PHABRICATOR on NS


(Dan) #81

OK, looking through the logs, it looks like this is the issue:

[Sun Jul 22 06:24:54.344950 2018] [:error] [pid 1112] [client 192.168.1.237:51439] [2018-07-22 10:24:54] EXCEPTION: (Exception) Unable to find `git-http-backend` in $PATH! at [<phabricator>/src/applications/diffusion/controller/DiffusionServeController.php:537]

The docs say that apache needs sudo access to run git-http-backend as phd. However, I’m not finding any such binary on my system, nor in the yum repos. Edit: found it, it’s in /var/libexec/git-core (so not in $PATH). I have this fixed to be able to clone and and push changes. Wiki updated again.

This was caused by a similar issue in the sudoers config, but I’ve found the appropriate binaries–the wiki is updated. There was also a permissions issue on /var/repo; in the short term I’ve addressed that by doing chmod 777 /var/repo, but really I’ll need to play with groups a bit. I’m now able to clone a repo via SSH. Edit: I’m also able to push changes to that repo.


(Dan) #82

Sure, but you’ll need to renew that cert. There’s still an issue with the Virtual Host configuration that I haven’t worked out. It’s not an issue for me, as I use DNS validation for everything, but it really should be doable for HTTP validation too.

systemctl start sshd-phabricator and try again.


(Rob Bosch) #83

@danb35 Maybe offtopic, but I do want to express my admiration towards the dedication you show, how you tackle the issues that arise with configuring this application. THANK YOU!


(Dan) #84

Thanks–I guess it’s a matter of a challenge. I don’t know how much (if at all) I’d use this myself (which also means nobody should count on me for ongoing support), but there’s a bit of a challenge in figuring out how all the moving parts fit together (despite the often-horrible documentation).


(Nitram Oneito) #85

systemctl enable –now sshd-phabricator
Failed to execute operation: No such file or directory
systemctl start sshd-phabricator
Failed to start sshd-phabricator.service: Unit not found.


(Dan) #86

Looks like the systemd unit file isn’t there. ls -l /etc/systemd/system/sshd-phabricator.service. If it isn’t there, create it with these contents:

[Unit]
Description=OpenSSH server daemon - Phabricator Installation
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

(Markus Neuberger) #87

I am actually going through your wiki page and I recognized that systemctl enable --now phd doesn’t work, you need systemctl enable phd --now and it seems dokuwiki converts -- to a long -. I wanted to edit the page but it’s locked by you…


(Dan) #88

Yeah, I’m working on cleanup right now. I’m sure it’s nowhere near done, but I think I can get it into something like a decent layout. I’ll make sure those systemctl commands are fixed.


(Markus Neuberger) #89

OK, I’ll wait until you’ve finished.


(Dan) #90

I think I’m done for now.


(Markus Neuberger) #91

I couldn’t wait and tested in the meanwhile, seems to work so far but I’ll have to test on a fresh vm snapshot.
Thanks for the great work.


(Dan) #92

I could use some help with the virtual host configuration, though; I haven’t been able to figure out how I can have the HTTPS redirect but still have /.well-known/acme-challenge serve the right thing. I’m not giving up as such, but the intricacies of the Apache rewrite engine are pretty opaque to me. It’s OK if /.well-known/acme-challenge is served over HTTPS (i.e., the request comes via HTTP, there’s a redirect, and the correct content is served via HTTPS), but nothing I’ve tried so far is serving that content at all.

Edit: But other than that, I’ve walked through the wiki instructions on a clean VM and they appear to work. I’d missed creation of one directory (/var/tmp/phd), but that’s in there now.


(Markus Neuberger) #93

It’s working. I can sync with github and local repos. Very nice!

This seems to be hard. Letsencrypt and phabricator together are only working without the redirect on port 80 in my tests:

# Redirect / https://phab.yourdomain/

What I tried without success:

To only work with http:/ this condition should be used:

RewriteCond %{HTTPS} !=on

Tried several rewriterules:

Something like this, a combination of force https and the phab rewrite rule should work but does not:

RewriteRule (.*) https://%{SERVER_NAME}/index.php?__path__=$1 [B,L,QSA] [R,L]


(Dan) #94

Still making tweaks here and there on the wiki. I’m now using command variable substitution for the base URL, so at this point, the only thing that should need any edits at all is the virtual host template fragment (and really this should be simple enough to template; I just haven’t done it yet)–everything else should be just copy/paste. If not, let me know, or just edit the page to correct.

