diff -r 3e61534e804e -r 1579a9160c7f src/Doc/System/Phabricator.thy --- a/src/Doc/System/Phabricator.thy Thu Nov 14 16:22:21 2019 +0100 +++ b/src/Doc/System/Phabricator.thy Thu Nov 14 21:49:49 2019 +0100 @@ -23,15 +23,14 @@ especially due to Microsoft's Github and Atlassian's Bitbucket. The small company behind Phabricator provides paid plans for support and - hosting of servers, but it is relatively easy to do \<^emph>\independent - self-hosting\ on a standard LAMP server (Linux, Apache, MySQL, PHP). This - merely requires a virtual Ubuntu server on the net, which can be rented - rather cheaply from local hosting providers (there is no need to follow big - cloud corporations). So it is feasible to remain the master of your virtual - home, following the slogan ``own all your data''. In many respects, - Phabricator is similar to the well-known - Nextcloud\<^footnote>\\<^url>\https://nextcloud.com\\ product, concerning both the - technology and sociology. + hosting of servers, but it is easy to do \<^emph>\independent self-hosting\ on a + standard LAMP server (Linux, Apache, MySQL, PHP). This merely requires a + virtual machine on the Net, which can be rented cheaply from local hosting + providers --- there is no need to follow big cloud corporations. So it is + feasible to remain the master of your virtual home, following the slogan + ``own all your data''. In many respects, Phabricator is similar to the + well-known Nextcloud\<^footnote>\\<^url>\https://nextcloud.org\\ product, concerning both + the technology and sociology. \<^medskip> The following Phabricator instances may serve as examples: @@ -41,89 +40,94 @@ \<^item> Mercurial development \<^url>\https://phab.mercurial-scm.org\ \<^item> Isabelle development \<^url>\https://isabelle-dev.sketis.net\ - \<^medskip> Initial Phabricator server configuration requires many details to be done + \<^medskip> Initial Phabricator configuration requires many details to be done right.\<^footnote>\See also \<^url>\https://secure.phabricator.com/book/phabricator/article/installation_guide\ in the context of \<^url>\https://help.ubuntu.com/lts/serverguide\.\ Isabelle provides some command-line tools to help with the setup, and afterwards Isabelle support is optional: it is possible to run and maintain the server, - without requiring a full Isabelle distribution again. + without requiring the somewhat bulky Isabelle distribution again. \ section \Quick start\ text \ - The starting point is a fresh installation of \<^bold>\Ubuntu 18.04 LTS\: that - particular version is required due to subtle dependencies on system - configuration and add-on packages. + The starting point is a fresh installation of \<^bold>\Ubuntu 18.04 + LTS\\<^footnote>\\<^url>\https://ubuntu.com/download\\: this version is mandatory due to + subtle dependencies on system packages and configuration that is assumed by + the Isabelle setup tool. For production use, a proper \<^emph>\Virtual Server\ or \<^emph>\Root Server\ product from a hosting provider will be required, including an Internet Domain Name (a pseudo sub-domain in the style of Apache is sufficient). Initial experimentation also works on a local host, e.g.\ via - VirtualBox\<^footnote>\\<^url>\https://www.virtualbox.org\\. The public server behind - \<^verbatim>\lvh.me\ provides arbitrary subdomains as an alias to \<^verbatim>\localhost\, which - will be used for the default installation below. + VirtualBox\<^footnote>\\<^url>\https://www.virtualbox.org\\. The public domain \<^verbatim>\lvh.me\ is + used below: it maps arbitrary subdomains to \<^verbatim>\localhost\. All administrative commands need to be run as \<^verbatim>\root\ user (e.g.\ via - \<^verbatim>\sudo\). + \<^verbatim>\sudo\). Note that Isabelle refers to user-specific configuration in the + user home directory via @{setting ISABELLE_HOME_USER} + (\secref{sec:settings}); that may be different or absent for the root user + and thus cause confusion. \ subsection \Initial setup\ text \ - Isabelle can managed multiple named installations Phabricator installations: - this allows to separate administrative responsibilities, e.g.\ different - approaches to user management for different projects. Subsequently we always - use the implicit default name ``\<^verbatim>\vcs\'': it will appear in file and - directory locations, internal database names and URLs. + Isabelle can manage multiple named Phabricator installations: this allows to + separate administrative responsibilities, e.g.