Tag Archives: mercurial

RhodeCode As FastCGI Program With Lighttpd In Debian

So one day I want to have a github-esque push box, somewhere I can push to collect my projects in one place that is NOT GitHub or BitBucket, or whatever. As always, my internet connection sucks and so I prefer to mirror interesting projects with incremental updates through daily/weekly/whenever-I-feels-like pull or fetch instead downloading each release.

My old setup was two separate hgweb and gitweb running as fastcgi applications connected to a lighttpd server through sockets each serving as mercurial and git web gui. In status quo, everything works and I like it.

Why Change A Perfectly Working System?

Because I can. Besides I want to get my hands on this RhodeCode thing I have put on hold for quite some time. It can handle both mercurial and git in one application, so that’s a good selling point that I would like to try.

RhodeCode Installation

My opinion on the overall installation, it was painless. First, I create a special user and group for this program:


    $ sudo adduser --disabled-login --no-create-home --uid 500 rhodecode
    

Next, I set /opt/rhodecode/ so everything about this RhodeCode stay inside that directory. Furthermore to make things easier on installation I chown that directory to my regular user & group, for now:


    $ sudo mkdir -p /opt/rhodecode
    $ sudo chown -R ariel:ariel /opt/rhodecode
    

Next, I create a new virtualenv instance:


    $ virtualenv --no-site-packages /opt/rhodecode/venv/2.7
    $ cd /opt/rhodecode/
    

This will initialize new virtualenv inside venv/2.7, the “2.7” part is because I use Debian Wheezy and its Python is at 2.7.3.

Okay now, I begin using the new virtualenv to download rhodecode and its dependencies:


    $ source venv/2.7/bin/activate
    (2.7)$ pip install rhodecode
    

Oh joy, I get to wait for something. So off to making tea then …

For some strange reason RhodeCode fail when downloading Mercurial (2.6.2). Now my pushbox is on Wheezy Stable, its Mercurial was at 2.2.2. So, while I’m at it anyway why not just use 2.6.2 directly in this virtualenv?

Mercurial Installation

I set to build a fresh Mercurial straight from upstream:


    (2.7)$ cd /tmp/
    (2.7)$ wget http://selenic.com/hg/archive/cceaf7af4c9e.tar.bz2
    (2.7)$ tar xf cceaf7af4c9e.tar.bz
    

The cceaf7af4c9e is Mercurial tag for version 2.6.2, the version that RhodeCode 1.7.1 wants. So I build that:


    (2.7)$ cd Mercurial-cceaf7af4c9e/
    (2.7)$ python setup.py build
    (2.7)$ python setup.py install
    

I’m still in my virtualenv environment as you can see in my prompt string, it says “(2.7)$“. So I know when I do an “install” the new Mercurial version will be installed to /opt/rhodecode/venv/2.7/lib/python/site-packages.

Not surprisingly Mercurial installed successfully. I have no further use for the Mercurial source code, so I remove them and get back to rhodecode directory:


    (2.7)$ cd /opt/rhodecode/
    (2.7)$ rm -rf /tmp/Mercurial-cceaf7af4c9e/
    

RhodeCode Installation Part 2

Mercurial should not be a problem anymore, continue with the installation:


    (2.7)$ pip install rhodecode
    

After waiting a while for downloading and compiling (this push-box is a re-purposed 2005-ish desktop, not exactly what you’ll call as “fast”) we are done with the downloads.

Now, according to RhodeCode documentation I should create a configuration file. I’m new, so I’ll just follow that:


    (2.7)$ paster make-config RhodeCode pushbox.ini
    (2.7)$ paster setup-rhodecode pushbox.ini
    

It then ask for “Do I want to delete database?”. Of course I say yes, I don’t have one yet!

Next, it prompts me for my repository location. I guess for my first try I should create a new directory, so I stop the job (Ctrl + Z) and do a quick mkdir:


    (2.7)$ sudo mkdir -p /srv/repos/
    (2.7)$ sudo chown ariel:ariel /srv/repos/
    (2.7)$ fg
    

Continuing the job, I put “/srv/repos/” here. Of course I don’t have anything in that directory yet, you think I’ll use my REAL repository location?

It then asks for admin user name, password, and email address, you know, the standard stuff.

Maiden Flight Of RhodeCode

Alright, let’s run this thing:


    (2.7)$ paster serve pushbox.ini 
    
RhodeCode first run

RhodeCode first run

Well, that was easy.. so I kill the RhodeCode program by pressing Ctrl + C.

