Rewrite startup process to improve Let's Encrypt issuance and startup…

… time

ADVANCED-CONFIG.md

@@ -67,7 +67,7 @@ You can bake the configuration and initial start-up of this image into your own
 To bake an image, create a `Dockerfile` like this:
 
 ```
-FROM hachque/phabricator
+FROM redpointgames/phabricator
 
 ADD my-script /my-script
 RUN /my-script

DOCKER-COMPOSE.md

@@ -2,7 +2,7 @@
 
 Docker Compose configuration file supplied in this repository defines a Phabricator service and a MySQL service.
 
-The MySQL service uses official MySQL Docker image mysql:5.7.14 and the Phabricator service uses image hachque/phabricator.
+The MySQL service uses official MySQL Docker image mysql:5.7.14 and the Phabricator service uses image redpointgames/phabricator.
 
 
 ## Configure `PHABRICATOR_HOST`

Dockerfile

@@ -1,6 +1,8 @@
 FROM hachque/systemd-none
 
 EXPOSE 80 443 22 24
-ADD nginx.conf server-http.conf server-https-letsencrypt.conf server-https-manual.conf fastcgi.conf 15-https 25-nginx 25-php-fpm 20-postfix 10-boot-conf 35-phd 40-aphlict 50-cronie 60-iomonitor php-fpm.conf php.ini setup.sh sshd_config.phabricator 45-phabricator-ssh phabricator-ssh-hook.sh bake iomonitor /preflight/
+COPY baseline /baseline
+RUN /baseline/setup.sh
+COPY preflight /preflight
 RUN /preflight/setup.sh
-CMD ["/init"]
+CMD ["/bin/bash", "/app/init.sh"]

README.md

@@ -15,11 +15,12 @@ docker run \
     --env MYSQL_PASS=pass \
     --env PHABRICATOR_REPOSITORY_PATH=/repos \
     -v /host/repo/path:/repos \
-    hachque/phabricator
+    redpointgames/phabricator
 ```
 
 Alternatively you can launch this image with Docker Compose. Refer to [Using Docker Compose](./DOCKER-COMPOSE.md) for more information.
 
+**NOTICE:** This repository has been recently moved to `RedpointGames/phabricator` and the Docker image to use is now `redpointgames/phabricator`.  `hachque/phabricator` will be kept in sync with `redpointgames/phabricator` for the foreseeable future, so you don't need to update your configuration immediately.
 
 ## Configuration
 

setup.sh → baseline/setup.sh

@@ -6,6 +6,7 @@ set -x
 # Add repositories
 zypper --non-interactive ar http://download.opensuse.org/repositories/devel:/languages:/php/openSUSE_Leap_42.1/ php
 zypper --non-interactive ar http://download.opensuse.org/repositories/home:/marec2000:/nodejs/openSUSE_Leap_42.1/ nodejs
+zypper --non-interactive ar http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_Leap_42.1/ python
 
 # Install Git before we add the SCM repository (the SCM repository contains Git 2.11, which is broken).
 zypper --gpg-auto-import-keys --non-interactive in --force-resolution git
@@ -24,7 +25,7 @@ fi
 zypper --non-interactive ar http://download.opensuse.org/repositories/devel:/tools:/scm/openSUSE_Leap_42.1/ scm
 
 # Install requirements
-zypper --gpg-auto-import-keys --non-interactive in --force-resolution nginx php-fpm php5-mbstring php5-mysql php5-curl php5-pcntl php5-gd php5-openssl php5-ldap php5-fileinfo php5-posix php5-json php5-iconv php5-ctype php5-zip php5-sockets which python-Pygments nodejs ca-certificates ca-certificates-mozilla ca-certificates-cacert sudo subversion mercurial php5-xmlwriter nodejs-ws php5-opcache ImageMagick postfix glibc-locale
+zypper --gpg-auto-import-keys --non-interactive in --force-resolution nginx php-fpm php5-mbstring php5-mysql php5-curl php5-pcntl php5-gd php5-openssl php5-ldap php5-fileinfo php5-posix php5-json php5-iconv php5-ctype php5-zip php5-sockets which python-Pygments nodejs ca-certificates ca-certificates-mozilla ca-certificates-cacert sudo subversion mercurial php5-xmlwriter nodejs-ws php5-opcache ImageMagick postfix glibc-locale supervisor
 
