1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 02:42:40 +01:00
Commit graph

10073 commits

Author SHA1 Message Date
epriestley
fa943f744b Stop all object mentions from matching after "@"
Summary:
Fixes T9479. Currently, `@aaaaaaaa` may try to match as a commit hash, and `@C123456` may try to match as a Countdown reference. These should only match as user mentions.

Prevent object mention rules from matching after `@`. We already prevent them after `-` and `#`, and already prevented the username rule after `@` (i.e., preventing `@@user`).

Test Plan:
Created some "interesting" users locally and `@mentioned` them:

{F850779}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9479

Differential Revision: https://secure.phabricator.com/D14186
2015-09-29 06:43:49 -07:00
epriestley
21021b55c4 Update configuring_file_domain.diviner's cloudflare link
Summary: [[ https://cloudflare.net | https://cloudflare.net ]] generates SSL certification error, and even if I click "ignore it", the page is 403 forbidden afterwards. Their domain has moved to .com, therefore update it to reflect this.

Test Plan:
Go to [[ https://secure.phabricator.com/book/phabricator/article/configuring_file_domain/ | Configuring a File Domain ]], click [[ https://cloudflare.net | CloudFlare]].
Then, apply the patch. Refresh the page, and the new link works.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: revi, epriestley

Differential Revision: https://secure.phabricator.com/D14172
2015-09-29 03:35:59 -07:00
epriestley
55767aac0f Fix an issue where followup tasks could fail to queue with string priorities
Auditors: chad
2015-09-28 19:46:41 -07:00
epriestley
a5c4177160 Fix an issue with BuildLogs and web UI during builds
Summary:
Ref T9123. After recent changes, viewing a live build log from the web UI throws a CSRF exception.

Check `start` ("this object is an active log"), not `live` ("this log is open somewhere").

Test Plan: Will push / etc.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9123

Differential Revision: https://secure.phabricator.com/D14185
2015-09-28 19:11:51 -07:00
epriestley
efaa8170c3 Simplify value decoding for PHID custom fields
Summary:
Ref T9123. The handling in D14183 didn't deal with new field values properly.

Make all this handling more consistent.

Test Plan: Created a new WorkignCopy build plan with some repos.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9123

Differential Revision: https://secure.phabricator.com/D14184
2015-09-28 18:44:40 -07:00
epriestley
bfaa93aa9b Allow Harbormaster build plans to request additional working copies
Summary:
Ref T9123. To run upstream builds in Harbormaster/Drydock, we need to be able to check out `libphutil`, `arcanist` and `phabricator` next to one another.

This adds an "Also Clone: ..." field to Harbormaster working copy build steps so I can type all three repos into it and get a proper clone with everything we need.

This is somewhat upstream-centric and a bit narrow, but I don't think it's totally unreasonable, and most of the underlying stuff is relatively general.

This adds some more typechecking and improves data/type handling for custom fields, too. In particular, it prevents users from entering an invalid/restricted value in a field (for example, you can't "Also Clone" a repository you don't have permission to see).

Test Plan: Restarted build, got a Drydock resource with multiple repositories in it.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9123

Differential Revision: https://secure.phabricator.com/D14183
2015-09-28 17:57:41 -07:00
epriestley
0438a481e1 Fix issue with "Publish/Notify" handling in repositories
Summary:
Fixes T8728. As far as I can tell, I simply got this wrong in D11826. This is not the proper name for the preference.

That change primarily focused on the "spammy junk during import" issue, and the code did get the importing flag right. It looks like my testing in D11827 focused on "during import" and just missed this case.

Test Plan: Grepped for `disable-herald`. Grepped for `herald-disable`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8728

Differential Revision: https://secure.phabricator.com/D14181
2015-09-28 11:17:04 -07:00
epriestley
33be8f719f Allow WorkingCopy resources to have multiple working copies
Summary:
Ref T9252. For building Phabricator itself, we need to have `libphutil/`, `arcanist/` and `phabricator/` next to one another on disk.

Expand the Drydock WorkingCopy resource so that it can have multiple repositories if the caller needs them.

I'm not sure if I'm going to put the actual config for this in Harbormaster or Drydock yet, but the WorkingCopy resource itself should work the same way in either case.