What About My Needs?

Now that the “default configuration” RhodeCode is working, its time for adapting it to my requirements:

  1. First, I do not want to run another web server on port 5000. So it has to work with my current webserver: lighttpd.
  2. Web access, push and pull, must use SSL not standard http.
  3. I want it to start automatically at startup like any other fastcgi apps.

RhodeCode As A FastCGI Program

After a while browsing about Paste, I found out to make it run as fastcgi program is to specify/use flup (surprise! surprise!) on the server section. So I get flup on this virtualenv too:


    (2.7)$ pip install flup
    

To make RhodeCode use flup I put this on my /opt/rhodecode/pushbox.ini file:


    [server:main]

    ** more lines here, I commented as I don't use waitress, gunicorn, paste
       http server, etc. **

    ## BEGIN: USE FLUP FASTCGI FOR LIGHTTPD ##
    use = egg:PasteScript#flup_fcgi_thread
    socket = %(here)s/socket
    umask = 000
    ## END: USE FLUP FASTCGI FOR LIGHTTPD ##

    ** some more irrelevant lines **
    

The main idea is for flup to make RhodeCode running as threaded fastcgi program communicating to outside world using UNIX socket at /opt/rhodecode/socket, and that socket’s permission is 777.

On the web server side, I create new config file at /etc/lighttpd/conf-enabled/45-rhodecode.conf:


    # BEGIN /etc/lighttpd/conf-enabled/45-rhodecode.conf
    $SERVER["socket"] == ":443" {
        $HTTP["url"] =~ "^/repos" {
            fastcgi.server = ("/repos" => (("check-local" => "disable",
                                            "socket"      => "/opt/rhodecode/socket"))
                             )
        }
    }

    $HTTP["url"] =~ "^/repos" {
        $SERVER["socket"] != ":443" {
            $HTTP["host"] =~ "(.*)" {
                url.redirect += ( "^/(.*)" => "https://%1/$1" )
            }
        }

    }
    # EOF /etc/lighttpd/conf-enabled/45-rhodecode.conf
    

Using this configuration, lighttpd will:

To test the new configuration, I restart the lighttpd web server and try to run the RhodeCode program again:


    (2.7)$ sudo service lighttpd restart
    (2.7)$ paster serve pushbox.ini 
    

** Checks http://pushbox.home/repos/ on the browser **

This time it should work as before, using a cute little socket instead of running as http server on some port.

Debian-ish Setup

Now that basically the program is done, it’s time to make it run as daemon.

In my case I wrote my own /etc/init.d/rhodecode script. But I probably didn’t have to, because later I found out that the developer also have a nice init script for Debian:

https://secure.rhodecode.org/rhodecode/files/433d6385b216da52f68fa871ed1ff99f8d618613/init.d/rhodecode-daemon2

But for completeness sake I will post my init script too. My script is pretty much the skeleton file modified to execute “paster serve” in daemon mode under the privilege of rhodecode user and group:


    #! /bin/sh
    ### BEGIN INIT INFO
    # Provides:          rhodecode
    # Required-Start:    $remote_fs $syslog
    # Required-Stop:     $remote_fs $syslog
    # Default-Start:     2 3 4 5
    # Default-Stop:      0 1 6
    # Short-Description: rhodecode repository application service
    ### END INIT INFO

    # Author: ariel 

    # Do NOT "set -e"

    # PATH should only include /usr/* if it runs after the mountnfs.sh script
    PATH=/sbin:/usr/sbin:/bin:/usr/bin
    DESC="RhodeCode Repositories Service"
    NAME=rhodecode
    SCRIPTNAME=/etc/init.d/$NAME
    RUNUSER=rhodecode
    RUNGROUP=rhodecode
    HOME=/opt/rhodecode
    PIDFILE=$HOME/paster.pid
    LOGFILE=$HOME/paster.log
    CONFIG=$HOME/pushbox.ini
    PYTHON_PATH=$HOME/venv/2.7/
    PASTER=$PYTHON_PATH/bin/paster
    PASTER_ARGS="serve --daemon --user=$RUNUSER --group=$RUNGROUP --pid-file=$PIDFILE --log-file=$LOGFILE $CONFIG"

