diff --git a/612/404.html b/612/404.html
new file mode 100644
index 0000000000..9baf45b2b4
--- /dev/null
+++ b/612/404.html
@@ -0,0 +1,15 @@
+404 Page not found | Documentation
+
+
+
+
+
+
Not found
Oops! This page doesn't exist. Try going back to our home page.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/README.md b/612/README.md
new file mode 100644
index 0000000000..578404d17f
--- /dev/null
+++ b/612/README.md
@@ -0,0 +1,8 @@
+# EGI Documentation
+
+> This project is only used to host the generated documentation and is not
+> meant to receive Pull Requests.
+>
+> In case you would like to open an issue or Pull Request please do it in the
+> [EGI-Federation/documentation](https://github.com/EGI-Federation/documentation)
+> repository.
diff --git a/612/_footer/index.html b/612/_footer/index.html
new file mode 100644
index 0000000000..8d5e02bc65
--- /dev/null
+++ b/612/_footer/index.html
@@ -0,0 +1,15 @@
+Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/about/concepts/index.html b/612/about/concepts/index.html
new file mode 100644
index 0000000000..1e1dcb5e0b
--- /dev/null
+++ b/612/about/concepts/index.html
@@ -0,0 +1,133 @@
+Concepts | Documentation
+
+
+
+
+
+
Concepts
Concepts used when writing documentation
The EGI documentation is a static site built using
+Hugo
+from Markdown source files. Hugo uses
+goldmark to parse and render markdown,
+which is compliant with CommonMark and
+GitHub Flavored Markdown (also based
+on CommonMark).
The EGI documentation is organized into sections and
+pages. Read below to understand when to use each of these,
+and how to create new sections and add new pages to a section.
Important
Avoid using pages in the
+documentation for now, create a distinct section for every page, because
+currently there is no way to automatically validate links in pages.
Sections
Sections are those pages that can have subpages. They always appear in
+bold in the left-side navigation tree:
Sections are also pages, meaning that selecting them in the
+navigation tree will show their content.
Creating sections
To create a new section, create a folder under /content/<language>/,
+add a file named _index.md to it, then author content for it as described
+below.
Note
Sections immediately
+under /content/<language>/ can show up in the top-level navigation bar.
+See below for details on how to control this.
Pages
Pages are Markdown files that contain the
+documentation about a specific topic. They hold the content for a section
+(in which case are named _index.md and the containing folder is the section),
+or a stand-alone page that is immediately under a section (the containing
+folder is the section).
This is how stand-alone pages appear in the left-side navigation tree:
+
Creating pages
Creating a documentation page is done by creating a Markdown file (with
+.md extension) under the relevant section (in the section’s folder).
Note
When authoring pages please observe
+and adhere to the Style Guide.
Page metadata
Each page needs some metadata that controls where the page appears and how
+its content will be rendered. The beginning of the Markdown file contains a
+front matter in YAML,
+holding the metadata of the page:
The parameter weight controls the order of the pages on the same level in
+the left-side navigation tree. Pages will appear in ascending order of their
+weight.
The above metadata produces the following result (relevant elements highlighted):
+
Add page to top navigation bar
Pages can be added to the top navigation bar by using a front matter like this:
Hugo organizes content
+for each page into a subfolder with the same name as the page’s filename.
+This allows authors to easily keep track of the resources used by each page.
Let’s assume we have a section named About with a subpage Concepts, using
+the following hierarchy of files:
For subpages, the (relative) path to
+the image already includes a folder with the same name as the file’s base name.
Linking to pages
You can include hyperlinks in the documentation that will
+link to any documentation page,
+or to external resources.
Assuming we have the same section named About with a subpage Concepts
+as used above, and the file _index.md
+contains this:
This is a link to a [page](concepts)
+This is another link to the same [page](concepts.md)
+
while the page concepts.md contains this:
This is link to a [section](../)
+This another link to a [section](../../about)
+
the links in these pages exemplify how to link to a different page,
+be it a section or a stand-alone page.
Note
When linking to a stand-alone page,
+if you omit the file extension, .md will be assumed.
Linking to documentation headings
You can also include hyperlinks in the documentation that will
+link to any heading (aka chapter)
+from any documentation page.
To link to a heading in a documentation page, you need to point the hyperlink
+to the anchor created automatically by Markdown for the targeted heading.
Note
You can derive the anchor from the
+name of the target heading, by converting it to lowercase, removing
+non-alphanumeric characters, replacing spaces with dashes, and keeping
+exactly one dash separating each subsequent word pair in the anchor.
Below you have an example of a page with sample headings and links to
+those headings:
This is a link to a [chapter](#some-chapter-title)
+This is a link to another [subchapter](#some-subchapter-title)
+
+## Some chapter title
+...
+### Some subchapter title
+...
+
Assuming we have the same section named About with a subpage Concepts
+as used above, and the file _index.md
+contains this:
## Section chapter
+This is a link to a [page chapter](concepts#page-chapter)
+This is another link to the same [page chapter](concepts.md#page-chapter)
+
while the page concepts.md contains this:
## Page chapter
+This s link to a [section chapter](../#section-chapter)
+This s link to a [section chapter](../../about#section-chapter)
+
the links in these pages exemplify how to link to headings in a
+different page or section.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/about/concepts/index.xml b/612/about/concepts/index.xml
new file mode 100644
index 0000000000..92f9c475da
--- /dev/null
+++ b/612/about/concepts/index.xml
@@ -0,0 +1 @@
+Documentation – Concepts/about/concepts/Recent content in Concepts on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/about/concepts/metadata.png b/612/about/concepts/metadata.png
new file mode 100644
index 0000000000..60e06a7f69
Binary files /dev/null and b/612/about/concepts/metadata.png differ
diff --git a/612/about/concepts/page.png b/612/about/concepts/page.png
new file mode 100644
index 0000000000..16f69d04a1
Binary files /dev/null and b/612/about/concepts/page.png differ
diff --git a/612/about/concepts/section.png b/612/about/concepts/section.png
new file mode 100644
index 0000000000..2719325503
Binary files /dev/null and b/612/about/concepts/section.png differ
diff --git a/612/about/contributing/git/index.html b/612/about/contributing/git/index.html
new file mode 100644
index 0000000000..1373e25493
--- /dev/null
+++ b/612/about/contributing/git/index.html
@@ -0,0 +1,212 @@
+Git and GitHub | Documentation
+
+
+
+
+
+
Git and GitHub
First steps with Git and GitHub
For collaboration purposes, it is best if you create a GitHub account and fork
+the repository to your own account. Once you do this, you will be able to push
+your changes to your GitHub repository for others to see and use, and you will
+be able to create pull requests (PRs) in the official EGI documentation
+repository based on branches in your fork.
If you are new to git and GitHub you are advised to start by the two
+following articles providing simple tutorials:
The GitHub command-line interface greatly helps with working with GitHub
+repositories from a terminal.
It can be installed using the packages available on
+their homepage. There is also a
+manual.
Once installed you will have to start by setting up authentication.
# Authenticate with GitHub, favor SSH protocol
+$ gh auth login
+$ gh config set git_protocol ssh
+
Working with repositories
The easiest way is to do it via the GitHub CLI that will also clone it locally.
+But it can also be done via the web interface, using the fork button and then
+cloning it locally manually.
Fork and clone
This command will fork the repository to your GitHub account and clone a local
+copy for you to work with.
$ gh repo fork EGI-Federation/documentation
+
Clone existing fork
If you want to clone an existing fork you should use:
$ gh repo clone <your_username>/documentation
+
Validate the local clone
If your local clone of you fork is correctly setup you should see references to
+the origin and upstream repositories.
You should submit your patch as a git branch ideally named with a meaningful
+name related to the changes you want to propose. This is called a feature
+branch (sometimes also named topic branch). You will commit your
+modifications to this feature branch and submit a Pull Request (PR) based on
+the differences between the upstream main branch and your feature branch.
Create a feature branch
Try to avoid committing changes to the main branch of your clone to simplify
+management, creating a dedicated feature branch helps a lot. Try to pick a
+meaningful name for the branch (my_nice_update in the example).
# This should be done from the up-to-date main branch
+# Read furthermore to see documentation on updating a local clone
+$ git checkout -b my_nice_update
+
Write changes
The documentation being made of plain text files you are free to use whatever
+text editor or Integrated Development Environment (IDE) suits you, from
+neovim to
+Visual Studio Code.
Some environments may provide you plugins helping with syntax or offering a
+preview, they are worth checking.
Be sure to commit files with having been formated using
+Prettier as documented in our style guide.
Commit changes
It is the best practice to have your commit message have a summary line that
+includes the issue number, followed by an empty line and then a brief
+description of the commit. This also helps other contributors understand the
+purpose of changes to the code.
#3 - platform_family and style
+
+ * use platform_family for platform checking
+ * update notifies syntax to "resource_type[resource_name]" instead of
+ resources() lookup
+ * GH-692 - delete config files dropped off by packages in conf.d
+ * dropped debian 4 support because all other platforms have the same
+ values, and it is older than "old stable" debian release
+
# Select the modified files to be committed
+$ git add files1 path2/
+# Commit the changes
+$ git commit -m <commit_message>
+
Push feature branch to the fork in preparation of a PR
From inside a feature branch you can push it to your remote fork.
# Ask git to keep trace of the link between local and remote branches
+$ git push --set-upstream
+
Once done, the output will show a URL that you can click to generate a Pull
+Request (PR). Accessing GitHub upstream of forked repositories may also propose
+you to submit a PR.
If needed GitHub CLI can also be used to prepare the PR:
If a repository maintainer adds the label safe for preview to a pull request
+it will be possible to preview it using a pull request-specific URL:
+https://docs.egi.eu/documentation/[PR_NUMBER]
The preview can be used as an alternative to testing a pull request locally, and
+the preview can easily be shared with other contributors.
Only collaborators having write permission to the repository are able to mark a
+pull request as safe for review.
This should be carefully considered, especially for external and first time
+contributors.
Update local feature branch with changes made on the PR
Once you PR have been opened it will be reviewed, and reviewers can propose and
+commit changes to your PR. If you need to make further changes be sure to update
+the local clone with the remote changes.
# Retrieve changes made on your PR in the upstream repository
+$ git pull
+
Then you can commit new changes and push them to your remote fork.
Update repository clone with the upstream changes
# If you are still in a branch created for a previous PR, move to main
+$ git checkout main
+# Get the latest data from the upstream repository
+$ git fetch upstream
+# Update your local copy with this data
+$ git rebase upstream/main main
+# Update your remote GitHub fork with those changes
+$ git push
+
Update local feature branch with changes made on the main branch
In case the main branch evolved since the feature branch was created, it may
+be required to merge the new changes in the feature branch.
It can easily be done via the PR page on the GitHub web interface, but it can
+also be done in your repository clone using git rebase.
# Retrieve changes made in the upstream repository
+$ git fetch upstream
+# Check out the feature branch
+$ git checkout feature_branch
+# Apply the new changes on main to your feature branch
+$ git rebase upstream/main
+
In case some files have been changed on both sides you will have to merge
+the conflicts manually.
Running checks from GitHub actions locally
The repository leverages GitHub Actions to do
+automatic checks.
It’s possible to run those linters locally, it can be useful to test and debug why they
+are reporting errors, and test without waiting on the automatic checks.
To save time, we recommend running the specific you are interested in, but as documented
+later for Check-Spelling, you can use act to run the real GitHub actions workflows.
Running markdownlint locally
markdownlint-cli can be
+installed locally on some platforms, in that case it can be used like this:
For spelling, it may be easier to rely on a spell checker integrated in your content editor.
Nevertheless, if you are adventurous, you can use act,
+that will use docker to run the checks locally.
While the spell check should work, other part of the job interacting with GitHub will
+likely fail, like when errors are identified, so be sure to properly scan through the
+command output.
# Listing available jobs
+$ act -l
+# Running the spelling job
+$ act -j spelling
+
Running Super-Linter locally
Should you want to do this, Super-Linter can be run locally.
People having write access to the repository hosting the branch related to the
+PR (ie. usually the PR author) will be able to add and edit files.
# From the local clone of the repository
+$ gh pr checkout XXX --recurse-submodules
+$ vim yyy.zz
+$ git add yyy.zz
+$ git commit yyy.zz -m <commit_message>
+$ git push
+
Update a local clone of a PR
# It will ask you to merge changes
+$ git pull
+
Then you can refer to the README.md to see how to test it locally.
In case the PR got commits that were forced pushed you may have troubles, in
+that case it may be easier to
+delete the local branch and do another
+checkout of the PR.
Clean a local clone of a PR
In case you have troubles updating the local clone, as it can happens if changes
+were forced pushed to it, it maybe easier to delete the local copy of the PR and
+recreate it.
# Switch to main branch
+$ git checkout main
+# Check local branches
+$ git branch -vv
+# Delete a specific branch
+$ git branch -d <branch_name>
+# If you need to force the deletion use -D
+$ git branch -D <branch_name>
+
Using stashes
Sometimes we realise just before committing a change that we are not in the
+correct branch (ie. that we forgot to create a dedicated feature branch), when
+this happens git stash can be helpful.
# Saving a change
+$ git stash save <optional message>
+# Creating the forgotten branch
+$ git checkout -b <my_feature_branch>
+# Reviewing the saved changes, use TAB completion
+$ git stash show <TAB>
+# Applying the saved changes, use TAB completion
+$ git stash pop <TAB>
+# Review the changes to be committed
+$ git diff
+
If you already committed your change(s) you may have to look at git reset.
# Viewing the diff of the two last commits
+$ git log -n 2 -p
+# Reverting the last change, keeping the change in the local directory
+$ git reset HEAD^
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/about/contributing/git/index.xml b/612/about/contributing/git/index.xml
new file mode 100644
index 0000000000..4a70dfe18c
--- /dev/null
+++ b/612/about/contributing/git/index.xml
@@ -0,0 +1 @@
+Documentation – Git and GitHub/about/contributing/git/Recent content in Git and GitHub on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/about/contributing/index.html b/612/about/contributing/index.html
new file mode 100644
index 0000000000..11b9fdb2fb
--- /dev/null
+++ b/612/about/contributing/index.html
@@ -0,0 +1,81 @@
+Contributing | Documentation
+
+
+
+
+
+
Contributing
Contributing to EGI documentation
Thank you for taking the time to contribute to this project. The maintainers
+greatly appreciate the interest of contributors and rely on continued engagement
+with the community to ensure this project remains useful. We would like to
+take steps to put contributors in the best possible position to have their
+contributions accepted. Please take a few moments to read this short guide on
+how to contribute.
Note
Before you start contributing to the
+EGI documentation, please familiarize yourself with the concepts
+used by documentation authors. When authoring pages, please observe and adhere
+to the Style Guide.
Tip
We also welcome contributions
+regarding how to contribute easier and more efficiently.
Feedback and questions
If you wish to discuss anything related to the project, please open a
+GitHub issue or
+start a topic on the EGI Community Forum.
Note
The maintainers will move issues from
+GitHub to the community forum when longer, more open-ended discussion would be
+beneficial, including a wider community scope.
Contribution process
All contributions have to go through a review process, and contributions can be
+made in two ways:
For simple contributions navigate to the documentation page you want to
+improve, and click the Edit this page link in
+the top-right corner
+(see also the GitHub documentation).
+You will be guided through the required steps. Be sure to save your
+changes quickly as the repository may be updated by someone else in the
+meantime.
For more complex contributions or when you want to preview and test changes
+locally you should fork the repository as documented on the
+Using Git and GitHub page.
Contributing via PRs
Note
If you need to discuss your changes
+beforehand (e.g. adding a new section or if you have any doubts), please
+consult the maintainers by creating a
+GitHub issue.
You can also create an issue by navigating to a documentation page, and
+clicking the Create documentation issue link
+in the top-right corner.
Before proposing a contribution via the so-called Pull Request (PR) workflow,
+there should be an open issue
+describing the need for your contribution (refer to this issue number when you
+submit the PR). We have a three-step process for contributions:
Fork the project if you have not done so yet, and commit changes to a
+feature branch. Building the documentation locally is described in the
+README.
Create a GitHub PR from your feature branch, following the instructions
+in the PR template.
Perform a code review with the maintainers on the PR.
Tip
Rebase your fork’s main branch on the
+EGI documentation repository’s
+main branch,
+before you create new feature branches from it.
PR requirements
If the PR is not finalised mark it as draft using the GitHub web interface,
+so it is clear it should not be reviewed yet.
Explain your contribution in plain language. To assist the maintainers in
+understanding and appreciating your PR, please use the template to
+explain why you are making this contribution, rather than just what the
+contribution entails.
Code review process
Code review takes place in GitHub pull requests (PRs). See
+this article if you’re
+not familiar with GitHub PRs.
Once you open a PR, automated checks will verify the style and syntax
+of your changes and maintainers will review your code using the built-in code
+review process in GitHub PRs.
The process at this point is as follows:
Automated syntax and formatting checks are run using
+GitHub Actions, successful checks are
+a hard requirement, but maintainers will help you address reported
+issues.
Maintainers will review your changes and merge it if no changes are
+necessary.
+Your change will be merged into the repository’s main branch.
If a maintainer has feedback or questions on your changes, they will set
+request changes in the review and provide an explanation.
Release cycle
The documentation is using a rolling release model, all changes merged to the
+main branch are directly deployed to the live production environment.
The main branch is always available. Tagged versions may be created as needed
+following semantic versioning when applicable.
Community
EGI benefits from a strong community of developers and system administrators,
+and vice-versa. If you have any questions or if you would like to get involved
+in the wider EGI community you can check out:
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/about/contributing/index.xml b/612/about/contributing/index.xml
new file mode 100644
index 0000000000..f4aa766a73
--- /dev/null
+++ b/612/about/contributing/index.xml
@@ -0,0 +1,1327 @@
+Documentation – Contributing/about/contributing/Recent content in Contributing on DocumentationHugo -- gohugo.ioAbout: Git and GitHub/about/contributing/git/Mon, 01 Jan 0001 00:00:00 +0000/about/contributing/git/
+<p>For collaboration purposes, it is best if you create a GitHub account and fork
+the repository to your own account. Once you do this, you will be able to push
+your changes to your GitHub repository for others to see and use, and you will
+be able to create pull requests (PRs) in the official EGI documentation
+repository based on branches in your fork.</p>
+<p>If you are new to <code>git</code> and <strong>GitHub</strong> you are advised to start by the two
+following articles providing simple tutorials:</p>
+<ul>
+<li><a href="https://opensource.com/article/18/1/step-step-guide-git">Step by step guide to git</a></li>
+<li><a href="https://opensource.com/article/19/7/create-pull-request-github">Creating pull request with GitHub</a></li>
+</ul>
+<p>GitHub official documentation is available at
+<a href="https://docs.github.com/en/">docs.github.com</a>.</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+The
+<a href="https://github.com/firstcontributions/first-contributions">first-contributions</a>
+is a repository allowing anyone to freely learn and test creating a real Pull
+Request to an existing GitHub repository.
+</div>
+<p>Additional documentation about the main steps for working with GitHub is also
+available in this section.</p>
+<h2 id="the-github-contribution-flow">The GitHub contribution flow</h2>
+<p>In order to be able to send code update to the repository you need to:</p>
+<ul>
+<li>fork the repository to your GitHub account</li>
+<li>clone the repository on your local computer</li>
+<li>create a <em>feature branch</em> where you will commit your changes</li>
+<li>push the <em>feature branch</em> to the repository fork in your GitHub account</li>
+<li>open a Pull Request against the upstream repository</li>
+</ul>
+<p>In this process three git repositories are used:</p>
+<ul>
+<li>The <em>upstream</em> repository: EGI-Federation/documentation</li>
+<li>Your fork, also named <em>origin</em>: <your_username>/documentation</li>
+<li>A local clone of your fork, containing references to your fork, its <em>origin</em>
+and to the <em>upstream</em> repository</li>
+</ul>
+<h2 id="add-an-ssh-key-to-your-github-account">Add an SSH key to your GitHub account</h2>
+<p>The most convenient way to authenticate with GitHub is to use SSH keys over the
+SSH protocol.</p>
+<p>You can add an SSH <em>public</em> key to your GitHub account in the <code>Settings</code> on
+GitHub, at <a href="https://github.com/settings/keys">https://github.com/settings/keys</a>.</p>
+<p>Refer to
+<a href="https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/connecting-to-github-with-ssh">Connecting to GitHub with SSH</a>
+for an extensive documentation on using SSH keys with GitHub.</p>
+<p>It’s worth to mention that your ssh <em>public</em> keys can easily be retrieved using
+a URL like <code>https://github.com/<your_username>.keys</code>.</p>
+<p>In order to manage repositories over ssh, you will have to clone them via
+SSH, not HTTPS.</p>
+<p>If you already have a local clone of a repository created via HTTPS, you can
+switch it to SSH by following
+<a href="https://docs.github.com/en/free-pro-team@latest/github/using-git/changing-a-remotes-url#switching-remote-urls-from-https-to-ssh">Switching remote URLs from HTTPS to SSH</a>.</p>
+<h2 id="starting-with-the-github-cli">Starting with the GitHub CLI</h2>
+<p>The GitHub command-line interface greatly helps with working with GitHub
+repositories from a terminal.</p>
+<p>It can be installed using the packages available on
+<a href="https://cli.github.com/">their homepage</a>. There is also a
+<a href="https://cli.github.com/manual/">manual</a>.</p>
+<p>Once installed you will have to start by setting up authentication.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Authenticate with GitHub, favor SSH protocol</span>
+</span></span><span style="display:flex;"><span>$ gh auth login
+</span></span><span style="display:flex;"><span>$ gh config <span style="color:#204a87">set</span> git_protocol ssh
+</span></span></code></pre></div><h2 id="working-with-repositories">Working with repositories</h2>
+<p>The easiest way is to do it via the GitHub CLI that will also clone it locally.
+But it can also be done via the web interface, using the <em>fork</em> button and then
+cloning it locally manually.</p>
+<h3 id="fork-and-clone">Fork and clone</h3>
+<p>This command will fork the repository to your GitHub account and clone a local
+copy for you to work with.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ gh repo fork EGI-Federation/documentation
+</span></span></code></pre></div><h3 id="clone-existing-fork">Clone existing fork</h3>
+<p>If you want to clone an existing fork you should use:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ gh repo clone <your_username>/documentation
+</span></span></code></pre></div><h3 id="validate-the-local-clone">Validate the local clone</h3>
+<p>If your local clone of you fork is correctly setup you should see references to
+the origin and upstream repositories.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ git remote -v
+</span></span><span style="display:flex;"><span>origin git@github.com:<your_username>/documentation <span style="color:#ce5c00;font-weight:bold">(</span>fetch<span style="color:#ce5c00;font-weight:bold">)</span>
+</span></span><span style="display:flex;"><span>origin git@github.com:<your_username>/documentation <span style="color:#ce5c00;font-weight:bold">(</span>push<span style="color:#ce5c00;font-weight:bold">)</span>
+</span></span><span style="display:flex;"><span>upstream git@github.com:EGI-Federation/documentation.git <span style="color:#ce5c00;font-weight:bold">(</span>fetch<span style="color:#ce5c00;font-weight:bold">)</span>
+</span></span><span style="display:flex;"><span>upstream git@github.com:EGI-Federation/documentation.git <span style="color:#ce5c00;font-weight:bold">(</span>push<span style="color:#ce5c00;font-weight:bold">)</span>
+</span></span></code></pre></div><h2 id="run-the-site-locally">Run the site locally</h2>
+<p>The documentation site is built from the source files using
+<a href="https://gohugo.io/">Hugo</a>. The repository
+<a href="https://github.com/EGI-Federation/documentation/blob/main/README.md">README</a>
+can be used as a reference for building instructions.</p>
+<h3 id="requirements">Requirements</h3>
+<ul>
+<li><a href="https://gohugo.io">Hugo</a></li>
+<li><a href="https://nodejs.org/">Node.js</a> and other <a href="https://www.docsy.dev">docsy</a> theme
+dependencies:
+<ul>
+<li>postcss-cli</li>
+<li>autoprofixer</li>
+</ul>
+</li>
+</ul>
+<h3 id="installing-dependencies">Installing dependencies</h3>
+<p>To install npm+Node.js please check the
+<a href="https://www.npmjs.com/get-npm">official instructions</a>.</p>
+<p>Everything has been tested with Node.js 12.</p>
+<p>The dependencies of the docsy theme can be installed as follows:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># From the root of the repository clone</span>
+</span></span><span style="display:flex;"><span>$ npm ci
+</span></span></code></pre></div><p>Hugo can be installed following
+<a href="https://gohugo.io/getting-started/installing">the official documentation</a>.</p>
+<p>Hugo (extended) releases can be downloaded at
+<a href="https://github.com/gohugoio/hugo/releases">the Hugo releases page</a>.</p>
+<h3 id="building-the-site">Building the site</h3>
+<p>To build and run the site, from the repository root:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ git submodule update --init --recursive --depth <span style="color:#0000cf;font-weight:bold">1</span>
+</span></span><span style="display:flex;"><span>$ hugo --minify
+</span></span></code></pre></div><h3 id="testing-the-site-locally">Testing the site locally</h3>
+<p>To launch the site locally, from the repository root:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ hugo serve -D
+</span></span></code></pre></div><p>The site is available locally at:
+<a href="http://localhost:1313/">http://localhost:1313/</a>.</p>
+<h2 id="branches-and-commits">Branches and commits</h2>
+<p>You should submit your patch as a git branch ideally named with a meaningful
+name related to the changes you want to propose. This is called a <em>feature
+branch</em> (sometimes also named <em>topic branch</em>). You will commit your
+modifications to this <em>feature branch</em> and submit a Pull Request (PR) based on
+the differences between the upstream main branch and your <em>feature branch</em>.</p>
+<h3 id="create-a-feature-branch">Create a feature branch</h3>
+<p>Try to avoid committing changes to the <em>main</em> branch of your clone to simplify
+management, creating a dedicated <em>feature branch</em> helps a lot. Try to pick a
+meaningful name for the branch (my_nice_update in the example).</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># This should be done from the up-to-date main branch</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Read furthermore to see documentation on updating a local clone</span>
+</span></span><span style="display:flex;"><span>$ git checkout -b my_nice_update
+</span></span></code></pre></div><h2 id="write-changes">Write changes</h2>
+<p>The documentation being made of plain text files you are free to use whatever
+text editor or Integrated Development Environment (IDE) suits you, from
+<a href="https://neovim.io/">neovim</a> to
+<a href="https://code.visualstudio.com/">Visual Studio Code</a>.</p>
+<p>Some environments may provide you plugins helping with syntax or offering a
+preview, they are worth checking.</p>
+<p>Be sure to commit files with having been formated using
+<a href="https://prettier.io/">Prettier</a> as documented in our <a href="../style/">style guide</a>.</p>
+<h2 id="commit-changes">Commit changes</h2>
+<p>It is the best practice to have your commit message have a <em>summary line</em> that
+includes the issue number, followed by an empty line and then a brief
+description of the commit. This also helps other contributors understand the
+purpose of changes to the code.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> #3 - platform_family and style
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span> * use platform_family for platform checking
+</span></span><span style="display:flex;"><span> * update notifies syntax to "resource_type[resource_name]" instead of
+</span></span><span style="display:flex;"><span> resources() lookup
+</span></span><span style="display:flex;"><span> * GH-692 - delete config files dropped off by packages in conf.d
+</span></span><span style="display:flex;"><span> * dropped debian 4 support because all other platforms have the same
+</span></span><span style="display:flex;"><span> values, and it is older than "old stable" debian release
+</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Select the modified files to be committed</span>
+</span></span><span style="display:flex;"><span>$ git add files1 path2/
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Commit the changes</span>
+</span></span><span style="display:flex;"><span>$ git commit -m <commit_message>
+</span></span></code></pre></div><h2 id="push-feature-branch-to-the-fork-in-preparation-of-a-pr">Push feature branch to the fork in preparation of a PR</h2>
+<p>From inside a feature branch you can push it to your remote fork.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Ask git to keep trace of the link between local and remote branches</span>
+</span></span><span style="display:flex;"><span>$ git push --set-upstream
+</span></span></code></pre></div><p>Once done, the output will show a URL that you can click to generate a Pull
+Request (PR). Accessing GitHub upstream of forked repositories may also propose
+you to submit a PR.</p>
+<p>If needed GitHub CLI can also be used to prepare the PR:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ gh pr create <your_username>:<feature_branch> --web
+</span></span></code></pre></div><h3 id="previewing-a-pull-request">Previewing a pull request</h3>
+<p>If a repository maintainer adds the label <code>safe for preview</code> to a pull request
+it will be possible to preview it using a pull request-specific URL:
+<code>https://docs.egi.eu/documentation/[PR_NUMBER]</code></p>
+<p>The preview can be used as an alternative to testing a pull request locally, and
+the preview can easily be shared with other contributors.</p>
+<p>Only collaborators having write permission to the repository are able to mark a
+pull request as safe for review.</p>
+<blockquote>
+<p>This should be carefully considered, especially for external and first time
+contributors.</p>
+</blockquote>
+<h3 id="update-local-feature-branch-with-changes-made-on-the-pr">Update local feature branch with changes made on the PR</h3>
+<p>Once you PR have been opened it will be reviewed, and reviewers can propose and
+commit changes to your PR. If you need to make further changes be sure to update
+the local clone with the remote changes.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Retrieve changes made on your PR in the upstream repository</span>
+</span></span><span style="display:flex;"><span>$ git pull
+</span></span></code></pre></div><p>Then you can commit new changes and push them to your remote fork.</p>
+<h2 id="update-repository-clone-with-the-upstream-changes">Update repository clone with the upstream changes</h2>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># If you are still in a branch created for a previous PR, move to main</span>
+</span></span><span style="display:flex;"><span>$ git checkout main
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Get the latest data from the upstream repository</span>
+</span></span><span style="display:flex;"><span>$ git fetch upstream
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Update your local copy with this data</span>
+</span></span><span style="display:flex;"><span>$ git rebase upstream/main main
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Update your remote GitHub fork with those changes</span>
+</span></span><span style="display:flex;"><span>$ git push
+</span></span></code></pre></div><h2 id="update-local-feature-branch-with-changes-made-on-the-main-branch">Update local feature branch with changes made on the main branch</h2>
+<p>In case the <em>main</em> branch evolved since the feature branch was created, it may
+be required to merge the new changes in the feature branch.</p>
+<p>It can easily be done via the PR page on the GitHub web interface, but it can
+also be done in your repository clone using <code>git rebase</code>.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Retrieve changes made in the upstream repository</span>
+</span></span><span style="display:flex;"><span>$ git fetch upstream
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Check out the feature branch</span>
+</span></span><span style="display:flex;"><span>$ git checkout feature_branch
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Apply the new changes on main to your feature branch</span>
+</span></span><span style="display:flex;"><span>$ git rebase upstream/main
+</span></span></code></pre></div><p>In case some files have been changed on both sides you will have to merge
+the conflicts manually.</p>
+<h2 id="running-checks-from-github-actions-locally">Running checks from GitHub actions locally</h2>
+<p>The repository leverages <a href="https://github.com/features/actions">GitHub Actions</a> to do
+automatic checks.</p>
+<p>The main checks are:</p>
+<ul>
+<li>File lint using <a href="https://github.com/marketplace/actions/super-linter">Super-Linter</a>
+that includes many linters. Markdown files are processed using
+<a href="https://github.com/igorshubovych/markdownlint-cli#readme">markdownlint-cli</a>.</li>
+<li><a href="https://github.com/marketplace/actions/markdown-link-check">Markdown link check</a>,
+relying on <a href="https://github.com/tcort/markdown-link-check/">markdown-link-check</a>.</li>
+<li>Spelling using <a href="https://github.com/marketplace/actions/check-spelling">Check Spelling</a>.</li>
+</ul>
+<p>It’s possible to run those linters locally, it can be useful to test and debug why they
+are reporting errors, and test without waiting on the automatic checks.</p>
+<blockquote>
+<p>To save time, we recommend running the specific you are interested in, but as documented
+later for Check-Spelling, you can use <code>act</code> to run the real GitHub actions workflows.</p>
+</blockquote>
+<h3 id="running-markdownlint-locally">Running markdownlint locally</h3>
+<p><a href="https://github.com/igorshubovych/markdownlint-cli#readme">markdownlint-cli</a> can be
+installed locally on some platforms, in that case it can be used like this:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ markdownlint -c .github/linters/.markdownlint.json <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> content/en/about/_index.md
+</span></span></code></pre></div><p>If you cannot or don’t want to install it locally, you can rely on using
+<a href="https://www.docker.com/">Docker</a> and <a href="https://github.com/features/packages">GitHub Packages</a>:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker run -v <span style="color:#000">$PWD</span>:/workdir:ro --rm -i ghcr.io/igorshubovych/markdownlint-cli:latest <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --config .github/linters/.markdownlint.json <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> content/en/about/_index.md
+</span></span></code></pre></div><h3 id="running-markdown-link-check-locally">Running markdown-link-check locally</h3>
+<p>You can use <a href="https://www.docker.com/">Docker</a> and
+<a href="https://github.com/features/packages">GitHub Packages</a>:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ docker run -v <span style="color:#000">$PWD</span>:/tmp:ro --rm -i ghcr.io/tcort/markdown-link-check:stable <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --config /tmp/.github/linters/mlc_config.json <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> /tmp/content/en/about/_index.md
+</span></span></code></pre></div><h3 id="running-check-spelling-locally">Running Check-Spelling locally</h3>
+<p>For spelling, it may be easier to rely on a spell checker integrated in your content editor.</p>
+<p>Nevertheless, if you are adventurous, you can use <a href="https://github.com/nektos/act">act</a>,
+that will use docker to run the checks locally.</p>
+<blockquote>
+<p>While the spell check should work, other part of the job interacting with GitHub will
+likely fail, like when errors are identified, so be sure to properly scan through the
+command output.</p>
+</blockquote>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Listing available jobs</span>
+</span></span><span style="display:flex;"><span>$ act -l
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Running the spelling job</span>
+</span></span><span style="display:flex;"><span>$ act -j spelling
+</span></span></code></pre></div><h3 id="running-super-linter-locally">Running Super-Linter locally</h3>
+<p>Should you want to do this, Super-Linter can be run locally.</p>
+<p>You can try using <a href="https://github.com/nektos/act">act</a>:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Listing available jobs</span>
+</span></span><span style="display:flex;"><span>$ act -l
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Running the lint job</span>
+</span></span><span style="display:flex;"><span>$ act -j super-lint
+</span></span></code></pre></div><p>If it doesn’t work as expected, or if you prefer another solution, you should look at the
+<a href="https://github.com/github/super-linter/blob/main/docs/run-linter-locally.md">Super-Linter documentation for running locally</a>.</p>
+<h2 id="clone-pr-to-edittestreview-locally">Clone PR to edit/test/review locally</h2>
+<p>It’s possible to clone a Pull Request to a local branch to test it locally. It’s
+done using the PR number.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># List available PR and their identifiers.</span>
+</span></span><span style="display:flex;"><span>$ gh pr list
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Clone specific PR, updating sudmodules</span>
+</span></span><span style="display:flex;"><span>$ gh pr checkout XX --recurse-submodules
+</span></span></code></pre></div><p>Once done it’s possible to build and run the site locally:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># From the root of the repository clone</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Here on MacOS X, adapt depending on your platform</span>
+</span></span><span style="display:flex;"><span>$ hugo serve -D
+</span></span></code></pre></div><p>The documentation will then be accessible on
+<a href="http://localhost:1313">http://localhost:1313</a>.</p>
+<blockquote>
+<p>People having write access to the repository hosting the branch related to the
+PR (ie. usually the PR author) will be able to add and edit files.</p>
+</blockquote>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># From the local clone of the repository</span>
+</span></span><span style="display:flex;"><span>$ gh pr checkout XXX --recurse-submodules
+</span></span><span style="display:flex;"><span>$ vim yyy.zz
+</span></span><span style="display:flex;"><span>$ git add yyy.zz
+</span></span><span style="display:flex;"><span>$ git commit yyy.zz -m <commit_message>
+</span></span><span style="display:flex;"><span>$ git push
+</span></span></code></pre></div><h3 id="update-a-local-clone-of-a-pr">Update a local clone of a PR</h3>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># It will ask you to merge changes</span>
+</span></span><span style="display:flex;"><span>$ git pull
+</span></span></code></pre></div><p>Then you can refer to the <code>README.md</code> to see how to test it locally.</p>
+<p>In case the PR got commits that were forced pushed you may have troubles, in
+that case it may be easier to
+<a href="#clean-a-local-clone-of-a-pr">delete the local branch</a> and do another
+<a href="#clone-pr-to-edittestreview-locally">checkout of the PR</a>.</p>
+<h3 id="clean-a-local-clone-of-a-pr">Clean a local clone of a PR</h3>
+<p>In case you have troubles updating the local clone, as it can happens if changes
+were forced pushed to it, it maybe easier to delete the local copy of the PR and
+recreate it.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Switch to main branch</span>
+</span></span><span style="display:flex;"><span>$ git checkout main
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Check local branches</span>
+</span></span><span style="display:flex;"><span>$ git branch -vv
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Delete a specific branch</span>
+</span></span><span style="display:flex;"><span>$ git branch -d <branch_name>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># If you need to force the deletion use -D</span>
+</span></span><span style="display:flex;"><span>$ git branch -D <branch_name>
+</span></span></code></pre></div><h2 id="using-stashes">Using stashes</h2>
+<p>Sometimes we realise just before committing a change that we are not in the
+correct branch (ie. that we forgot to create a dedicated feature branch), when
+this happens <code>git stash</code> can be helpful.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Saving a change</span>
+</span></span><span style="display:flex;"><span>$ git stash save <optional message>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creating the forgotten branch</span>
+</span></span><span style="display:flex;"><span>$ git checkout -b <my_feature_branch>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Reviewing the saved changes, use TAB completion</span>
+</span></span><span style="display:flex;"><span>$ git stash show <TAB>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Applying the saved changes, use TAB completion</span>
+</span></span><span style="display:flex;"><span>$ git stash pop <TAB>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Review the changes to be committed</span>
+</span></span><span style="display:flex;"><span>$ git diff
+</span></span></code></pre></div><p>If you already committed your change(s) you may have to look at <code>git reset</code>.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Viewing the diff of the two last commits</span>
+</span></span><span style="display:flex;"><span>$ git log -n <span style="color:#0000cf;font-weight:bold">2</span> -p
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Reverting the last change, keeping the change in the local directory</span>
+</span></span><span style="display:flex;"><span>$ git reset HEAD^
+</span></span></code></pre></div>About: Style Guide/about/contributing/style/Mon, 01 Jan 0001 00:00:00 +0000/about/contributing/style/
+<h2 id="general-recommendations">General recommendations</h2>
+<ul>
+<li>All files and folders should be lower case</li>
+<li>EGI Services should be named exactly as in the
+<a href="https://www.egi.eu/services/">EGI Services Portfolio</a></li>
+<li>Acronyms should be used only when it makes sense</li>
+<li>Service names should never be replaced by acronyms</li>
+<li>When introducing services, link to the public page of the service, if any:</li>
+</ul>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>[<span style="color:#204a87;font-weight:bold">EGI Cloud Compute</span>](<span style="color:#c4a000">https://www.egi.eu/service/cloud-compute/</span>)
+</span></span></code></pre></div><h2 id="markdown-writing-guidelines">Markdown writing guidelines</h2>
+<p>Documentation pages have to be written in Markdown, compliant with
+<a href="https://spec.commonmark.org/0.29/">CommonMark</a> and
+<a href="https://github.github.com/gfm/">GitHub Flavored Markdown</a>.</p>
+<h3 id="basic-rules">Basic rules</h3>
+<ul>
+<li>Headings must start at level 2 (<code>##</code>), as level 1 (<code>#</code>) is the title of the
+page</li>
+<li>Lines should be wrapped at 80 characters</li>
+<li>Sentences must be separated by one space only</li>
+<li>Indent is made with spaces, not with tabs</li>
+<li>Bullet lists should be using <code>-</code> not <code>*</code></li>
+<li>Numbered lists should be using <code>1.</code> for each line (automatic numbering)</li>
+<li>Indent secondary (and following) level lists with 2 spaces</li>
+<li>Lines must end with a Line Feed character (<code>\n</code>)</li>
+<li>Files must end with an empty line</li>
+<li>Shell examples should include a prompt (<code>$</code> or <code>></code>) in front of commands, to
+make it easy to understand which is the command and which is the output</li>
+<li>Commands in shell examples should be broken into multiple lines of 80
+characters or less, using a trailing backslash character (<code>\</code>) on each line
+that continues on the next</li>
+<li>Never break command output in shell examples to multiple lines, instead use
+<a href="#adding-exceptions-for-style-violations">style exceptions</a> when necessary</li>
+</ul>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+Syntax examples that can be used in the
+files are documented in the <a href="../shortcodes">shortcodes</a> section.
+</div>
+<h3 id="automating-formatting-and-checking">Automating formatting and checking</h3>
+<p>Style should be enforced via the usage of <a href="https://prettier.io/">Prettier</a>.
+Prettier can be integrated with
+<a href="https://prettier.io/docs/en/editors.html">various editors</a>.</p>
+<ul>
+<li>With VIM/neovim it can be used via a plugin like
+<a href="https://github.com/dense-analysis/ale">ALE</a> as described in the
+<a href="https://prettier.io/docs/en/vim.html">official documentation</a>.</li>
+<li>With <a href="https://code.visualstudio.com">VisualStudio Code</a> please see the
+<a href="https://prettier.io/docs/en/editors.html#visual-studio-code">official documentation</a></li>
+</ul>
+<p>Configuration is provided in <code>.prettierrc</code>, options can be set as follows:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>--print-width <span style="color:#0000cf;font-weight:bold">80</span> --tab-width <span style="color:#0000cf;font-weight:bold">2</span> --prose-wrap always
+</span></span></code></pre></div><p>When a contribution is received (via a pull request), the proposed changes are
+checked using
+<a href="https://github.com/EGI-Federation/documentation/tree/main/.github/workflows">various linters</a>.</p>
+<h2 id="general-writing-guidelines">General writing guidelines</h2>
+<p>Follow the guidelines below to ensure readability and consistency of the EGI
+documentation. These are based on the
+<a href="https://docs.openstack.org/doc-contrib-guide/writing-style.html">OpenStack documentation writing style</a>
+guidelines, released under a
+<a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons license</a>.</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+Short and simple sentences are easier to
+read and understand.
+</div>
+<h3 id="use-standard-english">Use standard English</h3>
+<p>Use standard British English (UK) throughout all technical publications. When in
+doubt about the spelling of a word, consult the Merriam-Webster’s Collegiate
+Dictionary and the
+<a href="https://www.ibm.com/developerworks/library/styleguidelines/">IBM developerWorks editorial style guide</a>.</p>
+<h3 id="be-clear-and-concise">Be clear and concise</h3>
+<p>Follow the principles of minimalism. If you can describe an idea in one word, do
+not use two words. Eliminate all redundant modifiers, such as adjectives and
+adverbs.</p>
+<h3 id="write-objectively">Write objectively</h3>
+<p>Do not use humor, jargon, exclamation marks, idioms, metaphors, and other
+colloquialisms.</p>
+<h3 id="describe-the-most-common-use-case-first">Describe the most common use case first</h3>
+<p>Put the most common case in the main clause and at the beginning of a paragraph
+or section. You can introduce additional use cases by starting a sentence with
+“however” or “if”.</p>
+<h3 id="write-in-active-voice">Write in active voice</h3>
+<p>In general, write in active voice rather than passive voice. Active voice
+identifies the agent of action as the subject of the verb, usually the user.
+Passive voice identifies the recipient (not the source) of the action as the
+subject of the verb.</p>
+<p>Active-voice sentences clarify the performer of an action and are easier to
+understand than passive-voice sentences. Passive voice is usually less engaging
+and more complicated than active voice. When you use passive voice, the actions
+and responses of the software can be difficult to distinguish from those of the
+user. In addition, passive voice usually requires more words than active voice.</p>
+<ul class="nav nav-tabs" id="tabs-2" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-2-0-tab" data-toggle="tab" href="#tabs-2-0" role="tab"
+aria-controls="tabs-2-0" aria-selected="true">
+Examples
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-2-content">
+<div class="tab-pane show active"
+id="tabs-2-0" role="tabpanel" aria-labelled-by="tabs-2-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>After the software has been installed, the computer can be started.</td>
+<td>After you install the software, start the computer.</td>
+</tr>
+<tr>
+<td>The Configuration is saved when you click OK.</td>
+<td>Click OK to save the configuration.</td>
+</tr>
+<tr>
+<td>A server is created by you.</td>
+<td>Create a server.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<p>However, passive voice is acceptable in the following situations:</p>
+<ul>
+<li>Using active voice sounds like you are blaming the user. For example, you can
+use passive voice in an error message or troubleshooting content when the
+active subject is the user.</li>
+</ul>
+<ul class="nav nav-tabs" id="tabs-3" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-3-0-tab" data-toggle="tab" href="#tabs-3-0" role="tab"
+aria-controls="tabs-3-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-3-content">
+<div class="tab-pane show active"
+id="tabs-3-0" role="tabpanel" aria-labelled-by="tabs-3-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>If the build fails, you probably omitted the flavor.</td>
+<td>If the build fails, the flavor might have been omitted.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<ul>
+<li>The agent of action is unknown, or you want to de-emphasize the agent of
+action and emphasize the object on which the action is performed.</li>
+</ul>
+<ul class="nav nav-tabs" id="tabs-4" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-4-0-tab" data-toggle="tab" href="#tabs-4-0" role="tab"
+aria-controls="tabs-4-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-4-content">
+<div class="tab-pane show active"
+id="tabs-4-0" role="tabpanel" aria-labelled-by="tabs-4-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>The product, OS, or database returns the messages.</td>
+<td>The messages are returned [by the database].</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<ul>
+<li>Recasting the sentence in active voice is wordy or awkward.</li>
+</ul>
+<ul class="nav nav-tabs" id="tabs-5" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-5-0-tab" data-toggle="tab" href="#tabs-5-0" role="tab"
+aria-controls="tabs-5-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-5-content">
+<div class="tab-pane show active"
+id="tabs-5-0" role="tabpanel" aria-labelled-by="tabs-5-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>In 2009, engineers developed a software that simplifies the installation.</td>
+<td>A software that simplifies the installation was developed in 2009.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="write-in-second-person">Write in second person</h3>
+<p>Users are more engaged with documentation when you use second person (that is,
+you address the user as “you”).</p>
+<p>Writing in second person has the following advantages:</p>
+<ul>
+<li>Second person promotes a friendly tone by addressing users directly.</li>
+<li>Using second person with the imperative mood (in which the subject you is
+understood) and active voice helps to eliminate wordiness and confusion about
+who or what initiates an action, especially in procedural steps.</li>
+<li>Using second person also avoids the use of gender-specific, third-person
+pronouns such as he, she, his, and hers. If you must use third person, use the
+pronouns they and their, but ensure that the pronoun matches the referenced
+noun in number.</li>
+<li>Use first person plural pronouns (we, our) judiciously. These pronouns
+emphasize the writer or EGI rather than the user, so before you use them,
+consider whether second person or imperative mood is more “user-friendly.”
+However, use “we recommend” rather than “it is recommended” or “EGI
+recommends”.</li>
+</ul>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+You can use “we” in the place of EGI if
+necessary.
+</div>
+<p>Do not use first person to avoid naming the product or to avoid using passive
+voice. If the product is performing the action, use third person (the product as
+an actor). If you want to de-emphasize the agent of action and emphasize the
+object on which the action is performed, use passive voice.</p>
+<p>The first-person singular pronoun “I” is acceptable in the question part of FAQs
+and when authors of blogs or signed articles are describing their own actions or
+opinions.</p>
+<div class="alert alert-warning" role="alert">
+<h4 class="alert-heading">Important</h4>
+Do not switch person (point of
+view) in the same guide or on the same page.
+</div>
+<ul class="nav nav-tabs" id="tabs-8" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-8-0-tab" data-toggle="tab" href="#tabs-8-0" role="tab"
+aria-controls="tabs-8-0" aria-selected="true">
+Examples
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-8-content">
+<div class="tab-pane show active"
+id="tabs-8-0" role="tabpanel" aria-labelled-by="tabs-8-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Creating a server involves specifying a name, flavor, and image.</td>
+<td>To create a server, specify a name, a flavor, and image.</td>
+</tr>
+<tr>
+<td>To create a server, the user specifies a name, flavor, and image.</td>
+<td>To create a server, you specify a name, flavor, and image.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="use-the-present-simple-tense">Use the present simple tense</h3>
+<p>Users read documentation to perform tasks or gather information. For users,
+these activities take place in their present, so the present tense is
+appropriate in most cases. Additionally, the present tense is easier to read
+than the past or future tense.</p>
+<ul class="nav nav-tabs" id="tabs-9" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-9-0-tab" data-toggle="tab" href="#tabs-9-0" role="tab"
+aria-controls="tabs-9-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-9-content">
+<div class="tab-pane show active"
+id="tabs-9-0" role="tabpanel" aria-labelled-by="tabs-9-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>The product will prompt you to verify the deletion. After you log in, your account will then begin the verification process.</td>
+<td>The product prompts you to verify the deletion. After you log in, your account begins the verification process.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+Use the future tense only when you need
+to emphasize that something will occur later (from the users’ perspective).
+</div>
+<h3 id="do-not-humanize-inanimate-objects">Do not humanize inanimate objects</h3>
+<p>Do not give human characteristics to non-human subjects or objects.</p>
+<ul class="nav nav-tabs" id="tabs-11" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-11-0-tab" data-toggle="tab" href="#tabs-11-0" role="tab"
+aria-controls="tabs-11-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-11-content">
+<div class="tab-pane show active"
+id="tabs-11-0" role="tabpanel" aria-labelled-by="tabs-11-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>This guide assumes…</td>
+<td>This guide describes…</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="avoid-personification">Avoid personification</h3>
+<p>Do not express your fears or feelings in technical writing. Avoid the adverbs
+such as “probably”, “hopefully”, “basically”, and so on.</p>
+<h3 id="avoid-ambiguous-titles">Avoid ambiguous titles</h3>
+<p>Each title should include a clear description of the page’s or chapter’s
+subject.</p>
+<ul class="nav nav-tabs" id="tabs-12" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-12-0-tab" data-toggle="tab" href="#tabs-12-0" role="tab"
+aria-controls="tabs-12-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-12-content">
+<div class="tab-pane show active"
+id="tabs-12-0" role="tabpanel" aria-labelled-by="tabs-12-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Update metadata</td>
+<td>Update object metadata</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="eliminate-needless-politeness">Eliminate needless politeness</h3>
+<p>Do not use “please” and “thank you” in technical documentation.</p>
+<h3 id="write-positively">Write positively</h3>
+<p>Write in a positive tone. Positive sentences improve readability. Try to avoid
+the following words as much as possible:</p>
+<ul class="nav nav-tabs" id="tabs-13" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-13-0-tab" data-toggle="tab" href="#tabs-13-0" role="tab"
+aria-controls="tabs-13-0" aria-selected="true">
+Examples
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-13-content">
+<div class="tab-pane show active"
+id="tabs-13-0" role="tabpanel" aria-labelled-by="tabs-13-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>damage</td>
+<td>affect</td>
+</tr>
+<tr>
+<td>catastrophic</td>
+<td>serious</td>
+</tr>
+<tr>
+<td>bad</td>
+<td>serious (or add explanation)</td>
+</tr>
+<tr>
+<td>fail</td>
+<td>unable to</td>
+</tr>
+<tr>
+<td>kill</td>
+<td>cancel or stop</td>
+</tr>
+<tr>
+<td>fatal</td>
+<td>serious</td>
+</tr>
+<tr>
+<td>destroy</td>
+<td>remove or delete</td>
+</tr>
+<tr>
+<td>wrong</td>
+<td>incorrect or inconsistent</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="do-not-use-contractions">Do not use contractions</h3>
+<p>Generally, do not contract the words.</p>
+<ul class="nav nav-tabs" id="tabs-14" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-14-0-tab" data-toggle="tab" href="#tabs-14-0" role="tab"
+aria-controls="tabs-14-0" aria-selected="true">
+Examples
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-14-content">
+<div class="tab-pane show active"
+id="tabs-14-0" role="tabpanel" aria-labelled-by="tabs-14-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>can’t</td>
+<td>cannot</td>
+</tr>
+<tr>
+<td>don’t</td>
+<td>do not</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="do-not-overuse-this-that-these-and-it">Do not overuse this, that, these, and it</h3>
+<p>Use these pronouns sparingly. Overuse contributes to readers’ confusion. To fix
+the ambiguity, rephrase the sentence.</p>
+<ul class="nav nav-tabs" id="tabs-15" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-15-0-tab" data-toggle="tab" href="#tabs-15-0" role="tab"
+aria-controls="tabs-15-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-15-content">
+<div class="tab-pane show active"
+id="tabs-15-0" role="tabpanel" aria-labelled-by="tabs-15-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>The monitoring system should perform regular checks to verify that the Ceph cluster is healthy. This can be achieved using the Ceph health command.</td>
+<td>The monitoring system performs regular checks to ensure the Ceph cluster is functioning correctly. Use the Ceph health command to run a health check.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+You can also fix the ambiguity by placing
+a noun modifier immediately after the pronoun.
+</div>
+<h3 id="do-not-split-infinitives">Do not split infinitives</h3>
+<p>Do not place modifiers between “to” and the verb. Typically, placing an adverb
+or an adjective between “to” and a verb adds ambiguity to a sentence.</p>
+<h3 id="avoid-prepositions-at-the-end-of-sentences">Avoid prepositions at the end of sentences</h3>
+<p>As much as possible, avoid trailing prepositions in sentences by avoiding
+phrasal verbs.</p>
+<ul class="nav nav-tabs" id="tabs-17" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-17-0-tab" data-toggle="tab" href="#tabs-17-0" role="tab"
+aria-controls="tabs-17-0" aria-selected="true">
+Example
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-17-content">
+<div class="tab-pane show active"
+id="tabs-17-0" role="tabpanel" aria-labelled-by="tabs-17-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>The image registration window will open up.</td>
+<td>The image registration window opens.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<p>To fix the verb-preposition constructions, replace them with active verbs.</p>
+<ul class="nav nav-tabs" id="tabs-18" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-18-0-tab" data-toggle="tab" href="#tabs-18-0" role="tab"
+aria-controls="tabs-18-0" aria-selected="true">
+Examples
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-18-content">
+<div class="tab-pane show active"
+id="tabs-18-0" role="tabpanel" aria-labelled-by="tabs-18-0-tab">
+<table>
+<thead>
+<tr>
+<th>Do not use</th>
+<th>Use</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>written up</td>
+<td>composed</td>
+</tr>
+<tr>
+<td>pop up</td>
+<td>appear</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="use-consistent-terminology">Use consistent terminology</h3>
+<p>Use consistent terms across all content. Avoid multiple variations or spellings
+to refer to the same service, function, UI element, and so on.</p>
+<h3 id="use-spelling-and-grammar-checking-tools">Use spelling and grammar checking tools</h3>
+<p>Run text through spelling and grammar checking tools, if available. Correcting
+mistakes, especially to larger sections of new content, helps eliminate rework
+later.</p>
+<h3 id="lists">Lists</h3>
+<p>When reading a document for the first time, users scan through pages stopping
+only on the content that stands out, such as titles, lists, links, diagrams, and
+so on. Lists help to organize options, as well as help readers to find
+information easily.</p>
+<p>When listing items, follow these guidelines:</p>
+<ul>
+<li>Use a <strong>bulleted list</strong> for options. Create a bulleted list when you need to
+describe more than three options.</li>
+<li>Use a <strong>numbered list</strong> for steps.</li>
+<li>Use a <strong>definition list</strong> to explain terms or describe command-line
+parameters, options, or arguments.</li>
+<li>Use a colon at the end of the sentence that introduces a list.</li>
+<li>Use the same grammatical structure (aka parallel structure) for all items in a
+list.</li>
+<li>Start each option with a capital letter.</li>
+</ul>
+<p>When listing options in a paragraph, add <em>and</em> or <em>or</em> before the last item in a
+list. Use a serial (Oxford) comma before these conjunctions if they connect
+three or more items.</p>
+<h3 id="punctuation-in-lists">Punctuation in lists</h3>
+<p>In bulleted lists:</p>
+<ul>
+<li>If you list individual words or phrases, do not add a period at the end of
+each list item.</li>
+<li>If you use full sentences, add a period at the end of each sentence.</li>
+<li>If your list includes both individual words or phrases and full sentences, be
+consistent and either add or do not add periods to all items.</li>
+</ul>
+<p>In numbered lists:</p>
+<ul>
+<li>Add periods at the end of steps.</li>
+<li>If an item of a numbered list is followed by a code block that illustrates how
+to perform the step, use a colon at the end.</li>
+</ul>
+<h2 id="adding-exceptions-for-style-violations">Adding exceptions for style violations</h2>
+<p>Successfully passing the checks is a firm requirement, but for the following
+cases it is possible to
+<a href="https://github.com/DavidAnson/markdownlint#configuration">add exceptions</a> and
+bypass <strong>some checks</strong> in Markdown files:</p>
+<ul>
+<li>When in-line HTML must be used (e.g. in tables, or when no other proper
+solution is available)</li>
+<li>When the same procedure needs to be described for multiple platforms, and the
+automatic checker flags it as duplicate content</li>
+</ul>
+<div class="alert alert-warning" role="alert">
+<h4 class="alert-heading">Important</h4>
+Exceptions should only be used
+when there are no other choices, and should be confined to the smallest possible
+block of Markdown code.
+</div>
+<h3 id="dealing-with-in-line-html-tags">Dealing with in-line HTML tags</h3>
+<p>In some specific cases it is impossible to use anything but in-line HTML tags:</p>
+<ul>
+<li>Presentation page leveraging bootstrap CSS classes or other advanced features</li>
+<li>Using special formatting for the information presented (e.g. a list in a table
+cell)</li>
+</ul>
+<p>Blocks with in-line HTML tags should be preceded by a HTML comment starting with
+<a href="https://github.com/DavidAnson/markdownlint#configuration">markdownlint-disable</a>
+to disable the <code>no-inline-html</code> check, as in the following example:</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+When having a table is not absolutely
+necessary, use a different construct to present the information.
+</div>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"><!-- markdownlint-disable no-inline-html --></span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>| Action | OCCI | OpenStack | This is a very long column with important data |
+</span></span><span style="display:flex;"><span>| ----------- | ------------------------ | ---------------------- | ---------------------------------------------- |
+</span></span><span style="display:flex;"><span>| List images | <span style="color:#4e9a06">`occi -a list -r os_tpl`</span> | <span style="color:#4e9a06">`openstack image list`</span> | <span style="color:#000;font-weight:bold"><</span><span style="color:#204a87;font-weight:bold">ul</span><span style="color:#000;font-weight:bold">><</span><span style="color:#204a87;font-weight:bold">li</span><span style="color:#000;font-weight:bold">></span>Lorem<span style="color:#000;font-weight:bold"></</span><span style="color:#204a87;font-weight:bold">li</span><span style="color:#000;font-weight:bold">><</span><span style="color:#204a87;font-weight:bold">li</span><span style="color:#000;font-weight:bold">></span>ipsum<span style="color:#000;font-weight:bold"></</span><span style="color:#204a87;font-weight:bold">li</span><span style="color:#000;font-weight:bold">></</span><span style="color:#204a87;font-weight:bold">ul</span><span style="color:#000;font-weight:bold">></span> |
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"><!-- markdownlint-enable no-inline-html --></span>
+</span></span></code></pre></div>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+Do not forget to follow up with a HTML
+comment starting with
+<a href="https://github.com/DavidAnson/markdownlint#configuration">markdownlint-enable</a>
+to re-enable the <code>no-inline-html</code> check.
+</div>
+<div class="alert alert-warning" role="alert">
+<h4 class="alert-heading">Important</h4>
+Always use the tag that is
+providing the proper semantic: e.g. for a list use <code><ul></code> and <code><li></code>, not
+<code><br /></code>.
+</div>
+<h3 id="dealing-with-duplicate-content">Dealing with duplicate content</h3>
+<p>When the same procedure needs to be described for multiple platforms, or when
+the same code has to be exemplified for multiple languages, it is possible that
+the automatic checkers will flag these as duplicates.</p>
+<p>For example, describing the following procedure will result in duplicates being
+reported:</p>
+<!--
+// jscpd:ignore-start
+-->
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go-html-template" data-lang="go-html-template"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabpanex</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Linux"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span> To run the FedCloud client in a container, make sure
+</span></span><span style="display:flex;"><span> [Docker is installed](https://docs.docker.com/engine/install/#server),
+</span></span><span style="display:flex;"><span> then run the following commands:
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span> ```shell
+</span></span><span style="display:flex;"><span> $ docker pull tdviet/fedcloudclient
+</span></span><span style="display:flex;"><span> $ docker run -it tdviet/fedcloudclient bash
+</span></span><span style="display:flex;"><span> ```
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Mac"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span> To run the FedCloud client in a container, make sure
+</span></span><span style="display:flex;"><span> [Docker is installed](https://docs.docker.com/desktop/mac/install/),
+</span></span><span style="display:flex;"><span> then run the following commands:
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span> ```shell
+</span></span><span style="display:flex;"><span> $ docker pull tdviet/fedcloudclient
+</span></span><span style="display:flex;"><span> $ docker run -it tdviet/fedcloudclient bash
+</span></span><span style="display:flex;"><span> ```
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Windows"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span> To run the FedCloud client in a container, make sure
+</span></span><span style="display:flex;"><span> [Docker is installed](https://docs.docker.com/desktop/windows/install/),
+</span></span><span style="display:flex;"><span> then run the following commands:
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span> ```shell
+</span></span><span style="display:flex;"><span> > docker pull tdviet/fedcloudclient
+</span></span><span style="display:flex;"><span> > docker run -it tdviet/fedcloudclient bash
+</span></span><span style="display:flex;"><span> ```
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabpanex</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span></code></pre></div><!--
+// jscpd:ignore-end
+-->
+<p>This type of content should be preceded by a HTML comment that disables the
+check for duplicates, and followed by another HTML comment that enables it
+again.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"><!--
+</span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">// jscpd:ignore-start
+</span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">--></span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>...content with duplicates here...
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"><!--
+</span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">// jscpd:ignore-end
+</span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">--></span>
+</span></span></code></pre></div>About: Shortcodes/about/contributing/shortcodes/Mon, 01 Jan 0001 00:00:00 +0000/about/contributing/shortcodes/
+<p>In addition to the formatting support provided by
+<a href="https://spec.commonmark.org/0.29/">Markdown</a>, Hugo adds support for
+<em>shortcodes</em>, which are Go templates for easily including or displaying content
+(images, notes, tips, advanced display blocks, etc.).</p>
+<p>For reference, the following shortcodes are available:</p>
+<ul>
+<li><a href="https://gohugo.io/content-management/shortcodes/">Hugo’s shortcodes</a></li>
+<li><a href="https://www.docsy.dev/docs/adding-content/shortcodes/">Docsy theme shortcodes</a></li>
+</ul>
+<h2 id="highlighted-paragraphs">Highlighted paragraphs</h2>
+<p>This is achieved using
+<a href="https://www.docsy.dev/docs/adding-content/shortcodes/#shortcode-helpers">Docsy shortcodes</a>.</p>
+<h3 id="placeholders">Placeholders</h3>
+<p>The following code:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>{{% pageinfo %}} This is a placeholder. {{% /pageinfo %}}
+</span></span></code></pre></div><p>Will render as:</p>
+<div class="pageinfo pageinfo-primary">
+This is a placeholder.
+</div>
+<h3 id="information-messages">Information messages</h3>
+<p>The following code:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>{{% alert title="Note" color="info" %}} This is a Note. {{% /alert %}}
+</span></span></code></pre></div><p>Will render as:</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+This is a Note.
+</div>
+<h3 id="warning-messages">Warning messages</h3>
+<p>The following code:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>{{% alert title="Important" color="warning" %}} This is a warning.
+</span></span><span style="display:flex;"><span>{{% /alert %}}
+</span></span></code></pre></div><p>Will render as:</p>
+<div class="alert alert-warning" role="alert">
+<h4 class="alert-heading">Important</h4>
+This is a warning.
+</div>
+<h2 id="code-or-shell-snippets">Code or shell snippets</h2>
+<p>The code or instructions should be surrounded with three backticks, followed by
+an optional highlighting type parameter.</p>
+<p>The supported languages are dependent on the syntax highlighter, which depends
+itself on the Markdown parser.</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+<a href="https://gohugo.io/">Hugo</a> uses the
+<a href="https://github.com/yuin/goldmark">goldmark parser</a>, which relies on
+<a href="https://prismjs.com/download.html#themes=prism">Prism syntax highlighting</a>.
+</div>
+<p>The following Markdown creates a shell excerpt:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span><span style="color:#4e9a06">```shell
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span>$ ssh-keygen -f fedcloud
+</span></span><span style="display:flex;"><span>$ <span style="color:#204a87">echo</span> <span style="color:#000">$HOME</span>
+</span></span><span style="display:flex;"><span><span style="color:#4e9a06">```</span>
+</span></span></code></pre></div><p>Will render as:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ ssh-keygen -f fedcloud
+</span></span><span style="display:flex;"><span>$ <span style="color:#204a87">echo</span> <span style="color:#000">$HOME</span>
+</span></span></code></pre></div>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+If you click the <em>Copy</em> button in the
+top-right corner of a shell example, all commands in that block are copied to
+the clipboard. The prompt in front of each command, and any command output is
+not copied.
+</div>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+In case the command(s) in your shell
+example cause the introduction of a horizontal scroll bar,
+<a href="../style/#basic-rules">consider breaking the command(s) into multiple lines</a>
+with trailing backslashes (\). However, you should never break command output
+to multiple lines, as that makes understanding the output, and recognizing it in
+real life, very difficult.
+</div>
+<h3 id="code-in-multiple-languages">Code in multiple languages</h3>
+<p>This is also achieved using
+<a href="https://www.docsy.dev/docs/adding-content/shortcodes/#tabbed-panes">Docsy shortcodes</a>.</p>
+<p>When you need to include code snippets, and you want to provide the same code in
+multiple programming languages, you can use a tabbed pane for code snippets:</p>
+<!-- markdownlint-disable no-inline-html no-missing-space-atx -->
+<!-- markdownlint-disable blanks-around-fences no-space-in-code -->
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go-html-template" data-lang="go-html-template"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabpane</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"C++"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">lang</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"C++"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>#include <span style="color:#000;font-weight:bold"><</span><span style="color:#204a87;font-weight:bold">iostream</span><span style="color:#000;font-weight:bold">></span>
+</span></span><span style="display:flex;"><span>int main()
+</span></span><span style="display:flex;"><span>{
+</span></span><span style="display:flex;"><span> std::cout <span style="color:#a40000"><<</span> "Hello World!" <span style="color:#a40000"><</span><span style="color:#000;font-weight:bold"><</span> <span style="color:#204a87;font-weight:bold">std::endl</span><span style="color:#a40000">;</span>
+</span></span><span style="display:flex;"><span><span style="color:#a40000">}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Java"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">lang</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Java"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#c4a000">class</span> <span style="color:#c4a000">HelloWorld</span> <span style="color:#a40000">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#c4a000">static</span> <span style="color:#c4a000">public</span> <span style="color:#c4a000">void</span> <span style="color:#c4a000">main</span><span style="color:#a40000">(</span> <span style="color:#c4a000">String</span> <span style="color:#c4a000">args</span><span style="color:#a40000">[]</span> <span style="color:#a40000">)</span> <span style="color:#a40000">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#c4a000">System</span><span style="color:#a40000">.</span><span style="color:#c4a000">out</span><span style="color:#a40000">.</span><span style="color:#c4a000">println</span><span style="color:#a40000">(</span> <span style="color:#a40000">"</span><span style="color:#c4a000">Hello</span> <span style="color:#c4a000">World</span><span style="color:#a40000">!"</span> <span style="color:#a40000">);</span>
+</span></span><span style="display:flex;"><span> <span style="color:#a40000">}</span>
+</span></span><span style="display:flex;"><span><span style="color:#a40000">}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Kotlin"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">lang</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Kotlin"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#c4a000">fun</span> <span style="color:#c4a000">main</span><span style="color:#a40000">(</span><span style="color:#c4a000">args</span> <span style="color:#c4a000">:</span> <span style="color:#c4a000">Array</span><span style="color:#a40000"><</span><span style="color:#c4a000">String</span><span style="color:#000;font-weight:bold">></span>) {
+</span></span><span style="display:flex;"><span> println("Hello, world!")
+</span></span><span style="display:flex;"><span>}
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Go"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">lang</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Go"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>import "fmt"
+</span></span><span style="display:flex;"><span>func main() {
+</span></span><span style="display:flex;"><span> fmt.Printf("Hello World!\n")
+</span></span><span style="display:flex;"><span>}
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tab</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabpane</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span></code></pre></div><p>Will render as:</p>
+<!-- prettier-ignore -->
+<ul class="nav nav-tabs" id="tabs-6" role="tablist"><li class="nav-item">
+<a class="nav-link active"
+id="tabs-6-0-tab" data-toggle="tab" href="#tabs-6-0" role="tab"
+aria-controls="tabs-6-0" aria-selected="true">
+C++
+</a>
+</li><li class="nav-item">
+<a class="nav-link"
+id="tabs-6-1-tab" data-toggle="tab" href="#tabs-6-1" role="tab"
+aria-controls="tabs-6-1" aria-selected="false">
+Java
+</a>
+</li><li class="nav-item">
+<a class="nav-link"
+id="tabs-6-2-tab" data-toggle="tab" href="#tabs-6-2" role="tab"
+aria-controls="tabs-6-2" aria-selected="false">
+Kotlin
+</a>
+</li><li class="nav-item">
+<a class="nav-link"
+id="tabs-6-3-tab" data-toggle="tab" href="#tabs-6-3" role="tab"
+aria-controls="tabs-6-3" aria-selected="false">
+Go
+</a>
+</li></ul>
+<div class="tab-content" id="tabs-6-content"><div class="tab-pane fade show active"
+id="tabs-6-0" role="tabpanel" aria-labelled-by="tabs-6-0-tab"><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-C++" data-lang="C++"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#include</span> <span style="color:#8f5902;font-style:italic"><iostream></span><span style="color:#8f5902;font-style:italic">
+</span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"></span><span style="color:#204a87;font-weight:bold">int</span> <span style="color:#000">main</span><span style="color:#000;font-weight:bold">()</span>
+</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#000">std</span><span style="color:#ce5c00;font-weight:bold">::</span><span style="color:#000">cout</span> <span style="color:#ce5c00;font-weight:bold"><<</span> <span style="color:#4e9a06">"Hello World!"</span> <span style="color:#ce5c00;font-weight:bold"><<</span> <span style="color:#000">std</span><span style="color:#ce5c00;font-weight:bold">::</span><span style="color:#000">endl</span><span style="color:#000;font-weight:bold">;</span>
+</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span></span></span></code></pre></div></div>
+<div class="tab-pane fade"
+id="tabs-6-1" role="tabpanel" aria-labelled-by="tabs-6-1-tab"><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Java" data-lang="Java"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">class</span> <span style="color:#000">HelloWorld</span> <span style="color:#ce5c00;font-weight:bold">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">static</span> <span style="color:#204a87;font-weight:bold">public</span> <span style="color:#204a87;font-weight:bold">void</span> <span style="color:#000">main</span><span style="color:#ce5c00;font-weight:bold">(</span> <span style="color:#000">String</span> <span style="color:#000">args</span><span style="color:#ce5c00;font-weight:bold">[]</span> <span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#000">System</span><span style="color:#ce5c00;font-weight:bold">.</span><span style="color:#c4a000">out</span><span style="color:#ce5c00;font-weight:bold">.</span><span style="color:#c4a000">println</span><span style="color:#ce5c00;font-weight:bold">(</span> <span style="color:#4e9a06">"Hello World!"</span> <span style="color:#ce5c00;font-weight:bold">);</span>
+</span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">}</span>
+</span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span></span></span></code></pre></div></div>
+<div class="tab-pane fade"
+id="tabs-6-2" role="tabpanel" aria-labelled-by="tabs-6-2-tab"><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Kotlin" data-lang="Kotlin"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fun</span> <span style="color:#000">main</span><span style="color:#000;font-weight:bold">(</span><span style="color:#000">args</span> <span style="color:#000;font-weight:bold">:</span> <span style="color:#000">Array</span><span style="color:#000;font-weight:bold"><</span><span style="color:#000">String</span><span style="color:#000;font-weight:bold">>)</span> <span style="color:#000;font-weight:bold">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#000">println</span><span style="color:#000;font-weight:bold">(</span><span style="color:#4e9a06">"Hello, world!"</span><span style="color:#000;font-weight:bold">)</span>
+</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span></span></span></code></pre></div></div>
+<div class="tab-pane fade"
+id="tabs-6-3" role="tabpanel" aria-labelled-by="tabs-6-3-tab"><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Go" data-lang="Go"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">import</span> <span style="color:#4e9a06">"fmt"</span>
+</span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">func</span> <span style="color:#000">main</span><span style="color:#000;font-weight:bold">()</span> <span style="color:#000;font-weight:bold">{</span>
+</span></span><span style="display:flex;"><span> <span style="color:#000">fmt</span><span style="color:#000;font-weight:bold">.</span><span style="color:#000">Printf</span><span style="color:#000;font-weight:bold">(</span><span style="color:#4e9a06">"Hello World!\n"</span><span style="color:#000;font-weight:bold">)</span>
+</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span></span></span></code></pre></div></div>
+</div>
+<h2 id="content-with-multiple-variants">Content with multiple variants</h2>
+<p>When you need to include multiple variants of the same content, other than code
+snippets in multiple programming languages, you can use the following shortcode:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go-html-template" data-lang="go-html-template"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabpanex</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Linux"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>You can list all files in a folder using the command:
+</span></span><span style="display:flex;"><span>```shell
+</span></span><span style="display:flex;"><span>$ ls -a -l
+</span></span><span style="display:flex;"><span>```
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Mac"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>To get a list of all files in a folder, press **Cmd** + **Space** to open
+</span></span><span style="display:flex;"><span>a spotlight search, type terminal, then press Enter. In the terminal window
+</span></span><span style="display:flex;"><span>then run the command:
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>```shell
+</span></span><span style="display:flex;"><span>$ ls -a -l
+</span></span><span style="display:flex;"><span>```
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">header</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">"Windows"</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>You can list all files in the current folder using the command:
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>```shell
+</span></span><span style="display:flex;"><span>> dir
+</span></span><span style="display:flex;"><span>```
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>or you can use PowerShell:
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>```powershell
+</span></span><span style="display:flex;"><span>> Get-ChildItem -Path .\
+</span></span><span style="display:flex;"><span>```
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabx</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">{{</span><span style="color:#a40000"><</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">/</span><span style="color:#000">tabpanex</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#a40000">></span><span style="color:#8f5902;font-style:italic">}}</span>
+</span></span></code></pre></div><p>Will render as:</p>
+<ul class="nav nav-tabs" id="tabs-7" role="tablist">
+<li class="nav-item">
+<a class="nav-link active"
+id="tabs-7-0-tab" data-toggle="tab" href="#tabs-7-0" role="tab"
+aria-controls="tabs-7-0" aria-selected="true">
+Linux
+</a>
+</li>
+<li class="nav-item">
+<a class="nav-link"
+id="tabs-7-1-tab" data-toggle="tab" href="#tabs-7-1" role="tab"
+aria-controls="tabs-7-1" aria-selected="false">
+Mac
+</a>
+</li>
+<li class="nav-item">
+<a class="nav-link"
+id="tabs-7-2-tab" data-toggle="tab" href="#tabs-7-2" role="tab"
+aria-controls="tabs-7-2" aria-selected="false">
+Windows
+</a>
+</li>
+</ul>
+<div class="tabx-content" id="tabs-7-content">
+<div class="tab-pane show active"
+id="tabs-7-0" role="tabpanel" aria-labelled-by="tabs-7-0-tab">
+<p>You can list all files in a folder using the command:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ ls -a -l
+</span></span></code></pre></div>
+</div>
+<div class="tab-pane "
+id="tabs-7-1" role="tabpanel" aria-labelled-by="tabs-7-1-tab">
+<p>To get a list of all files in a folder, press <strong>Cmd</strong> + <strong>Space</strong> to open a
+spotlight search, type terminal, then press Enter. In the terminal window then
+run the command:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ ls -a -l
+</span></span></code></pre></div>
+</div>
+<div class="tab-pane "
+id="tabs-7-2" role="tabpanel" aria-labelled-by="tabs-7-2-tab">
+<p>You can list all files in the current folder using the command:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>> dir
+</span></span></code></pre></div><p>or you can use PowerShell:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#000;font-weight:bold">></span> <span style="color:#204a87">Get-ChildItem</span> <span style="color:#000">-Path</span> <span style="color:#000;font-weight:bold">.\</span>
+</span></span></code></pre></div>
+</div>
+</div>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Tip</h4>
+You can include any valid markdown
+content in each tab, including code or shell snippets.
+</div>
+<!-- markdownlint-enable blanks-around-fences no-space-in-code -->
+<!-- markdownlint-enable no-inline-html no-missing-space-atx -->
\ No newline at end of file
diff --git a/612/about/contributing/shortcodes/index.html b/612/about/contributing/shortcodes/index.html
new file mode 100644
index 0000000000..d4b50226e3
--- /dev/null
+++ b/612/about/contributing/shortcodes/index.html
@@ -0,0 +1,141 @@
+Shortcodes | Documentation
+
+
+
+
+
+
Shortcodes
Helpers for writing EGI documentation
In addition to the formatting support provided by
+Markdown, Hugo adds support for
+shortcodes, which are Go templates for easily including or displaying content
+(images, notes, tips, advanced display blocks, etc.).
For reference, the following shortcodes are available:
If you click the Copy button in the
+top-right corner of a shell example, all commands in that block are copied to
+the clipboard. The prompt in front of each command, and any command output is
+not copied.
Note
In case the command(s) in your shell
+example cause the introduction of a horizontal scroll bar,
+consider breaking the command(s) into multiple lines
+with trailing backslashes (\). However, you should never break command output
+to multiple lines, as that makes understanding the output, and recognizing it in
+real life, very difficult.
When you need to include code snippets, and you want to provide the same code in
+multiple programming languages, you can use a tabbed pane for code snippets:
When you need to include multiple variants of the same content, other than code
+snippets in multiple programming languages, you can use the following shortcode:
{{<tabpanex>}}
+
+{{<tabxheader="Linux">}}
+
+You can list all files in a folder using the command:
+```shell
+$ ls -a -l
+```
+{{</tabx>}}
+
+{{<tabxheader="Mac">}}
+To get a list of all files in a folder, press **Cmd** + **Space** to open
+a spotlight search, type terminal, then press Enter. In the terminal window
+then run the command:
+
+```shell
+$ ls -a -l
+```
+
+{{</tabx>}}
+
+{{<tabxheader="Windows">}}
+
+You can list all files in the current folder using the command:
+
+```shell
+> dir
+```
+
+or you can use PowerShell:
+
+```powershell
+> Get-ChildItem -Path .\
+```
+
+{{</tabx>}}
+
+{{</tabpanex>}}
+
You can list all files in a folder using the command:
$ ls -a -l
+
To get a list of all files in a folder, press Cmd + Space to open a
+spotlight search, type terminal, then press Enter. In the terminal window then
+run the command:
$ ls -a -l
+
You can list all files in the current folder using the command:
> dir
+
or you can use PowerShell:
>Get-ChildItem-Path.\
+
Tip
You can include any valid markdown
+content in each tab, including code or shell snippets.
Headings must start at level 2 (##), as level 1 (#) is the title of the
+page
Lines should be wrapped at 80 characters
Sentences must be separated by one space only
Indent is made with spaces, not with tabs
Bullet lists should be using - not *
Numbered lists should be using 1. for each line (automatic numbering)
Indent secondary (and following) level lists with 2 spaces
Lines must end with a Line Feed character (\n)
Files must end with an empty line
Shell examples should include a prompt ($ or >) in front of commands, to
+make it easy to understand which is the command and which is the output
Commands in shell examples should be broken into multiple lines of 80
+characters or less, using a trailing backslash character (\) on each line
+that continues on the next
Never break command output in shell examples to multiple lines, instead use
+style exceptions when necessary
Tip
Syntax examples that can be used in the
+files are documented in the shortcodes section.
Automating formatting and checking
Style should be enforced via the usage of Prettier.
+Prettier can be integrated with
+various editors.
Short and simple sentences are easier to
+read and understand.
Use standard English
Use standard British English (UK) throughout all technical publications. When in
+doubt about the spelling of a word, consult the Merriam-Webster’s Collegiate
+Dictionary and the
+IBM developerWorks editorial style guide.
Be clear and concise
Follow the principles of minimalism. If you can describe an idea in one word, do
+not use two words. Eliminate all redundant modifiers, such as adjectives and
+adverbs.
Write objectively
Do not use humor, jargon, exclamation marks, idioms, metaphors, and other
+colloquialisms.
Describe the most common use case first
Put the most common case in the main clause and at the beginning of a paragraph
+or section. You can introduce additional use cases by starting a sentence with
+“however” or “if”.
Write in active voice
In general, write in active voice rather than passive voice. Active voice
+identifies the agent of action as the subject of the verb, usually the user.
+Passive voice identifies the recipient (not the source) of the action as the
+subject of the verb.
Active-voice sentences clarify the performer of an action and are easier to
+understand than passive-voice sentences. Passive voice is usually less engaging
+and more complicated than active voice. When you use passive voice, the actions
+and responses of the software can be difficult to distinguish from those of the
+user. In addition, passive voice usually requires more words than active voice.
