71099
|
1 |
(*:maxLineLen=78:*)
|
|
2 |
|
|
3 |
theory Phabricator
|
|
4 |
imports Base
|
|
5 |
begin
|
|
6 |
|
|
7 |
chapter \<open>Phabricator server administration\<close>
|
|
8 |
|
|
9 |
text \<open>
|
|
10 |
Phabricator\<^footnote>\<open>\<^url>\<open>https://www.phacility.com/phabricator\<close>\<close> is an open-source
|
|
11 |
product to support the development process of complex software projects
|
|
12 |
(open or closed ones). The official slogan is:
|
|
13 |
|
|
14 |
\begin{quote}
|
|
15 |
Discuss. Plan. Code. Review. Test. \\
|
|
16 |
Every application your project needs, all in one tool.
|
|
17 |
\end{quote}
|
|
18 |
|
|
19 |
Ongoing changes and discussions about changes are maintained uniformly
|
|
20 |
within a MySQL database. There are standard connections to major version
|
|
21 |
control systems: \<^bold>\<open>Subversion\<close>, \<^bold>\<open>Mercurial\<close>, \<^bold>\<open>Git\<close>. So Phabricator offers
|
|
22 |
a counter-model to trends of monoculture and centralized version control,
|
|
23 |
especially due to Microsoft's Github and Atlassian's Bitbucket.
|
|
24 |
|
|
25 |
The small company behind Phabricator provides paid plans for support and
|
|
26 |
hosting of servers, but it is relatively easy to do \<^emph>\<open>independent
|
|
27 |
self-hosting\<close> on a standard LAMP server (Linux, Apache, MySQL, PHP). This
|
|
28 |
merely requires a virtual Ubuntu server on the net, which can be rented
|
|
29 |
rather cheaply from local hosting providers (there is no need to follow big
|
|
30 |
cloud corporations). So it is feasible to remain the master of your virtual
|
|
31 |
home, following the slogan ``own all your data''. In many respects,
|
|
32 |
Phabricator is similar to the well-known
|
|
33 |
Nextcloud\<^footnote>\<open>\<^url>\<open>https://nextcloud.com\<close>\<close> product, concerning both the
|
|
34 |
technology and sociology.
|
|
35 |
|
|
36 |
\<^medskip>
|
|
37 |
The following Phabricator instances may serve as examples:
|
|
38 |
|
|
39 |
\<^item> Phabricator development \<^url>\<open>https://secure.phabricator.com\<close>
|
|
40 |
\<^item> Wikimedia development \<^url>\<open>https://phabricator.wikimedia.org\<close>
|
|
41 |
\<^item> Mercurial development \<^url>\<open>https://phab.mercurial-scm.org\<close>
|
|
42 |
\<^item> Isabelle development \<^url>\<open>https://isabelle-dev.sketis.net\<close>
|
|
43 |
|
|
44 |
\<^medskip> Initial Phabricator server configuration requires many details to be done
|
71105
|
45 |
right.\<^footnote>\<open>See also
|
|
46 |
\<^url>\<open>https://secure.phabricator.com/book/phabricator/article/installation_guide\<close>
|
|
47 |
in the context of \<^url>\<open>https://help.ubuntu.com/lts/serverguide\<close>.\<close> Isabelle
|
|
48 |
provides some command-line tools to help with the setup, and afterwards
|
|
49 |
Isabelle support is optional: it is possible to run and maintain the server,
|
|
50 |
without requiring a full Isabelle distribution again.
|
71099
|
51 |
\<close>
|
|
52 |
|
|
53 |
|
|
54 |
section \<open>Quick start\<close>
|
|
55 |
|
|
56 |
text \<open>
|
|
57 |
The starting point is a fresh installation of \<^bold>\<open>Ubuntu 18.04 LTS\<close>: that
|
|
58 |
particular version is required due to subtle dependencies on system
|
|
59 |
configuration and add-on packages.
|
|
60 |
|
|
61 |
For production use, a proper \<^emph>\<open>Virtual Server\<close> or \<^emph>\<open>Root Server\<close> product
|
|
62 |
from a hosting provider will be required, including an Internet Domain Name
|
|
63 |
(a pseudo sub-domain in the style of Apache is sufficient).