    # Exit if the package is not installed
    [ -x "$PASTER" ] || exit 0
    [ -f "$CONFIG" ] || exit 0

    # Load the VERBOSE setting and other rcS variables
    . /lib/init/vars.sh

    # Define LSB log_* functions.
    # Depend on lsb-base (>= 3.2-14) to ensure that this file is present
    # and status_of_proc is working.
    . /lib/lsb/init-functions

    #
    # Function that starts the daemon/service
    #
    do_start()
    {
        # Return
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --chdir $HOME --chuid $RUNUSER:$RUNGROUP --pidfile $PIDFILE --exec $PASTER -- $PASTER_ARGS start > /dev/null 2>&1 || return 2
    }

    #
    # Function that stops the daemon/service
    #
    do_stop()
    {
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --start --quiet --chdir $HOME --chuid $RUNUSER:$RUNGROUP --pidfile $PIDFILE --exec $PASTER -- $PASTER_ARGS stop > /dev/null 2>&1 || return 1

        if [ -f $PIDFILE ]; then
            rm $PIDFILE
        fi

        return 0
    }

    #
    # Function that sends a SIGHUP to the daemon/service
    #
    do_reload() {
        #
        # If the daemon can reload its configuration without
        # restarting (for example, when it is sent a SIGHUP),
        # then implement that here.
        #
        start-stop-daemon --start --quiet --chdir $HOME --chuid $RUNUSER:$RUNGROUP --pidfile $PIDFILE --exec $PASTER -- $PASTER_ARGS --reload > /dev/null 2>&1 
        return 0
    }

    case "$1" in
      start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        do_start
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
      stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
      status)
        $PASTER $PASTER_ARGS status > /dev/null
        exit $?
        ;;
      reload)
        #
        # If do_reload() is not implemented then leave this commented out
        # and leave 'force-reload' as an alias for 'restart'.
        #
        log_daemon_msg "Reloading $DESC" "$NAME"
        do_reload
        log_end_msg $?
        ;;
      restart)
        #
        # If the "reload" option is implemented then remove the
        # 'force-reload' alias
        #
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_stop
        case "$?" in
          0|1)
            do_start
            case "$?" in
                0) log_end_msg 0 ;;
                1) log_end_msg 1 ;; # Old process is still running
                *) log_end_msg 1 ;; # Failed to start
            esac
            ;;
          *)
            # Failed to stop
            log_end_msg 1
            ;;
        esac
        ;;
      *)
        echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload}" >&2
        exit 3
        ;;
    esac

    :
    

Using the usual command to make it run automatically on startup:


    (2.7)$ sudo update-rc.d rhodecode defaults
    

Now that I have program set, init script and all, it’s time to clean up.

For starters, everything under /opt/rhodecode/ should be owned by user and group rhodecode:


    (2.7)$ sudo chown -R rhodecode:rhodecode /opt/rhodecode/
    

The same thing should be applied to /srv/repos/, but in my case I own it to user and group repo. Why? My current repositories that is stored elsewhere, also owned by this user/group, so I’m just being consistent here:


    (2.7)$ sudo chown -R repo:repo /srv/repos/
    

Because the rhodecode program executed under user rhodecode I also add user rhodecode to group repo, and make sure anyone in repo group can write to /srv/repos/:


    (2.7)$ sudo adduser rhodecode repo
    (2.7)$ sudo chmod -R g+w /srv/repos/
    

Some Gotchas Along The Way

  1. My first gotcha was about file permission of socket, it seems flup defaults to create socket that is not writable to others. And since my web server runs under user lighttpd (not www-data, rhodecode, or ariel) the web server returns “503 Service Unavailable”. So by adding “umask = 000” in my pushbox.ini flup will create a socket with 777 permission that is accessible to user running the program (user rhodecode) and the user running the web server (user lighttpd).
  2. Second gotcha came when pushing through rhodecode, the git client program says the server “hung up” and by adding GIT_CURL_VERBOSE=1 environment variable I see curl got “413 Requested Entity To Large” from the server.

    In my case my problem basically caused by /var/cache/lighttpd/ being owned by user www-data. You see, as I said earlier, in my setup my lighttpd program runs as user lighttpd and NOT as www-data which is the default in Debian. So if you’re having your push fail with “hung up” message, check the filesystem permission of the directory pointed by lighttpd as server.upload-dirs.

  3. The third gotcha is on the browser, my browser is Mozilla Firefox with No Script on by default on ALL domains. RhodeCode uses AJAX heavily, so if there is no repository showing on RhodeCode even though you know you already push something to it, check your No Script (temporary) whitelist.