After the software has been installed, the computer can be started.
After you install the software, start the computer.
The Configuration is saved when you click OK.
Click OK to save the configuration.
A server is created by you.
Create a server.
However, passive voice is acceptable in the following situations:
Using active voice sounds like you are blaming the user. For example, you can
+use passive voice in an error message or troubleshooting content when the
+active subject is the user.
In 2009, engineers developed a software that simplifies the installation.
A software that simplifies the installation was developed in 2009.
Write in second person
Users are more engaged with documentation when you use second person (that is,
+you address the user as “you”).
Writing in second person has the following advantages:
Second person promotes a friendly tone by addressing users directly.
Using second person with the imperative mood (in which the subject you is
+understood) and active voice helps to eliminate wordiness and confusion about
+who or what initiates an action, especially in procedural steps.
Using second person also avoids the use of gender-specific, third-person
+pronouns such as he, she, his, and hers. If you must use third person, use the
+pronouns they and their, but ensure that the pronoun matches the referenced
+noun in number.
Use first person plural pronouns (we, our) judiciously. These pronouns
+emphasize the writer or EGI rather than the user, so before you use them,
+consider whether second person or imperative mood is more “user-friendly.”
+However, use “we recommend” rather than “it is recommended” or “EGI
+recommends”.
Tip
You can use “we” in the place of EGI if
+necessary.
Do not use first person to avoid naming the product or to avoid using passive
+voice. If the product is performing the action, use third person (the product as
+an actor). If you want to de-emphasize the agent of action and emphasize the
+object on which the action is performed, use passive voice.
The first-person singular pronoun “I” is acceptable in the question part of FAQs
+and when authors of blogs or signed articles are describing their own actions or
+opinions.
Important
Do not switch person (point of
+view) in the same guide or on the same page.
Creating a server involves specifying a name, flavor, and image.
To create a server, specify a name, a flavor, and image.
To create a server, the user specifies a name, flavor, and image.
To create a server, you specify a name, flavor, and image.
Use the present simple tense
Users read documentation to perform tasks or gather information. For users,
+these activities take place in their present, so the present tense is
+appropriate in most cases. Additionally, the present tense is easier to read
+than the past or future tense.
Use consistent terms across all content. Avoid multiple variations or spellings
+to refer to the same service, function, UI element, and so on.
Use spelling and grammar checking tools
Run text through spelling and grammar checking tools, if available. Correcting
+mistakes, especially to larger sections of new content, helps eliminate rework
+later.
Lists
When reading a document for the first time, users scan through pages stopping
+only on the content that stands out, such as titles, lists, links, diagrams, and
+so on. Lists help to organize options, as well as help readers to find
+information easily.
When listing items, follow these guidelines:
Use a bulleted list for options. Create a bulleted list when you need to
+describe more than three options.
Use a numbered list for steps.
Use a definition list to explain terms or describe command-line
+parameters, options, or arguments.
Use a colon at the end of the sentence that introduces a list.
Use the same grammatical structure (aka parallel structure) for all items in a
+list.
Start each option with a capital letter.
When listing options in a paragraph, add and or or before the last item in a
+list. Use a serial (Oxford) comma before these conjunctions if they connect
+three or more items.
Punctuation in lists
In bulleted lists:
If you list individual words or phrases, do not add a period at the end of
+each list item.
If you use full sentences, add a period at the end of each sentence.
If your list includes both individual words or phrases and full sentences, be
+consistent and either add or do not add periods to all items.
In numbered lists:
Add periods at the end of steps.
If an item of a numbered list is followed by a code block that illustrates how
+to perform the step, use a colon at the end.
Adding exceptions for style violations
Successfully passing the checks is a firm requirement, but for the following
+cases it is possible to
+add exceptions and
+bypass some checks in Markdown files:
When in-line HTML must be used (e.g. in tables, or when no other proper
+solution is available)
When the same procedure needs to be described for multiple platforms, and the
+automatic checker flags it as duplicate content
Important
Exceptions should only be used
+when there are no other choices, and should be confined to the smallest possible
+block of Markdown code.
Dealing with in-line HTML tags
In some specific cases it is impossible to use anything but in-line HTML tags:
Presentation page leveraging bootstrap CSS classes or other advanced features
Using special formatting for the information presented (e.g. a list in a table
+cell)
Blocks with in-line HTML tags should be preceded by a HTML comment starting with
+markdownlint-disable
+to disable the no-inline-html check, as in the following example:
Tip
When having a table is not absolutely
+necessary, use a different construct to present the information.
<!-- markdownlint-disable no-inline-html -->
+
+| Action | OCCI | OpenStack | This is a very long column with important data |
+| ----------- | ------------------------ | ---------------------- | ---------------------------------------------- |
+| List images | `occi -a list -r os_tpl` | `openstack image list` | <ul><li>Lorem</li><li>ipsum</li></ul> |
+
+<!-- markdownlint-enable no-inline-html -->
+
Tip
Do not forget to follow up with a HTML
+comment starting with
+markdownlint-enable
+to re-enable the no-inline-html check.
Important
Always use the tag that is
+providing the proper semantic: e.g. for a list use <ul> and <li>, not
+<br />.
Dealing with duplicate content
When the same procedure needs to be described for multiple platforms, or when
+the same code has to be exemplified for multiple languages, it is possible that
+the automatic checkers will flag these as duplicates.
For example, describing the following procedure will result in duplicates being
+reported:
{{<tabpanex>}}
+
+{{<tabxheader="Linux">}}
+ To run the FedCloud client in a container, make sure
+ [Docker is installed](https://docs.docker.com/engine/install/#server),
+ then run the following commands:
+
+ ```shell
+ $ docker pull tdviet/fedcloudclient
+ $ docker run -it tdviet/fedcloudclient bash
+ ```
+{{</tabx>}}
+
+{{<tabxheader="Mac">}}
+ To run the FedCloud client in a container, make sure
+ [Docker is installed](https://docs.docker.com/desktop/mac/install/),
+ then run the following commands:
+
+ ```shell
+ $ docker pull tdviet/fedcloudclient
+ $ docker run -it tdviet/fedcloudclient bash
+ ```
+{{</tabx>}}
+
+{{<tabxheader="Windows">}}
+ To run the FedCloud client in a container, make sure
+ [Docker is installed](https://docs.docker.com/desktop/windows/install/),
+ then run the following commands:
+
+ ```shell
+ > docker pull tdviet/fedcloudclient
+ > docker run -it tdviet/fedcloudclient bash
+ ```
+{{</tabx>}}
+
+{{</tabpanex>}}
+
This type of content should be preceded by a HTML comment that disables the
+check for duplicates, and followed by another HTML comment that enables it
+again.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/about/contributing/style/index.xml b/612/about/contributing/style/index.xml
new file mode 100644
index 0000000000..adf00fdb17
--- /dev/null
+++ b/612/about/contributing/style/index.xml
@@ -0,0 +1 @@
+Documentation – Style Guide/about/contributing/style/Recent content in Style Guide on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/about/index.html b/612/about/index.html
new file mode 100644
index 0000000000..ee87beaa8c
--- /dev/null
+++ b/612/about/index.html
@@ -0,0 +1,33 @@
+About | Documentation
+
+
+
+
+
+
About
About EGI Documentation
The EGI documentation is written in Markdown,
+uses the Docsy theme, and is built
+using Hugo.
Note
The documentation covering the
+EGI Services is maintained by the EGI Community
+and coordinated by the
+EGI Foundation. Everyone is invited
+to participate by following the Contributing Guide.
EGI is an international e-Infrastructure
+providing advanced computing and data analytics services for research
+and innovation. The EGI Federation offers a wide range of services for
+compute, storage, data management, training, and support.
This is the start page for the user and provider documentation of the
+EGI Services.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/accounting/index.html b/612/internal/accounting/index.html
new file mode 100644
index 0000000000..a2a492d102
--- /dev/null
+++ b/612/internal/accounting/index.html
@@ -0,0 +1,91 @@
+Accounting | Documentation
+
+
+
+
+
+
Accounting
Resource usage accounting for EGI services
What is it?
EGI Accountingtracks and reports usage of EGI
+services, offering insights and control over resource consumption. EGI
+Federation members can use it to account for the resource usage of their own
+services.
EGI Accounting consists of two main components:
The Accounting Repository is where all accounting data is collected by a
+network of message brokers that transfer usage data from hosts and services.
The Accounting Portal allows filtering and
+displaying resource usage information.
Documentation for the Accounting
+Repository is also available in the
+EGI Wiki, documentation for
+the Accounting Portal is also available in the
+EGI Wiki.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/accounting/service-information/index.xml b/612/internal/accounting/service-information/index.xml
new file mode 100644
index 0000000000..6f544eeac7
--- /dev/null
+++ b/612/internal/accounting/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/accounting/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/certificates/index.html b/612/internal/collaboration-tools/certificates/index.html
new file mode 100644
index 0000000000..61cae56378
--- /dev/null
+++ b/612/internal/collaboration-tools/certificates/index.html
@@ -0,0 +1,149 @@
+Certificates | Documentation
+
+
+
+
+
+
Sectigo is the current Certificate Authority (CA) providing certificates to
+GÉANT TCS.
This can be used to issue IGTF-trust (AKA eScience certificates) and
+public-trust certificates, for the domains managed by EGI Foundation, like
+egi.eu.
Operators of central services can request two types of certificates:
host certificates, with public-trust, and optionally IGTF trust.
robot email certificates, to be used as client certificate, to authenticate
+using X509 as a service.
In some specific cases, like for
+Cloud Compute providers not having access
+to an IGTF CA, it’s possible for them to request a robot certificate, as an
+IGTF certificate is required for sending accounting records.
An operator will follow with the request, and help you getting the certificate.
Retrieving certificates
Host certificates will be sent by email, you will receive a notification with
+links allowing to download it.
For robot certificates, you will receive an invitation by email allowing to
+generate and retrieve it.
Renewing certificates
Certificates are usually valid for one year. Auto-renewal of certificates is
+enabled by default, 30 days before expiration, notifications will be sent to the
+contact address provided when requesting the certificate.
The notifications contain links allowing to renew the certificate.
Creating a Certificate Signing Request
In order to get a certificate, Service Providers may be requested to send a
+Certificate Signing Request (CSR).
In the CSR only the Common Name (CN) is important, it should be the (FQDN) of
+the service Most of other fields will be replaced by the CA while generating the
+certificate.
It can be done via different ways, some are documented below.
It can be done with the cfssl tool from
+CloudFlare.
# Replace #FQDN# by the FQDN of the service
+$ cfssl genkey <(echo'{"hosts":["#FQDN#"],"CN"#FQDN#","key":{"algo":"rsa","size":4096}}')
+| cfssljson -bare ##FQDN##.rsa
+
Using OpenSSL
It can be done using the following OpenSSL command (This will generate a
+password-protected key.
You will be asked for various questions, but the only important ones are the
+Common Name (CN) and Subject Alternative Names (SAN) (in case you want to
+request a certificates covering different FQDNs), as other values will be
+overwritten by the CA.
Adding the -nodes option will disable password protection for the key,
+beware if using it.
Using ACME protocol
It is possible to automate the certificate request and renewal using the
+ACME protocol via
+certbot or similar tools.
Two things should be considered:
it’s not yet possible to get eScience/IGTF-trusted certificates, it’s on the
+roadmap but without any firm ETA.
it’s using a different intermediate CA from Sectigo, not the usual GEANT one
+used for TCS, but this shouldn’t have much impact for generic/non-eScience
+public services.
The EGI SDIS team will have to create and register an ACME client ID for you.
Once you will have the credential it should be possible to request a
+certificate, using the standard certbot client, as
+documented below.
Registering the client and saving the credentials locally
This will interactively register your certbot client. Even if the ACME
+credentials are shared, only a given client is able to manage the certificates
+it requested. Email address is used for urgent renewal and security notices.
+This is preferred way if you need to get notifications on certificate expiration
+and if you are doing some manual management or testing.
$ sudo certbot register --no-eff-email \
+ --server https://acme.sectigo.com/v2/OV \
+ --eab-kid <EAB_KID> \
+ --eab-hmac-key <EAB_HMAC_KEY> \
+ --email <CONTACT_EMAIL>
+
+# Checking existing account
+$ sudo certbot show_account --server https://acme.sectigo.com/v2/OV
+
+# Unregistering an account
+# Beware: you won't any more be able to revoke certificate issued with the account
+$ sudo certbot unregister --server https://acme.sectigo.com/v2/OV
+
Registering and requesting a certificate all at once
This is useful when you don’t want interactive registration, like for one shot
+scripts. Email address is used for urgent renewal and security notices.
Apparently the notification to use this email is not visible in cert-manager,
+and the first option with explicit registration may be safer to get the
+notifications, if it’s a required feature.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/certificates/index.xml b/612/internal/collaboration-tools/certificates/index.xml
new file mode 100644
index 0000000000..54cb35587a
--- /dev/null
+++ b/612/internal/collaboration-tools/certificates/index.xml
@@ -0,0 +1 @@
+Documentation – Certificates/internal/collaboration-tools/certificates/Recent content in Certificates on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/index.html b/612/internal/collaboration-tools/index.html
new file mode 100644
index 0000000000..8c2040c12a
--- /dev/null
+++ b/612/internal/collaboration-tools/index.html
@@ -0,0 +1,113 @@
+Collaboration Tools | Documentation
+
+
+
+
+
+
Collaboration Tools
Fostering Collaboration across the EGI Federation
What is it?
The EGI Collaboration Tools are a set of online services maintained by the EGI
+Foundation and meant to support collaboration across the EGI Federation,
+supporting its daily activities (sharing information and documents, organising
+meetings, communicating in task or project specific groups…).
Note
Component-specific documentation is
+maintained by the upstream software providers.
What are the components?
EGI Single Sign On (EGI SSO)
The EGI SSO is a central authentication and authorisation service
+allowing to use a single username and password to access various Collaboration
+Tools.
Group owners can manage group members, and send invitations to new users. Groups
+are used in Collaboration Tools services for authorisation.
EGI SSO is now being deprecated in favour of
+EGI Check-in, providing a federation
+authentication and authorisation service.
EGI.eu domain
Domain entries can be created for the service as long as they are relevant for
+the EGI infrastructure. All EGI central services are usually available under the
+egi.eu domain.
This can be used to issue IGTF-trust (AKA eScience certificates) and
+public-trust certificates, for the domains managed by EGI Foundation, like
+egi.eu.
Documents have metadata describing them and can be versioned. EGI SSO groups are
+used for restricting access to documents.
Agenda management via Indico
Event planner, used for various conferences and meetings, powered by the
+Indico product.
All users with an SSO account can use it.
Indico also has its own local accounts, which can be used by people who do not
+want an EGI SSO account, but want to register to some meeting in Indico.
Contact
EGI Collaboration Tools support can be contacted via:
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/index.xml b/612/internal/collaboration-tools/index.xml
new file mode 100644
index 0000000000..7625f9cda0
--- /dev/null
+++ b/612/internal/collaboration-tools/index.xml
@@ -0,0 +1,302 @@
+Documentation – Collaboration Tools/internal/collaboration-tools/Recent content in Collaboration Tools on DocumentationHugo -- gohugo.ioInternal: Service information/internal/collaboration-tools/service-information/Mon, 01 Jan 0001 00:00:00 +0000/internal/collaboration-tools/service-information/
+<h2 id="identity-card">Identity card</h2>
+<!-- markdownlint-disable no-inline-html no-bare-urls -->
+<table>
+<thead>
+<tr>
+<th>Property</th>
+<th>Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Name</td>
+<td>Collaboration Tools</td>
+</tr>
+<tr>
+<td>Description</td>
+<td>Supporting Collaboration across the EGI Federation</td>
+</tr>
+<tr>
+<td>URL</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Support Email</td>
+<td><a href="mailto:it-support@egi.eu">it-support@egi.eu</a></td>
+</tr>
+<tr>
+<td><a href="../../helpdesk">Helpdesk</a> Support Unit</td>
+<td><strong>EGI Services and Service Components</strong> <br/> I__ Collaboration Tools</td>
+</tr>
+<tr>
+<td>Configuration Database entry</td>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=983">https://goc.egi.eu/portal/index.php?Page_Type=Site&id=983</a></td>
+</tr>
+<tr>
+<td>Supplier</td>
+<td><a href="https://www.egi.eu/">EGI Foundation</a> and <a href="https://www.cesnet.cz/?lang=en">CESNET</a></td>
+</tr>
+<tr>
+<td>Roadmap</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Release notes</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Source code</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Issue tracker for developers</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>License</td>
+<td>Every component is having its own licence</td>
+</tr>
+<tr>
+<td>Privacy Policy</td>
+<td>Parent <a href="https://www.egi.eu/privacy-policy/">policy</a>, components usually have their own policy</td>
+</tr>
+</tbody>
+</table>
+<!-- markdownlint-enable no-inline-html no-bare-urls -->Internal: Certificates/internal/collaboration-tools/certificates/Mon, 01 Jan 0001 00:00:00 +0000/internal/collaboration-tools/certificates/
+<p>EGI Foundation is having access to a
+<a href="https://wiki.geant.org/display/TCSNT/">GÉANT Trusted Certificate Service</a>
+subscription.</p>
+<p>Sectigo is the current Certificate Authority (CA) providing certificates to
+GÉANT TCS.</p>
+<p>This can be used to issue IGTF-trust (AKA eScience certificates) and
+public-trust certificates, for the domains managed by EGI Foundation, like
+<code>egi.eu</code>.</p>
+<p>Operators of central services can request two types of certificates:</p>
+<ul>
+<li>host certificates, with public-trust, and optionally IGTF trust.</li>
+<li>robot email certificates, to be used as client certificate, to authenticate
+using X509 as a service.</li>
+</ul>
+<blockquote>
+<p>In some specific cases, like for
+<a href="../../../providers/cloud-compute/">Cloud Compute providers</a> not having access
+to an IGTF CA, it’s possible for them to request a robot certificate, as an
+IGTF certificate is required for sending accounting records.</p>
+</blockquote>
+<p>You can contact <a href="mailto:scs-ra@egi.eu">scs-ra@egi.eu</a> (or <a href="mailto:operations@egi.eu">operations@egi.eu</a>) if you need support.</p>
+<h2 id="requesting-a-new-certificate">Requesting a new certificate</h2>
+<p>Open a ticket to Collaboration Tools SU in <a href="../../helpdesk">EGI Helpdesk</a>,
+providing:</p>
+<ul>
+<li>Justification of the request.</li>
+<li>Type of certificate (host or robot).</li>
+<li>FQDN of the service.</li>
+<li>Mailing list to be used as contact address that will receive
+<a href="#renewing-certificates">renewal notifications</a>.</li>
+<li>For host certificates: a
+<a href="#creating-a-certificate-signing-request">Certificate Signing Request</a>, or
+mentioning the desire to use the <a href="#using-acme-protocol">ACME protocol</a>.</li>
+</ul>
+<p>An operator will follow with the request, and help you getting the certificate.</p>
+<h2 id="retrieving-certificates">Retrieving certificates</h2>
+<ul>
+<li>Host certificates will be sent by email, you will receive a notification with
+links allowing to download it.</li>
+<li>For robot certificates, you will receive an invitation by email allowing to
+generate and retrieve it.</li>
+</ul>
+<h2 id="renewing-certificates">Renewing certificates</h2>
+<p>Certificates are usually valid for one year. Auto-renewal of certificates is
+enabled by default, 30 days before expiration, notifications will be sent to the
+contact address provided when requesting the certificate.</p>
+<p>The notifications contain links allowing to renew the certificate.</p>
+<h2 id="creating-a-certificate-signing-request">Creating a Certificate Signing Request</h2>
+<p>In order to get a certificate, Service Providers may be requested to send a
+Certificate Signing Request (CSR).</p>
+<p>In the CSR only the Common Name (CN) is important, it should be the (FQDN) of
+the service Most of other fields will be replaced by the CA while generating the
+certificate.</p>
+<p>It can be done via different ways, some are documented below.</p>
+<h3 id="using-a-web-application">Using a web application</h3>
+<p>DigiCert provides an online
+<a href="https://www.digicert.com/easy-csr/openssl.htm">web application</a>.</p>
+<h3 id="using-cloudflare-cfssl-tool">Using CloudFlare cfssl tool</h3>
+<p>It can be done with the <code>cfssl</code> tool from
+<a href="https://github.com/cloudflare/cfssl">CloudFlare</a>.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Replace #FQDN# by the FQDN of the service</span>
+</span></span><span style="display:flex;"><span>$ cfssl genkey <<span style="color:#ce5c00;font-weight:bold">(</span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">'{"hosts":["#FQDN#"],"CN"#FQDN#","key":{"algo":"rsa","size":4096}}'</span><span style="color:#ce5c00;font-weight:bold">)</span>
+</span></span><span style="display:flex;"><span> <span style="color:#000;font-weight:bold">|</span> cfssljson -bare <span style="color:#8f5902;font-style:italic">##FQDN##.rsa</span>
+</span></span></code></pre></div><h3 id="using-openssl">Using OpenSSL</h3>
+<p>It can be done using the following <code>OpenSSL</code> command (This will generate a
+password-protected key.</p>
+<p>You will be asked for various questions, but the only important ones are the
+Common Name (CN) and Subject Alternative Names (SAN) (in case you want to
+request a certificates covering different FQDNs), as other values will be
+overwritten by the CA.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ openssl req -out CSR.csr -new -newkey rsa:4096 -keyout privateKey.key
+</span></span></code></pre></div><blockquote>
+<p>Adding the <code>-nodes</code> option will disable password protection for the key,
+beware if using it.</p>
+</blockquote>
+<h3 id="using-acme-protocol">Using ACME protocol</h3>
+<p>It is possible to automate the certificate request and renewal using the
+<a href="https://datatracker.ietf.org/doc/html/rfc8555">ACME protocol</a> via
+<a href="https://certbot.eff.org/">certbot</a> or similar tools.</p>
+<p>Two things should be considered:</p>
+<ul>
+<li>it’s not yet possible to get eScience/IGTF-trusted certificates, it’s on the
+roadmap but without any firm ETA.</li>
+<li>it’s using a different intermediate CA from Sectigo, not the usual GEANT one
+used for TCS, but this shouldn’t have much impact for generic/non-eScience
+public services.</li>
+</ul>
+<p>The EGI SDIS team will have to create and register an ACME client ID for you.</p>
+<p>Once you will have the credential it should be possible to request a
+certificate, using the <a href="https://certbot.eff.org/">standard certbot client</a>, as
+documented below.</p>
+<h4 id="registering-the-client-and-saving-the-credentials-locally">Registering the client and saving the credentials locally</h4>
+<p>This will interactively register your certbot client. Even if the ACME
+credentials are shared, only a given client is able to manage the certificates
+it requested. Email address is used for urgent renewal and security notices.
+This is preferred way if you need to get notifications on certificate expiration
+and if you are doing some manual management or testing.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo certbot register --no-eff-email <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --server https://acme.sectigo.com/v2/OV <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --eab-kid <EAB_KID> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --eab-hmac-key <EAB_HMAC_KEY> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --email <CONTACT_EMAIL>
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Checking existing account</span>
+</span></span><span style="display:flex;"><span>$ sudo certbot show_account --server https://acme.sectigo.com/v2/OV
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Unregistering an account</span>
+</span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Beware: you won't any more be able to revoke certificate issued with the account</span>
+</span></span><span style="display:flex;"><span>$ sudo certbot unregister --server https://acme.sectigo.com/v2/OV
+</span></span></code></pre></div><h5 id="requesting-a-certificate">Requesting a certificate</h5>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo certbot certonly --standalone --non-interactive <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --server https://acme.sectigo.com/v2/OV <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --domain fakedomaindonotexist.egi.eu
+</span></span></code></pre></div><h5 id="revoking-a-certificate">Revoking a certificate</h5>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo certbot revoke <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --server https://acme.sectigo.com/v2/OV <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --cert-name fakedomaindonotexist.egi.eu
+</span></span></code></pre></div><h4 id="registering-and-requesting-a-certificate-all-at-once">Registering and requesting a certificate all at once</h4>
+<p>This is useful when you don’t want interactive registration, like for one shot
+scripts. Email address is used for urgent renewal and security notices.</p>
+<blockquote>
+<p>Apparently the notification to use this email is not visible in cert-manager,
+and the first option with explicit registration may be safer to get the
+notifications, if it’s a required feature.</p>
+</blockquote>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo certbot certonly --standalone --non-interactive --agree-tos <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --server https://acme.sectigo.com/v2/OV <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --eab-kid <EAB_KID> --eab-hmac-key <EAB_HMAC_KEY> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --rsa-key-size <span style="color:#0000cf;font-weight:bold">4096</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --email <CONTACT_EMAIL> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --domain fakedomaindonotexist.egi.eu
+</span></span></code></pre></div><p>Other usual certbot options should also work. You may also be able to use other
+tools that can speak the ACME protocol, it should be standard.</p>Internal: EGI SSO/internal/collaboration-tools/sso/Mon, 01 Jan 0001 00:00:00 +0000/internal/collaboration-tools/sso/
+<p><a href="https://sso.egi.eu">EGI SSO</a> is a legacy central Identity Provider mainly
+intended to access the <a href="../../collaboration-tools">EGI Collaboration Tools</a>.</p>
+<blockquote>
+<p>For most services people should look into using federated authentication via
+<a href="../../../users/aai/check-in">EGI Check-in</a>. Still, for some services not yet
+integrated with Check-in, an EGI SSO account should be used, in that case you
+can <a href="https://sso.egi.eu/admin/email">create an EGI SSO account</a>.</p>
+</blockquote>
+<h2 id="features">Features</h2>
+<ul>
+<li>Central Identity Provider allowing to access EGI Collaboration Tools</li>
+<li>Group management</li>
+<li>Synchronisation of groups with other EGI Collaboration Tools</li>
+<li>Linking of X.509 certificate Distinguished Name (DN) to authenticate using a
+client certificate</li>
+</ul>
+<h2 id="linking-an-x509-certificate-to-an-egi-sso-account">Linking an X.509 certificate to an EGI SSO account</h2>
+<ol>
+<li>Open <a href="https://sso.egi.eu/admin/user">the EGI SSO user management page</a></li>
+<li>Select your new certificate to authenticate with it</li>
+<li>Complete the login process using your username and password</li>
+<li>Once logged, your new DN will be linked to your user account</li>
+</ol>
+<h2 id="updating-the-dn-of-a-certificate-linked-to-a-given-egi-sso-account">Updating the DN of a certificate linked to a given EGI SSO account</h2>
+<blockquote>
+<p>On purpose a user cannot manually edit a certificate DN</p>
+</blockquote>
+<p>You usually just need to link your new DN to your EGI SSO account, as documented
+<a href="#linking-an-x509-certificate-to-an-egi-sso-account">above</a>.</p>
+<p>You may have to do this by in a private browser session to ensure that your
+previous certificate is used.</p>
+<p>Once you have done this, you can request us to remove the former DN by opening
+an <a href="../../helpdesk">Helpdesk</a> ticket to the <strong>Collaboration Tools</strong> Support
+Unit.</p>
+<blockquote>
+<p>Legacy DNs shouldn’t prevent you accessing any service with a newer
+certificate, as long as its DN is linked to your account.</p>
+</blockquote>Internal: Mailing lists/internal/collaboration-tools/mailing-lists/Mon, 01 Jan 0001 00:00:00 +0000/internal/collaboration-tools/mailing-lists/
+<p>Mailing lists are managed by software called Mailman.</p>
+<p>The software provides a web interface and a
+<a href="https://mailman.egi.eu/mailman/listinfo">public list of mailing lists</a> is
+available.</p>
+<h2 id="requesting-the-creation-of-a-new-mailing-list">Requesting the creation of a new mailing list</h2>
+<blockquote>
+<p>By default all mailing lists are managed using groups in EGI SSO. Only for
+very specific they may be managed directly in mailman.</p>
+</blockquote>
+<p>Open a ticket to Collaboration Tools SU in <a href="../../helpdesk">EGI Helpdesk</a>,
+providing:</p>
+<ul>
+<li>List name</li>
+<li>List Description</li>
+<li>List administrator contact</li>
+</ul>
+<p>After validation of those information the list will be created.</p>
+<p>Name and description of the mailing list will be validated, you may be
+recommended to change name or description to follow already existing best
+practices for naming, or to improve description.</p>
+<h2 id="list-administrators">List administrators</h2>
+<p>EGI mailing lists are usually managed by EGI SSO, with some exceptions for lists
+that include members without SSO accounts.</p>
+<p>List administrators of every SSO-managed list are set to the owners of the
+corresponding EGI SSO group when a new list is created.</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+For SSO managed-lists: a change to the
+list of list administrators through the Mailman interface will not be permanent.
+</div>
+<p>Only the EGI IT support can change who are the owners of an SSO group, please
+<a href="mailto:it-support@egi.eu">contact us</a> if you want to add a new list
+administrator.</p>
+<p>Each list can be administered over the web interface by following its link from
+the page Admin links. You can use your EGI SSO password to access the
+administration pages of the lists for which you are the administrator.</p>
+<h2 id="list-members">List members</h2>
+<p>Members of lists are synchronized with members of same named groups in the EGI
+SSO system.</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+For SSO managed-lists: Changes made to
+list membership through the Mailman interface will not be permanent.
+</div>
+<p>Managing list members must be done by managing members of corresponding groups
+in EGI SSO. Log into your EGI SSO account, and you will see a list of groups of
+which you are the owner. Click on the “»manage” link, it will display a page
+where you can</p>
+<ul>
+<li>remove members from the group</li>
+<li>add existing users as members of thew group</li>
+<li>invite new users to the group</li>
+</ul>
+<p>If you manage more then one list, and you need to add many new users to several
+lists at once, it may be helpful to follow the link titled “»Create new users in
+groups”. It directs to a page where you can enter many addresses at once, and
+specify the groups to which they should be added. Existing users will be added
+immediately, non-existing users will be invited to create an account and they
+will be assigned to the groups when they create the account.</p>
+<h2 id="documentation">Documentation</h2>
+<ul>
+<li><a href="https://www.gnu.org/software/mailman/docs.html">Mailman documentation</a></li>
+<li><a href="https://wiki.list.org/DOC/Frequently%20Asked%20Questions">Mailman Frequently Asked Questions</a></li>
+<li><a href="https://wiki.list.org/DOC/3%20List%20administrator%20tasks">List administrator tasks</a></li>
+</ul>
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/mailing-lists/index.html b/612/internal/collaboration-tools/mailing-lists/index.html
new file mode 100644
index 0000000000..a8e44bc279
--- /dev/null
+++ b/612/internal/collaboration-tools/mailing-lists/index.html
@@ -0,0 +1,105 @@
+Mailing lists | Documentation
+
+
+
+
+
+
Mailing lists
Mailing lists usage
Mailing lists are managed by software called Mailman.
By default all mailing lists are managed using groups in EGI SSO. Only for
+very specific they may be managed directly in mailman.
Open a ticket to Collaboration Tools SU in EGI Helpdesk,
+providing:
List name
List Description
List administrator contact
After validation of those information the list will be created.
Name and description of the mailing list will be validated, you may be
+recommended to change name or description to follow already existing best
+practices for naming, or to improve description.
List administrators
EGI mailing lists are usually managed by EGI SSO, with some exceptions for lists
+that include members without SSO accounts.
List administrators of every SSO-managed list are set to the owners of the
+corresponding EGI SSO group when a new list is created.
Note
For SSO managed-lists: a change to the
+list of list administrators through the Mailman interface will not be permanent.
Only the EGI IT support can change who are the owners of an SSO group, please
+contact us if you want to add a new list
+administrator.
Each list can be administered over the web interface by following its link from
+the page Admin links. You can use your EGI SSO password to access the
+administration pages of the lists for which you are the administrator.
List members
Members of lists are synchronized with members of same named groups in the EGI
+SSO system.
Note
For SSO managed-lists: Changes made to
+list membership through the Mailman interface will not be permanent.
Managing list members must be done by managing members of corresponding groups
+in EGI SSO. Log into your EGI SSO account, and you will see a list of groups of
+which you are the owner. Click on the “»manage” link, it will display a page
+where you can
remove members from the group
add existing users as members of thew group
invite new users to the group
If you manage more then one list, and you need to add many new users to several
+lists at once, it may be helpful to follow the link titled “»Create new users in
+groups”. It directs to a page where you can enter many addresses at once, and
+specify the groups to which they should be added. Existing users will be added
+immediately, non-existing users will be invited to create an account and they
+will be assigned to the groups when they create the account.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/service-information/index.xml b/612/internal/collaboration-tools/service-information/index.xml
new file mode 100644
index 0000000000..bff9572cc8
--- /dev/null
+++ b/612/internal/collaboration-tools/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/collaboration-tools/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/collaboration-tools/sso/index.html b/612/internal/collaboration-tools/sso/index.html
new file mode 100644
index 0000000000..66213f2b7a
--- /dev/null
+++ b/612/internal/collaboration-tools/sso/index.html
@@ -0,0 +1,89 @@
+EGI SSO | Documentation
+
+
+
+
+
+
For most services people should look into using federated authentication via
+EGI Check-in. Still, for some services not yet
+integrated with Check-in, an EGI SSO account should be used, in that case you
+can create an EGI SSO account.
Features
Central Identity Provider allowing to access EGI Collaboration Tools
Group management
Synchronisation of groups with other EGI Collaboration Tools
Linking of X.509 certificate Distinguished Name (DN) to authenticate using a
+client certificate
Linking an X.509 certificate to an EGI SSO account
Users can access the system as soon as they are authenticated. However, they
+will only be able to update information based on their roles, and only once they
+will have registered a new user account.
More information about roles and associated permission is available in the
+Users and roles section of the documentation.
Applications requesting a specific role have to be validated by parent roles or
+administrators. Once granted, users can access and/or modify relevant
+information, according to the roles granted to them.
Using institutional account via EGI Check-in
In order to be able to access the Configuration Database with their
+institutional account, users need to:
Have their Identity Provider (IdP) federated in EGI Check-in (via
+eduGAIN or directly).
In the case the user cannot use
+an IdP compliant with REFEDS R&S
+and REFEDS Sirtfi, the user will have to request
+joining a specific group, by performing the steps below. Using a compliant IdP
+is the preferable solution.
The access request will be managed by the EGI Operations team.
Using an X.509 digital certificate
To access the Configuration Database using a digital certificate, first obtain a
+certificate from one of the recognised EU-Grid-PMA Certification Authorities
+(CAs), then install it in your browser of choice (or import it into the
+certificate store of your local machine, on Windows).
Note
X.509 certificates do not support single
+or double quotes in the certificate’s Distinguished Name (DN). The DN below is
+rejected because of the single quote:
/C=UK/O=STFC/OU=SomeOrgUnit/CN=David Mc'Donald
This is in accordance with RFC1778, which
+also disallows single quotes in all Relative Distinguished Name (RDN)
+components, and the OGF Certificate Authority Working Group (CAOPS) who strongly
+discourage any type of quote in a certificate DN as specified by their
+Grid Certificate Profile document.
Registering a new user account
Being authenticated in one of the two ways described above is enough to have
+read-only access to all the public features of the EGI Configuration Database.
+If you need to edit data in and request roles, you will need to fill in the
+registration form.
In the left sidebar, look out for the User status panel
click on the “Register” link
fill in the form and validate
Recovering access to an existing account
Note
If you were registered but are not
+recognised anymore (e.g. because your certificate DN changed), do not register
+again! Instead, follow the steps
+Lost access to your Configuration Database account
+section.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/access/index.xml b/612/internal/configuration-database/access/index.xml
new file mode 100644
index 0000000000..17b9bb407f
--- /dev/null
+++ b/612/internal/configuration-database/access/index.xml
@@ -0,0 +1 @@
+Documentation – Access/internal/configuration-database/access/Recent content in Access on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/adding-new-projects/index.html b/612/internal/configuration-database/adding-new-projects/index.html
new file mode 100644
index 0000000000..7a8f76e54f
--- /dev/null
+++ b/612/internal/configuration-database/adding-new-projects/index.html
@@ -0,0 +1,100 @@
+Adding a new project | Documentation
+
+
+
+
+
+
Adding a new project
How to create a new project in EGI Configuration Database.
Introduction
GOCDB, the software powering the EGI Configuration Database, is multi-tenanted;
+it can host multiple projects in the same instance. There are a number of
+different deployment scenarios that can be used to support new projects detailed
+below. Please contact the EGI Configuration Database admins and EGI Operations
+to discuss the options available.
1) Add resources (sites/services) to an existing project
Resources (NGIs, Sites, Services) would be hosted under an existing project,
+e.g. the ‘EGI’ project.
The new resources would be subject to the rules of the existing project, such
+as site certification status changes and project controlled user memberships.
The resources could not be filtered using a custom scope tag.
2) Add resources (sites/services) to an existing project and add a new Scope tag to represent a sub-grouping
Resources would be hosted under an existing project, and a new scope tag would
+be added for the purposes of resource filtering.
Since the resources are still hosted under an existing project, the new
+resources would still be subject to the rules of the existing project, such as
+site certification status changes and project controlled user memberships.
The resources could be filtered using the new scope tag, but this scope tag
+would not strictly represent a project, rather a sub-grouping under the
+existing project, e.g.
get_services&scope=SubGroupX
+
Note, resources can be tagged multiple times to declare support for multiple
+projects and sub-groups:
3) Add resources (sites/services) to a new Project and add a new Scope tag to filter by project
Resources would be hosted under a new project, and a new scope tag would be
+added named after the project for the purposes of resource filtering.
The resources would not be subject to the rules of other projects, for
+example, allowing the project to control its site certification status changes
+and project controlled user memberships.
The resources could be filtered using the scope tag named after the new
+project, e.g.
get_services&scope=ProjectX
+
Note, resources can be tagged multiple times to declare support for multiple
+projects:
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/adding-new-projects/index.xml b/612/internal/configuration-database/adding-new-projects/index.xml
new file mode 100644
index 0000000000..76ba28c326
--- /dev/null
+++ b/612/internal/configuration-database/adding-new-projects/index.xml
@@ -0,0 +1 @@
+Documentation – Adding a new project/internal/configuration-database/adding-new-projects/Recent content in Adding a new project on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/adding-service-endpoint/add-endpoint.png b/612/internal/configuration-database/adding-service-endpoint/add-endpoint.png
new file mode 100644
index 0000000000..7025ec39d2
Binary files /dev/null and b/612/internal/configuration-database/adding-service-endpoint/add-endpoint.png differ
diff --git a/612/internal/configuration-database/adding-service-endpoint/completed-service-overview.png b/612/internal/configuration-database/adding-service-endpoint/completed-service-overview.png
new file mode 100644
index 0000000000..857b7f5e4e
Binary files /dev/null and b/612/internal/configuration-database/adding-service-endpoint/completed-service-overview.png differ
diff --git a/612/internal/configuration-database/adding-service-endpoint/index.html b/612/internal/configuration-database/adding-service-endpoint/index.html
new file mode 100644
index 0000000000..5e9bcbc65c
--- /dev/null
+++ b/612/internal/configuration-database/adding-service-endpoint/index.html
@@ -0,0 +1,166 @@
+Adding service endpoints | Documentation
+
+
+
+
+
+
Adding service endpoints
Adding service endpoints information into Configuration Database
For monitoring purposes, each service endpoints registered into the
+Configuration Database, and having the flags production and monitored should
+include the endpoint URL information in order to be contacted by the
+corresponding service-specific nagios probe.
The information needed for service type are:
SRM: the value of the attribute GlueServiceEndpoint published in the
+Configuration Database or BDII (e.g. httpg://se.egi.eu:8444/srm/managerv2)
Cloud:
org.openstack.nova: The endpoint URL must contain the Keystone v3 URL:
+https://hostname:port/url/v3
org.openstack.swift:The endpoint URL must contain the Keystone v3 URL:
+https://hostname:port/url/v3
eu.egi.cloud.accounting: for the host sending the records to the
+accounting repository
Other service types: the value of the attribute GlueServiceEndpoint
+published in the BDII
It is also possible to register additional endpoints for every services, they
+will also be monitored if the “Monitored” flag is set.
For having more information about managing the Service endpoints in the
+Configuration Database, please consult the
+service endpoints documentation.
Retrieving the information
For retrieving the queue URL from the BDII, you can use the command
+lcg-infosites, to be executed from a UI. Be sure to query a production Top
+BDII: you can either use the one provided by your Operations Centre or choose
+one from
+the Configuration Database
In a similar way, by just changing the value of GlueServiceType, you can
+retrieve the endpoint URLs of other services.
An alternative way for retrieving the GlueServiceEndpoint URL is using the
+GLUE2 information browser provided by
+VAPOR: select
+your NGI, then your site and hence the Storage service; click on the endpoint
+details button for finding the URL associated to the SRM interface.
Filling the information in
URLs information are completely missing
Editing the services information
Site overview
This is the home page regarding your site. You need to fill in the URL
+information.
Click on a service for displaying its page (e.g. the CREAM-CE).
Editing a service
Click on the EDIT button in the top right corner
Adding a Service URL
fill in the Service URL field with the queue URL
Reviewing the site
Now the CREAM-CE service endpoint contains the required queue information.
Proceed in a similar way for the other services.
Additional endpoints information
In case you need to register an additional endpoint for a service, go on the
+service summary page and add the proper information. In the example below it is
+shown the case of a computing element.
Service summary page
This is the service summary page.
You need to click on the Add endpoint button for registering additional
+endpoint URLs.
Adding an endpoint
Fill in the proper information and don’t forget to select the “Monitored” flag
+for making Nagios to detect the new endpoint.
Reviewing the endpoint description
The summary page of the endpoint just added should look like this one.
Reviewing the service description
And this is the summary page of the service reporting the information about all
+its endpoints registered: the first one in the Grid Information section and
+the additional ones in the Service Endpoints section.
Examples
webdav
In order to properly monitor your webdav endpoint:
you should register a new service endpoint with the webdav service type,
+separated from the SRM one;
the endpoint URL information used for monitoring purposes should be set in the
+extension properties section. Create the following:
Name: ARGO_WEBDAV_OPS_URL
Value: webdav URL containing also the VO ops folder, for example:
+https://darkstorm.cnaf.infn.it:8443/webdav/ops or
+https://hepgrid11.ph.liv.ac.uk/dpm/ph.liv.ac.uk/home/ops/
it corresponds to the value of GLUE2 attribute GLUE2EndpointURL
+(containing the used port and without the VO folder);
verify that the webdav URL (for example:
+https://darkstorm.cnaf.infn.it:8443/webdav) is properly accessible.
EOS and XrootD service endpoints
The EOS service endpoints expose an XrootD interface, so in order to properly
+monitor them, even in case you provide a plain XrootD endpoint, please do the
+following:
you should register a new service endpoint with the XrootD service type;
the endpoint URL information used for monitoring purposes should be set in the
+extension properties section. Create the following:
Name: ARGO_XROOTD_OPS_URL
Value: XRootD base SURL to test (the path where ops VO has write access),
+for example: root://eosatlas.cern.ch//eos/atlas/opstest/egi/,
+root://recas-se-01.cs.infn.it:1094/dpm/cs.infn.it/home/ops/,
+root://dcache-atlas-xrootd-ops.desy.de:2811/pnfs/desy.de/ops or similar).
+Pay attention to the port configured for the interface.
GridFTP
In order to properly monitor your gridftp endpoint for ops VO
register a new service endpoint, associating the storage element hostname to
+the service type globus-GRIDFTP, with the “production” flag disabled;
in the “Extension Properties” section of the
+service endpoint page, fill in the following fields:
Name: SE_PATH
Value: /dpm/ui.savba.sk/home/ops (this is an example, set the proper path)
check if the tests are OK (it might take some hours for detecting the new
+service endpoint) and then switch the production flag to “yes”
SURL value for SRM
The SURL value needed by the SRM monitoring probes is the following structure:
srm://<hostname>:<port>/srm/managerv2?SFN=<GlueSAPath or GlueVOInfoPath>
The Read API provides programmatic access to the data. Access to some
+information (security/critical, personal details, otherwise sensitive
+information) is restricted, more details are available in the section about
+data protection levels.
The Write API provides limited functionality to add, update, and delete
+entities. Access is restricted, more details can be found in the section about
+authentication and authorisation.
Using the Read API
Querying
API calls can be tested in a browser or done from the command-line interface,
+using curl.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/api/index.xml b/612/internal/configuration-database/api/index.xml
new file mode 100644
index 0000000000..167971e37a
--- /dev/null
+++ b/612/internal/configuration-database/api/index.xml
@@ -0,0 +1 @@
+Documentation – API/internal/configuration-database/api/Recent content in API on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/downtimes/index.html b/612/internal/configuration-database/downtimes/index.html
new file mode 100644
index 0000000000..5accdb6200
--- /dev/null
+++ b/612/internal/configuration-database/downtimes/index.html
@@ -0,0 +1,126 @@
+Downtimes | Documentation
+
+
+
+
+
+
Downtimes
Managing and consulting downtimes
Definition
A downtime is a period of time for which a service is declared to be inoperable.
+Downtimes may be scheduled (e.g. for software/hardware upgrades), or unscheduled
+(e.g. power outages). The Configuration Database stores the following
+information about downtimes (non exhaustive list):
The downtime classification (Scheduled or unscheduled)
The severity of the downtime
The date at which the downtime was added
The start and end of the downtime period
A description of the downtime
The entities affected by the downtime
Manipulating downtimes
Viewing downtimes
There are different pages in the Configuration Database where downtimes are
+listed:
Active & Imminent, linked from the main menu, that allows users to see
+currently active downtimes and downtimes planned in the coming weeks.
Downtime Calendar, linked from the main menu, that allows users to view
+and filter all downtimes.
Site details, where all the downtimes associated to the site are listed
Service endpoint details, where all the downtimes associated to the
+service endpoint are listed.
Service group details, where all the downtimes associated to the service
+group are listed.
Each downtime has its own page providing details, accessible by clicking on the
+Downtime Id link or similar in downtime listing pages.
Authenticated users can
+subscribe to downtimes
+affecting sites selected using a filter. The downtimes notifications can be sent
+by email, RSS and iCal, allowing to easily integrate with your calendar.
Adding downtimes
Provided you have proper permissions (check the
+permissions matrix
+section), you can add a downtime by clicking on the Add Downtime link in the
+sidebar.
This is done in 2 steps:
Enter downtime information
Specify the full list of impacted services in case there is more than one or
+select an site to select all the sites associated services.
Please note
All dates have to be entered in UTC or using the Site Timezone.
A downtime can be retrospectively added if its start date is less than 48h
+in the past (giving a 2 day window to add).
downtime classification (scheduled/unscheduled) is determined automatically
+(see Scheduled or unscheduled section)
Editing downtime information
To edit a downtime, simply click the edit link on top of the downtime’s
+details page.
A downtime can be retrospectively updated if its start date is less than 48h
+in the past (giving a 2 day window to modify).
Note there are limitations to downtime editing, especially if it has already
+started, or is due to start in the next 24hrs or is finished. See
+downtime shortening and extension
+section for more details.
Removing downtimes
To delete a downtime, simply click the delete link on top of the downtime’s
+details page. For integrity reasons, it is only possible to remove downtimes
+that have not started.
Good practices and further understanding
Scheduled or unscheduled
Depending on the planning of the intervention, downtimes can be:
Scheduled: planned and agreed in advance
Unscheduled: planned or unplanned, usually triggered by an unexpected
+failure or at a short term notice
EGI defines precise rules about what should be declared as scheduled or
+unscheduled, based on how long in advance the downtime is declared. These
+rules are described in
+MAN02 Service intervention management
+and are enforced as follows:
All downtimes declared less than 24h in advance will be automatically
+classified as UNSCHEDULED
All other downtimes will be classified as SCHEDULED
Notes
A downtime can be retrospectively declared and/or updated if its start date
+is less than 48h in the past (giving a 2 day window to add/modify).
Although 24h in advance is enough for the downtime to be classified as
+SCHEDULED, it is good practice to declare it at least 5 working days before
+it starts.
WARNING or OUTAGE?
When declaring a downtime, you will be presented the choice of a “severity”,
+which can be either WARNING or OUTAGE. Please consider the following
+definitions:
WARNING means the resource is considered available, but the quality of
+service might be degraded. Such downtimes generate notifications, but are not
+taken into account by monitoring and availability calculation tools. In case
+of a service failure during the WARNING period an OUTAGE downtime has to
+be declared, cancelling the rest of the WARNING downtime.
OUTAGE means the resource is considered as unavailable. Such downtimes will
+be considered as in maintenance by monitoring and availability calculation
+tools.
Downtime shortening and extension
Limitation rules to downtime extensions are enforced as follows:
Scheduled downtimes due to start in 24 hours cannot be edited in any way, nor
+deleted.
Other downtimes that have not yet started can be edit and deleted.
They can be shortened or moved, i.e. They can be edited such that:
Both start and end time are still in the future
The duration remains the same or is decreased
Ongoing downtimes can not be deleted.
A downtime cannot be edited once it has finished, nor can a new downtime be
+added more than 48 hours into the past.
If for any reason a downtime already declared needs to be extended, the
+procedure is to add another adjacent downtime, before or after.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/downtimes/index.xml b/612/internal/configuration-database/downtimes/index.xml
new file mode 100644
index 0000000000..c6758c78f5
--- /dev/null
+++ b/612/internal/configuration-database/downtimes/index.xml
@@ -0,0 +1 @@
+Documentation – Downtimes/internal/configuration-database/downtimes/Recent content in Downtimes on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/extension-properties/index.html b/612/internal/configuration-database/extension-properties/index.html
new file mode 100644
index 0000000000..04bd796e1f
--- /dev/null
+++ b/612/internal/configuration-database/extension-properties/index.html
@@ -0,0 +1,144 @@
+Extension Properties | Documentation
+
+
+
+
+
+
Extension Properties
Extension Properties
Introduction
Sites, Services, service endpoints, and Service Groups can be extended by
+adding custom key-value pairs (this follows the GLUE2 extensibility
+mechanism).
Extension properties address a number of use cases, such as filtering Sites
+and/or Services that define particular properties.
Selected methods in the Configuration Database API support the ’extensions'
+URL parameter. This parameter is used to filter resources according to the
+extensions they define (described below).
Properties are rendered in the XML results of the Site/Service/ServiceGroup
+using the “EXTENSIONS” XML element, for an example see a
+sample output from get_service_endpoint(link
+to old EGI Wiki)
Note, anyone with permissions over the target entity can add extension
+properties to that object.
This allows ‘Folksonomy’ building: ‘a user-generated system of classifying and
+organizing content into different categories by the use of metadata such as
+electronic tags’
A number of use cases can be addressed; e.g. filtering Sites that support a
+specific property, e.g. ‘P4U_Pilot_Cloud_Wall’
Key-value pairs prevent certain characters from being used in their values.
+This includes the equals and opening/closing parenthesis chars ‘=()’. This is
+to simplify lexical parsing of the query. In addition, to guard against
+cross-site scripting attacks, the quote, double quote, semi-colon and back
+tick chars are also not allowed.
Keys must be unique for a given site, service, or service endpoint, or service
+group.
Extension Properties in the PI
Selected PI methods allow results to be filtered by extension properties via
+the ’extensions’ PI parameter.
The format of the ’extensions’ PI parameter is one or more (key=value) pairs
+enclosed in brackets.
The value part of a (k=v) pair can be omitted if filtering by value is not
+required (i.e. ‘(somekey=)’ means select all resources that define the
+‘somekey’ property with any value.
(k=v) pairs can be optionally prefixed with one of following operators: AND,
+OR, NOT.
If no operator is specified before the FIRST (k=v) pair, then AND is
+assumed.
A single operator applies to ALL the (k=v) pairs to the right of the
+operator until another operator is encountered.
An AND forms a logical conjunction with any previously specified conditions.
An OR forms a logical disjunction with any previously specified conditions.
A NOT forms a logical conjunction with any previously specified conditions
+(it can be read as ‘AND NOT’)
Because an OR always forms a logical disjunction with any previously
+specified conditions, you can’t OR against a group occurring to the right
+that contains multiple k=v pairs e.g. the following is not supported (if
+there is sufficient demand, it could be considered for a future
+enhancement): - ((k=v1)AND(k=v2)) OR ((k=v3)AND(k=v4))
Examples:
Eg (note no leading AND):
(key1=val)(key2=va2)OR(key3=val3)(key4=val4)NOT(key5=val5)(key6=val6) is
+expanded to:
AND(key1=val)AND(key2=va2)OR(key3=val3)OR(key4=val4)NOT(key5=val5)NOT(key6=val6)
+which is interpreted as:
To return all sites that define VO with a value of Alice:
?method=get_site&extensions=(VO=Alice)
+
Use no value to define a wildcard search, i.e. all sites that define the VO
+property regardless of value:
?method=get_site&extensions=(VO=)
+
NOTE: From version 5.7 (Autumn/Winter 2016) keys must be unique for a given
+site, service, or service endpoint, or service group. The following section of
+documentation has not yet been changed to reflect this.
Extensions also supports OR/AND/NOT operators. This can be used to search
+against multiple key values eg:
The site_extensions and service_extensions can also be used on the
+get_downtime and get_downtime_nested_services methods using same logic
+described above. Note, the EXTENSIONS element is not rendered in the XML
+output for these queries.
For EGI Services, the Standard Extension property “HostDN” has been defined to
+allow the fetching the DNs of multiple hosts behind a load balanced service from
+the endpoint properties of a single GOCDB Service, rather than creating multiple
+GOCDB Services with different host DNs.
Recommended Use
To supply multiple or alternate DN(s) for a service, for example of the multiple
+hosts supporting a single service entry, the Service Extension Property
+(hereafter Ext) “HostDN” SHOULD be used. If Ext “HostDN” is present it MUST
+contain one or more x.509 DN values. Multiple values MUST be delimited by
+enclosing each within “<>” characters. If Ext “HostDN” is present, the Service
+“Host DN” SHOULD contain the x.509 SubjectAltName used in the X509
+certificate(s) presented by the hosts identified by the Ext “HostDN” values.
I am responsible for a site that has recently entered the EGI infrastructure. How do I register it?
Only registered users with an approved role on an NGI can add a new site. If you
+are the site administrator, the first thing to do is to contact your NGI staff
+and ask them to add the site for you. Then, register to EGI Configuration
+Database (see the user account section) and ask for a site admin role for your
+site (see the requesting a role section). Once your role approved, you will be
+able to edit and change your site information.
How do I extend a declared schedule downtime?
Because of EGI policies it is not possible to extend a downtime. Recommended
+good practice for any downtime extension is to declare a new unscheduled
+downtime, starting just when the first one finishes. Please refer to the
+downtimes section of this documentation for more information, especially the
+“downtime extension” paragraph.
I have declared a downtime “at risk”, and it turns out to be an outage. How can I declare this properly?
If you have declared the downtime as being at risk and an outage actually
+happens half way through, you need to update the Configuration Database to
+reflect the fact that your site is now down. There is currently no way of doing
+this by updating the downtime on the fly without having the system considering
+the whole downtime as being an outage. The best way to proceed is:
Modify end date of your “at risk” downtime, so that it ends in a few minutes
Enter a new “outage” downtime, starting when the other ends
How do I switch monitoring on/off for my nodes?
Monitoring status in Configuration Database cannot always be switched off. If a
+node is declared as delivering a production service, rules apply and the node
+has to be monitored. If you are running a test node and want to switch
+monitoring off, set both “monitoring” and “production” to “N”.
Why nobody has approved my role request yet?
Someone has to approve any request you make, in order to ensure nobody is trying
+to get inappropriate roles. If yours is not getting approved, this can either be
+because your request was not legitimate, or most likely because the people that
+are supposed to do it forgot about it. Please refer to the Roles permissions
+definitions section of this documentation to determine who should validate your
+role, and try to get in touch with them. If you are requesting a site admin
+role, they are likely to be your fellow site admins or your NGI operators.
I am not an EGI user but need access to the backend to retrieve information for my project. What can I do?
Accessing the backend through another way than the
+Configuration Database web interface is out of the scope
+of this documentation. Please refer to the technical documentation instead,
+which is available from GOCDB Documentation.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/faq/index.xml b/612/internal/configuration-database/faq/index.xml
new file mode 100644
index 0000000000..5ab6ee339a
--- /dev/null
+++ b/612/internal/configuration-database/faq/index.xml
@@ -0,0 +1 @@
+Documentation – FAQ/internal/configuration-database/faq/Recent content in FAQ on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/index.html b/612/internal/configuration-database/index.html
new file mode 100644
index 0000000000..97bbca5fbc
--- /dev/null
+++ b/612/internal/configuration-database/index.html
@@ -0,0 +1,90 @@
+Configuration Database | Documentation
+
+
+
+
+
+
Configuration Database
Topology and configuration registry for sites in EGI infrastructure
What is it?
The EGI Configuration Database (GOCDB) is a central
+registry that records topology information about all sites participating in
+the EGI infrastructure.
The configuration database also provides different rules and grouping mechanisms
+for filtering and managing the information associated to resources. This can
+include entities such as operations and resource centres, service endpoints and
+their downtimes, contact information and roles of staff responsible for
+operations at different levels.
The configuration database is used by all the actors (end users, site managers,
+NGI managers, support teams, VO managers), by other tools, and by third party
+middleware to discover information about the infrastructure topology.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/index.xml b/612/internal/configuration-database/index.xml
new file mode 100644
index 0000000000..6e3322a360
--- /dev/null
+++ b/612/internal/configuration-database/index.xml
@@ -0,0 +1,1512 @@
+Documentation – Configuration Database/internal/configuration-database/Recent content in Configuration Database on DocumentationHugo -- gohugo.ioInternal: Service information/internal/configuration-database/service-information/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/service-information/
+<h2 id="identity-card">Identity card</h2>
+<!-- markdownlint-disable no-inline-html no-bare-urls -->
+<table>
+<thead>
+<tr>
+<th>Property</th>
+<th>Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Name</td>
+<td>Configuration Database</td>
+</tr>
+<tr>
+<td>Description</td>
+<td>Central registry of the infrastructure topology</td>
+</tr>
+<tr>
+<td>URL</td>
+<td><a href="https://goc.egi.eu">https://goc.egi.eu</a></td>
+</tr>
+<tr>
+<td>Support Email</td>
+<td><code>gocdb-admin</code> <code><at></code> <code>mailman.egi.eu</code></td>
+</tr>
+<tr>
+<td><a href="../../helpdesk">Helpdesk</a> Support Unit</td>
+<td><strong>EGI Services and Service Components</strong> <br /> I__ Configuration Database (GOCDB)</td>
+</tr>
+<tr>
+<td>Configuration Database entry</td>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=335">https://goc.egi.eu/portal/index.php?Page_Type=Site&id=335</a></td>
+</tr>
+<tr>
+<td>Supplier</td>
+<td><a href="https://www.ukri.org/">UKRI</a></td>
+</tr>
+<tr>
+<td>Roadmap</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Release notes</td>
+<td><a href="https://github.com/GOCDB/gocdb/releases">Release notes</a></td>
+</tr>
+<tr>
+<td>Source code</td>
+<td><a href="https://github.com/GOCDB">https://github.com/GOCDB</a></td>
+</tr>
+<tr>
+<td>Issue tracker for developers</td>
+<td><a href="https://github.com/GOCDB/gocdb/issues">https://github.com/GOCDB/gocdb/issues</a></td>
+</tr>
+<tr>
+<td>Licence</td>
+<td>Apache 2.0</td>
+</tr>
+<tr>
+<td>Privacy Notice</td>
+<td><a href="https://goc.egi.eu/privacy.html">Privacy notice</a></td>
+</tr>
+</tbody>
+</table>
+<!-- markdownlint-enable no-inline-html no-bare-urls -->Internal: Access/internal/configuration-database/access/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/access/
+<p>To access the <a href="https://goc.egi.eu">web interface</a> of the EGI Configuration
+Database (GOCDB), users can either:</p>
+<ul>
+<li><a href="#using-institutional-account-via-egi-check-in">Use EGI Check-in</a> with an
+institutional account, or</li>
+<li><a href="#using-an-x509-digital-certificate">Use an X.509 digital certificate</a>
+installed in the internet browser, or the local machine’s certificate store.</li>
+</ul>
+<p>Users can access the system as soon as they are authenticated. However, they
+will only be able to update information based on their roles, and only once they
+will have <a href="#registering-a-new-user-account">registered a new user account</a>.</p>
+<p>More information about roles and associated permission is available in the
+<a href="../users-roles"><em>Users and roles</em></a> section of the documentation.</p>
+<p>Applications requesting a specific role have to be validated by parent roles or
+administrators. Once granted, users can access and/or modify relevant
+information, according to the roles granted to them.</p>
+<h2 id="using-institutional-account-via-egi-check-in">Using institutional account via EGI Check-in</h2>
+<p>In order to be able to access the Configuration Database with their
+institutional account, users need to:</p>
+<ol>
+<li>Have their Identity Provider (IdP) federated in EGI Check-in (via
+<a href="https://edugain.org/">eduGAIN</a> or directly).</li>
+<li>Have created an <a href="../../../users/aai/check-in/signup">EGI Check-in account</a>.</li>
+</ol>
+<div class="alert alert-warning" role="alert">
+<h4 class="alert-heading">Important</h4>
+<p>In the case the user cannot use
+an IdP compliant with <a href="https://refeds.org/research-and-scholarship">REFEDS R&S</a>
+and <a href="https://refeds.org/sirtfi">REFEDS Sirtfi</a>, the user will have to request
+joining a specific group, by performing the steps below. Using a compliant IdP
+is the preferable solution.</p>
+<ol>
+<li>User should ask to join the
+<a href="https://aai.egi.eu/registry/co_petitions/start/coef:41">GOCDB user group</a>.</li>
+<li>The access request will be managed by the EGI Operations team.</li>
+</ol>
+</div>
+<h2 id="using-an-x509-digital-certificate">Using an X.509 digital certificate</h2>
+<p>To access the Configuration Database using a digital certificate, first obtain a
+certificate from one of the recognised EU-Grid-PMA Certification Authorities
+(CAs), then install it in your browser of choice (or import it into the
+certificate store of your local machine, on Windows).</p>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+<p>X.509 certificates do not support single
+or double quotes in the certificate’s Distinguished Name (DN). The DN below is
+rejected because of the single quote:</p>
+<p><code>/C=UK/O=STFC/OU=SomeOrgUnit/CN=David Mc'Donald</code></p>
+<p>This is in accordance with <a href="https://tools.ietf.org/html/rfc1778">RFC1778</a>, which
+also disallows single quotes in all Relative Distinguished Name (RDN)
+components, and the OGF Certificate Authority Working Group (CAOPS) who strongly
+discourage any type of quote in a certificate DN as specified by their
+<a href="https://www.ogf.org/documents/GFD.125.pdf">Grid Certificate Profile</a> document.</p>
+</div>
+<h2 id="registering-a-new-user-account">Registering a new user account</h2>
+<p>Being authenticated in one of the two ways described above is enough to have
+read-only access to all the public features of the EGI Configuration Database.
+If you need to edit data in and request roles, you will need to fill in the
+registration form.</p>
+<p><strong>To Register</strong>:</p>
+<ul>
+<li>Go to the <a href="https://goc.egi.eu">EGI Configuration Database web portal</a></li>
+<li>In the left sidebar, look out for the <strong>User status</strong> panel</li>
+<li>click on the “Register” link</li>
+<li>fill in the form and validate</li>
+</ul>
+<h2 id="recovering-access-to-an-existing-account">Recovering access to an existing account</h2>
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+If you were registered but are not
+recognised anymore (e.g. because your certificate DN changed), do not register
+again! Instead, follow the steps
+<a href="../users-roles/managing-accounts#lost-access-to-your-account">Lost access to your Configuration Database account</a>
+section.
+</div>Internal: Adding service endpoints/internal/configuration-database/adding-service-endpoint/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/adding-service-endpoint/
+<p>For monitoring purposes, each service endpoints registered into the
+Configuration Database, and having the flags <em>production</em> and <em>monitored</em> should
+include the endpoint URL information in order to be contacted by the
+corresponding service-specific nagios probe.</p>
+<p>The information needed for service type are:</p>
+<ul>
+<li><strong>SRM</strong>: the value of the attribute <code>GlueServiceEndpoint</code> published in the
+Configuration Database or BDII (e.g. <code>httpg://se.egi.eu:8444/srm/managerv2</code>)</li>
+<li>Cloud:
+<ul>
+<li><strong>org.openstack.nova</strong>: The <code>endpoint URL</code> must contain the Keystone v3 URL:
+<code>https://hostname:port/url/v3</code></li>
+<li><strong>org.openstack.swift</strong>:The <code>endpoint URL</code> must contain the Keystone v3 URL:
+<code>https://hostname:port/url/v3</code></li>
+<li><strong>eu.egi.cloud.accounting</strong>: for the host sending the records to the
+accounting repository</li>
+</ul>
+</li>
+<li>Other service types: the value of the attribute <code>GlueServiceEndpoint</code>
+published in the BDII</li>
+</ul>
+<p>It is also possible to register additional endpoints for every services, they
+will also be monitored if the “Monitored” flag is set.</p>
+<p>For having more information about managing the Service endpoints in the
+Configuration Database, please consult the
+<a href="../service-entities">service endpoints documentation</a>.</p>
+<h2 id="retrieving-the-information">Retrieving the information</h2>
+<p>For retrieving the queue URL from the BDII, you can use the command
+<code>lcg-infosites</code>, to be executed from a UI. Be sure to query a production Top
+BDII: you can either use the one provided by your Operations Centre or choose
+one from
+<a href="https://goc.egi.eu/portal/index.php?Page_Type=Service_Group&id=1205">the Configuration Database</a></p>
+<p>For example:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ <span style="color:#204a87">export</span> <span style="color:#000">LCG_GFAL_INFOSYS</span><span style="color:#ce5c00;font-weight:bold">=</span>egee-bdii.cnaf.infn.it:2170
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>$ lcg-infosites --vo ops ce <span style="color:#000;font-weight:bold">|</span> grep nikhef
+</span></span><span style="display:flex;"><span> <span style="color:#0000cf;font-weight:bold">5680</span> <span style="color:#0000cf;font-weight:bold">15</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> dissel.nikhef.nl:2119/jobmanager-pbs-infra
+</span></span><span style="display:flex;"><span> <span style="color:#0000cf;font-weight:bold">5680</span> <span style="color:#0000cf;font-weight:bold">17</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#0000cf;font-weight:bold">0</span> gazon.nikhef.nl:8443/cream-pbs-infra
+</span></span><span style="display:flex;"><span> <span style="color:#0000cf;font-weight:bold">5680</span> <span style="color:#0000cf;font-weight:bold">15</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> juk.nikhef.nl:8443/cream-pbs-infra
+</span></span><span style="display:flex;"><span> <span style="color:#0000cf;font-weight:bold">5680</span> <span style="color:#0000cf;font-weight:bold">15</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> klomp.nikhef.nl:8443/cream-pbs-infra
+</span></span><span style="display:flex;"><span> <span style="color:#0000cf;font-weight:bold">5680</span> <span style="color:#0000cf;font-weight:bold">16</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> stremsel.nikhef.nl:8443/cream-pbs-infra
+</span></span></code></pre></div><p>In order to find the <code>GlueServiceEndpoint</code> URL of your SRM service, you can
+launch a LDAP query to your Site BDII (or directly to the SRM service):</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ ldapsearch -x -LLL -H ldap://sbdii01.ncg.ingrid.pt:2170 <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -b <span style="color:#4e9a06">"mds-vo-name=NCG-INGRID-PT,o=grid"</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#4e9a06">'(&(objectClass=GlueService)(GlueServiceType=SRM))'</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> GlueServiceEndpoint
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>dn: <span style="color:#000">GlueServiceUniqueID</span><span style="color:#ce5c00;font-weight:bold">=</span>httpg://srm01.ncg.ingrid.pt:8444/srm/managerv2,Mds-Vo-name<span style="color:#ce5c00;font-weight:bold">=</span>NCG-INGRID-PT,o<span style="color:#ce5c00;font-weight:bold">=</span>grid
+</span></span><span style="display:flex;"><span>GlueServiceEndpoint: httpg://srm01.ncg.ingrid.pt:8444/srm/managerv2
+</span></span></code></pre></div><p>In a similar way, by just changing the value of <code>GlueServiceType</code>, you can
+retrieve the endpoint URLs of other services.</p>
+<p>An alternative way for retrieving the <code>GlueServiceEndpoint</code> URL is using the
+GLUE2 information browser provided by
+<a href="https://operations-portal.egi.eu/vapor/resources/GL2ResNGISites">VAPOR</a>: select
+your NGI, then your site and hence the Storage service; click on the <em>endpoint
+details</em> button for finding the URL associated to the SRM interface.</p>
+<h2 id="filling-the-information-in">Filling the information in</h2>
+<h3 id="urls-information-are-completely-missing">URLs information are completely missing</h3>
+<h4 id="editing-the-services-information">Editing the services information</h4>
+<ul>
+<li>Site overview</li>
+</ul>
+<p>This is the home page regarding your site. You need to fill in the URL
+information.</p>
+<blockquote>
+<p>Click on a service for displaying its page (e.g. the CREAM-CE).</p>
+</blockquote>
+<p><img src="site-overview.png" alt="Site overview"></p>
+<ul>
+<li>Editing a service</li>
+</ul>
+<blockquote>
+<p>Click on the EDIT button in the top right corner</p>
+</blockquote>
+<p><img src="service-overview.png" alt="Service overview"></p>
+<ul>
+<li>Adding a Service URL</li>
+</ul>
+<blockquote>
+<p>fill in the <em>Service URL</em> field with the queue URL</p>
+</blockquote>
+<p><img src="service-edition.png" alt="Service Edition"></p>
+<ul>
+<li>Reviewing the site</li>
+</ul>
+<p>Now the CREAM-CE service endpoint contains the required queue information.</p>
+<blockquote>
+<p>Proceed in a similar way for the other services.</p>
+</blockquote>
+<p><img src="completed-service-overview.png" alt="Completed service overview"></p>
+<h3 id="additional-endpoints-information">Additional endpoints information</h3>
+<p>In case you need to register an additional endpoint for a service, go on the
+service summary page and add the proper information. In the example below it is
+shown the case of a computing element.</p>
+<ul>
+<li>Service summary page</li>
+</ul>
+<p>This is the service summary page.</p>
+<blockquote>
+<p>You need to click on the <em>Add endpoint</em> button for registering additional
+endpoint URLs.</p>
+</blockquote>
+<p><img src="service-summary-page.png" alt="Service summary page"></p>
+<ul>
+<li>Adding an endpoint</li>
+</ul>
+<blockquote>
+<p>Fill in the proper information and don’t forget to select the “Monitored” flag
+for making Nagios to detect the new endpoint.</p>
+</blockquote>
+<p><img src="add-endpoint.png" alt="Adding and endpoint"></p>
+<ul>
+<li>Reviewing the endpoint description</li>
+</ul>
+<p>The summary page of the endpoint just added should look like this one.</p>
+<p><img src="service-endpoint-page.png" alt="Service endpoint page"></p>
+<ul>
+<li>Reviewing the service description</li>
+</ul>
+<p>And this is the summary page of the service reporting the information about all
+its endpoints registered: the first one in the <em>Grid Information</em> section and
+the additional ones in the <em>Service Endpoints</em> section.</p>
+<p><img src="service-description-review.png" alt="Service summary page"></p>
+<h2 id="examples">Examples</h2>
+<h3 id="webdav">webdav</h3>
+<p>In order to properly monitor your webdav endpoint:</p>
+<ul>
+<li>you should register a new service endpoint with the webdav service type,
+separated from the SRM one;</li>
+<li>the endpoint URL information used for monitoring purposes should be set in the
+<a href="../extension-properties">extension properties</a> section. Create the following:
+<ul>
+<li>Name: ARGO_WEBDAV_OPS_URL</li>
+<li>Value: webdav URL containing also the VO ops folder, for example:
+<code>https://darkstorm.cnaf.infn.it:8443/webdav/ops</code> or
+<code>https://hepgrid11.ph.liv.ac.uk/dpm/ph.liv.ac.uk/home/ops/</code>
+<ul>
+<li>it corresponds to the value of GLUE2 attribute <code>GLUE2EndpointURL</code>
+(containing the used port and without the VO folder);</li>
+</ul>
+</li>
+</ul>
+</li>
+<li>verify that the webdav URL (for example:
+<code>https://darkstorm.cnaf.infn.it:8443/webdav</code>) is properly accessible.</li>
+</ul>
+<h3 id="eos-and-xrootd-service-endpoints">EOS and XrootD service endpoints</h3>
+<p>The EOS service endpoints expose an XrootD interface, so in order to properly
+monitor them, even in case you provide a plain XrootD endpoint, please do the
+following:</p>
+<ul>
+<li>you should register a new service endpoint with the XrootD service type;</li>
+<li>the endpoint URL information used for monitoring purposes should be set in the
+<a href="../extension-properties">extension properties</a> section. Create the following:
+<ul>
+<li>Name: ARGO_XROOTD_OPS_URL</li>
+<li>Value: XRootD base SURL to test (the path where ops VO has write access),
+for example: <code>root://eosatlas.cern.ch//eos/atlas/opstest/egi/</code>,
+<code>root://recas-se-01.cs.infn.it:1094/dpm/cs.infn.it/home/ops/</code>,
+<code>root://dcache-atlas-xrootd-ops.desy.de:2811/pnfs/desy.de/ops</code> or similar).
+Pay attention to the port configured for the interface.</li>
+</ul>
+</li>
+</ul>
+<h3 id="gridftp">GridFTP</h3>
+<p>In order to properly monitor your gridftp endpoint for ops VO</p>
+<ul>
+<li>register a new service endpoint, associating the storage element hostname to
+the service type <code>globus-GRIDFTP</code>, with the “production” flag disabled;</li>
+<li>in the “<a href="../extension-properties">Extension Properties</a>” section of the
+service endpoint page, fill in the following fields:
+<ul>
+<li>Name: SE_PATH</li>
+<li>Value: <code>/dpm/ui.savba.sk/home/ops</code> (this is an example, set the proper path)</li>
+</ul>
+</li>
+<li>check if the tests are OK (it might take some hours for detecting the new
+service endpoint) and then switch the production flag to “yes”</li>
+</ul>
+<h3 id="surl-value-for-srm">SURL value for SRM</h3>
+<p>The SURL value needed by the SRM monitoring probes is the following structure:</p>
+<p><code>srm://<hostname>:<port>/srm/managerv2?SFN=<GlueSAPath or GlueVOInfoPath></code></p>
+<p>For example:</p>
+<p><code>srm://ccsrm.in2p3.fr:8443/srm/managerv2?SFN=/pnfs/in2p3.fr/data/dteam/</code></p>
+<ul>
+<li>As explained in previous sections, you can retrieve the port number from the
+<code>GlueServiceEndpoint</code> URL information.</li>
+<li>If your SE provides <code>GlueSAPath</code> information, use that. To retrieve it:</li>
+</ul>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ ldapsearch -x -LLL -H <ldap://sbdii01.ncg.ingrid.pt:2170> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -b <span style="color:#4e9a06">"mds-vo-name=NCG-INGRID-PT,o=grid"</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#4e9a06">'(&(objectClass=GlueSA)(GlueSAAccessControlBaseRule=VO:ops))'</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> GlueSAPath GlueChunkKey
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>dn: <span style="color:#000">GlueSALocalID</span><span style="color:#ce5c00;font-weight:bold">=</span>opsdisk:replica:online,GlueSEUniqueID<span style="color:#ce5c00;font-weight:bold">=</span>srm01.ncg.ingrid.pt,Mds-Vo-name<span style="color:#ce5c00;font-weight:bold">=</span>NCG-INGRID-PT,o<span style="color:#ce5c00;font-weight:bold">=</span>grid
+</span></span><span style="display:flex;"><span>GlueChunkKey: <span style="color:#000">GlueSEUniqueID</span><span style="color:#ce5c00;font-weight:bold">=</span>srm01.ncg.ingrid.pt
+</span></span><span style="display:flex;"><span>GlueSAPath: /gstore/t2others/ops
+</span></span></code></pre></div><ul>
+<li>if your SE doesn’t provide <code>GlueSAPath</code> information, use instead the
+<code>GlueVOInfoPath</code> one:</li>
+</ul>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ ldapsearch -x -LLL -H <ldap://ntugrid5.phys.ntu.edu.tw:2170> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -b <span style="color:#4e9a06">"Mds-Vo-name=TW-NTU-HEP,o=grid"</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#ce5c00;font-weight:bold">(</span><span style="color:#000;font-weight:bold">&</span><span style="color:#ce5c00;font-weight:bold">(</span><span style="color:#000">objectClass</span><span style="color:#ce5c00;font-weight:bold">=</span>GlueVOInfo<span style="color:#ce5c00;font-weight:bold">)(</span><span style="color:#000">GlueVOInfoAccessControlBaseRule</span><span style="color:#ce5c00;font-weight:bold">=</span>VO:ops<span style="color:#ce5c00;font-weight:bold">))</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> GlueVOInfoLocalID GlueChunkKey
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>dn: <span style="color:#000">GlueVOInfoLocalID</span><span style="color:#ce5c00;font-weight:bold">=</span>ops:SRR,GlueSALocalID<span style="color:#ce5c00;font-weight:bold">=</span>SRR:SR:replica:*****,GlueSEUniqueID<span style="color:#ce5c00;font-weight:bold">=</span>ntugrid6.phys.ntu.edu.tw,Mds-Vo-name<span style="color:#ce5c00;font-weight:bold">=</span>TW-NTU-HEP,o<span style="color:#ce5c00;font-weight:bold">=</span>grid
+</span></span><span style="display:flex;"><span>GlueVOInfoPath: /dpm/phys.ntu.edu.tw/home/ops
+</span></span><span style="display:flex;"><span>GlueChunkKey: <span style="color:#000">GlueSALocalID</span><span style="color:#ce5c00;font-weight:bold">=</span>SRR:SR:replica:*****
+</span></span><span style="display:flex;"><span>GlueChunkKey: <span style="color:#000">GlueSEUniqueID</span><span style="color:#ce5c00;font-weight:bold">=</span>ntugrid6.phys.ntu.edu.tw
+</span></span><span style="display:flex;"><span>GlueVOInfoLocalID: ops:SRR
+</span></span><span style="display:flex;"><span>
+</span></span><span style="display:flex;"><span>dn: <span style="color:#000">GlueVOInfoLocalID</span><span style="color:#ce5c00;font-weight:bold">=</span>ops:data01,GlueSALocalID<span style="color:#ce5c00;font-weight:bold">=</span>data01:replica:online,GlueSEUniqueID<span style="color:#ce5c00;font-weight:bold">=</span>ntugrid6.phys.ntu.edu.tw,Mds-Vo-name<span style="color:#ce5c00;font-weight:bold">=</span>TW-NTU-HEP,o<span style="color:#ce5c00;font-weight:bold">=</span>grid
+</span></span><span style="display:flex;"><span>GlueVOInfoPath: /dpm/phys.ntu.edu.tw/home/ops
+</span></span><span style="display:flex;"><span>GlueChunkKey: <span style="color:#000">GlueSALocalID</span><span style="color:#ce5c00;font-weight:bold">=</span>data01:replica:online
+</span></span><span style="display:flex;"><span>GlueChunkKey: <span style="color:#000">GlueSEUniqueID</span><span style="color:#ce5c00;font-weight:bold">=</span>ntugrid6.phys.ntu.edu.tw
+</span></span><span style="display:flex;"><span>GlueVOInfoLocalID: ops:data01
+</span></span></code></pre></div><ul>
+<li>Pay attention to use the storage path for the ops VO</li>
+<li>On GOCDB, in the “<a href="../extension-properties">Extension Properties</a>” section of
+the SRM service endpoint page, fill in the following fields:
+<ul>
+<li>Name: SURL</li>
+<li>Value: the actual SURL value, for example:
+<code>srm://srm01.ncg.ingrid.pt:8444/srm/managerv2?SFN=/gstore/t2others/ops</code></li>
+</ul>
+</li>
+</ul>Internal: Downtimes/internal/configuration-database/downtimes/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/downtimes/
+<h2 id="definition">Definition</h2>
+<p>A downtime is a period of time for which a service is declared to be inoperable.
