Phabricator/Migration/status

Last update on: 2014-09-16

2014-05-19
The Phabricator RfC was finished with support for moving to Phabricator. Hence also the review of Wikimedia's Project management tools is finished. At the Zürich Hackathon 2014 three Phabricator related sessions took place (general introduction to Phabricator by Shahyar, Phabricator's code review concept and tool by Shahyar, discussion planning Day 1 of Phabricator in production). Another public IRC office hour about Phabricator took place on May 14th (log). Andre summarized the process of moving to Phabricator so far in a blogpost. Regarding overviews and keeping track, the project has a central general information page, a planning board for Wikimedia Phabricator Day 1 in Production, a team defined for the required work, and an upstream task board for planning.

2014-05-monthly
Mukunda Modell is currently addressing authentication and access restrictions for security tickets with upstream. Chase Pettet and Daniel Zahn of Wikimedia Operations are spearheading the Phabricator installation. Andre Klapper has upstreamed some issues, commented on numerous tickets, and identified further tasks related to migration. An overview board of tasks to solve for the first dayof Phabricator in production is available. Furthermore, once Wikimedia SUL authentication is sorted out, it is investigated to launch the Phabricator production instance first with very limited functionality to provide a Trusted User Tool.

2014-06-10
Apart from commenting on / discussing / upstreaming Phabricator tickets, Andre gave a short Phabricator presentation at WMF's Monthly Metrics meeting and started thinking about on organizing sprints, releases, iterations in Phab and data migration from Bugzilla.

2014-06-monthly
Apart from discussions on how to implement certain functionality and settings in Phabricator among team members and stakeholders, Mukunda implemented a MediaWiki OAuth provider in Phabricator (Gerrit changes: 1, 2; related ticket) and Chase created a Puppet module for Phabricator.

2014-07-09
Mukunda Modell implemented WMF SUL Authentication for Phabricator. Chase Pettet deployed Legalpad, a tool to manage trusted users, on a separate server (workflow to be further defined with the Legal team). Sean Pringle and Chase put a data backup system for Phabricator in place. Mukunda wrote code to restrict access to tasks in a certain project, which can already be tested on fab.wmflabs.org. Chase upgraded the dedicated Phabricator server to Ubuntu Trusty. Andre Klapper listed the Bugzilla bug report elements to tackle in a script to import from Bugzilla and dropped his thoughts about Priority and Keyword migration. In upstream development, umbrella projects and subprojects are being worked on, which will influence our plans on handling release planning in Phabricator.

2014-07-22
Mukunda finished packaging using pkg-php-tools/dh_php5, worked on refactoring project access restrictions into a custom herald action (ticket and patch), showing the wiki account URL on Legalpad's signature list view, and file access restrictions (ticket and patch). Chase has been working on configuring exim for mail and discussing accessibility of file attachments with upstream. Andre commented on tickets about handling keywords, severity etc. and sent a summary email to wikitech-l communicating which 'regressions' we might see.

2014-07-monthly
Phabricator's "Legalpad" application (a tool to manage trusted users) was set up on a separate server. This instance provides WMF Single-User Login authentication. Mukunda implemented restricting access to tasks in a certain project which can be tested on fab.wmflabs.org. As a followup, he investigated enforcing security policy also on files and attachments and replacing the IRC bots by Phab's chatbot. Chase worked on initial migration code to import data from Bugzilla reports into Phabricator tasks (and ran into missing API code in Phabricator), investigated configuring Exim for mail, set up a data backup system for Phabricator, and upgraded the dedicated Phabricator server to Ubuntu Trusty. Quim started documenting Phabricator. Andre helped making decisions on defining field values and how to handle certain Bugzilla fields in the import script and sent a summary email to wikitech-l about the Phabricator migration status.

2014-08-11
Upstream Phabricator developers implemented granular file permissions and upload defaults, with making file data to be inaccessible (not undiscoverable) still to resolve (see related task, Mukunda investigates). Chase throughly tested the current state of file access security (prior to having a canCDN flag implementation which will require more testing), plus worked on supporting Bugzilla keyword conversion into separate Phabricator tags plus general improvements in the import script. In upstream, Mukunda added API to create projects. Chase added support for mailing lists as watching users in upstream and case sensitivity in project URLs is now handled by normalizing to lower case (see related task).