Closing

There are some other things that need to be done such as using my real repositories location, setting proper filesystem permissions, and so on; but they are normal administrator daily work so I’ll leave that out from this post.

Some observations:

  • RhodeCode seems to install some hooks to repositories, which you might not want. There are settings somewere when you login as admin to disable this but I dont know if those would remove hook(s) that RhodeCode installed the first time it found a new repository.
  • From the log it seems, in my setup, it fails on file permission when installing some hooks but other than that I haven’t experienced any problem on pulling, cloning, and pushing to repositories.
  • Its appearance is not as sexy as github or bitbucket, sure. But I’ll manage, I rarely use web gui anyway.
Advertisements

2 Comments

Filed under Ilmu, Orang bego punya kegiatan

The Significance of # For Mercurial

Did you know that you have to encode “#” in your path if you work with Mercurial (hg)? I didn’t.

Let’s say I have a repository named “work#A” and so the usual Mercurial usage:

$ hg clone ~/projects/work#A mybranch
$ hg out ../work#A

wouldn’t work, and anything that requires path to a repository wouldn’t either as long you have a “#” in the path.

Excuse Me, What?

First of all you should read Mercurial’s manual on this, or if you fancy go grab a console and type:

$ hg help urls

The Mercurial guys decided to use “#” delimiter between repository path and revision. Does it sounds like a good feature to have? Can’t tell, I never use it but for me it smells like a legacy thing.

It’s A Feature Alright ..

Let’s say you have a can code in C# and you have projects under directory /media/c#/, so now you want to clone a project.

Unfortunately, if you are using Mercurial, you can’t do this:

$ hg clone /media/c#/mylinuxkernelrewrittenindotnet/ /tmp/dummybranch

to clone mylinuxkernelrewrittenindotnet to /tmp/dummybranch.

It will fail because it cannot find repository in /media/c. And if you DO have repository in /media/c, as long you dont have a tag named /mylinuxkernelrewrittenindotnet/ it will fail which is good because in this case we do not want to clone from /media/c up to tag /mylinuxkernelrewrittenindotnet/.

If you do have BOTH, a repository in /media/c and a tag named /mylinuxkernelrewrittenindotnet/ it will clone just that, successfully, but clearly it is not what you thought it is.

Wait, But I Thought Mercurial Is Intuitive?

Right away you thought you can escape this thing by adding a “\“, but nooo.. it wouldn’t work either.

So the Mercurial solution to this is to url-encode that path and put “file:” in front of the path expression. The end result should look like a URL.

Through research we know that a # url-encoded to %23. So with that knowledge, now you can do this:

$ hg clone file:/media/c%23/mylinuxkernelrewrittenindotnet/ /tmp/dummybranch

you can also use relative path as usual:

$ hg out file:../../../../work/foo%231

or :

$ hg pull file:~/work/foo%232

which I have to admit is such a hassle. But really, the alternatives to this (in Mercurial) are:

  • Just rename that stupid directory, or
  • Avoid it by using symlink without “#” in it, or
  • Not to write full path every time at all. In Mercurial we can define paths in hgrc (or .hgrc) and use them as alias.

Why I Think This # Is Ugly

Because the damned “-r” parameter exists, alive, and working that’s why.

Want to clone up to a revision? Type this:

$ hg clone -r 30 repopath newclone

Want to pull a revision from a remote repository? Type this:

$ hg pull -r c723c2da http://something.com/hg/

The reasoning why they have to treat “#” as revision identifier in a path is beyond me. Honestly I never use that feature and probably never will, I cannot think of a situation where this “feature” will be useful.

Leave a comment

Filed under Ilmu, Orang bego punya kegiatan, Pendapat gak penting

Redo After hgpullsvn Aborted By External Causes

This is yet another case where a power outage giving you trouble. Just in case you haven’t struck by any of it in the last ~ 3 months consider yourself lucky. I know I’m not.

I just noticed —via Mercurial’s web interface— that my fpc, lazarus, and fpcdoc repository is several days old. While I haven’t put any mechanism to update my local repositories automatically on every start-up, but I kept my self to update it everyday whenever I get to use my computer; I put it as one of “after I log in”-rituals.

I’m fully aware that the fpc and lazarus SVN repository are updated daily since both are being actively developed. So I expect that when I update them the last time, exactly yesterday, so it must have pulled some changes (a.k.a “commits”). But seeing that it was last modified “5 days ago” then I strongly suspect something went (quietly) wrong.