+Downtimes may be scheduled (e.g. for software/hardware upgrades), or unscheduled
+(e.g. power outages). The Configuration Database stores the following
+information about downtimes (non exhaustive list):</p>
+<ul>
+<li>The downtime classification (Scheduled or unscheduled)</li>
+<li>The severity of the downtime</li>
+<li>The date at which the downtime was added</li>
+<li>The start and end of the downtime period</li>
+<li>A description of the downtime</li>
+<li>The entities affected by the downtime</li>
+</ul>
+<h2 id="manipulating-downtimes">Manipulating downtimes</h2>
+<h3 id="viewing-downtimes">Viewing downtimes</h3>
+<p>There are different pages in the Configuration Database where downtimes are
+listed:</p>
+<ul>
+<li><strong>Active & Imminent</strong>, linked from the main menu, that allows users to see
+currently active downtimes and downtimes planned in the coming weeks.</li>
+<li><strong>Downtime Calendar</strong>, linked from the main menu, that allows users to view
+and filter all downtimes.</li>
+<li><strong>Site details</strong>, where all the downtimes associated to the site are listed</li>
+<li><strong>Service endpoint details</strong>, where all the downtimes associated to the
+service endpoint are listed.</li>
+<li><strong>Service group details</strong>, where all the downtimes associated to the service
+group are listed.</li>
+</ul>
+<p>Each downtime has its own page providing details, accessible by clicking on the
+<code>Downtime Id</code> link or similar in downtime listing pages.</p>
+<h3 id="subscribing-to-downtimes">Subscribing to downtimes</h3>
+<p>The <a href="https://operations-portal.egi.eu/">EGI Operations Portal</a> provides a
+publicly-accessible page allowing to view and filter downtimes:
+<a href="https://operations-portal.egi.eu/downtimes/a/timeline">Operations Portal</a>.</p>
+<p>Authenticated users can
+<a href="https://operations-portal.egi.eu/downtimes/subscription">subscribe to downtimes</a>
+affecting sites selected using a filter. The downtimes notifications can be sent
+by email, RSS and iCal, allowing to easily integrate with your calendar.</p>
+<h3 id="adding-downtimes">Adding downtimes</h3>
+<p>Provided you have proper permissions (check the
+<a href="../users-roles/managing-roles/#permissions-associated-to-roles">permissions matrix</a>
+section), you can add a downtime by clicking on the <code>Add Downtime</code> link in the
+sidebar.</p>
+<p>This is done in 2 steps:</p>
+<ol>
+<li>Enter downtime information</li>
+<li>Specify the full list of impacted services in case there is more than one or
+select an site to select all the sites associated services.</li>
+</ol>
+<h4 id="please-note">Please note</h4>
+<ul>
+<li>All dates have to be entered in UTC or using the Site Timezone.</li>
+<li>A downtime can be retrospectively added if its <em>start date</em> is less than 48h
+in the past (giving a 2 day window to add).</li>
+<li>downtime classification (scheduled/unscheduled) is determined automatically
+(see <a href="#scheduled-or-unscheduled">Scheduled or unscheduled</a> section)</li>
+</ul>
+<h3 id="editing-downtime-information">Editing downtime information</h3>
+<ul>
+<li>To edit a downtime, simply click the <code>edit</code> link on top of the downtime’s
+details page.</li>
+<li>A downtime can be retrospectively updated if its <em>start date</em> is less than 48h
+in the past (giving a 2 day window to modify).</li>
+<li>Note there are limitations to downtime editing, especially if it has already
+started, or is due to start in the next 24hrs or is finished. See
+<a href="#downtime-shortening-and-extension">downtime shortening and extension</a>
+section for more details.</li>
+</ul>
+<h3 id="removing-downtimes">Removing downtimes</h3>
+<p>To delete a downtime, simply click the <code>delete</code> link on top of the downtime’s
+details page. For integrity reasons, it is only possible to remove downtimes
+that have not started.</p>
+<h2 id="good-practices-and-further-understanding">Good practices and further understanding</h2>
+<h3 id="scheduled-or-unscheduled">Scheduled or unscheduled</h3>
+<p>Depending on the planning of the intervention, downtimes can be:</p>
+<ul>
+<li><code>Scheduled</code>: planned and agreed in advance</li>
+<li><code>Unscheduled</code>: planned or unplanned, usually triggered by an unexpected
+failure or at a short term notice</li>
+</ul>
+<p>EGI defines precise rules about what should be declared as scheduled or
+unscheduled, based on <em>how long in advance</em> the downtime is declared. These
+rules are described in
+<a href="../../../providers/operations-manuals/man02_service_intervention_management">MAN02 Service intervention management</a>
+and are enforced as follows:</p>
+<ul>
+<li>All downtimes declared less than 24h in advance will be automatically
+classified as <code>UNSCHEDULED</code></li>
+<li>All other downtimes will be classified as <code>SCHEDULED</code></li>
+</ul>
+<h4 id="notes">Notes</h4>
+<ul>
+<li>A downtime can be retrospectively declared and/or updated if its <em>start date</em>
+is less than 48h in the past (giving a 2 day window to add/modify).</li>
+<li>Although 24h in advance is enough for the downtime to be classified as
+<code>SCHEDULED</code>, it is good practice to declare it at least 5 working days before
+it starts.</li>
+</ul>
+<h3 id="warning-or-outage">WARNING or OUTAGE?</h3>
+<p>When declaring a downtime, you will be presented the choice of a “severity”,
+which can be either <code>WARNING</code> or <code>OUTAGE</code>. Please consider the following
+definitions:</p>
+<ul>
+<li>
+<p><code>WARNING</code> means the resource is considered available, but the quality of
+service might be degraded. Such downtimes generate notifications, but are not
+taken into account by monitoring and availability calculation tools. In case
+of a service failure during the <code>WARNING</code> period an <code>OUTAGE</code> downtime has to
+be declared, cancelling the rest of the <code>WARNING</code> downtime.</p>
+</li>
+<li>
+<p><code>OUTAGE</code> means the resource is considered as unavailable. Such downtimes will
+be considered as <code>in maintenance</code> by monitoring and availability calculation
+tools.</p>
+</li>
+</ul>
+<h3 id="downtime-shortening-and-extension">Downtime shortening and extension</h3>
+<p>Limitation rules to downtime extensions are enforced as follows:</p>
+<ul>
+<li>Scheduled downtimes due to start in 24 hours cannot be edited in any way, nor
+deleted.</li>
+<li>Other downtimes that have not yet started can be edit and deleted.
+<ul>
+<li>They can be shortened or moved, i.e. They can be edited such that:
+<ul>
+<li>Both start and end time are still in the future</li>
+<li>The duration remains the same or is decreased</li>
+</ul>
+</li>
+</ul>
+</li>
+<li>Ongoing downtimes can not be deleted.</li>
+<li>A downtime cannot be edited once it has finished, nor can a new downtime be
+added more than 48 hours into the past.</li>
+</ul>
+<p>If for any reason a downtime already declared needs to be extended, the
+procedure is to add another adjacent downtime, before or after.</p>Internal: Extension Properties/internal/configuration-database/extension-properties/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/extension-properties/
+<h2 id="introduction">Introduction</h2>
+<ul>
+<li>Sites, Services, service endpoints, and Service Groups can be extended by
+adding custom key-value pairs (this follows the GLUE2 extensibility
+mechanism).</li>
+<li>Extension properties address a number of use cases, such as filtering Sites
+and/or Services that define particular properties.</li>
+<li>Selected methods in the Configuration Database API support the ’extensions'
+URL parameter. This parameter is used to filter resources according to the
+extensions they define (described below).</li>
+<li>Properties are rendered in the XML results of the Site/Service/ServiceGroup
+using the “EXTENSIONS” XML element, for an example see a
+<a href="https://wiki.egi.eu/wiki/GOCDB/PI/get_service_endpoint_method">sample output from get_service_endpoint</a>(link
+to old EGI Wiki)</li>
+<li>Note, anyone with permissions over the target entity can add extension
+properties to that object.</li>
+<li>This allows ‘Folksonomy’ building: ‘a user-generated system of classifying and
+organizing content into different categories by the use of metadata such as
+electronic tags’</li>
+<li>A number of use cases can be addressed; e.g. filtering Sites that support a
+specific property, e.g. ‘P4U_Pilot_Cloud_Wall’</li>
+<li>Key-value pairs prevent certain characters from being used in their values.
+This includes the equals and opening/closing parenthesis chars ‘=()’. This is
+to simplify lexical parsing of the query. In addition, to guard against
+cross-site scripting attacks, the quote, double quote, semi-colon and back
+tick chars are also not allowed.</li>
+<li>Keys must be unique for a given site, service, or service endpoint, or service
+group.</li>
+</ul>
+<h3 id="extension-properties-in-the-pi">Extension Properties in the PI</h3>
+<ul>
+<li>Selected PI methods allow results to be filtered by extension properties via
+the ’extensions’ PI parameter.</li>
+<li>Supported methods include: get_site, get_site_list, get_service_endpoints and
+get_service_group, get_downtime, get_downtime_nested, get_site_list.</li>
+<li>For individual method support please refer to the PI documentation:
+<a href="https://wiki.egi.eu/wiki/GOCDB/PI/Technical_Documentation">GOCDB/PI/Technical Documentation</a>
+(link to old EGI Wiki)</li>
+<li>The format of the ’extensions’ PI parameter is one or more (key=value) pairs
+enclosed in brackets.
+<ul>
+<li>The value part of a (k=v) pair can be omitted if filtering by value is not
+required (i.e. ‘(somekey=)’ means select all resources that define the
+‘somekey’ property with any value.</li>
+<li>(k=v) pairs can be optionally prefixed with one of following operators: AND,
+OR, NOT.</li>
+<li>If no operator is specified before the FIRST (k=v) pair, then AND is
+assumed.</li>
+<li>A single operator applies to ALL the (k=v) pairs to the right of the
+operator until another operator is encountered.</li>
+<li>An AND forms a logical conjunction with any previously specified conditions.</li>
+<li>An OR forms a logical disjunction with any previously specified conditions.</li>
+<li>A NOT forms a logical conjunction with any previously specified conditions
+(it can be read as ‘AND NOT’)</li>
+<li>Because an OR always forms a logical disjunction with any previously
+specified conditions, you can’t OR against a group occurring to the right
+that contains multiple k=v pairs e.g. the following is not supported (if
+there is sufficient demand, it could be considered for a future
+enhancement): - ((k=v1)AND(k=v2)) OR ((k=v3)AND(k=v4))</li>
+</ul>
+</li>
+</ul>
+<p>Examples:</p>
+<ul>
+<li>Eg (note no leading AND):
+<ul>
+<li>(key1=val)(key2=va2)OR(key3=val3)(key4=val4)NOT(key5=val5)(key6=val6) is
+expanded to:</li>
+<li>AND(key1=val)AND(key2=va2)OR(key3=val3)OR(key4=val4)NOT(key5=val5)NOT(key6=val6)
+which is interpreted as:</li>
+<li>(((key1=val)AND(key2=va2))OR(key3=val3)) OR(key4=val4) NOT(key5=val5)
+NOT(key6=val6)</li>
+</ul>
+</li>
+<li>Eg:
+<ul>
+<li>(VObing=true)AND(VObaz=true)AND(VObar=true)OR(s1p1=v1) is equal to:</li>
+<li>((VObing=true)AND(VObaz=true)AND(VObar=true))OR(s1p1=v1)</li>
+</ul>
+</li>
+<li>Eg:
+<ul>
+<li>(VO=food)OR(VO2=bar)AND(s4p1=v1) is equal to:</li>
+<li>((VO=food)OR(VO2=bar))AND(s4p1=v1)</li>
+</ul>
+</li>
+<li>Eg:
+<ul>
+<li>(VO=food)(s4p1=v1)OR(VObar=true)(VObaz=true) is equal to:</li>
+<li>((VO=food)AND(s4p1=v1))OR(VObar=true)OR(VObaz=true)</li>
+</ul>
+</li>
+<li>Eg:
+<ul>
+<li>(VO=food)(s4p1=v1)OR(VObaz=true)AND(VObling=true) is equal to:</li>
+<li>(((VO=food)AND(s4p1=v1))OR(VObaz=true))AND(VObling=true)</li>
+</ul>
+</li>
+</ul>
+<p>To return all sites that define VO with a value of Alice:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_site<span style="color:#a40000">&</span>extensions=(VO=Alice)
+</span></span></code></pre></div><p>Use no value to define a wildcard search, i.e. all sites that define the VO
+property regardless of value:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_site<span style="color:#a40000">&</span>extensions=(VO=)
+</span></span></code></pre></div><p>NOTE: From version 5.7 (Autumn/Winter 2016) keys must be unique for a given
+site, service, or service endpoint, or service group. The following section of
+documentation has not yet been changed to reflect this.</p>
+<p>Extensions also supports OR/AND/NOT operators. This can be used to search
+against multiple key values eg:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_site<span style="color:#a40000">&</span>extensions=AND(VO=Alice)(VO=Atlas)(VO=LHCB)
+</span></span></code></pre></div><p>These can be used together:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_site<span style="color:#a40000">&</span>extensions=AND(VO=Alice)(VO=Atlas)NOT(VO=LHCB)
+</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method= get_service_endpoint<span style="color:#a40000">&</span>extensions=(CPU_HS01_HOUR=1)OR(CPU_HS02_HOUR=2)
+</span></span></code></pre></div><p>When no operator is specified the default is AND, therefore the following:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method= get_service_endpoint<span style="color:#a40000">&</span>extensions=(CPU_HS01_HOUR=1)(CPU_HS02_HOUR=2)
+</span></span></code></pre></div><p>Is the same as:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method= get_service_endpoint<span style="color:#a40000">&</span>extensions=AND(CPU_HS01_HOUR=1)(CPU_HS02_HOUR=2)
+</span></span></code></pre></div><p>The extensions parameter can also be used in conjunction with the existing
+parameters previously supported:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_site<span style="color:#a40000">&</span>extensions=(VO=Alice)NOT(VO=LHCB)<span style="color:#a40000">&</span>scope=EGI<span style="color:#a40000">&</span>roc=NGI_UK
+</span></span></code></pre></div><p>The <em>site_extensions</em> and <em>service_extensions</em> can also be used on the
+<em>get_downtime</em> and <em>get_downtime_nested_services</em> methods using same logic
+described above. Note, the <em>EXTENSIONS</em> element is not rendered in the XML
+output for these queries.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_downtime_nested_services<span style="color:#a40000">&</span>site_extensions=(eg.2=val.2)<span style="color:#a40000">&</span>service_extensions=(eg.2=)
+</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>?method=get_downtime<span style="color:#a40000">&</span>site_extensions=(eg.2=val.2)<span style="color:#a40000">&</span>service_extensions=(eg.2=)
+</span></span></code></pre></div><h3 id="standard-extension-properties">Standard Extension Properties</h3>
+<h4 id="hostdn">HostDN</h4>
+<p>For EGI Services, the Standard Extension property “HostDN” has been defined to
+allow the fetching the DNs of multiple hosts behind a load balanced service from
+the endpoint properties of a single GOCDB Service, rather than creating multiple
+GOCDB Services with different host DNs.</p>
+<h4 id="recommended-use">Recommended Use</h4>
+<p>To supply multiple or alternate DN(s) for a service, for example of the multiple
+hosts supporting a single service entry, the Service Extension Property
+(hereafter Ext) “HostDN” SHOULD be used. If Ext “HostDN” is present it MUST
+contain one or more x.509 DN values. Multiple values MUST be delimited by
+enclosing each within “<>” characters. If Ext “HostDN” is present, the Service
+“Host DN” SHOULD contain the x.509 SubjectAltName used in the X509
+certificate(s) presented by the hosts identified by the Ext “HostDN” values.</p>Internal: Managing NGIs entities/internal/configuration-database/ngis/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/ngis/
+<h2 id="introduction">Introduction</h2>
+<p>An NGI forms a grouping of Sites in EGI Configuration Database. The
+Configuration Database stores the following information about these groups. The
+main page listing groups actually shows NGIs/ROCs, and is available from <strong>“List
+of NGIs/ROCs and associated contacts”</strong>, linked from the main menu.</p>
+<p>Each NGI has its own listing page, accessible by clicking on the “view” link in
+group listing pages. A group details page shows users with a role on that group,
+as well as member sites and associated contacts and roles.</p>
+<h2 id="adding-ngis">Adding NGIs</h2>
+<p>Adding groups is not possible through the Input System web interface. If you
+want to start the registration process of a new NGI, please follow the procedure
+described on:</p>
+<blockquote>
+<p><a href="https://go.egi.eu/proc02">PROC02: Operations Centre creation</a></p>
+</blockquote>
+<p>Integration of the new group in the EGI Configuration Database is part of the
+procedure but has to be done by the Configuration Database admins.</p>
+<h2 id="editing-groups">Editing Groups</h2>
+<p>To edit a group, simply click on the “edit” link at the top of the group’s
+details page.</p>
+<h2 id="deleting-groups">Deleting Groups</h2>
+<p>This operation is not allowed.</p>Internal: NGI Core Services/internal/configuration-database/ngi-core-services/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/ngi-core-services/
+<h2 id="ngi-core-services">NGI Core Services</h2>
+<p>NGIs can register a number of ‘NGI-Core’ services in the Configuration Database.
+A core NGI service is one that is used to calculate the availability and
+reliability of the NGI. These services fall under the responsibility of the NGI
+and provide production quality (no testing instances). NGIs can distinguish/flag
+their core services from their other (non-core) services using one of two ways
+(see A and B below).</p>
+<h3 id="core-service-requirements">Core Service Requirements</h3>
+<p>The service instance MUST:</p>
+<ul>
+<li>Be flagged as ‘Production’ (see
+<a href="../service-entities/#production-flag-tf">Production Flag</a>)</li>
+<li>Not be flagged as ‘Beta’ (see <a href="../service-entities/#beta-flag-tf">Beta Flag</a>)</li>
+<li>Monitored flag set to true (see
+<a href="../service-entities/#monitoring-flag-tf">Monitored Flag</a>)</li>
+<li>Be hosted under a ‘NGI’ scoped Site that has a certification status of
+‘Certified’</li>
+</ul>
+<h3 id="required-service-types">Required Service Types</h3>
+<p>The following service types are mandatory to support the central operations and
+all NGIs in the EGI scope should define instances of these services:</p>
+<ul>
+<li>emi.ARGUS (Mandatory) (NGI ARGUS)</li>
+<li>Top-BDII (Mandatory)</li>
+</ul>
+<p>Other Mandatory services, depending on middleware deployed by sites under NGI
+responsibility, are the following:</p>
+<ul>
+<li>MyProxy</li>
+<li>VOMS</li>
+</ul>
+<p>NGIs should also register their custom core services like accounting, helpdesk
+if provided.</p>
+<h3 id="registering-ngi-core-services">Registering NGI Core Services</h3>
+<p>NGI core services can be grouped/flagged in one of two ways:</p>
+<ul>
+<li>A) By creating a ‘<strong>NGI_XX_SERVICES’ Site</strong> and adding their core services
+under this site. This site must be scoped as ‘NGI’ and define a certification
+status of ‘Certified’.</li>
+<li>B) By creating a ‘<strong>NGI_XX_SERVICES’ ServiceGroup</strong> and adding their core
+services to this ServiceGroup.</li>
+</ul>
+<p>It is important that these core service Sites/ServiceGroups adhere to the
+‘NGI_XX_SERVICES’ naming scheme. The list of existing Service Groups is
+available on
+<a href="https://goc.egi.eu/portal/index.php?Page_Type=Service_Groups">GOCDB</a>.</p>Internal: Scoping/internal/configuration-database/scopes/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/scopes/
+<h2 id="introduction">Introduction</h2>
+<ul>
+<li>Scope tags are used to group entities such as <code>Sites</code>, <code>Services</code> and
+<code>ServiceGroups</code> into flexible categories. A single entity can define multiple
+scope tags, allowing the resource to be associated with different categories
+without duplication of information. This is essential to maintain the
+integrity of topology information across different infrastructures and
+projects.</li>
+<li>The Configuration Database admins control which scope tags are made available
+to avoid proliferation of tags (user defined tags are reserved for the
+extensibility mechanism).</li>
+<li>As an example, a site’s scope list could aggregate all of the scopes defined
+by its child services. In doing this, the site scope list becomes a union of
+its service scopes plus any other site specific tags defined by the site.</li>
+<li>By defining scope tags, resources can be ‘filtered-by-scope-tag’ when querying
+for data in the PI using the ‘scope’ and ‘scope_match’ parameters, see
+<a href="https://wiki.egi.eu/wiki/GOCDB/PI/Technical_Documentation">GOCDB Programmatic Interface (GOCDB-PI)</a>(link
+to old EGI Wiki) for details.</li>
+</ul>
+<h2 id="clear-separation-of-concerns">Clear Separation of Concerns</h2>
+<p>It is important to understand that scopes and Projects are distinct:</p>
+<ul>
+<li>Projects are used to cascade roles and permissions over child objects</li>
+<li>Scope tags are used to filter resources into flexible categories/groupings</li>
+<li>Scope tags can be created to mirror the projects. For example, assuming two
+projects (e.g. EGI.eu and EUDAT), two corresponding tags may be defined.</li>
+<li>In addition, it is also possible define additional scopes for finer grained
+resource filtering e.g. ‘SubGroupX’ and ‘EGI_TEST’.</li>
+<li>The key benefit: A clear separation of concerns between cascading permissions
+and resource filtering.</li>
+</ul>
+<h2 id="egi-scopes">EGI Scopes</h2>
+<ul>
+<li>To make a <code>Site</code>, <code>Service</code> or <code>ServiceGroup</code> visible to EGI, the resource’s
+‘EGI’ scope tag checkbox must be ticked. EGI scoped resources are exposed to
+the central operational tools for monitoring and will appear in the central
+operations portal.</li>
+<li><strong>Un-ticking the EGI checkbox</strong> and selecting the ‘Local’ scope makes the
+selected object invisible to EGI; it will be hidden from the central operation
+tools (it will not show in the central dashboard and it will not be monitored
+centrally). This can be useful if you wish to hide certain parts of your
+infrastructure from EGI but still have the information stored and accessed
+from the same Configuration Database instance.</li>
+<li>A use-case for non-EGI sites/services is to hide those entities from central
+EGI tools, but to include those sites/services for use by regional versions of
+the operational tools (such as regional monitoring).</li>
+<li>Note that exposing a site / service endpoint as EGI does not override the
+production status or certification status fields. For example if a site isn’t
+marked as production it won’t be monitored centrally even if it’s marked as
+visible to EGI.</li>
+<li>You can submit your request for new scope tags via
+<a href="../../helpdesk">EGI Helpdesk</a> to the “Configuration and Topology Database
+(GOCDB)” support unit.</li>
+</ul>
+<h2 id="reserved-scope-tags">Reserved Scope Tags</h2>
+<ul>
+<li>Some tags may be ‘Reserved’ which means they are protected - they are used to
+restrict tag usage and prevent non-authorised sites/services from using tags
+not intended for them.</li>
+<li>Reserved tags are initially assigned to resources by the Configuration
+Database admins, and can then be optionally inherited by child resources (tags
+can be initially assigned to NGIs, Sites, Services and ServiceGroups).</li>
+<li>When creating a new child resource (e.g. a child Site or child Service), the
+scopes that are assigned to the parent are automatically inherited and
+assigned to the child.</li>
+<li>Reserved tags assigned to a resource are optional and can be de-selected if
+required.</li>
+<li>Users can reapply Reserved tags to a resource ONLY if the tag can be inherited
+from the parent Scoped Entity (parents include NGIs/Sites).
+<ul>
+<li>For Sites: If a Reserved tag is removed from a Site, then the same tag is
+also removed from all the child Services - a Service can’t have a reserved
+tag that is not supported by its parent Site.</li>
+<li>For NGIs: If a Reserved tag is removed from an NGI, then the same tag is NOT
+removed from all the child Sites - this is intentionally different from the
+<code>Site</code>-><code>Service</code> relationship.</li>
+</ul>
+</li>
+<li>To request a reserved scope tag, <strong>an approval is required from the operators
+of the relevant resources</strong>. Details on who to contact are listed below. Once
+authorisation is given, please contact the Configuration Database admins with
+details of the approval (e.g. link to an <a href="../../helpdesk">EGI Helpdesk</a> ticket
+that approves the tag assignment).</li>
+</ul>
+<h3 id="fedcloud-reserved-tag">FedCloud Reserved Tag</h3>
+<ul>
+<li>Tag for resources that contribute to the EGI Federated Cloud. To request this
+tag, please contact the FedCloud operators / EGI Operations.</li>
+</ul>
+<h3 id="elixir-reserved-tag">Elixir Reserved Tag</h3>
+<ul>
+<li>Tag for resources that contribute to the EGI Federated Cloud. To request this
+tag, please contact the operators of the ‘ELIXIR’ NGI in the EGI Configuration
+Database.</li>
+</ul>
+<h3 id="wlcg-reserved-tags">WLCG Reserved Tags</h3>
+<ul>
+<li>A number of reserved scope tags have been defined for the WLCG:
+<ul>
+<li>The ‘tierN’ tags should be requested for WLCG sites that are defined in
+REBUS (a management view of the WLCG infrastructure/sites). To request a
+‘tierN’ tag, raise a ticket against the REBUS support unit in GGUS.</li>
+<li>For the experiment VO tags (alice, atlas, cms, lhcb), raise a ticket with
+the relevant VO support unit.</li>
+<li>The wlcg tag is a generic catch-all tag for sites/services with either tierN
+and VO tags and is used to gain an overall view of the WLCG infrastructure.</li>
+</ul>
+</li>
+</ul>
+<h3 id="sla-reserved-tag">SLA Reserved Tag</h3>
+<ul>
+<li>Entities covered by an EGI VO SLA
+<ul>
+<li>This Tag will only be applied at the request of EGI operations</li>
+</ul>
+</li>
+</ul>
+<h3 id="eosccore-tag">EOSCCore Tag</h3>
+<ul>
+<li>Tag for resources that contribute to core services of the EOSC. To request
+this tag, please raise an <a href="../../helpdesk">EGI Helpdesk</a> ticket against the
+Operations SU.</li>
+</ul>
+<h3 id="egicore-tag">EGICore Tag</h3>
+<p>Tag for resources that are part of the EGI Core services. To request this tag,
+please raise an <a href="../../helpdesk">EGI Helpdesk</a> ticket against the Operations SU.</p>Internal: Service Entities/internal/configuration-database/service-entities/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/service-entities/
+<h2 id="definition">Definition</h2>
+<p>A Service entity is formed by a hostname, a hosted service and a URL.</p>
+<p>The EGI Configuration Database stores the following information about Service
+entities (non exhaustive list):</p>
+<ul>
+<li>The fully qualified hostname of the machine</li>
+<li>The hosted service (see <code>ServiceTypes</code> below)</li>
+<li>The URL to reach the entities</li>
+<li>The IP address of the machine</li>
+<li>The machine’s host certificate DN</li>
+<li>A description of the node</li>
+</ul>
+<p>As a machine can host many services, there can be many Service entities per
+machine.</p>
+<h3 id="example">Example</h3>
+<p>The machine <code>myhost.domain.org</code> runs a CE, an UI and a UnicoreX service. This
+will show up in the EGI Configuration Database as 3 Service entities:</p>
+<table>
+<thead>
+<tr>
+<th>fully qualified hostname</th>
+<th>ServiceType</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>myhost.domain.org</td>
+<td>CE</td>
+</tr>
+<tr>
+<td>myhost.domain.org</td>
+<td>UI</td>
+</tr>
+<tr>
+<td>myhost.domain.org</td>
+<td>unicore6.Gateway</td>
+</tr>
+</tbody>
+</table>
+<p>Note that a single host can also specify multiple services of the same
+<code>ServiceType</code>.</p>
+<h2 id="manipulating-service-entities">Manipulating Service entities</h2>
+<h3 id="viewing-service-entities">Viewing Service entities</h3>
+<p>There are different pages in GOCDB where Service entities are listed:</p>
+<ul>
+<li>A full Service entities
+<a href="https://goc.egi.eu/portal/index.php?Page_Type=Services">listing page</a>, that
+shows a listing of all the entities in the database, with controls to page
+through the listing. The table headers can be clicked to set the ordering.</li>
+<li>Site details page, see
+<a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=335">GRIDOPS-GOCDB</a> for
+an example, where all the Service entities belonging to this site are listed</li>
+</ul>
+<p>Each Service entity also has its own listing page. By clicking the link to view
+it, you can see all associated information.</p>
+<h3 id="adding-service-entities">Adding Service entities</h3>
+<p>Provided you have proper permissions (check the permissions matrix in the
+Permissions_associated_to_roles section), you can add a Service entity by:</p>
+<ul>
+<li>clicking on the <strong>Add a New Service</strong> link in the sidebar. Simply select
+parent site, fill the form and validate.</li>
+<li>By clicking on the <strong>Add Service</strong> link from a given site’s details page (the
+link will only appear if you have proper permissions). This will lead you to
+the same form as above.</li>
+</ul>
+<h3 id="editing-service-entities-information">Editing Service entities information</h3>
+<p>The editing process will show you the same form as the adding process. To edit
+Service entities, simply click the “<strong>edit</strong>” link on top of the entities'
+details page.</p>
+<h3 id="removing-a-service-entity-from-a-site">Removing a Service entity from a site</h3>
+<p>To delete a Service entity you have permissions on, simply click on the
+“<strong>delete</strong>” link on top of the entities’ details page. The interface asks for
+confirmation before proceeding.</p>
+<h2 id="service-endpoint-entities">Service Endpoint entities</h2>
+<p>A Service entity may optionally define Service Endpoint entities which model
+network locations for different service functionalities that can’t be described
+by the main <code>ServiceType</code> and <code>URL</code> alone.</p>
+<p>For example: The Service entity
+<a href="https://goc.egi.eu/portal/index.php?Page_Type=Service&id=4180">goc.egi.eu</a> (of
+ServiceType egi.GOCDB) defines the following Service Endpoint entities:</p>
+<!-- markdownlint-disable no-bare-urls -->
+<table>
+<thead>
+<tr>
+<th>Name</th>
+<th>URL</th>
+<th>Interface Name</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=View_Service_Endpoint&id=6313">ProductionPortalInstance</a></td>
+<td><a href="https://goc.egi.eu/portal">https://goc.egi.eu/portal</a></td>
+<td>egi.GOCDB.Portal</td>
+</tr>
+<tr>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=View_Service_Endpoint&id=6314">Production PI base URL</a></td>
+<td><a href="https://goc.egi.eu/gocdbpi">https://goc.egi.eu/gocdbpi</a></td>
+<td>egi.GOCDB.PI</td>
+</tr>
+</tbody>
+</table>
+<!-- markdownlint-enable no-bare-urls -->
+<h2 id="specific-service-entities-fields-and-their-impact">Specific Service entities fields and their impact</h2>
+<h3 id="beta-flag-tf">“beta” flag (t/f)</h3>
+<p>This indicates whether the Service entity is a beta service or not (part of the
+staged rollout process).</p>
+<h3 id="host-dn">Host DN</h3>
+<p>This is the DN of the host certificate for the service. The format of the DN
+follows that defined by the
+<a href="https://www.ogf.org/documents/GFD.225.pdf">OGF Interoperable Certificate Profile</a>
+which restricts allowed chars to a <code>PrintableString</code> that does NOT contain
+characters that cannot be expressed in printable 7-bit ASCII. For a list of
+allowed chars.</p>
+<p>To supply multiple or alternate DN(s) for a service, for example of the multiple
+hosts supporting a single Service entity, see
+<a href="../extension-properties/#standard-extension-properties">standard extension properties</a>.</p>
+<h3 id="production-flag-tf">“production” flag (t/f)</h3>
+<p>The Service entities’ Production flag indicates if this service delivers a
+production quality service to the infrastructure it belongs to (EGI).</p>
+<ul>
+<li>Non-production Service entities can be either Monitored or Not Monitored,
+depending on the Administrator’s choice.</li>
+<li>Even if this flag is false, the service is still considered part of the EGI
+and so shows up in the ROD dashboard.</li>
+<li>If true, then the Monitored flag must also be true: <strong>All production resources
+MUST be monitored</strong> (except if the <code>ServiceType</code> is a <code>VOMS</code> or <code>emi.ARGUS</code>)</li>
+<li>This flag is not to be confused with <strong>PRODUCTION_STATUS</strong>, which is a Site
+level flag that shows if the site delivers to the production or Test
+infrastructure.</li>
+</ul>
+<h3 id="monitoring-flag-tf">“monitoring” flag (t/f)</h3>
+<p>This flag is taken into account by monitoring tools.</p>
+<ul>
+<li>Can only be set to “N” (false) if Production flag is also false.</li>
+<li>If set to “N” the entities won’t be tested.</li>
+</ul>
+<h3 id="usage-of-production-and-monitored-flags-for-egi-service-entities">Usage of PRODUCTION and MONITORED flags for EGI Service entities</h3>
+<p>All production Service entities MUST be monitored (except for <code>emi.ARGUS</code> and
+<code>VOMS</code> ServiceTypes).</p>
+<h4 id="production-and-monitored">Production and Monitored</h4>
+<ul>
+<li>Operations Dashboard: A failing test of production Service entities generates
+an alarm in the ROD Operations Dashboard.</li>
+<li>Availability calculation: The Service entities test results are considered for
+Availability computation (if and only if the <code>ServiceType</code> associated to the
+entities is one of those included in Availability computation)</li>
+</ul>
+<h4 id="non-production-and-monitored-yesno">Non-Production and Monitored: YES/NO</h4>
+<ul>
+<li>Availability calculation: If Monitored is set to <code>YES</code>, the
+<a href="../../monitoring">Monitoring Service</a> will test the Service entity, but the
+test results are ignored by the Availability Computation Engine (ACE).</li>
+<li>Availability calculation: Non-production Service entities are not considered
+for site availability calculations.</li>
+<li>Operations Dashboard: If Monitored is set <code>NO</code>, the Service entities is
+ignored by the <a href="../../monitoring">Monitoring Service</a>, and no alarms are
+raised in the Operations Dashboard in case of <code>CRITICAL</code> failure.</li>
+<li>Monitoring tests for non-production Service entities generate alarms into the
+ROD Operations Dashboard in case of <code>CRITICAL</code> failure of the test. These
+alarms are visible in the Operations Dashboard and are tagged as “non
+production”.</li>
+</ul>Internal: Service groups/internal/configuration-database/service-groups/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/service-groups/
+<h2 id="service-groups">Service Groups</h2>
+<p>A service group is an arbitrary grouping of existing service endpoints that can
+be distributed across different physical sites and users that belong to the SG
+(SGs were previously known as ‘Virtual Sites’):</p>
+<ul>
+<li>Each service that appears in a group <strong>must already exist and be hosted by a
+physical site</strong>.</li>
+<li>A service group role does <strong>not extend any permissions</strong> over its child
+services. This means that you cannot declare a downtime on the services that
+you group together or modify the service attributes.</li>
+<li>Any GOCDB user can create their own service group and as the ‘Service Group
+Administrator’ you can control subsequent user membership requests to the SG
+(everything is logged, including who created the service group).</li>
+<li>GOCDB users can request to join an existing service group by finding the
+target SG and requesting a role on that SG.</li>
+<li>Service groups are typically used for monitoring a particular collection of
+services and/or users using the GOCDB ‘get_service_group’ and
+‘get_service_group_role’ PI methods.</li>
+<li>SG members can be listed using the get_service_group_role PI method.</li>
+<li>PI doc:
+<ul>
+<li><a href="https://wiki.egi.eu/wiki/GOCDB/PI/get_service_group">get_service_group</a>(link
+to old EGI Wiki)</li>
+<li><a href="https://wiki.egi.eu/wiki/GOCDB/PI/get_service_group_role">get_service_group_role</a>(link
+to old EGI Wiki)</li>
+</ul>
+</li>
+<li>If you have any further use-cases or suggestions, please submit a GGUS ticket.</li>
+</ul>Internal: Service Types/internal/configuration-database/service-types/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/service-types/
+<h2 id="introduction">Introduction</h2>
+<p>In the EGI Configuration Database, a service type is a technology used to
+provide a service. Each service endpoint is associated with a service type.
+Service types are pieces of software while service endpoints are a particular
+instance of that software running in a certain context.</p>
+<h2 id="service-type-naming-scheme">Service Type Naming Scheme</h2>
+<ul>
+<li>Service types include grid and cloud middleware, and operational services.</li>
+<li>This attribute corresponds to the Glue2 <code>Service.Type</code> attribute and is
+defined as the “Type of service according to a namespace based classification
+(the namespace MAY be related to a middleware name, an organisation or other
+concepts)”.</li>
+<li>The naming scheme for new service types therefore follow a reverse DNS style
+syntax, usually naming the technology provider/project followed by technology
+type in lowercase, i.e. ‘provider.type’ (e.g. <code>org.openstack.swift</code>).</li>
+<li>Please note, this syntax does not necessarily indicate ownership, the main
+objective is to avoid name clashes between services. For example, different
+projects may have similar services but these may be modified/customised just
+enough to merit a different prefix or service type name.</li>
+<li>Glue2 defines a service type list at:
+<ul>
+<li><a href="https://github.com/OGF-GLUE/Enumerations">Glue2 Enums</a></li>
+<li><a href="https://github.com/OGF-GLUE/Enumerations/blob/master/ServiceType_t.csv">Glue2 service types</a>.</li>
+</ul>
+</li>
+<li>The Glue2 and GOCDB recommendation is to use lowercase (legacy enum values do
+exist that use camelCase).</li>
+</ul>
+<p>These service types are used at some grid sites within EGI but aren’t EGI
+operational tools or a part of the core middleware distributions.</p>
+<h2 id="service-type-list">Service Type List</h2>
+<p>To request a new service type, please submit a request for a new service type
+(see the section “Adding a new service type”).</p>
+<p>In the following section there is the list of “middleware agnostic” service
+types. You can obtain the whole list of service types by browsing
+<a href="https://poem.egi.eu/ui/public_servicetypes">Poem</a>, or by launching the
+following query to the GOCDBPI interface:</p>
+<ul>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_types">get_service_type</a></li>
+</ul>
+<h2 id="operational-components-middleware-agnostic">Operational Components (middleware agnostic)</h2>
+<ul>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=Site-BDII">Site-BDII</a>:
+(Site service) This service collects and publishes site’s data for the
+Information System. All grid sites MUST install one Site-BDII. For cloud sites
+eu.egi.cloud.information.bdii MUST be installed.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=Top-BDII">Top-BDII</a>:
+(Central service) The “top-level BDII”. These collect and publish the data
+from site-BDIIs. Only a few instances per region are required.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=MyProxy">MyProxy</a>:
+[Central service] MyProxy is part of the authentication and authorization
+system. Often installed by sites installing the WMS service.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.APELRepository">egi.APELRepository</a>:
+(Central service) The central APEL repository</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.AccountingPortal">egi.AccountingPortal</a>:
+(Central service) The central accounting portal</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.GGUS">egi.GGUS</a>:
+(Central service) The central GGUS</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.GOCDB">egi.GOCDB</a>:
+(Central service) The central GOCDB</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.MSGBroker">egi.MSGBroker</a>:
+(Central service) The central message broker</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.Portal">egi.Portal</a>:
+(Central Service) for monitoring generic web portals who dont have a specific
+service type</li>
+<li>(deprecated) MSG-Broker: (Central service) A broker for the backbone messaging
+system.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.MetricsPortal">egi.MetricsPortal</a>:
+(Central service) The central metrics portal</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.OpsPortal">egi.OpsPortal</a>:
+(Central service) The central operations portal</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.GRIDVIEW">egi.GRIDVIEW</a>:
+(Central service) The central gridview portal</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.GSTAT">egi.GSTAT</a>:
+(Central service) The central GStat portal</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.SAM">egi.SAM</a>:
+(Central service) The central SAM monitoring</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=ngi.SAM">ngi.SAM</a>:
+(Regional Service) NGI-level SAM monitoring box</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=vo.SAM">vo.SAM</a>:
+(Regional Service) VO-level SAM monitoring box</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=site.SAM">site.SAM</a>:
+(Regional Service) Site-level SAM monitoring box</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=ngi.OpsPortal">ngi.OpsPortal</a>:
+(Regional service) NGI-level regional operations portal instance</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=argo.poem">argo.poem</a>:
+POEM is system for managing profiles of probes and metrics in ARGO system.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=argo.mon">argo.mon</a>:
+ARGO Monitoring Engine gathers monitoring metrics and publishes to messaging
+service.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=argo.consumer">argo.consumer</a>:
+ARGO Consumer collects monitoring metrics from monitoring engines.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=argo.computeengine">argo.computeengine</a>:
+ARGO Compute Engine computes availability and reliability of services.
+<!-- textlint-disable terminology -->
+</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=argo.api">argo.api</a>:
+ARGO API service for retrieving status and A/R results.
+<!-- textlint-enable terminology -->
+</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=argo.webui">argo.webui</a>:
+ARGO web user interface for metric A/R visualization and recalculation
+management.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.aai.saml">egi.aai.saml</a>:
+EGI Check-in SAML interface. Enables federated access to EGI services and
+resources using Security Assertion Markup Language (SAML). Provided by GRNET.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.aai.oidc">egi.aai.oidc</a>:
+EGI Check-in OpenID Connect interface. Enables federated access to EGI
+services and resources using OpenID Connect (OIDC). Provided by GRNET.</li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&service_type=egi.aai.tts">egi.aai.tts</a>:
+EGI Check-in token translation service. Enables the translation between
+different authentication and authorisation protocols. Provided by GRNET.</li>
+</ul>
+<h2 id="adding-new-services-types">Adding new services types</h2>
+<p>Please feel free to make a request for a new service type. All new service type
+requests need to be assessed by EGI via lightweight review process (by
+<a href="https://go.egi.eu/omb">EGI OMB</a> and EGI Operations) so that only suitable types
+are added, and to prevent duplication.</p>
+<p>You can submit your request via <a href="../../helpdesk">EGI Helpdesk</a> to the
+“Configuration and Topology Database (GOCDB)” support unit.</p>
+<p>Please specify the following information as part of your request:</p>
+<ul>
+<li>name of service type (lowercase):</li>
+<li>high-level description of the service functionality (255 characters max):</li>
+<li>project/community/organization maintaining the software:</li>
+<li>scale of deployment (number of instances and by which organizations):</li>
+<li>contact point (name/email address):</li>
+</ul>
+<p>Note: please provide a suggested service type name following the naming scheme
+described above (technology provider’s reversed domain . software name) and a
+brief sentence to describe the service type.</p>Internal: Sites/internal/configuration-database/sites/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/sites/
+<h2 id="definition">Definition</h2>
+<p>A site (also known as a <a href="https://confluence.egi.eu/x/Z4IkBQ">Resource Centre</a>)
+is a grouping of grid resources collating multiple Service Endpoints (SEs).
+Downtimes are recorded on selected SEs of a site. GOCDB stores the following
+information about sites (non exhaustive list). Note, when editing values in the
+portal, mandatory fields are marked with ‘*’:</p>
+<ul>
+<li>A unique (short) name - case sensitive (GOCDB and GoCDB are considered
+different)</li>
+<li>An official (long) name</li>
+<li>A domain name for the Site/Resource Centre</li>
+<li>The home web URL of the Site/Resource Centre</li>
+<li>A contact email address and telephone number
+<ul>
+<li>Emergency email for a fast response time in case of urgent problem</li>
+<li>Alarm email is WLCG Tier1 site specific (used as part of a WLCG workflow for
+dealing with specific monitoring alarms)</li>
+</ul>
+</li>
+<li>A security contact email address and telephone number</li>
+<li>The site timezone</li>
+<li>The site’s GIIS URL (Case Sensitive - Please ensure you enter your Site name
+which is usually encoded in the URL in the correct case!).
+<ul>
+<li>e.g. ldap://bdii-rc.some-site.uk:2170/mds-vo-name=SITE-NAME,o=grid (if your
+GOCDB site name site name is upper case)</li>
+</ul>
+</li>
+<li>A mandatory human readable description of the site</li>
+<li>The site’s latitude, longitude and location</li>
+<li>Production Infrastructure: The site’s intended target infrastructure. This
+specifies the infrastructure that the site’s services deliver to. This has one
+of the following values:
+<ul>
+<li>Production (with this target infrastructure, the EGI site certification
+transition rules apply)</li>
+<li>Test (in future, if the site delivers to this infrastructure, then its
+Certification status will be fixed to ‘Candidate’).</li>
+</ul>
+</li>
+<li>ROC [GROUP] - The NGI or Region of the site</li>
+<li>Country</li>
+<li>IP address range within which the Site/Resource Centre’s services run
+<ul>
+<li>IP/netmask (x.x.x.x/x.x.x.x). To specify multiple IP/netmask values, use a
+comma or semi-colon separated list with no spaces, e.g.
+1.2.3.4/255.255.255.0, 1.2.3.5/255.255.255.0</li>
+</ul>
+</li>
+</ul>
+<h2 id="manipulating-sites">Manipulating sites</h2>
+<h3 id="viewing-sites">Viewing sites</h3>
+<p>A site listing page shows a listing of all the sites in the database, with
+controls to page through the listing. The table headers can be clicked to set
+the ordering (ascending or descending).</p>
+<p>Each site also has its own listing page. By clicking the link to view a site,
+you can see all of the site’s information</p>
+<ul>
+<li>Site listing page is available from the sidebar by clicking on the Browse
+Sites link.</li>
+<li>sites belonging to a given Operations Centre are also listed from the group
+details pages (see below)</li>
+</ul>
+<h3 id="adding-a-site">Adding a site</h3>
+<p>Provided you have proper permissions (check the permissions matrix in the
+<a href="../users-roles/managing-roles/_index.md#permissions-associated-to-roles">related section</a>
+, you can add a site by clicking on the Add a New Site link in the sidebar.
+Simply fill the form and validate.</p>
+<p><strong>Note</strong>: If you just registered as site admin and want your new site to be
+registered in GOCDB, please contact your NGI representative.</p>
+<h3 id="editing-site-information">Editing site information</h3>
+<p>The editing process will show you the same form as the adding process. To edit a
+site, simply click the “<strong>edit</strong>” link on top of the site’s details page.</p>
+<h3 id="renaming-a-site">Renaming a site</h3>
+<p>Provided you have permissions, you can change the Short Name, Official Name and
+GIIS URL to the new Resource Center details. For more information regarding the
+site renaming procedure please see <a href="https://confluence.egi.eu/x/3SAmBg">PROC15</a></p>
+<h3 id="removing-a-site">Removing a site</h3>
+<p>Site deletion is not allowed in GOCDB. If a site stops operation, its
+certification status should be set to “closed” (see the next section for more
+information).</p>
+<h3 id="changing-site-certification-status">Changing Site Certification Status</h3>
+<p>For each site that delivers to the ‘Production’ Target Infrastructure, GOCDB
+stores and shows information about its certification status. This reflects the
+different steps of the official SA1 site certification procedure which typically
+follows:</p>
+<p>Candidate -> Uncertified -> Certified.</p>
+<p>The different possible certification statuses are:</p>
+<ul>
+<li><strong>Candidate</strong>: the Resource Centre is in under registration according to the
+registration process described in the
+<a href="https://confluence.egi.eu/x/FSAmBg">RC registration certification procedure</a>.
+A site will have CANDIDATE status only during certification.</li>
+<li><strong>Uncertified</strong>: site information has been validated by the Operations Centre
+and is ready to be moved to certified status (again). The certification status of
+a site can only be changed by a user with a higher level ‘Regional’ (or EGI
+‘Project’) level role. This usually means that only regional managers/deputies/staff
+can update the status of a site that belongs to that region, see the permissions
+associated to the roles in the
+<a href="../users-roles/managing-roles/_index.md#permissions-associated-to-roles">related section</a>.</li>
+<li><strong>Certified</strong>: the Operations Centre has verified that the site has all middleware
+installed, passes the tests and appears stable.</li>
+<li><strong>Suspended</strong>: Site does temporarily not conform to production requirements (e.g.
+minimum service targets - see the
+<a href="https://documents.egi.eu/document/31">Resource Centre OLA</a>, security matters) and
+requires Operations Centre attention. A site can be suspended for a maximum of 4
+months after which it must be re-certified or closed.</li>
+<li><strong>Closed</strong>: Site is definitely no longer operated by EGI and is only shown for
+historic reasons.</li>
+</ul>
+<p><strong>Clarifications</strong>:</p>
+<ul>
+<li>The uncertified status would generally be an information that a site is ready to
+start certification procedure (again). “uncertified” can also be used as a timewise
+unlimited state for sites having to keep an old version of the middleware for the
+absolute needs of an important international VO or to flag a site coping with
+<a href="https://confluence.egi.eu/x/NoIkBQ">Operations Centre</a> requirements but not with EGI
+availability/reliability thresholds.</li>
+<li>Suspended is always having a temporary meaning. It is used to flag a site temporarily
+not coping with EGI availability/reliability thresholds or security requirements,
+and which should be closed or uncertified by its
+<a href="https://confluence.egi.eu/x/NoIkBQ">Operations Centre</a> within 4 months. When being
+suspended, sites can express that they want to pass certification again. The suspended
+status is useful to EGI and to the Operations Centre themselves to flag the sites that
+require attention by the <a href="https://confluence.egi.eu/x/NoIkBQ">Operations Centre</a>.</li>
+<li>The closed status should be the terminal one. Suspended is not a terminal state.</li>
+</ul>
+<p><strong>The following site state transitions are allowed</strong>:</p>
+<ul>
+<li>candidate -> uncertified</li>
+<li>candidate -> closed</li>
+<li>uncertified -> certified</li>
+<li>certified -> suspended</li>
+<li>certified -> closed (on site request)</li>
+<li>suspended -> uncertified</li>
+<li>suspended -> closed</li>
+</ul>
+<p><strong>The following transitions are explicitly forbidden</strong>:</p>
+<ul>
+<li>suspended -> certified</li>
+<li>candidate -> something else but uncertified and closed</li>
+<li>closed -> anything else</li>
+</ul>
+<p>Going with the definition of the suspended status,
+<a href="https://confluence.egi.eu/x/NoIkBQ">Operations Centre</a> managers have to regularly give
+their attention to all their suspended sites, so that they are processed within the
+given maximum time of four months. Sites being in suspended should either be set to
+closed or brought back in production via the uncertified status.</p>
+<p>More information about site certification statuses can be found in the
+<a href="https://confluence.egi.eu/x/FwfSB">EGI Federation Procedures</a>:</p>
+<ul>
+<li><a href="https://confluence.egi.eu/x/FSAmBg">PROC09 RC Registration and Certification Procedure</a></li>
+<li><a href="https://confluence.egi.eu/x/myAmBg">PROC11 Resource Centre Decommissioning Procedure</a></li>
+<li><a href="https://confluence.egi.eu/x/jSAmBg">PROC12 Production Service Decommissioning Procedure</a></li>
+</ul>
+<p><strong>Note</strong>: Site certification status cannot be changed by site administrators, and
+requires intervention of Operations Centre staff.</p>Internal: Users and roles/internal/configuration-database/users-roles/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/users-roles/
+<h2 id="introduction">Introduction</h2>
+<p>In the sub-pages there is an explanation over the EGI Configuration Database
+user accounts, how to manage them, and the roles defined.</p>Internal: Service registration requirements/internal/configuration-database/service-registration-requirements/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/service-registration-requirements/
+<p>Information to provide when registering a new service (the fields marked with an
+asterisk are mandatory):</p>
+<ul>
+<li>Hosting Site * (select the appropriate RC under which you are registering the
+service)</li>
+<li>Service Type * (select the appropriate service type)</li>
+<li>Service URL (Alphanumeric and $-_.+!*’(),:)</li>
+<li>Hostname * (valid FQDN format)</li>
+<li>Host IP a.b.c.d</li>
+<li>Host IPv6 (0000:0000:0000:0000:0000:0000:0000:0000[/int]) (optional [/int]
+range)</li>
+<li>Host DN (/C=…/OU=…/…)</li>
+<li>Description * (Alphanumeric and basic punctuation)</li>
+<li>Host Operating System (Alphanumeric and basic punctuation)</li>
+<li>Host Architecture (Alphanumeric and basic punctuation)</li>
+<li>Is it a beta service (formerly PPS service)? Y/N</li>
+<li>Is this service in production? Y/N</li>
+<li>Is this service monitored? Y/N</li>
+<li>Contact email * (valid email format)</li>
+</ul>
+<h2 id="scope-tags">Scope Tags</h2>
+<ul>
+<li>✓ Optional Tags (At least 1 optional tags must be selected): EGI Local
+FedCloud</li>
+<li>✓ Reserved Tags Inheritable from Parent Site: none</li>
+<li>✓ Reserved Tags Directly Assigned (WARNING - If deselected you will not be
+able to reselect the tag - it will be moved to the ‘Protected Reserved Tags’
+list): none</li>
+<li>✗ Protected Reserved Tags (Can only be assigned on request): alice atlas cms
+elixir lhcb tier1 tier2 wlcg</li>
+</ul>Internal: Adding a new project/internal/configuration-database/adding-new-projects/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/adding-new-projects/
+<h2 id="introduction">Introduction</h2>
+<p>GOCDB, the software powering the EGI Configuration Database, is multi-tenanted;
+it can host multiple projects in the same instance. There are a number of
+different deployment scenarios that can be used to support new projects detailed
+below. Please contact the EGI Configuration Database admins and EGI Operations
+to discuss the options available.</p>
+<h2 id="1-add-resources-sitesservices-to-an-existing-project">1) Add resources (sites/services) to an existing project</h2>
+<ul>
+<li>Resources (NGIs, Sites, Services) would be hosted under an existing project,
+e.g. the ‘EGI’ project.</li>
+<li>The new resources would be subject to the rules of the existing project, such
+as site certification status changes and project controlled user memberships.</li>
+<li>The resources could not be filtered using a custom scope tag.</li>
+</ul>
+<h2 id="2-add-resources-sitesservices-to-an-existing-project-and-add-a-new-scope-tag-to-represent-a-sub-grouping">2) Add resources (sites/services) to an existing project and add a new Scope tag to represent a sub-grouping</h2>
+<ul>
+<li>Resources would be hosted under an existing project, and a new scope tag would
+be added for the purposes of resource filtering.</li>
+<li>Since the resources are still hosted under an existing project, the new
+resources would still be subject to the rules of the existing project, such as
+site certification status changes and project controlled user memberships.</li>
+<li>The resources could be filtered using the new scope tag, but this scope tag
+would not strictly represent a project, rather a sub-grouping under the
+existing project, e.g.</li>
+</ul>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>get_services<span style="color:#a40000">&</span>scope=SubGroupX
+</span></span></code></pre></div><p>Note, resources can be tagged multiple times to declare support for multiple
+projects and sub-groups:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>get_services<span style="color:#a40000">&</span>scope=SubGroupX,EGI<span style="color:#a40000">&</span>scope_match=all
+</span></span></code></pre></div><h2 id="3-add-resources-sitesservices-to-a-new-project-and-add-a-new-scope-tag-to-filter-by-project">3) Add resources (sites/services) to a new Project and add a new Scope tag to filter by project</h2>
+<ul>
+<li>Resources would be hosted under a new project, and a new scope tag would be
+added named after the project for the purposes of resource filtering.</li>
+<li>The resources would not be subject to the rules of other projects, for
+example, allowing the project to control its site certification status changes
+and project controlled user memberships.</li>
+<li>The resources could be filtered using the scope tag named after the new
+project, e.g.</li>
+</ul>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>get_services<span style="color:#a40000">&</span>scope=ProjectX
+</span></span></code></pre></div><p>Note, resources can be tagged multiple times to declare support for multiple
+projects:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-markdown" data-lang="markdown"><span style="display:flex;"><span>get_services<span style="color:#a40000">&</span>scope=ProjectX,EGI<span style="color:#a40000">&</span>scope_match=all
+</span></span></code></pre></div>Internal: API/internal/configuration-database/api/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/api/
+<div class="alert alert-info" role="alert">
+<h4 class="alert-heading">Note</h4>
+Exhaustive documentation of the API for
+the <a href="https://github.com/GOCDB/gocdb">GOCDB service</a>, powering the
+<a href="../">EGI Configuration Database</a>, is available
+<a href="https://gocdb.github.io/api/">on the dedicated GOCDB API documentation site</a>.
+</div>
+<p>The GOCDB Programmatic Interface (PI) is available under <code>/gocdbpi</code>.</p>
+<h2 id="api-components">API components</h2>
+<p>The GOCDB PI has two main components:</p>
+<ul>
+<li>The <a href="https://gocdb.github.io/api/read/">Read API</a></li>
+<li>The <a href="https://gocdb.github.io/api/write/">Write API</a></li>
+</ul>
+<p>The <strong>Read API</strong> provides programmatic access to the data. Access to some
+information (security/critical, personal details, otherwise sensitive
+information) is restricted, more details are available in the section about
+<a href="https://gocdb.github.io/api/read/#data-protection-levels">data protection levels</a>.</p>
+<p>The <strong>Write API</strong> provides limited functionality to add, update, and delete
+entities. Access is restricted, more details can be found in the section about
+<a href="https://gocdb.github.io/api/write/#authenticationauthorisation">authentication and authorisation</a>.</p>
+<h2 id="using-the-read-api">Using the Read API</h2>
+<h3 id="querying">Querying</h3>
+<p>API calls can be tested in a browser or done from the command-line interface,
+using <code>curl</code>.</p>
+<p>Below are some examples, including methods with different
+<a href="https://gocdb.github.io/api/read/#data-protection-levels">data protection levels</a>.</p>
+<blockquote>
+<p>API calls starting with <code>https://goc.egi.eu/gocdbpi/private</code> require the
+client to present a valid credential.</p>
+</blockquote>
+<ul>
+<li><strong>Public</strong> calls, no authentication required:
+<ul>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint">Retrieving all service endpoints</a></li>
+<li><a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&scope=EGI,FedCloud">Collecting information about endpoints under the EGI and FedCloud scopes</a></li>
+</ul>
+</li>
+<li><strong>Private</strong> calls, with authentication required:
+<ul>
+<li><a href="https://goc.egi.eu/gocdbpi/private/?method=get_user&roletype=EGI%20CSIRT%20Officer,COD%20Staff">Retrieving all COD Staff and EGI CSIRT Officer to be allowed in secmon</a></li>
+<li><a href="https://goc.egi.eu/gocdbpi/private/?method=get_cert_status_changes&site=mainz">Querying for certification history for a site</a></li>
+<li><a href="https://goc.egi.eu/gocdbpi/private/?method=get_site&scope=FedCloud,EGI&scope_match=all&certification_status=Certified&production_status=Production">Querying for CSIRT emails of FedCloud sites</a></li>
+<li><a href="https://goc.egi.eu/gocdbpi/private/?method=get_site_contacts&roletype=Site%20Security%20Officer&scope=FedCloud,EGI&scope_match=all">Querying for Security officer at FedCloud sites</a></li>
+</ul>
+</li>
+</ul>
+<h3 id="extracting-content">Extracting content</h3>
+<p>It is possible to filter content using <code>xpath</code>. Download
+<a href="https://goc.egi.eu/gocdbpi/public/?method=get_service_endpoint&scope=EGI,FedCloud">information about endpoints under the EGI and FedCloud scopes</a>
+as <code>egi_fedcloud_service_endpoints.xml</code>.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Extracting endpoints in production</span>
+</span></span><span style="display:flex;"><span>$ xpath -q -e <span style="color:#4e9a06">"//SERVICE_ENDPOINT[IN_PRODUCTION='Y']/HOSTNAME/text()"</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> egi_fedcloud_service_endpoints.xml <span style="color:#000;font-weight:bold">|</span> sort <span style="color:#000;font-weight:bold">|</span> uniq
+</span></span></code></pre></div><h3 id="using-an-x509-client-certificate-to-authenticate-from-the-cli">Using an X.509 client certificate to authenticate from the CLI</h3>
+<p>Querying information about a specific site using CURL, and authenticating with
+an X.509 client certificate.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ curl -v --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#4e9a06">'https://goc.egi.eu/gocdbpi/private/?method=get_site&sitename=CESGA'</span>
+</span></span></code></pre></div><h3 id="querying-using-python">Querying using python</h3>
+<h4 id="looking-for-fedcloud-endpoints">Looking for FedCloud endpoints</h4>
+<p>See
+<a href="https://github.com/EGI-Federation/cloud-info-provider/blob/master/cloud_info_provider/providers/gocdb.py">python script from cloud-info-provider repository</a>.</p>
+<h2 id="using-the-write-api">Using the Write API</h2>
+<p>Examples of using the Write API can be found on the
+<a href="https://gocdb.github.io/api/write/#examples">GOCDB PI site</a>.</p>Internal: FAQ/internal/configuration-database/faq/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/faq/
+<h2 id="i-have-lost-access-to-my-account-what-should-i-do">I have lost access to my account, what should I do?</h2>
+<p>If you were registered but are not recognised anymore (e.g. because your
+certificate DN changed), do not register again!</p>
+<p>Instead, follow the steps
+<a href="../users-roles/managing-accounts#lost-access-to-your-account">Lost access to your Configuration Database account</a>
+section.</p>
+<h2 id="i-am-responsible-for-a-site-that-has-recently-entered-the-egi-infrastructure-how-do-i-register-it">I am responsible for a site that has recently entered the EGI infrastructure. How do I register it?</h2>
+<p>Only registered users with an approved role on an NGI can add a new site. If you
+are the site administrator, the first thing to do is to contact your NGI staff
+and ask them to add the site for you. Then, register to EGI Configuration
+Database (see the user account section) and ask for a site admin role for your
+site (see the requesting a role section). Once your role approved, you will be
+able to edit and change your site information.</p>
+<h2 id="how-do-i-extend-a-declared-schedule-downtime">How do I extend a declared schedule downtime?</h2>
+<p>Because of EGI policies it is not possible to extend a downtime. Recommended
+good practice for any downtime extension is to declare a new unscheduled
+downtime, starting just when the first one finishes. Please refer to the
+downtimes section of this documentation for more information, especially the
+“downtime extension” paragraph.</p>
+<h2 id="i-have-declared-a-downtime-at-risk-and-it-turns-out-to-be-an-outage-how-can-i-declare-this-properly">I have declared a downtime “at risk”, and it turns out to be an outage. How can I declare this properly?</h2>
+<p>If you have declared the downtime as being at risk and an outage actually
+happens half way through, you need to update the Configuration Database to
+reflect the fact that your site is now down. There is currently no way of doing
+this by updating the downtime on the fly without having the system considering
+the whole downtime as being an outage. The best way to proceed is:</p>
+<ul>
+<li>Modify end date of your “at risk” downtime, so that it ends in a few minutes</li>
+<li>Enter a new “outage” downtime, starting when the other ends</li>
+</ul>
+<h2 id="how-do-i-switch-monitoring-onoff-for-my-nodes">How do I switch monitoring on/off for my nodes?</h2>
+<p>Monitoring status in Configuration Database cannot always be switched off. If a
+node is declared as delivering a production service, rules apply and the node
+has to be monitored. If you are running a test node and want to switch
+monitoring off, set both “monitoring” and “production” to “N”.</p>
+<h2 id="why-nobody-has-approved-my-role-request-yet">Why nobody has approved my role request yet?</h2>
+<p>Someone has to approve any request you make, in order to ensure nobody is trying
+to get inappropriate roles. If yours is not getting approved, this can either be
+because your request was not legitimate, or most likely because the people that
+are supposed to do it forgot about it. Please refer to the Roles permissions
+definitions section of this documentation to determine who should validate your
+role, and try to get in touch with them. If you are requesting a site admin
+role, they are likely to be your fellow site admins or your NGI operators.</p>
+<h2 id="i-am-not-an-egi-user-but-need-access-to-the-backend-to-retrieve-information-for-my-project-what-can-i-do">I am not an EGI user but need access to the backend to retrieve information for my project. What can I do?</h2>
+<p>Accessing the backend through another way than the
+<a href="https://goc.egi.eu">Configuration Database web interface</a> is out of the scope
+of this documentation. Please refer to the technical documentation instead,
+which is available from GOCDB Documentation.</p>
\ No newline at end of file
diff --git a/612/internal/configuration-database/ngi-core-services/index.html b/612/internal/configuration-database/ngi-core-services/index.html
new file mode 100644
index 0000000000..7c91d53bc3
--- /dev/null
+++ b/612/internal/configuration-database/ngi-core-services/index.html
@@ -0,0 +1,96 @@
+NGI Core Services | Documentation
+
+
+
+
+
+
NGI Core Services
Managing the NGI Core Services entries in Configuration Database
NGI Core Services
NGIs can register a number of ‘NGI-Core’ services in the Configuration Database.
+A core NGI service is one that is used to calculate the availability and
+reliability of the NGI. These services fall under the responsibility of the NGI
+and provide production quality (no testing instances). NGIs can distinguish/flag
+their core services from their other (non-core) services using one of two ways
+(see A and B below).
Be hosted under a ‘NGI’ scoped Site that has a certification status of
+‘Certified’
Required Service Types
The following service types are mandatory to support the central operations and
+all NGIs in the EGI scope should define instances of these services:
emi.ARGUS (Mandatory) (NGI ARGUS)
Top-BDII (Mandatory)
Other Mandatory services, depending on middleware deployed by sites under NGI
+responsibility, are the following:
MyProxy
VOMS
NGIs should also register their custom core services like accounting, helpdesk
+if provided.
Registering NGI Core Services
NGI core services can be grouped/flagged in one of two ways:
A) By creating a ‘NGI_XX_SERVICES’ Site and adding their core services
+under this site. This site must be scoped as ‘NGI’ and define a certification
+status of ‘Certified’.
B) By creating a ‘NGI_XX_SERVICES’ ServiceGroup and adding their core
+services to this ServiceGroup.
It is important that these core service Sites/ServiceGroups adhere to the
+‘NGI_XX_SERVICES’ naming scheme. The list of existing Service Groups is
+available on
+GOCDB.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/ngi-core-services/index.xml b/612/internal/configuration-database/ngi-core-services/index.xml
new file mode 100644
index 0000000000..f3f5102cb6
--- /dev/null
+++ b/612/internal/configuration-database/ngi-core-services/index.xml
@@ -0,0 +1 @@
+Documentation – NGI Core Services/internal/configuration-database/ngi-core-services/Recent content in NGI Core Services on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/ngis/index.html b/612/internal/configuration-database/ngis/index.html
new file mode 100644
index 0000000000..ce8a70f1d5
--- /dev/null
+++ b/612/internal/configuration-database/ngis/index.html
@@ -0,0 +1,88 @@
+Managing NGIs entities | Documentation
+
+
+
+
+
+
Managing NGIs entities
Managing NGIs entities
Introduction
An NGI forms a grouping of Sites in EGI Configuration Database. The
+Configuration Database stores the following information about these groups. The
+main page listing groups actually shows NGIs/ROCs, and is available from “List
+of NGIs/ROCs and associated contacts”, linked from the main menu.
Each NGI has its own listing page, accessible by clicking on the “view” link in
+group listing pages. A group details page shows users with a role on that group,
+as well as member sites and associated contacts and roles.
Adding NGIs
Adding groups is not possible through the Input System web interface. If you
+want to start the registration process of a new NGI, please follow the procedure
+described on:
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/ngis/index.xml b/612/internal/configuration-database/ngis/index.xml
new file mode 100644
index 0000000000..65a57903e7
--- /dev/null
+++ b/612/internal/configuration-database/ngis/index.xml
@@ -0,0 +1 @@
+Documentation – Managing NGIs entities/internal/configuration-database/ngis/Recent content in Managing NGIs entities on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/scopes/index.html b/612/internal/configuration-database/scopes/index.html
new file mode 100644
index 0000000000..263b4a9295
--- /dev/null
+++ b/612/internal/configuration-database/scopes/index.html
@@ -0,0 +1,135 @@
+Scoping | Documentation
+
+
+
+
+
+
Scoping
Understanding and manipulating scopes
Introduction
Scope tags are used to group entities such as Sites, Services and
+ServiceGroups into flexible categories. A single entity can define multiple
+scope tags, allowing the resource to be associated with different categories
+without duplication of information. This is essential to maintain the
+integrity of topology information across different infrastructures and
+projects.
The Configuration Database admins control which scope tags are made available
+to avoid proliferation of tags (user defined tags are reserved for the
+extensibility mechanism).
As an example, a site’s scope list could aggregate all of the scopes defined
+by its child services. In doing this, the site scope list becomes a union of
+its service scopes plus any other site specific tags defined by the site.
By defining scope tags, resources can be ‘filtered-by-scope-tag’ when querying
+for data in the PI using the ‘scope’ and ‘scope_match’ parameters, see
+GOCDB Programmatic Interface (GOCDB-PI)(link
+to old EGI Wiki) for details.
Clear Separation of Concerns
It is important to understand that scopes and Projects are distinct:
Projects are used to cascade roles and permissions over child objects
Scope tags are used to filter resources into flexible categories/groupings
Scope tags can be created to mirror the projects. For example, assuming two
+projects (e.g. EGI.eu and EUDAT), two corresponding tags may be defined.
In addition, it is also possible define additional scopes for finer grained
+resource filtering e.g. ‘SubGroupX’ and ‘EGI_TEST’.
The key benefit: A clear separation of concerns between cascading permissions
+and resource filtering.
EGI Scopes
To make a Site, Service or ServiceGroup visible to EGI, the resource’s
+‘EGI’ scope tag checkbox must be ticked. EGI scoped resources are exposed to
+the central operational tools for monitoring and will appear in the central
+operations portal.
Un-ticking the EGI checkbox and selecting the ‘Local’ scope makes the
+selected object invisible to EGI; it will be hidden from the central operation
+tools (it will not show in the central dashboard and it will not be monitored
+centrally). This can be useful if you wish to hide certain parts of your
+infrastructure from EGI but still have the information stored and accessed
+from the same Configuration Database instance.
A use-case for non-EGI sites/services is to hide those entities from central
+EGI tools, but to include those sites/services for use by regional versions of
+the operational tools (such as regional monitoring).
Note that exposing a site / service endpoint as EGI does not override the
+production status or certification status fields. For example if a site isn’t
+marked as production it won’t be monitored centrally even if it’s marked as
+visible to EGI.
You can submit your request for new scope tags via
+EGI Helpdesk to the “Configuration and Topology Database
+(GOCDB)” support unit.
Reserved Scope Tags
Some tags may be ‘Reserved’ which means they are protected - they are used to
+restrict tag usage and prevent non-authorised sites/services from using tags
+not intended for them.
Reserved tags are initially assigned to resources by the Configuration
+Database admins, and can then be optionally inherited by child resources (tags
+can be initially assigned to NGIs, Sites, Services and ServiceGroups).
When creating a new child resource (e.g. a child Site or child Service), the
+scopes that are assigned to the parent are automatically inherited and
+assigned to the child.
Reserved tags assigned to a resource are optional and can be de-selected if
+required.
Users can reapply Reserved tags to a resource ONLY if the tag can be inherited
+from the parent Scoped Entity (parents include NGIs/Sites).
For Sites: If a Reserved tag is removed from a Site, then the same tag is
+also removed from all the child Services - a Service can’t have a reserved
+tag that is not supported by its parent Site.
For NGIs: If a Reserved tag is removed from an NGI, then the same tag is NOT
+removed from all the child Sites - this is intentionally different from the
+Site->Service relationship.
To request a reserved scope tag, an approval is required from the operators
+of the relevant resources. Details on who to contact are listed below. Once
+authorisation is given, please contact the Configuration Database admins with
+details of the approval (e.g. link to an EGI Helpdesk ticket
+that approves the tag assignment).
FedCloud Reserved Tag
Tag for resources that contribute to the EGI Federated Cloud. To request this
+tag, please contact the FedCloud operators / EGI Operations.
Elixir Reserved Tag
Tag for resources that contribute to the EGI Federated Cloud. To request this
+tag, please contact the operators of the ‘ELIXIR’ NGI in the EGI Configuration
+Database.
WLCG Reserved Tags
A number of reserved scope tags have been defined for the WLCG:
The ‘tierN’ tags should be requested for WLCG sites that are defined in
+REBUS (a management view of the WLCG infrastructure/sites). To request a
+‘tierN’ tag, raise a ticket against the REBUS support unit in GGUS.
For the experiment VO tags (alice, atlas, cms, lhcb), raise a ticket with
+the relevant VO support unit.
The wlcg tag is a generic catch-all tag for sites/services with either tierN
+and VO tags and is used to gain an overall view of the WLCG infrastructure.
SLA Reserved Tag
Entities covered by an EGI VO SLA
This Tag will only be applied at the request of EGI operations
EOSCCore Tag
Tag for resources that contribute to core services of the EOSC. To request
+this tag, please raise an EGI Helpdesk ticket against the
+Operations SU.
EGICore Tag
Tag for resources that are part of the EGI Core services. To request this tag,
+please raise an EGI Helpdesk ticket against the Operations SU.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/scopes/index.xml b/612/internal/configuration-database/scopes/index.xml
new file mode 100644
index 0000000000..e9a270c27d
--- /dev/null
+++ b/612/internal/configuration-database/scopes/index.xml
@@ -0,0 +1 @@
+Documentation – Scoping/internal/configuration-database/scopes/Recent content in Scoping on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-entities/index.html b/612/internal/configuration-database/service-entities/index.html
new file mode 100644
index 0000000000..9c43fa1dc5
--- /dev/null
+++ b/612/internal/configuration-database/service-entities/index.html
@@ -0,0 +1,127 @@
+Service Entities | Documentation
+
+
+
+
+
+
Service Entities
Managing Service entities
Definition
A Service entity is formed by a hostname, a hosted service and a URL.
The EGI Configuration Database stores the following information about Service
+entities (non exhaustive list):
The fully qualified hostname of the machine
The hosted service (see ServiceTypes below)
The URL to reach the entities
The IP address of the machine
The machine’s host certificate DN
A description of the node
As a machine can host many services, there can be many Service entities per
+machine.
Example
The machine myhost.domain.org runs a CE, an UI and a UnicoreX service. This
+will show up in the EGI Configuration Database as 3 Service entities:
fully qualified hostname
ServiceType
myhost.domain.org
CE
myhost.domain.org
UI
myhost.domain.org
unicore6.Gateway
Note that a single host can also specify multiple services of the same
+ServiceType.
Manipulating Service entities
Viewing Service entities
There are different pages in GOCDB where Service entities are listed:
A full Service entities
+listing page, that
+shows a listing of all the entities in the database, with controls to page
+through the listing. The table headers can be clicked to set the ordering.
Site details page, see
+GRIDOPS-GOCDB for
+an example, where all the Service entities belonging to this site are listed
Each Service entity also has its own listing page. By clicking the link to view
+it, you can see all associated information.
Adding Service entities
Provided you have proper permissions (check the permissions matrix in the
+Permissions_associated_to_roles section), you can add a Service entity by:
clicking on the Add a New Service link in the sidebar. Simply select
+parent site, fill the form and validate.
By clicking on the Add Service link from a given site’s details page (the
+link will only appear if you have proper permissions). This will lead you to
+the same form as above.
Editing Service entities information
The editing process will show you the same form as the adding process. To edit
+Service entities, simply click the “edit” link on top of the entities'
+details page.
Removing a Service entity from a site
To delete a Service entity you have permissions on, simply click on the
+“delete” link on top of the entities’ details page. The interface asks for
+confirmation before proceeding.
Service Endpoint entities
A Service entity may optionally define Service Endpoint entities which model
+network locations for different service functionalities that can’t be described
+by the main ServiceType and URL alone.
For example: The Service entity
+goc.egi.eu (of
+ServiceType egi.GOCDB) defines the following Service Endpoint entities:
This indicates whether the Service entity is a beta service or not (part of the
+staged rollout process).
Host DN
This is the DN of the host certificate for the service. The format of the DN
+follows that defined by the
+OGF Interoperable Certificate Profile
+which restricts allowed chars to a PrintableString that does NOT contain
+characters that cannot be expressed in printable 7-bit ASCII. For a list of
+allowed chars.
To supply multiple or alternate DN(s) for a service, for example of the multiple
+hosts supporting a single Service entity, see
+standard extension properties.
“production” flag (t/f)
The Service entities’ Production flag indicates if this service delivers a
+production quality service to the infrastructure it belongs to (EGI).
Non-production Service entities can be either Monitored or Not Monitored,
+depending on the Administrator’s choice.
Even if this flag is false, the service is still considered part of the EGI
+and so shows up in the ROD dashboard.
If true, then the Monitored flag must also be true: All production resources
+MUST be monitored (except if the ServiceType is a VOMS or emi.ARGUS)
This flag is not to be confused with PRODUCTION_STATUS, which is a Site
+level flag that shows if the site delivers to the production or Test
+infrastructure.
“monitoring” flag (t/f)
This flag is taken into account by monitoring tools.
Can only be set to “N” (false) if Production flag is also false.
If set to “N” the entities won’t be tested.
Usage of PRODUCTION and MONITORED flags for EGI Service entities
All production Service entities MUST be monitored (except for emi.ARGUS and
+VOMS ServiceTypes).
Production and Monitored
Operations Dashboard: A failing test of production Service entities generates
+an alarm in the ROD Operations Dashboard.
Availability calculation: The Service entities test results are considered for
+Availability computation (if and only if the ServiceType associated to the
+entities is one of those included in Availability computation)
Non-Production and Monitored: YES/NO
Availability calculation: If Monitored is set to YES, the
+Monitoring Service will test the Service entity, but the
+test results are ignored by the Availability Computation Engine (ACE).
Availability calculation: Non-production Service entities are not considered
+for site availability calculations.
Operations Dashboard: If Monitored is set NO, the Service entities is
+ignored by the Monitoring Service, and no alarms are
+raised in the Operations Dashboard in case of CRITICAL failure.
Monitoring tests for non-production Service entities generate alarms into the
+ROD Operations Dashboard in case of CRITICAL failure of the test. These
+alarms are visible in the Operations Dashboard and are tagged as “non
+production”.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-entities/index.xml b/612/internal/configuration-database/service-entities/index.xml
new file mode 100644
index 0000000000..25e653cbd3
--- /dev/null
+++ b/612/internal/configuration-database/service-entities/index.xml
@@ -0,0 +1 @@
+Documentation – Service Entities/internal/configuration-database/service-entities/Recent content in Service Entities on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-groups/index.html b/612/internal/configuration-database/service-groups/index.html
new file mode 100644
index 0000000000..d5cfa7ffab
--- /dev/null
+++ b/612/internal/configuration-database/service-groups/index.html
@@ -0,0 +1,91 @@
+Service groups | Documentation
+
+
+
+
+
+
Service groups
Understanding and manipulating service groups
Service Groups
A service group is an arbitrary grouping of existing service endpoints that can
+be distributed across different physical sites and users that belong to the SG
+(SGs were previously known as ‘Virtual Sites’):
Each service that appears in a group must already exist and be hosted by a
+physical site.
A service group role does not extend any permissions over its child
+services. This means that you cannot declare a downtime on the services that
+you group together or modify the service attributes.
Any GOCDB user can create their own service group and as the ‘Service Group
+Administrator’ you can control subsequent user membership requests to the SG
+(everything is logged, including who created the service group).
GOCDB users can request to join an existing service group by finding the
+target SG and requesting a role on that SG.
Service groups are typically used for monitoring a particular collection of
+services and/or users using the GOCDB ‘get_service_group’ and
+‘get_service_group_role’ PI methods.
SG members can be listed using the get_service_group_role PI method.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-groups/index.xml b/612/internal/configuration-database/service-groups/index.xml
new file mode 100644
index 0000000000..62a4ba484b
--- /dev/null
+++ b/612/internal/configuration-database/service-groups/index.xml
@@ -0,0 +1 @@
+Documentation – Service groups/internal/configuration-database/service-groups/Recent content in Service groups on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-information/index.html b/612/internal/configuration-database/service-information/index.html
new file mode 100644
index 0000000000..a272e4a157
--- /dev/null
+++ b/612/internal/configuration-database/service-information/index.html
@@ -0,0 +1,79 @@
+Service information | Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-information/index.xml b/612/internal/configuration-database/service-information/index.xml
new file mode 100644
index 0000000000..964dc2eabe
--- /dev/null
+++ b/612/internal/configuration-database/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/configuration-database/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-registration-requirements/index.html b/612/internal/configuration-database/service-registration-requirements/index.html
new file mode 100644
index 0000000000..64790ebfb8
--- /dev/null
+++ b/612/internal/configuration-database/service-registration-requirements/index.html
@@ -0,0 +1,86 @@
+Service registration requirements | Documentation
+
+
+
+
+
+
Service registration requirements
Information required for registering a service into the Configuration Database
Information to provide when registering a new service (the fields marked with an
+asterisk are mandatory):
Hosting Site * (select the appropriate RC under which you are registering the
+service)
Service Type * (select the appropriate service type)
Description * (Alphanumeric and basic punctuation)
Host Operating System (Alphanumeric and basic punctuation)
Host Architecture (Alphanumeric and basic punctuation)
Is it a beta service (formerly PPS service)? Y/N
Is this service in production? Y/N
Is this service monitored? Y/N
Contact email * (valid email format)
Scope Tags
✓ Optional Tags (At least 1 optional tags must be selected): EGI Local
+FedCloud
✓ Reserved Tags Inheritable from Parent Site: none
✓ Reserved Tags Directly Assigned (WARNING - If deselected you will not be
+able to reselect the tag - it will be moved to the ‘Protected Reserved Tags’
+list): none
✗ Protected Reserved Tags (Can only be assigned on request): alice atlas cms
+elixir lhcb tier1 tier2 wlcg
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-registration-requirements/index.xml b/612/internal/configuration-database/service-registration-requirements/index.xml
new file mode 100644
index 0000000000..8c1fc47a6b
--- /dev/null
+++ b/612/internal/configuration-database/service-registration-requirements/index.xml
@@ -0,0 +1 @@
+Documentation – Service registration requirements/internal/configuration-database/service-registration-requirements/Recent content in Service registration requirements on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-types/index.html b/612/internal/configuration-database/service-types/index.html
new file mode 100644
index 0000000000..6f742ec6a7
--- /dev/null
+++ b/612/internal/configuration-database/service-types/index.html
@@ -0,0 +1,140 @@
+Service Types | Documentation
+
+
+
+
+
+
Service Types
Description of Service types.
Introduction
In the EGI Configuration Database, a service type is a technology used to
+provide a service. Each service endpoint is associated with a service type.
+Service types are pieces of software while service endpoints are a particular
+instance of that software running in a certain context.
Service Type Naming Scheme
Service types include grid and cloud middleware, and operational services.
This attribute corresponds to the Glue2 Service.Type attribute and is
+defined as the “Type of service according to a namespace based classification
+(the namespace MAY be related to a middleware name, an organisation or other
+concepts)”.
The naming scheme for new service types therefore follow a reverse DNS style
+syntax, usually naming the technology provider/project followed by technology
+type in lowercase, i.e. ‘provider.type’ (e.g. org.openstack.swift).
Please note, this syntax does not necessarily indicate ownership, the main
+objective is to avoid name clashes between services. For example, different
+projects may have similar services but these may be modified/customised just
+enough to merit a different prefix or service type name.
The Glue2 and GOCDB recommendation is to use lowercase (legacy enum values do
+exist that use camelCase).
These service types are used at some grid sites within EGI but aren’t EGI
+operational tools or a part of the core middleware distributions.
