Difference between revisions of "IT Infrastructure Doc"
m (→Include a p2.index file at p2 repository site?)
(→Sign my plugins/ZIP files?)
|Line 256:||Line 256:|
===Sign my plugins/ZIP files?===
===Sign my plugins/ZIP files?===
The Eclipse Foundation
The Eclipse Foundation committers to sign JAR and ZIP files on its behalf. Signing is done the build.eclipse.org
command line or the
to the (.)
signing , the , the
be the .
Revision as of 10:38, 16 April 2012
- 1 Website
- 1.1 How do I setup my project website?
- 1.2 How do I author web pages using the Phoenix method?
- 1.3 Access the Bugzilla database using PHP?
- 1.4 Use a database for my website?
- 1.5 I need to put a large file on my website. How should I do this?
- 1.6 Use PHP on my website?
- 1.7 Optimize my PHP code for large-scale use?
- 2 SSH
- 3 CVS
- 4 Bugzilla
- 5 Downloads
- 5.1 Upload files to the download server?
- 5.2 Move files to archive.eclipse.org?
- 5.3 Use mirror sites/see which mirrors are mirroring my files?
- 5.4 Use the Find a Mirror script?
- 5.5 Enable mirrors / use mirrorsURL for my p2 repo?
- 5.6 Include a p2.index file at p2 repository site?
- 5.7 See download statistics?
- 5.8 View my disk space quota?
- 5.9 Increase my disk space quota?
- 5.10 Sign my plugins/ZIP files?
- 6 Builds
- 7 Mailing Lists
- 8 Eclipse Wiki
- 9 Eclipse Servers
How do I setup my project website?
Project websites are hosted in a CVS repository separate from the actual project code. The repository path is dev.eclipse.org:/cvsroot/org.eclipse, in the www component.
Once the webmaster
adds a space for your project, files you commit to the website CVS are automatically checked out to www.eclipse.org/xyz, where
xyz is your project's short name.
You are free to use HTML and PHP on your website.
Hosting a project website is normally done when the project proposal has been approved. If you suspect your files are not being checked out to the www.eclipse.org website, simply commit a small change to one file. This is usually enough to trigger a website refresh.
Access the Bugzilla database using PHP?
Please see the section labeled "[tools]" in the Portal
Use a database for my website?
We currently do not offer projects with database support.
I need to put a large file on my website. How should I do this?
Large (1 MB+) ZIP and JAR files must be put in the downloads area, using the Find A Mirror script to link to them. However, small files (less than 1 MB) can be put on the www.eclipse.org/yourproject website directly without causing too much harm.
The Find A Mirror script supports transparent mirror use, so large screencasts and PDFs can be put in the downloads area as well without imposing the added step of selecting a mirror site for the file. Simply add &r=1 to the URL. For instance, http://www.eclipse.org/downloads/download.php?file=/eclipse/downloads/drops/R-3.1-200506271435/eclipse-SDK-3.1-linux-gtk.tar.gz&r=1 will fetch you the Eclipse SDK 3.1 for Linux from a random mirror site without asking you which one.
Remember to allow our mirrors at least 24 hours to sync up before using a transparent mirror redirect.
Use PHP on my website?
PHP support is available on www.eclipse.org only. Simply commit files with the .php file extension to your website's CVS repository. Although some projects host PHP files on download.eclipse.org, we do not encourage or recommend it.
Eclipse.org is a high-traffic website. Please make sure your PHP code is optimized to run in this type of environment. See the next item.
Optimize my PHP code for large-scale use?
Eclipse.org is a high-traffic website. To improve PHP's functionality, we have set very liberal limits on how many resources PHP can consume. However. if if your project is very popular, bad PHP code can slow the entire site down.
Of course, we could harden PHP to protect our website, but that would cut some functionality. Some tips for you:
- Never call the web service to include/open files - include("http://www.eclipse.org/somefile.html") and fopen("http://localhost/somefile.xml") are very costly to run, because they call the web service, and can lead to eclipse.org Denial-Of-Servicing itself under heavy load.
- Never include/open remote files - include("http://www.someothersite.org/somefile.html") is forbidden, as someone could launch a Denial-Of-Service attack against a remote site. We don't allow you to establish remote connections from eclipse.org servers other than the build server.
- Sanitize your incoming parameters - include($parameter) is particularly dangerous if $parameter is not sanitized. Someone could freely surf the web anonymously, hiding behind eclipse.org servers, or they could use your page to access local files, or launch Denial-Of-Service attacks against remote servers.
