PHABRICATOR on NS


(Dan) #61

Haven’t tried thus far–I’ll see if I can figure it out. Edit: Looks like it’s going to involve a bit of fiddling with system users and such. If I’m reading their docs correctly, configuring the system to handle a push via HTTP is going to be less disruptive than via SSH.


(Dan) #62

The Phabricator docs really are amazing–and I don’t mean that in a good way:

I’d say the obvious downside is that what they’re suggesting is utterly nonsensical. I can only hope this section is tongue in cheek, with the thought that “nobody who has any business using our software at all would take this seriously.”


(Nitram Oneito) #63

I have managed to tinker with a lot of setting, configurations, editing files via ssh to get some settings to work, it seems to be getting me closer.
if I mnage to push and pull, voila ill be happy, but am not sure f ill manage to configure that for ssh….

Overal I think phabricator is a nice tool to use, as far as I have been playing with it for most of all the other functions, except pushing to repo.

I think if we can get this tool to install and configure in a simple manner using nethserver, I think it will in a big way increase adoption of nethserver.

ill be making some few videos on youtube on the same, since av also noticed not many videos or tutorials for many items are available.


(Nitram Oneito) #64

from which side are you getting these… :laughing:

I think your browser is broken :laughing: :laughing::laughing::laughing::laughing::laughing::laughing:


(Dan) #65

From the page I linked to in my post.


(Nitram Oneito) #66

under port multiplexing

honestly,

that page was the most hard instruction I have tried to follow


(Nitram Oneito) #67

how to enabe the locked options in configurations
I was able to do a nifty trick that enable me to edit some of the configurations marked locked on the ui.

go to thi location
cd /var/lib/nethserver/vhost/dev/phabricator
//open the file on this path//
change some variable to enable locked settings
src/applications/config/option/PhabricatorCoreConfigOptions.php


(Rob Bosch) #68

What I also find amazing is that they propagate to use SSH with root account and not as a newly created phabricator account… It is never a great idea to use (or even allow) ssh with root.


(Nitram Oneito) #69

so far I have managed everything but the erro am getting is of erro 403 while trying to push


(Rob Bosch) #70

error 403 points to a permission problem. Is apache user and group owner of the directory and files that are served? Is there read access for all others?


(Nitram Oneito) #71

i

to be honest,

I have no idea, even how to setup those permissions


(Dan) #72

Where do they do that?


(Dan) #73

What exactly have you done so far? If we see that, we may be able to figure out what needs to be fixed.


(Rob Bosch) #74

Create phabricator-ssh-hook.sh: Copy the template in phabricator/resources/sshd/phabricator-ssh-hook.sh to somewhere like /usr/libexec/phabricator-ssh-hook.sh and edit it to have the correct settings.
Both the script itself and the parent directory the script resides in must be owned by root, and the script must have 755 permissions:
$ sudo chown root /path/to/somewhere/
$ sudo chown root /path/to/somewhere/phabricator-ssh-hook.sh
$ sudo chmod 755 /path/to/somewhere/phabricator-ssh-hook.sh
If you don’t do this, sshd will refuse to execute the hook.

Maybe I misunderstood this part, but if a script must be owned by root, it also must be started by root, right?


(Dan) #75

No, 755 permissions mean that it can be executed by anyone. It also looks like this script is called directly by sshd, so I’d guess it would run as whatever user sshd runs as.


(Dan) #76

Looking more carefully over the docs, I’m only seeing a few sticking points:

  • The required system users. We definitely need a system user for the daemons (what the docs call daemon-user), and we should probably have a SSH user as well (vcs-user). We need to determine what they should be called (I might suggest phab-daemon and phab-vcs, respectively), and the best way to go about creating them (is just useradd OK, or do we need to bring in the e-smith events/actions?).
  • sudoers. It looks like we can just create /etc/sudoers.d/50_phabricator with the required information, so I wouldn’t think this would need to be templated.
  • Directories. Where should phabricator-ssh-hook.sh go, for example?
  • SSH Port. I’d expect we’d want SSH to work, so we’d need to choose a port for that, and that port can’t conflict with anything else on the system. That’s also going to need a firewall adjustment.
  • Systemd script for the second sshd server.

If we only enable access to the repos over HTTP, the last three issues go away, and there’s only one system user to add–but we lose security, performance, and support for Subversion.


(Dan) #77

VERY rough and incomplete wiki page here: https://wiki.nethserver.org/doku.php?id=ht_phabricator

I’ll work on it more over time, but anyone else is free to update/add/clean up too.

Edit: OK, I think I have the stuff added to allow clone/push/etc. (on that wiki page), but having trouble with the clone:

% git clone ssh://vcs@host:2222/diffusion/1/test-repo.git
Cloning into 'test-repo'...
sudo: a password is required
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Also having trouble cloning via HTTP:

% git -c http.sslVerify=false clone https://host/diffusion/1/test-repo.git
Cloning into 'test-repo'...
Username for 'https://host': admin
Password for 'https://admin@host': 
fatal: unable to access 'https://host/diffusion/1/test-repo.git/': The requested URL returned error: 500

I’ve edited the settings to allow HTTP authentication, added a VCS password, and also a SSH public key. The docs talk about editing the repository to enable HTTP and/or SSH serving, but I’m not seeing the options they’re talking about–but when I click the Clone button on the repo, I do get the ssh:// and https:// URLs I used above.


(Nitram Oneito) #78

at first I was getting that error, then I went and editied the allow http access.
then the link had I/O that could be because of no I/O I guess


(Nitram Oneito) #79

the known issue as stated here in the wiki
can be sorted by installing letsencrypt before installing phabricator and its components.

and does anyone know why we have this many links on the URI in phab as shown

image


(Nitram Oneito) #80

Git: ssh: connect to host phab.host.com port 2222: Connection refused