Service Type List
To request a new service type, please submit a request for a new service type
+(see the section “Adding a new service type”).
In the following section there is the list of “middleware agnostic” service
+types. You can obtain the whole list of service types by browsing
+Poem, or by launching the
+following query to the GOCDBPI interface:
Site-BDII:
+(Site service) This service collects and publishes site’s data for the
+Information System. All grid sites MUST install one Site-BDII. For cloud sites
+eu.egi.cloud.information.bdii MUST be installed.
Top-BDII:
+(Central service) The “top-level BDII”. These collect and publish the data
+from site-BDIIs. Only a few instances per region are required.
MyProxy:
+[Central service] MyProxy is part of the authentication and authorization
+system. Often installed by sites installing the WMS service.
argo.poem:
+POEM is system for managing profiles of probes and metrics in ARGO system.
argo.mon:
+ARGO Monitoring Engine gathers monitoring metrics and publishes to messaging
+service.
argo.consumer:
+ARGO Consumer collects monitoring metrics from monitoring engines.
argo.computeengine:
+ARGO Compute Engine computes availability and reliability of services.
argo.api:
+ARGO API service for retrieving status and A/R results.
argo.webui:
+ARGO web user interface for metric A/R visualization and recalculation
+management.
egi.aai.saml:
+EGI Check-in SAML interface. Enables federated access to EGI services and
+resources using Security Assertion Markup Language (SAML). Provided by GRNET.
egi.aai.oidc:
+EGI Check-in OpenID Connect interface. Enables federated access to EGI
+services and resources using OpenID Connect (OIDC). Provided by GRNET.
egi.aai.tts:
+EGI Check-in token translation service. Enables the translation between
+different authentication and authorisation protocols. Provided by GRNET.
Adding new services types
Please feel free to make a request for a new service type. All new service type
+requests need to be assessed by EGI via lightweight review process (by
+EGI OMB and EGI Operations) so that only suitable types
+are added, and to prevent duplication.
You can submit your request via EGI Helpdesk to the
+“Configuration and Topology Database (GOCDB)” support unit.
Please specify the following information as part of your request:
name of service type (lowercase):
high-level description of the service functionality (255 characters max):
project/community/organization maintaining the software:
scale of deployment (number of instances and by which organizations):
contact point (name/email address):
Note: please provide a suggested service type name following the naming scheme
+described above (technology provider’s reversed domain . software name) and a
+brief sentence to describe the service type.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/service-types/index.xml b/612/internal/configuration-database/service-types/index.xml
new file mode 100644
index 0000000000..2659f604fa
--- /dev/null
+++ b/612/internal/configuration-database/service-types/index.xml
@@ -0,0 +1 @@
+Documentation – Service Types/internal/configuration-database/service-types/Recent content in Service Types on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/sites/index.html b/612/internal/configuration-database/sites/index.html
new file mode 100644
index 0000000000..53d105e721
--- /dev/null
+++ b/612/internal/configuration-database/sites/index.html
@@ -0,0 +1,142 @@
+Sites | Documentation
+
+
+
+
+
+
Sites
Managing Sites entities
Definition
A site (also known as a Resource Centre)
+is a grouping of grid resources collating multiple Service Endpoints (SEs).
+Downtimes are recorded on selected SEs of a site. GOCDB stores the following
+information about sites (non exhaustive list). Note, when editing values in the
+portal, mandatory fields are marked with ‘*’:
A unique (short) name - case sensitive (GOCDB and GoCDB are considered
+different)
An official (long) name
A domain name for the Site/Resource Centre
The home web URL of the Site/Resource Centre
A contact email address and telephone number
Emergency email for a fast response time in case of urgent problem
Alarm email is WLCG Tier1 site specific (used as part of a WLCG workflow for
+dealing with specific monitoring alarms)
A security contact email address and telephone number
The site timezone
The site’s GIIS URL (Case Sensitive - Please ensure you enter your Site name
+which is usually encoded in the URL in the correct case!).
e.g. ldap://bdii-rc.some-site.uk:2170/mds-vo-name=SITE-NAME,o=grid (if your
+GOCDB site name site name is upper case)
A mandatory human readable description of the site
The site’s latitude, longitude and location
Production Infrastructure: The site’s intended target infrastructure. This
+specifies the infrastructure that the site’s services deliver to. This has one
+of the following values:
Production (with this target infrastructure, the EGI site certification
+transition rules apply)
Test (in future, if the site delivers to this infrastructure, then its
+Certification status will be fixed to ‘Candidate’).
ROC [GROUP] - The NGI or Region of the site
Country
IP address range within which the Site/Resource Centre’s services run
IP/netmask (x.x.x.x/x.x.x.x). To specify multiple IP/netmask values, use a
+comma or semi-colon separated list with no spaces, e.g.
+1.2.3.4/255.255.255.0, 1.2.3.5/255.255.255.0
Manipulating sites
Viewing sites
A site listing page shows a listing of all the sites in the database, with
+controls to page through the listing. The table headers can be clicked to set
+the ordering (ascending or descending).
Each site also has its own listing page. By clicking the link to view a site,
+you can see all of the site’s information
Site listing page is available from the sidebar by clicking on the Browse
+Sites link.
sites belonging to a given Operations Centre are also listed from the group
+details pages (see below)
Adding a site
Provided you have proper permissions (check the permissions matrix in the
+related section
+, you can add a site by clicking on the Add a New Site link in the sidebar.
+Simply fill the form and validate.
Note: If you just registered as site admin and want your new site to be
+registered in GOCDB, please contact your NGI representative.
Editing site information
The editing process will show you the same form as the adding process. To edit a
+site, simply click the “edit” link on top of the site’s details page.
Renaming a site
Provided you have permissions, you can change the Short Name, Official Name and
+GIIS URL to the new Resource Center details. For more information regarding the
+site renaming procedure please see PROC15
Removing a site
Site deletion is not allowed in GOCDB. If a site stops operation, its
+certification status should be set to “closed” (see the next section for more
+information).
Changing Site Certification Status
For each site that delivers to the ‘Production’ Target Infrastructure, GOCDB
+stores and shows information about its certification status. This reflects the
+different steps of the official SA1 site certification procedure which typically
+follows:
Candidate -> Uncertified -> Certified.
The different possible certification statuses are:
Candidate: the Resource Centre is in under registration according to the
+registration process described in the
+RC registration certification procedure.
+A site will have CANDIDATE status only during certification.
Uncertified: site information has been validated by the Operations Centre
+and is ready to be moved to certified status (again). The certification status of
+a site can only be changed by a user with a higher level ‘Regional’ (or EGI
+‘Project’) level role. This usually means that only regional managers/deputies/staff
+can update the status of a site that belongs to that region, see the permissions
+associated to the roles in the
+related section.
Certified: the Operations Centre has verified that the site has all middleware
+installed, passes the tests and appears stable.
Suspended: Site does temporarily not conform to production requirements (e.g.
+minimum service targets - see the
+Resource Centre OLA, security matters) and
+requires Operations Centre attention. A site can be suspended for a maximum of 4
+months after which it must be re-certified or closed.
Closed: Site is definitely no longer operated by EGI and is only shown for
+historic reasons.
Clarifications:
The uncertified status would generally be an information that a site is ready to
+start certification procedure (again). “uncertified” can also be used as a timewise
+unlimited state for sites having to keep an old version of the middleware for the
+absolute needs of an important international VO or to flag a site coping with
+Operations Centre requirements but not with EGI
+availability/reliability thresholds.
Suspended is always having a temporary meaning. It is used to flag a site temporarily
+not coping with EGI availability/reliability thresholds or security requirements,
+and which should be closed or uncertified by its
+Operations Centre within 4 months. When being
+suspended, sites can express that they want to pass certification again. The suspended
+status is useful to EGI and to the Operations Centre themselves to flag the sites that
+require attention by the Operations Centre.
The closed status should be the terminal one. Suspended is not a terminal state.
The following site state transitions are allowed:
candidate -> uncertified
candidate -> closed
uncertified -> certified
certified -> suspended
certified -> closed (on site request)
suspended -> uncertified
suspended -> closed
The following transitions are explicitly forbidden:
suspended -> certified
candidate -> something else but uncertified and closed
closed -> anything else
Going with the definition of the suspended status,
+Operations Centre managers have to regularly give
+their attention to all their suspended sites, so that they are processed within the
+given maximum time of four months. Sites being in suspended should either be set to
+closed or brought back in production via the uncertified status.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/sites/index.xml b/612/internal/configuration-database/sites/index.xml
new file mode 100644
index 0000000000..c60a0efed9
--- /dev/null
+++ b/612/internal/configuration-database/sites/index.xml
@@ -0,0 +1 @@
+Documentation – Sites/internal/configuration-database/sites/Recent content in Sites on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/approve-revoke/index.html b/612/internal/configuration-database/users-roles/approve-revoke/index.html
new file mode 100644
index 0000000000..94821d1a5c
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/approve-revoke/index.html
@@ -0,0 +1,93 @@
+Approving/revoking accounts, roles and other actions | Documentation
+
+
+
+
+
+
Approving/revoking accounts, roles and other actions
Approving/revoking accounts, roles and other actions
Approving role and change requests
When a registered user applies for a role, the request has to be validated by
+someone who has the proper permissions to grant such a role. If you request a
+role on a given entity, any user with a valid role on that entity or above will
+be able to approve your request.
Example - If you request a “site administrator” role on site X, then the
+following users can approve your request:
site administrators and security officers of site X
regional operations staff, managers and deputies of the
+Operations Centre
+to which site X belongs
GOCDB admins
Role requests you can approve are listed on the Manage roles page
+(accessible by clicking the Manage roles link in the user status panel in
+the sidebar).
In order to approve or decline role requests, simply click on the accept or
+deny links in front of each role request.
Revoking roles
If a user within your scope has a role that needs to be revoked, you can do this
+from the user’s page, where user’s details are listed along with his/her current
+roles. To revoke a role, simply click on the role name then on the revoke
+link at the top right of the role’s details page.
Note: This works for other users within your scope but also for yourself.
+However just note that if you revoke your own roles you may not have proper
+permissions to recover them afterwards.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/approve-revoke/index.xml b/612/internal/configuration-database/users-roles/approve-revoke/index.xml
new file mode 100644
index 0000000000..a7e698e8a5
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/approve-revoke/index.xml
@@ -0,0 +1 @@
+Documentation – Approving/revoking accounts, roles and other actions/internal/configuration-database/users-roles/approve-revoke/Recent content in Approving/revoking accounts, roles and other actions on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/index.html b/612/internal/configuration-database/users-roles/index.html
new file mode 100644
index 0000000000..cafc189393
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/index.html
@@ -0,0 +1,80 @@
+Users and roles | Documentation
+
+
+
+
+
+
Users and roles
Guide about user accounts and the roles
Introduction
In the sub-pages there is an explanation over the EGI Configuration Database
+user accounts, how to manage them, and the roles defined.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/index.xml b/612/internal/configuration-database/users-roles/index.xml
new file mode 100644
index 0000000000..06a1affa23
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/index.xml
@@ -0,0 +1,639 @@
+Documentation – Users and roles/internal/configuration-database/users-roles/Recent content in Users and roles on DocumentationHugo -- gohugo.ioInternal: Approving/revoking accounts, roles and other actions/internal/configuration-database/users-roles/approve-revoke/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/users-roles/approve-revoke/
+<h2 id="approving-role-and-change-requests">Approving role and change requests</h2>
+<p>When a registered user applies for a role, the request has to be validated by
+someone who has the proper permissions to grant such a role. If you request a
+role on a given entity, any user with a valid role on that entity or above will
+be able to approve your request.</p>
+<p><em>Example</em> - If you request a “site administrator” role on site X, then the
+following users can approve your request:</p>
+<ul>
+<li>site administrators and security officers of site X</li>
+<li>regional operations staff, managers and deputies of the
+<a href="https://confluence.egi.eu/display/EGIG/Operations+Centre">Operations Centre</a>
+to which site X belongs</li>
+<li>GOCDB admins</li>
+</ul>
+<p>Role requests you can approve are listed on the <strong>Manage roles</strong> page
+(accessible by clicking the <strong>Manage roles</strong> link in the user status panel in
+the sidebar).</p>
+<p>In order to approve or decline role requests, simply click on the <strong>accept</strong> or
+<strong>deny</strong> links in front of each role request.</p>
+<h2 id="revoking-roles">Revoking roles</h2>
+<p>If a user within your scope has a role that needs to be revoked, you can do this
+from the user’s page, where user’s details are listed along with his/her current
+roles. To revoke a role, simply click on the role name then on the <strong>revoke</strong>
+link at the top right of the role’s details page.</p>
+<p><strong>Note</strong>: This works for other users within your scope but also for yourself.
+However just note that if you revoke your own roles you may not have proper
+permissions to recover them afterwards.</p>Internal: Understanding and manipulating user accounts/internal/configuration-database/users-roles/managing-accounts/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/users-roles/managing-accounts/
+<h2 id="authentication">Authentication</h2>
+<p>The EGI Configuration Database UI attempts to authenticate you in one of two
+ways (the REST style API applies X.509 only):</p>
+<ul>
+<li>First, by requesting an IGTF accredited user certificate from your browser. If
+a suitable certificate is detected, you will be asked to confirm selection of
+your certificate in your browser. <strong>Note</strong>: if a client certificate has been
+provided, it will take precedence over any IdP based authentication.</li>
+<li>Second, if you do not have a user certificate or you hide your certificate
+from (e.g. by starting a new/anonymous private browser session or pressing
+‘Cancel’ when prompted for a certificate), you will be redirected to the
+landing page where you can authenticate with the EGI Identity Provider Service
+(IdP) and your chosen institution (if available). If authentication is
+successful, you will be redirected back to the Configuration Database. Please
+note, not all logins available in the EGI IdP provide a sufficient level of
+assurance (LoA) to login (the LoA must be ‘Substantial’).</li>
+</ul>
+<h2 id="editing-your-user-account">Editing your user account</h2>
+<p>The editing process is the same as the registration process. To edit your user
+account, simply follow these steps:</p>
+<ul>
+<li>click on the “view details” link in the “User Status” panel on the sidebar.
+You should get a page showing your user account information.</li>
+<li>Click on the “edit” link on top of it.</li>
+</ul>
+<h2 id="viewing-users">Viewing users</h2>
+<p>Each user account has its own user details page which is accessible to anyone
+with a valid certificate.</p>
+<p>There is currently no facility for listing all users in the database. List of
+users that have a role on a given site appears on site details pages (see
+section about sites). It is also possible to search for a user’s account using
+the <strong>search</strong> feature on the sidebar.</p>
+<h2 id="deleting-your-user-account">Deleting your user account</h2>
+<p>If you wish to unregister from the Configuration Database, follow these steps:</p>
+<ul>
+<li>click on the <strong>view details</strong> link in the “User Status” panel on the sidebar.
+You should get a page showing your user account information.</li>
+<li>Click on the “delete” link on top of it.</li>
+<li>Confirm your choice.</li>
+</ul>
+<p>Your account will then be deleted along with any roles the account has.</p>
+<h2 id="lost-access-to-your-account">Lost access to your account</h2>
+<p>Under the following circumstances it is possible to lose access to an account:</p>
+<ul>
+<li>You use your IGTF X.509 certificate to access and renew or change certificate,
+it is possible that the certificate’s distinguished name (DN) has also
+changed. This is what the Configuration Database uses to identify your
+account.</li>
+<li>You have authenticated with EGI Check-in, but via a different underlying IdP
+(i.e. You usually log in with your institutional credentials, but today you
+logged in with EGI SSO).</li>
+<li>You have changed the way you log in (i.e. X.509 to EGI Check-in)</li>
+</ul>
+<p>In these situations, it is usually possible to regain access using to your
+certificate based account by following one of the following procedures:</p>
+<p>If for any reason you were unable to complete the relevant procedure (e.g. mail
+confirmations problems) please open an <a href="../../../helpdesk">EGI Helpdesk</a> ticket
+addressed to the “Configuration and Topology Database (GOCDB)” support unit.</p>
+<h3 id="you-have-a-new-certificate-and-have-lost-access-to-your-account">You have a new certificate and have lost access to your account</h3>
+<ul>
+<li>Install your new certificate in your browser.</li>
+<li>Go to <a href="https://goc.egi.eu">EGI Configuration Database</a>. If you are already
+logged in, then clear your caches and restart your browser or start a new
+private browser session.</li>
+<li>When prompted, select your new certificate.</li>
+<li>You should be able to access, but since you are authenticated with your new
+certificate, it is as if you had no user account.</li>
+<li>In the <strong>User Status</strong> panel in the sidebar, click on the
+<strong><a href="https://goc.egi.eu/portal/index.php?Page_Type=Link_Identity">Link Identity/Recover Account</a></strong>
+link.</li>
+<li>Specify in the form:
+<ul>
+<li>Authentication type: X.509</li>
+<li>The DN of your old certificate previously used to authenticate to your X.509
+based account.</li>
+<li>The email address associated to your account.</li>
+</ul>
+</li>
+<li><strong>Submit</strong> and, upon validation, an email will be sent to the specified
+address, which has to match the one registered with your account. This is to
+avoid identity theft. The email contains a validation link.</li>
+<li>Click on the validation link or copy/paste in your browser. Once validated,
+changes are immediate.</li>
+</ul>
+<blockquote>
+<p>You can only associate one X.509 DN with your account at any given time.</p>
+</blockquote>
+<h3 id="you-have-authenticated-with-egi-check-in-but-via-a-different-identity-provider">You have authenticated with EGI Check-in, but via a different Identity Provider</h3>
+<p>It’s possible to link this identity with your “other”
+<a href="../../../../users/aai/check-in">EGI Check-in</a> identity at the level of the EGI
+Check-in, see
+<a href="../../../../users/aai/check-in/linking">account linking documentation</a>.</p>
+<p>Once your identity is linked at the EGI Check-in level, if you are still having
+problems accessing, please reassign the ticket to “Configuration and Topology
+Database (GOCDB)”</p>
+<h3 id="you-have-changed-the-way-you-log-in-ie-x509-to-egi-check-in">You have changed the way you log in (i.e. X.509 to EGI Check-in)</h3>
+<p>You can link these identities at the EGI Configuration Database level by
+following these steps. The steps assume an existing X.509 based account and that
+you are currently authenticated via EGI Check-in, though the steps should hold
+for any pair of supported authentication methods.</p>
+<ul>
+<li>In the <strong>User Status</strong> panel in the sidebar, click on the <strong>Link
+Identity/Recover Account</strong> link.</li>
+<li>Specify in the form:
+<ul>
+<li>Authentication type: X.509</li>
+<li>The DN of your certificate used to authenticate to your X.509 based account</li>
+<li>The email address associated to your X.509 based account.</li>
+</ul>
+</li>
+<li><strong>Submit</strong> and, upon validation, an email will be sent to the specified
+address, which has to match the one registered with your X.509 based account.
+This is to avoid identity theft. The email contains a validation link.</li>
+<li>Click on the validation link or copy/paste in your browser. Authenticate with
+your EGI Check-in identity. Once authenticated/validated, changes are
+immediate and you will be able to access your account with both your X.509 and
+EGI Check-in identities.</li>
+</ul>Internal: Using roles/internal/configuration-database/users-roles/managing-roles/Mon, 01 Jan 0001 00:00:00 +0000/internal/configuration-database/users-roles/managing-roles/
+<h2 id="roles-definition">Roles definition</h2>
+<p>Registered users with a user account will need at least one role in order to
+perform any useful tasks.</p>
+<h3 id="role-types">Role Types</h3>
+<ul>
+<li>A role: Unregistered users</li>
+<li>B role: Registered users with no role</li>
+<li>C role: Users with a role at site level (site admin)</li>
+<li>C’ role: Users with a management role at site level (site operations manager,
+site security officer…)</li>
+<li>D role: Users with a role at regional level (regional staff support staff,
+ROD, 1st Line Support)</li>
+<li>D’ role: Users with a management role at regional level (NGI manager or
+deputy, security officer)</li>
+<li>E role: Users with a role at project level</li>
+</ul>
+<p>The only difference between C and C’ users is that:</p>
+<ul>
+<li>C can NOT approve/reject role requests.</li>
+<li>C’ can only approve/reject role requests for their SITE.</li>
+</ul>
+<p>The difference between D and D’ users is that:</p>
+<ul>
+<li>D can NOT add/delete sites to/from their NGI.</li>
+<li>D can NOT update the certification status of member sites.</li>
+<li>D can NOT approve or reject role requests.</li>
+</ul>
+<h3 id="roles">Roles</h3>
+<h4 id="at-site-level">At Site level</h4>
+<ul>
+<li>Site Administrator - person responsible of maintaining a site and associated
+information in the EGI Configuration Database (C Level)</li>
+<li>Site Security officer - official security contact point at site level (C'
+Level)</li>
+<li>Site Operations Deputy Manager - The deputy manager of operations at a site
+(C’ Level)</li>
+<li>Site Operations Manager - The manager of site operations (C’ Level)</li>
+</ul>
+<h4 id="at-ngiregional-level">At NGI/Regional level</h4>
+<ul>
+<li>Regional First Line Support - Staff providing first line support for an NGI (D
+Level)</li>
+<li>Regional Staff (ROD) - staff involved in
+<a href="https://confluence.egi.eu/display/EGIG/Operations+Centre">Operations Centre</a>
+activities such as user/operations support (D Level)</li>
+<li>NGI Security officer - official security contact point at regional level (D'
+Level)</li>
+<li>NGI Operations Deputy Manager - Deputy manager of NGI operations (D’ Level)</li>
+<li>NGI Operations Manager - Manager of NGI operations (D’ Level)</li>
+</ul>
+<h4 id="at-project-level">At Project level</h4>
+<ul>
+<li>COD staff - COD staff (E Level)</li>
+<li>COD administrator - People administrating Central COD roles (E Level)</li>
+<li>EGI CSIRT Officer - official security contact point at project level (E Level)</li>
+<li>Chief Operations Officer (COO) - The EGI Chief Operations Officer (E Level)</li>
+</ul>
+<h2 id="permissions-associated-to-roles">Permissions associated to roles</h2>
+<p>Roles and permissions are based on whether the considered object is owned or
+not. In the table below the following definitions apply:</p>
+<ul>
+<li><strong>Owned group</strong>: a group on which the role applies (ROC, NGI, project)</li>
+<li><strong>Owned site</strong>: a site on which the role applies, or belonging to an owned
+group</li>
+<li><strong>Owned service endpoint</strong>: a service endpoint belonging to an owned site</li>
+</ul>
+<p>Each role has a set of associated permissions which apply on the role’s scope
+(site, region or project). Main permissions are summarised in the table below</p>
+<table>
+<thead>
+<tr>
+<th>Action</th>
+<th>A) Unregistered users</th>
+<th>B) Registered users with no role</th>
+<th>C) Site level users</th>
+<th>C’ ) Site Management Level Users</th>
+<th>D) NGI level users</th>
+<th>D’ ) NGI Management Level Users</th>
+<th>E) Project level users</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Add a site to an owned group</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>no</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Add a site to a non owned group</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Add a service endpoint to an owned site</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Add a service endpoint to a non owned site</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Add a downtime to an owned service endpoint</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Add downtime to a non owned service endpoint</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Update information of an owned site</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Update information of a non owned site</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Update certification status of an owned site</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+<tr>
+<td>Update certification status of a non owned site</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>yes</td>
+</tr>
+<tr>
+<td>Update information of a owned service endpoint</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Update information of a non owned service endpoint</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Update information of an owned group</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Update information of a non owned group</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Update own user account details</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+<tr>
+<td>Update other user’s account</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Update a downtime on an owned service endpoint</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Update a downtime on a non owned service endpoint</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Delete an owned site</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Delete a non owned site</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Delete an owned service endpoint</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Delete a non owned service endpoint</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Delete an owned group</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Delete a non owned group</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Delete a downtime on an owned service endpoint</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Delete a downtime on a non owned service endpoint</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Delete your own user account</td>
+<td>irr.</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+<tr>
+<td>Delete other user’s account</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Register a new user account</td>
+<td>yes</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Request a new role</td>
+<td>no</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+<tr>
+<td>Approve a role request on an owned group</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+<tr>
+<td>Approve a role request on an owned site</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>yes</td>
+<td>no</td>
+<td>yes</td>
+<td>irr</td>
+</tr>
+<tr>
+<td>Approve a role request on a non owned site or group</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Reject a role request on an owned group</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Reject a role request on an owned site</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>yes</td>
+<td>no</td>
+<td>yes</td>
+<td>irr</td>
+</tr>
+<tr>
+<td>Reject a role request on a non owned site or group</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Revoke an existing role on an owned object</td>
+<td>irr.</td>
+<td>irr.</td>
+<td>no</td>
+<td>yes</td>
+<td>no</td>
+<td>yes</td>
+<td>irr.</td>
+</tr>
+<tr>
+<td>Revoke an existing role on a non owned object</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+<td>no</td>
+</tr>
+<tr>
+<td>Retrieve an existing account/ change certificate DN</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+</tr>
+</tbody>
+</table>
+<h2 id="requesting-roles-for-your-account">Requesting roles for your account</h2>
+<p>There are 2 ways to request new roles.</p>
+<ul>
+<li>By clicking on the <strong>manage role</strong> link (sidebar, user status panel)
+<ul>
+<li>the first form allows you to choose the entity (site or group) on which you
+want to request a role</li>
+<li>the second form lets you choose the role you want to apply for</li>
+</ul>
+</li>
+<li>By clicking on the <strong>request role</strong> link from site detail pages or group
+detail pages.
+<ul>
+<li>displayed form lets you choose the role you want to apply for</li>
+</ul>
+</li>
+</ul>
+<p>Once made, role requests have to be validated before the role is granted to you.
+This part of the process is described in the next section.</p>
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/managing-accounts/index.html b/612/internal/configuration-database/users-roles/managing-accounts/index.html
new file mode 100644
index 0000000000..a1ce61ce4e
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/managing-accounts/index.html
@@ -0,0 +1,128 @@
+Understanding and manipulating user accounts | Documentation
+
+
+
+
+
+
Understanding and manipulating user accounts
Understanding and manipulating user accounts
Authentication
The EGI Configuration Database UI attempts to authenticate you in one of two
+ways (the REST style API applies X.509 only):
First, by requesting an IGTF accredited user certificate from your browser. If
+a suitable certificate is detected, you will be asked to confirm selection of
+your certificate in your browser. Note: if a client certificate has been
+provided, it will take precedence over any IdP based authentication.
Second, if you do not have a user certificate or you hide your certificate
+from (e.g. by starting a new/anonymous private browser session or pressing
+‘Cancel’ when prompted for a certificate), you will be redirected to the
+landing page where you can authenticate with the EGI Identity Provider Service
+(IdP) and your chosen institution (if available). If authentication is
+successful, you will be redirected back to the Configuration Database. Please
+note, not all logins available in the EGI IdP provide a sufficient level of
+assurance (LoA) to login (the LoA must be ‘Substantial’).
Editing your user account
The editing process is the same as the registration process. To edit your user
+account, simply follow these steps:
click on the “view details” link in the “User Status” panel on the sidebar.
+You should get a page showing your user account information.
Click on the “edit” link on top of it.
Viewing users
Each user account has its own user details page which is accessible to anyone
+with a valid certificate.
There is currently no facility for listing all users in the database. List of
+users that have a role on a given site appears on site details pages (see
+section about sites). It is also possible to search for a user’s account using
+the search feature on the sidebar.
Deleting your user account
If you wish to unregister from the Configuration Database, follow these steps:
click on the view details link in the “User Status” panel on the sidebar.
+You should get a page showing your user account information.
Click on the “delete” link on top of it.
Confirm your choice.
Your account will then be deleted along with any roles the account has.
Lost access to your account
Under the following circumstances it is possible to lose access to an account:
You use your IGTF X.509 certificate to access and renew or change certificate,
+it is possible that the certificate’s distinguished name (DN) has also
+changed. This is what the Configuration Database uses to identify your
+account.
You have authenticated with EGI Check-in, but via a different underlying IdP
+(i.e. You usually log in with your institutional credentials, but today you
+logged in with EGI SSO).
You have changed the way you log in (i.e. X.509 to EGI Check-in)
In these situations, it is usually possible to regain access using to your
+certificate based account by following one of the following procedures:
If for any reason you were unable to complete the relevant procedure (e.g. mail
+confirmations problems) please open an EGI Helpdesk ticket
+addressed to the “Configuration and Topology Database (GOCDB)” support unit.
You have a new certificate and have lost access to your account
Install your new certificate in your browser.
Go to EGI Configuration Database. If you are already
+logged in, then clear your caches and restart your browser or start a new
+private browser session.
When prompted, select your new certificate.
You should be able to access, but since you are authenticated with your new
+certificate, it is as if you had no user account.
The DN of your old certificate previously used to authenticate to your X.509
+based account.
The email address associated to your account.
Submit and, upon validation, an email will be sent to the specified
+address, which has to match the one registered with your account. This is to
+avoid identity theft. The email contains a validation link.
Click on the validation link or copy/paste in your browser. Once validated,
+changes are immediate.
You can only associate one X.509 DN with your account at any given time.
You have authenticated with EGI Check-in, but via a different Identity Provider
Once your identity is linked at the EGI Check-in level, if you are still having
+problems accessing, please reassign the ticket to “Configuration and Topology
+Database (GOCDB)”
You have changed the way you log in (i.e. X.509 to EGI Check-in)
You can link these identities at the EGI Configuration Database level by
+following these steps. The steps assume an existing X.509 based account and that
+you are currently authenticated via EGI Check-in, though the steps should hold
+for any pair of supported authentication methods.
In the User Status panel in the sidebar, click on the Link
+Identity/Recover Account link.
Specify in the form:
Authentication type: X.509
The DN of your certificate used to authenticate to your X.509 based account
The email address associated to your X.509 based account.
Submit and, upon validation, an email will be sent to the specified
+address, which has to match the one registered with your X.509 based account.
+This is to avoid identity theft. The email contains a validation link.
Click on the validation link or copy/paste in your browser. Authenticate with
+your EGI Check-in identity. Once authenticated/validated, changes are
+immediate and you will be able to access your account with both your X.509 and
+EGI Check-in identities.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/managing-accounts/index.xml b/612/internal/configuration-database/users-roles/managing-accounts/index.xml
new file mode 100644
index 0000000000..817b92348a
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/managing-accounts/index.xml
@@ -0,0 +1 @@
+Documentation – Understanding and manipulating user accounts/internal/configuration-database/users-roles/managing-accounts/Recent content in Understanding and manipulating user accounts on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/managing-roles/index.html b/612/internal/configuration-database/users-roles/managing-roles/index.html
new file mode 100644
index 0000000000..a654a94b0a
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/managing-roles/index.html
@@ -0,0 +1,96 @@
+Using roles | Documentation
+
+
+
+
+
+
Using roles
Understanding and manipulating roles
Roles definition
Registered users with a user account will need at least one role in order to
+perform any useful tasks.
Role Types
A role: Unregistered users
B role: Registered users with no role
C role: Users with a role at site level (site admin)
C’ role: Users with a management role at site level (site operations manager,
+site security officer…)
D role: Users with a role at regional level (regional staff support staff,
+ROD, 1st Line Support)
D’ role: Users with a management role at regional level (NGI manager or
+deputy, security officer)
E role: Users with a role at project level
The only difference between C and C’ users is that:
C can NOT approve/reject role requests.
C’ can only approve/reject role requests for their SITE.
The difference between D and D’ users is that:
D can NOT add/delete sites to/from their NGI.
D can NOT update the certification status of member sites.
D can NOT approve or reject role requests.
Roles
At Site level
Site Administrator - person responsible of maintaining a site and associated
+information in the EGI Configuration Database (C Level)
Site Security officer - official security contact point at site level (C'
+Level)
Site Operations Deputy Manager - The deputy manager of operations at a site
+(C’ Level)
Site Operations Manager - The manager of site operations (C’ Level)
At NGI/Regional level
Regional First Line Support - Staff providing first line support for an NGI (D
+Level)
Regional Staff (ROD) - staff involved in
+Operations Centre
+activities such as user/operations support (D Level)
NGI Security officer - official security contact point at regional level (D'
+Level)
NGI Operations Manager - Manager of NGI operations (D’ Level)
At Project level
COD staff - COD staff (E Level)
COD administrator - People administrating Central COD roles (E Level)
EGI CSIRT Officer - official security contact point at project level (E Level)
Chief Operations Officer (COO) - The EGI Chief Operations Officer (E Level)
Permissions associated to roles
Roles and permissions are based on whether the considered object is owned or
+not. In the table below the following definitions apply:
Owned group: a group on which the role applies (ROC, NGI, project)
Owned site: a site on which the role applies, or belonging to an owned
+group
Owned service endpoint: a service endpoint belonging to an owned site
Each role has a set of associated permissions which apply on the role’s scope
+(site, region or project). Main permissions are summarised in the table below
Action
A) Unregistered users
B) Registered users with no role
C) Site level users
C’ ) Site Management Level Users
D) NGI level users
D’ ) NGI Management Level Users
E) Project level users
Add a site to an owned group
irr.
irr.
irr.
irr.
no
yes
irr.
Add a site to a non owned group
no
no
no
no
no
no
no
Add a service endpoint to an owned site
irr.
irr.
yes
yes
yes
yes
irr.
Add a service endpoint to a non owned site
no
no
no
no
no
no
no
Add a downtime to an owned service endpoint
irr.
irr.
yes
yes
yes
yes
irr.
Add downtime to a non owned service endpoint
no
no
no
no
no
no
no
Update information of an owned site
irr.
irr.
yes
yes
yes
yes
irr.
Update information of a non owned site
no
no
no
no
no
no
no
Update certification status of an owned site
irr.
irr.
no
no
no
yes
yes
Update certification status of a non owned site
no
no
no
no
no
no
yes
Update information of a owned service endpoint
irr.
irr.
yes
yes
yes
yes
irr.
Update information of a non owned service endpoint
no
no
no
no
no
no
no
Update information of an owned group
irr.
irr.
irr.
irr.
yes
yes
irr.
Update information of a non owned group
no
no
no
no
no
no
no
Update own user account details
irr.
yes
yes
yes
yes
yes
yes
Update other user’s account
no
no
no
no
no
no
no
Update a downtime on an owned service endpoint
irr.
irr.
yes
yes
yes
yes
irr.
Update a downtime on a non owned service endpoint
no
no
no
no
no
no
no
Delete an owned site
irr.
irr.
no
no
no
no
no
Delete a non owned site
no
no
no
no
no
no
no
Delete an owned service endpoint
irr.
irr.
yes
yes
yes
yes
irr.
Delete a non owned service endpoint
no
no
no
no
no
no
no
Delete an owned group
irr.
irr.
irr.
no
no
no
irr.
Delete a non owned group
no
no
no
no
no
no
no
Delete a downtime on an owned service endpoint
irr.
irr.
yes
yes
yes
yes
irr.
Delete a downtime on a non owned service endpoint
no
no
no
no
no
no
no
Delete your own user account
irr.
yes
yes
yes
yes
yes
yes
Delete other user’s account
no
no
no
no
no
no
no
Register a new user account
yes
irr.
irr.
irr.
irr.
irr.
irr.
Request a new role
no
yes
yes
yes
yes
yes
yes
Approve a role request on an owned group
irr.
irr.
no
no
no
yes
yes
Approve a role request on an owned site
no
no
no
yes
no
yes
irr
Approve a role request on a non owned site or group
no
no
no
no
no
no
no
Reject a role request on an owned group
no
no
no
no
no
yes
irr.
Reject a role request on an owned site
no
no
no
yes
no
yes
irr
Reject a role request on a non owned site or group
no
no
no
no
no
no
no
Revoke an existing role on an owned object
irr.
irr.
no
yes
no
yes
irr.
Revoke an existing role on a non owned object
no
no
no
no
no
no
no
Retrieve an existing account/ change certificate DN
yes
yes
yes
yes
yes
yes
yes
Requesting roles for your account
There are 2 ways to request new roles.
By clicking on the manage role link (sidebar, user status panel)
the first form allows you to choose the entity (site or group) on which you
+want to request a role
the second form lets you choose the role you want to apply for
By clicking on the request role link from site detail pages or group
+detail pages.
displayed form lets you choose the role you want to apply for
Once made, role requests have to be validated before the role is granted to you.
+This part of the process is described in the next section.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/configuration-database/users-roles/managing-roles/index.xml b/612/internal/configuration-database/users-roles/managing-roles/index.xml
new file mode 100644
index 0000000000..20c1d2a893
--- /dev/null
+++ b/612/internal/configuration-database/users-roles/managing-roles/index.xml
@@ -0,0 +1 @@
+Documentation – Using roles/internal/configuration-database/users-roles/managing-roles/Recent content in Using roles on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/getting-started/index.html b/612/internal/getting-started/index.html
new file mode 100644
index 0000000000..700fad65a1
--- /dev/null
+++ b/612/internal/getting-started/index.html
@@ -0,0 +1,85 @@
+Getting Started | Documentation
+
+
+
+
+
+
Getting Started
Introduction to internal EGI services
Use this section to get started quickly with internal EGI services:
The complete list of internal
+EGI services supporting the coordination of the EGI Federation offers
+insight into how EGI is able to offer advanced public cloud services
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/getting-started/index.xml b/612/internal/getting-started/index.xml
new file mode 100644
index 0000000000..fa5ff85c9b
--- /dev/null
+++ b/612/internal/getting-started/index.xml
@@ -0,0 +1 @@
+Documentation – Getting Started/internal/getting-started/Recent content in Getting Started on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/guidelines-software-development/index.html b/612/internal/guidelines-software-development/index.html
new file mode 100644
index 0000000000..90ed4780ed
--- /dev/null
+++ b/612/internal/guidelines-software-development/index.html
@@ -0,0 +1,114 @@
+Guidelines for software development | Documentation
+
+
+
+
+
+
Guidelines for software development
Guidelines for software development
This section contains guidelines for software development to be considered when
+developing a product for the EGI Federation.
Note
Those guidelines are providing a set of
+aspects to consider together with some reference documentation, and are not
+meant to be exhaustive, further research is welcome.
Licensing
Adopt an OSI-approved license; we recommend
+a business compatible license such as MIT or Apache 2.0
The license should provide unlimited access rights to the EGI Community
Source code access
Maintain the source code in a publicly-accessible software repository like
+GitHub
Configuration Management modules to deploy and configure the products should
+be provided and distributed through the corresponding distribution channels
Ansible is recommended, roles can be hosted
+under the EGI Federation organization in
+Ansible Galaxy
Security best practices
Security best practices must be taken into account
Security-related aspects must be considered from the beginning
The Open Web Application Security Project (OWASP)
+provides extensive documentation, standards (such as
+ASVS)
+and tools to ensure that your software has capabilities to defend against
+common attacks.
If the project is an application or an infrastructure component, it should
+follow as close as possible the monitoring guidelines set by the
+Site Reliability Engineer book
Testing
Unit tests should be provided
Unit testing should be automated
Code coverage should be computed as part of the continuous integration
When possible functional and integration tests should be automated
If it’s not possible for some components the product team should provide
+report about those tests for the new releases
Code Review
A team of code reviewers shall be specified for each project
Changes must be reviewed by the code review team prior to be merged using a
+Pull Request-like workflow
Documentation
Documentation must be treated like code
Written in a plain text-based format
Management in a repository and versioning
Markdown and reStructuredText formats are recommended
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/guidelines-software-development/index.xml b/612/internal/guidelines-software-development/index.xml
new file mode 100644
index 0000000000..db0c093285
--- /dev/null
+++ b/612/internal/guidelines-software-development/index.xml
@@ -0,0 +1 @@
+Documentation – Guidelines for software development/internal/guidelines-software-development/Recent content in Guidelines for software development on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/account-and-privileges/Account_Update_PersistentID.png b/612/internal/helpdesk/account-and-privileges/Account_Update_PersistentID.png
new file mode 100644
index 0000000000..08f34aa5fc
Binary files /dev/null and b/612/internal/helpdesk/account-and-privileges/Account_Update_PersistentID.png differ
diff --git a/612/internal/helpdesk/account-and-privileges/GGUS_EGI_AAI_1.png b/612/internal/helpdesk/account-and-privileges/GGUS_EGI_AAI_1.png
new file mode 100644
index 0000000000..73cf6a04e6
Binary files /dev/null and b/612/internal/helpdesk/account-and-privileges/GGUS_EGI_AAI_1.png differ
diff --git a/612/internal/helpdesk/account-and-privileges/GGUS_Registration_Form.png b/612/internal/helpdesk/account-and-privileges/GGUS_Registration_Form.png
new file mode 100644
index 0000000000..f39a59f701
Binary files /dev/null and b/612/internal/helpdesk/account-and-privileges/GGUS_Registration_Form.png differ
diff --git a/612/internal/helpdesk/account-and-privileges/index.html b/612/internal/helpdesk/account-and-privileges/index.html
new file mode 100644
index 0000000000..9acf77e017
--- /dev/null
+++ b/612/internal/helpdesk/account-and-privileges/index.html
@@ -0,0 +1,126 @@
+Account and privileges | Documentation
+
+
+
+
+
+
Account and privileges
Managing account and privileges
Managing GGUS account data
GGUS users should be able to manage their GGUS account data by themselves.
Information about registration and account management is collected on
+GGUS registration page and could be
+reached by clicking the “Registration” link on top of
+GGUS home page.
For managing the GGUS account data the user has to click the link “Check your
+GGUS account” at the bottom of this page.
Updating the personal certificate information
Users should update their certificate information before their old certificate
+expires. They can navigate to the
+registration page, click the link “Check
+your GGUS account” and update their data. Modifying the DN field will result in
+an additional DN field: the old DN will be kept and the new DN will be added.
+Subsequently, the user is identified with the two DNs. If the old DN is no more
+valid please just clear the DN field and save the change. Once the old
+certificate has expired before updating the account data, users can request an
+update via GGUS ticket against Helpdesk(GGUS) support unit.
Linking the EGI SSO persistent ID to the GGUS account
Pre-requisites: the email address of your EGI SSO account must be equal to the
+email address registered in GGUS!
For adding your EGI SSO persistent ID to your account data please do the
+following:
click the button “Add my Shibboleth ID to my account” at the bottom of the
+yellow box.
Getting supporter privileges
In order to process tickets assigned to the support unit you belong to, or in
+general tickets submitted by other users and assigned to other support units,
+you need to own supporter privileges. Therefore users need to register an
+account at GGUS. Registration can be done either using an X509 personal
+certificate or using the EGI AAI account.
Registration with an x509 certificate
For registering with an X509 certificate the user should go to
+GGUS home and click the
+registration link in the menu bar at the
+left. This link opens the registration information page which gives some
+additional information about registration process. Clicking on the
+registration link guides to the form that
+the user has to fill in. After filling in the registration form, GGUS team will
+check whether support privileges can be granted. The user will receive an email
+from the GGUS team (usually) confirming their supporter privileges.
Registration with the EGI AAI account
Users who do not have a valid X509 certificate can access GGUS via
+EGI Check-in. For getting support privileges the
+user needs to be member of the
+ggus-supporters group
+in EGI Check-in. However the user should fill in the
+registration form for creating an account
+at GGUS. Support privileges will be granted automatically. The user will receive
+an automated email from GGUS system confirming their support privileges.
Both authentication methods, X509 certificate and EGI Check-in account, will be
+guaranteed in the future. Since the use of login and password will no longer be
+guaranteed in the future, it is recommended to access GGUS with a valid digital
+certificate or EGI Check-in.
Troubleshooting
I’m member of ggus-supporters.egi.eu group. Why don’t I have support privileges in GGUS?
Pre-requisites: the email address of your EGI SSO account must be equal to the
+email address registered in GGUS!
Case 1: user isn’t registered in GGUS yet.
Unregistered users have to register first. On
+registration page you will see this text:
+“You are member of EGI AAI CheckIn ggus supporter. You will get automatically
+support right for the GGUS portal once you will submit this form.“ Support
+permissions will be granted automatically.
Click on the “Add my ….” button.
Case 2: user already registered in GGUS with an X509 DN.
You can decide to add the Shibboleth ID to the existing account and check the
+updated account. In case the email addresses are different you may either
+harmonize your email address in EGI SSO and GGUS account or create a new account
+using EGI SSO data.
Getting in touch wit the GGUS team?
The preferred way to get in contact with the GGUS team is by submitting a GGUS
+ticket against Helpdesk (GGUS) support unit.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/account-and-privileges/index.xml b/612/internal/helpdesk/account-and-privileges/index.xml
new file mode 100644
index 0000000000..50199d05cb
--- /dev/null
+++ b/612/internal/helpdesk/account-and-privileges/index.xml
@@ -0,0 +1 @@
+Documentation – Account and privileges/internal/helpdesk/account-and-privileges/Recent content in Account and privileges on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/alarm-tickets/Alarm_Notify_Mail.png b/612/internal/helpdesk/features/alarm-tickets/Alarm_Notify_Mail.png
new file mode 100644
index 0000000000..1df28b8f95
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/Alarm_Notify_Mail.png differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/Alarm_Submit_Form.png b/612/internal/helpdesk/features/alarm-tickets/Alarm_Submit_Form.png
new file mode 100644
index 0000000000..b91150f09b
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/Alarm_Submit_Form.png differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/Alarm_Submit_Link.png b/612/internal/helpdesk/features/alarm-tickets/Alarm_Submit_Link.png
new file mode 100644
index 0000000000..17e22c0b30
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/Alarm_Submit_Link.png differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/Alarm_T1_Dropdown.png b/612/internal/helpdesk/features/alarm-tickets/Alarm_T1_Dropdown.png
new file mode 100644
index 0000000000..6f789727b7
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/Alarm_T1_Dropdown.png differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/GGUS_Graph_ALARM_Ticket_Process.pdf b/612/internal/helpdesk/features/alarm-tickets/GGUS_Graph_ALARM_Ticket_Process.pdf
new file mode 100644
index 0000000000..8dd4d35ae5
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/GGUS_Graph_ALARM_Ticket_Process.pdf differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/GGUS_Graph_Alarm-ticket-process.png b/612/internal/helpdesk/features/alarm-tickets/GGUS_Graph_Alarm-ticket-process.png
new file mode 100644
index 0000000000..77e85b503e
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/GGUS_Graph_Alarm-ticket-process.png differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/LHC_T1s.png b/612/internal/helpdesk/features/alarm-tickets/LHC_T1s.png
new file mode 100644
index 0000000000..1707c97d32
Binary files /dev/null and b/612/internal/helpdesk/features/alarm-tickets/LHC_T1s.png differ
diff --git a/612/internal/helpdesk/features/alarm-tickets/index.html b/612/internal/helpdesk/features/alarm-tickets/index.html
new file mode 100644
index 0000000000..3804ae0c30
--- /dev/null
+++ b/612/internal/helpdesk/features/alarm-tickets/index.html
@@ -0,0 +1,124 @@
+Alarm tickets | Documentation
+
+
+
+
+
+
Alarm tickets
Definition and usage of the Alarm tickets
Introduction: purpose and conditions
The purpose of ALARM tickets is to notify WLCG Tier-0 and Tier-1
+administrators about serious problems of the site at any time, independent
+from usual office hours.
Only experts, nominated by the WLCG VOs are allowed to submit alarm tickets.
+They need to have the appropriate permissions in GGUS user database.
The involved VOs are:
Alice
Atlas
Cms
Lhcb
Only the Tier-0 & Tier-1 sites are involved in the alarm tickets process. The
+WLCG Tier-0/Tier-1 site names can be used as well as the relevant GOC DB site
+names.
Alarm tickets are routed to the NGI/ROC the tier site belongs to
+automatically. They do not need a routing by the TPM. The NGI/ROC is notified
+about the ticket in the usual way. In parallel the site receives an alarm
+email signed with a GGUS certificate. This alarm email is processed at the
+Tier-0/Tier-1 and notifies the relevant people at any time.
Alarm email addresses are taken from GOC DB for the EGI sites and from OIM for
+the OSG sites. VOMS is used by GGUS as the information source for authorised
+alarmers.
Becoming an Alarm-ticket member
People who want to become an alarmer have to
register in GGUS first
be added to the appropriate group in a VOMS server.
GGUS system synchronizes its user database once per night with the VOMS servers.
+The synchronization is based on the DN string. Please make sure the DN of your
+GGUS account is the same than the one registered in VOMS.
Tier-1 site admins can become alarmers for testing the alarm process for their
+site. They have to fill in the
+registration form for supporters. Please add
+an appropriate comment (e.g. “I’m a xxx tier-1 site admins and I want to become
+an alarmer for testing purposes.”) in the registration form.
Technical description
This section describes the workflows of alarm tickets from a technical point of
+view.
ALARM ticket submission
Alarm tickets can be submitted using the GGUS web portal. On top of the ticket
+submit form in GGUS web portal there is a link to the submit form for alarm
+tickets.
As alarm ticket submitters are experts who will hopefully provide all necessary
+information, the number of fields on the alarm ticket submit form is reduced to
+a minimum compared to the number of fields on the user ticket submit form.
Three fields on this form are mandatory:
Subject
MoU Area
Notified Site
All other fields are optional.
ALARM ticket processing
The processing of a team ticket consists of two main parts: the notification of
+the notified site and the routing of the ticket to the NGI/ROC the site belongs
+to.
Tier-1 site notification
In parallel to the creation of an alarm ticket, the GGUS system sends an alarm
+email directly to the tier 1 site specified in field “Notify SITE”. This email
+is sent to a specific site alarm mail address and signed with the GGUS
+certificate. The tier-0 alarm mail address is based on the VO name. It is
+“voname”-operator-alarm"atnospam"cern.ch. Tier-1 site alarm mail addresses are
+taken from the “Emergency Email” field in GOC DB. For tier-1 sites registered in
+the OSG OIM DB the alarm email address is taken from field “SMSAddress” of the
+“Administrative Contact” in OIM DB. The DN of the GGUS certificate is
+/C=DE/O=GermanGrid/OU=KIT/CN=ggusmail/ggus.eu. The alarm mail looks like the
+following figure.
Ticket routing
Alarm tickets are bypassing the TPMs and routed to the appropriate NGI/ROC
+automatically. The decision to which NGI/ROC a ticket has to be routed is done
+automatically, based on the value of the “Notify SITE” field. The “Notify SITE”
+drop-down menu shows both the tier 1 site names from GOC DB and the tier 1 site
+names used by WLCG.
ALARM confirmation
Once the tier 1 site received the alarm email the receipt should be confirmed.
+Sending a reply mail containing the typical GGUS identifier and the ticket ID
+“GGUS-Ticket-ID: #00000000” in the subject is sufficient. Such a reply will be
+added to the alarm ticket.
Working on ALARM tickets
For working on alarm tickets and resolving them please use the GGUS portal. A
+reference link to the alarm ticket is given in the alarm email notification.
Periodic ALARM ticket testing rules
Alarm ticket testing is documented in
+WLCG twiki.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/index.xml b/612/internal/helpdesk/features/index.xml
new file mode 100644
index 0000000000..189ad03d56
--- /dev/null
+++ b/612/internal/helpdesk/features/index.xml
@@ -0,0 +1,1145 @@
+Documentation – Helpdesk features/internal/helpdesk/features/Recent content in Helpdesk features on DocumentationHugo -- gohugo.ioInternal: Issue type values/internal/helpdesk/features/issue-type-values/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/issue-type-values/
+<h2 id="user-tickets">USER tickets</h2>
+<p>// jscpd:ignore-start</p>
+<p>For generic user tickets selectable issue types are explained in the table
+below.</p>
+<table>
+<thead>
+<tr>
+<th>Issue type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Accounting</td>
+<td>All kind of issues related to accounting tools (APEL, Accounting Portal and so on).</td>
+</tr>
+<tr>
+<td>AppDB</td>
+<td>All kind of issues related to the AppDB or to the interactions with the AppDB.</td>
+</tr>
+<tr>
+<td>Authorization/Authentication</td>
+<td>All issues related to authorization and authentication e.g. certificates</td>
+</tr>
+<tr>
+<td>COD Operations</td>
+<td>WLCG Coordinator On Duty Operations</td>
+</tr>
+<tr>
+<td>Catalogue</td>
+<td>Issues related to file catalogues, like LFC</td>
+</tr>
+<tr>
+<td>Computing Services</td>
+<td>All issues related to execution of jobs. It combines two other type of problems (‘Workload management’ and ‘Local batch system’). The ‘Computing Services’ should be used when it is not clear to which subcategory the ticket refersConfiguration Issues of system configuration.</td>
+</tr>
+<tr>
+<td>Data Management - generic</td>
+<td>All kind of issues related to data management tools (GFAL, LCG_Util and so on).</td>
+</tr>
+<tr>
+<td>Databases</td>
+<td>Issues related to Databases.</td>
+</tr>
+<tr>
+<td>Deployment - other</td>
+<td>Issues of software deployment that do not fit any other category.</td>
+</tr>
+<tr>
+<td>Documentation</td>
+<td>Issues of missing, wrong, outdated documentation.</td>
+</tr>
+<tr>
+<td>File Access</td>
+<td>File access issues.</td>
+</tr>
+<tr>
+<td>File Transfer</td>
+<td>File transfer issues, e.g. related to FTS</td>
+</tr>
+<tr>
+<td>GGUS</td>
+<td>Bugs and feature requests related to GGUS system.</td>
+</tr>
+<tr>
+<td>IaaS Operations</td>
+<td>Issues related to VMs and clients (OCCI, rOCCI, etc.), block storage, networking.</td>
+</tr>
+<tr>
+<td>Information System</td>
+<td>Issues related to the BDII.</td>
+</tr>
+<tr>
+<td>Installation</td>
+<td>Installation issues.</td>
+</tr>
+<tr>
+<td>Local Batch System</td>
+<td>Issues related to the local batch systems.</td>
+</tr>
+<tr>
+<td>Middleware</td>
+<td>Issues of middleware stacks like gLite, globus and others.</td>
+</tr>
+<tr>
+<td>Monitoring</td>
+<td>Issues of infrastructure and service monitoring.</td>
+</tr>
+<tr>
+<td>Network problem</td>
+<td>Issues of network connectivity.</td>
+</tr>
+<tr>
+<td>Operations</td>
+<td>Issues of general processes, procedures, information and so on of the entire infrastructure.</td>
+</tr>
+<tr>
+<td>Other</td>
+<td>Requests that do not match to any other issue type.</td>
+</tr>
+<tr>
+<td>Security</td>
+<td>Issues of infrastructure and operation security.</td>
+</tr>
+<tr>
+<td>Storage Systems</td>
+<td>Issues concerning storage systems, like EOS, dCache, DPM</td>
+</tr>
+<tr>
+<td>VO Specific Software</td>
+<td>Issues of VO specific software tools and packages.</td>
+</tr>
+<tr>
+<td>Virtual Appliance Management</td>
+<td>Issues related to vmcatcher/vmcaster tools, and VA management in general.</td>
+</tr>
+<tr>
+<td>Workload Management</td>
+<td>Issues related to workload management system and tools.</td>
+</tr>
+</tbody>
+</table>
+<h2 id="team-tickets">TEAM tickets</h2>
+<p>Team and alarm tickets have a reduced number of issue types in the drop-down
+menu.</p>
+<table>
+<thead>
+<tr>
+<th>Issue type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Databases</td>
+<td>Issues related to Databases.</td>
+</tr>
+<tr>
+<td>File Access</td>
+<td>File access issues.</td>
+</tr>
+<tr>
+<td>File Transfer</td>
+<td>File transfer issues, e.g. related to FTS</td>
+</tr>
+<tr>
+<td>Local Batch System</td>
+<td>Issues related to the local batch systems.</td>
+</tr>
+<tr>
+<td>Middleware</td>
+<td>Issues of middleware stacks like gLite, globus and others.</td>
+</tr>
+<tr>
+<td>Monitoring</td>
+<td>Issues of infrastructure and service monitoring.</td>
+</tr>
+<tr>
+<td>Network problem</td>
+<td>Issues of network connectivity.</td>
+</tr>
+<tr>
+<td>Other</td>
+<td>Requests that do not match to any other issue type</td>
+</tr>
+<tr>
+<td>Storage Systems</td>
+<td>Issues related to storage systems, like EOS, dCache or DPM</td>
+</tr>
+</tbody>
+</table>
+<h2 id="alarm-tickets">ALARM tickets</h2>
+<table>
+<thead>
+<tr>
+<th>Issue type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Databases</td>
+<td>Issues related to Databases.</td>
+</tr>
+<tr>
+<td>File Access</td>
+<td>File access issues.</td>
+</tr>
+<tr>
+<td>File Transfer</td>
+<td>File transfer issues, e.g. related to FTS</td>
+</tr>
+<tr>
+<td>Local Batch System</td>
+<td>Issues related to the local batch systems.</td>
+</tr>
+<tr>
+<td>Middleware</td>
+<td>Issues of middleware stacks like gLite, globus and others.</td>
+</tr>
+<tr>
+<td>Monitoring</td>
+<td>Issues of infrastructure and service monitoring.</td>
+</tr>
+<tr>
+<td>Network problem</td>
+<td>Issues of network connectivity.</td>
+</tr>
+<tr>
+<td>Other</td>
+<td>Requests that do not match to any other issue type</td>
+</tr>
+<tr>
+<td>Storage Systems</td>
+<td>Issues related to storage systems, like EOS, dCache or DPM</td>
+</tr>
+</tbody>
+</table>
+<h2 id="cms-tickets">CMS tickets</h2>
+<p>The CMS VO has an own ticket submit form in the GGUS system. Although this form
+provides CMS specific issue types no special privilege is required to use it.
+This does not apply for the TEAM ticket submit form: Here the CMS specific issue
+types are only selectable for registered CMS TEAM members.</p>
+<table>
+<thead>
+<tr>
+<th>Issue type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>CMS_AAA WAN Access</td>
+<td>Issues around WAN</td>
+</tr>
+<tr>
+<td>CMS_CAF Operations</td>
+<td>Issues around CAF operations at CERN, incl EOS space requests</td>
+</tr>
+<tr>
+<td>CMS_Central Workflows</td>
+<td>Issues around centrally managed MC production and processing</td>
+</tr>
+<tr>
+<td>CMS_Data Transfers</td>
+<td>Issues around data transfers, e.g. via Phedex or ASO</td>
+</tr>
+<tr>
+<td>CMS_Facilities</td>
+<td>Typically issues at CMS sites</td>
+</tr>
+<tr>
+<td>CMS_HammerCloud</td>
+<td>Issues around CMS HammerCloud</td>
+</tr>
+<tr>
+<td>CMS_Register New CMS Site</td>
+<td>Chosen when a new site gets registered with CMS</td>
+</tr>
+<tr>
+<td>CMS_SAM tests</td>
+<td>Issues around CMS SAM tests</td>
+</tr>
+<tr>
+<td>CMS_Submission Infrastructure</td>
+<td>Issues around CMS_Submission Infrastructure</td>
+</tr>
+<tr>
+<td>CMS_Tier-1 Tape Families</td>
+<td>For creation of Tape families/groups at Tier-1 archives</td>
+</tr>
+</tbody>
+</table>
+<h2 id="atlas-tickets">ATLAS tickets</h2>
+<p>The ATLAS specific issue types are only selectable for registered ATLAS TEAM
+members.</p>
+<table>
+<thead>
+<tr>
+<th>Issue type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ATLAS_ADC Central</td>
+<td>Issues around ADC in general</td>
+</tr>
+<tr>
+<td>ATLAS_Databases</td>
+<td>Issues around databases</td>
+</tr>
+<tr>
+<td>ATLAS_Deletion</td>
+<td>Issues around file deletions</td>
+</tr>
+<tr>
+<td>ATLAS_File Access/Transfer</td>
+<td>Issues around file access or file transfers</td>
+</tr>
+<tr>
+<td>ATLAS_Frontier-Squid</td>
+<td>Issues around frontier or squid</td>
+</tr>
+<tr>
+<td>ATLAS_Local Batch System</td>
+<td>Issues around batch systems</td>
+</tr>
+<tr>
+<td>ATLAS_Middleware</td>
+<td>Issues related to middleware</td>
+</tr>
+<tr>
+<td>ATLAS_Monitoring</td>
+<td>Issues around monitoring</td>
+</tr>
+<tr>
+<td>ATLAS_Network Problem</td>
+<td>Issues with network infrastructure</td>
+</tr>
+<tr>
+<td>ATLAS_Staging</td>
+<td>Issues around file staging</td>
+</tr>
+<tr>
+<td>ATLAS_Storage Systems</td>
+<td>Issues around storage</td>
+</tr>
+</tbody>
+</table>
+<p>// jscpd:ignore-end</p>Internal: 'Notify Site' field and tickets to multiple sites/internal/helpdesk/features/tickets-to-multiple-sites/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/tickets-to-multiple-sites/
+<h2 id="notify-site-field">Notify Site field</h2>
+<ul>
+<li>The list of sites included in the drop-down menu of the “Notify site” field is
+taken from GOCDB (EGI sites) and from OIM DB (OSG sites).
+<ul>
+<li>Sites registered in OIM are only visible if they have status “enabled”.</li>
+<li>Sites registered in GOC DB are only visible if they have status “certified”.</li>
+<li>Sites in other states (e.g. “suspended”) are not visible in the “Notify
+sites” drop-down list.</li>
+</ul>
+</li>
+<li>the sites information is synchronized once per night.</li>
+<li>In case a site’s status changes, the site disappears from the “Notify sites”
+drop-down list. Existing GGUS tickets related to this site get the “Notify
+sites” field flushed. The NGI to which the site belongs inherits the ticket
+from the site and is in charge of further processing this ticket.</li>
+</ul>
+<h2 id="notify-multiple-sites-option">Notify multiple sites option</h2>
+<ul>
+<li>Notifying multiple sites is a feature for submitting tickets with the same
+topic against an unlimited number of sites in GGUS.</li>
+<li>This feature can be used only by users owning a dedicated privileges.</li>
+<li>There is a specific submit form linked from GGUS ticket submit area. In the
+“Notify SITE” drop-down menu sites can be checked for receiving a ticket.</li>
+<li>All sites registered in GGUS can be notified using this option.</li>
+</ul>Internal: Alarm tickets/internal/helpdesk/features/alarm-tickets/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/alarm-tickets/
+<h2 id="introduction-purpose-and-conditions">Introduction: purpose and conditions</h2>
+<ul>
+<li>The purpose of ALARM tickets is to notify WLCG Tier-0 and Tier-1
+administrators about serious problems of the site at any time, independent
+from usual office hours.</li>
+<li>Only experts, nominated by the WLCG VOs are allowed to submit alarm tickets.
+They need to have the appropriate permissions in GGUS user database.</li>
+<li>The involved VOs are:
+<ul>
+<li>Alice</li>
+<li>Atlas</li>
+<li>Cms</li>
+<li>Lhcb</li>
+</ul>
+</li>
+<li>Only the Tier-0 & Tier-1 sites are involved in the alarm tickets process. The
+WLCG Tier-0/Tier-1 site names can be used as well as the relevant GOC DB site
+names.</li>
+<li>Alarm tickets are routed to the NGI/ROC the tier site belongs to
+automatically. They do not need a routing by the TPM. The NGI/ROC is notified
+about the ticket in the usual way. In parallel the site receives an alarm
+email signed with a GGUS certificate. This alarm email is processed at the
+Tier-0/Tier-1 and notifies the relevant people at any time.</li>
+<li>Alarm email addresses are taken from GOC DB for the EGI sites and from OIM for
+the OSG sites. VOMS is used by GGUS as the information source for authorised
+alarmers.</li>
+</ul>
+<p><img src="LHC_T1s.png" alt="Tier 1s picture"></p>
+<h3 id="becoming-an-alarm-ticket-member">Becoming an Alarm-ticket member</h3>
+<p>People who want to become an alarmer have to</p>
+<ul>
+<li>register in GGUS first</li>
+<li>be added to the appropriate group in a VOMS server.</li>
+</ul>
+<p>GGUS system synchronizes its user database once per night with the VOMS servers.
+The synchronization is based on the DN string. Please make sure the DN of your
+GGUS account is the same than the one registered in VOMS.</p>
+<p>Tier-1 site admins can become alarmers for testing the alarm process for their
+site. They have to fill in the
+<a href="https://ggus.eu/?mode=register">registration form</a> for supporters. Please add
+an appropriate comment (e.g. “I’m a xxx tier-1 site admins and I want to become
+an alarmer for testing purposes.”) in the registration form.</p>
+<h2 id="technical-description">Technical description</h2>
+<p>This section describes the workflows of alarm tickets from a technical point of
+view.</p>
+<h3 id="alarm-ticket-submission">ALARM ticket submission</h3>
+<p>Alarm tickets can be submitted using the GGUS web portal. On top of the ticket
+submit form in GGUS web portal there is a link to the submit form for alarm
+tickets.</p>
+<p><img src="Alarm_Submit_Link.png" alt="Link to Alarm tickets submit form"></p>
+<p>As alarm ticket submitters are experts who will hopefully provide all necessary
+information, the number of fields on the alarm ticket submit form is reduced to
+a minimum compared to the number of fields on the user ticket submit form.</p>
+<p><img src="Alarm_Submit_Form.png" alt="Alarm tickets submit form"></p>
+<p>Three fields on this form are mandatory:</p>
+<ul>
+<li>Subject</li>
+<li>MoU Area</li>
+<li>Notified Site</li>
+</ul>
+<p>All other fields are optional.</p>
+<h3 id="alarm-ticket-processing">ALARM ticket processing</h3>
+<p>The processing of a team ticket consists of two main parts: the notification of
+the notified site and the routing of the ticket to the NGI/ROC the site belongs
+to.</p>
+<h4 id="tier-1-site-notification">Tier-1 site notification</h4>
+<p>In parallel to the creation of an alarm ticket, the GGUS system sends an alarm
+email directly to the tier 1 site specified in field “Notify SITE”. This email
+is sent to a specific site alarm mail address and signed with the GGUS
+certificate. The tier-0 alarm mail address is based on the VO name. It is
+“voname”-operator-alarm"atnospam"cern.ch. Tier-1 site alarm mail addresses are
+taken from the “Emergency Email” field in GOC DB. For tier-1 sites registered in
+the OSG OIM DB the alarm email address is taken from field “SMSAddress” of the
+“Administrative Contact” in OIM DB. The DN of the GGUS certificate is
+/C=DE/O=GermanGrid/OU=KIT/CN=ggusmail/ggus.eu. The alarm mail looks like the
+following figure.</p>
+<p><img src="Alarm_Notify_Mail.png" alt="alarm notify email"></p>
+<h4 id="ticket-routing">Ticket routing</h4>
+<p>Alarm tickets are bypassing the TPMs and routed to the appropriate NGI/ROC
+automatically. The decision to which NGI/ROC a ticket has to be routed is done
+automatically, based on the value of the “Notify SITE” field. The “Notify SITE”
+drop-down menu shows both the tier 1 site names from GOC DB and the tier 1 site
+names used by WLCG.</p>
+<p><img src="Alarm_T1_Dropdown.png" alt="T1 dropdown menu"></p>
+<h4 id="alarm-confirmation">ALARM confirmation</h4>
+<p>Once the tier 1 site received the alarm email the receipt should be confirmed.
+Sending a reply mail containing the typical GGUS identifier and the ticket ID
+“GGUS-Ticket-ID: #00000000” in the subject is sufficient. Such a reply will be
+added to the alarm ticket.</p>
+<h4 id="working-on-alarm-tickets">Working on ALARM tickets</h4>
+<p>For working on alarm tickets and resolving them please use the GGUS portal. A
+reference link to the alarm ticket is given in the alarm email notification.</p>
+<h4 id="periodic-alarm-ticket-testing-rules">Periodic ALARM ticket testing rules</h4>
+<p>Alarm ticket testing is documented in
+<a href="https://twiki.cern.ch/twiki/bin/view/EGEE/SA1_USAG#Periodic_ALARM_ticket_testing_ru">WLCG twiki</a>.</p>
+<h4 id="schema-of-the-alarm-tickets-process">Schema of the Alarm tickets process</h4>
+<p><img src="GGUS_Graph_Alarm-ticket-process.png" alt="Alarm tickets process graph"></p>Internal: Quality of Support (QoS) levels/internal/helpdesk/features/quality-of-support-levels/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/quality-of-support-levels/
+<h2 id="introduction">Introduction</h2>
+<p>QoS stands for Quality of Support. It describes the level of support provided by
+Support Units in GGUS system.</p>
+<p>It has an impact on the ticket
+<a href="../ticket-priority">priority colour</a> in GGUS and the warnings are sent
+to SUs if 75% of the maximum response time of the QoS level are over.</p>
+<h2 id="qos-levels">QoS levels</h2>
+<p>There are three different QoS levels, each defining different response times for
+given Ticket Priority.</p>
+<ul>
+<li>Base</li>
+<li>Medium</li>
+<li>Advanced</li>
+</ul>
+<p>The default QoS level, if not declared differently, is <strong>Base</strong>.</p>
+<h3 id="base-level">Base Level</h3>
+<p>Base QoS level defines a response time of <strong>5 working days</strong> regardless of the
+ticket priority.</p>
+<h3 id="medium-level">Medium Level</h3>
+<table>
+<thead>
+<tr>
+<th>Ticket Priority</th>
+<th>Response time</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>less urgent</td>
+<td>5 working days</td>
+</tr>
+<tr>
+<td>urgent</td>
+<td>5 working days</td>
+</tr>
+<tr>
+<td>very urgent</td>
+<td>1 working day</td>
+</tr>
+<tr>
+<td>top priority</td>
+<td>1 working day</td>
+</tr>
+</tbody>
+</table>
+<h3 id="advanced-service">Advanced service</h3>
+<table>
+<thead>
+<tr>
+<th>Ticket Priority</th>
+<th>Response time</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>less urgent</td>
+<td>5 working days</td>
+</tr>
+<tr>
+<td>urgent</td>
+<td>1 working day</td>
+</tr>
+<tr>
+<td>very urgent</td>
+<td>1 working day</td>
+</tr>
+<tr>
+<td>top priority</td>
+<td>4 working hours</td>
+</tr>
+</tbody>
+</table>
+<h2 id="qos-level-declaration">QoS level declaration</h2>
+<p>The QoS level for all of the SUs are available
+<a href="https://ggus.eu/?mode=resp_unit_info">here</a></p>
+<p>For the several EGI services, the QoS levels are defined in the specific
+Operational Level Agreements linked in the
+<a href="https://confluence.egi.eu/display/EGISLM/EGI+OLA+SLA+framework#EGIOLASLAframework-OperationalLevelAgreements">EGI OLA SLA framework page</a></p>Internal: Report generator/internal/helpdesk/features/report-generator/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/report-generator/
+<h2 id="definitions-and-prerequisites">Definitions and prerequisites</h2>
+<p>The <a href="https://ggus.eu/?mode=report_view">GGUS Report Generator</a> is available
+<a href="https://ggus.eu/?mode=support">from the support section</a>.</p>
+<p>The implementation of the report generator started in October 2011. Hence, the
+report generator does not provide data for tickets submitted before December
+2011!</p>
+<h3 id="timestamps-and-metrics">Timestamps and metrics</h3>
+<ul>
+<li>submit timestamp: timestamp when the ticket is submitted</li>
+<li>assign timestamp: timestamp when a ticket gets assigned to a support unit</li>
+<li>response timestamp: timestamp when the ticket status changes from “assigned”
+to any other status value or the ticket gets re-assigned to another support
+unit</li>
+<li>expected response timestamp: timestamp when a ticket should have changed the
+status to any other status value than “assigned” or be re-assigned to another
+support unit at latest</li>
+<li>solution timestamp: timestamp when the status changes to either “solved” or
+“unsolved”</li>
+</ul>
+<h4 id="response-time">Response time</h4>
+<p>The response time is a performance figure calculated from the support unit’s
+point of view. It describes how quick a support unit is reacting on tickets.
+Response time is the time from</p>
+<ul>
+<li>either assigning a ticket to a support unit and the support unit is kept until
+the first status changes to any other value than “assigned”, or</li>
+<li>assigning a ticket to a support unit and the status value “assigned” is kept
+until the support unit changes to any other support unit (re-assign).</li>
+</ul>
+<p>The response time is calculated as difference between the timestamp changing the
+status or re-assigning the ticket and the assign timestamp. While assigning a
+ticket to a support unit the expected response timestamp is calculated by adding
+an amount of time to the assign timestamp. The amount of time added depends on
+the ticket priority and the kind of support unit. For support units that have
+declared a quality of service level the response times are defined by the
+<a href="../quality-of-support-levels">QoS level</a>. For all the other support units a
+medium QoS is assumed for calculating the expected response timestamp. In case
+the actual response timestamp is greater than the “expected response” timestamp
+for middleware support units the “violate” flag is set.</p>
+<blockquote>
+<p>Response times are based on office hours. Hence the results unit is working
+days.</p>
+</blockquote>
+<h4 id="solution-time">Solution time</h4>
+<p>The solution time is a performance figure also calculated from the support
+unit’s point of view. It describes how long it took the support unit for
+providing a solution. Solution time is the time from assigning a ticket to a
+support unit until it provides a solution for the problem described. “Providing
+a solution” means setting the ticket status to “solved” or “unsolved”. The
+solution time is calculated as the difference between the solution timestamp and
+the assign timestamp.</p>
+<blockquote>
+<p>Solution times are based on office hours. Hence the results unit is working
+days.</p>
+</blockquote>
+<h4 id="waiting-time">Waiting time</h4>
+<p>Waiting time is the sum of all time slots the ticket was set to “waiting for
+reply”. Calculating the waiting time has started in July 2012. For tickets
+submitted before July 2012 no waiting time calculation was done. The waiting
+time for these tickets may be zero. The waiting time can be excluded when
+calculation solution times by ticking the checkbox “exclude waiting time”.</p>
+<h4 id="ticket-lifetime">Ticket lifetime</h4>
+<p>The ticket lifetime is calculated from the user’s point of view. It describes
+how long it takes to provide a meaningful solution for a problem reported by the
+user. Ticket lifetime is the time from ticket submission to ticket solution
+(status “solved/unsolved”).</p>
+<blockquote>
+<p>The ticket lifetime is based on calendar days.</p>
+</blockquote>
+<h3 id="time-zones">Time zones</h3>
+<p>GGUS support units are spread over a wide range of time zones. Some of the
+support units themselves are spread over several time zones. However most
+support units are located in European time zones. Support units and their time
+zones are listed on <a href="https://ggus.eu/?mode=resp_unit_info">a dedicated page</a>.
+For middleware product teams GGUS assumes time zone “UTC +1” for all support
+units. For all the other support units the system uses the relevant time zone
+for calculating timestamps as far as possible.</p>
+<h3 id="office-hours">Office hours</h3>
+<p>The systems assumes usual office hours from 09:00 to 17:00 Monday to Friday for
+all support units. National holidays are not taken into account. For middleware
+product teams the timezone UTC+1 is used as default timezone.</p>
+<h3 id="ticket-priorities">Ticket priorities</h3>
+<p>For the calculation of performance figures the original priority set during
+ticket submission is used. This priority value is kept as long as the support
+unit is in charge of the ticket. Updating the priority value during ticket
+lifetime doesn’t affect the calculation of performance figures.</p>
+<h3 id="unit-abbreviations">Unit abbreviations</h3>
+<ul>
+<li><code>[wd]</code> means working days</li>
+<li><code>[d]</code> means calendar days</li>
+</ul>
+<h2 id="reports-description">Reports description</h2>
+<blockquote>
+<p>Although some of the drop-down lists request the selection of values a query
+can be started anyway. In this case the query is equivalent to a query over
+all tickets!</p>
+</blockquote>
+<p>The “Reset” button resets all fields to their default settings besides the time
+frame.</p>
+<h3 id="tickets-submitted">Tickets submitted</h3>
+<p>This metric gives the number of tickets submitted within the specified time
+frame. Major criteria is the submit timestamp. The result lists shows the
+<strong>current</strong> status of the tickets.</p>
+<h3 id="open-tickets-time">Open tickets time</h3>
+<p>The open tickets time report calculates the time from ticket submission until
+now in calendar days. The <strong>submit timestamp</strong> must match the specified time
+frame for the report.</p>
+<h3 id="tickets-closed">Tickets closed</h3>
+<p>This metric is focused on the <strong>ticket life time</strong>. It gives the number of
+tickets that reached the status “solved” or “unsolved” within the specified time
+frame. Major criteria is the <strong>solution timestamp</strong> which is the timestamp
+setting a ticket to “solved” or “unsolved”. Tickets in other terminal status
+like “verified” or “closed” appear in the result list as long as they have been
+set to “solved/unsolved” in the given time frame. Besides date, status and the
+number of closed tickets the results list displays the average ticket lifetime
+and the median ticket lifetime. The result lists shows the current status of the
+tickets.</p>
+<h3 id="response-time-1">Response time</h3>
+<p>This metric focuses on the responsiveness of support units. Major criteria for
+this report is the <strong>submit timestamp</strong> which must match the selected time
+frame. The result list shows:</p>
+<ul>
+<li>the number of tickets responded</li>
+<li>the number of responses</li>
+<li>average response time and</li>
+<li>median response time</li>
+</ul>
+<p>for the specified time frame. The result list shows all support units that have
+ever been in charge of a ticket. Hence the same ticket ID may appear several
+times. The number of responses may be greater than the number of tickets.</p>
+<blockquote>
+<p>Response times are based on office hours. Hence an average response time of 1d
+3h 23min means 13 hours and 23 minutes in total.</p>
+</blockquote>
+<h3 id="violated-response-time">Violated response time</h3>
+<p>Specific privileges are required for this report. Only people belonging to a
+dedicated technology provider (TP) are able doing reports for this TP. Major
+criteria for this report are the <strong>expected response time</strong> defined in SLAs and
+the TP.</p>
+<h3 id="solution-time-1">Solution time</h3>
+<p>Major criteria for this report is the <strong>solution timestamp</strong>. The result list
+shows:</p>
+<ul>
+<li>the number of solutions</li>
+<li>average response time and</li>
+<li>median response time</li>
+</ul>
+<p>for the specified time frame. The result lists shows the current status of the
+tickets.</p>
+<blockquote>
+<p>Solution times are based on office hours. Hence, an average solution time of
+12d 3h 5min means 99 hours and 5 minutes in total.</p>
+</blockquote>
+<p>The waiting time can be excluded by ticking the checkbox “exclude waiting time”.
+In case a ticket gets re-opened the metrics calculation starts again from
+scratch. Hence, the same ticket can appear several times in the solution times
+calculation.</p>
+<h2 id="input-parameters-and-results">Input parameters and results</h2>
+<h3 id="input-parameters">Input parameters</h3>
+<p>The input parameters vary depending on the report type chosen. Possible input
+parameters are:</p>
+<ul>
+<li>Time frame</li>
+<li>Responsible Unit</li>
+<li>Status</li>
+<li>Priority</li>
+<li>Concerned VO</li>
+<li>Ticket type</li>
+<li>Ticket category</li>
+<li>Ticket Scope</li>
+<li>Notified site</li>
+<li>Technology provider</li>
+<li>Date aggregation</li>
+</ul>
+<h4 id="time-frame">Time frame</h4>
+<p>The time frame defines begin and end date of the report. The begin date starts
+at <code>00:00:00</code>. The end date ends at <code>00:00:00</code>. As the implementation of the
+report generator started in October 2011 the report generator does not provide
+data for tickets submitted before December 2011!</p>
+<h4 id="responsible-units">Responsible Units</h4>
+<p>The drop-down list offers all responsible units integrated in GGUS system. They
+can be filtered by keywords. Responsible Units can be either selected all, one
+by one or by checking the boxes in front of the responsible unit groups. In case
+no responsible units are selected all responsible units are considered in the
+reports.</p>
+<h4 id="status">Status</h4>
+<p>The drop-down list offers all status values available in GGUS system. Multiple
+selections are possible.</p>
+<h4 id="priority">Priority</h4>
+<p>The drop-down list offers all priority values available in GGUS system. Multiple
+selections are possible.</p>
+<h4 id="concerned-vo">Concerned VO</h4>
+<p>“Concerned VO” provides a drop-down list of all VOs supported by GGUS. Multiple
+selections are possible.</p>
+<h4 id="ticket-type">Ticket type</h4>
+<p>This drop-down list lists all ticket types in GGUS. Multiple selections are
+possible.</p>
+<h4 id="ticket-category">Ticket category</h4>
+<p>Selectable categories are “Incident”, “Change request”, “Documentation”, “Test”.
+Multiple selections are possible. The category “Test” should not be considered
+for all reports and therefore, if necessary, be excluded from the selection.</p>
+<h4 id="ticket-scope">Ticket scope</h4>
+<p>To distinguish between tickets under the responsibility of EGI or WLCG. See
+<a href="../ticket-scope/">ticket scope</a>.</p>
+<h4 id="notified-site">Notified site</h4>
+<p>“Notified site” lists all sites integrated in GGUS. They are derived from GOC DB
+and OIM DB. In case of reporting exclusively on tickets without any site value
+specified please ticket the “blank” value in the drop-down list.</p>
+<h4 id="technology-provider">Technology Provider</h4>
+<p>This input parameter is only visible if choosing the “violated response time”
+report. For accessing this report specific privileges are required. The
+drop-down list offers all technology providers currently integrated in GGUS and
+the “DMSU”. Multiple selections are possible. In case no technology provider is
+selected the reports will be done for tickets without any technology provider
+specified.</p>
+<h4 id="date-aggregation">Date aggregation</h4>
+<p>The results aggregation level can be chosen from the drop down list “Choose date
+aggregation”.</p>
+<h4 id="group-by">Group by</h4>
+<p>Results can be grouped by one or more of the input parameters.</p>
+<h3 id="results">Results</h3>
+<p>The results are displayed below the input parameter area. They can be sorted in
+different ways by clicking on the column labels. A drill-down is possible by
+clicking on any row of the results list. The detail results open in a new
+window. They can be sorted by clicking the column labels too. Clicking on the
+ticket ID opens the ticket in GGUS system. At the bottom of the result panel
+there are various icons offering features like:</p>
+<ul>
+<li>Search</li>
+<li>Refresh</li>
+<li>Export</li>
+<li>Export what you see</li>
+</ul>
+<p>Doing a simple <em>“Export”</em> saves the data in a csv file stripping all column
+headers. For exporting the data including the column headers please use <em>“Export
+what you see”</em>. The <em>“Search”</em> feature allows searching in the result list.