Test Plan: Restarted a Harbormaster build which leases a working copy, saw it build as expected.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14180
2015-09-28 09:35:58 -07:00
epriestley
9b29d46e60 Make Drydock lease infrastructure more nimble
Summary:
Ref T9252. Currently, Harbormaster does this when trying to acquire a working copy:

  - Ask for a working copy.
  - Yield for 15 seconds.
  - Check if we have a working copy yet.

That's OK, but Drydock takes ~1s to acquire a working copy lease if a resource is already available, so we end up doing this:

  - T+0: Ask for a working copy.
  - T+0: Yield for 15 seconds.
  - T+1: Working copy lease activates.
  - T+15: Working copy lease is used.
  - T+16: Build finishes.

So we end up spending about 2 seconds doing work and 14 seconds sleeping.

One way to fix this would be to fiddle with the yield duration, so we yield for 1, 2, 4, ... seconds or something. This probably isn't a bad idea for longer leases (i.e., wait for 15, 30, 45 ... seconds or similar) but it implies a lot of churn for short leases.

Instead, let tasks "awaken" other tasks when they complete. The "awaken" operation means: if a task is in a yielded state (no failures, no owner, explicitly yielded, future expires time), pretend it only yielded until right now instead of whenever it really yielded to.

Basically, this rewrites history so that even though Harbormaster did a `yield(15)`, we pretend it did a `yield(4)` after we activate the lease if lease activation took 4 seconds.

If this misses, it's fine: we fall back to the normal yield behavior and things move forward normally a few seconds later.

If it hits, we get a more nimble process pretty cleanly.

Test Plan:
  - Restarted a build plan (lease working copy + run `ls`) with this patch no-op'd, took about 16 seconds.
  - Restarted a build plan with this patch active, took about 1 second.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14178
2015-09-28 09:35:40 -07:00
epriestley
cd2dd2a08f Give visual feedback when a Drydock resource or lease is releasing
Summary: Ref T9252. Show the user when a resource or lease has a pending release command in queue.

Test Plan: Released a resource and lease from the web UI. In both cases, saw a "releasing" tag and the action disable.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14177
2015-09-28 09:35:26 -07:00
epriestley
ec6d69e74d Give Drydock resources a proper expiry mechanism
Summary:
Fixes T6569. This implements an expiry mechanism for Drydock resources which parallels the mechanism for leases.

A few things are missing that we'll probably need in the future:

  - An "EXPIRES" command to update the expiration time. This would let resources be permanent while leased, then expire after, say, 24 hours without any leases.
  - A callback like `shouldActuallyExpireRightNow()` for resources and leases that lets them decide not to expire at the last second.
  - A callback like `didAcquireLease()` for resource blueprints, to parallel `didReleaseLease()`, letting them clear or extend their timer.

However, this stuff would mostly just let us tune behaviors, not really open up new capabilities.

Test Plan: Changed host resources to expire after 60 seconds, leased one, saw it vanish 60 seconds later.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T6569

Differential Revision: https://secure.phabricator.com/D14176
2015-09-28 09:35:14 -07:00
Chad Little
a3b49053c0 Allow polls to be public
Summary: Fixes T9474

Test Plan: Make a poll, log out, still see it.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9474

Differential Revision: https://secure.phabricator.com/D14179
2015-09-28 07:55:28 -07:00
epriestley
ffbcefb629 Fix a doc typo
Summary: chack spels

Test Plan: typey typey

Reviewers: chad, hach-que

Reviewed By: hach-que

Differential Revision: https://secure.phabricator.com/D14175
2015-09-28 04:13:36 -07:00
epriestley
24845c70b9 Refine error behavior of bin/search index
Summary: Fixes T5991. If //all requested documents// failed to index, consider this a catastrophic failure and exit with an error code.

Test Plan:
  - Ran `bin/search index --type TASK`, observed successful exit despite a small number of un-indexable documents.
  - Ran `bin/search index PHID-TASK-xxx` for an invalid task, observed exception on exit after complete failure.
  - Ran normal indexing through daemons.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5991

Differential Revision: https://secure.phabricator.com/D14174
2015-09-27 13:11:11 -07:00
epriestley
c99508cfe2 Explain upstream attitudes toward CLI exit codes
Summary: Ref T5991. See D14116. We are consistent but nonstandard in our use of exit codes. This document explains what we use exit codes for and why we do this.