|
|
64 |
|
|
65 |
Initial experimentation also works on a local host, e.g.\ via
|
|
66 |
VirtualBox\<^footnote>\<open>\<^url>\<open>https://www.virtualbox.org\<close>\<close>. The public server behind
|
|
67 |
\<^verbatim>\<open>lvh.me\<close> provides arbitrary subdomains as an alias to \<^verbatim>\<open>localhost\<close>, which
|
|
68 |
will be used for the default installation below.
|
|
69 |
|
|
70 |
All administrative commands need to be run as \<^verbatim>\<open>root\<close> user (e.g.\ via
|
|
71 |
\<^verbatim>\<open>sudo\<close>).
|
|
72 |
\<close>
|
|
73 |
|
|
74 |
|
|
75 |
subsection \<open>Initial setup\<close>
|
|
76 |
|
|
77 |
text \<open>
|
|
78 |
Isabelle can managed multiple named installations Phabricator installations:
|
|
79 |
this allows to separate administrative responsibilities, e.g.\ different
|
|
80 |
approaches to user management for different projects. Subsequently we always
|
|
81 |
use the implicit default name ``\<^verbatim>\<open>vcs\<close>'': it will appear in file and
|
|
82 |
directory locations, internal database names and URLs.
|
|
83 |
|
|
84 |
The initial setup (with full Linux package upgrade) works as follows:
|
|
85 |
|
|
86 |
@{verbatim [display] \<open> isabelle phabricator_setup -U\<close>}
|
|
87 |
|
|
88 |
After installing many packages and cloning the Phabricator distribution, the
|
|
89 |
final output of the tool should be the URL for further manual configuration
|
|
90 |
(using a local web browser). Here the key points are:
|
|
91 |
|
|
92 |
\<^item> An initial user account that will get administrator rights. There is no
|
|
93 |
need to create a separate \<^verbatim>\<open>admin\<close> account. Instead, a regular user that
|
|
94 |
will take over this responsibility can be used here. Subsequently we
|
|
95 |
assume that user \<^verbatim>\<open>makarius\<close> becomes the initial administrator.
|
|
96 |
|
|
97 |
\<^item> An \<^emph>\<open>Auth Provider\<close> to manage user names and passwords. None is provided
|
|
98 |
by default, and Phabricator points out this omission prominently in its
|
|
99 |
overview of \<^emph>\<open>Setup Issues\<close>: following these hints quickly leads to the
|
|
100 |
place where a regular \<^emph>\<open>Username/Password\<close> provider can be added.
|
|
101 |
|
|
102 |
Note that Phabricator allows to delegate the responsibility of
|
|
103 |
authentication to big corporations like Google and Facebook, but these can
|
|
104 |
be easily avoided. Genuine self-hosting means to manage users directly,
|
|
105 |
without outsourcing of authentication.
|
|
106 |
|
|
107 |
\<^medskip>
|
|
108 |
With the Auth Provider available, the administrator can now set a proper
|
|
109 |
password. This works e.g.\ by initiating a local password reset procedure:
|
|
110 |
|
71103
|
111 |
@{verbatim [display] \<open> isabelle phabricator bin/auth recover makarius\<close>}
|
71099
|
112 |
|
|
113 |
The printed URL gives access to a password dialog in the web browser.
|
|
114 |
|
|
115 |
Further users will be able to provide a password more directly, because the
|
|
116 |
Auth Provider is now active.
|
|
117 |
|
|
118 |
\<^medskip>
|
71105
|
119 |
The pending request in Phabricator \<^bold>\<open>Setup Issues\<close> to lock the configuration
|
71099
|
120 |
can be fulfilled as follows:
|
|
121 |
|
71103
|
122 |
@{verbatim [display] \<open> isabelle phabricator bin/auth lock\<close>}
|
71105
|
123 |
|
|
124 |
\<^medskip>
|
|
125 |
Most other Setup Issues can be ignored, after reading through them briefly
|
|
126 |
to make sure that there are no genuine problems remaining.