\ different approaches to user + management for different projects. Subsequently we always use the default + name ``\<^verbatim>\vcs\'': it will appear in file and directory locations, internal + database names and URLs. - The initial setup (with full Linux package upgrade) works as follows: + The initial setup works as follows (with full Linux package upgrade): @{verbatim [display] \ isabelle phabricator_setup -U\} - After installing many packages and cloning the Phabricator distribution, the - final output of the tool should be the URL for further manual configuration - (using a local web browser). Here the key points are: + After installing many packages, cloning the Phabricator distribution, + initializing the MySQL database and Apache, the tool prints an URL for + further configuration. The following needs to be provided by the web + interface: - \<^item> An initial user account that will get administrator rights. There is no - need to create a separate \<^verbatim>\admin\ account. Instead, a regular user that - will take over this responsibility can be used here. Subsequently we - assume that user \<^verbatim>\makarius\ becomes the initial administrator. + \<^item> An initial user that will get administrator rights. There is no need to + create a special \<^verbatim>\admin\ account. Instead, a regular user that will take + over this responsibility can be used here. Subsequently we assume that + user \<^verbatim>\makarius\ becomes the initial administrator. \<^item> An \<^emph>\Auth Provider\ to manage user names and passwords. None is provided by default, and Phabricator points out this omission prominently in its overview of \<^emph>\Setup Issues\: following these hints quickly leads to the place where a regular \<^emph>\Username/Password\ provider can be added. - Note that Phabricator allows to delegate the responsibility of - authentication to big corporations like Google and Facebook, but these can - be easily avoided. Genuine self-hosting means to manage users directly, - without outsourcing of authentication. + Alternatively, Phabricator can delegate the responsibility of + authentication to big corporations like Google and Facebook, but these can + be ignored. Genuine self-hosting means to manage users directly, without + outsourcing of authentication. - \<^medskip> - With the Auth Provider available, the administrator can now set a proper - password. This works e.g.\ by initiating a local password reset procedure: + \<^item> A proper password for the administrator can now be set, e.g.\ by the + following command: - @{verbatim [display] \ isabelle phabricator bin/auth recover makarius\} + @{verbatim [display] \ isabelle phabricator bin/auth recover makarius\} - The printed URL gives access to a password dialog in the web browser. + The printed URL gives access to a login and password dialog in the web + interface. - Further users will be able to provide a password more directly, because the - Auth Provider is now active. + Any further users will be able to provide a password directly, because the + Auth Provider is already active. + + \<^item> The list of Phabricator \<^bold>\Setup Issues\ should be studied with some + care, to make sure that no serious problems are remaining. The request to + lock the configuration can be fulfilled as follows: - \<^medskip> - The pending request in Phabricator \<^bold>\Setup Issues\ to lock the configuration - can be fulfilled as follows: + @{verbatim [display] \ isabelle phabricator bin/auth lock\} - @{verbatim [display] \ isabelle phabricator bin/auth lock\} - - \<^medskip> - Most other Setup Issues can be ignored, after reading through them briefly - to make sure that there are no genuine problems remaining. + \<^medskip> A few other Setup Issues might be relevant as well, e.g.\ the timezone + of the server. Some more exotic points can be ignored: Phabricator + provides careful explanations about what it thinks could be wrong, always + leaving some room for interpretation. \ @@ -131,34 +135,38 @@ text \ The next important thing is messaging: Phabricator needs to be able to - communicate with users. There are many variations on \<^emph>\Mailer - Configuration\, but a conventional SMTP server connection with a dedicated - \<^verbatim>\phabricator\ user is sufficient. Note that there is no need to run a mail - server on the self-hosted Linux machine: regular web-hosting packages - usually allow to create new mail accounts easily. (As a last resort it is - possible to use a service like Gmail, but that would again introduce - unnecessary dependency on Google.) + communicate with users on its own account, e.g.