Test Plan: Read it.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5991

Differential Revision: https://secure.phabricator.com/D14173
2015-09-27 13:10:44 -07:00
epriestley
99d972fc81 Fix Herald rule actions on empty custom PHID fields
Summary: Fixes T9260. That task has a good description of the issue.

Test Plan: Followed steps in T9260 to reproduce the issue. Applied patch; issue went away.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9260

Differential Revision: https://secure.phabricator.com/D14169
2015-09-25 15:00:55 -07:00
epriestley
3e60740c7c Slightly modernize transaction diff controller
Summary: Ref T9272. This doesn't fix anything, just a little cleanup while I was looking at it.

Test Plan: Clicked "Show Details" on a couple description changes, got the same effect for less code.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9272

Differential Revision: https://secure.phabricator.com/D14168
2015-09-25 11:15:57 -07:00
epriestley
b7ca5a2d29 Provide a stable URI for getting raw paste content
Summary: Fixes T9312. This is a bit fluff, but does simplify the view controller slightly and seems reasonable/useful in general.

Test Plan: Clicked "View Raw File" on a paste, got redirected to the raw file via a stable URI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9312

Differential Revision: https://secure.phabricator.com/D14167
2015-09-25 10:45:01 -07:00
epriestley
d735c7adf2 Allow Harbormaster to run commands on Drydock working copies
Summary: Ref T9252. This mostly cleans up future and log handling, and edges us closer to being able to do useful work with Harbormaster / Drydock.

Test Plan:
  - Added a "Run `ls -alh`" step to my trivial build plan.
  - Ran it a bunch of times.
  - Worked great.
  - Also did an HTTP plan.

{F835227}

{F835228}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14161
2015-09-25 10:43:32 -07:00
epriestley
bd546f44a9 Load audit requests when querying audits
Summary: Fixes T9434. I'm not sure exactly what changed behavior here, but we need a `needAuditRequests()`.

Test Plan: Ran a query which hit the exception (empty query was good enough, locally), then applied this patch; saw exception go away.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9434

Differential Revision: https://secure.phabricator.com/D14162
2015-09-25 10:43:17 -07:00
epriestley
36d9908e6c Move commits to the "COMMIT" mail prefix
Summary:
Fixes T9427. Currently, replies to audits/commits go to "Cxxx", but so do replies to countdowns.

There is non real non-disruptive approach available here and this seems least-bad.

Test Plan:
  - Made a comment on a commit.
  - Fished the reply-to address out of `bin/mail list-oubound` + `bin/mail show-outbound` (it was now "COMMIT...").
  - Sent mail to that address.
  - Grabbed the raw message and wrote it to `mail.txt`.
  - Ran `cat mail.txt | ./scripts/mail/mail_handler.php --process-duplicates`.
  - Used `bin/mail list-inbound` + `bin/mail show-inbound` to verify receipt.
  - Saw comment appear on audit.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9427

Differential Revision: https://secure.phabricator.com/D14163
2015-09-25 10:43:11 -07:00
epriestley
8d3bb92b91 Make some Herald errors more spider-resistant
Summary:
Fixes T9328. There's no way to hit these error states by clicking things in the UI that I could find, but if you mash stuff into your URL bar or "Inspect Element..." and then edit the form to be full of garbage you can hit them.

Make them a little more informative and don't send them to the log, since these are pretty much just fancy 404s.

Test Plan: Bashed my fist on the URL bar to hit all these messages.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9328

Differential Revision: https://secure.phabricator.com/D14164
2015-09-25 10:43:04 -07:00
epriestley
8ce90a7c42 Allow lint codes to be up to 128 bytes long
Summary:
Fixes T9145. We currently restrict lint codes to 32 bytes, but PHPCS generates codes like "PHPCS.E.PEAR.Comments.Messages.Line.TooLong".

These codes seem reasonable as codes, and we don't currently have any key-length problems or other technical concerns with simply raising the size of this column.

