Cannot push commits to Diffusion when I deploy a phabricator instance with `PHABRICATOR_ENV`

I deployed a phabricator instance with PHABRICATOR_ENV, but I can’t push commits.

My custom config file is custom/demo.zengxs.com.conf.php, php-fpm and phd all have the environment variable PHABRICATOR_ENV=custom/demo.zengxs.com.

I enable GIT_CURL_VERBOSE, got logs:

> POST /source/ColorfulCode.git/git-receive-pack HTTP/1.1
Host: demo.zengxs.com
Authorization: Basic emV*************Mw==
User-Agent: git/2.21.1 (Apple Git-122.3)
Accept-Encoding: deflate, gzip
Content-Type: application/x-git-receive-pack-request
Accept: application/x-git-receive-pack-result
Content-Length: 440

* upload completely sent off: 440 out of 440 bytes
< HTTP/1.1 200 OK
< Date: Sun, 08 Mar 2020 02:40:19 GMT
< Server: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_fcgid/2.3.9
< X-Powered-By: PHP/7.2.11
< X-Frame-Options: Deny
< Content-Security-Policy: default-src 'self' http://demo.zengxs.com; img-src 'self' http://demo.zengxs.com data:; style-src 'self' http://demo.zengxs.com 'unsafe-inline'; script-src 'self' http://demo.zengxs.com; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none'
< Referrer-Policy: no-referrer
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Content-Encoding: gzip
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: application/x-git-receive-pack-result
< 
* Connection #0 to host demo.zengxs.com left intact
remote: [2020-03-08 02:40:19] EXCEPTION: (PhabricatorClusterStrandedException) Unable to establish a connection to any database host (while trying "phabricator_config"). All masters and replicas are completely unreachable.
remote: 
remote: AphrontInvalidCredentialsQueryException: #1045: Access denied for user 'root'@'localhost' (using password: NO) at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:177]
remote: arcanist(head=stable, ref.stable=729100955129), phabricator(head=stable, ref.stable=ff6f24db2bc0), phutil(head=stable, ref.stable=034cf7cc3994)
remote:   #0 PhabricatorLiskDAO::raiseUnreachable(string, AphrontInvalidCredentialsQueryException) called at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:134]
remote:   #1 PhabricatorLiskDAO::newClusterConnection(string, string, string) called at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:72]
remote:   #2 PhabricatorLiskDAO::establishLiveConnection(string) called at [<phabricator>/src/infrastructure/storage/lisk/LiskDAO.php:841]
remote:   #3 LiskDAO::establishConnection(string) called at [<phabricator>/src/infrastructure/storage/lisk/LiskDAO.php:518]
remote:   #4 LiskDAO::loadRawDataWhere(string, string) called at [<phabricator>/src/infrastructure/storage/lisk/LiskDAO.php:478]
remote:   #5 LiskDAO::loadAllWhere(string, string) called at [<phabricator>/src/infrastructure/env/PhabricatorConfigDatabaseSource.php:19]
remote:   #6 PhabricatorConfigDatabaseSource::loadConfig(string) called at [<phabricator>/src/infrastructure/env/PhabricatorConfigDatabaseSource.php:7]
remote:   #7 PhabricatorConfigDatabaseSource::__construct(string) called at [<phabricator>/src/infrastructure/env/PhabricatorEnv.php:262]
remote:   #8 PhabricatorEnv::buildConfigurationSourceStack(boolean) called at [<phabricator>/src/infrastructure/env/PhabricatorEnv.php:95]
remote:   #9 PhabricatorEnv::initializeCommonEnvironment(boolean) called at [<phabricator>/src/infrastructure/env/PhabricatorEnv.php:75]
remote:   #10 PhabricatorEnv::initializeScriptEnvironment(boolean) called at [<phabricator>/scripts/init/lib.php:22]
remote:   #11 init_phabricator_script(array) called at [<phabricator>/scripts/init/init-script.php:9]
remote:   #12 require_once(string) called at [<phabricator>/scripts/__init_script__.php:3]
remote:   #13 require_once(string) called at [<phabricator>/scripts/repository/commit_hook.php:34]
To http://demo.zengxs.com/source/ColorfulCode.git
 ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'http://demo.zengxs.com/source/ColorfulCode.git'

And refer T12081, I found the hook file pre-receive contents is:

#!/bin/sh
export TERM=dumb
exec '/bin/php' -f '/usr/local/src/phacility/phabricator/bin/commit-hook' -- 'PHID-REPO-s3qddeeiowjfqmwur24p'  "$@"

I manually add a line to the top of pre-receive:

export PHABRICATOR_ENV=custom/demo.zengxs.com

And then all works fine.

Is there any way that make diffusion work fine without manually modify the pre-receive file?

Environment

Operating System: CentOS 8.1
Git Version (Server): 2.18.2
apache httpd: 2.4.37
php-fpm: 7.2.11

And phabricator/arcanist version:

Library Version Date Branchpoint
phabricator ff6f24db2bc0 Thu, Feb 13 2327578adc94
arcanist 729100955129 Jan 31 2020 21a1828ea06c
phutil 034cf7cc3994 Jan 31 2020 cc2a3dbf5903

I think this can be made to work by putting:

export PHABRICATOR_ENV=...

…into the ~/.profile for the VCS system user you’ve configured.

Phabricator’s support for this could probably be improved (at a minimum, this peculiarity could be documented), but I’m a lot less excited today about using environmental variables for this kind of thing than I was when I originally wrote PHABRICATOR_ENV. For example, the Shellshock vulnerability (see https://secure.phabricator.com/T6185) is one issue which has contributed toward my general feeling that environmental variables are not a robust foundation to build reliable systems on top of. If I was updating PHABRICATOR_ENV today, I’d likely deprecate and remove it rather than try to make it easier to use.

1 Like