\ to reset passwords. The + documentation has many variations on \<^emph>\Configuring Outbound + Email\\<^footnote>\\<^url>\https://secure.phabricator.com/book/phabricator/article/configuring_outbound_email\\, + but a conventional SMTP server with a dedicated \<^verbatim>\phabricator\ user is + sufficient. There is no need to run a separate mail server on the + self-hosted Linux machine: hosting providers often include such a service + for free, e.g.\ as part of a web-hosting package. As a last resort it is + also possible to use a corporate service like Gmail, but such dependency + dilutes the whole effort of self-hosting. \<^medskip> Mailer configuration requires a few command-line invocations as follows: @{verbatim [display] \ isabelle phabricator_setup_mail\} - \<^noindent> Now edit the generated JSON file to provide the mail account details. Then - add and test it with Phabricator like this (to let Phabricator send a - message to the administrator from above): + \<^noindent> This generates a JSON template file for the the mail account details. + After editing that, the subsequent command will add and test it with + Phabricator: @{verbatim [display] \ isabelle phabricator_setup_mail -T makarius\} - The mail configuration process can be refined and repeated until it really - works: host name, port number, protocol etc.\ all need to be correct. The - \<^verbatim>\key\ field in the JSON file identifies the name of the configuration; it + This tells Phabricator to send a message to the administrator created + before; the output informs about success or errors. + + The mail configuration process can be refined and repeated until it works + properly: host name, port number, protocol etc.\ all need to be correct. The + \<^verbatim>\key\ field in the JSON file identifies the name of the configuration that will be overwritten each time, when taking over the parameters via \<^verbatim>\isabelle phabricator_setup_mail\. \<^medskip> - For information, the resulting mailer configuration can be queried like - this: + This is how to query the current mail configuration: @{verbatim [display] \ isabelle phabricator bin/config get cluster.mailers\} \ @@ -169,10 +177,7 @@ text \ The subsequent command-line tools usually require root user privileges on the underlying Linux system (e.g.\ via \<^verbatim>\sudo bash\ to open a subshell, or - directly via \<^verbatim>\sudo isabelle ...\). Note that Isabelle refers to - user-specific configuration in the user home directory via @{setting - ISABELLE_HOME_USER} (\secref{sec:settings}); that may be different or absent - for the root user and thus cause confusion. + directly via \<^verbatim>\sudo isabelle phabricator ...\). \ @@ -217,8 +222,8 @@ @{verbatim [display] \phabricator/ $ ./bin/config get phabricator.base-uri\} Here the user is meant to navigate to the Phabricator home manually, in - contrast to \<^verbatim>\isabelle phabricator\ doing it automatically based on - \<^path>\/etc/isabelle-phabricator.conf\. + contrast to \<^verbatim>\isabelle phabricator\ doing it automatically thanks to the + global configuration \<^path>\/etc/isabelle-phabricator.conf\. \ @@ -226,7 +231,7 @@ text \ The @{tool_def phabricator_setup} installs a fresh Phabricator instance on - Ubuntu Linux (notably 18.04 LTS): + Ubuntu 18.04 LTS: @{verbatim [display] \Usage: isabelle phabricator_setup [OPTIONS] Options are: @@ -240,41 +245,40 @@ The installation name (default: "vcs") is mapped to a regular Unix user; this is relevant for public SSH access.\} - Installation requires Linux root user access. All required packages are + Installation requires Linux root permissions. All required packages are installed automatically beforehand, this includes the Apache web server and the MySQL database engine. - Global configuration in \<^verbatim>\/etc\ and other directories like \<^verbatim>\/var/www\ - always use name prefixes \<^verbatim>\isabelle-phabricator\ or \<^verbatim>\phabricator\. Local + Global configuration in \<^verbatim>\/etc\ or a few other directories like \<^verbatim>\/var/www\ + uses name prefixes like \<^verbatim>\isabelle-phabricator\ or \<^verbatim>\phabricator\. Local configuration for a particular installation uses more specific names derived - from \<^verbatim>\phabricator-\\NAME\, e.g. \<^verbatim>\/var/www/phabricator-vcs\ for a default - installation. + from \<^verbatim>\phabricator-\\NAME\, e.g.