Test Plan: Ran `bin/storage upgrade` to pick up adjustments.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9145

Differential Revision: https://secure.phabricator.com/D14166
2015-09-25 10:42:57 -07:00
epriestley
284fe0fe51 Allow Harbormaster to lease working copies from Drydock
Summary: Ref T9252. This is still crude in a few ways but basically works, at least for commits.

Test Plan:
  - Made a build plan with just this build step.
  - Ran `bin/harbormaster build --plan 10 ...` on a commit.
  - It actually built a working copy, leased it, took no action, and released the lease. MAGIC~~~

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14160
2015-09-24 17:29:47 -07:00
epriestley
381fa611fd Check that the viewer can actually create badges before letting them create badges
Summary: Fixes T9467.

Test Plan: Set policy to "no one", got blocked.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9467

Differential Revision: https://secure.phabricator.com/D14159
2015-09-24 15:34:09 -07:00
epriestley
64ed971039 Show recent active leases on Drydock resource detail
Summary: Ref T9252. This is the same as D14157, just for Resources and their leases.

Test Plan: Viewed a resource, saw only active leases, clicked "View All Leases", queried, clicked around, used crumbs.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14158
2015-09-24 15:28:59 -07:00
epriestley
3b2f4c258f Show recent active resources on Drydock blueprint detail, with link to all
Summary:
Ref T9252. Currently, Drydock blueprint pages:

  - show all resources, even if there are a million;
  - show resources in all states, although destroyed resources are usually uninteresting;
  - have some junky `$pager` code.

Instead, show the few most recent active resources and link to a filtered resource view in ApplicationSearch.

Test Plan:
  - Viewed some blueprints.
  - Clicked "View All Resources".
  - Saw all resources.
  - Used query / crumbs / etc.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14157
2015-09-24 13:52:43 -07:00
epriestley
b441e8b81e Allow Drydock blueprints to be disabled
Summary: Ref T9252. If you have a blueprint and you do not like that blueprint very much, you can disable it.

Test Plan: Disabled / enabled some blueprints.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14156
2015-09-24 10:18:17 -07:00
epriestley
1491269b72 Modernize Drydock SearchEngine implementations
Summary:
Ref T9252. Move these to the more modern stuff to pick up ordering and interface support for free.

Also work around the blueprint / custom field integration a little more gracefully.

Test Plan: Searched for blueprints, resources and leases.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14155
2015-09-24 09:56:49 -07:00
epriestley
b71ce90b9c Straighten out Drydock policies for Resources
Summary: Ref T9252. Resources always have a corresponding blueprint, and it makes sense to use the same policies for both.

Test Plan: Viewed resources in web UI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14154
2015-09-24 09:56:35 -07:00
epriestley
e117ace8c7 Convert Drydock lease and resource constants to strings
Summary:
Ref T9252. Drydock currently uses integer statuses, but there's no reason for this (they don't need to be ordered) and it makes debugging them, working with them, future APIs, etc., more cumbersome.

Switch to string instead.

Also rename `STATUS_OPEN` to `STATUS_ACTIVE` and `STATUS_CLOSED` to `STATUS_RELEASED` for consistency. This makes resources and leases have more similar states, and gives resource states more accurate names.

Test Plan: Browsed web UI, grepped for changed constants, applied patch, inspected database.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14153
2015-09-24 07:57:05 -07:00
epriestley
c6aade4392 Give Drydock leases a resourcePHID instead of a resourceID
Summary:
Ref T9252. Leases currently have a `resourceID`, but this is a bit nonstandard and generally less flexible than giving them a `resourcePHID`.

In particular, a `resourcePHID` is easier to use when rendering interfaces, since you can get handles out of a PHID.

Add a PHID column, copy over all the PHIDs that correspond to existing IDs, then drop the ID column.

Test Plan:
  - Browsed web UIs.
  - Inspected database during/after migration.
  - Grepped for `resourceID`.
  - Allocated a new lease with `bin/drydock lease`.

Reviewers: chad, hach-que

Reviewed By: hach-que

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14151
2015-09-24 04:19:27 -07:00
epriestley
309aadc595 Rename Drydock Lease STATUS_EXPIRED to STATUS_DESTROYED
Summary: Ref T9252. This is now more consistent (same as the equivalent Resource state) and accurate (leases can end up in this state a bunch of ways, including by expiring).