+Possible search parameters are the columns of the result list.</p>Internal: Team tickets/internal/helpdesk/features/team-tickets/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/team-tickets/
+<h2 id="introduction-purpose-and-conditions">Introduction: purpose and conditions</h2>
+<ul>
+<li>The purpose of TEAM tickets is to allow all team members to modify all tickets
+of their team ,although they may not have support access, and they do not have
+submitted the ticket themselves.</li>
+<li>Only members of a few VOs are allowed to submit team tickets:
+<ul>
+<li>Alice</li>
+<li>Atlas</li>
+<li>CMS</li>
+<li>LHCb</li>
+<li>Biomed</li>
+<li>Belle</li>
+</ul>
+</li>
+<li>The VO members need to have the appropriate permissions in GGUS user database</li>
+<li>Other VOs can request this functionality by opening a GGUS ticket</li>
+<li>Team tickets are routed to the NGI/ROC the site belongs to automatically. They
+do not need a routing by the TPM. The NGI/ROC is notified about the ticket in
+the usual way. In parallel, the site receives a notification email.</li>
+</ul>
+<h3 id="becoming-a-team-ticket-member">Becoming a Team-ticket member</h3>
+<p>People who want to become a team member have to:</p>
+<ul>
+<li>register in GGUS first</li>
+<li>be added to the appropriate group in a VOMS server.</li>
+</ul>
+<p>GGUS system synchronizes its user database once per night with the VOMS servers.
+The synchronization is based on the DN string. Please make sure the DN of your
+GGUS account is the same to the one registered in VOMS.</p>
+<h2 id="technical-description">Technical description</h2>
+<p>This section describes the workflows of team tickets from a technical point of
+view.</p>
+<h3 id="team-ticket-submission">Team ticket submission</h3>
+<p>Team tickets can either be submitted using the GGUS web portal. On top of the
+ticket submit form in GGUS web portal there is a link to the submit form for
+team tickets.</p>
+<p><img src="Submit_Team.png" alt="link to submit form for team tickets"></p>
+<p>As team ticket submitters are expected to be experts who will hopefully provide
+all necessary information, the number of fields on the team ticket submit form
+is reduced to a minimum, compared to the number of fields on the user ticket
+submit form</p>
+<p><img src="Submit_Form_Team.png" alt="Submit form for team tickets"></p>
+<p>Three fields on this form are mandatory:</p>
+<ul>
+<li>Subject</li>
+<li>MoU Area</li>
+<li>Notified Site</li>
+</ul>
+<p>All of the other fields are optional.</p>
+<h3 id="team-ticket-processing">Team ticket processing</h3>
+<p>The processing of a team ticket consists of two main parts, the notification of
+the notified site and the routing of the ticket to the NGI/ROC the site belongs
+to.</p>
+<h4 id="site-notification">Site notification</h4>
+<p>In parallel to the creation of a team ticket the GGUS system sends an email
+notification directly to the site specified in field “Notify Site”. This email
+is sent to a specific site contact mail address.</p>
+<h4 id="ticket-routing">Ticket routing</h4>
+<p>Team tickets are bypassing the TPMs and routed to the appropriate NGI/ROCs
+automatically as long as field “Routing type” is not changed. The decision to
+which NGI/ROC a ticket has to be routed is done automatically, based on the
+value of the “Notify Site” field.</p>
+<h4 id="working-on-team-tickets">Working on team tickets</h4>
+<p>For working on team tickets and resolving please use the GGUS portal. A
+reference link to the team ticket is given in the team notification mail. Team
+tickets can be upgraded to alarm tickets clicking on the button “Click to
+convert to ALARM”.</p>
+<p><img src="Team_to_alarm.png" alt="Team to Alarm"></p>
+<h2 id="team-tickets-process-schema">Team tickets process schema</h2>
+<p>See the
+<a href="GGUS_Graph_TEAM_Ticket_Process.pdf">schema of the Team Tickets process</a>.</p>Internal: Ticket Priority/internal/helpdesk/features/ticket-priority/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/ticket-priority/
+<h2 id="priority-definition">Priority definition</h2>
+<p>If you plan to adjust the ticket priority from the default value ’less urgent'
+to ‘urgent’, ‘very urgent’ or ’top priority’, please make sure you add a
+justification for this change in the problem description field.</p>
+<p>The following table will help you to find an appropriate priority value:</p>
+<table>
+<thead>
+<tr>
+<th>Priority</th>
+<th>Comment</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>top priority</td>
+<td>service interrupted; needs to be addressed as soon as possible</td>
+</tr>
+<tr>
+<td>very urgent</td>
+<td>service degraded; no workaround available</td>
+</tr>
+<tr>
+<td>urgent</td>
+<td>service degraded; workaround available</td>
+</tr>
+<tr>
+<td>less urgent</td>
+<td>wishes and enhancements that are “nice to have”</td>
+</tr>
+</tbody>
+</table>
+<p>In particular, be very economical when choosing ’top priority’. This value, when
+reaching the supporters via another ticketing system interface, might become a
+beep or phone alert even in the middle of the night. This level of support is
+ONLY committed by WLCG Tier0 and Tier1s and ONLY for ALARM tickets.</p>
+<p>Finally, please be aware that the supporter who will try to solve your problem
+may change the value you have chosen to a more realistic one, putting their
+justification in the ticket’s public diary.</p>
+<h2 id="priority-colours">Priority colours</h2>
+<h3 id="the-purpose-of-the-priority-colours-in-ggus">The purpose of the priority colours in GGUS</h3>
+<p>The priority colours in GGUS should help supporters getting an overview of the
+most important tickets. The priority colours have no impact on the metrics
+generated with the GGUS report generator or manually by the GGUS team.</p>
+<h3 id="the-colours-used">The colours used</h3>
+<p>Currently the following colours are used for open states:</p>
+<ul>
+<li>green</li>
+<li>yellow</li>
+<li>amber</li>
+<li>red</li>
+</ul>
+<p>For terminal states GGUS uses:</p>
+<ul>
+<li>light blue for status “unsolved” and</li>
+<li>blue for status “solved” and “verified”.</li>
+</ul>
+<h3 id="fields-affecting-the-priority-colour-algorithm">Fields affecting the priority colour algorithm</h3>
+<p>The priority colour algorithm is affected by the status value and the priority
+of a ticket. The priority colour calculation for tickets in status “assigned” is
+based on different values than for tickets in any other open status.</p>
+<h3 id="office-hours-and-weekends">Office hours and weekends</h3>
+<p>Office hours and weekends are taken into consideration when calculating the
+priority colour. The system assumes usual office hours from 07:00 to 15:00
+o’clock UTC from Monday to Friday for all support units. Different time zones
+are considered as far as possible.</p>
+<h3 id="priority-colour-and-status-values">Priority colour and status values</h3>
+<p>The priority colour calculation starts after a ticket gets assigned to any
+support unit. The support units should change the ticket status to “in progress”
+or any other open status after receiving the ticket. Thus the support unit has
+responded to the ticket (response time). After such a status change the priority
+is reset to “green” and the calculation of the priority colour starts again from
+scratch.</p>
+<h3 id="algorithm-for-middleware-related-tickets">Algorithm for middleware related tickets</h3>
+<p>The priority colour for tickets dealing with middleware related problems is
+calculated according to the Quality of Support the PTs voted for. The priority
+colour changes after a dedicated amount of working hours as listed in the table
+below. The priority colour calculation is processed every 15 minutes.</p>
+<table>
+<thead>
+<tr>
+<th>QoS Level</th>
+<th>Ticket priority</th>
+<th>Colour</th>
+<th>Working hours</th>
+<th>Colour</th>
+<th>Working hours</th>
+<th>Colour</th>
+<th>Working hours</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Base</td>
+<td>less urgent</td>
+<td>Yellow</td>
+<td>20</td>
+<td>Amber</td>
+<td>30</td>
+<td>Red</td>
+<td>40</td>
+</tr>
+<tr>
+<td></td>
+<td>urgent</td>
+<td></td>
+<td>20</td>
+<td></td>
+<td>30</td>
+<td></td>
+<td>40</td>
+</tr>
+<tr>
+<td></td>
+<td>very urgent</td>
+<td></td>
+<td>20</td>
+<td></td>
+<td>30</td>
+<td></td>
+<td>40</td>
+</tr>
+<tr>
+<td></td>
+<td>top priority</td>
+<td></td>
+<td>20</td>
+<td></td>
+<td>30</td>
+<td></td>
+<td>40</td>
+</tr>
+<tr>
+<td>Medium</td>
+<td>less urgent</td>
+<td>Yellow</td>
+<td>20</td>
+<td>Amber</td>
+<td>30</td>
+<td>Red</td>
+<td>40</td>
+</tr>
+<tr>
+<td></td>
+<td>urgent</td>
+<td></td>
+<td>20</td>
+<td></td>
+<td>30</td>
+<td></td>
+<td>40</td>
+</tr>
+<tr>
+<td></td>
+<td>very urgent</td>
+<td></td>
+<td>4</td>
+<td></td>
+<td>6</td>
+<td></td>
+<td>8</td>
+</tr>
+<tr>
+<td></td>
+<td>top priority</td>
+<td></td>
+<td>4</td>
+<td></td>
+<td>6</td>
+<td></td>
+<td>8</td>
+</tr>
+<tr>
+<td>Advanced</td>
+<td>less urgent</td>
+<td>Yellow</td>
+<td>20</td>
+<td>Amber</td>
+<td>30</td>
+<td>Red</td>
+<td>40</td>
+</tr>
+<tr>
+<td></td>
+<td>urgent</td>
+<td></td>
+<td>4</td>
+<td></td>
+<td>6</td>
+<td></td>
+<td>8</td>
+</tr>
+<tr>
+<td></td>
+<td>very urgent</td>
+<td></td>
+<td>4</td>
+<td></td>
+<td>6</td>
+<td></td>
+<td>8</td>
+</tr>
+<tr>
+<td></td>
+<td>top priority</td>
+<td></td>
+<td>2</td>
+<td></td>
+<td>3</td>
+<td></td>
+<td>4</td>
+</tr>
+</tbody>
+</table>
+<h3 id="algorithm-for-tickets-other-than-middleware">Algorithm for tickets other than middleware</h3>
+<p>The priority colour changes after a dedicated amount of working hours as listed
+in the table below. The priority colour calculation is running every 15 minutes.</p>
+<table>
+<thead>
+<tr>
+<th>Ticket priority</th>
+<th>Colour</th>
+<th>Working hours</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>less urgent</td>
+<td>Yellow</td>
+<td>20</td>
+</tr>
+<tr>
+<td></td>
+<td>Amber</td>
+<td>30</td>
+</tr>
+<tr>
+<td></td>
+<td>Red</td>
+<td>40</td>
+</tr>
+<tr>
+<td>urgent</td>
+<td>Yellow</td>
+<td>20</td>
+</tr>
+<tr>
+<td></td>
+<td>Amber</td>
+<td>30</td>
+</tr>
+<tr>
+<td></td>
+<td>Red</td>
+<td>40</td>
+</tr>
+<tr>
+<td>very urgent</td>
+<td>Yellow</td>
+<td>16</td>
+</tr>
+<tr>
+<td></td>
+<td>Amber</td>
+<td>24</td>
+</tr>
+<tr>
+<td></td>
+<td>Red</td>
+<td>32</td>
+</tr>
+<tr>
+<td>top priority</td>
+<td>Yellow</td>
+<td>12</td>
+</tr>
+<tr>
+<td></td>
+<td>Amber</td>
+<td>18</td>
+</tr>
+<tr>
+<td></td>
+<td>Red</td>
+<td>24</td>
+</tr>
+</tbody>
+</table>Internal: Ticket Scope/internal/helpdesk/features/ticket-scope/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/ticket-scope/
+<h2 id="priority-definition">Priority definition</h2>
+<p>The GGUS ticket <strong>scope</strong> filter is available in GGUS ticket search. It offers
+filtering for tickets in <strong>EGI</strong> or <strong>WLCG</strong> scope. The ticket scope field is
+automatically set by the system based on the qualifications listed below.</p>
+<p><strong>WLCG scope</strong> tickets are either:</p>
+<ul>
+<li>of type <code>TEAM</code> or <code>ALARM</code> related to VOs <code>alice</code>, <code>atlas</code>, <code>cms</code>, <code>lhcb</code>,
+<code>belle</code></li>
+<li>assigned to <code>VOSupport</code> related to VOs <code>alice</code>, <code>atlas</code>, <code>cms</code>, <code>lhcb</code>,
+<code>belle</code></li>
+<li>assigned to <code>OSG Software Support</code>, <code>USCMS</code>, <code>USATLAS</code>, <code>USBELLE</code>, <code>CRIC</code></li>
+<li>with issue type like <code>CMS_</code>, <code>ATLAS_</code></li>
+</ul>
+<blockquote>
+<p>All other tickets are <strong>EGI scope</strong>.</p>
+</blockquote>
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/issue-type-values/index.html b/612/internal/helpdesk/features/issue-type-values/index.html
new file mode 100644
index 0000000000..fea54c1e83
--- /dev/null
+++ b/612/internal/helpdesk/features/issue-type-values/index.html
@@ -0,0 +1,88 @@
+Issue type values | Documentation
+
+
+
+
+
+
Issue type values
List of the values of the Issue Type field for the several ticket types
USER tickets
// jscpd:ignore-start
For generic user tickets selectable issue types are explained in the table
+below.
Issue type
Description
Accounting
All kind of issues related to accounting tools (APEL, Accounting Portal and so on).
AppDB
All kind of issues related to the AppDB or to the interactions with the AppDB.
Authorization/Authentication
All issues related to authorization and authentication e.g. certificates
COD Operations
WLCG Coordinator On Duty Operations
Catalogue
Issues related to file catalogues, like LFC
Computing Services
All issues related to execution of jobs. It combines two other type of problems (‘Workload management’ and ‘Local batch system’). The ‘Computing Services’ should be used when it is not clear to which subcategory the ticket refersConfiguration Issues of system configuration.
Data Management - generic
All kind of issues related to data management tools (GFAL, LCG_Util and so on).
Databases
Issues related to Databases.
Deployment - other
Issues of software deployment that do not fit any other category.
Documentation
Issues of missing, wrong, outdated documentation.
File Access
File access issues.
File Transfer
File transfer issues, e.g. related to FTS
GGUS
Bugs and feature requests related to GGUS system.
IaaS Operations
Issues related to VMs and clients (OCCI, rOCCI, etc.), block storage, networking.
Information System
Issues related to the BDII.
Installation
Installation issues.
Local Batch System
Issues related to the local batch systems.
Middleware
Issues of middleware stacks like gLite, globus and others.
Monitoring
Issues of infrastructure and service monitoring.
Network problem
Issues of network connectivity.
Operations
Issues of general processes, procedures, information and so on of the entire infrastructure.
Other
Requests that do not match to any other issue type.
Security
Issues of infrastructure and operation security.
Storage Systems
Issues concerning storage systems, like EOS, dCache, DPM
VO Specific Software
Issues of VO specific software tools and packages.
Virtual Appliance Management
Issues related to vmcatcher/vmcaster tools, and VA management in general.
Workload Management
Issues related to workload management system and tools.
TEAM tickets
Team and alarm tickets have a reduced number of issue types in the drop-down
+menu.
Issue type
Description
Databases
Issues related to Databases.
File Access
File access issues.
File Transfer
File transfer issues, e.g. related to FTS
Local Batch System
Issues related to the local batch systems.
Middleware
Issues of middleware stacks like gLite, globus and others.
Monitoring
Issues of infrastructure and service monitoring.
Network problem
Issues of network connectivity.
Other
Requests that do not match to any other issue type
Storage Systems
Issues related to storage systems, like EOS, dCache or DPM
ALARM tickets
Issue type
Description
Databases
Issues related to Databases.
File Access
File access issues.
File Transfer
File transfer issues, e.g. related to FTS
Local Batch System
Issues related to the local batch systems.
Middleware
Issues of middleware stacks like gLite, globus and others.
Monitoring
Issues of infrastructure and service monitoring.
Network problem
Issues of network connectivity.
Other
Requests that do not match to any other issue type
Storage Systems
Issues related to storage systems, like EOS, dCache or DPM
CMS tickets
The CMS VO has an own ticket submit form in the GGUS system. Although this form
+provides CMS specific issue types no special privilege is required to use it.
+This does not apply for the TEAM ticket submit form: Here the CMS specific issue
+types are only selectable for registered CMS TEAM members.
Issue type
Description
CMS_AAA WAN Access
Issues around WAN
CMS_CAF Operations
Issues around CAF operations at CERN, incl EOS space requests
CMS_Central Workflows
Issues around centrally managed MC production and processing
CMS_Data Transfers
Issues around data transfers, e.g. via Phedex or ASO
CMS_Facilities
Typically issues at CMS sites
CMS_HammerCloud
Issues around CMS HammerCloud
CMS_Register New CMS Site
Chosen when a new site gets registered with CMS
CMS_SAM tests
Issues around CMS SAM tests
CMS_Submission Infrastructure
Issues around CMS_Submission Infrastructure
CMS_Tier-1 Tape Families
For creation of Tape families/groups at Tier-1 archives
ATLAS tickets
The ATLAS specific issue types are only selectable for registered ATLAS TEAM
+members.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/issue-type-values/index.xml b/612/internal/helpdesk/features/issue-type-values/index.xml
new file mode 100644
index 0000000000..d1c839e90e
--- /dev/null
+++ b/612/internal/helpdesk/features/issue-type-values/index.xml
@@ -0,0 +1 @@
+Documentation – Issue type values/internal/helpdesk/features/issue-type-values/Recent content in Issue type values on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/quality-of-support-levels/index.html b/612/internal/helpdesk/features/quality-of-support-levels/index.html
new file mode 100644
index 0000000000..9c8850b7c0
--- /dev/null
+++ b/612/internal/helpdesk/features/quality-of-support-levels/index.html
@@ -0,0 +1,90 @@
+Quality of Support (QoS) levels | Documentation
+
+
+
+
+
+
Quality of Support (QoS) levels
Quality of Support (QoS) levels
Introduction
QoS stands for Quality of Support. It describes the level of support provided by
+Support Units in GGUS system.
It has an impact on the ticket
+priority colour in GGUS and the warnings are sent
+to SUs if 75% of the maximum response time of the QoS level are over.
QoS levels
There are three different QoS levels, each defining different response times for
+given Ticket Priority.
Base
Medium
Advanced
The default QoS level, if not declared differently, is Base.
Base Level
Base QoS level defines a response time of 5 working days regardless of the
+ticket priority.
Medium Level
Ticket Priority
Response time
less urgent
5 working days
urgent
5 working days
very urgent
1 working day
top priority
1 working day
Advanced service
Ticket Priority
Response time
less urgent
5 working days
urgent
1 working day
very urgent
1 working day
top priority
4 working hours
QoS level declaration
The QoS level for all of the SUs are available
+here
For the several EGI services, the QoS levels are defined in the specific
+Operational Level Agreements linked in the
+EGI OLA SLA framework page
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/quality-of-support-levels/index.xml b/612/internal/helpdesk/features/quality-of-support-levels/index.xml
new file mode 100644
index 0000000000..f8ff0ab138
--- /dev/null
+++ b/612/internal/helpdesk/features/quality-of-support-levels/index.xml
@@ -0,0 +1 @@
+Documentation – Quality of Support (QoS) levels/internal/helpdesk/features/quality-of-support-levels/Recent content in Quality of Support (QoS) levels on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/report-generator/index.html b/612/internal/helpdesk/features/report-generator/index.html
new file mode 100644
index 0000000000..8bdf26f7ea
--- /dev/null
+++ b/612/internal/helpdesk/features/report-generator/index.html
@@ -0,0 +1,186 @@
+Report generator | Documentation
+
+
+
+
+
+
The implementation of the report generator started in October 2011. Hence, the
+report generator does not provide data for tickets submitted before December
+2011!
Timestamps and metrics
submit timestamp: timestamp when the ticket is submitted
assign timestamp: timestamp when a ticket gets assigned to a support unit
response timestamp: timestamp when the ticket status changes from “assigned”
+to any other status value or the ticket gets re-assigned to another support
+unit
expected response timestamp: timestamp when a ticket should have changed the
+status to any other status value than “assigned” or be re-assigned to another
+support unit at latest
solution timestamp: timestamp when the status changes to either “solved” or
+“unsolved”
Response time
The response time is a performance figure calculated from the support unit’s
+point of view. It describes how quick a support unit is reacting on tickets.
+Response time is the time from
either assigning a ticket to a support unit and the support unit is kept until
+the first status changes to any other value than “assigned”, or
assigning a ticket to a support unit and the status value “assigned” is kept
+until the support unit changes to any other support unit (re-assign).
The response time is calculated as difference between the timestamp changing the
+status or re-assigning the ticket and the assign timestamp. While assigning a
+ticket to a support unit the expected response timestamp is calculated by adding
+an amount of time to the assign timestamp. The amount of time added depends on
+the ticket priority and the kind of support unit. For support units that have
+declared a quality of service level the response times are defined by the
+QoS level. For all the other support units a
+medium QoS is assumed for calculating the expected response timestamp. In case
+the actual response timestamp is greater than the “expected response” timestamp
+for middleware support units the “violate” flag is set.
Response times are based on office hours. Hence the results unit is working
+days.
Solution time
The solution time is a performance figure also calculated from the support
+unit’s point of view. It describes how long it took the support unit for
+providing a solution. Solution time is the time from assigning a ticket to a
+support unit until it provides a solution for the problem described. “Providing
+a solution” means setting the ticket status to “solved” or “unsolved”. The
+solution time is calculated as the difference between the solution timestamp and
+the assign timestamp.
Solution times are based on office hours. Hence the results unit is working
+days.
Waiting time
Waiting time is the sum of all time slots the ticket was set to “waiting for
+reply”. Calculating the waiting time has started in July 2012. For tickets
+submitted before July 2012 no waiting time calculation was done. The waiting
+time for these tickets may be zero. The waiting time can be excluded when
+calculation solution times by ticking the checkbox “exclude waiting time”.
Ticket lifetime
The ticket lifetime is calculated from the user’s point of view. It describes
+how long it takes to provide a meaningful solution for a problem reported by the
+user. Ticket lifetime is the time from ticket submission to ticket solution
+(status “solved/unsolved”).
The ticket lifetime is based on calendar days.
Time zones
GGUS support units are spread over a wide range of time zones. Some of the
+support units themselves are spread over several time zones. However most
+support units are located in European time zones. Support units and their time
+zones are listed on a dedicated page.
+For middleware product teams GGUS assumes time zone “UTC +1” for all support
+units. For all the other support units the system uses the relevant time zone
+for calculating timestamps as far as possible.
Office hours
The systems assumes usual office hours from 09:00 to 17:00 Monday to Friday for
+all support units. National holidays are not taken into account. For middleware
+product teams the timezone UTC+1 is used as default timezone.
Ticket priorities
For the calculation of performance figures the original priority set during
+ticket submission is used. This priority value is kept as long as the support
+unit is in charge of the ticket. Updating the priority value during ticket
+lifetime doesn’t affect the calculation of performance figures.
Unit abbreviations
[wd] means working days
[d] means calendar days
Reports description
Although some of the drop-down lists request the selection of values a query
+can be started anyway. In this case the query is equivalent to a query over
+all tickets!
The “Reset” button resets all fields to their default settings besides the time
+frame.
Tickets submitted
This metric gives the number of tickets submitted within the specified time
+frame. Major criteria is the submit timestamp. The result lists shows the
+current status of the tickets.
Open tickets time
The open tickets time report calculates the time from ticket submission until
+now in calendar days. The submit timestamp must match the specified time
+frame for the report.
Tickets closed
This metric is focused on the ticket life time. It gives the number of
+tickets that reached the status “solved” or “unsolved” within the specified time
+frame. Major criteria is the solution timestamp which is the timestamp
+setting a ticket to “solved” or “unsolved”. Tickets in other terminal status
+like “verified” or “closed” appear in the result list as long as they have been
+set to “solved/unsolved” in the given time frame. Besides date, status and the
+number of closed tickets the results list displays the average ticket lifetime
+and the median ticket lifetime. The result lists shows the current status of the
+tickets.
Response time
This metric focuses on the responsiveness of support units. Major criteria for
+this report is the submit timestamp which must match the selected time
+frame. The result list shows:
the number of tickets responded
the number of responses
average response time and
median response time
for the specified time frame. The result list shows all support units that have
+ever been in charge of a ticket. Hence the same ticket ID may appear several
+times. The number of responses may be greater than the number of tickets.
Response times are based on office hours. Hence an average response time of 1d
+3h 23min means 13 hours and 23 minutes in total.
Violated response time
Specific privileges are required for this report. Only people belonging to a
+dedicated technology provider (TP) are able doing reports for this TP. Major
+criteria for this report are the expected response time defined in SLAs and
+the TP.
Solution time
Major criteria for this report is the solution timestamp. The result list
+shows:
the number of solutions
average response time and
median response time
for the specified time frame. The result lists shows the current status of the
+tickets.
Solution times are based on office hours. Hence, an average solution time of
+12d 3h 5min means 99 hours and 5 minutes in total.
The waiting time can be excluded by ticking the checkbox “exclude waiting time”.
+In case a ticket gets re-opened the metrics calculation starts again from
+scratch. Hence, the same ticket can appear several times in the solution times
+calculation.
Input parameters and results
Input parameters
The input parameters vary depending on the report type chosen. Possible input
+parameters are:
Time frame
Responsible Unit
Status
Priority
Concerned VO
Ticket type
Ticket category
Ticket Scope
Notified site
Technology provider
Date aggregation
Time frame
The time frame defines begin and end date of the report. The begin date starts
+at 00:00:00. The end date ends at 00:00:00. As the implementation of the
+report generator started in October 2011 the report generator does not provide
+data for tickets submitted before December 2011!
Responsible Units
The drop-down list offers all responsible units integrated in GGUS system. They
+can be filtered by keywords. Responsible Units can be either selected all, one
+by one or by checking the boxes in front of the responsible unit groups. In case
+no responsible units are selected all responsible units are considered in the
+reports.
Status
The drop-down list offers all status values available in GGUS system. Multiple
+selections are possible.
Priority
The drop-down list offers all priority values available in GGUS system. Multiple
+selections are possible.
Concerned VO
“Concerned VO” provides a drop-down list of all VOs supported by GGUS. Multiple
+selections are possible.
Ticket type
This drop-down list lists all ticket types in GGUS. Multiple selections are
+possible.
Ticket category
Selectable categories are “Incident”, “Change request”, “Documentation”, “Test”.
+Multiple selections are possible. The category “Test” should not be considered
+for all reports and therefore, if necessary, be excluded from the selection.
Ticket scope
To distinguish between tickets under the responsibility of EGI or WLCG. See
+ticket scope.
Notified site
“Notified site” lists all sites integrated in GGUS. They are derived from GOC DB
+and OIM DB. In case of reporting exclusively on tickets without any site value
+specified please ticket the “blank” value in the drop-down list.
Technology Provider
This input parameter is only visible if choosing the “violated response time”
+report. For accessing this report specific privileges are required. The
+drop-down list offers all technology providers currently integrated in GGUS and
+the “DMSU”. Multiple selections are possible. In case no technology provider is
+selected the reports will be done for tickets without any technology provider
+specified.
Date aggregation
The results aggregation level can be chosen from the drop down list “Choose date
+aggregation”.
Group by
Results can be grouped by one or more of the input parameters.
Results
The results are displayed below the input parameter area. They can be sorted in
+different ways by clicking on the column labels. A drill-down is possible by
+clicking on any row of the results list. The detail results open in a new
+window. They can be sorted by clicking the column labels too. Clicking on the
+ticket ID opens the ticket in GGUS system. At the bottom of the result panel
+there are various icons offering features like:
Search
Refresh
Export
Export what you see
Doing a simple “Export” saves the data in a csv file stripping all column
+headers. For exporting the data including the column headers please use “Export
+what you see”. The “Search” feature allows searching in the result list.
+Possible search parameters are the columns of the result list.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/report-generator/index.xml b/612/internal/helpdesk/features/report-generator/index.xml
new file mode 100644
index 0000000000..28651390b2
--- /dev/null
+++ b/612/internal/helpdesk/features/report-generator/index.xml
@@ -0,0 +1 @@
+Documentation – Report generator/internal/helpdesk/features/report-generator/Recent content in Report generator on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/team-tickets/GGUS_Graph_TEAM_Ticket_Process.pdf b/612/internal/helpdesk/features/team-tickets/GGUS_Graph_TEAM_Ticket_Process.pdf
new file mode 100644
index 0000000000..c08887ad51
Binary files /dev/null and b/612/internal/helpdesk/features/team-tickets/GGUS_Graph_TEAM_Ticket_Process.pdf differ
diff --git a/612/internal/helpdesk/features/team-tickets/GGUS_Graph_Team-ticket-process.png b/612/internal/helpdesk/features/team-tickets/GGUS_Graph_Team-ticket-process.png
new file mode 100644
index 0000000000..edcbb90ed9
Binary files /dev/null and b/612/internal/helpdesk/features/team-tickets/GGUS_Graph_Team-ticket-process.png differ
diff --git a/612/internal/helpdesk/features/team-tickets/Submit_Form_Team.png b/612/internal/helpdesk/features/team-tickets/Submit_Form_Team.png
new file mode 100644
index 0000000000..e15fe3709d
Binary files /dev/null and b/612/internal/helpdesk/features/team-tickets/Submit_Form_Team.png differ
diff --git a/612/internal/helpdesk/features/team-tickets/Submit_Team.png b/612/internal/helpdesk/features/team-tickets/Submit_Team.png
new file mode 100644
index 0000000000..95669c2640
Binary files /dev/null and b/612/internal/helpdesk/features/team-tickets/Submit_Team.png differ
diff --git a/612/internal/helpdesk/features/team-tickets/Team_to_alarm.png b/612/internal/helpdesk/features/team-tickets/Team_to_alarm.png
new file mode 100644
index 0000000000..fa1338e339
Binary files /dev/null and b/612/internal/helpdesk/features/team-tickets/Team_to_alarm.png differ
diff --git a/612/internal/helpdesk/features/team-tickets/index.html b/612/internal/helpdesk/features/team-tickets/index.html
new file mode 100644
index 0000000000..222a2f0806
--- /dev/null
+++ b/612/internal/helpdesk/features/team-tickets/index.html
@@ -0,0 +1,105 @@
+Team tickets | Documentation
+
+
+
+
+
+
Team tickets
Definition and usage of the Team tickets
Introduction: purpose and conditions
The purpose of TEAM tickets is to allow all team members to modify all tickets
+of their team ,although they may not have support access, and they do not have
+submitted the ticket themselves.
Only members of a few VOs are allowed to submit team tickets:
Alice
Atlas
CMS
LHCb
Biomed
Belle
The VO members need to have the appropriate permissions in GGUS user database
Other VOs can request this functionality by opening a GGUS ticket
Team tickets are routed to the NGI/ROC the site belongs to automatically. They
+do not need a routing by the TPM. The NGI/ROC is notified about the ticket in
+the usual way. In parallel, the site receives a notification email.
Becoming a Team-ticket member
People who want to become a team member have to:
register in GGUS first
be added to the appropriate group in a VOMS server.
GGUS system synchronizes its user database once per night with the VOMS servers.
+The synchronization is based on the DN string. Please make sure the DN of your
+GGUS account is the same to the one registered in VOMS.
Technical description
This section describes the workflows of team tickets from a technical point of
+view.
Team ticket submission
Team tickets can either be submitted using the GGUS web portal. On top of the
+ticket submit form in GGUS web portal there is a link to the submit form for
+team tickets.
As team ticket submitters are expected to be experts who will hopefully provide
+all necessary information, the number of fields on the team ticket submit form
+is reduced to a minimum, compared to the number of fields on the user ticket
+submit form
Three fields on this form are mandatory:
Subject
MoU Area
Notified Site
All of the other fields are optional.
Team ticket processing
The processing of a team ticket consists of two main parts, the notification of
+the notified site and the routing of the ticket to the NGI/ROC the site belongs
+to.
Site notification
In parallel to the creation of a team ticket the GGUS system sends an email
+notification directly to the site specified in field “Notify Site”. This email
+is sent to a specific site contact mail address.
Ticket routing
Team tickets are bypassing the TPMs and routed to the appropriate NGI/ROCs
+automatically as long as field “Routing type” is not changed. The decision to
+which NGI/ROC a ticket has to be routed is done automatically, based on the
+value of the “Notify Site” field.
Working on team tickets
For working on team tickets and resolving please use the GGUS portal. A
+reference link to the team ticket is given in the team notification mail. Team
+tickets can be upgraded to alarm tickets clicking on the button “Click to
+convert to ALARM”.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/team-tickets/index.xml b/612/internal/helpdesk/features/team-tickets/index.xml
new file mode 100644
index 0000000000..02adaeb7ce
--- /dev/null
+++ b/612/internal/helpdesk/features/team-tickets/index.xml
@@ -0,0 +1 @@
+Documentation – Team tickets/internal/helpdesk/features/team-tickets/Recent content in Team tickets on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/ticket-priority/index.html b/612/internal/helpdesk/features/ticket-priority/index.html
new file mode 100644
index 0000000000..91c40dbef4
--- /dev/null
+++ b/612/internal/helpdesk/features/ticket-priority/index.html
@@ -0,0 +1,105 @@
+Ticket Priority | Documentation
+
+
+
+
+
+
Ticket Priority
Definition and computation of the ticket priority in relation to the QoS levels
Priority definition
If you plan to adjust the ticket priority from the default value ’less urgent'
+to ‘urgent’, ‘very urgent’ or ’top priority’, please make sure you add a
+justification for this change in the problem description field.
The following table will help you to find an appropriate priority value:
Priority
Comment
top priority
service interrupted; needs to be addressed as soon as possible
very urgent
service degraded; no workaround available
urgent
service degraded; workaround available
less urgent
wishes and enhancements that are “nice to have”
In particular, be very economical when choosing ’top priority’. This value, when
+reaching the supporters via another ticketing system interface, might become a
+beep or phone alert even in the middle of the night. This level of support is
+ONLY committed by WLCG Tier0 and Tier1s and ONLY for ALARM tickets.
Finally, please be aware that the supporter who will try to solve your problem
+may change the value you have chosen to a more realistic one, putting their
+justification in the ticket’s public diary.
Priority colours
The purpose of the priority colours in GGUS
The priority colours in GGUS should help supporters getting an overview of the
+most important tickets. The priority colours have no impact on the metrics
+generated with the GGUS report generator or manually by the GGUS team.
The colours used
Currently the following colours are used for open states:
green
yellow
amber
red
For terminal states GGUS uses:
light blue for status “unsolved” and
blue for status “solved” and “verified”.
Fields affecting the priority colour algorithm
The priority colour algorithm is affected by the status value and the priority
+of a ticket. The priority colour calculation for tickets in status “assigned” is
+based on different values than for tickets in any other open status.
Office hours and weekends
Office hours and weekends are taken into consideration when calculating the
+priority colour. The system assumes usual office hours from 07:00 to 15:00
+o’clock UTC from Monday to Friday for all support units. Different time zones
+are considered as far as possible.
Priority colour and status values
The priority colour calculation starts after a ticket gets assigned to any
+support unit. The support units should change the ticket status to “in progress”
+or any other open status after receiving the ticket. Thus the support unit has
+responded to the ticket (response time). After such a status change the priority
+is reset to “green” and the calculation of the priority colour starts again from
+scratch.
Algorithm for middleware related tickets
The priority colour for tickets dealing with middleware related problems is
+calculated according to the Quality of Support the PTs voted for. The priority
+colour changes after a dedicated amount of working hours as listed in the table
+below. The priority colour calculation is processed every 15 minutes.
QoS Level
Ticket priority
Colour
Working hours
Colour
Working hours
Colour
Working hours
Base
less urgent
Yellow
20
Amber
30
Red
40
urgent
20
30
40
very urgent
20
30
40
top priority
20
30
40
Medium
less urgent
Yellow
20
Amber
30
Red
40
urgent
20
30
40
very urgent
4
6
8
top priority
4
6
8
Advanced
less urgent
Yellow
20
Amber
30
Red
40
urgent
4
6
8
very urgent
4
6
8
top priority
2
3
4
Algorithm for tickets other than middleware
The priority colour changes after a dedicated amount of working hours as listed
+in the table below. The priority colour calculation is running every 15 minutes.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/ticket-priority/index.xml b/612/internal/helpdesk/features/ticket-priority/index.xml
new file mode 100644
index 0000000000..19a83b5462
--- /dev/null
+++ b/612/internal/helpdesk/features/ticket-priority/index.xml
@@ -0,0 +1 @@
+Documentation – Ticket Priority/internal/helpdesk/features/ticket-priority/Recent content in Ticket Priority on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/ticket-scope/index.html b/612/internal/helpdesk/features/ticket-scope/index.html
new file mode 100644
index 0000000000..b3e33c9e02
--- /dev/null
+++ b/612/internal/helpdesk/features/ticket-scope/index.html
@@ -0,0 +1,83 @@
+Ticket Scope | Documentation
+
+
+
+
+
+
Ticket Scope
Description of ticket scopes
Priority definition
The GGUS ticket scope filter is available in GGUS ticket search. It offers
+filtering for tickets in EGI or WLCG scope. The ticket scope field is
+automatically set by the system based on the qualifications listed below.
WLCG scope tickets are either:
of type TEAM or ALARM related to VOs alice, atlas, cms, lhcb,
+belle
assigned to VOSupport related to VOs alice, atlas, cms, lhcb,
+belle
assigned to OSG Software Support, USCMS, USATLAS, USBELLE, CRIC
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/ticket-scope/index.xml b/612/internal/helpdesk/features/ticket-scope/index.xml
new file mode 100644
index 0000000000..886fdbc1a2
--- /dev/null
+++ b/612/internal/helpdesk/features/ticket-scope/index.xml
@@ -0,0 +1 @@
+Documentation – Ticket Scope/internal/helpdesk/features/ticket-scope/Recent content in Ticket Scope on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/tickets-to-multiple-sites/index.html b/612/internal/helpdesk/features/tickets-to-multiple-sites/index.html
new file mode 100644
index 0000000000..ef9a987206
--- /dev/null
+++ b/612/internal/helpdesk/features/tickets-to-multiple-sites/index.html
@@ -0,0 +1,89 @@
+'Notify Site' field and tickets to multiple sites | Documentation
+
+
+
+
+
+
'Notify Site' field and tickets to multiple sites
Selecting a Resource Centre as recipient and submitting tickets to multiple RCs
Notify Site field
The list of sites included in the drop-down menu of the “Notify site” field is
+taken from GOCDB (EGI sites) and from OIM DB (OSG sites).
Sites registered in OIM are only visible if they have status “enabled”.
Sites registered in GOC DB are only visible if they have status “certified”.
Sites in other states (e.g. “suspended”) are not visible in the “Notify
+sites” drop-down list.
the sites information is synchronized once per night.
In case a site’s status changes, the site disappears from the “Notify sites”
+drop-down list. Existing GGUS tickets related to this site get the “Notify
+sites” field flushed. The NGI to which the site belongs inherits the ticket
+from the site and is in charge of further processing this ticket.
Notify multiple sites option
Notifying multiple sites is a feature for submitting tickets with the same
+topic against an unlimited number of sites in GGUS.
This feature can be used only by users owning a dedicated privileges.
There is a specific submit form linked from GGUS ticket submit area. In the
+“Notify SITE” drop-down menu sites can be checked for receiving a ticket.
All sites registered in GGUS can be notified using this option.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/features/tickets-to-multiple-sites/index.xml b/612/internal/helpdesk/features/tickets-to-multiple-sites/index.xml
new file mode 100644
index 0000000000..50c78ec1ab
--- /dev/null
+++ b/612/internal/helpdesk/features/tickets-to-multiple-sites/index.xml
@@ -0,0 +1 @@
+Documentation – 'Notify Site' field and tickets to multiple sites/internal/helpdesk/features/tickets-to-multiple-sites/Recent content in 'Notify Site' field and tickets to multiple sites on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/index.html b/612/internal/helpdesk/index.html
new file mode 100644
index 0000000000..ae8cabcdd9
--- /dev/null
+++ b/612/internal/helpdesk/index.html
@@ -0,0 +1,85 @@
+Helpdesk | Documentation
+
+
+
+
+
+
Helpdesk
EGI Helpdesk
What is it?
Support for EGI services is available through the
+EGI Helpdesk.
The EGI Helpdesk is a distributed tool with central coordination, which provides
+the information and support needed to troubleshoot product and service problems.
+Users can report incidents, bugs or request changes.
The support activities are grouped into first and second level support.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/index.xml b/612/internal/helpdesk/index.xml
new file mode 100644
index 0000000000..0be2671d23
--- /dev/null
+++ b/612/internal/helpdesk/index.xml
@@ -0,0 +1,1168 @@
+Documentation – Helpdesk/internal/helpdesk/Recent content in Helpdesk on DocumentationHugo -- gohugo.ioInternal: Service information/internal/helpdesk/service-information/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/service-information/
+<h2 id="identity-card">Identity card</h2>
+<!-- markdownlint-disable no-inline-html no-bare-urls -->
+<table>
+<thead>
+<tr>
+<th>Property</th>
+<th>Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Name</td>
+<td>Helpdesk</td>
+</tr>
+<tr>
+<td>Description</td>
+<td>Central helpdesk providing a single interface to EGI support</td>
+</tr>
+<tr>
+<td>URL</td>
+<td><a href="https://helpdesk.egi.eu">https://helpdesk.egi.eu</a></td>
+</tr>
+<tr>
+<td>Support Email</td>
+<td>support at ggus.eu</td>
+</tr>
+<tr>
+<td><a href="..">Helpdesk</a> Support Unit</td>
+<td><strong>EGI Services and Service Components</strong> <br/> I__ Helpdesk (GGUS)</td>
+</tr>
+<tr>
+<td>Configuration Database entry</td>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=247">https://goc.egi.eu/portal/index.php?Page_Type=Site&id=247</a></td>
+</tr>
+<tr>
+<td>Supplier</td>
+<td>KIT</td>
+</tr>
+<tr>
+<td>Roadmap</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Release notes</td>
+<td><a href="https://ggus.eu/index.php?mode=release_notes">https://ggus.eu/index.php?mode=release_notes</a></td>
+</tr>
+<tr>
+<td>Source code</td>
+<td>Not available</td>
+</tr>
+<tr>
+<td>Issue tracker for developers</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>License</td>
+<td>BMC Software Inc.</td>
+</tr>
+<tr>
+<td>Privacy Policy</td>
+<td><a href="https://ggus.eu/?mode=privacy">https://ggus.eu/?mode=privacy</a></td>
+</tr>
+</tbody>
+</table>
+<!-- markdownlint-enable no-inline-html no-bare-urls -->Internal: Account and privileges/internal/helpdesk/account-and-privileges/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/account-and-privileges/
+<h2 id="managing-ggus-account-data">Managing GGUS account data</h2>
+<p>GGUS users should be able to manage their GGUS account data by themselves.</p>
+<p>Information about registration and account management is collected on
+<a href="https://ggus.eu/?mode=register_info">GGUS registration page</a> and could be
+reached by clicking the “Registration” link on top of
+<a href="https://ggus.eu/">GGUS home page</a>.</p>
+<p>For managing the GGUS account data the user has to click the link “Check your
+GGUS account” at the bottom of this page.</p>
+<h2 id="updating-the-personal-certificate-information">Updating the personal certificate information</h2>
+<p>Users should update their certificate information before their old certificate
+expires. They can navigate to the
+<a href="https://ggus.eu/?mode=register_info">registration page</a>, click the link “Check
+your GGUS account” and update their data. Modifying the DN field will result in
+an additional DN field: the old DN will be kept and the new DN will be added.
+Subsequently, the user is identified with the two DNs. If the old DN is no more
+valid please just clear the DN field and save the change. Once the old
+certificate has expired before updating the account data, users can request an
+update via GGUS ticket against Helpdesk(GGUS) support unit.</p>
+<h2 id="linking-the-egi-sso-persistent-id-to-the-ggus-account">Linking the EGI SSO persistent ID to the GGUS account</h2>
+<p><strong>Pre-requisites: the email address of your EGI SSO account must be equal to the
+email address registered in GGUS!</strong></p>
+<p>For adding your EGI SSO persistent ID to your account data please do the
+following:</p>
+<ul>
+<li>login to GGUS using your EGI SSO account</li>
+<li>on GGUS home click the <a href="https://ggus.eu/?mode=register_info">Registration</a>
+link</li>
+</ul>
+<p><img src="GGUS_EGI_AAI_1.png" alt="your account information"></p>
+<ul>
+<li>click the button “Add my Shibboleth ID to my account” at the bottom of the
+yellow box.</li>
+</ul>
+<h2 id="getting-supporter-privileges">Getting supporter privileges</h2>
+<p>In order to process tickets assigned to the support unit you belong to, or in
+general tickets submitted by other users and assigned to other support units,
+you need to own supporter privileges. Therefore users need to register an
+account at GGUS. Registration can be done either using an X509 personal
+certificate or using the EGI AAI account.</p>
+<h3 id="registration-with-an-x509-certificate">Registration with an x509 certificate</h3>
+<p>For registering with an X509 certificate the user should go to
+<a href="https://ggus.eu/index.php?mode=index">GGUS home</a> and click the
+<a href="https://ggus.eu/?mode=register_info">registration link</a> in the menu bar at the
+left. This link opens the registration information page which gives some
+additional information about registration process. Clicking on the
+<a href="https://ggus.eu/?mode=register_info">registration link</a> guides to the form that
+the user has to fill in. After filling in the registration form, GGUS team will
+check whether support privileges can be granted. The user will receive an email
+from the GGUS team (usually) confirming their supporter privileges.</p>
+<h3 id="registration-with-the-egi-aai-account">Registration with the EGI AAI account</h3>
+<p>Users who do not have a valid X509 certificate can access GGUS via
+<a href="../../../users/aai/check-in">EGI Check-in</a>. For getting support privileges the
+user needs to be member of the
+<a href="https://aai.egi.eu/registry/co_petitions/start/coef:69">ggus-supporters</a> group
+in EGI Check-in. However the user should fill in the
+<a href="https://ggus.eu/?mode=register_info">registration form</a> for creating an account
+at GGUS. Support privileges will be granted automatically. The user will receive
+an automated email from GGUS system confirming their support privileges.</p>
+<p><img src="GGUS_Registration_Form.png" alt="GGUS registration form"></p>
+<p>Both authentication methods, X509 certificate and EGI Check-in account, will be
+guaranteed in the future. Since the use of login and password will no longer be
+guaranteed in the future, it is recommended to access GGUS with a valid digital
+certificate or EGI Check-in.</p>
+<h2 id="troubleshooting">Troubleshooting</h2>
+<h3 id="im-member-of-ggus-supportersegieu-group-why-dont-i-have-support-privileges-in-ggus">I’m member of ggus-supporters.egi.eu group. Why don’t I have support privileges in GGUS?</h3>
+<p><strong>Pre-requisites: the email address of your EGI SSO account must be equal to the
+email address registered in GGUS!</strong></p>
+<ul>
+<li>Case 1: user isn’t registered in GGUS yet.</li>
+</ul>
+<p>Unregistered users have to register first. On
+<a href="https://ggus.eu/?mode=register_info">registration page</a> you will see this text:
+“You are member of EGI AAI CheckIn ggus supporter. You will get automatically
+support right for the GGUS portal once you will submit this form.“ Support
+permissions will be granted automatically.</p>
+<p><img src="Account_Update_PersistentID.png" alt="Updating PersistentID"></p>
+<p>Click on the “Add my ….” button.</p>
+<ul>
+<li>Case 2: user already registered in GGUS with an X509 DN.</li>
+</ul>
+<p>You can decide to add the Shibboleth ID to the existing account and check the
+updated account. In case the email addresses are different you may either
+harmonize your email address in EGI SSO and GGUS account or create a new account
+using EGI SSO data.</p>
+<h2 id="getting-in-touch-wit-the-ggus-team">Getting in touch wit the GGUS team?</h2>
+<p>The preferred way to get in contact with the GGUS team is by submitting a GGUS
+ticket against Helpdesk (GGUS) support unit.</p>
+<h2 id="additional-information">Additional information</h2>
+<ul>
+<li><a href="../user-guide">GGUS user guide</a></li>
+<li><a href="https://wiki.egi.eu/wiki/FAQ_GGUS-Short-Guide">GGUS short guide</a></li>
+<li><a href="../support-staff-guide">GGUS support staff guide</a></li>
+</ul>Internal: Helpdesk features/internal/helpdesk/features/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/features/
+<p>The pages of this section detail multiple features of the <a href="../">EGI Helpdesk</a>.</p>Internal: Support Staff Guide/internal/helpdesk/support-staff-guide/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/support-staff-guide/
+<h2 id="whats-new-in-the-latest-release">What’s new in the latest release?</h2>
+<p>Please see the <a href="https://ggus.eu/index.php?mode=release_notes">release notes</a> for
+further information.</p>
+<h2 id="access-to-ggus">Access to GGUS</h2>
+<p>The EGI Helpdesk is reachable via <a href="https://helpdesk.egi.eu">a welcome page</a>.
+Another way for accessing <a href="https://ggus.eu">the ticket management interface</a> is
+using the direct link provided in the notification emails sent after ticket
+updates. However either a valid X509 personal certificate or a Check-in account
+are required for accessing the system.</p>
+<h2 id="features-of-ggus">Features of GGUS</h2>
+<h3 id="ggus-home">GGUS Home</h3>
+<p>GGUS home provides a quick overview over tickets submitted by the current user,
+the latest tickets of other users and a collection of news and links to useful
+information. The navigation bar is located on the left side of GGUS pages. It
+provides links to:</p>
+<ul>
+<li>Did you know?</li>
+<li>Documentation</li>
+<li>Registration</li>
+<li>My dashboard</li>
+<li>Search Engine</li>
+<li>Submit form</li>
+<li>Support staff pages</li>
+<li>GGUS Home</li>
+<li>Legals</li>
+<li>Contact form</li>
+</ul>
+<h3 id="did-you-know">Did you know</h3>
+<p>After each release, a major change or new feature is explained in some sentences
+here.</p>
+<h3 id="documentation">Documentation</h3>
+<p>In the documentation section there is a collection of links providing useful
+information around GGUS system.</p>
+<h3 id="registration">Registration</h3>
+<p>All information about registration can be found on the
+<a href="https://ggus.eu/index.php?mode=register_info">registration page</a>. For
+registering as support staff, click the link “Apply” and fill in the
+registration form. After registering successfully you will receive a
+confirmation mail from GGUS team.</p>
+<p>If you want to update your account data, you can do this using the link “Check
+your GGUS account” on the registration page. If you can’t access GGUS web
+interface due to changed DN string of your personal certificate, you can log
+into the system using your Check-in account. Then go to the registration page
+and click on Check/update your GGUS account. The system shows you all your user
+data. It detects the new DN string of your browser automatically. Just save the
+changes by clicking on button Update now. Additional information on GGUS
+accounts is available <a href="../account-and-privileges">here</a>.</p>
+<h3 id="support-staff-page">Support staff page</h3>
+<p>Access to the support staff page is restricted to users having
+<a href="../account-and-privileges">support privileges</a>. Depending on further privileges
+people may have there are links to e.g. news administration and other features.
+All support staffs can use the GGUS report generator and the GGUS ticket
+timeline tool as well as links to other information useful for support staffs.</p>
+<p><img src="GGUS_Support_Staff.png" alt="GGUS Support Staff"></p>
+<h4 id="ggus-ticket-timeline-tool">GGUS ticket timeline tool</h4>
+<p>The link to the GGUS ticket timeline tool is located on support staff page. The
+ticket timeline tool provides a graphical overview of tickets concerning a
+selected site and time range. It shows all tickets that have been updated during
+the selected time range. When moving the mouse over one of the colored bars some
+additional information is displayed. Clicking on the ticket ID opens a new
+window showing the ticket details and the modify section of the ticket.</p>
+<p><img src="GGUS_TTT.png" alt="GGUS ticket timeline tool"></p>
+<h4 id="ggus-report-generator">GGUS Report Generator</h4>
+<p>The link to the GGUS Report Generator is located on support staff page and on
+GGUS home page in section “GGUS tools/reports”. The GGUS Report Generator could
+be used for generating statistics and reports for all support units in GGUS.
+Further information on the report generator is available on the
+<a href="../features/report-generator">report generator</a>.</p>
+<h3 id="submit-form">Submit form</h3>
+<p>Depending on the user’s privileges GGUS offers different ticket submit forms:</p>
+<ul>
+<li>common user ticket</li>
+<li>team ticket</li>
+<li>alarm ticket</li>
+<li>CMS ticket (for members of CMS VO)</li>
+<li>notify multiple sites which is a bulk submit for addressing multiple sites
+about the same issue.</li>
+</ul>
+<h4 id="ticket-categories-and-ticket-types">Ticket categories and ticket types</h4>
+<p>GGUS offers two fields which help to classify various tickets into categories
+and types.</p>
+<h5 id="ticket-categories">Ticket categories</h5>
+<p>The ticket category is for differentiating between incidents and service
+requests. This distinction is helpful for supporters as well as for the GGUS
+reporting, e.g. for excluding test tickets. Other categories were added over the
+time. Currently the following values are available for selection:</p>
+<ul>
+<li>Incident (see the
+<a href="https://ims.egi.eu/display/EGIG/Incident">FitSM definition</a>)</li>
+<li>Service request (see the
+<a href="https://ims.egi.eu/display/EGIG/Service+request">FitSM definition</a>). List of
+service requests for the
+<a href="https://confluence.egi.eu/display/EGISLM/EGI+Internal+Service+requests">internal</a>
+and for the
+<a href="https://confluence.egi.eu/display/EGISLM/EGI+Service+requests">external</a>
+services of the EGI portfolio</li>
+<li>Documentation (used to request creation and update on documentation.)</li>
+<li>Release (used when a new version of the operational tools is ready to be
+tested; see
+<a href="https://confluence.egi.eu/display/EGIPP/RDM2+Regular+release+process">RDM2 Regular release process</a>)</li>
+<li>CMS Internal (for cms VO specific tickets)</li>
+<li>EGI Coordination/Planning (to track activities not falling into the service
+request definition)</li>
+<li>WLCG Coordination/Planning</li>
+<li>Test</li>
+</ul>
+<p>When submitting a ticket the ticket category field is not visible. It defaults
+to “Incident” and is only editable for supporters, not for users. So it is up to
+the supporter to check and, if necessary, classify the ticket correctly. Please
+see details in section Changing ticket category.</p>
+<h5 id="ticket-types">Ticket types</h5>
+<p>The ticket type field is for differentiating between standard user tickets and
+tickets for achieving the special requirements of various groups like the LHC
+VOs or EGI operations. It can’t be set manually, but is set automatically by the
+system based on several rules. The ticket type field could not be changed during
+ticket lifetime. Possible ticket types in GGUS are:</p>
+<ul>
+<li>USER</li>
+<li>TEAM,</li>
+<li>ALARM</li>
+<li>OPS.</li>
+</ul>
+<h6 id="user-tickets">USER tickets</h6>
+<p>The ticket type USER is the default ticket type. User tickets are the usual
+tickets which can be submitted by everyone. They are visible to everybody. They
+can be updated either by the submitter himself or by any supporter.</p>
+<h6 id="team-tickets">TEAM tickets</h6>
+<p>The purpose of TEAM tickets is to allow a group of people to submit and modify
+ticketseditable by the whole group. TEAM tickets can only be submitted by people
+who have the appropriate permissions in the GGUS user database. These people
+belong to either one of the four LHC VOs (ALICE, ATLAS, CMS, LHCB) or to the
+BIOMED or BELLE VO and are nominated by the particular VO management. TEAM
+tickets are editable by all members of the VO team (which are the so called VO
+shifters) regardless own the ticket. TEAM tickets are visible to everyone. They
+can be submitted for all tier-1 sites in EGI and are routed to the appropriate
+NGI/ROC automatically, bypassing the TPM. Additionally the site is notified by
+mail about the ticket. By default TEAM tickets are routed to the appropriate
+NGI/ROC directly, bypassing TPM. But the submitter could also choose to route it
+to the TPM instead. Further information on TEAM tickets is available in the
+<a href="../features/team-tickets">TEAM tickets page</a>.</p>
+<h6 id="alarm-tickets">ALARM tickets</h6>
+<p>The purpose of ALARM tickets is to notify tier-1 administrators about serious
+problems of the site at any time, independent from usual office hours. They can
+only be submitted by experts who have the appropriate permissions in the GGUS
+user database. These people belong to one of the four LHC VOs (ALICE, ATLAS,
+CMS, LHCB) and are nominated by the particular VO management. They are about 3
+to 4 people per VO. ALARM tickets are editable by all members of the VO team
+(which are the so called VO shifters) regardless they own the ticket. They are
+visible to everyone. ALARM tickets can be submitted for all tier-1 sites in EGI
+and are routed to the appropriate NGI/ROC automatically, bypassing the TPM.
+Additionally the tier-1 site is notified by an ALARM email. It is up to the
+tier-1 site how to deal with this ALARM email. Further information on ALARM
+tickets is available in the <a href="../features/alarm-tickets">ALARM tickets page</a>.</p>
+<h5 id="ops-tickets">OPS tickets</h5>
+<p>This ticket type is used for operations tickets submitted via the operations
+portal.</p>
+<h3 id="my-dashboard">My dashboard</h3>
+<p>This dashboard can be used for getting quick access to any ticket of interest.
+Each ticket has to be added manually.</p>
+<h3 id="search-engine">Search Engine</h3>
+<p>The search engine provides a large number of fields for creating dedicated query
+strings. Many of them have additional information hidden behind a question mark
+icon. The results of a query are shown in a results list. The default search
+displays all open tickets of last week. They were ordered by date of creation in
+descending manor. For further details on using the search engine see chapter
+Searching for tickets. The result list is showing a color schema reflecting the
+priority of tickets. The algorithm used for setting the priority colours is
+explained in chapter Reminder emails.</p>
+<h3 id="searching-for-tickets">Searching for tickets</h3>
+<p>Various possibilities of searching tickets in GGUS are described in this FAQ.
+Please avoid searching for “all” tickets or “solved” tickets without any
+time-frame if not necessary for some reasons as these searches cause heavy load
+on the machine.</p>
+<h4 id="searching-via-ticket-id">Searching via Ticket ID</h4>
+<p>Searching via ticket ID is the easiest and fastest way to look at a ticket. When
+searching via Ticket ID all other search parameters are ignored. Besides
+searching for all open tickets this is the recommended kind of search, because
+it avoids needless workload on the system. When searching via ticket ID the
+ticket details are shown in the same window. For getting back to the main page
+use the “Back” button of your browser. For Firefox users there is a nice add-on
+for adding a customized search for any web page to the browser’s search bar
+available <a href="https://firefox.maltekraus.de/extensions/add-to-search-bar">here</a>.</p>
+<h4 id="searching-via-parameters">Searching via parameters</h4>
+<p>The search parameters can be combined in any way wanted. Description fields
+“Keyword”, “Involved supporter” and “Assigned to person” trigger a LIKE search
+to the database. Concatenating keywords with “AND” or “OR” is currently not
+possible. The result of a search by parameters is shown in the result list. For
+viewing ticket details just click on the ID. A new window opens showing ticket
+details. For getting back to the search result just close the window with the
+ticket details.</p>
+<h3 id="customizing-result-list">Customizing result list</h3>
+<p>You can customize the result list in various ways. One way to customize the
+result list is by checking or un-checking the appropriate boxes in the blue bar.
+The related columns will then be added or removed. Another way for customizing
+the result list is by selecting another ticket order in field Order tickets by.
+After changing the result list layout you have to refresh the search result by
+clicking the Go! button.</p>
+<h3 id="exporting-search-results">Exporting search results</h3>
+<p>Search results can be exported in csv or xml format for further processing.
+After clicking on the appropriate link a new window opens showing the results in
+the specified format. Out of this window you can save a local copy of this file.</p>
+<h3 id="ticket-data">Ticket data</h3>
+<p>By clicking on the ticket ID of a ticket in the results list of the search
+engine you can access the ticket data. The ticket data is divided into 3 main
+sections:</p>
+<ul>
+<li>ticket information</li>
+<li>ticket history</li>
+<li>ticket modify section</li>
+</ul>
+<h4 id="ticket-information">Ticket information</h4>
+<p>The system shows the information section after clicking on a ticket ID.It
+provides an overview of all relevant ticket parameters and could be divided into
+5 areas:</p>
+<ul>
+<li>submitter data</li>
+<li>issue data</li>
+<li>ticket data</li>
+<li>description</li>
+<li>solution</li>
+</ul>
+<p>Additional features of the ticket information section are:</p>
+<ul>
+<li>export of ticket information data,</li>
+<li>escalate button,</li>
+<li>duplicate ticket and</li>
+<li>convert team to alarm.</li>
+</ul>
+<p><img src="GGUS_Info_Support.png" alt="Ticket information"></p>
+<h5 id="duplicate-ticket">Duplicate ticket</h5>
+<p>Figure 5: Ticket duplication Supporters have the opportunity to duplicate an
+existing ticket up to 15 times. The duplicate feature is located right below
+ticket information. It is useful if a ticket concerns not only one support unit
+but has to be handled by several support units. The fields that are copied into
+the duplicated tickets are:</p>
+<ul>
+<li>Internal Diary</li>
+<li>Login</li>
+<li>Last Modifier</li>
+<li>Submitter</li>
+<li>Subject</li>
+</ul>
+<p><img src="GGUS_Duplicate.png" alt="Ticket duplication"></p>
+<p>Attachments are not duplicated physically but linked to all duplicated tickets.
+The Responsible Unit is set to “TPM” by default.</p>
+<h5 id="convert-team-tickets-to-alarm-tickets">Convert TEAM tickets to ALARM tickets</h5>
+<p>Figure 3: Convert team to alarm ticket Support staffs with ALARM privileges are
+able to convert TEAM tickets to ALARM tickets clicking on a button in the ticket
+information section. This feature is only available for the WLCG VOs.</p>
+<p><img src="GGUS_Convert_Alarm.png" alt="Convert team to alarm ticket"></p>
+<h4 id="ticket-history">Ticket history</h4>
+<p>The ticket history is located below ticket information. It shows all relevant
+changes of the ticket in chronological manner. Changes of these fields lead to a
+new entry in ticket history:</p>
+<ul>
+<li>Assign ticket to support unit</li>
+<li>Assign ticket to one person</li>
+<li>Affected Site</li>
+<li>Public Diary</li>
+<li>Change ticket category</li>
+<li>Change status</li>
+<li>Change VO</li>
+<li>Change priority</li>
+<li>Involve others</li>
+<li>Type of issue</li>
+<li>Internal Diary</li>
+<li>Solution</li>
+<li>Related issue</li>
+<li>VO specific</li>
+</ul>
+<p>For making the history more readable solution entries and entries in the public
+diary are marked with green colour, entries of the internal diary with orange
+colour.</p>
+<h4 id="ticket-modify-section">Ticket modify section</h4>
+<p>The ticket modification area offers several fields for modifying a ticket. The
+fields are described in detail below.</p>
+<p><img src="GGUS_Modifysection_Support.png" alt="Ticket modify section"></p>
+<ul>
+<li>Assign ticket to support unit is showing all support units involved in GGUS.</li>
+<li>Assign ticket to specific person(s) allows assigning tickets to a dedicated
+person within the current support unit. If a mail address is typed in the
+system generates an email to inform the recipient about the ticket assignment.
+The length is limited to 254 characters.</li>
+<li>Change status is a drop-down-list with all possible status values.</li>
+<li>Change VO is a drop-down-list with all possible VO values.</li>
+<li>Type of issue provides a drop-down-list of possible issue types.</li>
+<li>Change priority provides a drop-down-list of possible priority values.</li>
+<li>Notify site is for specifying the site affected by the issue. For ticket types
+“ALARM” and “TEAM” this field is not editable.</li>
+<li>Change ticket category provides a drop-down list with values “Incident”,
+“Change Request”, “Documentation” and “Test”.</li>
+<li>Involve others allows contacting any people who may help to solve an issue.
+Several mail addresses can be typed in separated by “;”. The length is limited
+to 254 characters.</li>
+<li>VO specific is a flag indicating whether a issue is VO specific or not.
+Default is “no”.</li>
+<li>Change CC recipient is for editing the mail addresses specified during ticket
+submit for notifying any person about a ticket.</li>
+<li>MoU Area can only be set for tickets of type “TEAM” or “ALARM”. Possible
+values are documented here.</li>
+<li>Subject is for editing the subject of a ticket.</li>
+<li>Internal Diary can be used for internal remarks. It is only shown to people
+with support privileges and limited to 4000 characters.</li>
+<li>Public Diary updates always trigger an update mail to the submitter. It is
+limited to 4000 characters.</li>
+<li>Click here to insert… expands the solution field.</li>
+<li>Solution can be up to 4000 characters. It is used for explaining the solution.</li>
+<li>Hide solution hides the solution field.</li>
+<li>Reminders feature can be set to “Please send reminder on” if status is changed
+to “on hold” or “waiting for reply”. In this case a date can be selected on
+which a reminder mail was sent. This feature should help supporters not to
+forget tickets which were not worked on for a longer time.</li>
+<li>Related issue can be used to reference any URL. It is limited to 125
+characters.</li>
+<li>Click here to expand … expands the ticket relation section.</li>
+<li>Hide ticket relation section hides ticket relation fields.</li>
+<li>Mark this ticket as Master is described in detail in chapter Master-Slave
+relations.</li>
+<li>Mark this ticket as Slave is described in detail in chapter Master-Slave
+relations.</li>
+<li>Mark this ticket as child this feature is described in detail in chapter
+Parent-Child relations.</li>
+<li>Cross reference is for referencing as much other GGUS tickets as necessary.
+For each ticket referenced here a symmetric link is added to the referenced
+ticket automatically.</li>
+<li>Want to upload attachment? is for adding attachments. Only one attachment can
+be added at a time. The total number of attachments is unlimited.</li>
+</ul>
+<h4 id="ticket-participation">Ticket Participation</h4>
+<p>GGUS system offers various possibilities for participating in tickets. They are</p>
+<ul>
+<li>the CC field,</li>
+<li>the Involve others field and</li>
+<li>the Subscribe field.</li>
+</ul>
+<p>An overview on these fields is given in the table below. Ticket participation
+can be done by adding a valid mail address to one of these fields. Please avoid
+adding closed mailing lists as such produce a lot of mail errors! Several mail
+addresses have to be separated by semicolon.</p>
+<table>
+<thead>
+<tr>
+<th></th>
+<th>User submit</th>
+<th>User modify</th>
+<th>Supporter modify</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>CC</td>
+<td>Yes</td>
+<td>No</td>
+<td>Yes</td>
+</tr>
+<tr>
+<td>Involve others</td>
+<td>No</td>
+<td>No</td>
+<td>Yes</td>
+</tr>
+<tr>
+<td>Subscribe</td>
+<td>No</td>
+<td>Yes</td>
+<td>Yes</td>
+</tr>
+</tbody>
+</table>
+<h5 id="the-cc-field">The “CC” field</h5>
+<p>The CC field can be set by the user in the ticket submit form. Updates are only
+possible for supporters for correcting or removing invalid mail addresses. Every
+ticket update triggers a notification email to the mail address specified in the
+“CC” field.</p>
+<h5 id="the-involve-others-field">The “Involve others” field</h5>
+<p>The “Involve others” field is only for supporters use. Every ticket update
+triggers a notification email to the mail address specified in the “Involve
+others” field.</p>
+<h5 id="subscribe-to-this-ticket-field">Subscribe to this ticket field</h5>
+<p>This field can be used by any user for participating in tickets at any time. The
+user has just to add his mail address. He will receive notifications for updates
+of the public diary or the solution for following the whole ticket life cycle.
+“Internal Diary” entries never go to the people who subscribed to a ticket.</p>
+<h4 id="master-slave-relations">Master-Slave relations</h4>
+<p>Several tickets describing the same issue can be put into a master-slave
+relation. One of them can be marked as master, the other ones as slave. Only the
+master ticket has to be dealt with. The slave tickets are set to “on hold”. They
+can’t be updated directly as long as they are in a master-slave relation. The
+user gets an automated notification if a ticket is marked as slave. All updates
+of the master were pushed to the slaves. When solving the master the slaves are
+solved to. The master-slave relation is kept after the master is solved.
+Nevertheless each ticket can be reopened separately. Updates on reopened slave
+tickets are possible. A master-slave relation can be reset manually either by
+removing the master ID of a slave ticket or by un-checking the master checkbox
+of the master. If a master is unmarked as master all slaves were reset to
+“standard” tickets automatically.</p>
+<h5 id="selecting-slave-tickets">Selecting slave tickets</h5>
+<p>Marking a ticket as slave is only possible if there is already a master ticket.
+If a ticket is marked as slave a popup window opens showing available master
+tickets. For selecting a master just click on the ID. The master ID is set
+automatically. Once you have chosen a wrong master ID click Reset Master-Slave
+relation and select another one.</p>
+<p><img src="GGUS_Select_Master.png" alt="Select master ID"></p>
+<h5 id="showing-a-masters-slave-tickets">Showing a master’s slave tickets</h5>
+<p>To show all related slave tickets click on link “show slaves for this ticket”. A
+popup window opens showing the IDs of all slave tickets.</p>
+<p><img src="GGUS_Ticket_Relation.png" alt="Ticket relation section"></p>
+<h5 id="searching-for-masterslave-tickets">Searching for master/slave tickets</h5>
+<p>If you want to search for master or slave tickets you can do this using field
+“Special attributes” of the search engine. The status value for searching is set
+to an appropriate value accordingly.</p>
+<h5 id="parent-child-relations">Parent-child relations</h5>
+<p>Parent-child relationships work in reverse to master-slave relationships. The
+parent ticket cannot be resolved until all of its child tickets are resolved.
+The parent ticket is set to the status “on hold” while the child tickets are
+waiting for their solution. For each solved child ticket a note is added to the
+parent ticket history including the solution of the child ticket. After the last
+open child ticket has been solved the status of the parent ticket changes to “in
+progress” automatically. In addition, the system sends a notification mail to
+the responsible support unit that all child tickets have been solved now. So the
+parent ticket can be “solved” too.</p>
+<h5 id="selecting-child-tickets">Selecting child tickets</h5>
+<p>A ticket can be selected as child ticket by checking the box “Mark this ticket
+as child of ticket” and adding the ticket ID of the parent ticket. A comment is
+added to the ticket history automatically stating “This ticket is a child ticket
+of GGUS ticket # 18492”. Multiple child tickets can be related to one parent
+ticket by repeating this procedure. The parent ticket is flagged as “parent”
+automatically. A comment is added to the ticket history automatically stating
+“This ticket is a parent ticket. It has to wait the solving of all its child
+tickets. GGUS ticket #18493 is a child to this ticket.".</p>
+<h5 id="resetting-child-tickets">Resetting child tickets</h5>
+<p>For resetting child tickets just remove the tick from the checkbox “Mark this
+ticket as child of ticket”.</p>
+<h5 id="selecting-parent-tickets">Selecting parent tickets</h5>
+<p>Selecting a parent ticket explicitly is not possible. The parent tickets are
+flagged automatically by the system while the parent ID is specified for a child
+ticket.</p>
+<h5 id="searching-for-parentchild-tickets">Searching for parent/child tickets</h5>
+<p>The search for parent or child tickets is similar to the search for master or
+slave tickets. It can be done using field “Special attributes” of the search
+engine.</p>
+<h2 id="working-on-tickets">Working on tickets</h2>
+<p>This section is a description of how the GGUS ticketing system behaves. There
+are other documents which describe the system in more detail and include more of
+the implementation details. One of the most important fields of the system is
+the status field. Many workflows are triggered by status value changes. Please
+read the Short Guide for getting information on status values. Tickets are
+normally assigned to a support unit. This means that the ticket notification is
+sent to a mailing list composed of many supporters. One of these supporters
+assigns the ticket to himself and takes responsibility for it; the supporter
+changes the status to “in progress”. This person is then in charge of the
+ticket. He either solves it or reassigns the ticket to somebody else. The status
+of the ticket stays set to “in progress” if the ticket is under the
+responsibility of one supporter and until the ticket has been solved.</p>
+<h3 id="user-ticketing-work-flow">User ticketing work flow</h3>
+<p>A graphical view of the ticket flow in GGUS is shown here:
+<img src="GGUS_Status_Values.png" alt="GGUS ticket flow"></p>
+<p>The GGUS Support is organized with two main lines of support:</p>
+<ol>
+<li>First line of support gets immediate notification of tickets</li>
+<li>Second line of support is only notified of tickets by the first line of
+support.</li>
+</ol>
+<p>The first line support is provided by an organisation called TPM – Ticket
+Processing Manager. The TPM team has members who have very good general grid
+knowledge. It is an organisation populated by people provided from the Czech
+NGI. This organisation is responsible for the routing and processing of all
+active tickets.</p>
+<p>The second line support is formed by many support units. Each support unit is
+formed from members who are specialists in various areas of grid middleware, or
+NGI/ROC supporters for operations problems, or VO specific supporters. The
+membership of the support units is maintained on mailing lists. If the user
+responds to any email received from GGUS, then the reply is added to the ticket
+history. The subject of the email includes metadata to ensure the association of
+the response with the ticket.</p>
+<h3 id="tickets-waiting-for-user-input">Tickets waiting for user input</h3>
+<p>The workflows for tickets waiting for user input is described in this FAQ.</p>
+<h3 id="advice-for-tpms">Advice for TPMs</h3>
+<p>The following advice is intended for people working on TPM.</p>
+<ol>
+<li>Change support unit to “TPM” if you are working on a ticket</li>
+<li>Just typing a comment into solution field does NOT cause an email to the user
+automatically. Only changing status to “solved” causes an automatic mail. If
+you want to contact the user you can do this using the “Public Diary”.</li>
+<li>Change status to “waiting for reply” while waiting for the user’s reply.</li>
+<li>Be careful when using the field “Assign ticket to one person”. Please avoid
+using mailing list names, or the mail list address of a remote help-desk
+system. With a mailing list, the mail may not reach the recipient because
+many mailing lists are closed lists and will not accept the message. Sending
+mail to a remote help-desk system can confuse the remote system and lead to
+trouble.</li>
+<li>Change the ticket category if you think the ticket is not dealing with an
+incident but describing a service request like a documentation update, adding
+someone to a mailing list and so on. See chapter Changing ticket category for
+details.</li>
+</ol>
+<h3 id="changing-ticket-category">Changing ticket category</h3>
+<p>When submitting a ticket the ticket category field could not be set but default
+to “Incident”. It is up to the supporters to decide whether a ticket describes
+an “Incident” or a service ticket. Service tickets are tickets that request
+something be done like:</p>
+<ul>
+<li>adding someone to a mailing list</li>
+<li>updating documentation</li>
+<li>providing more space for storing data</li>
+<li>etc.</li>
+</ul>
+<p>They do not report issues. This differentiation is compliant to ITIL.
+Differentiating between incident tickets and service tickets can help supporters
+to order tickets they are responsible for by urgency. The GGUS reporting also
+relies on the correct setting of the ticket category field as it does ignore
+tickets of category “Test”.</p>
+<h3 id="forwarding-a-ticket-to-another-unit">Forwarding a ticket to another unit</h3>
+<p>Tickets assigned to a support unit by error or tickets that need actions from
+other support units should be either assigned back to the TPM or assigned to the
+relevant support unit directly. In both cases an explanation in the public diary
+will avoid confusion.</p>
+<h3 id="solving-a-ticket">Solving a ticket</h3>
+<p>In this section the usage of the different status values and input fields is
+described.</p>
+<p>The system offers two groups of meta states, open states and terminal states.</p>
+<h4 id="open-states">Open states</h4>
+<ul>
+<li>new: this is the default status for submitted tickets. It is set by the system
+and can’t be selected in the drop-down list menu.</li>
+<li>assigned: this status is set automatically and can’t be selected in the
+drop-down list menu. After a ticket is assigned to a support unit, this unit
+is informed via email about the ticket assignment.</li>
+<li>in progress: support staff who work on the ticket should change status to “in
+progress”. This is necessary to announce that somebody is taking care of this
+ticket and is working on it.</li>
+<li>waiting for reply: This status value should be set ONLY by the supporter and
+ONLY when asking the SUBMITTER for further information. The supporter can
+decide whether (s)he wants to be notified about this ticket by the system.
+(S)he can choose any date in the future (s)he wants to be notified and select
+the radio button “Please send reminder on”.</li>
+<li>on hold: some tickets are not solvable while needing a software patch or
+something similar for example. The reasons should be explained in field
+“Public Diary”. Additionally a hint in field “Related issue” may be useful.
+The supporter can decide whether he wants to be notified about this ticket by
+the system. He can choose any date in the future he wants to be notified and
+select the radio button “Please send reminder on”.</li>
+<li>reopened: normally this status value is set by the user, if he is not happy
+with the provided solution. It can also be used by supporters if a better
+solution is found for a ticket already solved. In this case status should be
+set to “reopened”, new solution put in and status changed to “solved” again.
+Leaving status as “solved” and just putting in the new solution does not cause
+an automatic solution mail to the user.</li>
+</ul>
+<h4 id="terminal-states">Terminal states</h4>
+<ul>
+<li>solved: If a solution is found and put into the Solution field, status has to
+be set to “solved”. Only on status change to “solved” the user receives a
+solution mail automatically. Please put a full explanation in Solution field
+of how the issue was solved. You can use qualification terms like:
+<ul>
+<li>fixed</li>
+<li>fixed (workaround)</li>
+<li>works as designed</li>
+<li>other</li>
+</ul>
+</li>
+<li>unsolved: This status is for tickets that can not be solved due to any reason.
+Please add a comment in the solution field explaining why it can’t be solved.
+You can use qualification terms like:
+<ul>
+<li>duplicate</li>
+<li>invalid</li>
+<li>wont fix</li>
+</ul>
+</li>
+<li>verified: This status can only be set by the ticket submitter. TEAM tickets,
+by design, can be ‘verified’ by all TEAMers in the VO. ALARM tickets can also
+be ‘verified’ by all the authorized ALARMers in the VO, not only the
+submitter. This status indicates that a user is happy with the provided
+solution. “Verified” tickets cannot be further updated, nor re-opened.</li>
+<li>closed: Solved or unsolved tickets not verified by the submitter are set to
+“closed” automatically after 10 working days.</li>
+</ul>
+<h4 id="fields-to-fill-in">Fields to fill in</h4>
+<p>Single steps of the solution process can be documented in field “Public Diary”.
+Information and comments which should not be visible to the user can be put into
+the “Internal diary”. When a solution is found, the modifier types the solution
+into the solution field and changes status to “solved”. The “Solution” field
+provides 4000 characters. If 4000 characters are not sufficient, please add an
+attachment. After changing status to “solved” and saving all changes, the
+solution is sent to the submitter via mail automatically. Tasks for solving a
+ticket:</p>
+<ul>
+<li>change status to “in progress” while working on it,</li>
+<li>fill in the solution fields and the internal diary if necessary,</li>
+<li>change the status to “solved” and you are done.</li>
+</ul>
+<h2 id="reminder-emails">Reminder emails</h2>
+<p>Reminder mails are based on the priority colours. The algorithm of setting
+priority colours is described in the following chapters. Reminder mails are sent
+with the reply-to address ignored - atnospam - ggus.eu. All mails sent to this
+mail box are deleted regularly without reading them.</p>
+<h3 id="what-are-the-priority-colours">What are the priority colours?</h3>
+<p>Priority colours are:</p>
+<ul>
+<li>Green: default for all new tickets</li>
+<li>Yellow</li>
+<li>Amber</li>
+<li>Red</li>
+<li>Light blue: for all tickets in status unsolved</li>
+<li>Blue: for all solved and verified tickets</li>
+</ul>
+<p>Priority colours depend on the expected response time and the expected solution
+time of a ticket.</p>
+<h4 id="expected-response-time">Expected response time</h4>
+<p>The expected response times for support units that did not agree on a dedicated
+<a href="../features/quality-of-support-levels">quality of service</a> are listed in the
+relevant FAQ. This means, the status of a ticket should be set to another value
+than “assigned” for indicating that the support unit has acknowledged the
+ticket.</p>
+<h4 id="expected-solution-time">Expected solution time</h4>
+<p>The expected solution times are driven by the priority values of the tickets.
+All values are working days. The higher the priority the shorter is the duration
+within which the ticket is expected to be solved. For further details please see
+the <a href="../features/ticket-priority">Ticket Priority page</a>.</p>
+<p>Ticket follow-up Ticket follow-up is done by a team at KIT (Germany) for all
+tickets besides operations tickets. More information on the ticket follow-up
+processes are available at the pages about
+<a href="https://wiki.egi.eu/wiki/EGI_DMSU_Ticket_Followup">DMSU ticket follow-up</a> and
+<a href="https://wiki.egi.eu/wiki/GGUS:Ticket_monitoring">Ticket monitoring</a>.</p>Internal: User guide/internal/helpdesk/user-guide/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/user-guide/
+<h2 id="introduction">Introduction</h2>
+<p>GGUS is the Helpdesk service of the EGI Infrastructure. Incident and Service
+request tickets can be recorded, and their progress is tracked until the
+solution. The users of the service should not need to know any of the details of
+what happens to the ticket in order to get it from creation to solution.
