# HG changeset patch # User wenzelm # Date 1572968973 -3600 # Node ID f4b9dd5ab0ccf235a922fb87a34c505fdfb0e227 # Parent 5f02ecbb19d6a140b734492e495fe285d00b7cfc more phabricator setup; diff -r 5f02ecbb19d6 -r f4b9dd5ab0cc Admin/Phabricator/README --- a/Admin/Phabricator/README Tue Nov 05 16:47:59 2019 +0100 +++ b/Admin/Phabricator/README Tue Nov 05 16:49:33 2019 +0100 @@ -54,11 +54,11 @@ Port 222 /etc/passwd: - phab-daemon:x:118:126::/home/phab-daemon:/bin/bash + phabricator:x:118:126::/home/phabricator:/bin/bash vcs:x:119:125::/home/vcs:/bin/bash /etc/group: - phab-daemon:x:126: + phabricator:x:126: vcs:x:125: $ cp ssh/ssh-hook /usr/local/bin/. @@ -66,24 +66,24 @@ $ cp ssh/sshd-phabricator.service /lib/systemd/system/. $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/. - $ ./bin/config set phd.user phab-daemon + $ ./bin/config set phd.user phabricator $ ./bin/config set diffusion.ssh-user vcs $ ./bin/config set diffusion.ssh-port 22 + $ systemctl enable sshd-phabricator $ systemctl start sshd-phabricator - $ systemctl enable sshd-phabricator Test on local machine: $ echo "{}" | ssh vcs@phabricator.sketis.net conduit conduit.ping - Repository Local Path: mkdir -p /var/www/phabricator/repo - chown phab-daemon:phab-daemon /var/www/phabricator/repo + chown phabricator:phabricator /var/www/phabricator/repo - PHP Daemon: $ cp phd/phd-phabricator.service /lib/systemd/system/. + $ systemctl enable phd-phabricator $ systemctl start phd-phabricator - $ systemctl enable phd-phabricator - Update: https://secure.phabricator.com/book/phabricator/article/upgrading diff -r 5f02ecbb19d6 -r f4b9dd5ab0cc Admin/Phabricator/phd/phd-phabricator.service --- a/Admin/Phabricator/phd/phd-phabricator.service Tue Nov 05 16:47:59 2019 +0100 +++ b/Admin/Phabricator/phd/phd-phabricator.service Tue Nov 05 16:49:33 2019 +0100 @@ -4,8 +4,8 @@ [Service] Type=oneshot -User=phab-daemon -Group=phab-daemon +User=phabricator +Group=phabricator Environment=PATH=/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin ExecStart=/var/www/phabricator/phabricator/bin/phd start ExecStop=/var/www/phabricator/phabricator/bin/phd stop diff -r 5f02ecbb19d6 -r f4b9dd5ab0cc Admin/Phabricator/ssh/sudoers.d/phabricator --- a/Admin/Phabricator/ssh/sudoers.d/phabricator Tue Nov 05 16:47:59 2019 +0100 +++ b/Admin/Phabricator/ssh/sudoers.d/phabricator Tue Nov 05 16:49:33 2019 +0100 @@ -1,2 +1,2 @@ -www-data ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id -vcs ALL=(phab-daemon) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id +www-data ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id +vcs ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id diff -r 5f02ecbb19d6 -r f4b9dd5ab0cc etc/options --- a/etc/options Tue Nov 05 16:47:59 2019 +0100 +++ b/etc/options Tue Nov 05 16:49:33 2019 +0100 @@ -345,8 +345,6 @@ section "Phabricator server" -option phabricator_user : string = "phabricator" - option phabricator_www_user : string = "www-data" option phabricator_www_root : string = "/var/www" diff -r 5f02ecbb19d6 -r f4b9dd5ab0cc src/Pure/Tools/phabricator.scala --- a/src/Pure/Tools/phabricator.scala Tue Nov 05 16:47:59 2019 +0100 +++ b/src/Pure/Tools/phabricator.scala Tue Nov 05 16:49:33 2019 +0100 @@ -16,6 +16,29 @@ { /** defaults **/ + /* required packages */ + + val packages: List[String] = + Build_Docker.packages ::: + List( + // https://secure.phabricator.com/source/phabricator/browse/master/scripts/install/install_ubuntu.sh 15e6e2adea61 + "git", "mysql-server", "apache2", "libapache2-mod-php", "php", "php-mysql", + "php-gd", "php-curl", "php-apcu", "php-cli", "php-json", "php-mbstring", + // more