Test Plan: `grep`, browsed around web UI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14150
2015-09-23 20:48:51 -07:00
epriestley
3379904237 Allow Drydock leases to expire after a time limit
Summary: Ref T6569. If a lease is activated with an expiration date, schedule a task to try to clean it up after that time.

Test Plan:
  - Used `bin/drydock lease ... --until ...` to activate a lease in the near future.
  - Waited for a bit.
  - Saw it expire and get destroyed at the scheduled time.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T6569

Differential Revision: https://secure.phabricator.com/D14148
2015-09-23 13:54:27 -07:00
epriestley
fcb6d1e2fa Strip some obsolete code out of Drydock
Summary:
Ref T9252. This simplifies some Drydock code.

Most of this code relates to the old notion of Drydock being able to enumerate all the tasks it needs to complete in order to acquire a lease. The code has stepped back from this, since it's unnecessary, the queue is more powerful than it used to be, and it would be a lot of work to keep track of.

The ~only thing that should ever wait for leases in modern code is `bin/drydock lease`, and it's fine for it to just sit there sleeping, so this just does that.

This reduces the granularity of logging, but I'll address that separately in future logging-focused changes.

Test Plan: Used `bin/drydock lease` to acquire a lease, saw it acquire cleanly.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14147
2015-09-23 13:21:41 -07:00
Chad Little
be9cc235b2 Add Application Routes to Phame AppSearch queries
Summary: Fixes T9388, lays in basic ApplicationSearch.

Test Plan: Build a dashboard with Posts and Blogs, click on search icon, get sent to correct page.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9388

Differential Revision: https://secure.phabricator.com/D14146
2015-09-23 12:48:19 -07:00
epriestley
1f311d64c6 Give Drydock resources and leases a real "destroy" lifecycle phase
Summary: Ref T9252. Some leases or resources may need to remove data, tear down VMs, etc., during cleanup. After they are released, queue a "destroy" phase for performing teardown.

Test Plan:
  - Used `bin/drydock lease ...` to create a working copy lease.
  - Used `bin/drydock release-lease` and `bin/drydock release-resource` to release the lease and then the working copy and host.
  - Saw working copy and host get destroyed and cleaned up properly.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T6569, T9252

Differential Revision: https://secure.phabricator.com/D14144
2015-09-23 11:20:20 -07:00
epriestley
0a37145072 [drydock/core] Show blueprints / resources as links in Drydock view controllers
Summary: Ref T2015. This updates the blueprint / resource references in the Drydock view controllers to render as handles.

Test Plan: Viewed the controllers, saw links.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: devurandom, joshuaspence, Korvin, epriestley

Maniphest Tasks: T2015

Differential Revision: https://secure.phabricator.com/D10873
2015-09-23 10:52:23 -07:00
epriestley
789df89c84 Add a command queue to Drydock to manage lease/resource release
Summary:
Ref T9252. Broadly, Drydock currently races on releasing objects from the "active" state. To reproduce this:

  - Scatter some sleep()s pretty much anywhere in the release code.
  - Release several times from web UI or CLI in quick succession.

Resources or leases will execute some release code twice or otherwise do inconsistent things.

(I didn't chase down a detailed reproduction scenario for this since inspection of the code makes it clear that there are no meaningful locks or mechanisms preventing this.)

Instead, add a Harbormaster-style command queue to resources and leases. When something wants to do a release, it adds a command to the queue and schedules a worker. The workers acquire a lock, then try to consume commands from the queue.

This guarantees that only one process is responsible for writes to active resource/leases.

This is the last major step to giving resources and leases a single writer during all states:

  - Resource, Unsaved: AllocatorWorker
  - Resource, Pending: ResourceWorker (Possible rename to "Allocated?")
  - Resource, Open: This diff, ResourceUpdateWorker. (Likely rename to "Active").
  - Resource, Closed/Broken: Future destruction worker. (Likely rename to "Released" / "Broken"; maybe remove "Broken").
  - Resource, Destroyed: No writes.
  - Lease, Unsaved: Whatever wants the lease.
  - Lease, Pending: AllocatorWorker
  - Lease, Acquired: LeaseWorker
  - Lease, Active: This diff, LeaseUpdateWorker.
  - Lease, Released/Broken: Future destruction worker (Maybe remove "Broken"?)
  - Lease, Expired: No writes. (Likely rename to "Destroyed").