+However, an understanding of the operation of the system may be helpful to
+explaining what happens when you request help.</p>
+<p>Tickets can be created through the GGUS <a href="https://ggus.eu/">web interface</a>, which
+is described in section “Accessing the web interface to GGUS” of this note.</p>
+<p>Once the ticket has entered GGUS, it is processed by assigning it to the
+appropriate group to deal with the issue. The groups are generally addressed via
+mailing lists, and so GGUS assigns the ticket to a group, and an email message
+is sent to people on the appropriate list. Sometimes, a ticket is simple and it
+is assigned to the correct group immediately and dealt with immediately.</p>
+<h2 id="submitting-a-ticket-using-the-web-interface">Submitting a ticket using the web interface</h2>
+<p>Before using this route, it is essential to have either a digital certificate
+installed in the appropriate manner in the web browser or an EGI Check-in
+account.</p>
+<h3 id="accessing-the-web-interface-to-ggus">Accessing the web interface to GGUS</h3>
+<p>If the user carries out all of the steps above, but is not registered to use
+GGUS, then the home page is like the one shown in the following figure:</p>
+<p><img src="UG_Unregistered_User.png" alt="GGUS home page for unregistered users"></p>
+<p>If the user faces problems with their certificate, they may get help at
+<a href="https://wiki.egi.eu/wiki/USG_Getting_Certificate">wiki.egi.eu: Getting certificate</a></p>
+<p>For accessing GGUS users have to register first. Registration process is
+described in chapter Registering at GGUS.</p>
+<h3 id="registering-at-ggus">Registering at GGUS</h3>
+<p>For getting supporter privileges users need to be registered. For registering at
+GGUS the user should go to <a href="https://ggus.eu/index.php?mode=index">GGUS home</a> and
+click the <a href="https://ggus.eu/index.php?mode=register_info">registration link</a>.
+This link opens the registration form that the user has to fill in. In addition,
+there are some links where the user can find information about X509 personal
+certificates. Users who do not have a valid digital certificate can access GGUS
+via EGI SSO. After filling in the registration form, the user receives an email
+from the GGUS team with his access data to GGUS.</p>
+<h3 id="accessing-ggus-with-certificate">Accessing GGUS with certificate</h3>
+<p>The primary address of the GGUS portal is: <a href="https://ggus.eu">https://ggus.eu</a>.
+If the user enters this in the browser, a warning will be displayed by the
+browser prompting the user to specify which certificate to use (if the user has
+not selected to automatically select the certificate in the browser settings).
+The reason for this warning is that GGUS has to validate the user in order to
+allow access. After that, the user will no longer be asked to identify himself.</p>
+<p>The user identifies themselves with their digital certificate. At this point in
+time, GGUS has identified the user and displays the start page as shown in the
+following figure:</p>
+<p><img src="GGUS_Home.png" alt="GGUS home page for recognized users"></p>
+<p>Note that in this case, the user’s identity is displayed on the page and GGUS
+has recognized that this user is registered to submit tickets. If authentication
+by certificate fails, you will be taken to the login page.</p>
+<h3 id="accessing-ggus-via-egi-check-in">Accessing GGUS via EGI Check-in</h3>
+<p>When choosing “Login via EGI AAI CheckIn” on the login page the user is guided
+to the EGI Check-in page were the users Identity Provider can be selected. After
+authenticating there, the user will be redirected to GGUS.</p>
+<h3 id="the-ticket-submit-form-on-web-interface">The ticket submit form on web interface</h3>
+<p>The tickets submit form offers a set of fields which should help the user to
+describe his issue as detailed as possible. Most of the fields on the submit
+form are optional. Only field “Subject” is required. The submit form consists of
+three main sections: the <strong>user information</strong>, the <strong>issue information</strong> and the
+<strong>routing information</strong>.</p>
+<p><img src="Ticket_Submit_Form.png" alt="Ticket submit form on web interface"></p>
+<ol>
+<li>User information</li>
+</ol>
+<p>Most fields in the user information section are pre-filled by GGUS system.</p>
+<ul>
+<li>“Name/Login” is taken from the GGUS user database.</li>
+<li>“E-Mail” is also taken from the GGUS user database.</li>
+<li>“Notification mode” defaults to “on solution”. The “Notification mode” manages
+the update notifications the user receives. “On solution” means that the user
+only gets notified when the ticket status is set to “solved” or a comment is
+added to the public diary. Additional information is available by clicking on
+the question mark on the right hand side of the field label.</li>
+<li>“CC to” could be filled with any mail address of people who should be informed
+about this ticket. Notifications are sent on every ticket update. The field
+content could only be changed by people who have support access. Additional
+information is available by clicking on the question mark.</li>
+</ul>
+<ol>
+<li>Issue information</li>
+</ol>
+<p>Although only one field is mandatory in this section, as much fields as possible
+should be filled with information.</p>
+<ul>
+<li>“Date/Time of issue” defaults to the submitting time. This field should be set
+if the ticket is submitted much later than the issue occurred.</li>
+<li>“Subject” is a mandatory field. It should give a short description of the
+issue. This field is limited to 250 characters.</li>
+<li>“Describe your issue…” is limited to 4000 characters. It should be used for a
+detailed description of the issue. If the user does not know which information
+to add here he could click on the question mark for getting additional
+information.</li>
+<li>“Concerned VO” provides a drop-down list of all VOs supported by GGUS.</li>
+<li>“VO specific” is a flag indicating whether an issue is VO specific or not. It
+defaults to “no”. This flag could only be set to “yes” in combination with a
+VO selected in field “Concerned VO”.</li>
+<li>“Affected Site” The site impacted by the issue. A drop-down list with all EGI
+sites registered in GOC DB and OSG sites registered in OIM DB is available.
+This is no routing information!</li>
+<li>“Affected ROC/NGI” The NGI/ROC impacted by the issue. A drop-down list of all
+NGIs/ROCs integrated in GGUS is provided.</li>
+<li>“Ticket category” provides a drop-down list with possible values. This field
+is for categorizing the issue. It defaults to “Incident”.</li>
+<li>“Type of issue” provides a drop-down list with possible values. This field is
+for categorizing the issue. It defaults to “Other”.</li>
+<li>“Priority” provides a drop-down list with possible priority values. They are
+“less urgent” which is the default, “urgent”, “very urgent” and “top
+priority”.</li>
+<li>“Attach file(s)” offers the possibility to upload 4 attachments (e.g. log
+files etc.) at a time. Attachments are limited to 2 MB. Please avoid uploading
+file formats “.exe”, “.php”, “.htm(l)”.</li>
+</ul>
+<ol>
+<li>Routing Information</li>
+</ol>
+<ul>
+<li>“Notify SITE” provides a drop-down list with all EGI sites registered in GOC
+DB and OSG sites registered in OIM DB. If selecting a site from the list this
+site will be notified about this ticket by mail. Additionally the ticket is
+assigned to the appropriate NGI/ROC directly, bypassing the TPM (Some words
+about TPM). If setting a site value the appropriate NGI/ROC is set
+automatically. Choosing an NGI/ROC simultaneously is not possible.</li>
+<li>“Assign to ROC/NGI” provides a drop-down list of all NGIs/ROCs integrated in
+GGUS. Choosing a value in this field assigns the ticket to the appropriate ROC
+directly, bypassing the TPM. If assigning a ticket to an NGI/ROC choosing a
+site value simultaneously is not possible.</li>
+</ul>
+<p>After clicking the “Submit” button the user gets a confirmation page showing the
+information submitted and the ticket ID.</p>
+<p><img src="GGUS_Confirm_Submit.png" alt="Confirmation after ticket submit"></p>
+<h3 id="bypassing-the-tpm">Bypassing the TPM</h3>
+<p>The TPM (Ticket Processing Manager) is the 1st Line Support in GGUS. Users can
+bypass the TPM if they have good knowledge about where the problem is. For this
+purpose at the bottom of ticket submit form there is a section “Routing
+information”. Selecting either a site from the
+<a href="../features/tickets-to-multiple-sites">“Notify SITE”</a> drop-down menu
+or a support unit from the “Assign to support unit” drop-down menu routes the
+ticket directly to the selected support unit. If selecting a site name the
+NGI/ROC the site belongs to is set automatically. Hence the ticket is assigned
+to the relevant NGI/ROC. Additionally the site will receive a notification about
+the ticket. Selecting both, the “Notify SITE” and the “Assign to support unit”
+is not possible.</p>
+<p>Tickets of type <a href="../features/team-tickets">TEAM</a> and
+<a href="../features/alarm-tickets">ALARM</a> are always routed to
+the relevant NGI/ROC by default.</p>
+<h2 id="browsing-your-own-tickets">Browsing your own tickets</h2>
+<p>After authenticating themselves the user has access to the GGUS homepage. On
+this page they see a list of their own open tickets and a list of the latest
+open tickets of all users (Figure 2). Below the list of the user’s own open
+tickets there are two links for further browsing possibilities of the user’s own
+tickets:</p>
+<ul>
+<li>Show my complete ticket list,</li>
+<li>My Team Tickets.</li>
+</ul>
+<p>The system only shows the user tickets which have been created with the same
+authentication information the user is currently logged in. This means if a user
+submits tickets with different certificates he does not see all of their
+tickets. The reason for this is that the DN string of the certificate is stored
+in each ticket. Showing all tickets of a user can be done by using the GGUS
+search engine. In the GGUS search engine users can search by username amongst
+others. This search will show all tickets of a user independent from the
+authentication information.</p>
+<h3 id="show-my-complete-ticket-list">Show my complete ticket list</h3>
+<p>This link opens a new window showing tables of all open and closed tickets of
+the user and all tickets of other users the user has subscribed to. Information
+on how to subscribe to a ticket is available in section “Subscribing to a ticket
+of another user.”</p>
+<p><img src="Complete_Ticket_List.png" alt="Complete ticket list on GGUS home"></p>
+<h2 id="modifying-tickets">Modifying tickets</h2>
+<h3 id="modifying-your-tickets-using-the-web">Modifying your tickets using the web</h3>
+<p>For modifying a ticket the user can just click on the ticket ID. He is guided to
+another page. On this page are three main sections:</p>
+<ul>
+<li>the ticket information,</li>
+</ul>
+<p><img src="Ticket_Information.png" alt="Ticket information section"></p>
+<ul>
+<li>the ticket history,</li>
+</ul>
+<p><img src="Ticket_History.png" alt="Ticket history"></p>
+<ul>
+<li>the modify section.</li>
+</ul>
+<p><img src="GGUS_Modifysection_User.png" alt="Ticket modify section"></p>
+<p>The ticket information gives an overview of the personal data the user provided,
+the issue description and the ticket status. The ticket history shows all
+actions that have been taken to solve the ticket, the date and time these
+actions have been taken and the name of the supporter who did them. In the
+modify section the user can add some additional information or comment on a
+question of a supporter to them. The user can add attachments, change the email
+notification behavior of the system and change some other attributes of his
+ticket.</p>
+<h4 id="escalating-a-ticket">Escalating a ticket</h4>
+<p>Between the information section and the ticket history there is a button which
+allows the user to escalate a ticket (Figure 9).</p>
+<p><img src="GGUS_Escal_Button.png" alt="Escalation button"></p>
+<p>Three escalation levels are available in GGUS:</p>
+<ul>
+<li>Escalating ticket to the support unit it is assigned to.</li>
+<li>Escalating the ticket to the support unit and the TPM on shift.</li>
+<li>Escalating the ticket to the support unit, the TPM and the GGUS ticket
+monitoring.</li>
+</ul>
+<p>The escalation levels are reached one by one. It is not possible to choose one
+of them. Additional information is available by clicking on the little question
+mark on the left hand side of the button.</p>
+<h4 id="reopen-a-solved-ticket">Reopen a solved ticket</h4>
+<p>If a ticket is already closed it could be reopened by adding a comment and
+changing the status to “reopened” in the “Modify section” (Figure 8). In this
+case the support unit which solved the ticket and the TPM receive an email about
+the ticket reopening.</p>
+<h4 id="verifying-the-solution">Verifying the solution</h4>
+<p>When a ticket is solved, the user could confirm that the solution has solved
+their issue by verifying it. A solution could be verified by either:</p>
+<ul>
+<li>Clicking the “Verify” button in the web portal or</li>
+<li>Replying to the solution mail without changing anything.</li>
+</ul>
+<p>Verifying a solution can help to increase the quality of solutions in GGUS.</p>
+<p><img src="GGUS_Verify_Button.png" alt="Verify button"></p>
+<h3 id="modify-your-tickets-using-email">Modify your tickets using email</h3>
+<p>Updating a ticket using email is also possible if one fundamental requirement is
+achieved. The mail subject must contain the typical GGUS string “GGUS-Ticket-ID:
+#Ticket-ID” where “Ticket-ID” is the ID of the ticket which should be updated.
+The easiest way to do this is to reply to an update notification received from
+GGUS. When updating a ticket using email the whole mail body will be added to
+the ticket. Changing any other field (e.g. status, priority,…) is impossible</p>
+<h2 id="ticket-participation">Ticket Participation</h2>
+<p>GGUS system offers various possibilities for participating in tickets. They are</p>
+<ul>
+<li>the CC field,</li>
+<li>the Involve others field and</li>
+<li>the Subscribe field.</li>
+</ul>
+<p>An overview on these fields is given in the table below. Ticket participation
+can be done by adding a valid mail address to one of these fields. Please avoid
+adding closed mailing lists as such produce a lot of mail errors! Several mail
+addresses have to be separated by semicolon.</p>
+<table>
+<thead>
+<tr>
+<th></th>
+<th>User submit</th>
+<th>User modify</th>
+<th>Supporter modify</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>CC</td>
+<td>Yes</td>
+<td>No</td>
+<td>Yes</td>
+</tr>
+<tr>
+<td>Involve others</td>
+<td>No</td>
+<td>No</td>
+<td>Yes</td>
+</tr>
+<tr>
+<td>Subscribe</td>
+<td>No</td>
+<td>Yes</td>
+<td>Yes</td>
+</tr>
+</tbody>
+</table>
+<h3 id="the-cc-field">The “CC” field</h3>
+<p>The CC field can be set by the user in the ticket submit form. Updates are only
+possible for supporters for correcting or removing invalid mail addresses. Every
+ticket update triggers a notification email to the mail address specified in the
+“CC” field.</p>
+<h3 id="the-involve-others-field">The “Involve others” field</h3>
+<p>The “Involve others” field is only for supporters use. Every ticket update
+triggers a notification email to the mail address specified in the “Involve
+others” field.</p>
+<h3 id="subscribing-to-a-ticket-of-another-user">Subscribing to a ticket of another user</h3>
+<p>Figure 11: Ticket subscribe Every user could subscribe to tickets of other users
+if he is interested in the solution of any. For subscribing a valid email
+address has to be provided. The user gets a notification once the ticket is
+solved. After subscribing to a ticket the user could change the notification
+mode or unsubscribe if he wants to (Figure 11). Accessing the system with the
+same credentials as used for subscription is necessary for this. Additional
+information on subscribing to tickets is available by clicking on the question
+mark at the right hand side of the label “Subscribe to this ticket”.</p>
+<p><img src="GGUS_Subscribe.png" alt="Ticket subscribe"></p>
+<h3 id="who-gets-what-email-notification-from-ggus">Who gets what email notification from GGUS?</h3>
+<p>The ticket “submitter” gets emails according to the “Notification mode” value
+(s)he selected when submitting the ticket. If the selected “Notification mode”
+value is “on every change” then all updates are sent to the “submitter”. “Public
+Diary” entries are sent to the submitter regardless the value of the
+“Notification mode”. “Internal Diary” entries never go to the “submitter”. They
+are reserved for exchanges amongst supporters.</p>
+<p>The email addresses in the “Cc:” field can be entered by the “submitter” and
+receive the same notifications as the submitter. “Public Diary” entries are sent
+to the addresses in the “Cc:” field. “Internal Diary” entries never go to the
+people in the “Cc:” field. They are reserved for exchanges amongst supporters.</p>
+<p>The email addresses in the “Involve others:” field can be entered by supporters
+only and receive the same notifications as the Support Unit (SU) to which the
+ticket is assigned. “Internal Diary” entries are sent to the relevant SU members
+AND the people in the “Involve others:” field, as they are supposed to be
+experts and contribute to the ticket solution.</p>
+<p>The email address in the “Assign to one person:” field can be entered by
+supporters only and receive the same notifications as the Support Unit (SU) to
+which the ticket is assigned. “Internal Diary” entries are sent to the relevant
+SU members AND the people in the “Involve others:” field AND the email address
+in the “Assign to one person:” field as they are, all, supposed to be experts
+and contribute to the ticket solution.</p>
+<p>Every ticket update triggers an email to the addresses in the “Cc:”, “Involve
+others:” and to ticket subscribers, i.e. GGUS users, unrelated to the specific
+ticket, who entered their own email in the “Subscribe to this ticket” field.</p>
+<p>GGUS email notifications highlight the fields changed with the specific update.</p>
+<p>Please avoid including closed mailing lists, e-groups in these fields as mail
+delivery will fail.</p>
+<h2 id="browsing-all-tickets">Browsing all tickets</h2>
+<p>At the bottom of the home page there are additional links for browsing:</p>
+<ul>
+<li>Search ticket database,</li>
+<li>Show all open tickets,</li>
+</ul>
+<h3 id="ggus-search-engine">GGUS search engine</h3>
+<p>For browsing all tickets the GGUS search engine is a useful tool.</p>
+<p><img src="GGUS_User_Search.png" alt="GGUS search engine"></p>
+<p>The GGUS search engine can be entered by clicking on link “Search ticket
+database”. When accessing the search engine a default search is performed like
+shown in Figure 12: GGUS search engine. Searching via Ticket ID is the easiest
+and fastest way to look at a ticket. When searching via Ticket ID all other
+search parameters were ignored. Besides searching for all open tickets this is
+the recommended kind of search, because it avoids needless workload on the
+system. When searching via ticket ID the ticket details are shown in the same
+window. For getting back to the main page use the “Back” button of your browser.
+The various search parameters can be combined in any way wanted except
+“Untouched since”. Description fields “Keyword”, “Involved supporter” and
+“Assigned to person” trigger a LIKE search to the database. Concatenating
+keywords with “AND” or “OR” is currently not possible. The search can either be
+started by clicking on “go” or just hitting the return key. The result of a
+search by parameters is shown in the result list. For viewing ticket details
+just click on the ID. A new window opens showing ticket details. For getting
+back to the search result just close the window with the ticket details.</p>
+<h3 id="showing-all-open-tickets">Showing all open tickets</h3>
+<p>Clicking on this link shows all open tickets that are currently in the system.
+Unlike “Showing all open tickets” the default search in GGUS search engine uses
+a timeframe of one week for showing open tickets.</p>
+<h2 id="contacting-the-ggus-team">Contacting the GGUS team</h2>
+<p>Users can click on the “Envelope” icon in the menu bar for sending an email to
+the GGUS team with any comments. Note: This must not be used for submitting
+support requests as it does not create a ticket in the system!</p>
+<h2 id="ggus-development-plans">GGUS development plans</h2>
+<p>On GGUS home page there are a couple of links where users can get more
+information on the
+<a href="https://ggus.eu/index.php?mode=development">GGUS development plans</a> as well as
+submit own feature requests. Feature requests are collected in the GGUS shopping
+lists in JIRA (only for users having a CERN account) and EGI RT.</p>
+<h2 id="operation-of-ggus">Operation of GGUS</h2>
+<p>The GGUS system is running on servers located at Karlsruhe Institute of
+Technology (KIT), Germany. Besides the GGUS production system a backup system is
+in place. Switching from production system to backup system currently needs
+manual interaction. An automatic switch in case of fail-over will be
+implemented. GGUS staffs at Karlsruhe are not providing support apart from
+requests concerning GGUS system itself. They can be contacted by email to
+support “at” ggus.eu. Usual office hours for GGUS staffs are from 07:00 to 15:00
+o’clock (UTC).</p>
+<h3 id="tpm">TPM</h3>
+<p>TPM (Ticket Processing Manager) is the most important part of the support system
+for the grid. The purpose of TPM is:</p>
+<ul>
+<li>closing simple trouble tickets,</li>
+<li>ensuring that other tickets are sent to the correct place for processing,</li>
+<li>reacting to alarms that tickets have not been processed,</li>
+</ul>
+<p>The TPM teams consist of people with a broad knowledge of the Grid.</p>
+<h3 id="ticket-monitoring">Ticket Monitoring</h3>
+<p>Besides developing and maintaining GGUS system the GGUS team is also doing the
+ticket monitoring. The ticket monitoring team is responsible for:</p>
+<ul>
+<li><a href="../workflows/waiting-for-submitter">reminding users</a> in case their input is
+required for further ticket processing</li>
+<li>reminding supporters in case tickets are not processed</li>
+<li>assisting in any problem during ticket processing</li>
+</ul>Internal: Workflows/internal/helpdesk/workflows/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/workflows/
+<p>Description of some of the Helpdesk workflows.</p>
\ No newline at end of file
diff --git a/612/internal/helpdesk/service-information/index.html b/612/internal/helpdesk/service-information/index.html
new file mode 100644
index 0000000000..136aca3da0
--- /dev/null
+++ b/612/internal/helpdesk/service-information/index.html
@@ -0,0 +1,79 @@
+Service information | Documentation
+
+
+
+
+
+
Service information
Technical details of EGI Helpdesk
Identity card
Property
Value
Name
Helpdesk
Description
Central helpdesk providing a single interface to EGI support
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/service-information/index.xml b/612/internal/helpdesk/service-information/index.xml
new file mode 100644
index 0000000000..dac1f1cabe
--- /dev/null
+++ b/612/internal/helpdesk/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/helpdesk/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Convert_Alarm.png b/612/internal/helpdesk/support-staff-guide/GGUS_Convert_Alarm.png
new file mode 100644
index 0000000000..0971901d35
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Convert_Alarm.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Duplicate.png b/612/internal/helpdesk/support-staff-guide/GGUS_Duplicate.png
new file mode 100644
index 0000000000..ff491a3e62
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Duplicate.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Info_Support.png b/612/internal/helpdesk/support-staff-guide/GGUS_Info_Support.png
new file mode 100644
index 0000000000..3149926d7a
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Info_Support.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Modifysection_Support.png b/612/internal/helpdesk/support-staff-guide/GGUS_Modifysection_Support.png
new file mode 100644
index 0000000000..0744feab92
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Modifysection_Support.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Select_Master.png b/612/internal/helpdesk/support-staff-guide/GGUS_Select_Master.png
new file mode 100644
index 0000000000..bcd58a898c
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Select_Master.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Status_Values.png b/612/internal/helpdesk/support-staff-guide/GGUS_Status_Values.png
new file mode 100644
index 0000000000..d7a0da5b1c
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Status_Values.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Structure.png b/612/internal/helpdesk/support-staff-guide/GGUS_Structure.png
new file mode 100644
index 0000000000..dcb35e273c
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Structure.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Support_Staff.png b/612/internal/helpdesk/support-staff-guide/GGUS_Support_Staff.png
new file mode 100644
index 0000000000..df84c19c5f
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Support_Staff.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_TTT.png b/612/internal/helpdesk/support-staff-guide/GGUS_TTT.png
new file mode 100644
index 0000000000..41cc1c3224
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_TTT.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/GGUS_Ticket_Relation.png b/612/internal/helpdesk/support-staff-guide/GGUS_Ticket_Relation.png
new file mode 100644
index 0000000000..ee1c71aeba
Binary files /dev/null and b/612/internal/helpdesk/support-staff-guide/GGUS_Ticket_Relation.png differ
diff --git a/612/internal/helpdesk/support-staff-guide/index.html b/612/internal/helpdesk/support-staff-guide/index.html
new file mode 100644
index 0000000000..af4038fa61
--- /dev/null
+++ b/612/internal/helpdesk/support-staff-guide/index.html
@@ -0,0 +1,374 @@
+Support Staff Guide | Documentation
+
+
+
+
+
+
Support Staff Guide
Guide for supporters
What’s new in the latest release?
Please see the release notes for
+further information.
Access to GGUS
The EGI Helpdesk is reachable via a welcome page.
+Another way for accessing the ticket management interface is
+using the direct link provided in the notification emails sent after ticket
+updates. However either a valid X509 personal certificate or a Check-in account
+are required for accessing the system.
Features of GGUS
GGUS Home
GGUS home provides a quick overview over tickets submitted by the current user,
+the latest tickets of other users and a collection of news and links to useful
+information. The navigation bar is located on the left side of GGUS pages. It
+provides links to:
Did you know?
Documentation
Registration
My dashboard
Search Engine
Submit form
Support staff pages
GGUS Home
Legals
Contact form
Did you know
After each release, a major change or new feature is explained in some sentences
+here.
Documentation
In the documentation section there is a collection of links providing useful
+information around GGUS system.
Registration
All information about registration can be found on the
+registration page. For
+registering as support staff, click the link “Apply” and fill in the
+registration form. After registering successfully you will receive a
+confirmation mail from GGUS team.
If you want to update your account data, you can do this using the link “Check
+your GGUS account” on the registration page. If you can’t access GGUS web
+interface due to changed DN string of your personal certificate, you can log
+into the system using your Check-in account. Then go to the registration page
+and click on Check/update your GGUS account. The system shows you all your user
+data. It detects the new DN string of your browser automatically. Just save the
+changes by clicking on button Update now. Additional information on GGUS
+accounts is available here.
Support staff page
Access to the support staff page is restricted to users having
+support privileges. Depending on further privileges
+people may have there are links to e.g. news administration and other features.
+All support staffs can use the GGUS report generator and the GGUS ticket
+timeline tool as well as links to other information useful for support staffs.
GGUS ticket timeline tool
The link to the GGUS ticket timeline tool is located on support staff page. The
+ticket timeline tool provides a graphical overview of tickets concerning a
+selected site and time range. It shows all tickets that have been updated during
+the selected time range. When moving the mouse over one of the colored bars some
+additional information is displayed. Clicking on the ticket ID opens a new
+window showing the ticket details and the modify section of the ticket.
GGUS Report Generator
The link to the GGUS Report Generator is located on support staff page and on
+GGUS home page in section “GGUS tools/reports”. The GGUS Report Generator could
+be used for generating statistics and reports for all support units in GGUS.
+Further information on the report generator is available on the
+report generator.
Submit form
Depending on the user’s privileges GGUS offers different ticket submit forms:
common user ticket
team ticket
alarm ticket
CMS ticket (for members of CMS VO)
notify multiple sites which is a bulk submit for addressing multiple sites
+about the same issue.
Ticket categories and ticket types
GGUS offers two fields which help to classify various tickets into categories
+and types.
Ticket categories
The ticket category is for differentiating between incidents and service
+requests. This distinction is helpful for supporters as well as for the GGUS
+reporting, e.g. for excluding test tickets. Other categories were added over the
+time. Currently the following values are available for selection:
Service request (see the
+FitSM definition). List of
+service requests for the
+internal
+and for the
+external
+services of the EGI portfolio
Documentation (used to request creation and update on documentation.)
Release (used when a new version of the operational tools is ready to be
+tested; see
+RDM2 Regular release process)
CMS Internal (for cms VO specific tickets)
EGI Coordination/Planning (to track activities not falling into the service
+request definition)
WLCG Coordination/Planning
Test
When submitting a ticket the ticket category field is not visible. It defaults
+to “Incident” and is only editable for supporters, not for users. So it is up to
+the supporter to check and, if necessary, classify the ticket correctly. Please
+see details in section Changing ticket category.
Ticket types
The ticket type field is for differentiating between standard user tickets and
+tickets for achieving the special requirements of various groups like the LHC
+VOs or EGI operations. It can’t be set manually, but is set automatically by the
+system based on several rules. The ticket type field could not be changed during
+ticket lifetime. Possible ticket types in GGUS are:
USER
TEAM,
ALARM
OPS.
USER tickets
The ticket type USER is the default ticket type. User tickets are the usual
+tickets which can be submitted by everyone. They are visible to everybody. They
+can be updated either by the submitter himself or by any supporter.
TEAM tickets
The purpose of TEAM tickets is to allow a group of people to submit and modify
+ticketseditable by the whole group. TEAM tickets can only be submitted by people
+who have the appropriate permissions in the GGUS user database. These people
+belong to either one of the four LHC VOs (ALICE, ATLAS, CMS, LHCB) or to the
+BIOMED or BELLE VO and are nominated by the particular VO management. TEAM
+tickets are editable by all members of the VO team (which are the so called VO
+shifters) regardless own the ticket. TEAM tickets are visible to everyone. They
+can be submitted for all tier-1 sites in EGI and are routed to the appropriate
+NGI/ROC automatically, bypassing the TPM. Additionally the site is notified by
+mail about the ticket. By default TEAM tickets are routed to the appropriate
+NGI/ROC directly, bypassing TPM. But the submitter could also choose to route it
+to the TPM instead. Further information on TEAM tickets is available in the
+TEAM tickets page.
ALARM tickets
The purpose of ALARM tickets is to notify tier-1 administrators about serious
+problems of the site at any time, independent from usual office hours. They can
+only be submitted by experts who have the appropriate permissions in the GGUS
+user database. These people belong to one of the four LHC VOs (ALICE, ATLAS,
+CMS, LHCB) and are nominated by the particular VO management. They are about 3
+to 4 people per VO. ALARM tickets are editable by all members of the VO team
+(which are the so called VO shifters) regardless they own the ticket. They are
+visible to everyone. ALARM tickets can be submitted for all tier-1 sites in EGI
+and are routed to the appropriate NGI/ROC automatically, bypassing the TPM.
+Additionally the tier-1 site is notified by an ALARM email. It is up to the
+tier-1 site how to deal with this ALARM email. Further information on ALARM
+tickets is available in the ALARM tickets page.
OPS tickets
This ticket type is used for operations tickets submitted via the operations
+portal.
My dashboard
This dashboard can be used for getting quick access to any ticket of interest.
+Each ticket has to be added manually.
Search Engine
The search engine provides a large number of fields for creating dedicated query
+strings. Many of them have additional information hidden behind a question mark
+icon. The results of a query are shown in a results list. The default search
+displays all open tickets of last week. They were ordered by date of creation in
+descending manor. For further details on using the search engine see chapter
+Searching for tickets. The result list is showing a color schema reflecting the
+priority of tickets. The algorithm used for setting the priority colours is
+explained in chapter Reminder emails.
Searching for tickets
Various possibilities of searching tickets in GGUS are described in this FAQ.
+Please avoid searching for “all” tickets or “solved” tickets without any
+time-frame if not necessary for some reasons as these searches cause heavy load
+on the machine.
Searching via Ticket ID
Searching via ticket ID is the easiest and fastest way to look at a ticket. When
+searching via Ticket ID all other search parameters are ignored. Besides
+searching for all open tickets this is the recommended kind of search, because
+it avoids needless workload on the system. When searching via ticket ID the
+ticket details are shown in the same window. For getting back to the main page
+use the “Back” button of your browser. For Firefox users there is a nice add-on
+for adding a customized search for any web page to the browser’s search bar
+available here.
Searching via parameters
The search parameters can be combined in any way wanted. Description fields
+“Keyword”, “Involved supporter” and “Assigned to person” trigger a LIKE search
+to the database. Concatenating keywords with “AND” or “OR” is currently not
+possible. The result of a search by parameters is shown in the result list. For
+viewing ticket details just click on the ID. A new window opens showing ticket
+details. For getting back to the search result just close the window with the
+ticket details.
Customizing result list
You can customize the result list in various ways. One way to customize the
+result list is by checking or un-checking the appropriate boxes in the blue bar.
+The related columns will then be added or removed. Another way for customizing
+the result list is by selecting another ticket order in field Order tickets by.
+After changing the result list layout you have to refresh the search result by
+clicking the Go! button.
Exporting search results
Search results can be exported in csv or xml format for further processing.
+After clicking on the appropriate link a new window opens showing the results in
+the specified format. Out of this window you can save a local copy of this file.
Ticket data
By clicking on the ticket ID of a ticket in the results list of the search
+engine you can access the ticket data. The ticket data is divided into 3 main
+sections:
ticket information
ticket history
ticket modify section
Ticket information
The system shows the information section after clicking on a ticket ID.It
+provides an overview of all relevant ticket parameters and could be divided into
+5 areas:
submitter data
issue data
ticket data
description
solution
Additional features of the ticket information section are:
export of ticket information data,
escalate button,
duplicate ticket and
convert team to alarm.
Duplicate ticket
Figure 5: Ticket duplication Supporters have the opportunity to duplicate an
+existing ticket up to 15 times. The duplicate feature is located right below
+ticket information. It is useful if a ticket concerns not only one support unit
+but has to be handled by several support units. The fields that are copied into
+the duplicated tickets are:
Internal Diary
Login
Last Modifier
Submitter
Subject
Attachments are not duplicated physically but linked to all duplicated tickets.
+The Responsible Unit is set to “TPM” by default.
Convert TEAM tickets to ALARM tickets
Figure 3: Convert team to alarm ticket Support staffs with ALARM privileges are
+able to convert TEAM tickets to ALARM tickets clicking on a button in the ticket
+information section. This feature is only available for the WLCG VOs.
Ticket history
The ticket history is located below ticket information. It shows all relevant
+changes of the ticket in chronological manner. Changes of these fields lead to a
+new entry in ticket history:
Assign ticket to support unit
Assign ticket to one person
Affected Site
Public Diary
Change ticket category
Change status
Change VO
Change priority
Involve others
Type of issue
Internal Diary
Solution
Related issue
VO specific
For making the history more readable solution entries and entries in the public
+diary are marked with green colour, entries of the internal diary with orange
+colour.
Ticket modify section
The ticket modification area offers several fields for modifying a ticket. The
+fields are described in detail below.
Assign ticket to support unit is showing all support units involved in GGUS.
Assign ticket to specific person(s) allows assigning tickets to a dedicated
+person within the current support unit. If a mail address is typed in the
+system generates an email to inform the recipient about the ticket assignment.
+The length is limited to 254 characters.
Change status is a drop-down-list with all possible status values.
Change VO is a drop-down-list with all possible VO values.
Type of issue provides a drop-down-list of possible issue types.
Change priority provides a drop-down-list of possible priority values.
Notify site is for specifying the site affected by the issue. For ticket types
+“ALARM” and “TEAM” this field is not editable.
Change ticket category provides a drop-down list with values “Incident”,
+“Change Request”, “Documentation” and “Test”.
Involve others allows contacting any people who may help to solve an issue.
+Several mail addresses can be typed in separated by “;”. The length is limited
+to 254 characters.
VO specific is a flag indicating whether a issue is VO specific or not.
+Default is “no”.
Change CC recipient is for editing the mail addresses specified during ticket
+submit for notifying any person about a ticket.
MoU Area can only be set for tickets of type “TEAM” or “ALARM”. Possible
+values are documented here.
Subject is for editing the subject of a ticket.
Internal Diary can be used for internal remarks. It is only shown to people
+with support privileges and limited to 4000 characters.
Public Diary updates always trigger an update mail to the submitter. It is
+limited to 4000 characters.
Click here to insert… expands the solution field.
Solution can be up to 4000 characters. It is used for explaining the solution.
Hide solution hides the solution field.
Reminders feature can be set to “Please send reminder on” if status is changed
+to “on hold” or “waiting for reply”. In this case a date can be selected on
+which a reminder mail was sent. This feature should help supporters not to
+forget tickets which were not worked on for a longer time.
Related issue can be used to reference any URL. It is limited to 125
+characters.
Click here to expand … expands the ticket relation section.
Mark this ticket as Master is described in detail in chapter Master-Slave
+relations.
Mark this ticket as Slave is described in detail in chapter Master-Slave
+relations.
Mark this ticket as child this feature is described in detail in chapter
+Parent-Child relations.
Cross reference is for referencing as much other GGUS tickets as necessary.
+For each ticket referenced here a symmetric link is added to the referenced
+ticket automatically.
Want to upload attachment? is for adding attachments. Only one attachment can
+be added at a time. The total number of attachments is unlimited.
Ticket Participation
GGUS system offers various possibilities for participating in tickets. They are
the CC field,
the Involve others field and
the Subscribe field.
An overview on these fields is given in the table below. Ticket participation
+can be done by adding a valid mail address to one of these fields. Please avoid
+adding closed mailing lists as such produce a lot of mail errors! Several mail
+addresses have to be separated by semicolon.
User submit
User modify
Supporter modify
CC
Yes
No
Yes
Involve others
No
No
Yes
Subscribe
No
Yes
Yes
The “CC” field
The CC field can be set by the user in the ticket submit form. Updates are only
+possible for supporters for correcting or removing invalid mail addresses. Every
+ticket update triggers a notification email to the mail address specified in the
+“CC” field.
The “Involve others” field
The “Involve others” field is only for supporters use. Every ticket update
+triggers a notification email to the mail address specified in the “Involve
+others” field.
Subscribe to this ticket field
This field can be used by any user for participating in tickets at any time. The
+user has just to add his mail address. He will receive notifications for updates
+of the public diary or the solution for following the whole ticket life cycle.
+“Internal Diary” entries never go to the people who subscribed to a ticket.
Master-Slave relations
Several tickets describing the same issue can be put into a master-slave
+relation. One of them can be marked as master, the other ones as slave. Only the
+master ticket has to be dealt with. The slave tickets are set to “on hold”. They
+can’t be updated directly as long as they are in a master-slave relation. The
+user gets an automated notification if a ticket is marked as slave. All updates
+of the master were pushed to the slaves. When solving the master the slaves are
+solved to. The master-slave relation is kept after the master is solved.
+Nevertheless each ticket can be reopened separately. Updates on reopened slave
+tickets are possible. A master-slave relation can be reset manually either by
+removing the master ID of a slave ticket or by un-checking the master checkbox
+of the master. If a master is unmarked as master all slaves were reset to
+“standard” tickets automatically.
Selecting slave tickets
Marking a ticket as slave is only possible if there is already a master ticket.
+If a ticket is marked as slave a popup window opens showing available master
+tickets. For selecting a master just click on the ID. The master ID is set
+automatically. Once you have chosen a wrong master ID click Reset Master-Slave
+relation and select another one.
Showing a master’s slave tickets
To show all related slave tickets click on link “show slaves for this ticket”. A
+popup window opens showing the IDs of all slave tickets.
Searching for master/slave tickets
If you want to search for master or slave tickets you can do this using field
+“Special attributes” of the search engine. The status value for searching is set
+to an appropriate value accordingly.
Parent-child relations
Parent-child relationships work in reverse to master-slave relationships. The
+parent ticket cannot be resolved until all of its child tickets are resolved.
+The parent ticket is set to the status “on hold” while the child tickets are
+waiting for their solution. For each solved child ticket a note is added to the
+parent ticket history including the solution of the child ticket. After the last
+open child ticket has been solved the status of the parent ticket changes to “in
+progress” automatically. In addition, the system sends a notification mail to
+the responsible support unit that all child tickets have been solved now. So the
+parent ticket can be “solved” too.
Selecting child tickets
A ticket can be selected as child ticket by checking the box “Mark this ticket
+as child of ticket” and adding the ticket ID of the parent ticket. A comment is
+added to the ticket history automatically stating “This ticket is a child ticket
+of GGUS ticket # 18492”. Multiple child tickets can be related to one parent
+ticket by repeating this procedure. The parent ticket is flagged as “parent”
+automatically. A comment is added to the ticket history automatically stating
+“This ticket is a parent ticket. It has to wait the solving of all its child
+tickets. GGUS ticket #18493 is a child to this ticket.".
Resetting child tickets
For resetting child tickets just remove the tick from the checkbox “Mark this
+ticket as child of ticket”.
Selecting parent tickets
Selecting a parent ticket explicitly is not possible. The parent tickets are
+flagged automatically by the system while the parent ID is specified for a child
+ticket.
Searching for parent/child tickets
The search for parent or child tickets is similar to the search for master or
+slave tickets. It can be done using field “Special attributes” of the search
+engine.
Working on tickets
This section is a description of how the GGUS ticketing system behaves. There
+are other documents which describe the system in more detail and include more of
+the implementation details. One of the most important fields of the system is
+the status field. Many workflows are triggered by status value changes. Please
+read the Short Guide for getting information on status values. Tickets are
+normally assigned to a support unit. This means that the ticket notification is
+sent to a mailing list composed of many supporters. One of these supporters
+assigns the ticket to himself and takes responsibility for it; the supporter
+changes the status to “in progress”. This person is then in charge of the
+ticket. He either solves it or reassigns the ticket to somebody else. The status
+of the ticket stays set to “in progress” if the ticket is under the
+responsibility of one supporter and until the ticket has been solved.
User ticketing work flow
A graphical view of the ticket flow in GGUS is shown here:
+
The GGUS Support is organized with two main lines of support:
First line of support gets immediate notification of tickets
Second line of support is only notified of tickets by the first line of
+support.
The first line support is provided by an organisation called TPM – Ticket
+Processing Manager. The TPM team has members who have very good general grid
+knowledge. It is an organisation populated by people provided from the Czech
+NGI. This organisation is responsible for the routing and processing of all
+active tickets.
The second line support is formed by many support units. Each support unit is
+formed from members who are specialists in various areas of grid middleware, or
+NGI/ROC supporters for operations problems, or VO specific supporters. The
+membership of the support units is maintained on mailing lists. If the user
+responds to any email received from GGUS, then the reply is added to the ticket
+history. The subject of the email includes metadata to ensure the association of
+the response with the ticket.
Tickets waiting for user input
The workflows for tickets waiting for user input is described in this FAQ.
Advice for TPMs
The following advice is intended for people working on TPM.
Change support unit to “TPM” if you are working on a ticket
Just typing a comment into solution field does NOT cause an email to the user
+automatically. Only changing status to “solved” causes an automatic mail. If
+you want to contact the user you can do this using the “Public Diary”.
Change status to “waiting for reply” while waiting for the user’s reply.
Be careful when using the field “Assign ticket to one person”. Please avoid
+using mailing list names, or the mail list address of a remote help-desk
+system. With a mailing list, the mail may not reach the recipient because
+many mailing lists are closed lists and will not accept the message. Sending
+mail to a remote help-desk system can confuse the remote system and lead to
+trouble.
Change the ticket category if you think the ticket is not dealing with an
+incident but describing a service request like a documentation update, adding
+someone to a mailing list and so on. See chapter Changing ticket category for
+details.
Changing ticket category
When submitting a ticket the ticket category field could not be set but default
+to “Incident”. It is up to the supporters to decide whether a ticket describes
+an “Incident” or a service ticket. Service tickets are tickets that request
+something be done like:
adding someone to a mailing list
updating documentation
providing more space for storing data
etc.
They do not report issues. This differentiation is compliant to ITIL.
+Differentiating between incident tickets and service tickets can help supporters
+to order tickets they are responsible for by urgency. The GGUS reporting also
+relies on the correct setting of the ticket category field as it does ignore
+tickets of category “Test”.
Forwarding a ticket to another unit
Tickets assigned to a support unit by error or tickets that need actions from
+other support units should be either assigned back to the TPM or assigned to the
+relevant support unit directly. In both cases an explanation in the public diary
+will avoid confusion.
Solving a ticket
In this section the usage of the different status values and input fields is
+described.
The system offers two groups of meta states, open states and terminal states.
Open states
new: this is the default status for submitted tickets. It is set by the system
+and can’t be selected in the drop-down list menu.
assigned: this status is set automatically and can’t be selected in the
+drop-down list menu. After a ticket is assigned to a support unit, this unit
+is informed via email about the ticket assignment.
in progress: support staff who work on the ticket should change status to “in
+progress”. This is necessary to announce that somebody is taking care of this
+ticket and is working on it.
waiting for reply: This status value should be set ONLY by the supporter and
+ONLY when asking the SUBMITTER for further information. The supporter can
+decide whether (s)he wants to be notified about this ticket by the system.
+(S)he can choose any date in the future (s)he wants to be notified and select
+the radio button “Please send reminder on”.
on hold: some tickets are not solvable while needing a software patch or
+something similar for example. The reasons should be explained in field
+“Public Diary”. Additionally a hint in field “Related issue” may be useful.
+The supporter can decide whether he wants to be notified about this ticket by
+the system. He can choose any date in the future he wants to be notified and
+select the radio button “Please send reminder on”.
reopened: normally this status value is set by the user, if he is not happy
+with the provided solution. It can also be used by supporters if a better
+solution is found for a ticket already solved. In this case status should be
+set to “reopened”, new solution put in and status changed to “solved” again.
+Leaving status as “solved” and just putting in the new solution does not cause
+an automatic solution mail to the user.
Terminal states
solved: If a solution is found and put into the Solution field, status has to
+be set to “solved”. Only on status change to “solved” the user receives a
+solution mail automatically. Please put a full explanation in Solution field
+of how the issue was solved. You can use qualification terms like:
fixed
fixed (workaround)
works as designed
other
unsolved: This status is for tickets that can not be solved due to any reason.
+Please add a comment in the solution field explaining why it can’t be solved.
+You can use qualification terms like:
duplicate
invalid
wont fix
verified: This status can only be set by the ticket submitter. TEAM tickets,
+by design, can be ‘verified’ by all TEAMers in the VO. ALARM tickets can also
+be ‘verified’ by all the authorized ALARMers in the VO, not only the
+submitter. This status indicates that a user is happy with the provided
+solution. “Verified” tickets cannot be further updated, nor re-opened.
closed: Solved or unsolved tickets not verified by the submitter are set to
+“closed” automatically after 10 working days.
Fields to fill in
Single steps of the solution process can be documented in field “Public Diary”.
+Information and comments which should not be visible to the user can be put into
+the “Internal diary”. When a solution is found, the modifier types the solution
+into the solution field and changes status to “solved”. The “Solution” field
+provides 4000 characters. If 4000 characters are not sufficient, please add an
+attachment. After changing status to “solved” and saving all changes, the
+solution is sent to the submitter via mail automatically. Tasks for solving a
+ticket:
change status to “in progress” while working on it,
fill in the solution fields and the internal diary if necessary,
change the status to “solved” and you are done.
Reminder emails
Reminder mails are based on the priority colours. The algorithm of setting
+priority colours is described in the following chapters. Reminder mails are sent
+with the reply-to address ignored - atnospam - ggus.eu. All mails sent to this
+mail box are deleted regularly without reading them.
What are the priority colours?
Priority colours are:
Green: default for all new tickets
Yellow
Amber
Red
Light blue: for all tickets in status unsolved
Blue: for all solved and verified tickets
Priority colours depend on the expected response time and the expected solution
+time of a ticket.
Expected response time
The expected response times for support units that did not agree on a dedicated
+quality of service are listed in the
+relevant FAQ. This means, the status of a ticket should be set to another value
+than “assigned” for indicating that the support unit has acknowledged the
+ticket.
Expected solution time
The expected solution times are driven by the priority values of the tickets.
+All values are working days. The higher the priority the shorter is the duration
+within which the ticket is expected to be solved. For further details please see
+the Ticket Priority page.
Ticket follow-up Ticket follow-up is done by a team at KIT (Germany) for all
+tickets besides operations tickets. More information on the ticket follow-up
+processes are available at the pages about
+DMSU ticket follow-up and
+Ticket monitoring.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/support-staff-guide/index.xml b/612/internal/helpdesk/support-staff-guide/index.xml
new file mode 100644
index 0000000000..7bbc1db4fe
--- /dev/null
+++ b/612/internal/helpdesk/support-staff-guide/index.xml
@@ -0,0 +1 @@
+Documentation – Support Staff Guide/internal/helpdesk/support-staff-guide/Recent content in Support Staff Guide on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/user-guide/Account_Update_PersistentID.png b/612/internal/helpdesk/user-guide/Account_Update_PersistentID.png
new file mode 100644
index 0000000000..08f34aa5fc
Binary files /dev/null and b/612/internal/helpdesk/user-guide/Account_Update_PersistentID.png differ
diff --git a/612/internal/helpdesk/user-guide/Complete_Ticket_List.png b/612/internal/helpdesk/user-guide/Complete_Ticket_List.png
new file mode 100644
index 0000000000..653bfa0c25
Binary files /dev/null and b/612/internal/helpdesk/user-guide/Complete_Ticket_List.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Confirm_Submit.png b/612/internal/helpdesk/user-guide/GGUS_Confirm_Submit.png
new file mode 100644
index 0000000000..7c921eb341
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Confirm_Submit.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_EGI_AAI_1.png b/612/internal/helpdesk/user-guide/GGUS_EGI_AAI_1.png
new file mode 100644
index 0000000000..73cf6a04e6
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_EGI_AAI_1.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Escal_Button.png b/612/internal/helpdesk/user-guide/GGUS_Escal_Button.png
new file mode 100644
index 0000000000..9fb048e38b
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Escal_Button.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Home.png b/612/internal/helpdesk/user-guide/GGUS_Home.png
new file mode 100644
index 0000000000..816da1ca54
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Home.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Modifysection_User.png b/612/internal/helpdesk/user-guide/GGUS_Modifysection_User.png
new file mode 100644
index 0000000000..4a947453c7
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Modifysection_User.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Registration_Form.png b/612/internal/helpdesk/user-guide/GGUS_Registration_Form.png
new file mode 100644
index 0000000000..f39a59f701
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Registration_Form.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Subscribe.png b/612/internal/helpdesk/user-guide/GGUS_Subscribe.png
new file mode 100644
index 0000000000..d43409c65f
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Subscribe.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_User_Search.png b/612/internal/helpdesk/user-guide/GGUS_User_Search.png
new file mode 100644
index 0000000000..21b5407fff
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_User_Search.png differ
diff --git a/612/internal/helpdesk/user-guide/GGUS_Verify_Button.png b/612/internal/helpdesk/user-guide/GGUS_Verify_Button.png
new file mode 100644
index 0000000000..1d2c5abeec
Binary files /dev/null and b/612/internal/helpdesk/user-guide/GGUS_Verify_Button.png differ
diff --git a/612/internal/helpdesk/user-guide/Ticket_History.png b/612/internal/helpdesk/user-guide/Ticket_History.png
new file mode 100644
index 0000000000..9cbee10698
Binary files /dev/null and b/612/internal/helpdesk/user-guide/Ticket_History.png differ
diff --git a/612/internal/helpdesk/user-guide/Ticket_Information.png b/612/internal/helpdesk/user-guide/Ticket_Information.png
new file mode 100644
index 0000000000..2d7552fa52
Binary files /dev/null and b/612/internal/helpdesk/user-guide/Ticket_Information.png differ
diff --git a/612/internal/helpdesk/user-guide/Ticket_Submit_Form.png b/612/internal/helpdesk/user-guide/Ticket_Submit_Form.png
new file mode 100644
index 0000000000..7fb16e932f
Binary files /dev/null and b/612/internal/helpdesk/user-guide/Ticket_Submit_Form.png differ
diff --git a/612/internal/helpdesk/user-guide/UG_Unregistered_User.png b/612/internal/helpdesk/user-guide/UG_Unregistered_User.png
new file mode 100644
index 0000000000..53614a0639
Binary files /dev/null and b/612/internal/helpdesk/user-guide/UG_Unregistered_User.png differ
diff --git a/612/internal/helpdesk/user-guide/index.html b/612/internal/helpdesk/user-guide/index.html
new file mode 100644
index 0000000000..5c98d12556
--- /dev/null
+++ b/612/internal/helpdesk/user-guide/index.html
@@ -0,0 +1,264 @@
+User guide | Documentation
+
+
+
+
+
+
User guide
Guide for users
Introduction
GGUS is the Helpdesk service of the EGI Infrastructure. Incident and Service
+request tickets can be recorded, and their progress is tracked until the
+solution. The users of the service should not need to know any of the details of
+what happens to the ticket in order to get it from creation to solution.
+However, an understanding of the operation of the system may be helpful to
+explaining what happens when you request help.
Tickets can be created through the GGUS web interface, which
+is described in section “Accessing the web interface to GGUS” of this note.
Once the ticket has entered GGUS, it is processed by assigning it to the
+appropriate group to deal with the issue. The groups are generally addressed via
+mailing lists, and so GGUS assigns the ticket to a group, and an email message
+is sent to people on the appropriate list. Sometimes, a ticket is simple and it
+is assigned to the correct group immediately and dealt with immediately.
Submitting a ticket using the web interface
Before using this route, it is essential to have either a digital certificate
+installed in the appropriate manner in the web browser or an EGI Check-in
+account.
Accessing the web interface to GGUS
If the user carries out all of the steps above, but is not registered to use
+GGUS, then the home page is like the one shown in the following figure:
For accessing GGUS users have to register first. Registration process is
+described in chapter Registering at GGUS.
Registering at GGUS
For getting supporter privileges users need to be registered. For registering at
+GGUS the user should go to GGUS home and
+click the registration link.
+This link opens the registration form that the user has to fill in. In addition,
+there are some links where the user can find information about X509 personal
+certificates. Users who do not have a valid digital certificate can access GGUS
+via EGI SSO. After filling in the registration form, the user receives an email
+from the GGUS team with his access data to GGUS.
Accessing GGUS with certificate
The primary address of the GGUS portal is: https://ggus.eu.
+If the user enters this in the browser, a warning will be displayed by the
+browser prompting the user to specify which certificate to use (if the user has
+not selected to automatically select the certificate in the browser settings).
+The reason for this warning is that GGUS has to validate the user in order to
+allow access. After that, the user will no longer be asked to identify himself.
The user identifies themselves with their digital certificate. At this point in
+time, GGUS has identified the user and displays the start page as shown in the
+following figure:
Note that in this case, the user’s identity is displayed on the page and GGUS
+has recognized that this user is registered to submit tickets. If authentication
+by certificate fails, you will be taken to the login page.
Accessing GGUS via EGI Check-in
When choosing “Login via EGI AAI CheckIn” on the login page the user is guided
+to the EGI Check-in page were the users Identity Provider can be selected. After
+authenticating there, the user will be redirected to GGUS.
The ticket submit form on web interface
The tickets submit form offers a set of fields which should help the user to
+describe his issue as detailed as possible. Most of the fields on the submit
+form are optional. Only field “Subject” is required. The submit form consists of
+three main sections: the user information, the issue information and the
+routing information.
User information
Most fields in the user information section are pre-filled by GGUS system.
“Name/Login” is taken from the GGUS user database.
“E-Mail” is also taken from the GGUS user database.
“Notification mode” defaults to “on solution”. The “Notification mode” manages
+the update notifications the user receives. “On solution” means that the user
+only gets notified when the ticket status is set to “solved” or a comment is
+added to the public diary. Additional information is available by clicking on
+the question mark on the right hand side of the field label.
“CC to” could be filled with any mail address of people who should be informed
+about this ticket. Notifications are sent on every ticket update. The field
+content could only be changed by people who have support access. Additional
+information is available by clicking on the question mark.
Issue information
Although only one field is mandatory in this section, as much fields as possible
+should be filled with information.
“Date/Time of issue” defaults to the submitting time. This field should be set
+if the ticket is submitted much later than the issue occurred.
“Subject” is a mandatory field. It should give a short description of the
+issue. This field is limited to 250 characters.
“Describe your issue…” is limited to 4000 characters. It should be used for a
+detailed description of the issue. If the user does not know which information
+to add here he could click on the question mark for getting additional
+information.
“Concerned VO” provides a drop-down list of all VOs supported by GGUS.
“VO specific” is a flag indicating whether an issue is VO specific or not. It
+defaults to “no”. This flag could only be set to “yes” in combination with a
+VO selected in field “Concerned VO”.
“Affected Site” The site impacted by the issue. A drop-down list with all EGI
+sites registered in GOC DB and OSG sites registered in OIM DB is available.
+This is no routing information!
“Affected ROC/NGI” The NGI/ROC impacted by the issue. A drop-down list of all
+NGIs/ROCs integrated in GGUS is provided.
“Ticket category” provides a drop-down list with possible values. This field
+is for categorizing the issue. It defaults to “Incident”.
“Type of issue” provides a drop-down list with possible values. This field is
+for categorizing the issue. It defaults to “Other”.
“Priority” provides a drop-down list with possible priority values. They are
+“less urgent” which is the default, “urgent”, “very urgent” and “top
+priority”.
“Attach file(s)” offers the possibility to upload 4 attachments (e.g. log
+files etc.) at a time. Attachments are limited to 2 MB. Please avoid uploading
+file formats “.exe”, “.php”, “.htm(l)”.
Routing Information
“Notify SITE” provides a drop-down list with all EGI sites registered in GOC
+DB and OSG sites registered in OIM DB. If selecting a site from the list this
+site will be notified about this ticket by mail. Additionally the ticket is
+assigned to the appropriate NGI/ROC directly, bypassing the TPM (Some words
+about TPM). If setting a site value the appropriate NGI/ROC is set
+automatically. Choosing an NGI/ROC simultaneously is not possible.
“Assign to ROC/NGI” provides a drop-down list of all NGIs/ROCs integrated in
+GGUS. Choosing a value in this field assigns the ticket to the appropriate ROC
+directly, bypassing the TPM. If assigning a ticket to an NGI/ROC choosing a
+site value simultaneously is not possible.
After clicking the “Submit” button the user gets a confirmation page showing the
+information submitted and the ticket ID.
Bypassing the TPM
The TPM (Ticket Processing Manager) is the 1st Line Support in GGUS. Users can
+bypass the TPM if they have good knowledge about where the problem is. For this
+purpose at the bottom of ticket submit form there is a section “Routing
+information”. Selecting either a site from the
+“Notify SITE” drop-down menu
+or a support unit from the “Assign to support unit” drop-down menu routes the
+ticket directly to the selected support unit. If selecting a site name the
+NGI/ROC the site belongs to is set automatically. Hence the ticket is assigned
+to the relevant NGI/ROC. Additionally the site will receive a notification about
+the ticket. Selecting both, the “Notify SITE” and the “Assign to support unit”
+is not possible.
Tickets of type TEAM and
+ALARM are always routed to
+the relevant NGI/ROC by default.
Browsing your own tickets
After authenticating themselves the user has access to the GGUS homepage. On
+this page they see a list of their own open tickets and a list of the latest
+open tickets of all users (Figure 2). Below the list of the user’s own open
+tickets there are two links for further browsing possibilities of the user’s own
+tickets:
Show my complete ticket list,
My Team Tickets.
The system only shows the user tickets which have been created with the same
+authentication information the user is currently logged in. This means if a user
+submits tickets with different certificates he does not see all of their
+tickets. The reason for this is that the DN string of the certificate is stored
+in each ticket. Showing all tickets of a user can be done by using the GGUS
+search engine. In the GGUS search engine users can search by username amongst
+others. This search will show all tickets of a user independent from the
+authentication information.
Show my complete ticket list
This link opens a new window showing tables of all open and closed tickets of
+the user and all tickets of other users the user has subscribed to. Information
+on how to subscribe to a ticket is available in section “Subscribing to a ticket
+of another user.”
Modifying tickets
Modifying your tickets using the web
For modifying a ticket the user can just click on the ticket ID. He is guided to
+another page. On this page are three main sections:
the ticket information,
the ticket history,
the modify section.
The ticket information gives an overview of the personal data the user provided,
+the issue description and the ticket status. The ticket history shows all
+actions that have been taken to solve the ticket, the date and time these
+actions have been taken and the name of the supporter who did them. In the
+modify section the user can add some additional information or comment on a
+question of a supporter to them. The user can add attachments, change the email
+notification behavior of the system and change some other attributes of his
+ticket.
Escalating a ticket
Between the information section and the ticket history there is a button which
+allows the user to escalate a ticket (Figure 9).
Three escalation levels are available in GGUS:
Escalating ticket to the support unit it is assigned to.
Escalating the ticket to the support unit and the TPM on shift.
Escalating the ticket to the support unit, the TPM and the GGUS ticket
+monitoring.
The escalation levels are reached one by one. It is not possible to choose one
+of them. Additional information is available by clicking on the little question
+mark on the left hand side of the button.
Reopen a solved ticket
If a ticket is already closed it could be reopened by adding a comment and
+changing the status to “reopened” in the “Modify section” (Figure 8). In this
+case the support unit which solved the ticket and the TPM receive an email about
+the ticket reopening.
Verifying the solution
When a ticket is solved, the user could confirm that the solution has solved
+their issue by verifying it. A solution could be verified by either:
Clicking the “Verify” button in the web portal or
Replying to the solution mail without changing anything.
Verifying a solution can help to increase the quality of solutions in GGUS.
Modify your tickets using email
Updating a ticket using email is also possible if one fundamental requirement is
+achieved. The mail subject must contain the typical GGUS string “GGUS-Ticket-ID:
+#Ticket-ID” where “Ticket-ID” is the ID of the ticket which should be updated.
+The easiest way to do this is to reply to an update notification received from
+GGUS. When updating a ticket using email the whole mail body will be added to
+the ticket. Changing any other field (e.g. status, priority,…) is impossible
Ticket Participation
GGUS system offers various possibilities for participating in tickets. They are
the CC field,
the Involve others field and
the Subscribe field.
An overview on these fields is given in the table below. Ticket participation
+can be done by adding a valid mail address to one of these fields. Please avoid
+adding closed mailing lists as such produce a lot of mail errors! Several mail
+addresses have to be separated by semicolon.
User submit
User modify
Supporter modify
CC
Yes
No
Yes
Involve others
No
No
Yes
Subscribe
No
Yes
Yes
The “CC” field
The CC field can be set by the user in the ticket submit form. Updates are only
+possible for supporters for correcting or removing invalid mail addresses. Every
+ticket update triggers a notification email to the mail address specified in the
+“CC” field.
The “Involve others” field
The “Involve others” field is only for supporters use. Every ticket update
+triggers a notification email to the mail address specified in the “Involve
+others” field.
Subscribing to a ticket of another user
Figure 11: Ticket subscribe Every user could subscribe to tickets of other users
+if he is interested in the solution of any. For subscribing a valid email
+address has to be provided. The user gets a notification once the ticket is
+solved. After subscribing to a ticket the user could change the notification
+mode or unsubscribe if he wants to (Figure 11). Accessing the system with the
+same credentials as used for subscription is necessary for this. Additional
+information on subscribing to tickets is available by clicking on the question
+mark at the right hand side of the label “Subscribe to this ticket”.
Who gets what email notification from GGUS?
The ticket “submitter” gets emails according to the “Notification mode” value
+(s)he selected when submitting the ticket. If the selected “Notification mode”
+value is “on every change” then all updates are sent to the “submitter”. “Public
+Diary” entries are sent to the submitter regardless the value of the
+“Notification mode”. “Internal Diary” entries never go to the “submitter”. They
+are reserved for exchanges amongst supporters.
The email addresses in the “Cc:” field can be entered by the “submitter” and
+receive the same notifications as the submitter. “Public Diary” entries are sent
+to the addresses in the “Cc:” field. “Internal Diary” entries never go to the
+people in the “Cc:” field. They are reserved for exchanges amongst supporters.
The email addresses in the “Involve others:” field can be entered by supporters
+only and receive the same notifications as the Support Unit (SU) to which the
+ticket is assigned. “Internal Diary” entries are sent to the relevant SU members
+AND the people in the “Involve others:” field, as they are supposed to be
+experts and contribute to the ticket solution.
The email address in the “Assign to one person:” field can be entered by
+supporters only and receive the same notifications as the Support Unit (SU) to
+which the ticket is assigned. “Internal Diary” entries are sent to the relevant
+SU members AND the people in the “Involve others:” field AND the email address
+in the “Assign to one person:” field as they are, all, supposed to be experts
+and contribute to the ticket solution.
Every ticket update triggers an email to the addresses in the “Cc:”, “Involve
+others:” and to ticket subscribers, i.e. GGUS users, unrelated to the specific
+ticket, who entered their own email in the “Subscribe to this ticket” field.
GGUS email notifications highlight the fields changed with the specific update.
Please avoid including closed mailing lists, e-groups in these fields as mail
+delivery will fail.
Browsing all tickets
At the bottom of the home page there are additional links for browsing:
Search ticket database,
Show all open tickets,
GGUS search engine
For browsing all tickets the GGUS search engine is a useful tool.
The GGUS search engine can be entered by clicking on link “Search ticket
+database”. When accessing the search engine a default search is performed like
+shown in Figure 12: GGUS search engine. Searching via Ticket ID is the easiest
+and fastest way to look at a ticket. When searching via Ticket ID all other
+search parameters were ignored. Besides searching for all open tickets this is
+the recommended kind of search, because it avoids needless workload on the
+system. When searching via ticket ID the ticket details are shown in the same
+window. For getting back to the main page use the “Back” button of your browser.
+The various search parameters can be combined in any way wanted except
+“Untouched since”. Description fields “Keyword”, “Involved supporter” and
+“Assigned to person” trigger a LIKE search to the database. Concatenating
+keywords with “AND” or “OR” is currently not possible. The search can either be
+started by clicking on “go” or just hitting the return key. The result of a
+search by parameters is shown in the result list. For viewing ticket details
+just click on the ID. A new window opens showing ticket details. For getting
+back to the search result just close the window with the ticket details.
Showing all open tickets
Clicking on this link shows all open tickets that are currently in the system.
+Unlike “Showing all open tickets” the default search in GGUS search engine uses
+a timeframe of one week for showing open tickets.
Contacting the GGUS team
Users can click on the “Envelope” icon in the menu bar for sending an email to
+the GGUS team with any comments. Note: This must not be used for submitting
+support requests as it does not create a ticket in the system!
GGUS development plans
On GGUS home page there are a couple of links where users can get more
+information on the
+GGUS development plans as well as
+submit own feature requests. Feature requests are collected in the GGUS shopping
+lists in JIRA (only for users having a CERN account) and EGI RT.
Operation of GGUS
The GGUS system is running on servers located at Karlsruhe Institute of
+Technology (KIT), Germany. Besides the GGUS production system a backup system is
+in place. Switching from production system to backup system currently needs
+manual interaction. An automatic switch in case of fail-over will be
+implemented. GGUS staffs at Karlsruhe are not providing support apart from
+requests concerning GGUS system itself. They can be contacted by email to
+support “at” ggus.eu. Usual office hours for GGUS staffs are from 07:00 to 15:00
+o’clock (UTC).
TPM
TPM (Ticket Processing Manager) is the most important part of the support system
+for the grid. The purpose of TPM is:
closing simple trouble tickets,
ensuring that other tickets are sent to the correct place for processing,
reacting to alarms that tickets have not been processed,
The TPM teams consist of people with a broad knowledge of the Grid.
Ticket Monitoring
Besides developing and maintaining GGUS system the GGUS team is also doing the
+ticket monitoring. The ticket monitoring team is responsible for:
reminding users in case their input is
+required for further ticket processing
reminding supporters in case tickets are not processed
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/user-guide/index.xml b/612/internal/helpdesk/user-guide/index.xml
new file mode 100644
index 0000000000..59f1e141f9
--- /dev/null
+++ b/612/internal/helpdesk/user-guide/index.xml
@@ -0,0 +1 @@
+Documentation – User guide/internal/helpdesk/user-guide/Recent content in User guide on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/helpdesk/workflows/index.html b/612/internal/helpdesk/workflows/index.html
new file mode 100644
index 0000000000..f14ba58872
--- /dev/null
+++ b/612/internal/helpdesk/workflows/index.html
@@ -0,0 +1,79 @@
+Workflows | Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/workflows/index.xml b/612/internal/helpdesk/workflows/index.xml
new file mode 100644
index 0000000000..b7f0cd45a1
--- /dev/null
+++ b/612/internal/helpdesk/workflows/index.xml
@@ -0,0 +1,85 @@
+Documentation – Workflows/internal/helpdesk/workflows/Recent content in Workflows on DocumentationHugo -- gohugo.ioInternal: Closing tickets lacking of submitter input/internal/helpdesk/workflows/waiting-for-submitter/Mon, 01 Jan 0001 00:00:00 +0000/internal/helpdesk/workflows/waiting-for-submitter/
+<h2 id="introduction">Introduction</h2>
+<p>After discussions in the <a href="https://indico.egi.eu/event/1265/">GGUS-AB</a> and the
+<a href="https://indico.egi.eu/event/1234/">OMB</a> meetings, members agreed on
+implementing a work flow for closing tickets waiting for submitter input after a
+reasonable amount of time. This work flow was also presented at the
+<a href="https://indico.egi.eu/indico/categoryDisplay.py?categId=21">UCB</a> meeting.</p>
+<h2 id="status-value-waiting-for-reply">Status value “waiting for reply”</h2>
+<p>The status value “waiting for reply” should only be used when input from the
+ticket submitter is required. Setting the ticket status to “waiting for reply”
+in GGUS triggers an email notification to the submitter’s email address
+registered in the ticket. After the submitter has replied either by</p>
+<ul>
+<li>sending an email using the same sender mail address as registered in the
+ticket or by</li>
+<li>updating the ticket in web portal using the same credentials/certificate used
+for submitting the ticket,</li>
+</ul>
+<p>the ticket status changes to “in progress” automatically. Updates on the ticket
+done using different credentials/certificates or email addresses than registered
+in the ticket will not be recognized as reply by the system and hence have no
+impact on the work flow. The status value “waiting for reply” must not be used
+in case of waiting for input of any other person involved in the solving
+process.</p>
+<h2 id="workflow">Workflow</h2>
+<h3 id="first-action">First action</h3>
+<p>5 working days after setting the ticket status to “waiting for reply” the first
+reminder is sent to the ticket submitter requesting input. The ticket will also
+be added to the
+<a href="https://ggus.eu/index.php?mode=ticket_monitor">ticket monitoring dashboard</a>.
+The ticket monitoring team will make sure that the status value “waiting for
+reply” is used in a correct sense.</p>
+<h3 id="second-action">Second action</h3>
+<p>In case the submitter does not reply, the second reminder is sent to the ticket
+submitter requesting input after 5 more working days.</p>
+<h3 id="third-action">Third action</h3>
+<p>In case the submitter does not reply after another 5 more working days the
+ticket monitoring team gets notified. The monitoring team will check the ticket
+for any updates by the submitter not recognized by the system and set the ticket
+status to “unsolved” if none. The ticket will follow the usual process for
+“solved”/“unsolved” tickets and be closed after 10 working days without
+re-opening the ticket again.</p>
+<table>
+<thead>
+<tr>
+<th>Action</th>
+<th>Ticket Status</th>
+<th>Working Days</th>
+<th>Work Flow</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>1</td>
+<td>waiting for reply</td>
+<td>5</td>
+<td>first reminder to submitter; adding ticket to monitoring dashboard</td>
+</tr>
+<tr>
+<td>2</td>
+<td>waiting for reply</td>
+<td>5</td>
+<td>second reminder to submitter</td>
+</tr>
+<tr>
+<td>3</td>
+<td>waiting for reply</td>
+<td>5</td>
+<td>notification to monitoring team; the monitoring team sets status “unsolved”</td>
+</tr>
+<tr>
+<td>4</td>
+<td>unsolved</td>
+<td>10</td>
+<td>manuel status change to “closed” by ticket monitoring team</td>
+</tr>
+</tbody>
+</table>
+<h3 id="summary">Summary</h3>
+<p>In this workflow there is always a human intervention before closing a ticket.
+The submitter has 15 working days in total for replying to a ticket.
+Additionally, they have 10 more working days for re-opening the ticket in case
+they do not agree with setting the ticket to “unsolved”.</p>
+<h3 id="workflow-graph">Workflow graph</h3>
+<p><img src="GGUS_Graph_WaitingForSubmitter-workflow.png" alt="Waiting for submitter workflow"></p>
\ No newline at end of file
diff --git a/612/internal/helpdesk/workflows/waiting-for-submitter/GGUS_Graph_WaitingForSubmitter-workflow.png b/612/internal/helpdesk/workflows/waiting-for-submitter/GGUS_Graph_WaitingForSubmitter-workflow.png
new file mode 100644
index 0000000000..71ecda00aa
Binary files /dev/null and b/612/internal/helpdesk/workflows/waiting-for-submitter/GGUS_Graph_WaitingForSubmitter-workflow.png differ
diff --git a/612/internal/helpdesk/workflows/waiting-for-submitter/index.html b/612/internal/helpdesk/workflows/waiting-for-submitter/index.html
new file mode 100644
index 0000000000..8f5968bd72
--- /dev/null
+++ b/612/internal/helpdesk/workflows/waiting-for-submitter/index.html
@@ -0,0 +1,110 @@
+Closing tickets lacking of submitter input | Documentation
+
+
+
+
+
+
Closing tickets lacking of submitter input
Process for closing tickets lacking of submitter’s input
Introduction
After discussions in the GGUS-AB and the
+OMB meetings, members agreed on
+implementing a work flow for closing tickets waiting for submitter input after a
+reasonable amount of time. This work flow was also presented at the
+UCB meeting.
Status value “waiting for reply”
The status value “waiting for reply” should only be used when input from the
+ticket submitter is required. Setting the ticket status to “waiting for reply”
+in GGUS triggers an email notification to the submitter’s email address
+registered in the ticket. After the submitter has replied either by
sending an email using the same sender mail address as registered in the
+ticket or by
updating the ticket in web portal using the same credentials/certificate used
+for submitting the ticket,
the ticket status changes to “in progress” automatically. Updates on the ticket
+done using different credentials/certificates or email addresses than registered
+in the ticket will not be recognized as reply by the system and hence have no
+impact on the work flow. The status value “waiting for reply” must not be used
+in case of waiting for input of any other person involved in the solving
+process.
Workflow
First action
5 working days after setting the ticket status to “waiting for reply” the first
+reminder is sent to the ticket submitter requesting input. The ticket will also
+be added to the
+ticket monitoring dashboard.
+The ticket monitoring team will make sure that the status value “waiting for
+reply” is used in a correct sense.
Second action
In case the submitter does not reply, the second reminder is sent to the ticket
+submitter requesting input after 5 more working days.
Third action
In case the submitter does not reply after another 5 more working days the
+ticket monitoring team gets notified. The monitoring team will check the ticket
+for any updates by the submitter not recognized by the system and set the ticket
+status to “unsolved” if none. The ticket will follow the usual process for
+“solved”/“unsolved” tickets and be closed after 10 working days without
+re-opening the ticket again.
Action
Ticket Status
Working Days
Work Flow
1
waiting for reply
5
first reminder to submitter; adding ticket to monitoring dashboard
2
waiting for reply
5
second reminder to submitter
3
waiting for reply
5
notification to monitoring team; the monitoring team sets status “unsolved”
4
unsolved
10
manuel status change to “closed” by ticket monitoring team
Summary
In this workflow there is always a human intervention before closing a ticket.
+The submitter has 15 working days in total for replying to a ticket.
+Additionally, they have 10 more working days for re-opening the ticket in case
+they do not agree with setting the ticket to “unsolved”.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/helpdesk/workflows/waiting-for-submitter/index.xml b/612/internal/helpdesk/workflows/waiting-for-submitter/index.xml
new file mode 100644
index 0000000000..36bfb21c90
--- /dev/null
+++ b/612/internal/helpdesk/workflows/waiting-for-submitter/index.xml
@@ -0,0 +1 @@
+Documentation – Closing tickets lacking of submitter input/internal/helpdesk/workflows/waiting-for-submitter/Recent content in Closing tickets lacking of submitter input on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/index.html b/612/internal/index.html
new file mode 100644
index 0000000000..895538bd24
--- /dev/null
+++ b/612/internal/index.html
@@ -0,0 +1,88 @@
+Internal Services | Documentation
+
+
+
+
+
+
Internal Services
Documentation for internal EGI services
This section contains documentation about the
+internal EGI services. These services
+are being operated centrally on behalf of EGI, and are supporting the
+coordination of the EGI Federation.
Note
See the User Guides section
+for documentation about public EGI services, and the
+Service Providers section for details on how to integrate
+providers into the EGI Federation.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/index.xml b/612/internal/index.xml
new file mode 100644
index 0000000000..15eca91573
--- /dev/null
+++ b/612/internal/index.xml
@@ -0,0 +1 @@
+Documentation – Internal Services/internal/Recent content in Internal Services on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/messaging/index.html b/612/internal/messaging/index.html
new file mode 100644
index 0000000000..aa8a4651c5
--- /dev/null
+++ b/612/internal/messaging/index.html
@@ -0,0 +1,122 @@
+Messaging service | Documentation
+
+
+
+
+
+
Messaging service
Messaging service supporting other central services
What is it?
The EGI Messaging Service is powered by ARGO Messaging Service (AMS), a
+real-time messaging service that allows the user to send and receive messages
+between independent applications.
It’s a Publish/Subscribe Service implementing the Google PubSub protocol and
+providing an HTTP API that enables Users/Systems to implement message oriented
+service using the Publish/Subscribe Model over plain HTTP.
This central service is used by other EGI central services in order to exchange
+messages, like for sending information about accounting or resources available
+at a cloud site. More specifically, the services that use the Messaging service
+are:
AAI Federation Registry: uses the service to exchange information among
+the different components (examples: SimpleSamlPHP, MITREid, Keycloak).
Operations Portal: reads the alarms from predefined topics, stores them in
+a database and displays them in the operations portal.
Accounting: uses the service as a transport layer for collecting
+accounting data from the sites. The accounting information is gathered from
+different collectors into a central accounting repository where it is
+processed to generate statistical summaries that are available through the
+EGI Accounting Portal.
FedCloud: used the service as a transport layer for the cloud information
+system. It makes use of the ams-authN. The entry point for users, topics and
+subscriptions is the Configuration Database.
ARGO Availability and Reliability Monitoring Service: It uses the service
+to send the messages from the monitoring engine to other components.
Features
Ease of use: it supports an HTTP API and a python library so as to easily
+integrate with the service.
Push Delivery: the service instantly pushes asynchronous event
+notifications when messages are published to the message topic. Subscribers
+are notified when a message is available.
Replay messages: replay messages that have been acknowledged by seeking a
+timestamp.
Schema Support: on demand mechanism that enables a) the definition of the
+expected payload schema, b) the definition of the expected set of attributes
+and values and c) the validation for each message if the requirements are met
+and immediately notify the client.
Replicate messages on multiple topics: Republisher script that consumes
+and publishes messages for specific topics (e.g. sites).
It supports both push and pull message delivery. In push delivery, the Messaging
+Service initiates requests to the subscriber application to deliver messages. In
+pull delivery, the subscription application initiates requests to the server to
+retrieve messages.
Apart from the main service a number of valuable components are also supported.
+These components are extensively used by the connected services.
Argo-ams-library: a simple library written in python to interact with the
+ARGO Messaging Service.
Argo-AuthN: Argo-authN is a new Authentication Service. This service
+provides the ability to different services to use alternative authentication
+mechanisms without having to store additional user info or implement new
+functionalities. The authentication service holds various information about a
+service’s users, hosts, API URLs, etc, and leverages them to provide its
+functionality.
AMS Metrics: Metrics about the service
Architecture
Instead of focusing on a single Messaging service specification for handling the
+logic of publishing/subscribing to the broker network, the service focuses on
+creating nodes of Publishers and Subscribers as a Service. In the
+Publish/Subscribe paradigm, Publishers are users/systems that can send messages
+to named-channels called Topics. Subscribers are users/systems that create
+Subscriptions to specific topics and receive messages.
As shown in Figure below, the current deployment of messaging service comprises
+a haproxy server, which acts as a load balancer for the 3 AMS servers running in
+the backend.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/messaging/service-information/index.xml b/612/internal/messaging/service-information/index.xml
new file mode 100644
index 0000000000..230c83c6f9
--- /dev/null
+++ b/612/internal/messaging/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/messaging/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/monitoring/index.html b/612/internal/monitoring/index.html
new file mode 100644
index 0000000000..871ca0c89b
--- /dev/null
+++ b/612/internal/monitoring/index.html
@@ -0,0 +1,102 @@
+Service Monitoring | Documentation
+
+
+
+
+
+
Service Monitoring
Monitor performance of EGI services
What is it?
The EGI Service Monitoringkeeps an eye on the
+performance of the EGI services to quickly detect and resolve issues.
The service monitors the infrastructure by collecting data generated by
+functional probes. The raw data is merged into statistics and available through
+the user interface in a user-friendly way. It provides automated reporting tools
+with minimal development or operational effort for setting up monitoring.
Note
Documentation for Service Monitoring is
+available
+on the ARGO site.
Accessing the monitoring information
In order to access the information it’s required to have an X509 client
+certificate provided by an IGTF-accredited Certificate
+Authority.
For people not having access to an IGTF client certificate it’s possible to
+access Availability and Reliability information on the
+EGI ARGO page.
Service Monitoring endpoints
Different service instances are available for different purposes:
The endpoint for uncertified sites is using a certificate from a Certificate
+Authority (CA) that is part of the
+IGTF distribution but that is
+not in the default Operating System and browser stores.
Your browser may be presenting you a security warning about an unknown CA,
+it’s a known issue with certificate having IGTF trust but not public trust
+(ie. not by default in the Operating Systems and browsers’ trust stores).
If you want to address this you can try to manually download the certificate for
+the ROOT CA and add it to your trust store and mark it as trusted. The exact
+process is dependant on the Operating System and browser that you use.
Access rules
For an individual site, people having specific roles for the site can access
+using the X509 certificate linked to their account in
+Configuration Database:
Site Administrator
Site Operations Manager
For all sites, the members of the
+dteam VO can access.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/monitoring/service-information/index.xml b/612/internal/monitoring/service-information/index.xml
new file mode 100644
index 0000000000..9de34dd94c
--- /dev/null
+++ b/612/internal/monitoring/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/monitoring/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/operations-portal/index.html b/612/internal/operations-portal/index.html
new file mode 100644
index 0000000000..0a3b01e911
--- /dev/null
+++ b/612/internal/operations-portal/index.html
@@ -0,0 +1,87 @@
+Operations Portal | Documentation
+
+
+
+
+
+
Operations Portal
Central portal supporting EGI infrastructure operations
What is it?