 # Build and install APCu
 zypper --non-interactive install --force-resolution autoconf automake binutils cpp cpp48 gcc gcc48 glibc-devel libasan0 libatomic1 libcloog-isl4 libgomp1 libisl10 libitm1 libltdl7 libmpc3 libmpfr4 libpcre16-0 libpcrecpp0 libpcreposix0 libstdc++-devel libstdc++48-devel libtool libtsan0 libxml2-devel libxml2-tools linux-glibc-devel m4 make ncurses-devel pcre-devel php5-devel php5-pear php5-zlib pkg-config readline-devel tack xz-devel zlib-devel
@@ -40,36 +41,6 @@ zypper --non-interactive install --force-resolution mariadb-client vim vim-data
 # Force reinstall cronie
 zypper --non-interactive install -f cronie
 
-# Move preflight files to their locations
-cd /preflight
-mv nginx.conf /etc/nginx/nginx.conf
-mv server-http.conf /etc/nginx/disabled-server-http.conf
-mv server-https-letsencrypt.conf /etc/nginx/disabled-server-https-letsencrypt.conf
-mv server-https-manual.conf /etc/nginx/disabled-server-https-manual.conf
-mv fastcgi.conf /etc/nginx/fastcgi.conf
-mkdir /etc/init.simple
-mv 15-https /etc/init.simple/15-https
-mv 25-nginx /etc/init.simple/25-nginx
-mv 25-php-fpm /etc/init.simple/25-php-fpm
-mv 20-postfix /etc/init.simple/20-postfix
-mv 10-boot-conf /etc/init.simple/10-boot-conf
-mv 35-phd /etc/init.simple/35-phd
-mv 40-aphlict /etc/init.simple/40-aphlict
-mv 50-cronie /etc/init.simple/50-cronie
-mv 60-iomonitor /etc/init.simple/60-iomonitor
-mv php-fpm.conf /etc/php5/fpm/php-fpm.conf.template
-mv php.ini /etc/php5/fpm/php.ini
-mkdir /etc/phabricator-ssh
-mv sshd_config.phabricator /etc/phabricator-ssh/sshd_config.phabricator.template
-mv 45-phabricator-ssh /etc/init.simple/45-phabricator-ssh
-mv phabricator-ssh-hook.sh /etc/phabricator-ssh/phabricator-ssh-hook.sh.template
-mv bake /bake
-mkdir /opt/iomonitor
-mv iomonitor /opt/iomonitor
-rm setup.sh
-cd /
-rmdir /preflight # This should now be empty; it's an error if it's not.
-
 # Create users and groups
 echo "nginx:x:497:495:user for nginx:/var/lib/nginx:/bin/false" >> /etc/passwd
 echo "nginx:!:495:" >> /etc/group
@@ -91,22 +62,3 @@ git clone https://github.com/letsencrypt/letsencrypt /srv/letsencrypt
 cd /srv/letsencrypt
 ./letsencrypt-auto-source/letsencrypt-auto --help
 cd /
-
-# Install PHPExcel
-echo '' >> /etc/php5/fpm/php-fpm.conf
-echo 'php_value[include_path] = "/srv/phabricator/PHPExcel/Classes"' >> /etc/php5/fpm/php-fpm.conf
-
-# [chmod] init scripts
-chmod -R 755 /etc/init.simple
-
-# Move the default SSH to port 24
-echo "" >> /etc/ssh/sshd_config
-echo "Port 24" >> /etc/ssh/sshd_config
-
-# Configure Phabricator SSH service
-chown root:root /etc/phabricator-ssh/*
-
-# Workaround for https://gist.github.com/porjo/35ea98cb64553c0c718a
-chmod u+s /usr/sbin/postdrop
-chmod u+s /usr/sbin/postqueue
-

docker-compose.yml

@@ -19,7 +19,7 @@ services:
      - MYSQL_PASS=phabricator
      - PHABRICATOR_REPOSITORY_PATH=/repos
      - PHABRICATOR_HOST=myphabricator.com
-    image: hachque/phabricator
+    image: redpointgames/phabricator
   mysql:
     restart: always
     volumes:

10-boot-conf → preflight/10-boot-conf

@@ -22,6 +22,11 @@ if [ "$MYSQL_STORAGE_NAMESPACE" == "" ]; then
   MYSQL_STORAGE_NAMESPACE=phabricator
 fi
 
+if [ "${MYSQL_PORT:0:6}" == "tcp://" ]; then
+  echo "Error: MYSQL_PORT environment variable has been set based on a container link called mysql.  This places an invalid value inside MYSQL_PORT, which causes Phabricator startup to fail later on.  When using a linked container called mysql, you should explicitly set MYSQL_PORT=3306 to ensure it has a valid value."
+  exit 1
+fi
+
 if [ "$SSL_TYPE" == "" ]; then
   SSL_TYPE=none
 fi
@@ -78,6 +83,7 @@ if [ -d /config/keycache ]; then
   PHABRICATOR_HOST_KEYS_PATH="/config/keycache"
 fi
 
+set +x
 cat >/config.saved <<EOF
 OVERRIDE_PHABRICATOR_URI="$OVERRIDE_PHABRICATOR_URI"
 OVERRIDE_PHABRICATOR_BRANCH="$OVERRIDE_PHABRICATOR_BRANCH"
@@ -99,7 +105,9 @@ AWS_S3_SECRET_KEY="$AWS_S3_SECRET_KEY"
 MYSQL_HOST="$MYSQL_HOST"
 MYSQL_PORT="$MYSQL_PORT"
 MYSQL_USER="$MYSQL_USER"
+set +x
 MYSQL_PASS="$MYSQL_PASS"
+set -x
 MYSQL_STORAGE_NAMESPACE="$MYSQL_STORAGE_NAMESPACE"
 ENABLE_APCU="$ENABLE_APCU"
 ENABLE_UPDATE_ON_START="$ENABLE_UPDATE_ON_START"
@@ -115,6 +123,7 @@ SCRIPT_BEFORE_DAEMONS="$SCRIPT_BEFORE_DAEMONS"
 SCRIPT_AFTER_DAEMONS="$SCRIPT_AFTER_DAEMONS"
 DISABLE_IOMONITOR="$DISABLE_IOMONITOR"
 EOF
+set -x
 
 # Reload configuration
 source /config.saved
@@ -181,9 +190,11 @@ fi
 if [ "$MYSQL_USER" != "" ]; then
   sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set mysql.user "$MYSQL_USER"
 fi
+set +x
 if [ "$MYSQL_PASS" != "" ]; then
   sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set mysql.pass "$MYSQL_PASS"
 fi
+set -x
 if [ "$MYSQL_STORAGE_NAMESPACE" != "" ]; then
   sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set storage.default-namespace "$MYSQL_STORAGE_NAMESPACE"
 fi
@@ -205,6 +216,7 @@ if [ "$PHABRICATOR_VCS_PORT" != "" ]; then
     sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set diffusion.ssh-port "$PHABRICATOR_VCS_PORT"
 fi
 sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set phd.user "$PHABRICATOR_VCS_USER"
+sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set diffusion.ssh-user "$PHABRICATOR_VCS_USER"
 sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set pygments.enabled true
 if [ "$PHABRICATOR_REPOSITORY_PATH" != "" ]; then
   sudo -u "$PHABRICATOR_VCS_USER" ./bin/config set repository.default-local-path "$PHABRICATOR_REPOSITORY_PATH"
@@ -252,7 +264,9 @@ fi
 
 # The search database may need to be repaired, and if so, will prevent bin/storage upgrade from working
 # so preemptively run a repair on that database now.
+set +x
 mysqlcheck --host="$MYSQL_HOST" --port="$MYSQL_PORT" --user="$MYSQL_USER" --password="$MYSQL_PASS" --databases "${MYSQL_STORAGE_NAMESPACE}_search" || true
+set -x
 
 /srv/phabricator/phabricator/bin/storage upgrade --force