In most phases, we can already guarantee that there is a single writer without doing any extra work. This is more complicated in the "Active" case because the release buttons on the web UI, the release tools on the CLI, the lease requestor itself, the garbage collector, and any other release process cleaning up related objects may try to effect a release. All of these could race one another (and, in many cases, race other processes from other phases because all of these get to act immediately) as this code is currently written. Using a queue here lets us make sure there's only a single writer in this phase.

One thing which is notable is that whatever acquires a lease **can not write to it**! It is never the writer once it queues the lease for activation. It can not write to any resources, either. And, likewise, Blueprints can not write to resources while acquiring or releasing leases.

We may need to provide a mechinism so that blueprints and/or resource/lease holders get to attach some storage to resources/leases for bookkeeping. For example, a blueprint might need to keep some kind of cache on a resource to help it manage state. But I think we can cross that bridge when we come to it, and nothing else would need to write to this storage so it's technically straightforward to introduce such a mechanism if we need one.

Test Plan:
  - Viewed buttons in web UI, checked enabled/disabled states.
  - Clicked the buttons.
  - Saw commands show up in the command queue.
  - Saw some daemon stuff get scheduled.
  - Ran CLI tools, saw commands get consumed and resources/leases release.

Reviewers: hach-que, chad

Reviewed By: chad

Maniphest Tasks: T9252

Differential Revision: https://secure.phabricator.com/D14143
2015-09-23 07:42:08 -07:00
epriestley
8ded0927aa Recover gracefully from Conduit failure when building "Tags" field in commit mail
Summary:
Ref T9458. This is basically the same as D13319, but the "Tags" field didn't get covered in that change.

Specifically, the issue is:

  - We try to generate mail to a disabled user (later, we'll drop it without delivering it, but that filtering doesn't happen yet).
  - The disabled user doesn't have permission to use Conduit (or any other Conduit-related problem occurs).
  - We fail here, then retry generating the mail again later.

Instead, just degrade to not building the field and showing what went wrong.

Test Plan:
  - Pushed some commits, saw mail generate.
  - Added a fake exception to the field, saw the mail generate with an error message.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9458

Differential Revision: https://secure.phabricator.com/D14142
2015-09-22 13:03:29 -07:00
Chad Little
799d86dc65 Show file UI box as collapsed in Diffusion
Summary: This UI should have a Collapsed PHUIObjectBoxView.

Test Plan: review a file in sandbox

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14139
2015-09-21 12:29:17 -07:00
Chad Little
b8567f1764 Use setTable on File Transforms tables
Summary: Minor, but nicer.

Test Plan: Review File Transforms page, see new UI.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14140
2015-09-21 12:29:05 -07:00
June Rhodes
d5dc4588fc [harbormaster/abort-builds] Support aborting builds in Harbormaster
Summary: Ref T1049.  This adds support for aborting builds in Harbormaster.

Test Plan: Tested it in production.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: yelirekim, traviscline, joshuaspence, Korvin, epriestley

Projects: #harbormaster

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D11870
2015-09-21 12:07:38 -07:00
epriestley
f1119ffcf5 Support working copies and separate allocate + activate steps for resources/leases in Drydock
Summary:
Ref T9253. For resources and leases that need to do something which takes a lot of time or requires waiting, allow them to allocate/acquire first and then activate later.

When we allocate a resource or acquire a lease, the blueprint can either activate it immediately (if all the work can happen quickly/inline) or activate it later. If the blueprint activates it later, we queue a worker to handle activating it.

Rebuild the "working copy" blueprint to work with this model: it allocates/acquires and activates in a separate step, once it is able to acquire a host.

Test Plan: With some power of imagination, brought up a bunch of working copies with `bin/drydock lease --type working-copy ...`

Reviewers: hach-que, chad

Reviewed By: hach-que, chad

Maniphest Tasks: T9253

Differential Revision: https://secure.phabricator.com/D14127
2015-09-21 04:46:24 -07:00
epriestley
6a0eb9d84b Allow AlmanacHost blueprints to build a meaningful CommandInterface
Summary: Ref T9253. Provide a meaningful command interface for Almanac hosts.