Also working on figuring out the workflow–it seems a bit different from the Git new branch/pull request/merge process.


(Nitram Oneito) #95

ok, let me now rebuild with the step by step instructions from the wiki.

I guess I have tinkered way too many times on mine to have broken some things.

will post my progress …


(Nitram Oneito) #96

what did you do, to get that kind of result.

I have done everything myself from the updated wiki, with all the instruction.
I am getting one error about daemons not started. and I am trying to push with no success. I get error 403, av tried both with ssh, and also using the http


(Dan) #97

When using HTTP, have you set a VCS password for your user? Are you using that password when you try to push? When using SSH, have you uploaded a public key to the Phabricator server?

As to the daemons, what’s the result of systemctl status phd?


(Nitram Oneito) #98

This is what I get when I run that

[root@ns phabricator]# systemctl status phd
● phd.service - Phabricator Daemons
Loaded: loaded (/etc/systemd/system/phd.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2018-07-24 18:20:19 EAT; 6s ago
Process: 10209 ExecStart=/var/lib/nethserver/vhost/phab/phabricator/bin/phd start (code=exited, status=255)

Jul 24 18:20:19 ns.domain.com systemd[1]: phd.service: control process exited, code=exited status=255
Jul 24 18:20:19 ns.domain.com systemd[1]: Failed to start Phabricator Daemons.
Jul 24 18:20:19 ns.domain.com systemd[1]: Unit phd.service entered failed state.
Jul 24 18:20:19 ns.domain.com systemd[1]: phd.service failed.

this is suprising considering phabricator is setup on dev.domain.com

That might be where am going wrong. but how do I do that, and which key is this

is the part for http not in the wiki, if I am reading correctly I think its there, unless there is another way to go about it, there is something I need to do


(Dan) #99

Not surprising at all; the hostname shown in the systemctl status output is what you set as the system name in the server manager–it isn’t related to the virtual host that’s set up for the Phabricator installation. But that doesn’t really show why the daemons didn’t start. What happens if you go to the phabricator directory and do sudo -u phd bin/phd start?

No, it isn’t; I considered that a “how to use Phabricator” matter and thus out of scope for that wiki page (and something I’m entirely unqualified to write in any case). Both the VCS password and the SSH public key can be entered through the user settings–click on the user’s icon (probably the first letter of the username) near the upper-right corner, and choose Settings from the resulting menu. You’ll see the options for SSH Public Keys and VCS password on the left.


(Nitram Oneito) #100

this is what I get

sudo -u phd bin/phd start
Freeing active task leases…
Freed 0 task lease(s).
Launching daemons:
(Logs will appear in “/var/tmp/phd/log/daemons.log”.)

(Pool: 1) PhabricatorRepositoryPullLocalDaemon
(Pool: 1) PhabricatorTriggerDaemon
(Pool: 4) PhabricatorTaskmasterDaemon

[2018-07-24 18:43:32] EXCEPTION: (FilesystemException) Requested path ‘/var/tmp/phd/pid’ is not writable. at [/src/filesystem/Filesystem.php:1107]
arcanist(head=master, ref.master=875d01836037), phabricator(head=master, ref.master=6bdd74584ef3), phutil(head=master , ref.master=4206849bb05b)
#0 Filesystem::assertWritable(string) called at [/src/applications/daemon/management/PhabricatorDaemon ManagementWorkflow.php:193]
#1 PhabricatorDaemonManagementWorkflow::launchDaemons(array, boolean) called at [/src/applications/dae mon/management/PhabricatorDaemonManagementWorkflow.php:379]
#2 PhabricatorDaemonManagementWorkflow::executeStartCommand(array) called at [/src/applications/daemon /management/PhabricatorDaemonManagementStartWorkflow.php:38]
#3 PhabricatorDaemonManagementStartWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/ PhutilArgumentParser.php:441]
#4 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php :333]
#5 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/daemon/manage_daemons.php:23]