- Cache aggregated, processor-intensive data - SQL aggregations, file system scans, Bugzilla lists can (and should) be cached to avoid redundant processor- and disk-intensive operations. For instance, scanning through download.eclipse.org directories to display the size of a build could be useful, but doesn't need to happen for each website visitor. Cache the results of this operation to a file, and update the file if the file is older than 12 hours.
There are many, many other security and PHP best-practices. These are just the basics.
- Shell access is not enabled on eclipse.org accounts by default. Build/Release engineers may request a shell on build.eclipse.org by using the Portal.
- Shell usage on build.eclipse.org is monitored. Successful logins may be performed from trusted networks only. Access from an untrusted network will require you to confirm the network; this is done via email to your committer email account.
Upload my public key
Passwordless authentication (using keys) is the preferred way of logging in and using Eclipse.org servers.
To upload your key from within Eclipse, simply use the Export to SFTP... button on the General > Network Connections > SSH2 > Key Management preference page: http://help.eclipse.org/indigo/index.jsp?topic=%2Forg.eclipse.platform.doc.user%2Freference%2Fref-ssh2-preferences.htm
One can also upload the key from the command line using sftp. First, copy the public key(s) you want to upload to a single file called "authorized_keys" in the current directory, and then:
sftp firstname.lastname@example.org sftp> mkdir .ssh (if .ssh subdirectory does not already exist) sftp> put authorized_keys .ssh/authorized_keys sftp> quit
Next, tell Eclipse to use the corresponding private key in the preference page: General > Network Connections > SSH2 > General tab.
Connect to Eclipse CVS?
Please see this page.
Connect to Eclipse CVS when PSERVER and/or EXTSSH are firewalled?
Please see the Proxy configuration on this page.
Delete files from CVS?
Although you can use SSH and a terminal to delete files in your CVS repository, we recommend you open a Bugzilla bug, in Community CVS, requesting the files that need to be deleted.
Manage UNIX groups for CVS access?
The unix groups are essentially webmaster tools used to manage commit rights to CVS repositories and to the downloads area. For each project (Eclipse-Foundation-sanctioned project, such as Eclipse Platform, DSDP-DD, Mylar, CDT, etc) we typically create three groups:
- project-dev: the group of accounts that can commit to the project's code repository
- project-home: the group of accounts that can commit to the project'ss website
- projectadmin: those who can store files in the downloads area.
For some projects, having all committers in one group with commit rights across the entire project is not adequate when some committers must be limited to a specific set of modules. In these cases, we create project-module groups that allow specific committers to only commit to that portion of CVS.
Create a new Component/Version/Milestone/Target?
Upload files to the download server?
Downloadable files must be placed in the downloads area (~/downloads, or /home/data/httpd/download.eclipse.org) so they can be mirrored to our mirror sites worldwide. Please ensure only pertinent, current files are in the downloads area, as we cannot store an eternity of nightly, integration and stable builds. Production releases can be kept forever; however, we ask that you move archived releases to archive.eclipse.org (see below).
To upload your files:
- use an SFTP or SCP client (in SFTP mode) and connect to dev.eclipse.org (or build.eclipse.org) using your committer account
- upload files to your project's directory in the downloads area (yypically ~/downloads/toplevel/yourproject). Ask your project lead.
- Please ensure that the file permissions include world-readable (664; rw-rw-r--) and directory permissions allow for world-executable (775, rwxrwxr-x).
- large projects with frequent builds may find it more convenient to use RSYNC over SSH.
- do not link directly to download.eclipse.org/yourfile.zip! Instead, use the Find a Mirror script (info below). Using this script allows you to view download statistics and allows users to pick a nearby mirror site for their download.
Once your files are on the download.eclipse.org server, they are immediately available to the general public. However, for release builds, we ask that you wait at least four hours for our mirror sites to fetch the new files before linking to them. It typically takes a day or two for all the mirror sites to synchronize with us and get new files.
Please note that although we tolerate PHP, HTML and JPG/GIF files on download.eclipse.org, we encourage you to put such files on www.eclipse.org. Those files are not mirrored to public mirror servers.
Move files to archive.eclipse.org?
Because our mirror sites don't have as much disk space for Eclipse files as we do, we have created an http://archive.eclipse.org site for you to store older release builds.