packages + "php-zip", "python-pygments", "ssh") + + + /* global system resources */ + + val daemon_user = "phabricator" + + val ssh_standard = 22 + val ssh_alternative1 = 222 + val ssh_alternative2 = 2222 + + + /* installation parameters */ + val default_name = "vcs" def default_prefix(name: String): String = "phabricator-" + name @@ -26,15 +49,6 @@ def default_repo(options: Options, name: String): Path = default_root(options, name) + Path.basic("repo") - val packages: List[String] = - Build_Docker.packages ::: - List( - // https://secure.phabricator.com/source/phabricator/browse/master/scripts/install/install_ubuntu.sh 15e6e2adea61 - "git", "mysql-server", "apache2", "libapache2-mod-php", "php", "php-mysql", - "php-gd", "php-curl", "php-apcu", "php-cli", "php-json", "php-mbstring", - // more packages - "php-zip", "python-pygments") - /** global configuration **/ @@ -77,6 +91,17 @@ /** setup **/ + def user_setup(name: String, description: String, ssh_setup: Boolean = false) + { + if (!Linux.user_exists(name)) { + Linux.user_add(name, description = description, ssh_setup = ssh_setup) + } + else if (Linux.user_description(name) != description) { + error("User " + quote(name) + " already exists --" + + " for Phabricator it should have the description:\n " + quote(description)) + } + } + def phabricator_setup( options: Options, name: String = default_name, @@ -99,6 +124,18 @@ Linux.check_reboot_required() + /* users */ + + if (name == daemon_user) { + error("Clash of installation name with daemon user " + quote(daemon_user)) + } + + user_setup(daemon_user, "Phabricator Daemon User", ssh_setup = true) + user_setup(name, "Phabricator SSH User") + + val www_user = options.string("phabricator_www_user") + + /* basic installation */ val prefix_name = proper_string(prefix) getOrElse default_prefix(name) @@ -118,7 +155,7 @@ progress.bash(cwd = root_path.file, echo = true, script = """ set -e - chown """ + Bash.string(options.string("phabricator_www_user")) + """ . + chown """ + Bash.string(www_user) + """ . chmod 755 . git clone https://github.com/phacility/libphutil.git @@ -152,6 +189,48 @@ config.execute("storage upgrade --force") + /* PHP daemon */ + + progress.echo("PHP daemon setup...") + + config.execute("config set phd.user " + Bash.string(daemon_user)) + + Linux.service_install("phd-" + prefix_name, +"""[Unit] +Description=PHP daemon (Phabricator """ + quote(name) + """) +After=syslog.target network.target apache2.service mysql.service + +[Service] +Type=oneshot +User=""" + daemon_user + """ +Group=""" + daemon_user + """ +Environment=PATH=/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin +ExecStart=""" + root_path.expand.implode + """/phabricator/bin/phd start +ExecStop=""" + root_path.expand.implode + """/phabricator/bin/phd stop +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +""") + + + /* SSH hosting */ + + progress.echo("SSH hosting setup...") + + val ssh_port = ssh_alternative2 + + config.execute("config set diffusion.ssh-user " + Bash.string(name)) + config.execute("config set diffusion.ssh-port " + ssh_port) + + val sudoers_file = Path.explode("/etc/sudoers.d") + Path.basic(prefix_name) + File.write(sudoers_file, + www_user + " ALL=(" + daemon_user + ") SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id\n" + + name + " ALL=(" + daemon_user + ") SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id\n") + + Isabelle_System.bash("chmod 0440 " + File.bash_path(sudoers_file)).check + + /* Apache setup */ progress.echo("Apache setup...")