
libmhd curr: v1.0.1 latest: v1.0.1

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/buildconfig$ find . -type f -name “*.tag” -exec sh -c ‘echo “==== {} ====”; cat {}’ ;
==== ./merchant.tag ====
v0.10.2
==== ./sync.tag ====
v0.10.1
==== ./libmhd.tag ====
v1.0.1
==== ./merchant-demos.tag ====
v0.10.0
==== ./wallet.tag ====
v0.10.6
==== ./exchange.tag ====
v0.10.2
==== ./gnunet.tag ====
v0.21.1
==== ./libeufin.tag ====
v0.10.1

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ ./sandcastle-build
…no errors…

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ ./sandcastle-run -d
allexport off
braceexpand on
emacs off
errexit on
errtrace off
functrace off
hashall on
histexpand off
history off
ignoreeof off
interactive-comments on
keyword off
monitor off
noclobber off
noexec off
noglob off
nolog off
notify off
nounset off
onecmd off
physical off
pipefail off
posix off
privileged off
verbose off
vi off
xtrace on

  • SANDCASTLE_PORT_MERCHANT=127.0.0.1:16000
  • SANDCASTLE_PORT_EXCHANGE=127.0.0.1:16001
  • SANDCASTLE_PORT_BLOG=127.0.0.1:16002
  • SANDCASTLE_PORT_DONATIONS=127.0.0.1:16003
  • SANDCASTLE_PORT_LANDING=127.0.0.1:16005
  • SANDCASTLE_PORT_LIBEUFIN_BANK=127.0.0.1:16007
  • SANDCASTLE_PORT_BANK_SPA=127.0.0.1:16009
  • PORT_INTERNAL_EXCHANGE=8201
  • PORT_INTERNAL_MERCHANT=8301
  • PORT_INTERNAL_LIBEUFIN_BANK=8080
  • PORT_INTERNAL_LANDING=8501
  • PORT_INTERNAL_BLOG=8502
  • PORT_INTERNAL_DONATIONS=8503
  • PORT_INTERNAL_BANK_SPA=8505
    +++ dirname – ./sandcastle-run
    ++ cd – .
    ++ pwd
  • SCRIPT_DIR=/home/guillaumefe/Taler/sandcastle/sandcastle-ng-by-Taler-forked-
  • cd /home/guillaumefe/Taler/sandcastle/sandcastle-ng-by-Taler-forked-
    ++ podman ps -q -a -f=name=taler-sandcastle
  • existing_id=
  • [[ ! -z ‘’ ]]
  • SETUP_NAME=demo
  • [[ ! -z ‘’ ]]
  • OVERRIDES=
  • exec podman run -d -p=127.0.0.1:16000:8301 -p=127.0.0.1:16001:8201 -p=127.0.0.1:16007:8080 -p=127.0.0.1:16005:8501 -p=127.0.0.1:16002:8502 -p=127.0.0.1:16003:8503 -p=127.0.0.1:16009:8505 --name taler-sandcastle --systemd=always -v talerdata:/talerdata:Z -v /home/guillaumefe/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/scripts:/scripts:Z -v /home/guillaumefe/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/scripts/demo:/provision:Z --entrypoint /sbin/init -d taler-base-all
    053f61861a84e02f8926e2bf91cc6e919759c7f7b23dab0b07a4250fbabc6fc1

Result in :

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/buildconfig$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
053f61861a84 localhost/taler-base-all:latest 23 minutes ago Up 23 minutes 127.0.0.1:16000->8301/tcp, 127.0.0.1:16001->8201/tcp, 127.0.0.1:16002-16003->8502-8503/tcp, 127.0.0.1:16005->8501/tcp, 127.0.0.1:16007->8080/tcp, 127.0.0.1:16009->8505/tcp taler-sandcastle

MERCHANT=127.0.0.1:16000
image1.png

EXCHANGE=127.0.0.1:16001
image2.png

BLOG=127.0.0.1:16002
image3.png

DONATIONS=127.0.0.1:16003
image4.png

LANDING=127.0.0.1:16005
image5.png

LIBEUFIN_BANK=127.0.0.1:16007
image6.png

BANK_SPA=127.0.0.1:16009
image7.png

allexport off
braceexpand on
emacs off
errexit on
errtrace off
functrace off
hashall on
histexpand off
history off
ignoreeof off
interactive-comments on
keyword off
monitor off
noclobber off
noexec off
noglob off
nolog off
notify off
nounset off
onecmd off
physical off
pipefail off
posix off
privileged off
verbose off
vi off
xtrace on