The archive.eclipse.org structure is similar to that of download.eclipse.org. To move your files, we recommend using the SSH prompt as below. If you are not comfortable with the SSH prompt, you can ask WebMaster to move the files for you.
ssh email@example.com mv ~/downloads/your/project/oldrelease/ /home/data/httpd/archive.eclipse.org/your/project/oldrelease/
Note: if you preserve the exact path and filename from download.eclipse.org to archive.eclipse.org, you don't need to change your links if your links use the Find a Mirror script.
This link will work if /path/to/a/file.zip is on download.eclipse.org, or if it gets moved to the same place on archive.eclipse.org
P2 repositories: P2 repositories are not normally accessed via the mirror selection script. Therefore, extra treatment is required when the move should be made transparently without affecting users who may still have the original URL.
Equinox/p2/p2.mirrorsURL#Moving_a_repo_to_archive.eclipse.org has a discussion how to achieve this (work in progress).
Use mirror sites/see which mirrors are mirroring my files?
Link to your download files like this:
- file (Required): specify the filename, relative to the downloads home, starting with a "/". This file must exist in the downloads area. Although you can specify a directory name, your mirror list will be more accurate if you specify a file.
- format (Optional): specify html (default) or xml. Useful for building the mirrors.xml for Update sites.
- protocol (Optional): ftp or http: list only ftp or http mirrors only (both are the default)
- r (Optional): specify 1 to automatically redirect to the best mirror (the one that would normally be at the top) without asking the user to choose.
- nf (Optional): specify 1 to get an actual 404 Not Found error if the file doesn't exist (instead of a lovely page saying so).
The script will examine the Last Modified timestamp of the given file and return only those mirrors that have synchronized with Eclipse.org after that time.
All mirrors of the Lepido project, in XML format: http://www.eclipse.org/downloads/download.php?file=/technology/lepido/M1/content.jar&format=xml
Get a file from a random mirror, without prompting http://www.eclipse.org/downloads/download.php?file=/eclipse/downloads/drops/R-3.1-200506271435/eclipse-SDK-3.1-win32.zip&r=1
PLEASE NOTE: We have a list of excluded file patterns -- files that are *not* sent to our mirrors. Nightly and Integration builds are typically very large and don't get many downloads, therefore it's typically more costly (in terms of bandwidth) to mirror them than to support the few client downloads they generate. At time of writing, our exclusion list is:
Use the Find a Mirror script?
See the section above.
Enable mirrors / use mirrorsURL for my p2 repo?
Your artifacts.xml (jar) should have a p2.mirrorsURL property. Here is a an example from http://download.eclipse.org/eclipse/updates/3.6/R-3.6.2-201102101200/artifacts.jar
<repository name='"Eclipse Project Test Site"' type='org.eclipse.equinox.p2.artifact.repository.simpleRepository' version='1'> <properties size='4'> <property name='p2.compressed' value='true'/> <property name='p2.timestamp' value='1297373227427'/> <property name='publishPackFilesAsSiblings' value='true'/> <property name='p2.mirrorsURL' value='http://www.eclipse.org/downloads/download.php?file=/eclipse/updates/3.6/R-3.6.2-201102101200&format=xml'/> </properties>
A more detailed description can be found at Equinox/p2/p2.mirrorsURL.
Ideally, everyone, for all p2 repositories, should use this property, since even if not mirrored currently, it does not hurt anything in that case, and you never know when your repository might become mirrored. In fact, failure to use this property can result in too many requests for jar files coming directly to 'download.eclipse.org' and greatly slow down the network and use too much bandwidth. If this happens for your project (or repository) measures may be taken to automatically redirect all such requests somewhere else, which often does not work well; for examples, see bug 368826.
Include a p2.index file at p2 repository site?
A little documented aide to p2 is to include a special file named "p2.index" at your p2 repository URL site. Every well-behaved, well-optimized p2 repository should have one. This is especially important for composite repository sites as it can save several unsuccessful round trips to download server looking for files that do not exist. For "how to" instructions, see the p2 wiki. For history and deeper technical discussion, see bug 347448.
See download statistics?
The Find a Mirror script tracks download requests once the user has picked a mirror site (or the main Eclipse download site). You can also view download stats for files downloaded via p2 if you enable your p2 repository for download statistics. To view these statistics, use the Live Download Statistics tool (Portal > Project Committer > Tools for all Committers).
For more information, please see the Project Download Stats page.
View my disk space quota?