|
71099
|
127 |
\<close>
|
|
128 |
|
|
129 |
|
|
130 |
subsection \<open>Mailer configuration\<close>
|
|
131 |
|
|
132 |
text \<open>
|
|
133 |
The next important thing is messaging: Phabricator needs to be able to
|
|
134 |
communicate with users. There are many variations on \<^emph>\<open>Mailer
|
|
135 |
Configuration\<close>, but a conventional SMTP server connection with a dedicated
|
|
136 |
\<^verbatim>\<open>phabricator\<close> user is sufficient. Note that there is no need to run a mail
|
|
137 |
server on the self-hosted Linux machine: regular web-hosting packages
|
|
138 |
usually allow to create new mail accounts easily. (As a last resort it is
|
|
139 |
possible to use a service like Gmail, but that would again introduce
|
|
140 |
unnecessary dependency on Google.)
|
|
141 |
|
|
142 |
\<^medskip>
|
|
143 |
Mailer configuration requires a few command-line invocations as follows:
|
|
144 |
|
|
145 |
@{verbatim [display] \<open> isabelle phabricator_setup_mail\<close>}
|
|
146 |
|
|
147 |
\<^noindent> Now edit the generated JSON file to provide the mail account details. Then
|
|
148 |
add and test it with Phabricator like this (to let Phabricator send a
|
|
149 |
message to the administrator from above):
|
|
150 |
|
|
151 |
@{verbatim [display] \<open> isabelle phabricator_setup_mail -T makarius\<close>}
|
|
152 |
|
|
153 |
The mail configuration process can be refined and repeated until it really
|
|
154 |
works: host name, port number, protocol etc.\ all need to be correct. The
|
|
155 |
\<^verbatim>\<open>key\<close> field in the JSON file identifies the name of the configuration; it
|
|
156 |
will be overwritten each time, when taking over the parameters via
|
|
157 |
\<^verbatim>\<open>isabelle phabricator_setup_mail\<close>.
|
|
158 |
|
|
159 |
\<^medskip>
|
|
160 |
For information, the resulting mailer configuration can be queried like
|
|
161 |
this:
|
|
162 |
|
71103
|
163 |
@{verbatim [display] \<open> isabelle phabricator bin/config get cluster.mailers\<close>}
|
|
164 |
\<close>
|
|
165 |
|
|
166 |
|
|
167 |
section \<open>Reference of command-line tools\<close>
|
|
168 |
|
|
169 |
text \<open>
|
|
170 |
The subsequent command-line tools usually require root user privileges on
|
|
171 |
the underlying Linux system (e.g.\ via \<^verbatim>\<open>sudo bash\<close> to open a subshell, or
|
|
172 |
directly via \<^verbatim>\<open>sudo isabelle ...\<close>). Note that Isabelle refers to
|
|
173 |
user-specific configuration in the user home directory via @{setting
|
|
174 |
ISABELLE_HOME_USER} (\secref{sec:settings}); that may be different or absent
|
|
175 |
for the root user and thus cause confusion.
|
|
176 |
\<close>
|
|
177 |
|
|
178 |
|
|
179 |
subsection \<open>\<^verbatim>\<open>isabelle phabricator\<close>\<close>
|
|
180 |
|
|
181 |
text \<open>
|
|
182 |
The @{tool_def phabricator} tool invokes a GNU bash command-line within the
|
|
183 |
Phabricator home directory:
|
|
184 |
@{verbatim [display]
|
|
185 |
\<open>Usage: isabelle phabricator [OPTIONS] COMMAND [ARGS...]
|
|
186 |
|
|
187 |
Options are:
|
|
188 |
-l list available Phabricator installations
|
|
189 |
-n NAME Phabricator installation name (default: "vcs")
|
|
190 |
|
|
191 |
Invoke a command-line tool within the home directory of the named
|
|
192 |
Phabricator installation.\<close>}
|
|
193 |
|
|
194 |
Isabelle/Phabricator installations are registered in the global
|
|
195 |
configuration file \<^path>\<open>/etc/isabelle-phabricator.conf\<close>, with name and
|
|
196 |
root directory separated by colon (no extra whitespace). The home directory
|
|
197 |
is the subdirectory \<^verbatim>\<open>phabricator\<close> within the root.