The EGI Operations Portal is a central
+portal for supporting the operations and coordination of the EGI Infrastructure.
+It offers a bundle of different capabilities, such as:
The Broadcast tool: used to contact and inform the different actors of the
+project for specific problems or global announcements.
The operations and security dashboards: to detect, track and follow-up
+problems and incident on the resource centers.
The VO Management tools: to register, update, consult information about
+virtual communities.
The Metrics module: to provide metrics and indicators about the different
+activities of the project linked to VOs, users.
The SLA module: to provide information about performances for the cloud
+sites and SLA Violations for different group of services.
Note
Documentation for the Operations Portal
+is available in the EGI Wiki.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/operations-portal/index.xml b/612/internal/operations-portal/index.xml
new file mode 100644
index 0000000000..62c82e5d9d
--- /dev/null
+++ b/612/internal/operations-portal/index.xml
@@ -0,0 +1,81 @@
+Documentation – Operations Portal/internal/operations-portal/Recent content in Operations Portal on DocumentationHugo -- gohugo.ioInternal: Service information/internal/operations-portal/service-information/Mon, 01 Jan 0001 00:00:00 +0000/internal/operations-portal/service-information/
+<h2 id="identity-card">Identity card</h2>
+<!-- markdownlint-disable no-inline-html no-bare-urls -->
+<table>
+<thead>
+<tr>
+<th>Property</th>
+<th>Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Name</td>
+<td>Operation Portal</td>
+</tr>
+<tr>
+<td>Description</td>
+<td>Provision of VO management functions and other capabilities supporting the daily operations of EGI</td>
+</tr>
+<tr>
+<td>URL</td>
+<td><a href="https://operations-portal.egi.eu/">https://operations-portal.egi.eu/</a></td>
+</tr>
+<tr>
+<td>Support Email</td>
+<td><code>cic-information</code> at <code>in2p3.fr</code></td>
+</tr>
+<tr>
+<td><a href="../../helpdesk">Helpdesk</a> Support Unit</td>
+<td><strong>EGI Services and Service Components</strong> <br/> I__ Operations Portal</td>
+</tr>
+<tr>
+<td>Configuration Database entry</td>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=568">https://goc.egi.eu/portal/index.php?Page_Type=Site&id=568</a></td>
+</tr>
+<tr>
+<td>Supplier</td>
+<td>CNRS</td>
+</tr>
+<tr>
+<td>Roadmap</td>
+<td></td>
+</tr>
+<tr>
+<td>Release notes</td>
+<td><a href="https://operations-portal.egi.eu/home/tasksList">Release notes</a></td>
+</tr>
+<tr>
+<td>Source code</td>
+<td><a href="https://gitlab.in2p3.fr/opsportal/sf3">https://gitlab.in2p3.fr/opsportal/sf3</a></td>
+</tr>
+<tr>
+<td>Issue tracker for developers</td>
+<td><a href="https://gitlab.in2p3.fr/opsportal/sf3/-/issues">https://gitlab.in2p3.fr/opsportal/sf3/-/issues</a></td>
+</tr>
+<tr>
+<td>License</td>
+<td>Apache 2</td>
+</tr>
+<tr>
+<td>Privacy Policy</td>
+<td><a href="https://operations-portal.egi.eu/home/a/aup">https://operations-portal.egi.eu/home/a/aup</a></td>
+</tr>
+</tbody>
+</table>
+<!-- markdownlint-enable no-inline-html no-bare-urls -->Internal: Using VAPOR/internal/operations-portal/using-vapor/Mon, 01 Jan 0001 00:00:00 +0000/internal/operations-portal/using-vapor/
+<h2 id="what-is-it">What is it?</h2>
+<p>VAPOR is a component of the Operations Portal allowing to query the information
+system, aggregating information from Top BDII and
+<a href="../../configuration-database">EGI Configuration Database</a>.</p>
+<h2 id="using-vapor-to-query-resources-using-a-graphical-interface">Using VAPOR to query resources using a graphical interface</h2>
+<p><a href="https://operations-portal.egi.eu/vapor/">VAPOR</a>, a component of the
+<a href="../../../internal/operations-portal">Operations Portal</a>, provides a graphical
+resources explorer.</p>
+<p>It can be used as an alternative to querying the Top BDII using <code>ldapsearch</code>.</p>
+<p><img src="vapor-dteam-computing-overview.png" alt="VAPOR: overview of resources for dteam"></p>
+<p>Using the left menu you can select a VO and filter the different resources
+types.</p>
+<p><img src="vapor-dteam-computing-shares.png" alt="VAPOR: filtering resources for dteam"></p>
+<p>VAPOR will list the matching resources.</p>
+<p><img src="vapor-dteam-computing-resources.png" alt="VAPOR: detail of resources for dteam"></p>
\ No newline at end of file
diff --git a/612/internal/operations-portal/service-information/index.html b/612/internal/operations-portal/service-information/index.html
new file mode 100644
index 0000000000..ce5dfffee6
--- /dev/null
+++ b/612/internal/operations-portal/service-information/index.html
@@ -0,0 +1,79 @@
+Service information | Documentation
+
+
+
+
+
+
Service information
Technical details of the Operation Portal
Identity card
Property
Value
Name
Operation Portal
Description
Provision of VO management functions and other capabilities supporting the daily operations of EGI
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/operations-portal/service-information/index.xml b/612/internal/operations-portal/service-information/index.xml
new file mode 100644
index 0000000000..8bddd61043
--- /dev/null
+++ b/612/internal/operations-portal/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/operations-portal/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/operations-portal/using-vapor/index.html b/612/internal/operations-portal/using-vapor/index.html
new file mode 100644
index 0000000000..6ab14fd7cb
--- /dev/null
+++ b/612/internal/operations-portal/using-vapor/index.html
@@ -0,0 +1,84 @@
+Using VAPOR | Documentation
+
+
+
+
+
+
Using VAPOR
Using VAPOR
What is it?
VAPOR is a component of the Operations Portal allowing to query the information
+system, aggregating information from Top BDII and
+EGI Configuration Database.
Using VAPOR to query resources using a graphical interface
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/operations-portal/using-vapor/index.xml b/612/internal/operations-portal/using-vapor/index.xml
new file mode 100644
index 0000000000..4e0de4f90b
--- /dev/null
+++ b/612/internal/operations-portal/using-vapor/index.xml
@@ -0,0 +1 @@
+Documentation – Using VAPOR/internal/operations-portal/using-vapor/Recent content in Using VAPOR on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/internal/operations-portal/using-vapor/vapor-dteam-computing-overview.png b/612/internal/operations-portal/using-vapor/vapor-dteam-computing-overview.png
new file mode 100644
index 0000000000..3ead7cbfd1
Binary files /dev/null and b/612/internal/operations-portal/using-vapor/vapor-dteam-computing-overview.png differ
diff --git a/612/internal/operations-portal/using-vapor/vapor-dteam-computing-resources.png b/612/internal/operations-portal/using-vapor/vapor-dteam-computing-resources.png
new file mode 100644
index 0000000000..dbc5c2fd8d
Binary files /dev/null and b/612/internal/operations-portal/using-vapor/vapor-dteam-computing-resources.png differ
diff --git a/612/internal/operations-portal/using-vapor/vapor-dteam-computing-shares.png b/612/internal/operations-portal/using-vapor/vapor-dteam-computing-shares.png
new file mode 100644
index 0000000000..e54382c329
Binary files /dev/null and b/612/internal/operations-portal/using-vapor/vapor-dteam-computing-shares.png differ
diff --git a/612/internal/security-coordination/index.html b/612/internal/security-coordination/index.html
new file mode 100644
index 0000000000..e73414db02
--- /dev/null
+++ b/612/internal/security-coordination/index.html
@@ -0,0 +1,113 @@
+Security Coordination | Documentation
+
+
+
+
+
+
Security Coordination
Enhance local security for a safer global infrastructure
What is it?
Security Coordination improves the capabilities of local security activities for
+a safer federated infrastructure environment.
The EGI Computer Security Incident Response Team
+(EGI CSIRT) has the tools and the knowledge to run
+Security Coordination on behalf of the federation. The EGI CSIRT is a certified
+Trusted Introducer since 2015.
Security Coordination is especially important in a federated environment, where
+incidents are often not isolated and can affect several service providers. A
+coordinated response is essential to minimize the impact of incidents and
+vulnerabilities.
This service provides:
Security Operations Coordination - Central coordination of the security
+activities ensures that policies, operational security, and maintenance are
+compatible amongst all partners, improving availability and lowering access
+barriers for use of the infrastructure.
Security Policy Coordination - The Security Policy Group
+(SPG) develops policies
+covering diverse aspects, including operational policies (agreements on
+vulnerability management, intrusion detection and prevention, regulation of
+access, and enforcement), incident response policies (governing the exchange
+of information and expected actions), participant responsibilities (including
+acceptable use policies, identifying users and managing user communities),
+traceability, legal aspects, and the protection of personal data.
Software Vulnerability Group Coordination - The Software Vulnerability
+Group SVG
+aims to eliminate existing software vulnerabilities from the deployed
+infrastructure and prevent the introduction of new ones, and runs a process
+for handling software vulnerabilities reported.
International Grid Trust Federation (IGTF) and EUGridPMA - Representation
+of EGI in IGTF and EUGridPMA. A common authentication trust domain is required
+to persistently identify all EGI participants.
EGI Computer Security Incident Response Team
+(EGI CSIRT) expertise
Security Incident Response Coordination - Coordination of incident
+response activities in collaboration with the Incident Response Task Force
+(EGI-CSIRT IRTF).
Security monitoring - Monitoring services to check for
+security vulnerabilities and other security-related problems in the EGI
+production infrastructure.
Tools for Security Service Challenge support - Security challenges are a
+mechanism to check the compliance of sites/NGIs/EGI with security
+requirements. Runs of Security Service Challenges need a set of tools that are
+used during various stages of the runs.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/security-coordination/index.xml b/612/internal/security-coordination/index.xml
new file mode 100644
index 0000000000..0ac498388f
--- /dev/null
+++ b/612/internal/security-coordination/index.xml
@@ -0,0 +1,99 @@
+Documentation – Security Coordination/internal/security-coordination/Recent content in Security Coordination on DocumentationHugo -- gohugo.ioInternal: Service information/internal/security-coordination/service-information/Mon, 01 Jan 0001 00:00:00 +0000/internal/security-coordination/service-information/
+<h2 id="identity-card">Identity card</h2>
+<!-- markdownlint-disable no-inline-html no-bare-urls -->
+<table>
+<thead>
+<tr>
+<th>Property</th>
+<th>Value</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Name</td>
+<td>Security coordination</td>
+</tr>
+<tr>
+<td>Description</td>
+<td>Enhance local security for a safer global infrastructure</td>
+</tr>
+<tr>
+<td>URL</td>
+<td><a href="https://csirt.egi.eu">https://csirt.egi.eu</a></td>
+</tr>
+<tr>
+<td>Support Email</td>
+<td>abuse at egi.eu</td>
+</tr>
+<tr>
+<td><a href="..">Helpdesk</a> Support Unit</td>
+<td><strong>EGI Services and Service Components</strong> <br/> I__ Security Coordination <br/> I__ Security Monitoring</td>
+</tr>
+<tr>
+<td>Configuration Database entry</td>
+<td><a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=968">https://goc.egi.eu/portal/index.php?Page_Type=Site&id=968</a> <br /> <a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&id=1127">https://goc.egi.eu/portal/index.php?Page_Type=Site&id=1127</a></td>
+</tr>
+<tr>
+<td>Supplier</td>
+<td>UKRI, FOM-Nikhef, CERN, CESNET, GRNET, IJS</td>
+</tr>
+<tr>
+<td>Roadmap</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Release notes</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Source code</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Issue tracker for developers</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>License</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>Privacy Policy</td>
+<td>N/A</td>
+</tr>
+</tbody>
+</table>
+<!-- markdownlint-enable no-inline-html no-bare-urls -->Internal: Security Monitoring/internal/security-coordination/monitoring/Mon, 01 Jan 0001 00:00:00 +0000/internal/security-coordination/monitoring/
+<h2 id="what-is-it">What is it?</h2>
+<p>EGI is an interconnected federation where a single vulnerable place may have a
+huge impact on the whole infrastructure. In order to recognise the risks and to
+address potential vulnerabilities in a timely manner, the EGI Security
+Monitoring provides an oversight of the infrastructure from the security
+standpoint.</p>
+<p>Also, sites connected to EGI differ significantly in the level of security and
+detecting weaknesses exposed by the sites allows the EGI security operations to
+contact the sites before the issue leads to an incident.</p>
+<p>Information produced by security monitoring is also important during assessment
+of new risks and vulnerabilities since it enables to identify the scope and
+impact of a potential security incident.</p>
+<h2 id="technical-description">Technical description</h2>
+<p>This service includes the following components.</p>
+<h3 id="secmon">Secmon</h3>
+<p>A Nagios-based service provided to monitor a range of assets like CRLs, file
+system permissions, vulnerable file permissions etc.</p>
+<p>Ad-hoc probes are deployed to support incident management, to assess the
+vulnerability of the infrastructure with regards to specific security issues and
+for proactive security management.</p>
+<p>The results produced are available to the EGI Security dashboard of the
+<a href="../../operations-portal">Operations Portal</a> for visualisation.</p>
+<h3 id="pakiti">Pakiti</h3>
+<p><a href="./pakiti">Pakiti</a> is the monitoring and notification service which is
+responsible for checking the patching status of systems.</p>
+<p>The results produced are available to the EGI Security dashboard of the
+<a href="../../operations-portal">Operations Portal</a> for visualisation.</p>
+<h3 id="incident-reporting-tool">Incident reporting tool</h3>
+<p>Ticketing system for tracking of incident.</p>
+<h3 id="tools-for-security-service-challenge-support">Tools for Security Service Challenge support</h3>
+<p>Security challenges are a mechanism to check the compliance of sites/NGIs/EGI
+with security requirements. Runs of Security Service Challenges need a set of
+tools that are used during various stages of the runs.</p>
\ No newline at end of file
diff --git a/612/internal/security-coordination/monitoring/index.html b/612/internal/security-coordination/monitoring/index.html
new file mode 100644
index 0000000000..0ba14ab243
--- /dev/null
+++ b/612/internal/security-coordination/monitoring/index.html
@@ -0,0 +1,95 @@
+Security Monitoring | Documentation
+
+
+
+
+
+
Security Monitoring
Security Monitoring for EGI Resources Providers and Services
What is it?
EGI is an interconnected federation where a single vulnerable place may have a
+huge impact on the whole infrastructure. In order to recognise the risks and to
+address potential vulnerabilities in a timely manner, the EGI Security
+Monitoring provides an oversight of the infrastructure from the security
+standpoint.
Also, sites connected to EGI differ significantly in the level of security and
+detecting weaknesses exposed by the sites allows the EGI security operations to
+contact the sites before the issue leads to an incident.
Information produced by security monitoring is also important during assessment
+of new risks and vulnerabilities since it enables to identify the scope and
+impact of a potential security incident.
Technical description
This service includes the following components.
Secmon
A Nagios-based service provided to monitor a range of assets like CRLs, file
+system permissions, vulnerable file permissions etc.
Ad-hoc probes are deployed to support incident management, to assess the
+vulnerability of the infrastructure with regards to specific security issues and
+for proactive security management.
The results produced are available to the EGI Security dashboard of the
+Operations Portal for visualisation.
Pakiti
Pakiti is the monitoring and notification service which is
+responsible for checking the patching status of systems.
The results produced are available to the EGI Security dashboard of the
+Operations Portal for visualisation.
Incident reporting tool
Ticketing system for tracking of incident.
Tools for Security Service Challenge support
Security challenges are a mechanism to check the compliance of sites/NGIs/EGI
+with security requirements. Runs of Security Service Challenges need a set of
+tools that are used during various stages of the runs.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/security-coordination/monitoring/index.xml b/612/internal/security-coordination/monitoring/index.xml
new file mode 100644
index 0000000000..0cce0f9e40
--- /dev/null
+++ b/612/internal/security-coordination/monitoring/index.xml
@@ -0,0 +1,53 @@
+Documentation – Security Monitoring/internal/security-coordination/monitoring/Recent content in Security Monitoring on DocumentationHugo -- gohugo.ioInternal: Pakiti/internal/security-coordination/monitoring/pakiti/Mon, 01 Jan 0001 00:00:00 +0000/internal/security-coordination/monitoring/pakiti/
+<h2 id="pakiti">Pakiti</h2>
+<p><a href="https://github.com/CESNET/pakiti-server">Pakiti</a> is a client-server tool to
+collect and evaluate data about packages installed on Linux machines, primarily
+meant to identify vulnerable SW that have not been properly updated. The
+<a href="https://csirt.egi.eu">EGI CSIRT</a> operates the
+<a href="https://pakiti.egi.eu">EGI Pakiti instance</a> that is used to monitor the state
+of the EGI sites.</p>
+<h2 id="pakiti-client">Pakiti client</h2>
+<p>The <code>pakiti-client</code> can be used to send package informations to
+<a href="https://pakiti.egi.eu">pakiti.egi.eu</a>.</p>
+<p>If you have the proper credentials in the
+<a href="../../../configuration-database">Configuration Database</a> and submit your report
+with the correct <code>SITE_NAME</code>, you, your <em>NGI-CSIRT</em> and the <em>EGI-CSIRT</em> will be
+able to monitor the packages installed on your hosts and potentially
+vulnerabilities. The results can be accessed on the
+<a href="https://pakiti.egi.eu">EGI Pakiti central instance</a>.</p>
+<h3 id="running-the-pakiti-client-from-cvmfs-for-egi">Running the Pakiti client from CVMFS for EGI</h3>
+<p>If you have CVMFS installed and configured to mount <code>grid.cern.ch</code>, you can run
+pakiti by simply running:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ /cvmfs/grid.cern.ch/pakiti/bin/pakiti-client <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --url <span style="color:#4e9a06">"https://pakiti.egi.eu/feed/"</span> <span style="color:#4e9a06">\
+</span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --site SITE_NAME
+</span></span></code></pre></div><blockquote>
+<p>Please remember to replace SITE_NAME by your actual site name</p>
+</blockquote>
+<h3 id="manual-installation">Manual installation</h3>
+<h4 id="installing-the-pakiti-client">Installing the Pakiti client</h4>
+<p>The <code>pakiti-client</code> is now available from
+<a href="https://docs.fedoraproject.org/en-US/epel/">EPEL</a>. If your machine already has
+EPEL enabled, the following command is enough to install it:</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ yum install pakiti-client
+</span></span></code></pre></div><h4 id="running-the-pakiti-client-for-egi">Running the Pakiti client for EGI</h4>
+<p>With the package and the configuration, the following commands will run the</p>
+<p><code>pakiti-client</code> and transmit all its data to the EGI CSIRT pakiti instance!</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ pakiti-client --url <span style="color:#4e9a06">"https://pakiti.egi.eu/feed/"</span> --site SITE_NAME
+</span></span></code></pre></div><blockquote>
+<p>Please remember to replace SITE_NAME by your actual site name</p>
+</blockquote>
+<h3 id="puppet-installation">Puppet Installation</h3>
+<p>The simplest way to configure and run the <code>pakiti-client</code> on a cluster is to use
+puppet: You just need to create a file and a manifest.</p>
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-puppet" data-lang="puppet"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">package</span> <span style="color:#000;font-weight:bold">{</span> <span style="color:#4e9a06">'pakiti-client'</span><span style="color:#000;font-weight:bold">:</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span> <span style="color:#c4a000">ensure</span> <span style="color:#ce5c00;font-weight:bold">=></span> <span style="color:#4e9a06">'present'</span><span style="color:#000;font-weight:bold">,</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span><span style="color:#000;font-weight:bold">}</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span><span style="color:#204a87;font-weight:bold">cron</span> <span style="color:#000;font-weight:bold">{</span> <span style="color:#4e9a06">'pakiti-egi'</span><span style="color:#000;font-weight:bold">:</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span> <span style="color:#c4a000">ensure</span> <span style="color:#ce5c00;font-weight:bold">=></span> <span style="color:#4e9a06">'present'</span><span style="color:#000;font-weight:bold">,</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span> <span style="color:#c4a000">command</span> <span style="color:#ce5c00;font-weight:bold">=></span> <span style="color:#4e9a06">'pakiti-client --url "https://pakiti.egi.eu/feed/" --site SITE_NAME'</span><span style="color:#000;font-weight:bold">,</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span> <span style="color:#204a87;font-weight:bold">user</span> <span style="color:#ce5c00;font-weight:bold">=></span> <span style="color:#4e9a06">'nobody'</span><span style="color:#000;font-weight:bold">,</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span> <span style="color:#c4a000">hour</span> <span style="color:#ce5c00;font-weight:bold">=></span> <span style="color:#204a87;font-weight:bold">fqdn_rand</span><span style="color:#000;font-weight:bold">(</span><span style="color:#0000cf;font-weight:bold">24</span><span style="color:#000;font-weight:bold">),</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span> <span style="color:#c4a000">minute</span> <span style="color:#ce5c00;font-weight:bold">=></span> <span style="color:#204a87;font-weight:bold">fqdn_rand</span><span style="color:#000;font-weight:bold">(</span><span style="color:#0000cf;font-weight:bold">60</span><span style="color:#000;font-weight:bold">),</span><span style="color:#a40000">
+</span></span></span><span style="display:flex;"><span><span style="color:#a40000"></span><span style="color:#000;font-weight:bold">}</span><span style="color:#a40000">
+</span></span></span></code></pre></div>
\ No newline at end of file
diff --git a/612/internal/security-coordination/monitoring/pakiti/index.html b/612/internal/security-coordination/monitoring/pakiti/index.html
new file mode 100644
index 0000000000..8c46fb5016
--- /dev/null
+++ b/612/internal/security-coordination/monitoring/pakiti/index.html
@@ -0,0 +1,109 @@
+Pakiti | Documentation
+
+
+
+
+
+
Pakiti
Monitoring patch status
Pakiti
Pakiti is a client-server tool to
+collect and evaluate data about packages installed on Linux machines, primarily
+meant to identify vulnerable SW that have not been properly updated. The
+EGI CSIRT operates the
+EGI Pakiti instance that is used to monitor the state
+of the EGI sites.
Pakiti client
The pakiti-client can be used to send package informations to
+pakiti.egi.eu.
If you have the proper credentials in the
+Configuration Database and submit your report
+with the correct SITE_NAME, you, your NGI-CSIRT and the EGI-CSIRT will be
+able to monitor the packages installed on your hosts and potentially
+vulnerabilities. The results can be accessed on the
+EGI Pakiti central instance.
Running the Pakiti client from CVMFS for EGI
If you have CVMFS installed and configured to mount grid.cern.ch, you can run
+pakiti by simply running:
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/612/internal/security-coordination/service-information/index.xml b/612/internal/security-coordination/service-information/index.xml
new file mode 100644
index 0000000000..05013c9e06
--- /dev/null
+++ b/612/internal/security-coordination/service-information/index.xml
@@ -0,0 +1 @@
+Documentation – Service information/internal/security-coordination/service-information/Recent content in Service information on DocumentationHugo -- gohugo.io
\ No newline at end of file
diff --git a/612/js/deflate.js b/612/js/deflate.js
new file mode 100644
index 0000000000..b452c84e9e
--- /dev/null
+++ b/612/js/deflate.js
@@ -0,0 +1,1652 @@
+/* Copyright (C) 1999 Masanao Izumo
+* Version: 1.0.1
+* LastModified: Dec 25 1999
+*/
+
+/* Interface:
+* data = deflate(src);
+*/
+const deflate = (function () {
+ /* constant parameters */
+ var zip_WSIZE = 32768; // Sliding Window size
+ var zip_STORED_BLOCK = 0;
+ var zip_STATIC_TREES = 1;
+ var zip_DYN_TREES = 2;
+
+ /* for deflate */
+ var zip_DEFAULT_LEVEL = 6;
+ var zip_FULL_SEARCH = true;
+ var zip_INBUFSIZ = 32768; // Input buffer size
+ var zip_INBUF_EXTRA = 64; // Extra buffer
+ var zip_OUTBUFSIZ = 1024 * 8;
+ var zip_window_size = 2 * zip_WSIZE;
+ var zip_MIN_MATCH = 3;
+ var zip_MAX_MATCH = 258;
+ var zip_BITS = 16;
+ // for SMALL_MEM
+ var zip_LIT_BUFSIZE = 0x2000;
+ var zip_HASH_BITS = 13;
+ // for MEDIUM_MEM
+ // var zip_LIT_BUFSIZE = 0x4000;
+ // var zip_HASH_BITS = 14;
+ // for BIG_MEM
+ // var zip_LIT_BUFSIZE = 0x8000;
+ // var zip_HASH_BITS = 15;
+ //if(zip_LIT_BUFSIZE > zip_INBUFSIZ)
+ // alert("error: zip_INBUFSIZ is too small");
+ //if((zip_WSIZE<<1) > (1< zip_BITS-1)
+ // alert("error: zip_HASH_BITS is too large");
+ //if(zip_HASH_BITS < 8 || zip_MAX_MATCH != 258)
+ // alert("error: Code too clever");
+ var zip_DIST_BUFSIZE = zip_LIT_BUFSIZE;
+ var zip_HASH_SIZE = 1 << zip_HASH_BITS;
+ var zip_HASH_MASK = zip_HASH_SIZE - 1;
+ var zip_WMASK = zip_WSIZE - 1;
+ var zip_NIL = 0; // Tail of hash chains
+ var zip_TOO_FAR = 4096;
+ var zip_MIN_LOOKAHEAD = zip_MAX_MATCH + zip_MIN_MATCH + 1;
+ var zip_MAX_DIST = zip_WSIZE - zip_MIN_LOOKAHEAD;
+ var zip_SMALLEST = 1;
+ var zip_MAX_BITS = 15;
+ var zip_MAX_BL_BITS = 7;
+ var zip_LENGTH_CODES = 29;
+ var zip_LITERALS = 256;
+ var zip_END_BLOCK = 256;
+ var zip_L_CODES = zip_LITERALS + 1 + zip_LENGTH_CODES;
+ var zip_D_CODES = 30;
+ var zip_BL_CODES = 19;
+ var zip_REP_3_6 = 16;
+ var zip_REPZ_3_10 = 17;
+ var zip_REPZ_11_138 = 18;
+ var zip_HEAP_SIZE = 2 * zip_L_CODES + 1;
+ var zip_H_SHIFT = parseInt((zip_HASH_BITS + zip_MIN_MATCH - 1) /
+ zip_MIN_MATCH);
+
+ /* variables */
+ var zip_free_queue;
+ var zip_qhead, zip_qtail;
+ var zip_initflag;
+ var zip_outbuf = null;
+ var zip_outcnt, zip_outoff;
+ var zip_complete;
+ var zip_window;
+ var zip_d_buf;
+ var zip_l_buf;
+ var zip_prev;
+ var zip_bi_buf;
+ var zip_bi_valid;
+ var zip_block_start;
+ var zip_ins_h;
+ var zip_hash_head;
+ var zip_prev_match;
+ var zip_match_available;
+ var zip_match_length;
+ var zip_prev_length;
+ var zip_strstart;
+ var zip_match_start;
+ var zip_eofile;
+ var zip_lookahead;
+ var zip_max_chain_length;
+ var zip_max_lazy_match;
+ var zip_compr_level;
+ var zip_good_match;
+ var zip_nice_match;
+ var zip_dyn_ltree;
+ var zip_dyn_dtree;
+ var zip_static_ltree;
+ var zip_static_dtree;
+ var zip_bl_tree;
+ var zip_l_desc;
+ var zip_d_desc;
+ var zip_bl_desc;
+ var zip_bl_count;
+ var zip_heap;
+ var zip_heap_len;
+ var zip_heap_max;
+ var zip_depth;
+ var zip_length_code;
+ var zip_dist_code;
+ var zip_base_length;
+ var zip_base_dist;
+ var zip_flag_buf;
+ var zip_last_lit;
+ var zip_last_dist;
+ var zip_last_flags;
+ var zip_flags;
+ var zip_flag_bit;
+ var zip_opt_len;
+ var zip_static_len;
+ var zip_deflate_data;
+ var zip_deflate_pos;
+
+ /* objects (deflate) */
+
+ function zip_DeflateCT() {
+ this.fc = 0; // frequency count or bit string
+ this.dl = 0; // father node in Huffman tree or length of bit string
+ }
+
+ function zip_DeflateTreeDesc() {
+ this.dyn_tree = null; // the dynamic tree
+ this.static_tree = null; // corresponding static tree or NULL
+ this.extra_bits = null; // extra bits for each code or NULL
+ this.extra_base = 0; // base index for extra_bits
+ this.elems = 0; // max number of elements in the tree
+ this.max_length = 0; // max bit length for the codes
+ this.max_code = 0; // largest code with non zero frequency
+ }
+
+ /* Values for max_lazy_match, good_match and max_chain_length, depending on
+ * the desired pack level (0..9). The values given below have been tuned to
+ * exclude worst case performance for pathological files. Better values may be
+ * found for specific files.
+ */
+ function zip_DeflateConfiguration(a, b, c, d) {
+ this.good_length = a; // reduce lazy search above this match length
+ this.max_lazy = b; // do not perform lazy search above this match length
+ this.nice_length = c; // quit search above this match length
+ this.max_chain = d;
+ }
+
+ function zip_DeflateBuffer() {
+ this.next = null;
+ this.len = 0;
+ this.ptr = new Array(zip_OUTBUFSIZ);
+ this.off = 0;
+ }
+
+ /* constant tables */
+ var zip_extra_lbits = [
+ 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0];
+ var zip_extra_dbits = [
+ 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13];
+ var zip_extra_blbits = [
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 3, 7];
+ var zip_bl_order = [16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15];
+ var zip_configuration_table = [
+ new zip_DeflateConfiguration(0, 0, 0, 0),
+ new zip_DeflateConfiguration(4, 4, 8, 4),
+ new zip_DeflateConfiguration(4, 5, 16, 8),
+ new zip_DeflateConfiguration(4, 6, 32, 32),
+ new zip_DeflateConfiguration(4, 4, 16, 16),
+ new zip_DeflateConfiguration(8, 16, 32, 32),
+ new zip_DeflateConfiguration(8, 16, 128, 128),
+ new zip_DeflateConfiguration(8, 32, 128, 256),
+ new zip_DeflateConfiguration(32, 128, 258, 1024),
+ new zip_DeflateConfiguration(32, 258, 258, 4096)];
+
+
+ /* routines (deflate) */
+
+ function zip_deflate_start(level) {
+ var i;
+
+ if (!level)
+ level = zip_DEFAULT_LEVEL;
+ else if (level < 1)
+ level = 1;
+ else if (level > 9)
+ level = 9;
+
+ zip_compr_level = level;
+ zip_initflag = false;
+ zip_eofile = false;
+ if (zip_outbuf != null)
+ return;
+
+ zip_free_queue = zip_qhead = zip_qtail = null;
+ zip_outbuf = new Array(zip_OUTBUFSIZ);
+ zip_window = new Array(zip_window_size);
+ zip_d_buf = new Array(zip_DIST_BUFSIZE);
+ zip_l_buf = new Array(zip_INBUFSIZ + zip_INBUF_EXTRA);
+ zip_prev = new Array(1 << zip_BITS);
+ zip_dyn_ltree = new Array(zip_HEAP_SIZE);
+ for (i = 0; i < zip_HEAP_SIZE; i++)
+ zip_dyn_ltree[i] = new zip_DeflateCT();
+ zip_dyn_dtree = new Array(2 * zip_D_CODES + 1);
+ for (i = 0; i < 2 * zip_D_CODES + 1; i++)
+ zip_dyn_dtree[i] = new zip_DeflateCT();
+ zip_static_ltree = new Array(zip_L_CODES + 2);
+ for (i = 0; i < zip_L_CODES + 2; i++)
+ zip_static_ltree[i] = new zip_DeflateCT();
+ zip_static_dtree = new Array(zip_D_CODES);
+ for (i = 0; i < zip_D_CODES; i++)
+ zip_static_dtree[i] = new zip_DeflateCT();
+ zip_bl_tree = new Array(2 * zip_BL_CODES + 1);
+ for (i = 0; i < 2 * zip_BL_CODES + 1; i++)
+ zip_bl_tree[i] = new zip_DeflateCT();
+ zip_l_desc = new zip_DeflateTreeDesc();
+ zip_d_desc = new zip_DeflateTreeDesc();
+ zip_bl_desc = new zip_DeflateTreeDesc();
+ zip_bl_count = new Array(zip_MAX_BITS + 1);
+ zip_heap = new Array(2 * zip_L_CODES + 1);
+ zip_depth = new Array(2 * zip_L_CODES + 1);
+ zip_length_code = new Array(zip_MAX_MATCH - zip_MIN_MATCH + 1);
+ zip_dist_code = new Array(512);
+ zip_base_length = new Array(zip_LENGTH_CODES);
+ zip_base_dist = new Array(zip_D_CODES);
+ zip_flag_buf = new Array(parseInt(zip_LIT_BUFSIZE / 8));
+ }
+
+ function zip_deflate_end() {
+ zip_free_queue = zip_qhead = zip_qtail = null;
+ zip_outbuf = null;
+ zip_window = null;
+ zip_d_buf = null;
+ zip_l_buf = null;
+ zip_prev = null;
+ zip_dyn_ltree = null;
+ zip_dyn_dtree = null;
+ zip_static_ltree = null;
+ zip_static_dtree = null;
+ zip_bl_tree = null;
+ zip_l_desc = null;
+ zip_d_desc = null;
+ zip_bl_desc = null;
+ zip_bl_count = null;
+ zip_heap = null;
+ zip_depth = null;
+ zip_length_code = null;
+ zip_dist_code = null;
+ zip_base_length = null;
+ zip_base_dist = null;
+ zip_flag_buf = null;
+ }
+
+ function zip_reuse_queue(p) {
+ p.next = zip_free_queue;
+ zip_free_queue = p;
+ }
+
+ function zip_new_queue() {
+ var p;
+
+ if (zip_free_queue != null) {
+ p = zip_free_queue;
+ zip_free_queue = zip_free_queue.next;
+ }
+ else
+ p = new zip_DeflateBuffer();
+ p.next = null;
+ p.len = p.off = 0;
+
+ return p;
+ }
+
+ function zip_head1(i) {
+ return zip_prev[zip_WSIZE + i];
+ }
+
+ function zip_head2(i, val) {
+ return zip_prev[zip_WSIZE + i] = val;
+ }
+
+ /* put_byte is used for the compressed output, put_ubyte for the
+ * uncompressed output. However unlzw() uses window for its
+ * suffix table instead of its output buffer, so it does not use put_ubyte
+ * (to be cleaned up).
+ */
+ function zip_put_byte(c) {
+ zip_outbuf[zip_outoff + zip_outcnt++] = c;
+ if (zip_outoff + zip_outcnt == zip_OUTBUFSIZ)
+ zip_qoutbuf();
+ }
+
+ /* Output a 16 bit value, lsb first */
+ function zip_put_short(w) {
+ w &= 0xffff;
+ if (zip_outoff + zip_outcnt < zip_OUTBUFSIZ - 2) {
+ zip_outbuf[zip_outoff + zip_outcnt++] = (w & 0xff);
+ zip_outbuf[zip_outoff + zip_outcnt++] = (w >>> 8);
+ } else {
+ zip_put_byte(w & 0xff);
+ zip_put_byte(w >>> 8);
+ }
+ }
+
+ /* ==========================================================================
+ * Insert string s in the dictionary and set match_head to the previous head
+ * of the hash chain (the most recent string with same hash key). Return
+ * the previous length of the hash chain.
+ * IN assertion: all calls to to INSERT_STRING are made with consecutive
+ * input characters and the first MIN_MATCH bytes of s are valid
+ * (except for the last MIN_MATCH-1 bytes of the input file).
+ */
+ function zip_INSERT_STRING() {
+ zip_ins_h = ((zip_ins_h << zip_H_SHIFT)
+ ^ (zip_window[zip_strstart + zip_MIN_MATCH - 1] & 0xff))
+ & zip_HASH_MASK;
+ zip_hash_head = zip_head1(zip_ins_h);
+ zip_prev[zip_strstart & zip_WMASK] = zip_hash_head;
+ zip_head2(zip_ins_h, zip_strstart);
+ }
+
+ /* Send a code of the given tree. c and tree must not have side effects */
+ function zip_SEND_CODE(c, tree) {
+ zip_send_bits(tree[c].fc, tree[c].dl);
+ }
+
+ /* Mapping from a distance to a distance code. dist is the distance - 1 and
+ * must not have side effects. dist_code[256] and dist_code[257] are never
+ * used.
+ */
+ function zip_D_CODE(dist) {
+ return (dist < 256 ? zip_dist_code[dist]
+ : zip_dist_code[256 + (dist >> 7)]) & 0xff;
+ }
+
+ /* ==========================================================================
+ * Compares to subtrees, using the tree depth as tie breaker when
+ * the subtrees have equal frequency. This minimizes the worst case length.
+ */
+ function zip_SMALLER(tree, n, m) {
+ return tree[n].fc < tree[m].fc ||
+ (tree[n].fc == tree[m].fc && zip_depth[n] <= zip_depth[m]);
+ }
+
+ /* ==========================================================================
+ * read string data
+ */
+ function zip_read_buff(buff, offset, n) {
+ var i;
+ for (i = 0; i < n && zip_deflate_pos < zip_deflate_data.length; i++)
+ buff[offset + i] =
+ zip_deflate_data.charCodeAt(zip_deflate_pos++) & 0xff;
+ return i;
+ }
+
+ /* ==========================================================================
+ * Initialize the "longest match" routines for a new file
+ */
+ function zip_lm_init() {
+ var j;
+
+ /* Initialize the hash table. */
+ for (j = 0; j < zip_HASH_SIZE; j++)
+ // zip_head2(j, zip_NIL);
+ zip_prev[zip_WSIZE + j] = 0;
+ /* prev will be initialized on the fly */
+
+ /* Set the default configuration parameters:
+ */
+ zip_max_lazy_match = zip_configuration_table[zip_compr_level].max_lazy;
+ zip_good_match = zip_configuration_table[zip_compr_level].good_length;
+ if (!zip_FULL_SEARCH)
+ zip_nice_match = zip_configuration_table[zip_compr_level].nice_length;
+ zip_max_chain_length = zip_configuration_table[zip_compr_level].max_chain;
+
+ zip_strstart = 0;
+ zip_block_start = 0;
+
+ zip_lookahead = zip_read_buff(zip_window, 0, 2 * zip_WSIZE);
+ if (zip_lookahead <= 0) {
+ zip_eofile = true;
+ zip_lookahead = 0;
+ return;
+ }
+ zip_eofile = false;
+ /* Make sure that we always have enough lookahead. This is important
+ * if input comes from a device such as a tty.
+ */
+ while (zip_lookahead < zip_MIN_LOOKAHEAD && !zip_eofile)
+ zip_fill_window();
+
+ /* If lookahead < MIN_MATCH, ins_h is garbage, but this is
+ * not important since only literal bytes will be emitted.
+ */
+ zip_ins_h = 0;
+ for (j = 0; j < zip_MIN_MATCH - 1; j++) {
+ // UPDATE_HASH(ins_h, window[j]);
+ zip_ins_h = ((zip_ins_h << zip_H_SHIFT) ^ (zip_window[j] & 0xff)) & zip_HASH_MASK;
+ }
+ }
+
+ /* ==========================================================================
+ * Set match_start to the longest match starting at the given string and
+ * return its length. Matches shorter or equal to prev_length are discarded,
+ * in which case the result is equal to prev_length and match_start is
+ * garbage.
+ * IN assertions: cur_match is the head of the hash chain for the current
+ * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
+ */
+ function zip_longest_match(cur_match) {
+ var chain_length = zip_max_chain_length; // max hash chain length
+ var scanp = zip_strstart; // current string
+ var matchp; // matched string
+ var len; // length of current match
+ var best_len = zip_prev_length; // best match length so far
+
+ /* Stop when cur_match becomes <= limit. To simplify the code,
+ * we prevent matches with the string of window index 0.
+ */
+ var limit = (zip_strstart > zip_MAX_DIST ? zip_strstart - zip_MAX_DIST : zip_NIL);
+
+ var strendp = zip_strstart + zip_MAX_MATCH;
+ var scan_end1 = zip_window[scanp + best_len - 1];
+ var scan_end = zip_window[scanp + best_len];
+
+ /* Do not waste too much time if we already have a good match: */
+ if (zip_prev_length >= zip_good_match)
+ chain_length >>= 2;
+
+ // Assert(encoder->strstart <= window_size-MIN_LOOKAHEAD, "insufficient lookahead");
+
+ do {
+ // Assert(cur_match < encoder->strstart, "no future");
+ matchp = cur_match;
+
+ /* Skip to next match if the match length cannot increase
+ * or if the match length is less than 2:
+ */
+ if (zip_window[matchp + best_len] != scan_end ||
+ zip_window[matchp + best_len - 1] != scan_end1 ||
+ zip_window[matchp] != zip_window[scanp] ||
+ zip_window[++matchp] != zip_window[scanp + 1]) {
+ continue;
+ }
+
+ /* The check at best_len-1 can be removed because it will be made
+ * again later. (This heuristic is not always a win.)
+ * It is not necessary to compare scan[2] and match[2] since they
+ * are always equal when the other bytes match, given that
+ * the hash keys are equal and that HASH_BITS >= 8.
+ */
+ scanp += 2;
+ matchp++;
+
+ /* We check for insufficient lookahead only every 8th comparison;
+ * the 256th check will be made at strstart+258.
+ */
+ do {
+ } while (zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ zip_window[++scanp] == zip_window[++matchp] &&
+ scanp < strendp);
+
+ len = zip_MAX_MATCH - (strendp - scanp);
+ scanp = strendp - zip_MAX_MATCH;
+
+ if (len > best_len) {
+ zip_match_start = cur_match;
+ best_len = len;
+ if (zip_FULL_SEARCH) {
+ if (len >= zip_MAX_MATCH) break;
+ } else {
+ if (len >= zip_nice_match) break;
+ }
+
+ scan_end1 = zip_window[scanp + best_len - 1];
+ scan_end = zip_window[scanp + best_len];
+ }
+ } while ((cur_match = zip_prev[cur_match & zip_WMASK]) > limit
+ && --chain_length != 0);
+
+ return best_len;
+ }
+
+ /* ==========================================================================
+ * Fill the window when the lookahead becomes insufficient.
+ * Updates strstart and lookahead, and sets eofile if end of input file.
+ * IN assertion: lookahead < MIN_LOOKAHEAD && strstart + lookahead > 0
+ * OUT assertions: at least one byte has been read, or eofile is set;
+ * file reads are performed for at least two bytes (required for the
+ * translate_eol option).
+ */
+ function zip_fill_window() {
+ var n, m;
+
+ // Amount of free space at the end of the window.
+ var more = zip_window_size - zip_lookahead - zip_strstart;
+
+ /* If the window is almost full and there is insufficient lookahead,
+ * move the upper half to the lower one to make room in the upper half.
+ */
+ if (more == -1) {
+ /* Very unlikely, but possible on 16 bit machine if strstart == 0
+ * and lookahead == 1 (input done one byte at time)
+ */
+ more--;
+ } else if (zip_strstart >= zip_WSIZE + zip_MAX_DIST) {
+ /* By the IN assertion, the window is not empty so we can't confuse
+ * more == 0 with more == 64K on a 16 bit machine.
+ */
+ // Assert(window_size == (ulg)2*WSIZE, "no sliding with BIG_MEM");
+
+ // System.arraycopy(window, WSIZE, window, 0, WSIZE);
+ for (n = 0; n < zip_WSIZE; n++)
+ zip_window[n] = zip_window[n + zip_WSIZE];
+
+ zip_match_start -= zip_WSIZE;
+ zip_strstart -= zip_WSIZE; /* we now have strstart >= MAX_DIST: */
+ zip_block_start -= zip_WSIZE;
+
+ for (n = 0; n < zip_HASH_SIZE; n++) {
+ m = zip_head1(n);
+ zip_head2(n, m >= zip_WSIZE ? m - zip_WSIZE : zip_NIL);
+ }
+ for (n = 0; n < zip_WSIZE; n++) {
+ /* If n is not on any hash chain, prev[n] is garbage but
+ * its value will never be used.
+ */
+ m = zip_prev[n];
+ zip_prev[n] = (m >= zip_WSIZE ? m - zip_WSIZE : zip_NIL);
+ }
+ more += zip_WSIZE;
+ }
+ // At this point, more >= 2
+ if (!zip_eofile) {
+ n = zip_read_buff(zip_window, zip_strstart + zip_lookahead, more);
+ if (n <= 0)
+ zip_eofile = true;
+ else
+ zip_lookahead += n;
+ }
+ }
+
+ /* ==========================================================================
+ * Processes a new input file and return its compressed length. This
+ * function does not perform lazy evaluationof matches and inserts
+ * new strings in the dictionary only for unmatched strings or for short
+ * matches. It is used only for the fast compression options.
+ */
+ function zip_deflate_fast() {
+ while (zip_lookahead != 0 && zip_qhead == null) {
+ var flush; // set if current block must be flushed
+
+ /* Insert the string window[strstart .. strstart+2] in the
+ * dictionary, and set hash_head to the head of the hash chain:
+ */
+ zip_INSERT_STRING();
+
+ /* Find the longest match, discarding those <= prev_length.
+ * At this point we have always match_length < MIN_MATCH
+ */
+ if (zip_hash_head != zip_NIL &&
+ zip_strstart - zip_hash_head <= zip_MAX_DIST) {
+ /* To simplify the code, we prevent matches with the string
+ * of window index 0 (in particular we have to avoid a match
+ * of the string with itself at the start of the input file).
+ */
+ zip_match_length = zip_longest_match(zip_hash_head);
+ /* longest_match() sets match_start */
+ if (zip_match_length > zip_lookahead)
+ zip_match_length = zip_lookahead;
+ }
+ if (zip_match_length >= zip_MIN_MATCH) {
+ // check_match(strstart, match_start, match_length);
+
+ flush = zip_ct_tally(zip_strstart - zip_match_start,
+ zip_match_length - zip_MIN_MATCH);
+ zip_lookahead -= zip_match_length;
+
+ /* Insert new strings in the hash table only if the match length
+ * is not too large. This saves time but degrades compression.
+ */
+ if (zip_match_length <= zip_max_lazy_match) {
+ zip_match_length--; // string at strstart already in hash table
+ do {
+ zip_strstart++;
+ zip_INSERT_STRING();
+ /* strstart never exceeds WSIZE-MAX_MATCH, so there are
+ * always MIN_MATCH bytes ahead. If lookahead < MIN_MATCH
+ * these bytes are garbage, but it does not matter since
+ * the next lookahead bytes will be emitted as literals.
+ */
+ } while (--zip_match_length != 0);
+ zip_strstart++;
+ } else {
+ zip_strstart += zip_match_length;
+ zip_match_length = 0;
+ zip_ins_h = zip_window[zip_strstart] & 0xff;
+ // UPDATE_HASH(ins_h, window[strstart + 1]);
+ zip_ins_h = ((zip_ins_h << zip_H_SHIFT) ^ (zip_window[zip_strstart + 1] & 0xff)) & zip_HASH_MASK;
+
+ //#if MIN_MATCH != 3
+ // Call UPDATE_HASH() MIN_MATCH-3 more times
+ //#endif
+
+ }
+ } else {
+ /* No match, output a literal byte */
+ flush = zip_ct_tally(0, zip_window[zip_strstart] & 0xff);
+ zip_lookahead--;
+ zip_strstart++;
+ }
+ if (flush) {
+ zip_flush_block(0);
+ zip_block_start = zip_strstart;
+ }
+
+ /* Make sure that we always have enough lookahead, except
+ * at the end of the input file. We need MAX_MATCH bytes
+ * for the next match, plus MIN_MATCH bytes to insert the
+ * string following the next match.
+ */
+ while (zip_lookahead < zip_MIN_LOOKAHEAD && !zip_eofile)
+ zip_fill_window();
+ }
+ }
+
+ function zip_deflate_better() {
+ /* Process the input block. */
+ while (zip_lookahead != 0 && zip_qhead == null) {
+ /* Insert the string window[strstart .. strstart+2] in the
+ * dictionary, and set hash_head to the head of the hash chain:
+ */
+ zip_INSERT_STRING();
+
+ /* Find the longest match, discarding those <= prev_length.
+ */
+ zip_prev_length = zip_match_length;
+ zip_prev_match = zip_match_start;
+ zip_match_length = zip_MIN_MATCH - 1;
+
+ if (zip_hash_head != zip_NIL &&
+ zip_prev_length < zip_max_lazy_match &&
+ zip_strstart - zip_hash_head <= zip_MAX_DIST) {
+ /* To simplify the code, we prevent matches with the string
+ * of window index 0 (in particular we have to avoid a match
+ * of the string with itself at the start of the input file).
+ */
+ zip_match_length = zip_longest_match(zip_hash_head);
+ /* longest_match() sets match_start */
+ if (zip_match_length > zip_lookahead)
+ zip_match_length = zip_lookahead;
+
+ /* Ignore a length 3 match if it is too distant: */
+ if (zip_match_length == zip_MIN_MATCH &&
+ zip_strstart - zip_match_start > zip_TOO_FAR) {
+ /* If prev_match is also MIN_MATCH, match_start is garbage
+ * but we will ignore the current match anyway.
+ */
+ zip_match_length--;
+ }
+ }
+ /* If there was a match at the previous step and the current
+ * match is not better, output the previous match:
+ */
+ if (zip_prev_length >= zip_MIN_MATCH &&
+ zip_match_length <= zip_prev_length) {
+ var flush; // set if current block must be flushed
+
+ // check_match(strstart - 1, prev_match, prev_length);
+ flush = zip_ct_tally(zip_strstart - 1 - zip_prev_match,
+ zip_prev_length - zip_MIN_MATCH);
+
+ /* Insert in hash table all strings up to the end of the match.
+ * strstart-1 and strstart are already inserted.
+ */
+ zip_lookahead -= zip_prev_length - 1;
+ zip_prev_length -= 2;
+ do {
+ zip_strstart++;
+ zip_INSERT_STRING();
+ /* strstart never exceeds WSIZE-MAX_MATCH, so there are
+ * always MIN_MATCH bytes ahead. If lookahead < MIN_MATCH
+ * these bytes are garbage, but it does not matter since the
+ * next lookahead bytes will always be emitted as literals.
+ */
+ } while (--zip_prev_length != 0);
+ zip_match_available = 0;
+ zip_match_length = zip_MIN_MATCH - 1;
+ zip_strstart++;
+ if (flush) {
+ zip_flush_block(0);
+ zip_block_start = zip_strstart;
+ }
+ } else if (zip_match_available != 0) {
+ /* If there was no match at the previous position, output a
+ * single literal. If there was a match but the current match
+ * is longer, truncate the previous match to a single literal.
+ */
+ if (zip_ct_tally(0, zip_window[zip_strstart - 1] & 0xff)) {
+ zip_flush_block(0);
+ zip_block_start = zip_strstart;
+ }
+ zip_strstart++;
+ zip_lookahead--;
+ } else {
+ /* There is no previous match to compare with, wait for
+ * the next step to decide.
+ */
+ zip_match_available = 1;
+ zip_strstart++;
+ zip_lookahead--;
+ }
+
+ /* Make sure that we always have enough lookahead, except
+ * at the end of the input file. We need MAX_MATCH bytes
+ * for the next match, plus MIN_MATCH bytes to insert the
+ * string following the next match.
+ */
+ while (zip_lookahead < zip_MIN_LOOKAHEAD && !zip_eofile)
+ zip_fill_window();
+ }
+ }
+
+ function zip_init_deflate() {
+ if (zip_eofile)
+ return;
+ zip_bi_buf = 0;
+ zip_bi_valid = 0;
+ zip_ct_init();
+ zip_lm_init();
+
+ zip_qhead = null;
+ zip_outcnt = 0;
+ zip_outoff = 0;
+
+ if (zip_compr_level <= 3) {
+ zip_prev_length = zip_MIN_MATCH - 1;
+ zip_match_length = 0;
+ }
+ else {
+ zip_match_length = zip_MIN_MATCH - 1;
+ zip_match_available = 0;
+ }
+
+ zip_complete = false;
+ }
+
+ /* ==========================================================================
+ * Same as above, but achieves better compression. We use a lazy
+ * evaluation for matches: a match is finally adopted only if there is
+ * no better match at the next window position.
+ */
+ function zip_deflate_internal(buff, off, buff_size) {
+ var n;
+
+ if (!zip_initflag) {
+ zip_init_deflate();
+ zip_initflag = true;
+ if (zip_lookahead == 0) { // empty
+ zip_complete = true;
+ return 0;
+ }
+ }
+
+ if ((n = zip_qcopy(buff, off, buff_size)) == buff_size)
+ return buff_size;
+
+ if (zip_complete)
+ return n;
+
+ if (zip_compr_level <= 3) // optimized for speed
+ zip_deflate_fast();
+ else
+ zip_deflate_better();
+ if (zip_lookahead == 0) {
+ if (zip_match_available != 0)
+ zip_ct_tally(0, zip_window[zip_strstart - 1] & 0xff);
+ zip_flush_block(1);
+ zip_complete = true;
+ }
+ return n + zip_qcopy(buff, n + off, buff_size - n);
+ }
+
+ function zip_qcopy(buff, off, buff_size) {
+ var n, i, j;
+
+ n = 0;
+ while (zip_qhead != null && n < buff_size) {
+ i = buff_size - n;
+ if (i > zip_qhead.len)
+ i = zip_qhead.len;
+ // System.arraycopy(qhead.ptr, qhead.off, buff, off + n, i);
+ for (j = 0; j < i; j++)
+ buff[off + n + j] = zip_qhead.ptr[zip_qhead.off + j];
+
+ zip_qhead.off += i;
+ zip_qhead.len -= i;
+ n += i;
+ if (zip_qhead.len == 0) {
+ var p;
+ p = zip_qhead;
+ zip_qhead = zip_qhead.next;
+ zip_reuse_queue(p);
+ }
+ }
+
+ if (n == buff_size)
+ return n;
+
+ if (zip_outoff < zip_outcnt) {
+ i = buff_size - n;
+ if (i > zip_outcnt - zip_outoff)
+ i = zip_outcnt - zip_outoff;
+ // System.arraycopy(outbuf, outoff, buff, off + n, i);
+ for (j = 0; j < i; j++)
+ buff[off + n + j] = zip_outbuf[zip_outoff + j];
+ zip_outoff += i;
+ n += i;
+ if (zip_outcnt == zip_outoff)
+ zip_outcnt = zip_outoff = 0;
+ }
+ return n;
+ }
+
+ /* ==========================================================================
+ * Allocate the match buffer, initialize the various tables and save the
+ * location of the internal file attribute (ascii/binary) and method
+ * (DEFLATE/STORE).
+ */
+ function zip_ct_init() {
+ var n; // iterates over tree elements
+ var bits; // bit counter
+ var length; // length value
+ var code; // code value
+ var dist; // distance index
+
+ if (zip_static_dtree[0].dl != 0) return; // ct_init already called
+
+ zip_l_desc.dyn_tree = zip_dyn_ltree;
+ zip_l_desc.static_tree = zip_static_ltree;
+ zip_l_desc.extra_bits = zip_extra_lbits;
+ zip_l_desc.extra_base = zip_LITERALS + 1;
+ zip_l_desc.elems = zip_L_CODES;
+ zip_l_desc.max_length = zip_MAX_BITS;
+ zip_l_desc.max_code = 0;
+
+ zip_d_desc.dyn_tree = zip_dyn_dtree;
+ zip_d_desc.static_tree = zip_static_dtree;
+ zip_d_desc.extra_bits = zip_extra_dbits;
+ zip_d_desc.extra_base = 0;
+ zip_d_desc.elems = zip_D_CODES;
+ zip_d_desc.max_length = zip_MAX_BITS;
+ zip_d_desc.max_code = 0;
+
+ zip_bl_desc.dyn_tree = zip_bl_tree;
+ zip_bl_desc.static_tree = null;
+ zip_bl_desc.extra_bits = zip_extra_blbits;
+ zip_bl_desc.extra_base = 0;
+ zip_bl_desc.elems = zip_BL_CODES;
+ zip_bl_desc.max_length = zip_MAX_BL_BITS;
+ zip_bl_desc.max_code = 0;
+
+ // Initialize the mapping length (0..255) -> length code (0..28)
+ length = 0;
+ for (code = 0; code < zip_LENGTH_CODES - 1; code++) {
+ zip_base_length[code] = length;
+ for (n = 0; n < (1 << zip_extra_lbits[code]); n++)
+ zip_length_code[length++] = code;
+ }
+ // Assert (length == 256, "ct_init: length != 256");
+
+ /* Note that the length 255 (match length 258) can be represented
+ * in two different ways: code 284 + 5 bits or code 285, so we
+ * overwrite length_code[255] to use the best encoding:
+ */
+ zip_length_code[length - 1] = code;
+
+ /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
+ dist = 0;
+ for (code = 0; code < 16; code++) {
+ zip_base_dist[code] = dist;
+ for (n = 0; n < (1 << zip_extra_dbits[code]); n++) {
+ zip_dist_code[dist++] = code;
+ }
+ }
+ // Assert (dist == 256, "ct_init: dist != 256");
+ dist >>= 7; // from now on, all distances are divided by 128
+ for (; code < zip_D_CODES; code++) {
+ zip_base_dist[code] = dist << 7;
+ for (n = 0; n < (1 << (zip_extra_dbits[code] - 7)); n++)
+ zip_dist_code[256 + dist++] = code;
+ }
+ // Assert (dist == 256, "ct_init: 256+dist != 512");
+
+ // Construct the codes of the static literal tree
+ for (bits = 0; bits <= zip_MAX_BITS; bits++)
+ zip_bl_count[bits] = 0;
+ n = 0;
+ while (n <= 143) { zip_static_ltree[n++].dl = 8; zip_bl_count[8]++; }
+ while (n <= 255) { zip_static_ltree[n++].dl = 9; zip_bl_count[9]++; }
+ while (n <= 279) { zip_static_ltree[n++].dl = 7; zip_bl_count[7]++; }
+ while (n <= 287) { zip_static_ltree[n++].dl = 8; zip_bl_count[8]++; }
+ /* Codes 286 and 287 do not exist, but we must include them in the
+ * tree construction to get a canonical Huffman tree (longest code
+ * all ones)
+ */
+ zip_gen_codes(zip_static_ltree, zip_L_CODES + 1);
+
+ /* The static distance tree is trivial: */
+ for (n = 0; n < zip_D_CODES; n++) {
+ zip_static_dtree[n].dl = 5;
+ zip_static_dtree[n].fc = zip_bi_reverse(n, 5);
+ }
+
+ // Initialize the first block of the first file:
+ zip_init_block();
+ }
+
+ /* ==========================================================================
+ * Initialize a new block.
+ */
+ function zip_init_block() {
+ var n; // iterates over tree elements
+
+ // Initialize the trees.
+ for (n = 0; n < zip_L_CODES; n++) zip_dyn_ltree[n].fc = 0;
+ for (n = 0; n < zip_D_CODES; n++) zip_dyn_dtree[n].fc = 0;
+ for (n = 0; n < zip_BL_CODES; n++) zip_bl_tree[n].fc = 0;
+
+ zip_dyn_ltree[zip_END_BLOCK].fc = 1;
+ zip_opt_len = zip_static_len = 0;
+ zip_last_lit = zip_last_dist = zip_last_flags = 0;
+ zip_flags = 0;
+ zip_flag_bit = 1;
+ }
+
+ /* ==========================================================================
+ * Restore the heap property by moving down the tree starting at node k,
+ * exchanging a node with the smallest of its two sons if necessary, stopping
+ * when the heap property is re-established (each father smaller than its
+ * two sons).
+ */
+ function zip_pqdownheap(
+ tree, // the tree to restore
+ k) { // node to move down
+ var v = zip_heap[k];
+ var j = k << 1; // left son of k
+
+ while (j <= zip_heap_len) {
+ // Set j to the smallest of the two sons:
+ if (j < zip_heap_len &&
+ zip_SMALLER(tree, zip_heap[j + 1], zip_heap[j]))
+ j++;
+
+ // Exit if v is smaller than both sons
+ if (zip_SMALLER(tree, v, zip_heap[j]))
+ break;
+
+ // Exchange v with the smallest son
+ zip_heap[k] = zip_heap[j];
+ k = j;
+
+ // And continue down the tree, setting j to the left son of k
+ j <<= 1;
+ }
+ zip_heap[k] = v;
+ }
+
+ /* ==========================================================================
+ * Compute the optimal bit lengths for a tree and update the total bit length
+ * for the current block.
+ * IN assertion: the fields freq and dad are set, heap[heap_max] and
+ * above are the tree nodes sorted by increasing frequency.
+ * OUT assertions: the field len is set to the optimal bit length, the
+ * array bl_count contains the frequencies for each bit length.
+ * The length opt_len is updated; static_len is also updated if stree is
+ * not null.
+ */
+ function zip_gen_bitlen(desc) { // the tree descriptor
+ var tree = desc.dyn_tree;
+ var extra = desc.extra_bits;
+ var base = desc.extra_base;
+ var max_code = desc.max_code;
+ var max_length = desc.max_length;
+ var stree = desc.static_tree;
+ var h; // heap index
+ var n, m; // iterate over the tree elements
+ var bits; // bit length
+ var xbits; // extra bits
+ var f; // frequency
+ var overflow = 0; // number of elements with bit length too large
+
+ for (bits = 0; bits <= zip_MAX_BITS; bits++)
+ zip_bl_count[bits] = 0;
+
+ /* In a first pass, compute the optimal bit lengths (which may
+ * overflow in the case of the bit length tree).
+ */
+ tree[zip_heap[zip_heap_max]].dl = 0; // root of the heap
+
+ for (h = zip_heap_max + 1; h < zip_HEAP_SIZE; h++) {
+ n = zip_heap[h];
+ bits = tree[tree[n].dl].dl + 1;
+ if (bits > max_length) {
+ bits = max_length;
+ overflow++;
+ }
+ tree[n].dl = bits;
+ // We overwrite tree[n].dl which is no longer needed
+
+ if (n > max_code)
+ continue; // not a leaf node
+
+ zip_bl_count[bits]++;
+ xbits = 0;
+ if (n >= base)
+ xbits = extra[n - base];
+ f = tree[n].fc;
+ zip_opt_len += f * (bits + xbits);
+ if (stree != null)
+ zip_static_len += f * (stree[n].dl + xbits);
+ }
+ if (overflow == 0)
+ return;
+
+ // This happens for example on obj2 and pic of the Calgary corpus
+
+ // Find the first bit length which could increase:
+ do {
+ bits = max_length - 1;
+ while (zip_bl_count[bits] == 0)
+ bits--;
+ zip_bl_count[bits]--; // move one leaf down the tree
+ zip_bl_count[bits + 1] += 2; // move one overflow item as its brother
+ zip_bl_count[max_length]--;
+ /* The brother of the overflow item also moves one step up,
+ * but this does not affect bl_count[max_length]
+ */
+ overflow -= 2;
+ } while (overflow > 0);
+
+ /* Now recompute all bit lengths, scanning in increasing frequency.
+ * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
+ * lengths instead of fixing only the wrong ones. This idea is taken
+ * from 'ar' written by Haruhiko Okumura.)
+ */
+ for (bits = max_length; bits != 0; bits--) {
+ n = zip_bl_count[bits];
+ while (n != 0) {
+ m = zip_heap[--h];
+ if (m > max_code)
+ continue;
+ if (tree[m].dl != bits) {
+ zip_opt_len += (bits - tree[m].dl) * tree[m].fc;
+ tree[m].fc = bits;
+ }
+ n--;
+ }
+ }
+ }
+
+ /* ==========================================================================
+ * Generate the codes for a given tree and bit counts (which need not be
+ * optimal).
+ * IN assertion: the array bl_count contains the bit length statistics for
+ * the given tree and the field len is set for all tree elements.
+ * OUT assertion: the field code is set for all tree elements of non
+ * zero code length.
+ */
+ function zip_gen_codes(tree, // the tree to decorate
+ max_code) { // largest code with non zero frequency
+ var next_code = new Array(zip_MAX_BITS + 1); // next code value for each bit length
+ var code = 0; // running code value
+ var bits; // bit index
+ var n; // code index
+
+ /* The distribution counts are first used to generate the code values
+ * without bit reversal.
+ */
+ for (bits = 1; bits <= zip_MAX_BITS; bits++) {
+ code = ((code + zip_bl_count[bits - 1]) << 1);
+ next_code[bits] = code;
+ }
+
+ /* Check that the bit counts in bl_count are consistent. The last code
+ * must be all ones.
+ */
+ // Assert (code + encoder->bl_count[MAX_BITS]-1 == (1<> 1; n >= 1; n--)
+ zip_pqdownheap(tree, n);
+
+ /* Construct the Huffman tree by repeatedly combining the least two
+ * frequent nodes.
+ */
+ do {
+ n = zip_heap[zip_SMALLEST];
+ zip_heap[zip_SMALLEST] = zip_heap[zip_heap_len--];
+ zip_pqdownheap(tree, zip_SMALLEST);
+
+ m = zip_heap[zip_SMALLEST]; // m = node of next least frequency
+
+ // keep the nodes sorted by frequency
+ zip_heap[--zip_heap_max] = n;
+ zip_heap[--zip_heap_max] = m;
+
+ // Create a new node father of n and m
+ tree[node].fc = tree[n].fc + tree[m].fc;
+ // depth[node] = (char)(MAX(depth[n], depth[m]) + 1);
+ if (zip_depth[n] > zip_depth[m] + 1)
+ zip_depth[node] = zip_depth[n];
+ else
+ zip_depth[node] = zip_depth[m] + 1;
+ tree[n].dl = tree[m].dl = node;
+
+ // and insert the new node in the heap
+ zip_heap[zip_SMALLEST] = node++;
+ zip_pqdownheap(tree, zip_SMALLEST);
+
+ } while (zip_heap_len >= 2);
+
+ zip_heap[--zip_heap_max] = zip_heap[zip_SMALLEST];
+
+ /* At this point, the fields freq and dad are set. We can now
+ * generate the bit lengths.
+ */
+ zip_gen_bitlen(desc);
+
+ // The field len is now set, we can generate the bit codes
+ zip_gen_codes(tree, max_code);
+ }
+
+ /* ==========================================================================
+ * Scan a literal or distance tree to determine the frequencies of the codes
+ * in the bit length tree. Updates opt_len to take into account the repeat
+ * counts. (The contribution of the bit length codes will be added later
+ * during the construction of bl_tree.)
+ */
+ function zip_scan_tree(tree,// the tree to be scanned
+ max_code) { // and its largest code of non zero frequency
+ var n; // iterates over all tree elements
+ var prevlen = -1; // last emitted length
+ var curlen; // length of current code
+ var nextlen = tree[0].dl; // length of next code
+ var count = 0; // repeat count of the current code
+ var max_count = 7; // max repeat count
+ var min_count = 4; // min repeat count
+
+ if (nextlen == 0) {
+ max_count = 138;
+ min_count = 3;
+ }
+ tree[max_code + 1].dl = 0xffff; // guard
+
+ for (n = 0; n <= max_code; n++) {
+ curlen = nextlen;
+ nextlen = tree[n + 1].dl;
+ if (++count < max_count && curlen == nextlen)
+ continue;
+ else if (count < min_count)
+ zip_bl_tree[curlen].fc += count;
+ else if (curlen != 0) {
+ if (curlen != prevlen)
+ zip_bl_tree[curlen].fc++;
+ zip_bl_tree[zip_REP_3_6].fc++;
+ } else if (count <= 10)
+ zip_bl_tree[zip_REPZ_3_10].fc++;
+ else
+ zip_bl_tree[zip_REPZ_11_138].fc++;
+ count = 0; prevlen = curlen;
+ if (nextlen == 0) {
+ max_count = 138;
+ min_count = 3;
+ } else if (curlen == nextlen) {
+ max_count = 6;
+ min_count = 3;
+ } else {
+ max_count = 7;
+ min_count = 4;
+ }
+ }
+ }
+
+ /* ==========================================================================
+ * Send a literal or distance tree in compressed form, using the codes in
+ * bl_tree.
+ */
+ function zip_send_tree(tree, // the tree to be scanned
+ max_code) { // and its largest code of non zero frequency
+ var n; // iterates over all tree elements
+ var prevlen = -1; // last emitted length
+ var curlen; // length of current code
+ var nextlen = tree[0].dl; // length of next code
+ var count = 0; // repeat count of the current code
+ var max_count = 7; // max repeat count
+ var min_count = 4; // min repeat count
+
+ /* tree[max_code+1].dl = -1; */ /* guard already set */
+ if (nextlen == 0) {
+ max_count = 138;
+ min_count = 3;
+ }
+
+ for (n = 0; n <= max_code; n++) {
+ curlen = nextlen;
+ nextlen = tree[n + 1].dl;
+ if (++count < max_count && curlen == nextlen) {
+ continue;
+ } else if (count < min_count) {
+ do { zip_SEND_CODE(curlen, zip_bl_tree); } while (--count != 0);
+ } else if (curlen != 0) {
+ if (curlen != prevlen) {
+ zip_SEND_CODE(curlen, zip_bl_tree);
+ count--;
+ }
+ // Assert(count >= 3 && count <= 6, " 3_6?");
+ zip_SEND_CODE(zip_REP_3_6, zip_bl_tree);
+ zip_send_bits(count - 3, 2);
+ } else if (count <= 10) {
+ zip_SEND_CODE(zip_REPZ_3_10, zip_bl_tree);
+ zip_send_bits(count - 3, 3);
+ } else {
+ zip_SEND_CODE(zip_REPZ_11_138, zip_bl_tree);
+ zip_send_bits(count - 11, 7);
+ }
+ count = 0;
+ prevlen = curlen;
+ if (nextlen == 0) {
+ max_count = 138;
+ min_count = 3;
+ } else if (curlen == nextlen) {
+ max_count = 6;
+ min_count = 3;
+ } else {
+ max_count = 7;
+ min_count = 4;
+ }
+ }
+ }
+
+ /* ==========================================================================
+ * Construct the Huffman tree for the bit lengths and return the index in
+ * bl_order of the last bit length code to send.
+ */
+ function zip_build_bl_tree() {
+ var max_blindex; // index of last bit length code of non zero freq
+
+ // Determine the bit length frequencies for literal and distance trees
+ zip_scan_tree(zip_dyn_ltree, zip_l_desc.max_code);
+ zip_scan_tree(zip_dyn_dtree, zip_d_desc.max_code);
+
+ // Build the bit length tree:
+ zip_build_tree(zip_bl_desc);
+ /* opt_len now includes the length of the tree representations, except
+ * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
+ */
+
+ /* Determine the number of bit length codes to send. The pkzip format
+ * requires that at least 4 bit length codes be sent. (appnote.txt says
+ * 3 but the actual value used is 4.)
+ */
+ for (max_blindex = zip_BL_CODES - 1; max_blindex >= 3; max_blindex--) {
+ if (zip_bl_tree[zip_bl_order[max_blindex]].dl != 0) break;
+ }
+ /* Update opt_len to include the bit length tree and counts */
+ zip_opt_len += 3 * (max_blindex + 1) + 5 + 5 + 4;
+ // Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
+ // encoder->opt_len, encoder->static_len));
+
+ return max_blindex;
+ }
+
+ /* ==========================================================================
+ * Send the header for a block using dynamic Huffman trees: the counts, the
+ * lengths of the bit length codes, the literal tree and the distance tree.
+ * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
+ */
+ function zip_send_all_trees(lcodes, dcodes, blcodes) { // number of codes for each tree
+ var rank; // index in bl_order
+
+ // Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
+ // Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
+ // "too many codes");
+ // Tracev((stderr, "\nbl counts: "));
+ zip_send_bits(lcodes - 257, 5); // not +255 as stated in appnote.txt
+ zip_send_bits(dcodes - 1, 5);
+ zip_send_bits(blcodes - 4, 4); // not -3 as stated in appnote.txt
+ for (rank = 0; rank < blcodes; rank++) {
+ // Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
+ zip_send_bits(zip_bl_tree[zip_bl_order[rank]].dl, 3);
+ }
+
+ // send the literal tree
+ zip_send_tree(zip_dyn_ltree, lcodes - 1);
+
+ // send the distance tree
+ zip_send_tree(zip_dyn_dtree, dcodes - 1);
+ }
+
+ /* ==========================================================================
+ * Determine the best encoding for the current block: dynamic trees, static
+ * trees or store, and output the encoded block to the zip file.
+ */
+ function zip_flush_block(eof) { // true if this is the last block for a file
+ var opt_lenb, static_lenb; // opt_len and static_len in bytes
+ var max_blindex; // index of last bit length code of non zero freq
+ var stored_len; // length of input block
+
+ stored_len = zip_strstart - zip_block_start;
+ zip_flag_buf[zip_last_flags] = zip_flags; // Save the flags for the last 8 items
+
+ // Construct the literal and distance trees
+ zip_build_tree(zip_l_desc);
+ // Tracev((stderr, "\nlit data: dyn %ld, stat %ld",
+ // encoder->opt_len, encoder->static_len));
+
+ zip_build_tree(zip_d_desc);
+ // Tracev((stderr, "\ndist data: dyn %ld, stat %ld",
+ // encoder->opt_len, encoder->static_len));
+ /* At this point, opt_len and static_len are the total bit lengths of
+ * the compressed block data, excluding the tree representations.
+ */
+
+ /* Build the bit length tree for the above two trees, and get the index
+ * in bl_order of the last bit length code to send.
+ */
+ max_blindex = zip_build_bl_tree();
+
+ // Determine the best encoding. Compute first the block length in bytes
+ opt_lenb = (zip_opt_len + 3 + 7) >> 3;
+ static_lenb = (zip_static_len + 3 + 7) >> 3;
+
+ // Trace((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u ",
+ // opt_lenb, encoder->opt_len,
+ // static_lenb, encoder->static_len, stored_len,
+ // encoder->last_lit, encoder->last_dist));
+
+ if (static_lenb <= opt_lenb)
+ opt_lenb = static_lenb;
+ if (stored_len + 4 <= opt_lenb // 4: two words for the lengths
+ && zip_block_start >= 0) {
+ var i;
+
+ /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
+ * Otherwise we can't have processed more than WSIZE input bytes since
+ * the last block flush, because compression would have been
+ * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
+ * transform a block into a stored block.
+ */
+ zip_send_bits((zip_STORED_BLOCK << 1) + eof, 3); /* send block type */
+ zip_bi_windup(); /* align on byte boundary */
+ zip_put_short(stored_len);
+ zip_put_short(~stored_len);
+
+ // copy block
+ /*
+ p = &window[block_start];
+ for(i = 0; i < stored_len; i++)
+ put_byte(p[i]);
+ */
+ for (i = 0; i < stored_len; i++)
+ zip_put_byte(zip_window[zip_block_start + i]);
+
+ } else if (static_lenb == opt_lenb) {
+ zip_send_bits((zip_STATIC_TREES << 1) + eof, 3);
+ zip_compress_block(zip_static_ltree, zip_static_dtree);
+ } else {
+ zip_send_bits((zip_DYN_TREES << 1) + eof, 3);
+ zip_send_all_trees(zip_l_desc.max_code + 1,
+ zip_d_desc.max_code + 1,
+ max_blindex + 1);
+ zip_compress_block(zip_dyn_ltree, zip_dyn_dtree);
+ }
+
+ zip_init_block();
+
+ if (eof != 0)
+ zip_bi_windup();
+ }
+
+ /* ==========================================================================
+ * Save the match info and tally the frequency counts. Return true if
+ * the current block must be flushed.
+ */
+ function zip_ct_tally(
+ dist, // distance of matched string
+ lc) { // match length-MIN_MATCH or unmatched char (if dist==0)
+ zip_l_buf[zip_last_lit++] = lc;
+ if (dist == 0) {
+ // lc is the unmatched char
+ zip_dyn_ltree[lc].fc++;
+ } else {
+ // Here, lc is the match length - MIN_MATCH
+ dist--; // dist = match distance - 1
+ // Assert((ush)dist < (ush)MAX_DIST &&
+ // (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
+ // (ush)D_CODE(dist) < (ush)D_CODES, "ct_tally: bad match");
+
+ zip_dyn_ltree[zip_length_code[lc] + zip_LITERALS + 1].fc++;
+ zip_dyn_dtree[zip_D_CODE(dist)].fc++;
+
+ zip_d_buf[zip_last_dist++] = dist;
+ zip_flags |= zip_flag_bit;
+ }
+ zip_flag_bit <<= 1;
+
+ // Output the flags if they fill a byte
+ if ((zip_last_lit & 7) == 0) {
+ zip_flag_buf[zip_last_flags++] = zip_flags;
+ zip_flags = 0;
+ zip_flag_bit = 1;
+ }
+ // Try to guess if it is profitable to stop the current block here
+ if (zip_compr_level > 2 && (zip_last_lit & 0xfff) == 0) {
+ // Compute an upper bound for the compressed length
+ var out_length = zip_last_lit * 8;
+ var in_length = zip_strstart - zip_block_start;
+ var dcode;
+
+ for (dcode = 0; dcode < zip_D_CODES; dcode++) {
+ out_length += zip_dyn_dtree[dcode].fc * (5 + zip_extra_dbits[dcode]);
+ }
+ out_length >>= 3;
+ // Trace((stderr,"\nlast_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%) ",
+ // encoder->last_lit, encoder->last_dist, in_length, out_length,
+ // 100L - out_length*100L/in_length));
+ if (zip_last_dist < parseInt(zip_last_lit / 2) &&
+ out_length < parseInt(in_length / 2))
+ return true;
+ }
+ return (zip_last_lit == zip_LIT_BUFSIZE - 1 ||
+ zip_last_dist == zip_DIST_BUFSIZE);
+ /* We avoid equality with LIT_BUFSIZE because of wraparound at 64K
+ * on 16 bit machines and because stored blocks are restricted to
+ * 64K-1 bytes.
+ */
+ }
+
+ /* ==========================================================================
+ * Send the block data compressed using the given Huffman trees
+ */
+ function zip_compress_block(
+ ltree, // literal tree
+ dtree) { // distance tree
+ var dist; // distance of matched string
+ var lc; // match length or unmatched char (if dist == 0)
+ var lx = 0; // running index in l_buf
+ var dx = 0; // running index in d_buf
+ var fx = 0; // running index in flag_buf
+ var flag = 0; // current flags
+ var code; // the code to send
+ var extra; // number of extra bits to send
+
+ if (zip_last_lit != 0) do {
+ if ((lx & 7) == 0)
+ flag = zip_flag_buf[fx++];
+ lc = zip_l_buf[lx++] & 0xff;
+ if ((flag & 1) == 0) {
+ zip_SEND_CODE(lc, ltree); /* send a literal byte */
+ // Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+ } else {
+ // Here, lc is the match length - MIN_MATCH
+ code = zip_length_code[lc];
+ zip_SEND_CODE(code + zip_LITERALS + 1, ltree); // send the length code
+ extra = zip_extra_lbits[code];
+ if (extra != 0) {
+ lc -= zip_base_length[code];
+ zip_send_bits(lc, extra); // send the extra length bits
+ }
+ dist = zip_d_buf[dx++];
+ // Here, dist is the match distance - 1
+ code = zip_D_CODE(dist);
+ // Assert (code < D_CODES, "bad d_code");
+
+ zip_SEND_CODE(code, dtree); // send the distance code
+ extra = zip_extra_dbits[code];
+ if (extra != 0) {
+ dist -= zip_base_dist[code];
+ zip_send_bits(dist, extra); // send the extra distance bits
+ }
+ } // literal or match pair ?
+ flag >>= 1;
+ } while (lx < zip_last_lit);
+
+ zip_SEND_CODE(zip_END_BLOCK, ltree);
+ }
+
+ /* ==========================================================================
+ * Send a value on a given number of bits.
+ * IN assertion: length <= 16 and value fits in length bits.
+ */
+ var zip_Buf_size = 16; // bit size of bi_buf
+ function zip_send_bits(
+ value, // value to send
+ length) { // number of bits
+ /* If not enough room in bi_buf, use (valid) bits from bi_buf and
+ * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
+ * unused bits in value.
+ */
+ if (zip_bi_valid > zip_Buf_size - length) {
+ zip_bi_buf |= (value << zip_bi_valid);
+ zip_put_short(zip_bi_buf);
+ zip_bi_buf = (value >> (zip_Buf_size - zip_bi_valid));
+ zip_bi_valid += length - zip_Buf_size;
+ } else {
+ zip_bi_buf |= value << zip_bi_valid;
+ zip_bi_valid += length;
+ }
+ }
+
+ /* ==========================================================================
+ * Reverse the first len bits of a code, using straightforward code (a faster
+ * method would use a table)
+ * IN assertion: 1 <= len <= 15
+ */
+ function zip_bi_reverse(
+ code, // the value to invert
+ len) { // its bit length
+ var res = 0;
+ do {
+ res |= code & 1;
+ code >>= 1;
+ res <<= 1;
+ } while (--len > 0);
+ return res >> 1;
+ }
+
+ /* ==========================================================================
+ * Write out any remaining bits in an incomplete byte.