Because the downloads content is mirrored worldwide, Eclipse.org imposes disk space quotas to not overburden our mirror sites. There are no quotas on mail, CVS or www.eclipse.org website content. New projects are configured with quotas. If this is insufficient, we can increase the quota to suit your needs. However, before increasing a quota, we will make sure that your downloads area doesn't contain old or stale files. We appreciate you keeping the downloads areas as lean and clean as possible.
You can view your project's download.eclipse.org disk usage and quota by logging into the Portal > [tools] for all Committers > Disk space and quotas.
Increase my disk space quota?
Before requesting your quota be increased, please delete any old files that are no longer required, and move older release builds to archive.eclipse.org (instructions above). If you are confident that your download.eclipse.org footprint is as small as it can be and that you're still running out of space, simply send an e-mail to the WebMaster with your request, stating which project you're on.
Sign my plugins/ZIP files?
The Eclipse Foundation allows committers to sign JAR and ZIP files on its behalf. Signing is done from any of the Hudson servers, or on build.eclipse.org. There are two ways to sign:
ZIP and JAR files from the Commandline
From the command line (or from a script) invoke the following command:
sign <file> <mail|nomail|now> [outputDir] [skiprepack]
- <file> refers to the name of the file, which must be located in the staging area (download-staging.priv)
- <mail|nomail|now> either queues up the files for signing and sends email to confirm signing is complete, or signs the file immediately, returning control to the caller once signing is complete
- [outputDir] is an optional directory where the signed files should be placed, leaving the originals intact
- [skiprepack] optionally does not pack/process JAR files
JAR files from a web service
Using a web POST method, individual JAR files can be signed from any of the internal Hudson servers (or from build.eclipse.org) with this service:
The output of that service will be the signed file. Please note that it is not appropriate to submit a ZIP file of jars to the web service. Use the queued method instead. Also note that the web service does not pack or process jar files.
Access/use the Eclipse Build Server?
Although we strongly encourage the use of Hudson for builds, committers can use the build.eclipse.org server to run builds and tests for their project. Unlike the other eclipse.org servers, committers are permitted to run software on this server, and to maintain running software in the background. If you need to run cron jobs, please contact the webmaster, stating the time and frequency at which these jobs are to run, and for how long they typically run. Server details:
- host: build.eclipse.org
- username: use your committer account
- server: Intel Dual-Quad Xeon E5540 @ 2.53GHz, 24G RAM
- architecture: x86_64
You can use an SSH client to connect to the server. For more information on SSH, please see the SSH section of this document.
Here are some directories that are of interest:
- /cvsroot, /svnroot, /gitroot -> the code repositories, connected to eclipse.org via a Gigabit connection. Your Build account cannot write to these files directly
- /home/data/httpd/download.eclipse.org -> the download.eclipse.org root, connected to eclipse.org via Gigabit connection.
- /shared -> a shared disk to store your build files and applications. Please note, however, that we do not maintain backups of this directory. This path is structured like the downloads area, and is accessible via http://build.eclipse.org/ (That URL redirects to the Eclipse homepage, but browsing to a specific project URL will work: http://build.eclipse.org/technology/, http://build.eclipse.org/tools/ etc.)
- /shared/common -> a common location to store applications. Ant and various JDKs are located there.
If you have any questions, please contact the webmaster.
Access/request Hudson services
Please see the Hudson document.
Setup a new mailing list?
Because Mailing Lists are subject to SPAM and can adversely affect eclipse.org performance (imaging sending 200 e-mails to a list that contains 3000 members), proper care is taken in configuring each list. New mailing lists are set up by the WebMaster for this reason. Also, the webmaster creates an HTML view (called mailing list archives) of mailing list postings for archive and search purposes.
View list members?
Because mailing lists contain private information, such as a member's e-mail address, name and surname, we cannot publicly display this information. However, the PMC or Project Lead can become the list administrator, which would allow you to view the membership information for your lists. The PMC/Project lead can inquire about list administration to the WebMaster, stating which lists they would like to manage.
Create a new page in the Eclipse Wiki
To create a new page, simply type the page name at the end of "/" in the URL. The name can contain spaces. For instance, http://wiki.eclipse.org/Some_Page will allow you to create and edit this new page.
Eclipse Foundation IT SLA
When you become committer, your default shell allows only CVS and SVN commands. If you need a 'real' shell for dealing with distribution files or working with automated builds, you'll need to have your project lead or the project PMC file a bug requesting the upgrade.
This page is moderated by the EMO