|
|
198 |
|
|
199 |
\<^medskip> Option \<^verbatim>\<open>-l\<close> lists the available Phabricator installations with name and
|
|
200 |
root directory.
|
|
201 |
|
|
202 |
Option \<^verbatim>\<open>-n\<close> selects the explicitly named Phabricator installation.
|
|
203 |
\<close>
|
|
204 |
|
|
205 |
|
|
206 |
subsubsection \<open>Examples\<close>
|
|
207 |
|
|
208 |
text \<open>
|
|
209 |
Print the home directory of the Phabricator installation:
|
|
210 |
@{verbatim [display] \<open>isabelle phabricator pwd\<close>}
|
|
211 |
|
|
212 |
Print some Phabricator configuration information:
|
|
213 |
@{verbatim [display] \<open>isabelle phabricator bin/config get phabricator.base-uri\<close>}
|
|
214 |
|
|
215 |
The latter conforms to typical command templates seen in the original
|
|
216 |
Phabricator documentation:
|
|
217 |
@{verbatim [display] \<open>phabricator/ $ ./bin/config get phabricator.base-uri\<close>}
|
|
218 |
|
|
219 |
Here the user is meant to navigate to the Phabricator home manually, in
|
|
220 |
contrast to \<^verbatim>\<open>isabelle phabricator\<close> doing it automatically based on
|
|
221 |
\<^path>\<open>/etc/isabelle-phabricator.conf\<close>.
|
|
222 |
\<close>
|
|
223 |
|
|
224 |
|
|
225 |
subsection \<open>\<^verbatim>\<open>isabelle phabricator_setup\<close>\<close>
|
|
226 |
|
|
227 |
text \<open>
|
|
228 |
The @{tool_def phabricator_setup} installs a fresh Phabricator instance on
|
|
229 |
Ubuntu Linux (notably 18.04 LTS):
|
|
230 |
@{verbatim [display] \<open>Usage: isabelle phabricator_setup [OPTIONS]
|
|
231 |
|
|
232 |
Options are:
|
|
233 |
-R DIR repository directory (default: "/var/www/phabricator-NAME/repo")
|
|
234 |
-U full update of system packages before installation
|
|
235 |
-n NAME Phabricator installation name (default: "vcs")
|
|
236 |
-r DIR installation root directory (default: "/var/www/phabricator-NAME")
|
|
237 |
|
|
238 |
Install Phabricator as LAMP application (Linux, Apache, MySQL, PHP).
|
|
239 |
|
|
240 |
The installation name (default: "vcs") is mapped to a regular
|
|
241 |
Unix user; this is relevant for public SSH access.\<close>}
|
|
242 |
|
|
243 |
Installation requires Linux root user access. All required packages are
|
|
244 |
installed automatically beforehand, this includes the Apache web server and
|
|
245 |
the MySQL database engine.
|
|
246 |
|
|
247 |
Global configuration in \<^verbatim>\<open>/etc\<close> and other directories like \<^verbatim>\<open>/var/www\<close>
|
|
248 |
always use name prefixes \<^verbatim>\<open>isabelle-phabricator\<close> or \<^verbatim>\<open>phabricator\<close>. Local
|
|
249 |
configuration for a particular installation uses more specific names derived
|
|
250 |
from \<^verbatim>\<open>phabricator-\<close>\<open>NAME\<close>, e.g. \<^verbatim>\<open>/var/www/phabricator-vcs\<close> for a default
|
|
251 |
installation.
|
|
252 |
|
|
253 |
Knowing the conventions, it is possible to purge a Linux installation from
|
|
254 |
Isabelle/Phabricator with some effort. There is no automated
|
|
255 |
de-installation: it is often better to re-install a clean virtual machine
|
|
256 |
image.
|
|
257 |
|
|
258 |
\<^medskip>
|
|
259 |
Option \<^verbatim>\<open>-U\<close> ensures a full update of system packages, before installing
|
|
260 |
further packages required by Phabricator.