  • exec podman exec -it taler-sandcastle journalctl -f
    May 01 13:52:04 053f61861a84 caddy[189]: {“level”:“error”,“ts”:1714571524.9801953,“logger”:“http.log.error”,“msg”:“dial unix /run/taler/merchant-httpd/merchant-http.sock: connect: no such file or directory”,“request”:{“remote_ip”:“10.0.2.100”,“remote_port”:“47474”,“client_ip”:“10.0.2.100”,“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“127.0.0.1:16000”,“uri”:“/”,“headers”:{“User-Agent”:[“Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8”],“Accept-Language”:[“en-US,en;q=0.5”],“Accept-Encoding”:[“gzip, deflate, br”],“Upgrade-Insecure-Requests”:[“1”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Dest”:[“document”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:[“?1”],“Connection”:[“keep-alive”]}},“duration”:0.000198395,“status”:502,“err_id”:“x4pyz8j9s”,“err_trace”:“reverseproxy.statusError (reverseproxy.go:1267)”}
    May 01 13:52:05 053f61861a84 caddy[189]: {“level”:“error”,“ts”:1714571525.7985656,“logger”:“http.log.error”,“msg”:“dial unix /run/taler/exchange-httpd/exchange-http.sock: connect: no such file or directory”,“request”:{“remote_ip”:“10.0.2.100”,“remote_port”:“36864”,“client_ip”:“10.0.2.100”,“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“127.0.0.1:16001”,“uri”:“/”,“headers”:{“Upgrade-Insecure-Requests”:[“1”],“Sec-Fetch-Dest”:[“document”],“Sec-Fetch-User”:[“?1”],“User-Agent”:[“Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0”],“Accept-Language”:[“en-US,en;q=0.5”],“Connection”:[“keep-alive”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-Site”:[“none”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8”],“Accept-Encoding”:[“gzip, deflate, br”]}},“duration”:0.000136084,“status”:502,“err_id”:“sitssdwet”,“err_trace”:“reverseproxy.statusError (reverseproxy.go:1267)”}
    May 01 13:52:08 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:08.932 INFO libeufin-bank - 200 OK, GET /webui/
    May 01 13:52:08 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:08.981 INFO libeufin-bank - 200 OK, GET /webui/index.css
    May 01 13:52:09 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:09.039 INFO libeufin-bank - 200 OK, GET /webui/index.js
    May 01 13:52:09 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:09.284 INFO libeufin-bank - 404 Not Found, GET /webui/settings.json, GENERIC_ENDPOINT_UNKNOWN There is no endpoint defined for the URL provided by the client. Check if you used the correct URL and/or file a report with the developers of the client software.
    May 01 13:52:09 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:09.285 INFO libeufin-bank - 404 Not Found, GET /webui/settings.json, GENERIC_ENDPOINT_UNKNOWN There is no endpoint defined for the URL provided by the client. Check if you used the correct URL and/or file a report with the developers of the client software.
    May 01 13:52:09 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:09.448 INFO libeufin-bank - 200 OK, GET /webui/index.js.map
    May 01 13:52:09 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:09.581 INFO libeufin-bank - 200 OK, GET /config
    May 01 13:52:10 053f61861a84 libeufin-bank[2102]: 01-May-2024T13:52:10.471 INFO libeufin-bank - 200 OK, GET /webui/index.css.map

Environment:

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/buildconfig$ uname -a
Linux TCA 6.6.15-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.6.15-2kali1 (2024-04-09) x86_64 GNU/Linux

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/buildconfig$ dpkg -l | grep bash

ii bash 5.2.21-2 amd64 GNU Bourne Again SHell

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-/buildconfig$ dpkg -l | grep podman
ii podman 4.9.3+ds1-1 amd64 tool to manage containers and pods

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ git status
On branch master
Your branch is up to date with ‘origin/master’.

nothing to commit, working tree clean

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ git remote -v
origin git@github.com:guillaumefe/sandcastle-ng-by-Taler-forked-.git (fetch)
origin git@github.com:guillaumefe/sandcastle-ng-by-Taler-forked-.git (push)
upstream sandcastle-ng.git - Scripts for the deployment of Sandcastle (GNU Taler) (fetch)
upstream sandcastle-ng.git - Scripts for the deployment of Sandcastle (GNU Taler) (push)

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ git fetch --all
Fetching origin
Fetching upstream

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ git checkout master
Already on ‘master’
Your branch is up to date with ‘origin/master’.

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ git branch --show-current
master

guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$ git log --oneline master…upstream/master
guillaumefe@TCA:~/Taler/sandcastle/sandcastle-ng-by-Taler-forked-$

Are we on the good track? Thank you in advance for yoiur kind answer