Test Plan:
Configued and leased a real host (`sbuild001.phacility.net`) and ran a command on it.

```
$ ./bin/drydock command --lease 90 -- ls /
bin
boot
core
dev
etc
home
initrd.img
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
vmlinuz
```

Reviewers: chad, hach-que

Reviewed By: chad, hach-que

Maniphest Tasks: T9253

Differential Revision: https://secure.phabricator.com/D14126
2015-09-21 04:46:02 -07:00
epriestley
9a270efe8a Tidy up some Drydock UI
Summary: Ref T9253. We had some un-modern use of UI elements, clean that up. Add a tab for showing slot locks so you don't have to fish around in the database.

Test Plan: Looked at blueprints, resources and leases. Looked at slot locks.

Reviewers: chad, hach-que

Reviewed By: chad, hach-que

Maniphest Tasks: T9253

Differential Revision: https://secure.phabricator.com/D14119
2015-09-21 04:45:43 -07:00
epriestley
3ac99006bf Implement optimistic "slot locks" in Drydock
Summary:
See discussion in D10304. There's a lot of context there, but the general idea is:

  - Blueprints should manage locks in a granular way during the actual allocation/acquisition phase.
  - Optimistic "slot locks" might a pretty good primitive to make that easy to implement and reason about in most cases.

The way these locks work is that you just pick some name for the lock (like the PHID of a resource) and say that it needs to be acquired for the allocation/acquisition to work:

```
...
->needSlotLock("mylock(PHID-XYZQ-...)")
...
```

When you fire off the acquisition or allocation, it fails unless it could acquire the slot with that name. This is really simple (no explicit lock management) and a pretty good fit for most of the locking that blueprints and leases need to do.

If you need to do limit-based locks (e.g., maximum of 3 locks) you could acquire a lock like this:

```
mylock(whatever).slot(2)
```

Blueprints generally only contend with themselves, so it's normally OK for them to pick whatever strategy works best for them in naming locks.

This may not work as well if you have a huge number of slots (e.g., 100TB you want to give out in 1MB chunks), or other complex needs for locks (like you have to synchronize access to some external resource), but slot locks don't need to be the only mechanism that blueprints use. If they run into a problem that slot locks aren't a good fit for, they can use something else instead. For now, slot locks seem like a good fit for the problems we currently face and most of the problems I anticipate facing.

(The release workflows have other race issues which I'm not addressing here. They work fine if nothing races, but aren't race-safe.)

Test Plan:
To create a race where the same binding is allocated as a resource twice:

  - Add `sleep(10)` near the beginning of `allocateResource()`, after the free bindings are loaded but before resources are allocated.
  - (Comment out slot lock acquisition if you have this patch.)
  - Run `bin/drydock lease ...` in two windows, within 10 seconds of one another.

This will reliably double-allocate the binding because both blueprints see a view of the world where the binding is free.

To verify the lock works, un-comment it (or apply this patch) and run the same test again. Now, the lock fails in one process and only one resource is allocated.

Reviewers: hach-que, chad

Reviewed By: hach-que, chad

Differential Revision: https://secure.phabricator.com/D14118
2015-09-21 04:45:25 -07:00
epriestley
6e03419593 Implement a rough AlmanacService blueprint in Drydock
Summary:
Ref T9253. Broadly, this realigns Allocator behavior to be more consistent and straightforward and amenable to intended future changes.

This attempts to make language more consistent: resources are "allocated" and leases are "acquired".

This prepares for (but does not implement) optimistic "slot locking", as discussed in D10304. Although I suspect some blueprints will need to perform other locking eventually, this does feel like a good fit for most of the locking blueprints need to do.

In particular, I've made the blueprint operations on `$resource` and `$lease` objects more purposeful: they need to invoke an activator on the appropriate object to be implemented correctly. Before they invoke this activator method, they configure the object. In a future diff, this configuration will include specifying slot locks that the lease or resource must acquire. So the API will be something like:

  $lease
    ->setActivateWhenAcquired(true)
    ->needSlotLock('x')
    ->needSlotLock('y')
    ->acquireOnResource($resource);

In the common case where slot locks are a good fit, I think this should make correct blueprint implementation very straightforward.