Define “wrong”

Something not right.

Okay smart-ass, I’m going to close this tab right here in 3 … 2 …

Anyway, my fpc and lazarus local repository should be no more than 24 hours late. Because I remember doing update yesterday, and the day before that, but I’m getting report that it was updated 5 days ago. I also recall that roughly five days ago we had a power outage (note: I also recall one more outage since that day) for more than an hour or so.

Uh oh..

Exactly. This may have to do with when it was interrupted; and consequently, on how Subversion and Mercurial deal with this sort of accident.

First, I want to confirm into this power outage theory. So I login to my server computer and do a hgpullsvn manually on my local fpc repository:

$ hgpullsvn

it gave me this:

Interrupted, please wait for cleanup!

External program failed (return code 255): hg '--encoding' 'utf-8' 'up' '-C' 'default'
abort: unknown revision 'default'!

Wait, what?

I have to say that after a bit while (10 seconds or so) I left my computer because I ran out of drink. So unless someone (or something) accidentally trip over the keyboard which is very unlikely because a) I don’t have any pet, and b) the computer is in my room; nobody mess with the computers in MY room. So I ran the same thing again, this time patiently waiting in front of the screen and with more output just to make sure:

$ hgpullsvn --verbose --debug

which gave me this:

* hg '--encoding' 'utf-8' 'root'
* hg '--encoding' 'utf-8' 'qapplied'
* svn 'info' '--xml' '.'
Retrieving remote SVN info...
* svn 'info' '--xml' 'http://svn.freepascal.org/svn/fpc/trunk'
* hg '--encoding' 'utf-8' 'branch'
* hg '--encoding' 'utf-8' 'branches'
* hg '--encoding' 'utf-8' 'st' '-mard'
* hg '--encoding' 'utf-8' 'up' '-C' 'trunk'
* hg '--encoding' 'utf-8' 'branch' 'trunk'
* hg '--encoding' 'utf-8' 'parents' '--template' '{tags}'
Fetching SVN log for revisions 16959-16969...
* svn 'log' '--xml' '-v' '-r' '16959:16969' '--limit' '10' '.'
* svn '--version' '-q'
* svn 'up' '--ignore-externals' '--accept' 'postpone' '-r' '16959' '.'

Interrupted, please wait for cleanup!

* svn 'cleanup'
* hg '--encoding' 'utf-8' 'parents' '--template' '{tags}'
* svn 'up' '--ignore-externals' '-r' '16958' '.'
* hg '--encoding' 'utf-8' 'up' '-C' 'default'
External program failed (return code 255): hg '--encoding' 'utf-8' 'up' '-C' 'default'
abort: unknown revision 'default'!

So this thing stopped when downloading for commit #16959, well I just have to re-download it manually then.

Fixing It

Now I have to say there are two ways to deal with this, one is to re-download ONLY the offending commit and the other one is to download all commits since the last one until the latest. What I’m going to do here is to re-download only the offending commit, and then leave the rest for hgpullsvn.

Here’s how to download the last commit:

$ svn update -r 16958 --ignore-externals --accept postpone --force

The --force parameter is to ignore the existing, already downloaded files, and to re-download them all; or something like that. 😛

And… I need the commit-message and the name of the person doing the commit so I can put it as Mercurial commit-message and committer name:

$ svn log -r head

All relevant information duly noted.

After the Subversion part is done, I want it to register on Mercurial as well, so we take any changes and commit it as Mercurial commit. This command will add new files and delete removed files since last Mercurial commit:

$ hg addremove

Let’s commit using message and committer name from subversion.

$ hg ci -m "Do not use TProcess to run the compiler when it is not available" -u joost

Don’t forget to tag it with “svn.${SVN-REVISION-NUMBER}” because hgpullsvn needs it:

$ hg tag -r tip -l svn.16959

After manually brought the offending commit, I can continue using hgpullsvn, as usual, to pull the rest of the commits:

$ hgpullsvn --verbose --debug

Conclusion

It seems like hgpullsvn —and by proxy: Subversion and Mercurial— can not cope with sudden, non-waiting, undetectable abortion such as power outage. To be fair, there is so little any programmer can do either.

So, in the case of hgpullsvn the only thing you can do is to clean up the mess up and do what it do manually.

Leave a comment

Filed under Ilmu, Orang bego punya kegiatan