\ \<^verbatim>\/var/www/phabricator-vcs\ for the + default. - Knowing the conventions, it is possible to purge a Linux installation from - Isabelle/Phabricator with some effort. There is no automated - de-installation: it is often better to re-install a clean virtual machine - image. + Knowing the naming conventions, it is possible to purge a Linux installation + from Isabelle/Phabricator with some effort, but there is no automated + procedure for de-installation. In the worst case, it might be better to + re-install the virtual machine from a clean image. \<^medskip> Option \<^verbatim>\-U\ ensures a full update of system packages, before installing - further packages required by Phabricator. + further packages required by Phabricator. This might require to reboot. Option \<^verbatim>\-n\ provides an alternative installation name. The default name - \<^verbatim>\vcs\ means ``Version Control System''. The name will appear in the URL for - SSH access, and thus has some relevance to end-users. The initial server URL - also uses that name suffix, but it can be changed later via regular Apache - configuration. + \<^verbatim>\vcs\ means ``version control system''. The name appears in the URL for SSH + access, and thus has some relevance to end-users. The initial server URL + also uses the same suffix, but that can (and should) be changed later via + regular Apache configuration. Option \<^verbatim>\-r\ specifies an alternative installation root directory: it needs to be accessible for the Apache web server. Option \<^verbatim>\-R\ specifies an alternative directory for repositories that are hosted by Phabricator. Provided that it is accessible for the Apache web - server, the directory can be re-used directly for the builtin \<^verbatim>\hgweb\ view - by Mercurial. See also the documentation - \<^url>\https://www.mercurial-scm.org/wiki/PublishingRepositories#hgweb\ and the - example \<^url>\https://isabelle.sketis.net/repos\ for repositories in - \<^url>\https://isabelle-dev.sketis.net/diffusion\. + server, the directory can be reused for the \<^verbatim>\hgweb\ view by Mercurial.\<^footnote>\See + also the documentation + \<^url>\https://www.mercurial-scm.org/wiki/PublishingRepositories\ and the + example \<^url>\https://isabelle.sketis.net/repos\.\ \ @@ -282,7 +286,7 @@ text \ The @{tool_def phabricator_setup_mail} provides mail configuration for an - existing Phabricator installation (preferably via SMTP): + existing Phabricator installation: @{verbatim [display] \Usage: isabelle phabricator_setup_mail [OPTIONS] Options are: @@ -295,15 +299,15 @@ Proper mail configuration is vital for Phabricator, but the details can be tricky. A common approach is to re-use an existing SMTP mail service, as is - often included in regular web hosting packages. A single account for - multiple Phabricator installations is sufficient, but the configuration - needs to be set for each installation separately. + often included in regular web hosting packages. It is sufficient to create + one mail account for multiple Phabricator installations, but the + configuration needs to be set for each installation. The first invocation of \<^verbatim>\isabelle phabricator_setup_mail\ without options creates a JSON template file. Its \<^verbatim>\key\ entry should be changed to something sensible to identify the configuration, e.g.\ the Internet Domain - Name of the mail address being used here. The \<^verbatim>\options\ specify the SMTP - server address and account information. + Name of the mail address. The \<^verbatim>\options\ specify the SMTP server address and + account information. Another invocation of \<^verbatim>\isabelle phabricator_setup_mail\ with updated JSON file will change the underlying Phabricator installation. This can be done @@ -314,8 +318,9 @@ address is derived from the user profile. Option \<^verbatim>\-f\ refers to an existing JSON configuration file, e.g.\ from a - different Phabricator installation: sharing mailers setup with the same mail - address works for outgoing mails; incoming mails are not strictly needed. + previous successful Phabricator installation: sharing mailers setup with the + same mail address is fine for outgoing mails; incoming mails are optional + and not configured here. \ end