|
|
261 |
|
|
262 |
Option \<^verbatim>\<open>-n\<close> provides an alternative installation name. The default name
|
|
263 |
\<^verbatim>\<open>vcs\<close> means ``Version Control System''. The name will appear in the URL for
|
|
264 |
SSH access, and thus has some relevance to end-users. The initial server URL
|
|
265 |
also uses that name suffix, but it can be changed later via regular Apache
|
|
266 |
configuration.
|
|
267 |
|
|
268 |
Option \<^verbatim>\<open>-r\<close> specifies an alternative installation root directory: it needs
|
|
269 |
to be accessible for the Apache web server.
|
|
270 |
|
|
271 |
Option \<^verbatim>\<open>-R\<close> specifies an alternative directory for repositories that are
|
|
272 |
hosted by Phabricator. Provided that it is accessible for the Apache web
|
|
273 |
server, the directory can be re-used directly for the builtin \<^verbatim>\<open>hgweb\<close> view
|
|
274 |
by Mercurial. See also the documentation
|
|
275 |
\<^url>\<open>https://www.mercurial-scm.org/wiki/PublishingRepositories#hgweb\<close> and the
|
|
276 |
example \<^url>\<open>https://isabelle.sketis.net/repos\<close> for repositories in
|
|
277 |
\<^url>\<open>https://isabelle-dev.sketis.net/diffusion\<close>.
|
|
278 |
\<close>
|
|
279 |
|
|
280 |
|
|
281 |
subsection \<open>\<^verbatim>\<open>isabelle phabricator_setup_mail\<close>\<close>
|
|
282 |
|
|
283 |
text \<open>
|
|
284 |
The @{tool_def phabricator_setup_mail} provides mail configuration for an
|
|
285 |
existing Phabricator installation (preferably via SMTP):
|
|
286 |
@{verbatim [display] \<open>Usage: isabelle phabricator_setup_mail [OPTIONS]
|
|
287 |
|
|
288 |
Options are:
|
|
289 |
-T USER send test mail to Phabricator user
|
|
290 |
-f FILE config file (default: "mailers.json" within
|
|
291 |
Phabricator root)
|
|
292 |
-n NAME Phabricator installation name (default: "vcs")
|
|
293 |
|
|
294 |
Provide mail configuration for existing Phabricator installation.\<close>}
|
|
295 |
|
|
296 |
Proper mail configuration is vital for Phabricator, but the details can be
|
|
297 |
tricky. A common approach is to re-use an existing SMTP mail service, as is
|
|
298 |
often included in regular web hosting packages. A single account for
|
|
299 |
multiple Phabricator installations is sufficient, but the configuration
|
|
300 |
needs to be set for each installation separately.
|
|
301 |
|
|
302 |
The first invocation of \<^verbatim>\<open>isabelle phabricator_setup_mail\<close> without options
|
|
303 |
creates a JSON template file. Its \<^verbatim>\<open>key\<close> entry should be changed to
|
|
304 |
something sensible to identify the configuration, e.g.\ the Internet Domain
|
|
305 |
Name of the mail address being used here. The \<^verbatim>\<open>options\<close> specify the SMTP
|
|
306 |
server address and account information.
|
|
307 |
|
|
308 |
Another invocation of \<^verbatim>\<open>isabelle phabricator_setup_mail\<close> with updated JSON
|
|
309 |
file will change the underlying Phabricator installation. This can be done
|
|
310 |
repeatedly, until everything works as expected.
|
|
311 |
|
|
312 |
Option \<^verbatim>\<open>-T\<close> invokes a standard Phabricator test procedure for the mail
|
|
313 |
configuration. The argument needs to be a valid Phabricator user: the mail
|
|
314 |
address is derived from the user profile.
|
|
315 |
|
|
316 |
Option \<^verbatim>\<open>-f\<close> refers to an existing JSON configuration file, e.g.\ from a
|
|
317 |
different Phabricator installation: sharing mailers setup with the same mail
|
|
318 |
address works for outgoing mails; incoming mails are not strictly needed.
|
71099
|
319 |
\<close>
|
|
320 |
|
|
321 |
end
|