Change Details

Some components are missing from the nasqueron/phabricator image: - the ability to fetch code from a private repository for arcanist, libphutil and phabricator - the autoupdate mechanism to check if a production branch can be rebased against master - the SSH daemons Currently, they're manually installed. That forbids us to treat this container as an immutable, throwable artifact. Plan is to include them to nasqueron/phabricator or override in a nasqueron/devcentral image. ## Tasks to do ### Hosting To allow to clone repo per SSH and interact with them: # Provide a SSH configuration: P292, we can drop `Port 5022` as it was only used when DevCentral was on Dwellers and some other containers or locally we needed to interact with DevCentral # Create a vcs user for SSH access: `vcs:x:432:433:Phabricator VCS SSH access:/var/vcs:/bin/sh` # Give permission to vcs to sudo as app for VCS commands: `vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack` - could be saved as /etc/sudoers.d/phabricator-hosting # Create an unit to launch SSH as /usr/sbin/sshd -f /etc/sudoers.d/phabricator-hosting # Expose port 22

Some components are missing from the nasqueron/phabricator image: - the ability to fetch code from a private repository for arcanist, libphutil and phabricator - the autoupdate mechanism to check if a production branch can be rebased against master - the SSH daemons Currently, they're manually installed. That forbids us to treat this container as an immutable, throwable artifact. Plan is to include them to nasqueron/phabricator or override in a nasqueron/devcentral image. ## Tasks to do ### Hosting To allow to clone repo per SSH and interact with them: # Install relevant packages: sudo openssh-server # Provide a SSH configuration: P292, we can drop `Port 5022` as it was only used when DevCentral was on Dwellers and some other containers or locally we needed to interact with DevCentral # Create a vcs user for SSH access: `vcs:x:432:433:Phabricator VCS SSH access:/var/vcs:/bin/sh` # Give permission to vcs to sudo as app for VCS commands: `vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack` - could be saved as /etc/sudoers.d/phabricator-hosting # Create an unit to launch SSH as /usr/sbin/sshd -f /etc/sudoers.d/phabricator-hosting # Expose port 22 ``` RUN apt-get update && apt-get install sudo openssh-server && \ cd /opt/phabricator && \ ./bin/config set phd.user app && \ ./bin/config set diffusion.ssh-user vcs && \ # create vcs user EXPOSE 22 ```

Some components are missing from the nasqueron/phabricator image: - the ability to fetch code from a private repository for arcanist, libphutil and phabricator - the autoupdate mechanism to check if a production branch can be rebased against master - the SSH daemons Currently, they're manually installed. That forbids us to treat this container as an immutable, throwable artifact. Plan is to include them to nasqueron/phabricator or override in a nasqueron/devcentral image. ## Tasks to do ### Hosting To allow to clone repo per SSH and interact with them: # Install relevant packages: sudo openssh-server # Provide a SSH configuration: P292, we can drop `Port 5022` as it was only used when DevCentral was on Dwellers and some other containers or locally we needed to interact with DevCentral # Create a vcs user for SSH access: `vcs:x:432:433:Phabricator VCS SSH access:/var/vcs:/bin/sh` # Give permission to vcs to sudo as app for VCS commands: `vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack` - could be saved as /etc/sudoers.d/phabricator-hosting # Create an unit to launch SSH as /usr/sbin/sshd -f /etc/sudoers.d/phabricator-hosting # Expose port 22 ``` RUN apt-get update && apt-get install sudo openssh-server && \ cd /opt/phabricator && \ ./bin/config set phd.user app && \ ./bin/config set diffusion.ssh-user vcs && \ # create vcs user EXPOSE 22 ```