This prepares for (but does not implement) resources and leases which need significant setup steps. I've basically carved out two modes:

  - The "activate immediately" mode, as here, immediately opens the resource or activates the lease. This is appropriate if little or no setup is required. I expect many leases to operate in this mode, although I expect many resources will operate in the other mode.
  - The "allocate now, activate later" mode, which is not fully implemented yet. This will queue setup workers when the allocator exits. Overall, this will work very similarly to Harbormaster.
  - This new structure makes it acceptable for blueprints to sleep as long as they want during resource allocation and lease acquisition, so long as they are not waiting on anything which needs to be completed by the queue. Putting a `sleep(15 * 60)` in your EC2Blueprint to wait for EC2 to bring a machine up will perform worse than using delayed activation, but won't deadlock the queue or block any locks.

Overall, this flow is more similar to Harbormaster's flow. Having consistency between Harbormaster's model and Drydock's model is good, and I think Harbormaster's model is also simply much better than Drydock's (what exists today in Drydock was implemented a long time ago, and we had more support and infrastructure by the time Harbormaster was implemented, as well as a more clearly defined problem).

The particular strength of Harbormaster is that objects always (or almost always, at least) have a single, clearly defined writer. Ensuring objects have only one writer prevents races and makes reasoning about everything easier.

Drydock does not currently have a clearly defined single writer, but this moves us in that direction. We'll probably need more primitives eventually to flesh this out, like Harbormaster's command queue for messaging objects which you can't write to.

This blueprint was originally implemented in D13843. This makes a few changes to the blueprint itself:

  - A bunch of code from that (e.g., interfaces) doesn't exist yet.
  - I let the blueprint have multiple services. This simplifies the code a little and seems like it costs us nothing.

This also removes `bin/drydock create-resource`, which no longer makes sense to expose. It won't get locking, leasing, etc., correct, and can not be made correct.

NOTE: This technically works but doesn't do anything useful yet.

Test Plan: Used `bin/drydock lease --type host` to acquire leases against these blueprints.

Reviewers: hach-que, chad

Reviewed By: hach-que, chad

Subscribers: Mnkras

Maniphest Tasks: T9253

Differential Revision: https://secure.phabricator.com/D14117
2015-09-21 04:43:53 -07:00
epriestley
bb28f94f9b Reduce garbage-level of Drydock Allocator implementation
Summary:
Ref T9253. The Drydock allocator is very pseudocodey right now. Particularly, it was written before Blueprints were concrete.

Reorganize it to make its responsibilities and error handling behaviors more clear.

In particular, the Allocator does not manage locks. It's primarily trying to reject allocations which can not possibly work. Blueprints are responsible for locks. See some discussion in D10304.

NOTE: This code probably doesn't work as written, see future diffs.

Test Plan: See future diffs.

Reviewers: hach-que, chad

Reviewed By: hach-que, chad

Subscribers: cburroughs

Maniphest Tasks: T9253

Differential Revision: https://secure.phabricator.com/D14114
2015-09-21 04:43:25 -07:00
epriestley
5362d3366c Modernize Drydock Query + Attach code
Summary:
Ref T9253. Some of the Drydock code is pretty old. This applies standard modernizations to it:

  - Modernize Query classes to use stuff like `buildWhereClauseParts()` and `loadStandardPage()`.
  - Modernize all the getX() / attachX() stuff. In particular:
    - Require and attach implementations to Blueprints.
    - Require and attach Blueprints to Resources.
    - BlueprintImplementations are now always unique per-Blueprint so they can store/cache state if they want without running over one another.
    - BlueprintImplementations are now passed a `$blueprint`, like other similar APIs (this could go various ways but I generally like this as a balance of concerns).

NOTE: This probably doesn't run on its own, I'm just trying to split the next diff (core allocator stuff) up a bit and these pieces are all pretty standard.

Test Plan:
  - Not much; see next revision or two.
  - Clicked around Resource and Blueprint lists.

Reviewers: chad, hach-que

Reviewed By: chad, hach-que

Maniphest Tasks: T9253

Differential Revision: https://secure.phabricator.com/D14113
2015-09-21 04:42:04 -07:00