2014-08-20
<section begin="2014-08-20"/>Chase worked on and tested the data migration logic (attachments and security access) and ran into a Bugzilla WebService API issue. Mukunda worked on getting MediaWiki OAuth merged into upstream and merged a CustomField extension that adds a "MediaWiki Userpage". Chase and Mukunda also worked on the Project Policy Enforcer action for Herald, providing a user-friendly dropdown menu to restrict ticket access when creating the ticket. We also identified that we want to purchase an alternative domain first for content hosted on the Phabricator production instance.<section end="2014-08-20"/>

2014-08-28
<section begin="2014-08-28"/>For a better overview, the Wikimedia Phabricator Day 1 project was split into three projects: Day 1 of a Phabricator Production instance in use, Bugzilla migration, and RT migration. Furthermore, the overall schedule was clarified. in A separate domain for user content was purchased (which still needs a certificate). Mukunda worked on getting the MediaWiki OAuth provider merged into upstream. More testing of the security implementation took place (with regard to making restricted data not only undiscoverable but also inaccessible). Chase also worked on the scripts to export and import data between the systems and support for external users in Phabricator and the related mail setup.<section end="2014-08-28"/>

2014-08-monthly
<section begin="2014-08-monthly"/>The project is getting close to Day 1 of a Wikimedia Phabricator production instance. For better overview and tracking, the Wikimedia Phabricator Day 1 project was split into three projects: Day 1 of a Phabricator Production instance in use, Bugzilla migration, and RT migration. Furthermore, the overall schedule was clarified. In the last month, Security/permission related requirements got implemented (granular file permissions and upload defaults, enforcing that policy, making file data inaccessible and not only undiscoverable). In upstream, Mukunda added API to create projects and Chase added support for mailing lists as watching users. Chase worked on and tested the security and data migration logic. Mukunda continued to work on getting the MediaWiki OAuth provider merged into upstream. Chase and Mukunda also worked on the Project Policy Enforcer action for Herald, providing a user-friendly dropdown menu to restrict ticket access when creating the ticket. A separate domain for user content was purchased. Chase also worked on the scripts to export and import data between the systems and support for external users in Phabricator and the related mail setup. Chase and Chad also took a look at setting up Elasticsearch for Phabricator.<section end="2014-08-monthly"/>

2014-09-09
<section begin="2014-09-09"/>Restricting access to Phabricator tasks based on project membership was implemented by its last patch merged. Phabricator now lets you interact with external (non-Phabricator) users via email which was a requirement for migrating RT tickets and shows the associated MediaWiki.org account on the Phabricator user page. An issue with uploading files was fixed. A first version of a 'Phabricator' on-wiki template was made available and Helder worked on making the 'Tracked' template support linking to Phabricator. Migrating content from fab.wmflabs.org to the Phabricator production instance started this week which required taking down the Phabricator testing instance on Wikimedia Labs. The team can be reached via the #wikimedia-devtools IRC channel on Freenode. Furthermore, work continues this week on upstreaming the MediaWiki OAuth provider (upstream ticket), getting a certificate for phab.wmfusercontent.org, configuring inbound email for phabricator.wikimedia.org, and determining the license of content submitted to Phabricator.<section end="2014-09-09"/>

2014-09-16
<section begin="2014-09-16"/>The Phabricator production instance with tickets imported from now-defunct fab.wmflabs.org has been set up but remains read-only until Operations has finished setting up SNI on misc-web-lb and making it work with nginx (related patches: 1, 2, 3) and the SSL certificate (related patches: 1, 2, 3, 4), Legal has blessed the required footer, and upstream has merged the Mediawiki OAuth provider. Daniel and Yuvi set up a new Phabricator test instance on https://phab-01.wmflabs.org/ (after allowing SSL) that anybody can play with. Daniel also added patches (1, 2) for redirecting http to https. In addition, work is going on to improve the Phabricator documentation and help. <section end="2014-09-16"/>