+ */
+ function zip_bi_windup() {
+ if (zip_bi_valid > 8) {
+ zip_put_short(zip_bi_buf);
+ } else if (zip_bi_valid > 0) {
+ zip_put_byte(zip_bi_buf);
+ }
+ zip_bi_buf = 0;
+ zip_bi_valid = 0;
+ }
+
+ function zip_qoutbuf() {
+ if (zip_outcnt != 0) {
+ var q, i;
+ q = zip_new_queue();
+ if (zip_qhead == null)
+ zip_qhead = zip_qtail = q;
+ else
+ zip_qtail = zip_qtail.next = q;
+ q.len = zip_outcnt - zip_outoff;
+ // System.arraycopy(zip_outbuf, zip_outoff, q.ptr, 0, q.len);
+ for (i = 0; i < q.len; i++)
+ q.ptr[i] = zip_outbuf[zip_outoff + i];
+ zip_outcnt = zip_outoff = 0;
+ }
+ }
+
+ return function deflate(str, level) {
+ var i, j;
+
+ zip_deflate_data = str;
+ zip_deflate_pos = 0;
+ if (typeof level == "undefined")
+ level = zip_DEFAULT_LEVEL;
+ zip_deflate_start(level);
+
+ var buff = new Array(1024);
+ var aout = [];
+ while ((i = zip_deflate_internal(buff, 0, buff.length)) > 0) {
+ var cbuf = new Array(i);
+ for (j = 0; j < i; j++) {
+ cbuf[j] = String.fromCharCode(buff[j]);
+ }
+ aout[aout.length] = cbuf.join("");
+ }
+ zip_deflate_data = null; // G.C.
+ return aout.join("");
+ };
+})();
\ No newline at end of file
diff --git a/612/js/egi.js b/612/js/egi.js
new file mode 100644
index 0000000000..05192821e2
--- /dev/null
+++ b/612/js/egi.js
@@ -0,0 +1,167 @@
+/*
+
+Improvements to the Hugo theme:
+
+- Link navigation using the keyboard
+- Highlighting improvements
+
+*/
+
+jQuery(document).ready(function () {
+
+ jQuery("#sidebar .category-icon").on("click", function () {
+ $(this).toggleClass("fa-angle-down fa-angle-right");
+ $(this).parent().parent().children("ul").toggle();
+ return false;
+ });
+
+ // allow keyboard control for prev/next links
+ jQuery(function () {
+ jQuery(".nav-prev").click(function () {
+ location.href = jQuery(this).attr("href");
+ });
+ jQuery(".nav-next").click(function () {
+ location.href = jQuery(this).attr("href");
+ });
+ });
+
+ jQuery("input, textarea").keydown(function (e) {
+ // left and right arrow keys
+ if (e.which == "37" || e.which == "39") {
+ e.stopPropagation();
+ }
+ });
+
+ jQuery(document).keydown(function (e) {
+ // prev links - left arrow key
+ if (e.which == "37") {
+ jQuery(".nav.nav-prev").click();
+ }
+
+ // next links - right arrow key
+ if (e.which == "39") {
+ jQuery(".nav.nav-next").click();
+ }
+ });
+
+ $("#top-bar a:not(:has(img)):not(.btn)").addClass("highlight");
+ $('#body-inner a:not(:has(img)):not(.btn):not(a[rel="footnote"])').addClass("highlight");
+
+ var touchsupport = ('ontouchstart' in window) || (navigator.maxTouchPoints > 0) || (navigator.msMaxTouchPoints > 0);
+ if (!touchsupport){ // browser doesn't support touch
+ $('#toc-menu').hover(function() {
+ $('.progress').stop(true, false, true).fadeToggle(100);
+ });
+
+ $('.progress').hover(function() {
+ $('.progress').stop(true, false, true).fadeToggle(100);
+ });
+ }
+ if (touchsupport){ // browser does support touch
+ $('#toc-menu').click(function() {
+ $('.progress').stop(true, false, true).fadeToggle(100);
+ });
+ $('.progress').click(function() {
+ $('.progress').stop(true, false, true).fadeToggle(100);
+ });
+ }
+});
+
+jQuery(window).on("load", function () {
+ // store this page in session
+ sessionStorage.setItem(jQuery("body").data("url"), 1);
+
+ // loop through the sessionStorage and see if something should be marked as visited
+ for (var url in sessionStorage) {
+ if (sessionStorage.getItem(url) == 1)
+ jQuery('[data-nav-id="' + url + '"]').addClass("visited");
+ }
+
+ $(".highlightable").highlight(sessionStorage.getItem("search-value"), {
+ element: "mark",
+ });
+});
+
+$(function () {
+ $('a[rel="lightbox"]').featherlight({
+ root: "section#body",
+ });
+});
+
+jQuery.extend({
+ highlight: function (node, re, nodeName, className) {
+ if (node.nodeType === 3) {
+ var match = node.data.match(re);
+ if (match) {
+ var highlight = document.createElement(nodeName || "span");
+ highlight.className = className || "highlight";
+ var wordNode = node.splitText(match.index);
+ wordNode.splitText(match[0].length);
+ var wordClone = wordNode.cloneNode(true);
+ highlight.appendChild(wordClone);
+ wordNode.parentNode.replaceChild(highlight, wordNode);
+ return 1; // skip added node in parent
+ }
+ } else if (node.nodeType === 1 && node.childNodes && // only element nodes that have children
+ !/(script|style)/i.test(node.tagName) && // ignore script and style nodes
+ !(node.tagName === nodeName.toUpperCase() && node.className === className)) { // skip if already highlighted
+ for (var i = 0; i < node.childNodes.length; i++) {
+ i += jQuery.highlight(node.childNodes[i], re, nodeName, className);
+ }
+ }
+ return 0;
+ },
+});
+
+jQuery.fn.unhighlight = function (options) {
+ var settings = {
+ className: "highlight",
+ element: "span"
+ };
+ jQuery.extend(settings, options);
+
+ return this.find(settings.element + "." + settings.className)
+ .each(function () {
+ var parent = this.parentNode;
+ parent.replaceChild(this.firstChild, this);
+ parent.normalize();
+ })
+ .end();
+};
+
+jQuery.fn.highlight = function (words, options) {
+ var settings = {
+ className: "highlight",
+ element: "span",
+ caseSensitive: false,
+ wordsOnly: false
+ };
+ jQuery.extend(settings, options);
+
+ if (!words) {
+ return;
+ }
+
+ if (words.constructor === String) {
+ words = [words];
+ }
+ words = jQuery.grep(words, function (word, i) {
+ return word != "";
+ });
+ words = jQuery.map(words, function (word, i) {
+ return word.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
+ });
+ if (words.length == 0) {
+ return this;
+ }
+ var flag = settings.caseSensitive ? "" : "i";
+ var pattern = "(" + words.join("|") + ")";
+ if (settings.wordsOnly) {
+ pattern = "\\b" + pattern + "\\b";
+ }
+ var re = new RegExp(pattern, flag);
+
+ return this.each(function () {
+ jQuery.highlight(this, re, settings.element, settings.className);
+ });
+};
diff --git a/612/js/featherlight.min.js b/612/js/featherlight.min.js
new file mode 100644
index 0000000000..062e823ff0
--- /dev/null
+++ b/612/js/featherlight.min.js
@@ -0,0 +1,9 @@
+/**
+ * Featherlight - ultra slim jQuery lightbox
+ * Version 1.7.13 - http://noelboss.github.io/featherlight/
+ *
+ * Copyright 2018, Noël Raoul Bossart (http://www.noelboss.com)
+ * MIT Licensed.
+**/
+// Modified by OZ -> https://github.com/noelboss/featherlight/issues/317
+!function(u){"use strict";if(void 0!==u)if(u.fn.jquery.match(/-ajax/))"console"in window&&window.console.info("Featherlight needs regular jQuery, not the slim version.");else{var r=[],i=function(t){return r=u.grep(r,function(e){return e!==t&&0','
','",'
'+n.loading+"
","
",""].join("")),o="."+n.namespace+"-close"+(n.otherClose?","+n.otherClose:"");return n.$instance=i.clone().addClass(n.variant),n.$instance.on(n.closeTrigger+"."+n.namespace,function(e){if(!e.isDefaultPrevented()){var t=u(e.target);("background"===n.closeOnClick&&t.is("."+n.namespace)||"anywhere"===n.closeOnClick||t.closest(o).length)&&(n.close(e),e.preventDefault())}}),this},getContent:function(){if(!1!==this.persist&&this.$content)return this.$content;var t=this,e=this.constructor.contentFilters,n=function(e){return t.$currentTarget&&t.$currentTarget.attr(e)},r=n(t.targetAttr),i=t.target||r||"",o=e[t.type];if(!o&&i in e&&(o=e[i],i=t.target&&r),i=i||n("href")||"",!o)for(var a in e)t[a]&&(o=e[a],i=t[a]);if(!o){var s=i;if(i=null,u.each(t.contentFilters,function(){return(o=e[this]).test&&(i=o.test(s)),!i&&o.regex&&s.match&&s.match(o.regex)&&(i=s),!i}),!i)return"console"in window&&window.console.error("Featherlight: no content filter found "+(s?' for "'+s+'"':" (no target specified)")),!1}return o.process.call(t,i)},setContent:function(e){return this.$instance.removeClass(this.namespace+"-loading"),this.$instance.toggleClass(this.namespace+"-iframe",e.is("iframe")),this.$instance.find("."+this.namespace+"-inner").not(e).slice(1).remove().end().replaceWith(u.contains(this.$instance[0],e[0])?"":e),this.$content=e.addClass(this.namespace+"-inner"),this},open:function(t){var n=this;if(n.$instance.hide().appendTo(n.root),!(t&&t.isDefaultPrevented()||!1===n.beforeOpen(t))){t&&t.preventDefault();var e=n.getContent();if(e)return r.push(n),s(!0),n.$instance.fadeIn(n.openSpeed),n.beforeContent(t),u.when(e).always(function(e){n.setContent(e),n.afterContent(t)}).then(n.$instance.promise()).done(function(){n.afterOpen(t)})}return n.$instance.detach(),u.Deferred().reject().promise()},close:function(e){var t=this,n=u.Deferred();return!1===t.beforeClose(e)?n.reject():(0===i(t).length&&s(!1),t.$instance.fadeOut(t.closeSpeed,function(){t.$instance.detach(),t.afterClose(e),n.resolve()})),n.promise()},resize:function(e,t){if(e&&t&&(this.$content.css("width","").css("height",""),this.$content.parent().width()');return n.onload=function(){r.naturalWidth=n.width,r.naturalHeight=n.height,t.resolve(r)},n.onerror=function(){t.reject(r)},n.src=e,t.promise()}},html:{regex:/^\s*<[\w!][^<]*>/,process:function(e){return u(e)}},ajax:{regex:/./,process:function(e){var n=u.Deferred(),r=u("").load(e,function(e,t){"error"!==t&&n.resolve(r.contents()),n.fail()});return n.promise()}},iframe:{process:function(e){var t=new u.Deferred,n=u(""),r=function(e,t){var n={},r=new RegExp("^"+t+"([A-Z])(.*)");for(var i in e){var o=i.match(r);o&&(n[(o[1]+o[2].replace(/([A-Z])/g,"-$1")).toLowerCase()]=e[i])}return n}(this,"iframe"),i=function(e,t){var n={};for(var r in e)r in t&&(n[r]=e[r],delete e[r]);return n}(r,o);return n.hide().attr("src",e).attr(i).css(r).on("load",function(){t.resolve(n.show())}).appendTo(this.$instance.find("."+this.namespace+"-content")),t.promise()}},text:{process:function(e){return u("
",{text:e})}}},functionAttributes:["beforeOpen","afterOpen","beforeContent","afterContent","beforeClose","afterClose"],readElementConfig:function(e,t){var r=this,i=new RegExp("^data-"+t+"-(.*)"),o={};return e&&e.attributes&&u.each(e.attributes,function(){var e=this.name.match(i);if(e){var t=this.value,n=u.camelCase(e[1]);if(0<=u.inArray(n,r.functionAttributes))t=new Function(t);else try{t=JSON.parse(t)}catch(e){}o[n]=t}}),o},extend:function(e,t){var n=function(){this.constructor=e};return n.prototype=this.prototype,e.prototype=new n,e.__super__=this.prototype,u.extend(e,this,t),e.defaults=e.prototype,e},attach:function(i,o,a){var s=this;"object"!=typeof o||o instanceof u!=!1||a||(a=o,o=void 0);var c,e=(a=u.extend({},a)).namespace||s.defaults.namespace,l=u.extend({},s.defaults,s.readElementConfig(i[0],e),a),t=function(e){var t=u(e.currentTarget),n=u.extend({$source:i,$currentTarget:t},s.readElementConfig(i[0],l.namespace),s.readElementConfig(e.currentTarget,l.namespace),a),r=c||t.data("featherlight-persisted")||new s(o,n);"shared"===r.persist?c=r:!1!==r.persist&&t.data("featherlight-persisted",r),n.$currentTarget.blur&&n.$currentTarget.blur(),r.open(e)};return i.on(l.openTrigger+"."+l.namespace,l.filter,t),{filter:l.filter,handler:t}},current:function(){var e=this.opened();return e[e.length-1]||null},opened:function(){var t=this;return i(),u.grep(r,function(e){return e instanceof t})},close:function(e){var t=this.current();if(t)return t.close(e)},_onReady:function(){var r=this;if(r.autoBind){var i=u(r.autoBind);i.each(function(){r.attach(u(this))}),u(document).on("click",r.autoBind,function(e){if(!e.isDefaultPrevented()){var t=u(e.currentTarget);if(i.length!==(i=i.add(t)).length){var n=r.attach(t);(!n.filter||0'}}},download:{heights:{16:{width:16,path:''}}},eye:{heights:{16:{width:16,path:''}}},heart:{heights:{16:{width:16,path:''}}},"issue-opened":{heights:{16:{width:16,path:''}}},"mark-github":{heights:{16:{width:16,path:''}}},package:{heights:{16:{width:16,path:''}}},play:{heights:{16:{width:16,path:''}}},"repo-forked":{heights:{16:{width:16,path:''}}},"repo-template":{heights:{16:{width:16,path:''}}},star:{heights:{16:{width:16,path:''}}}},y=function(e,t){e=w(e).replace(/^octicon-/,""),m(z,e)||(e="mark-github");var o=t>=24&&24 in z[e].heights?24:16,r=z[e].heights[o];return'"},C={},M=function(e,t){var o=C[e]||(C[e]=[]);if(!(o.push(t)>1)){var r=v((function(){for(delete C[e];t=o.shift();)t.apply(null,arguments)}));if(c){var n=new a;h(n,"abort",r),h(n,"error",r),h(n,"load",(function(){var e;try{e=JSON.parse(this.responseText)}catch(e){return void r(e)}r(200!==this.status,e)})),n.open("GET",e),n.send()}else{var i=this||window;i._=function(e){i._=null,r(200!==e.meta.status,e.data)};var l=p(i.document)("script",{async:!0,src:e+(-1!==e.indexOf("?")?"&":"?")+"callback=_"}),d=function(){i._&&i._({meta:{}})};h(l,"load",d),h(l,"error",d),l.readyState&&f(l,/de|m/,d),i.document.getElementsByTagName("head")[0].appendChild(l)}}},F=function(e,t,o){var r=p(e.ownerDocument),a=e.appendChild(r("style",{type:"text/css"})),n="body{margin:0}a{text-decoration:none;outline:0}.widget{display:inline-block;overflow:hidden;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif;font-size:0;line-height:0;white-space:nowrap}.btn,.social-count{position:relative;display:inline-block;display:inline-flex;height:14px;padding:2px 5px;font-size:11px;font-weight:600;line-height:14px;vertical-align:bottom;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-repeat:repeat-x;background-position:-1px -1px;background-size:110% 110%;border:1px solid}.btn{border-radius:.25em}.btn:not(:last-child){border-radius:.25em 0 0 .25em}.social-count{border-left:0;border-radius:0 .25em .25em 0}.widget-lg .btn,.widget-lg .social-count{height:16px;padding:5px 10px;font-size:12px;line-height:16px}.octicon{display:inline-block;vertical-align:text-top;fill:currentColor;overflow:visible}"+function(e){if(null==e)return k.light;if(m(k,e))return k[e];var t=s(e,";",":",(function(e){return e.replace(/^[ \t\n\f\r]+|[ \t\n\f\r]+$/g,"")}));return k[m(k,t["no-preference"])?t["no-preference"]:"light"]+x("light",t.light)+x("dark",t.dark)}(t["data-color-scheme"]);a.styleSheet?a.styleSheet.cssText=n:a.appendChild(e.ownerDocument.createTextNode(n));var i="large"===w(t["data-size"]),c=r("a",{className:"btn",href:t.href,rel:"noopener",target:"_blank",title:t.title||void 0,"aria-label":t["aria-label"]||void 0,innerHTML:y(t["data-icon"],i?16:14)+" "},[r("span",{},[t["data-text"]||""])]),d=e.appendChild(r("div",{className:"widget"+(i?" widget-lg":"")},[c])),h=c.hostname.replace(/\.$/,"");if(("."+h).substring(h.length-l.length)!=="."+l)return c.removeAttribute("href"),void o(d);var u=(" /"+c.pathname).split(/\/+/);if(((h===l||h==="gist."+l)&&"archive"===u[3]||h===l&&"releases"===u[3]&&("download"===u[4]||"latest"===u[4]&&"download"===u[5])||h==="codeload."+l)&&(c.target="_top"),"true"===w(t["data-show-count"])&&h===l&&"marketplace"!==u[1]&&"sponsors"!==u[1]&&"orgs"!==u[1]&&"users"!==u[1]&&"-"!==u[1]){var g,f;if(!u[2]&&u[1])f="followers",g="?tab=followers";else if(!u[3]&&u[2])f="stargazers_count",g="/stargazers";else if(u[4]||"subscription"!==u[3])if(u[4]||"fork"!==u[3]){if("issues"!==u[3])return void o(d);f="open_issues_count",g="/issues"}else f="forks_count",g="/network/members";else f="subscribers_count",g="/watchers";var b=u[2]?"/repos/"+u[1]+"/"+u[2]:"/users/"+u[1];M.call(this,"https://api.github.com"+b,(function(e,t){if(!e){var a=t[f];d.appendChild(r("a",{className:"social-count",href:t.html_url+g,rel:"noopener",target:"_blank","aria-label":a+" "+f.replace(/_count$/,"").replace("_"," ").slice(0,a<2?-1:void 0)+" on GitHub"},[(""+a).replace(/\B(?=(\d{3})+(?!\d))/g,",")]))}o(d)}))}else o(d)},A=window.devicePixelRatio||1,L=function(e){return(A>1?o.ceil(o.round(e*A)/A*2)/2:o.ceil(e))||0},E=function(e,t){e.style.width=t[0]+"px",e.style.height=t[1]+"px"},G=function(t,r){if(null!=t&&null!=r)if(t.getAttribute&&(t=function(e){for(var t={href:e.href,title:e.title,"aria-label":e.getAttribute("aria-label")},o=["icon","color-scheme","text","size","show-count"],r=0,a=o.length;r/g,">")}function t(e){var n,t={},r=Array.prototype.slice.call(arguments,1);for(n in e)t[n]=e[n];return r.forEach((function(e){for(n in e)t[n]=e[n]})),t}function r(e){return e.nodeName.toLowerCase()}var a=Object.freeze({__proto__:null,escapeHTML:n,inherit:t,nodeStream:function(e){var n=[];return function e(t,a){for(var i=t.firstChild;i;i=i.nextSibling)3===i.nodeType?a+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:a,node:i}),a=e(i,a),r(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:a,node:i}));return a}(e,0),n},mergeStreams:function(e,t,a){var i=0,s="",o=[];function l(){return e.length&&t.length?e[0].offset!==t[0].offset?e[0].offset"}function u(e){s+=""}function d(e){("start"===e.event?c:u)(e.node)}for(;e.length||t.length;){var g=l();if(s+=n(a.substring(i,g[0].offset)),i=g[0].offset,g===e){o.reverse().forEach(u);do{d(g.splice(0,1)[0]),g=l()}while(g===e&&g.length&&g[0].offset===i);o.reverse().forEach(c)}else"start"===g[0].event?o.push(g[0].node):o.pop(),d(g.splice(0,1)[0])}return s+n(a.substr(i))}});const i="",s=e=>!!e.kind;class o{constructor(e,n){this.buffer="",this.classPrefix=n.classPrefix,e.walk(this)}addText(e){this.buffer+=n(e)}openNode(e){if(!s(e))return;let n=e.kind;e.sublanguage||(n=`${this.classPrefix}${n}`),this.span(n)}closeNode(e){s(e)&&(this.buffer+=i)}span(e){this.buffer+=``}value(){return this.buffer}}class l{constructor(){this.rootNode={children:[]},this.stack=[this.rootNode]}get top(){return this.stack[this.stack.length-1]}get root(){return this.rootNode}add(e){this.top.children.push(e)}openNode(e){let n={kind:e,children:[]};this.add(n),this.stack.push(n)}closeNode(){if(this.stack.length>1)return this.stack.pop()}closeAllNodes(){for(;this.closeNode(););}toJSON(){return JSON.stringify(this.rootNode,null,4)}walk(e){return this.constructor._walk(e,this.rootNode)}static _walk(e,n){return"string"==typeof n?e.addText(n):n.children&&(e.openNode(n),n.children.forEach(n=>this._walk(e,n)),e.closeNode(n)),e}static _collapse(e){e.children&&(e.children.every(e=>"string"==typeof e)?(e.text=e.children.join(""),delete e.children):e.children.forEach(e=>{"string"!=typeof e&&l._collapse(e)}))}}class c extends l{constructor(e){super(),this.options=e}addKeyword(e,n){""!==e&&(this.openNode(n),this.addText(e),this.closeNode())}addText(e){""!==e&&this.add(e)}addSublanguage(e,n){let t=e.root;t.kind=n,t.sublanguage=!0,this.add(t)}toHTML(){return new o(this,this.options).value()}finalize(){}}function u(e){return e&&e.source||e}const d="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",g={begin:"\\\\[\\s\\S]",relevance:0},h={className:"string",begin:"'",end:"'",illegal:"\\n",contains:[g]},f={className:"string",begin:'"',end:'"',illegal:"\\n",contains:[g]},p={begin:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},m=function(e,n,r){var a=t({className:"comment",begin:e,end:n,contains:[]},r||{});return a.contains.push(p),a.contains.push({className:"doctag",begin:"(?:TODO|FIXME|NOTE|BUG|XXX):",relevance:0}),a},b=m("//","$"),v=m("/\\*","\\*/"),x=m("#","$");var _=Object.freeze({__proto__:null,IDENT_RE:"[a-zA-Z]\\w*",UNDERSCORE_IDENT_RE:"[a-zA-Z_]\\w*",NUMBER_RE:"\\b\\d+(\\.\\d+)?",C_NUMBER_RE:d,BINARY_NUMBER_RE:"\\b(0b[01]+)",RE_STARTERS_RE:"!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",BACKSLASH_ESCAPE:g,APOS_STRING_MODE:h,QUOTE_STRING_MODE:f,PHRASAL_WORDS_MODE:p,COMMENT:m,C_LINE_COMMENT_MODE:b,C_BLOCK_COMMENT_MODE:v,HASH_COMMENT_MODE:x,NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?",relevance:0},C_NUMBER_MODE:{className:"number",begin:d,relevance:0},BINARY_NUMBER_MODE:{className:"number",begin:"\\b(0b[01]+)",relevance:0},CSS_NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",relevance:0},REGEXP_MODE:{begin:/(?=\/[^\/\n]*\/)/,contains:[{className:"regexp",begin:/\//,end:/\/[gimuy]*/,illegal:/\n/,contains:[g,{begin:/\[/,end:/\]/,relevance:0,contains:[g]}]}]},TITLE_MODE:{className:"title",begin:"[a-zA-Z]\\w*",relevance:0},UNDERSCORE_TITLE_MODE:{className:"title",begin:"[a-zA-Z_]\\w*",relevance:0},METHOD_GUARD:{begin:"\\.\\s*[a-zA-Z_]\\w*",relevance:0}}),E="of and for in not or if then".split(" ");function R(e,n){return n?+n:(t=e,E.includes(t.toLowerCase())?0:1);var t}const N=n,w=t,{nodeStream:y,mergeStreams:O}=a;return function(n){var r=[],a={},i={},s=[],o=!0,l=/((^(<[^>]+>|\t|)+|(?:\n)))/gm,d="Could not find the language '{}', did you forget to load/include a language module?",g={noHighlightRe:/^(no-?highlight)$/i,languageDetectRe:/\blang(?:uage)?-([\w-]+)\b/i,classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:void 0,__emitter:c};function h(e){return g.noHighlightRe.test(e)}function f(e,n,t,r){var a={code:n,language:e};T("before:highlight",a);var i=a.result?a.result:p(a.language,a.code,t,r);return i.code=a.code,T("after:highlight",i),i}function p(e,n,r,i){var s=n;function l(e,n){var t=v.case_insensitive?n[0].toLowerCase():n[0];return e.keywords.hasOwnProperty(t)&&e.keywords[t]}function c(){null!=_.subLanguage?function(){if(""!==k){var e="string"==typeof _.subLanguage;if(!e||a[_.subLanguage]){var n=e?p(_.subLanguage,k,!0,E[_.subLanguage]):m(k,_.subLanguage.length?_.subLanguage:void 0);_.relevance>0&&(T+=n.relevance),e&&(E[_.subLanguage]=n.top),w.addSublanguage(n.emitter,n.language)}else w.addText(k)}}():function(){var e,n,t,r;if(_.keywords){for(n=0,_.lexemesRe.lastIndex=0,t=_.lexemesRe.exec(k),r="";t;){r+=k.substring(n,t.index);var a=null;(e=l(_,t))?(w.addText(r),r="",T+=e[1],a=e[0],w.addKeyword(t[0],a)):r+=t[0],n=_.lexemesRe.lastIndex,t=_.lexemesRe.exec(k)}r+=k.substr(n),w.addText(r)}else w.addText(k)}(),k=""}function h(e){e.className&&w.openNode(e.className),_=Object.create(e,{parent:{value:_}})}var f={};function b(n,t){var a,i=t&&t[0];if(k+=n,null==i)return c(),0;if("begin"==f.type&&"end"==t.type&&f.index==t.index&&""===i){if(k+=s.slice(t.index,t.index+1),!o)throw(a=Error("0 width match regex")).languageName=e,a.badRule=f.rule,a;return 1}if(f=t,"begin"===t.type)return function(e){var n=e[0],t=e.rule;return t.__onBegin&&(t.__onBegin(e)||{}).ignoreMatch?function(e){return 0===_.matcher.regexIndex?(k+=e[0],1):(B=!0,0)}(n):(t&&t.endSameAsBegin&&(t.endRe=RegExp(n.replace(/[-\/\\^$*+?.()|[\]{}]/g,"\\$&"),"m")),t.skip?k+=n:(t.excludeBegin&&(k+=n),c(),t.returnBegin||t.excludeBegin||(k=n)),h(t),t.returnBegin?0:n.length)}(t);if("illegal"===t.type&&!r)throw(a=Error('Illegal lexeme "'+i+'" for mode "'+(_.className||"")+'"')).mode=_,a;if("end"===t.type){var l=function(e){var n=e[0],t=s.substr(e.index),r=function e(n,t){if(function(e,n){var t=e&&e.exec(n);return t&&0===t.index}(n.endRe,t)){for(;n.endsParent&&n.parent;)n=n.parent;return n}if(n.endsWithParent)return e(n.parent,t)}(_,t);if(r){var a=_;a.skip?k+=n:(a.returnEnd||a.excludeEnd||(k+=n),c(),a.excludeEnd&&(k=n));do{_.className&&w.closeNode(),_.skip||_.subLanguage||(T+=_.relevance),_=_.parent}while(_!==r.parent);return r.starts&&(r.endSameAsBegin&&(r.starts.endRe=r.endRe),h(r.starts)),a.returnEnd?0:n.length}}(t);if(null!=l)return l}if("illegal"===t.type&&""===i)return 1;if(A>1e5&&A>3*t.index)throw Error("potential infinite loop, way more iterations than matches");return k+=i,i.length}var v=M(e);if(!v)throw console.error(d.replace("{}",e)),Error('Unknown language: "'+e+'"');!function(e){function n(n,t){return RegExp(u(n),"m"+(e.case_insensitive?"i":"")+(t?"g":""))}class r{constructor(){this.matchIndexes={},this.regexes=[],this.matchAt=1,this.position=0}addRule(e,n){n.position=this.position++,this.matchIndexes[this.matchAt]=n,this.regexes.push([n,e]),this.matchAt+=function(e){return RegExp(e.toString()+"|").exec("").length-1}(e)+1}compile(){0===this.regexes.length&&(this.exec=()=>null);let e=this.regexes.map(e=>e[1]);this.matcherRe=n(function(e,n){for(var t=/\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./,r=0,a="",i=0;i0&&(a+="|"),a+="(";o.length>0;){var l=t.exec(o);if(null==l){a+=o;break}a+=o.substring(0,l.index),o=o.substring(l.index+l[0].length),"\\"==l[0][0]&&l[1]?a+="\\"+(+l[1]+s):(a+=l[0],"("==l[0]&&r++)}a+=")"}return a}(e),!0),this.lastIndex=0}exec(e){this.matcherRe.lastIndex=this.lastIndex;let n=this.matcherRe.exec(e);if(!n)return null;let t=n.findIndex((e,n)=>n>0&&null!=e),r=this.matchIndexes[t];return Object.assign(n,r)}}class a{constructor(){this.rules=[],this.multiRegexes=[],this.count=0,this.lastIndex=0,this.regexIndex=0}getMatcher(e){if(this.multiRegexes[e])return this.multiRegexes[e];let n=new r;return this.rules.slice(e).forEach(([e,t])=>n.addRule(e,t)),n.compile(),this.multiRegexes[e]=n,n}considerAll(){this.regexIndex=0}addRule(e,n){this.rules.push([e,n]),"begin"===n.type&&this.count++}exec(e){let n=this.getMatcher(this.regexIndex);n.lastIndex=this.lastIndex;let t=n.exec(e);return t&&(this.regexIndex+=t.position+1,this.regexIndex===this.count&&(this.regexIndex=0)),t}}function i(e){let n=e.input[e.index-1],t=e.input[e.index+e[0].length];if("."===n||"."===t)return{ignoreMatch:!0}}if(e.contains&&e.contains.includes("self"))throw Error("ERR: contains `self` is not supported at the top-level of a language. See documentation.");!function r(s,o){s.compiled||(s.compiled=!0,s.__onBegin=null,s.keywords=s.keywords||s.beginKeywords,s.keywords&&(s.keywords=function(e,n){var t={};return"string"==typeof e?r("keyword",e):Object.keys(e).forEach((function(n){r(n,e[n])})),t;function r(e,r){n&&(r=r.toLowerCase()),r.split(" ").forEach((function(n){var r=n.split("|");t[r[0]]=[e,R(r[0],r[1])]}))}}(s.keywords,e.case_insensitive)),s.lexemesRe=n(s.lexemes||/\w+/,!0),o&&(s.beginKeywords&&(s.begin="\\b("+s.beginKeywords.split(" ").join("|")+")(?=\\b|\\s)",s.__onBegin=i),s.begin||(s.begin=/\B|\b/),s.beginRe=n(s.begin),s.endSameAsBegin&&(s.end=s.begin),s.end||s.endsWithParent||(s.end=/\B|\b/),s.end&&(s.endRe=n(s.end)),s.terminator_end=u(s.end)||"",s.endsWithParent&&o.terminator_end&&(s.terminator_end+=(s.end?"|":"")+o.terminator_end)),s.illegal&&(s.illegalRe=n(s.illegal)),null==s.relevance&&(s.relevance=1),s.contains||(s.contains=[]),s.contains=[].concat(...s.contains.map((function(e){return function(e){return e.variants&&!e.cached_variants&&(e.cached_variants=e.variants.map((function(n){return t(e,{variants:null},n)}))),e.cached_variants?e.cached_variants:function e(n){return!!n&&(n.endsWithParent||e(n.starts))}(e)?t(e,{starts:e.starts?t(e.starts):null}):Object.isFrozen(e)?t(e):e}("self"===e?s:e)}))),s.contains.forEach((function(e){r(e,s)})),s.starts&&r(s.starts,o),s.matcher=function(e){let n=new a;return e.contains.forEach(e=>n.addRule(e.begin,{rule:e,type:"begin"})),e.terminator_end&&n.addRule(e.terminator_end,{type:"end"}),e.illegal&&n.addRule(e.illegal,{type:"illegal"}),n}(s))}(e)}(v);var x,_=i||v,E={},w=new g.__emitter(g);!function(){for(var e=[],n=_;n!==v;n=n.parent)n.className&&e.unshift(n.className);e.forEach(e=>w.openNode(e))}();var y,O,k="",T=0,L=0,A=0,B=!1;try{for(_.matcher.considerAll();A++,B?B=!1:(_.matcher.lastIndex=L,_.matcher.considerAll()),y=_.matcher.exec(s);)O=b(s.substring(L,y.index),y),L=y.index+O;return b(s.substr(L)),w.closeAllNodes(),w.finalize(),x=w.toHTML(),{relevance:T,value:x,language:e,illegal:!1,emitter:w,top:_}}catch(n){if(n.message&&n.message.includes("Illegal"))return{illegal:!0,illegalBy:{msg:n.message,context:s.slice(L-100,L+100),mode:n.mode},sofar:x,relevance:0,value:N(s),emitter:w};if(o)return{relevance:0,value:N(s),emitter:w,language:e,top:_,errorRaised:n};throw n}}function m(e,n){n=n||g.languages||Object.keys(a);var t=function(e){const n={relevance:0,emitter:new g.__emitter(g),value:N(e),illegal:!1,top:E};return n.emitter.addText(e),n}(e),r=t;return n.filter(M).filter(k).forEach((function(n){var a=p(n,e,!1);a.language=n,a.relevance>r.relevance&&(r=a),a.relevance>t.relevance&&(r=t,t=a)})),r.language&&(t.second_best=r),t}function b(e){return g.tabReplace||g.useBR?e.replace(l,(function(e,n){return g.useBR&&"\n"===e?" ":g.tabReplace?n.replace(/\t/g,g.tabReplace):""})):e}function v(e){var n,t,r,a,s,o=function(e){var n,t=e.className+" ";if(t+=e.parentNode?e.parentNode.className:"",n=g.languageDetectRe.exec(t)){var r=M(n[1]);return r||(console.warn(d.replace("{}",n[1])),console.warn("Falling back to no-highlight mode for this block.",e)),r?n[1]:"no-highlight"}return t.split(/\s+/).find(e=>h(e)||M(e))}(e);h(o)||(T("before:highlightBlock",{block:e,language:o}),g.useBR?(n=document.createElement("div")).innerHTML=e.innerHTML.replace(/\n/g,"").replace(//g,"\n"):n=e,s=n.textContent,r=o?f(o,s,!0):m(s),(t=y(n)).length&&((a=document.createElement("div")).innerHTML=r.value,r.value=O(t,y(a),s)),r.value=b(r.value),T("after:highlightBlock",{block:e,result:r}),e.innerHTML=r.value,e.className=function(e,n,t){var r=n?i[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),e.includes(r)||a.push(r),a.join(" ").trim()}(e.className,o,r.language),e.result={language:r.language,re:r.relevance},r.second_best&&(e.second_best={language:r.second_best.language,re:r.second_best.relevance}))}function x(){if(!x.called){x.called=!0;var e=document.querySelectorAll("pre code");r.forEach.call(e,v)}}const E={disableAutodetect:!0,name:"Plain text"};function M(e){return e=(e||"").toLowerCase(),a[e]||a[i[e]]}function k(e){var n=M(e);return n&&!n.disableAutodetect}function T(e,n){var t=e;s.forEach((function(e){e[t]&&e[t](n)}))}Object.assign(n,{highlight:f,highlightAuto:m,fixMarkup:b,highlightBlock:v,configure:function(e){g=w(g,e)},initHighlighting:x,initHighlightingOnLoad:function(){window.addEventListener("DOMContentLoaded",x,!1)},registerLanguage:function(e,t){var r;try{r=t(n)}catch(n){if(console.error("Language definition for '{}' could not be registered.".replace("{}",e)),!o)throw n;console.error(n),r=E}r.name||(r.name=e),a[e]=r,r.rawDefinition=t.bind(null,n),r.aliases&&r.aliases.forEach((function(n){i[n]=e}))},listLanguages:function(){return Object.keys(a)},getLanguage:M,requireLanguage:function(e){var n=M(e);if(n)return n;throw Error("The '{}' language is required, but not loaded.".replace("{}",e))},autoDetection:k,inherit:w,addPlugin:function(e,n){s.push(e)}}),n.debugMode=function(){o=!1},n.safeMode=function(){o=!0},n.versionString="10.0.3";for(const n in _)"object"==typeof _[n]&&e(_[n]);return Object.assign(n,_),n}({})}();"object"==typeof exports&&"undefined"!=typeof module&&(module.exports=hljs);hljs.registerLanguage("ruby",function(){"use strict";return function(e){var n="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?",a={keyword:"and then defined module in return redo if BEGIN retry end for self when next until do begin unless END rescue else break undef not super class case require yield alias while ensure elsif or include attr_reader attr_writer attr_accessor",literal:"true false nil"},s={className:"doctag",begin:"@[A-Za-z]+"},i={begin:"#<",end:">"},r=[e.COMMENT("#","$",{contains:[s]}),e.COMMENT("^\\=begin","^\\=end",{contains:[s],relevance:10}),e.COMMENT("^__END__","\\n$")],c={className:"subst",begin:"#\\{",end:"}",keywords:a},t={className:"string",contains:[e.BACKSLASH_ESCAPE,c],variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/`/,end:/`/},{begin:"%[qQwWx]?\\(",end:"\\)"},{begin:"%[qQwWx]?\\[",end:"\\]"},{begin:"%[qQwWx]?{",end:"}"},{begin:"%[qQwWx]?<",end:">"},{begin:"%[qQwWx]?/",end:"/"},{begin:"%[qQwWx]?%",end:"%"},{begin:"%[qQwWx]?-",end:"-"},{begin:"%[qQwWx]?\\|",end:"\\|"},{begin:/\B\?(\\\d{1,3}|\\x[A-Fa-f0-9]{1,2}|\\u[A-Fa-f0-9]{4}|\\?\S)\b/},{begin:/<<[-~]?'?(\w+)(?:.|\n)*?\n\s*\1\b/,returnBegin:!0,contains:[{begin:/<<[-~]?'?/},{begin:/\w+/,endSameAsBegin:!0,contains:[e.BACKSLASH_ESCAPE,c]}]}]},b={className:"params",begin:"\\(",end:"\\)",endsParent:!0,keywords:a},d=[t,i,{className:"class",beginKeywords:"class module",end:"$|;",illegal:/=/,contains:[e.inherit(e.TITLE_MODE,{begin:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?"}),{begin:"<\\s*",contains:[{begin:"("+e.IDENT_RE+"::)?"+e.IDENT_RE}]}].concat(r)},{className:"function",beginKeywords:"def",end:"$|;",contains:[e.inherit(e.TITLE_MODE,{begin:n}),b].concat(r)},{begin:e.IDENT_RE+"::"},{className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"(\\!|\\?)?:",relevance:0},{className:"symbol",begin:":(?!\\s)",contains:[t,{begin:n}],relevance:0},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{className:"params",begin:/\|/,end:/\|/,keywords:a},{begin:"("+e.RE_STARTERS_RE+"|unless)\\s*",keywords:"unless",contains:[i,{className:"regexp",contains:[e.BACKSLASH_ESCAPE,c],illegal:/\n/,variants:[{begin:"/",end:"/[a-z]*"},{begin:"%r{",end:"}[a-z]*"},{begin:"%r\\(",end:"\\)[a-z]*"},{begin:"%r!",end:"![a-z]*"},{begin:"%r\\[",end:"\\][a-z]*"}]}].concat(r),relevance:0}].concat(r);c.contains=d,b.contains=d;var g=[{begin:/^\s*=>/,starts:{end:"$",contains:d}},{className:"meta",begin:"^([>?]>|[\\w#]+\\(\\w+\\):\\d+:\\d+>|(\\w+-)?\\d+\\.\\d+\\.\\d(p\\d+)?[^>]+>)",starts:{end:"$",contains:d}}];return{name:"Ruby",aliases:["rb","gemspec","podspec","thor","irb"],keywords:a,illegal:/\/\*/,contains:r.concat(g).concat(d)}}}());hljs.registerLanguage("yaml",function(){"use strict";return function(e){var n={className:"string",relevance:0,variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/\S+/}],contains:[e.BACKSLASH_ESCAPE,{className:"template-variable",variants:[{begin:"{{",end:"}}"},{begin:"%{",end:"}"}]}]};return{name:"YAML",case_insensitive:!0,aliases:["yml","YAML"],contains:[{className:"attr",variants:[{begin:"\\w[\\w :\\/.-]*:(?=[ \t]|$)"},{begin:'"\\w[\\w :\\/.-]*":(?=[ \t]|$)'},{begin:"'\\w[\\w :\\/.-]*':(?=[ \t]|$)"}]},{className:"meta",begin:"^---s*$",relevance:10},{className:"string",begin:"[\\|>]([0-9]?[+-])?[ ]*\\n( *)[\\S ]+\\n(\\2[\\S ]+\\n?)*"},{begin:"<%[%=-]?",end:"[%-]?%>",subLanguage:"ruby",excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:"!"+e.UNDERSCORE_IDENT_RE},{className:"type",begin:"!!"+e.UNDERSCORE_IDENT_RE},{className:"meta",begin:"&"+e.UNDERSCORE_IDENT_RE+"$"},{className:"meta",begin:"\\*"+e.UNDERSCORE_IDENT_RE+"$"},{className:"bullet",begin:"\\-(?=[ ]|$)",relevance:0},e.HASH_COMMENT_MODE,{beginKeywords:"true false yes no null",keywords:{literal:"true false yes no null"}},{className:"number",begin:"\\b[0-9]{4}(-[0-9][0-9]){0,2}([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?(\\.[0-9]*)?([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?\\b"},{className:"number",begin:e.C_NUMBER_RE+"\\b"},n]}}}());hljs.registerLanguage("nginx",function(){"use strict";return function(e){var n={className:"variable",variants:[{begin:/\$\d+/},{begin:/\$\{/,end:/}/},{begin:"[\\$\\@]"+e.UNDERSCORE_IDENT_RE}]},a={endsWithParent:!0,lexemes:"[a-z/_]+",keywords:{literal:"on off yes no true false none blocked debug info notice warn error crit select break last permanent redirect kqueue rtsig epoll poll /dev/poll"},relevance:0,illegal:"=>",contains:[e.HASH_COMMENT_MODE,{className:"string",contains:[e.BACKSLASH_ESCAPE,n],variants:[{begin:/"/,end:/"/},{begin:/'/,end:/'/}]},{begin:"([a-z]+):/",end:"\\s",endsWithParent:!0,excludeEnd:!0,contains:[n]},{className:"regexp",contains:[e.BACKSLASH_ESCAPE,n],variants:[{begin:"\\s\\^",end:"\\s|{|;",returnEnd:!0},{begin:"~\\*?\\s+",end:"\\s|{|;",returnEnd:!0},{begin:"\\*(\\.[a-z\\-]+)+"},{begin:"([a-z\\-]+\\.)+\\*"}]},{className:"number",begin:"\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?\\b"},{className:"number",begin:"\\b\\d+[kKmMgGdshdwy]*\\b",relevance:0},n]};return{name:"Nginx config",aliases:["nginxconf"],contains:[e.HASH_COMMENT_MODE,{begin:e.UNDERSCORE_IDENT_RE+"\\s+{",returnBegin:!0,end:"{",contains:[{className:"section",begin:e.UNDERSCORE_IDENT_RE}],relevance:0},{begin:e.UNDERSCORE_IDENT_RE+"\\s",end:";|{",returnBegin:!0,contains:[{className:"attribute",begin:e.UNDERSCORE_IDENT_RE,starts:a}],relevance:0}],illegal:"[^\\s\\}]"}}}());hljs.registerLanguage("makefile",function(){"use strict";return function(e){var i={className:"variable",variants:[{begin:"\\$\\("+e.UNDERSCORE_IDENT_RE+"\\)",contains:[e.BACKSLASH_ESCAPE]},{begin:/\$[@%|\/>/},a="[A-Za-z$_][0-9A-Za-z$_]*",s={keyword:"in of if for while finally var new function do return void else break catch instanceof with throw case default try this switch continue typeof delete let yield const export super debugger as async await static import from as",literal:"true false null undefined NaN Infinity",built_in:"eval isFinite isNaN parseFloat parseInt decodeURI decodeURIComponent encodeURI encodeURIComponent escape unescape Object Function Boolean Error EvalError InternalError RangeError ReferenceError StopIteration SyntaxError TypeError URIError Number Math Date String RegExp Array Float32Array Float64Array Int16Array Int32Array Int8Array Uint16Array Uint32Array Uint8Array Uint8ClampedArray ArrayBuffer DataView JSON Intl arguments require module console window document Symbol Set Map WeakSet WeakMap Proxy Reflect Promise"},r={className:"number",variants:[{begin:"\\b(0[bB][01]+)n?"},{begin:"\\b(0[oO][0-7]+)n?"},{begin:e.C_NUMBER_RE+"n?"}],relevance:0},i={className:"subst",begin:"\\$\\{",end:"\\}",keywords:s,contains:[]},t={begin:"html`",end:"",starts:{end:"`",returnEnd:!1,contains:[e.BACKSLASH_ESCAPE,i],subLanguage:"xml"}},c={begin:"css`",end:"",starts:{end:"`",returnEnd:!1,contains:[e.BACKSLASH_ESCAPE,i],subLanguage:"css"}},o={className:"string",begin:"`",end:"`",contains:[e.BACKSLASH_ESCAPE,i]};i.contains=[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,t,c,o,r,e.REGEXP_MODE];var l=i.contains.concat([e.C_BLOCK_COMMENT_MODE,e.C_LINE_COMMENT_MODE]),d={className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:l};return{name:"JavaScript",aliases:["js","jsx","mjs","cjs"],keywords:s,contains:[{className:"meta",relevance:10,begin:/^\s*['"]use (strict|asm)['"]/},{className:"meta",begin:/^#!/,end:/$/},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,t,c,o,e.C_LINE_COMMENT_MODE,e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{className:"doctag",begin:"@[A-Za-z]+",contains:[{className:"type",begin:"\\{",end:"\\}",relevance:0},{className:"variable",begin:a+"(?=\\s*(-)|$)",endsParent:!0,relevance:0},{begin:/(?=[^\n])\s/,relevance:0}]}]}),e.C_BLOCK_COMMENT_MODE,r,{begin:/[{,\n]\s*/,relevance:0,contains:[{begin:a+"\\s*:",returnBegin:!0,relevance:0,contains:[{className:"attr",begin:a,relevance:0}]}]},{begin:"("+e.RE_STARTERS_RE+"|\\b(case|return|throw)\\b)\\s*",keywords:"return throw case",contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.REGEXP_MODE,{className:"function",begin:"(\\(.*?\\)|"+a+")\\s*=>",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:a},{begin:/\(\s*\)/},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:s,contains:l}]}]},{begin:/,/,relevance:0},{className:"",begin:/\s/,end:/\s*/,skip:!0},{variants:[{begin:"<>",end:""},{begin:n.begin,end:n.end}],subLanguage:"xml",contains:[{begin:n.begin,end:n.end,skip:!0,contains:["self"]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/\{/,excludeEnd:!0,contains:[e.inherit(e.TITLE_MODE,{begin:a}),d],illegal:/\[|%/},{begin:/\$[(.]/},e.METHOD_GUARD,{className:"class",beginKeywords:"class",end:/[{;=]/,excludeEnd:!0,illegal:/[:"\[\]]/,contains:[{beginKeywords:"extends"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"constructor",end:/\{/,excludeEnd:!0},{begin:"(get|set)\\s+(?="+a+"\\()",end:/{/,keywords:"get set",contains:[e.inherit(e.TITLE_MODE,{begin:a}),{begin:/\(\)/},d]}],illegal:/#(?!!)/}}}());hljs.registerLanguage("xml",function(){"use strict";return function(e){var n={className:"symbol",begin:"&[a-z]+;|&#[0-9]+;|&#x[a-f0-9]+;"},a={begin:"\\s",contains:[{className:"meta-keyword",begin:"#?[a-z_][a-z1-9_-]+",illegal:"\\n"}]},s=e.inherit(a,{begin:"\\(",end:"\\)"}),t=e.inherit(e.APOS_STRING_MODE,{className:"meta-string"}),i=e.inherit(e.QUOTE_STRING_MODE,{className:"meta-string"}),c={endsWithParent:!0,illegal:/`]+/}]}]}]};return{name:"HTML, XML",aliases:["html","xhtml","rss","atom","xjb","xsd","xsl","plist","wsf","svg"],case_insensitive:!0,contains:[{className:"meta",begin:"",relevance:10,contains:[a,i,t,s,{begin:"\\[",end:"\\]",contains:[{className:"meta",begin:"",contains:[a,s,i,t]}]}]},e.COMMENT("\x3c!--","--\x3e",{relevance:10}),{begin:"<\\!\\[CDATA\\[",end:"\\]\\]>",relevance:10},n,{className:"meta",begin:/<\?xml/,end:/\?>/,relevance:10},{className:"tag",begin:")",end:">",keywords:{name:"style"},contains:[c],starts:{end:"",returnEnd:!0,subLanguage:["css","xml"]}},{className:"tag",begin:")",end:">",keywords:{name:"script"},contains:[c],starts:{end:"<\/script>",returnEnd:!0,subLanguage:["javascript","handlebars","xml"]}},{className:"tag",begin:"",contains:[{className:"name",begin:/[^\/><\s]+/,relevance:0},c]}]}}}());hljs.registerLanguage("markdown",function(){"use strict";return function(n){const e={begin:"<",end:">",subLanguage:"xml",relevance:0},a={begin:"\\[.+?\\][\\(\\[].*?[\\)\\]]",returnBegin:!0,contains:[{className:"string",begin:"\\[",end:"\\]",excludeBegin:!0,returnEnd:!0,relevance:0},{className:"link",begin:"\\]\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0},{className:"symbol",begin:"\\]\\[",end:"\\]",excludeBegin:!0,excludeEnd:!0}],relevance:10},i={className:"strong",contains:[],variants:[{begin:/_{2}/,end:/_{2}/},{begin:/\*{2}/,end:/\*{2}/}]},s={className:"emphasis",contains:[],variants:[{begin:/\*(?!\*)/,end:/\*/},{begin:/_(?!_)/,end:/_/,relevance:0}]};i.contains.push(s),s.contains.push(i);var c=[e,a];return i.contains=i.contains.concat(c),s.contains=s.contains.concat(c),{name:"Markdown",aliases:["md","mkdown","mkd"],contains:[{className:"section",variants:[{begin:"^#{1,6}",end:"$",contains:c=c.concat(i,s)},{begin:"(?=^.+?\\n[=-]{2,}$)",contains:[{begin:"^[=-]*$"},{begin:"^",end:"\\n",contains:c}]}]},e,{className:"bullet",begin:"^[ \t]*([*+-]|(\\d+\\.))(?=\\s+)",end:"\\s+",excludeEnd:!0},i,s,{className:"quote",begin:"^>\\s+",contains:c,end:"$"},{className:"code",variants:[{begin:"(`{3,})(.|\\n)*?\\1`*[ ]*"},{begin:"(~{3,})(.|\\n)*?\\1~*[ ]*"},{begin:"```",end:"```+[ ]*$"},{begin:"~~~",end:"~~~+[ ]*$"},{begin:"`.+?`"},{begin:"(?=^( {4}|\\t))",contains:[{begin:"^( {4}|\\t)",end:"(\\n)$"}],relevance:0}]},{begin:"^[-\\*]{3,}",end:"$"},a,{begin:/^\[[^\n]+\]:/,returnBegin:!0,contains:[{className:"symbol",begin:/\[/,end:/\]/,excludeBegin:!0,excludeEnd:!0},{className:"link",begin:/:\s*/,end:/$/,excludeBegin:!0}]}]}}}());hljs.registerLanguage("scss",function(){"use strict";return function(e){var t={className:"variable",begin:"(\\$[a-zA-Z-][a-zA-Z0-9_-]*)\\b"},i={className:"number",begin:"#[0-9A-Fa-f]+"};return e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.C_BLOCK_COMMENT_MODE,{name:"SCSS",case_insensitive:!0,illegal:"[=/|']",contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,{className:"selector-id",begin:"\\#[A-Za-z0-9_-]+",relevance:0},{className:"selector-class",begin:"\\.[A-Za-z0-9_-]+",relevance:0},{className:"selector-attr",begin:"\\[",end:"\\]",illegal:"$"},{className:"selector-tag",begin:"\\b(a|abbr|acronym|address|area|article|aside|audio|b|base|big|blockquote|body|br|button|canvas|caption|cite|code|col|colgroup|command|datalist|dd|del|details|dfn|div|dl|dt|em|embed|fieldset|figcaption|figure|footer|form|frame|frameset|(h[1-6])|head|header|hgroup|hr|html|i|iframe|img|input|ins|kbd|keygen|label|legend|li|link|map|mark|meta|meter|nav|noframes|noscript|object|ol|optgroup|option|output|p|param|pre|progress|q|rp|rt|ruby|samp|script|section|select|small|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|time|title|tr|tt|ul|var|video)\\b",relevance:0},{className:"selector-pseudo",begin:":(visited|valid|root|right|required|read-write|read-only|out-range|optional|only-of-type|only-child|nth-of-type|nth-last-of-type|nth-last-child|nth-child|not|link|left|last-of-type|last-child|lang|invalid|indeterminate|in-range|hover|focus|first-of-type|first-line|first-letter|first-child|first|enabled|empty|disabled|default|checked|before|after|active)"},{className:"selector-pseudo",begin:"::(after|before|choices|first-letter|first-line|repeat-index|repeat-item|selection|value)"},t,{className:"attribute",begin:"\\b(src|z-index|word-wrap|word-spacing|word-break|width|widows|white-space|visibility|vertical-align|unicode-bidi|transition-timing-function|transition-property|transition-duration|transition-delay|transition|transform-style|transform-origin|transform|top|text-underline-position|text-transform|text-shadow|text-rendering|text-overflow|text-indent|text-decoration-style|text-decoration-line|text-decoration-color|text-decoration|text-align-last|text-align|tab-size|table-layout|right|resize|quotes|position|pointer-events|perspective-origin|perspective|page-break-inside|page-break-before|page-break-after|padding-top|padding-right|padding-left|padding-bottom|padding|overflow-y|overflow-x|overflow-wrap|overflow|outline-width|outline-style|outline-offset|outline-color|outline|orphans|order|opacity|object-position|object-fit|normal|none|nav-up|nav-right|nav-left|nav-index|nav-down|min-width|min-height|max-width|max-height|mask|marks|margin-top|margin-right|margin-left|margin-bottom|margin|list-style-type|list-style-position|list-style-image|list-style|line-height|letter-spacing|left|justify-content|initial|inherit|ime-mode|image-orientation|image-resolution|image-rendering|icon|hyphens|height|font-weight|font-variant-ligatures|font-variant|font-style|font-stretch|font-size-adjust|font-size|font-language-override|font-kerning|font-feature-settings|font-family|font|float|flex-wrap|flex-shrink|flex-grow|flex-flow|flex-direction|flex-basis|flex|filter|empty-cells|display|direction|cursor|counter-reset|counter-increment|content|column-width|column-span|column-rule-width|column-rule-style|column-rule-color|column-rule|column-gap|column-fill|column-count|columns|color|clip-path|clip|clear|caption-side|break-inside|break-before|break-after|box-sizing|box-shadow|box-decoration-break|bottom|border-width|border-top-width|border-top-style|border-top-right-radius|border-top-left-radius|border-top-color|border-top|border-style|border-spacing|border-right-width|border-right-style|border-right-color|border-right|border-radius|border-left-width|border-left-style|border-left-color|border-left|border-image-width|border-image-source|border-image-slice|border-image-repeat|border-image-outset|border-image|border-color|border-collapse|border-bottom-width|border-bottom-style|border-bottom-right-radius|border-bottom-left-radius|border-bottom-color|border-bottom|border|background-size|background-repeat|background-position|background-origin|background-image|background-color|background-clip|background-attachment|background-blend-mode|background|backface-visibility|auto|animation-timing-function|animation-play-state|animation-name|animation-iteration-count|animation-fill-mode|animation-duration|animation-direction|animation-delay|animation|align-self|align-items|align-content)\\b",illegal:"[^\\s]"},{begin:"\\b(whitespace|wait|w-resize|visible|vertical-text|vertical-ideographic|uppercase|upper-roman|upper-alpha|underline|transparent|top|thin|thick|text|text-top|text-bottom|tb-rl|table-header-group|table-footer-group|sw-resize|super|strict|static|square|solid|small-caps|separate|se-resize|scroll|s-resize|rtl|row-resize|ridge|right|repeat|repeat-y|repeat-x|relative|progress|pointer|overline|outside|outset|oblique|nowrap|not-allowed|normal|none|nw-resize|no-repeat|no-drop|newspaper|ne-resize|n-resize|move|middle|medium|ltr|lr-tb|lowercase|lower-roman|lower-alpha|loose|list-item|line|line-through|line-edge|lighter|left|keep-all|justify|italic|inter-word|inter-ideograph|inside|inset|inline|inline-block|inherit|inactive|ideograph-space|ideograph-parenthesis|ideograph-numeric|ideograph-alpha|horizontal|hidden|help|hand|groove|fixed|ellipsis|e-resize|double|dotted|distribute|distribute-space|distribute-letter|distribute-all-lines|disc|disabled|default|decimal|dashed|crosshair|collapse|col-resize|circle|char|center|capitalize|break-word|break-all|bottom|both|bolder|bold|block|bidi-override|below|baseline|auto|always|all-scroll|absolute|table|table-cell)\\b"},{begin:":",end:";",contains:[t,i,e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,{className:"meta",begin:"!important"}]},{begin:"@(page|font-face)",lexemes:"@[a-z-]+",keywords:"@page @font-face"},{begin:"@",end:"[{;]",returnBegin:!0,keywords:"and or not only",contains:[{begin:"@[a-z-]+",className:"keyword"},t,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,i,e.CSS_NUMBER_MODE]}]}}}());hljs.registerLanguage("lua",function(){"use strict";return function(e){var t={begin:"\\[=*\\[",end:"\\]=*\\]",contains:["self"]},a=[e.COMMENT("--(?!\\[=*\\[)","$"),e.COMMENT("--\\[=*\\[","\\]=*\\]",{contains:[t],relevance:10})];return{name:"Lua",lexemes:e.UNDERSCORE_IDENT_RE,keywords:{literal:"true false nil",keyword:"and break do else elseif end for goto if in local not or repeat return then until while",built_in:"_G _ENV _VERSION __index __newindex __mode __call __metatable __tostring __len __gc __add __sub __mul __div __mod __pow __concat __unm __eq __lt __le assert collectgarbage dofile error getfenv getmetatable ipairs load loadfile loadstring module next pairs pcall print rawequal rawget rawset require select setfenv setmetatable tonumber tostring type unpack xpcall arg self coroutine resume yield status wrap create running debug getupvalue debug sethook getmetatable gethook setmetatable setlocal traceback setfenv getinfo setupvalue getlocal getregistry getfenv io lines write close flush open output type read stderr stdin input stdout popen tmpfile math log max acos huge ldexp pi cos tanh pow deg tan cosh sinh random randomseed frexp ceil floor rad abs sqrt modf asin min mod fmod log10 atan2 exp sin atan os exit setlocale date getenv difftime remove time clock tmpname rename execute package preload loadlib loaded loaders cpath config path seeall string sub upper len gfind rep find match char dump gmatch reverse byte format gsub lower table setn insert getn foreachi maxn foreach concat sort remove"},contains:a.concat([{className:"function",beginKeywords:"function",end:"\\)",contains:[e.inherit(e.TITLE_MODE,{begin:"([_a-zA-Z]\\w*\\.)*([_a-zA-Z]\\w*:)?[_a-zA-Z]\\w*"}),{className:"params",begin:"\\(",endsWithParent:!0,contains:a}].concat(a)},e.C_NUMBER_MODE,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,{className:"string",begin:"\\[=*\\[",end:"\\]=*\\]",contains:[t],relevance:5}])}}}());hljs.registerLanguage("coffeescript",function(){"use strict";return function(e){var n={keyword:"in if for while finally new do return else break catch instanceof throw try this switch continue typeof delete debugger super yield import export from as default await then unless until loop of by when and or is isnt not",literal:"true false null undefined yes no on off",built_in:"npm require console print module global window document"},i="[A-Za-z$_][0-9A-Za-z$_]*",s={className:"subst",begin:/#\{/,end:/}/,keywords:n},a=[e.BINARY_NUMBER_MODE,e.inherit(e.C_NUMBER_MODE,{starts:{end:"(\\s*/)?",relevance:0}}),{className:"string",variants:[{begin:/'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE]},{begin:/'/,end:/'/,contains:[e.BACKSLASH_ESCAPE]},{begin:/"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,s]},{begin:/"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s]}]},{className:"regexp",variants:[{begin:"///",end:"///",contains:[s,e.HASH_COMMENT_MODE]},{begin:"//[gim]{0,3}(?=\\W)",relevance:0},{begin:/\/(?![ *]).*?(?![\\]).\/[gim]{0,3}(?=\W)/}]},{begin:"@"+i},{subLanguage:"javascript",excludeBegin:!0,excludeEnd:!0,variants:[{begin:"```",end:"```"},{begin:"`",end:"`"}]}];s.contains=a;var t=e.inherit(e.TITLE_MODE,{begin:i}),r={className:"params",begin:"\\([^\\(]",returnBegin:!0,contains:[{begin:/\(/,end:/\)/,keywords:n,contains:["self"].concat(a)}]};return{name:"CoffeeScript",aliases:["coffee","cson","iced"],keywords:n,illegal:/\/\*/,contains:a.concat([e.COMMENT("###","###"),e.HASH_COMMENT_MODE,{className:"function",begin:"^\\s*"+i+"\\s*=\\s*(\\(.*\\))?\\s*\\B[-=]>",end:"[-=]>",returnBegin:!0,contains:[t,r]},{begin:/[:\(,=]\s*/,relevance:0,contains:[{className:"function",begin:"(\\(.*\\))?\\s*\\B[-=]>",end:"[-=]>",returnBegin:!0,contains:[r]}]},{className:"class",beginKeywords:"class",end:"$",illegal:/[:="\[\]]/,contains:[{beginKeywords:"extends",endsWithParent:!0,illegal:/[:="\[\]]/,contains:[t]},t]},{begin:i+":",end:":",returnBegin:!0,returnEnd:!0,relevance:0}])}}}());hljs.registerLanguage("sql",function(){"use strict";return function(e){var t=e.COMMENT("--","$");return{name:"SQL",case_insensitive:!0,illegal:/[<>{}*]/,contains:[{beginKeywords:"begin end start commit rollback savepoint lock alter create drop rename call delete do handler insert load replace select truncate update set show pragma grant merge describe use explain help declare prepare execute deallocate release unlock purge reset change stop analyze cache flush optimize repair kill install uninstall checksum restore check backup revoke comment values with",end:/;/,endsWithParent:!0,lexemes:/[\w\.]+/,keywords:{keyword:"as abort abs absolute acc acce accep accept access accessed accessible account acos action activate add addtime admin administer advanced advise aes_decrypt aes_encrypt after agent aggregate ali alia alias all allocate allow alter always analyze ancillary and anti any anydata anydataset anyschema anytype apply archive archived archivelog are as asc ascii asin assembly assertion associate asynchronous at atan atn2 attr attri attrib attribu attribut attribute attributes audit authenticated authentication authid authors auto autoallocate autodblink autoextend automatic availability avg backup badfile basicfile before begin beginning benchmark between bfile bfile_base big bigfile bin binary_double binary_float binlog bit_and bit_count bit_length bit_or bit_xor bitmap blob_base block blocksize body both bound bucket buffer_cache buffer_pool build bulk by byte byteordermark bytes cache caching call calling cancel capacity cascade cascaded case cast catalog category ceil ceiling chain change changed char_base char_length character_length characters characterset charindex charset charsetform charsetid check checksum checksum_agg child choose chr chunk class cleanup clear client clob clob_base clone close cluster_id cluster_probability cluster_set clustering coalesce coercibility col collate collation collect colu colum column column_value columns columns_updated comment commit compact compatibility compiled complete composite_limit compound compress compute concat concat_ws concurrent confirm conn connec connect connect_by_iscycle connect_by_isleaf connect_by_root connect_time connection consider consistent constant constraint constraints constructor container content contents context contributors controlfile conv convert convert_tz corr corr_k corr_s corresponding corruption cos cost count count_big counted covar_pop covar_samp cpu_per_call cpu_per_session crc32 create creation critical cross cube cume_dist curdate current current_date current_time current_timestamp current_user cursor curtime customdatum cycle data database databases datafile datafiles datalength date_add date_cache date_format date_sub dateadd datediff datefromparts datename datepart datetime2fromparts day day_to_second dayname dayofmonth dayofweek dayofyear days db_role_change dbtimezone ddl deallocate declare decode decompose decrement decrypt deduplicate def defa defau defaul default defaults deferred defi defin define degrees delayed delegate delete delete_all delimited demand dense_rank depth dequeue des_decrypt des_encrypt des_key_file desc descr descri describ describe descriptor deterministic diagnostics difference dimension direct_load directory disable disable_all disallow disassociate discardfile disconnect diskgroup distinct distinctrow distribute distributed div do document domain dotnet double downgrade drop dumpfile duplicate duration each edition editionable editions element ellipsis else elsif elt empty enable enable_all enclosed encode encoding encrypt end end-exec endian enforced engine engines enqueue enterprise entityescaping eomonth error errors escaped evalname evaluate event eventdata events except exception exceptions exchange exclude excluding execu execut execute exempt exists exit exp expire explain explode export export_set extended extent external external_1 external_2 externally extract failed failed_login_attempts failover failure far fast feature_set feature_value fetch field fields file file_name_convert filesystem_like_logging final finish first first_value fixed flash_cache flashback floor flush following follows for forall force foreign form forma format found found_rows freelist freelists freepools fresh from from_base64 from_days ftp full function general generated get get_format get_lock getdate getutcdate global global_name globally go goto grant grants greatest group group_concat group_id grouping grouping_id groups gtid_subtract guarantee guard handler hash hashkeys having hea head headi headin heading heap help hex hierarchy high high_priority hosts hour hours http id ident_current ident_incr ident_seed identified identity idle_time if ifnull ignore iif ilike ilm immediate import in include including increment index indexes indexing indextype indicator indices inet6_aton inet6_ntoa inet_aton inet_ntoa infile initial initialized initially initrans inmemory inner innodb input insert install instance instantiable instr interface interleaved intersect into invalidate invisible is is_free_lock is_ipv4 is_ipv4_compat is_not is_not_null is_used_lock isdate isnull isolation iterate java join json json_exists keep keep_duplicates key keys kill language large last last_day last_insert_id last_value lateral lax lcase lead leading least leaves left len lenght length less level levels library like like2 like4 likec limit lines link list listagg little ln load load_file lob lobs local localtime localtimestamp locate locator lock locked log log10 log2 logfile logfiles logging logical logical_reads_per_call logoff logon logs long loop low low_priority lower lpad lrtrim ltrim main make_set makedate maketime managed management manual map mapping mask master master_pos_wait match matched materialized max maxextents maximize maxinstances maxlen maxlogfiles maxloghistory maxlogmembers maxsize maxtrans md5 measures median medium member memcompress memory merge microsecond mid migration min minextents minimum mining minus minute minutes minvalue missing mod mode model modification modify module monitoring month months mount move movement multiset mutex name name_const names nan national native natural nav nchar nclob nested never new newline next nextval no no_write_to_binlog noarchivelog noaudit nobadfile nocheck nocompress nocopy nocycle nodelay nodiscardfile noentityescaping noguarantee nokeep nologfile nomapping nomaxvalue nominimize nominvalue nomonitoring none noneditionable nonschema noorder nopr nopro noprom nopromp noprompt norely noresetlogs noreverse normal norowdependencies noschemacheck noswitch not nothing notice notnull notrim novalidate now nowait nth_value nullif nulls num numb numbe nvarchar nvarchar2 object ocicoll ocidate ocidatetime ociduration ociinterval ociloblocator ocinumber ociref ocirefcursor ocirowid ocistring ocitype oct octet_length of off offline offset oid oidindex old on online only opaque open operations operator optimal optimize option optionally or oracle oracle_date oradata ord ordaudio orddicom orddoc order ordimage ordinality ordvideo organization orlany orlvary out outer outfile outline output over overflow overriding package pad parallel parallel_enable parameters parent parse partial partition partitions pascal passing password password_grace_time password_lock_time password_reuse_max password_reuse_time password_verify_function patch path patindex pctincrease pctthreshold pctused pctversion percent percent_rank percentile_cont percentile_disc performance period period_add period_diff permanent physical pi pipe pipelined pivot pluggable plugin policy position post_transaction pow power pragma prebuilt precedes preceding precision prediction prediction_cost prediction_details prediction_probability prediction_set prepare present preserve prior priority private private_sga privileges procedural procedure procedure_analyze processlist profiles project prompt protection public publishingservername purge quarter query quick quiesce quota quotename radians raise rand range rank raw read reads readsize rebuild record records recover recovery recursive recycle redo reduced ref reference referenced references referencing refresh regexp_like register regr_avgx regr_avgy regr_count regr_intercept regr_r2 regr_slope regr_sxx regr_sxy reject rekey relational relative relaylog release release_lock relies_on relocate rely rem remainder rename repair repeat replace replicate replication required reset resetlogs resize resource respect restore restricted result result_cache resumable resume retention return returning returns reuse reverse revoke right rlike role roles rollback rolling rollup round row row_count rowdependencies rowid rownum rows rtrim rules safe salt sample save savepoint sb1 sb2 sb4 scan schema schemacheck scn scope scroll sdo_georaster sdo_topo_geometry search sec_to_time second seconds section securefile security seed segment select self semi sequence sequential serializable server servererror session session_user sessions_per_user set sets settings sha sha1 sha2 share shared shared_pool short show shrink shutdown si_averagecolor si_colorhistogram si_featurelist si_positionalcolor si_stillimage si_texture siblings sid sign sin size size_t sizes skip slave sleep smalldatetimefromparts smallfile snapshot some soname sort soundex source space sparse spfile split sql sql_big_result sql_buffer_result sql_cache sql_calc_found_rows sql_small_result sql_variant_property sqlcode sqldata sqlerror sqlname sqlstate sqrt square standalone standby start starting startup statement static statistics stats_binomial_test stats_crosstab stats_ks_test stats_mode stats_mw_test stats_one_way_anova stats_t_test_ stats_t_test_indep stats_t_test_one stats_t_test_paired stats_wsr_test status std stddev stddev_pop stddev_samp stdev stop storage store stored str str_to_date straight_join strcmp strict string struct stuff style subdate subpartition subpartitions substitutable substr substring subtime subtring_index subtype success sum suspend switch switchoffset switchover sync synchronous synonym sys sys_xmlagg sysasm sysaux sysdate sysdatetimeoffset sysdba sysoper system system_user sysutcdatetime table tables tablespace tablesample tan tdo template temporary terminated tertiary_weights test than then thread through tier ties time time_format time_zone timediff timefromparts timeout timestamp timestampadd timestampdiff timezone_abbr timezone_minute timezone_region to to_base64 to_date to_days to_seconds todatetimeoffset trace tracking transaction transactional translate translation treat trigger trigger_nestlevel triggers trim truncate try_cast try_convert try_parse type ub1 ub2 ub4 ucase unarchived unbounded uncompress under undo unhex unicode uniform uninstall union unique unix_timestamp unknown unlimited unlock unnest unpivot unrecoverable unsafe unsigned until untrusted unusable unused update updated upgrade upped upper upsert url urowid usable usage use use_stored_outlines user user_data user_resources users using utc_date utc_timestamp uuid uuid_short validate validate_password_strength validation valist value values var var_samp varcharc vari varia variab variabl variable variables variance varp varraw varrawc varray verify version versions view virtual visible void wait wallet warning warnings week weekday weekofyear wellformed when whene whenev wheneve whenever where while whitespace window with within without work wrapped xdb xml xmlagg xmlattributes xmlcast xmlcolattval xmlelement xmlexists xmlforest xmlindex xmlnamespaces xmlpi xmlquery xmlroot xmlschema xmlserialize xmltable xmltype xor year year_to_month years yearweek",literal:"true false null unknown",built_in:"array bigint binary bit blob bool boolean char character date dec decimal float int int8 integer interval number numeric real record serial serial8 smallint text time timestamp tinyint varchar varchar2 varying void"},contains:[{className:"string",begin:"'",end:"'",contains:[{begin:"''"}]},{className:"string",begin:'"',end:'"',contains:[{begin:'""'}]},{className:"string",begin:"`",end:"`"},e.C_NUMBER_MODE,e.C_BLOCK_COMMENT_MODE,t,e.HASH_COMMENT_MODE]},e.C_BLOCK_COMMENT_MODE,t,e.HASH_COMMENT_MODE]}}}());hljs.registerLanguage("less",function(){"use strict";return function(e){var n="([\\w-]+|@{[\\w-]+})",a=[],s=[],t=function(e){return{className:"string",begin:"~?"+e+".*?"+e}},r=function(e,n,a){return{className:e,begin:n,relevance:a}},i={begin:"\\(",end:"\\)",contains:s,relevance:0};s.push(e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,t("'"),t('"'),e.CSS_NUMBER_MODE,{begin:"(url|data-uri)\\(",starts:{className:"string",end:"[\\)\\n]",excludeEnd:!0}},r("number","#[0-9A-Fa-f]+\\b"),i,r("variable","@@?[\\w-]+",10),r("variable","@{[\\w-]+}"),r("built_in","~?`[^`]*?`"),{className:"attribute",begin:"[\\w-]+\\s*:",end:":",returnBegin:!0,excludeEnd:!0},{className:"meta",begin:"!important"});var c=s.concat({begin:"{",end:"}",contains:a}),l={beginKeywords:"when",endsWithParent:!0,contains:[{beginKeywords:"and not"}].concat(s)},o={begin:n+"\\s*:",returnBegin:!0,end:"[;}]",relevance:0,contains:[{className:"attribute",begin:n,end:":",excludeEnd:!0,starts:{endsWithParent:!0,illegal:"[<=$]",relevance:0,contains:s}}]},g={className:"keyword",begin:"@(import|media|charset|font-face|(-[a-z]+-)?keyframes|supports|document|namespace|page|viewport|host)\\b",starts:{end:"[;{}]",returnEnd:!0,contains:s,relevance:0}},d={className:"variable",variants:[{begin:"@[\\w-]+\\s*:",relevance:15},{begin:"@[\\w-]+"}],starts:{end:"[;}]",returnEnd:!0,contains:c}},b={variants:[{begin:"[\\.#:&\\[>]",end:"[;{}]"},{begin:n,end:"{"}],returnBegin:!0,returnEnd:!0,illegal:"[<='$\"]",relevance:0,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,l,r("keyword","all\\b"),r("variable","@{[\\w-]+}"),r("selector-tag",n+"%?",0),r("selector-id","#"+n),r("selector-class","\\."+n,0),r("selector-tag","&",0),{className:"selector-attr",begin:"\\[",end:"\\]"},{className:"selector-pseudo",begin:/:(:)?[a-zA-Z0-9\_\-\+\(\)"'.]+/},{begin:"\\(",end:"\\)",contains:c},{begin:"!important"}]};return a.push(e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,g,d,o,b),{name:"Less",case_insensitive:!0,illegal:"[=>'/<($\"]",contains:a}}}());hljs.registerLanguage("go",function(){"use strict";return function(e){var n={keyword:"break default func interface select case map struct chan else goto package switch const fallthrough if range type continue for import return var go defer bool byte complex64 complex128 float32 float64 int8 int16 int32 int64 string uint8 uint16 uint32 uint64 int uint uintptr rune",literal:"true false iota nil",built_in:"append cap close complex copy imag len make new panic print println real recover delete"};return{name:"Go",aliases:["golang"],keywords:n,illegal:"/},{className:"params",begin:/\(/,end:/\)/,endsParent:!0,keywords:i,contains:["self",r,a,e.C_BLOCK_COMMENT_MODE,{begin:":"}],illegal:/["']/}],illegal:/\[|%/},{className:"class",beginKeywords:"struct protocol class extension enum",keywords:i,end:"\\{",excludeEnd:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/[A-Za-z$_][\u00C0-\u02B80-9A-Za-z$_]*/})]},{className:"meta",begin:"(@discardableResult|@warn_unused_result|@exported|@lazy|@noescape|@NSCopying|@NSManaged|@objc|@objcMembers|@convention|@required|@noreturn|@IBAction|@IBDesignable|@IBInspectable|@IBOutlet|@infix|@prefix|@postfix|@autoclosure|@testable|@available|@nonobjc|@NSApplicationMain|@UIApplicationMain|@dynamicMemberLookup|@propertyWrapper)"},{beginKeywords:"import",end:/$/,contains:[e.C_LINE_COMMENT_MODE,n]}]}}}());hljs.registerLanguage("php",function(){"use strict";return function(e){var r={begin:"\\$+[a-zA-Z_-ÿ][a-zA-Z0-9_-ÿ]*"},t={className:"meta",variants:[{begin:/<\?php/,relevance:10},{begin:/<\?[=]?/},{begin:/\?>/}]},a={className:"string",contains:[e.BACKSLASH_ESCAPE,t],variants:[{begin:'b"',end:'"'},{begin:"b'",end:"'"},e.inherit(e.APOS_STRING_MODE,{illegal:null}),e.inherit(e.QUOTE_STRING_MODE,{illegal:null})]},n={variants:[e.BINARY_NUMBER_MODE,e.C_NUMBER_MODE]},i={keyword:"__CLASS__ __DIR__ __FILE__ __FUNCTION__ __LINE__ __METHOD__ __NAMESPACE__ __TRAIT__ die echo exit include include_once print require require_once array abstract and as binary bool boolean break callable case catch class clone const continue declare default do double else elseif empty enddeclare endfor endforeach endif endswitch endwhile eval extends final finally float for foreach from global goto if implements instanceof insteadof int integer interface isset iterable list new object or private protected public real return string switch throw trait try unset use var void while xor yield",literal:"false null true",built_in:"Error|0 AppendIterator ArgumentCountError ArithmeticError ArrayIterator ArrayObject AssertionError BadFunctionCallException BadMethodCallException CachingIterator CallbackFilterIterator CompileError Countable DirectoryIterator DivisionByZeroError DomainException EmptyIterator ErrorException Exception FilesystemIterator FilterIterator GlobIterator InfiniteIterator InvalidArgumentException IteratorIterator LengthException LimitIterator LogicException MultipleIterator NoRewindIterator OutOfBoundsException OutOfRangeException OuterIterator OverflowException ParentIterator ParseError RangeException RecursiveArrayIterator RecursiveCachingIterator RecursiveCallbackFilterIterator RecursiveDirectoryIterator RecursiveFilterIterator RecursiveIterator RecursiveIteratorIterator RecursiveRegexIterator RecursiveTreeIterator RegexIterator RuntimeException SeekableIterator SplDoublyLinkedList SplFileInfo SplFileObject SplFixedArray SplHeap SplMaxHeap SplMinHeap SplObjectStorage SplObserver SplObserver SplPriorityQueue SplQueue SplStack SplSubject SplSubject SplTempFileObject TypeError UnderflowException UnexpectedValueException ArrayAccess Closure Generator Iterator IteratorAggregate Serializable Throwable Traversable WeakReference Directory __PHP_Incomplete_Class parent php_user_filter self static stdClass"};return{aliases:["php","php3","php4","php5","php6","php7"],case_insensitive:!0,keywords:i,contains:[e.HASH_COMMENT_MODE,e.COMMENT("//","$",{contains:[t]}),e.COMMENT("/\\*","\\*/",{contains:[{className:"doctag",begin:"@[A-Za-z]+"}]}),e.COMMENT("__halt_compiler.+?;",!1,{endsWithParent:!0,keywords:"__halt_compiler",lexemes:e.UNDERSCORE_IDENT_RE}),{className:"string",begin:/<<<['"]?\w+['"]?$/,end:/^\w+;?$/,contains:[e.BACKSLASH_ESCAPE,{className:"subst",variants:[{begin:/\$\w+/},{begin:/\{\$/,end:/\}/}]}]},t,{className:"keyword",begin:/\$this\b/},r,{begin:/(::|->)+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*/},{className:"function",beginKeywords:"fn function",end:/[;{]/,excludeEnd:!0,illegal:"[$%\\[]",contains:[e.UNDERSCORE_TITLE_MODE,{className:"params",begin:"\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0,keywords:i,contains:["self",r,e.C_BLOCK_COMMENT_MODE,a,n]}]},{className:"class",beginKeywords:"class interface",end:"{",excludeEnd:!0,illegal:/[:\(\$"]/,contains:[{beginKeywords:"extends implements"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"namespace",end:";",illegal:/[\.']/,contains:[e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"use",end:";",contains:[e.UNDERSCORE_TITLE_MODE]},{begin:"=>"},a,n]}}}());hljs.registerLanguage("php-template",function(){"use strict";return function(n){return{name:"PHP template",subLanguage:"xml",contains:[{begin:/<\?(php|=)?/,end:/\?>/,subLanguage:"php",contains:[{begin:"/\\*",end:"\\*/",skip:!0},{begin:'b"',end:'"',skip:!0},{begin:"b'",end:"'",skip:!0},n.inherit(n.APOS_STRING_MODE,{illegal:null,className:null,contains:null,skip:!0}),n.inherit(n.QUOTE_STRING_MODE,{illegal:null,className:null,contains:null,skip:!0})]}]}}}());hljs.registerLanguage("diff",function(){"use strict";return function(e){return{name:"Diff",aliases:["patch"],contains:[{className:"meta",relevance:10,variants:[{begin:/^@@ +\-\d+,\d+ +\+\d+,\d+ +@@$/},{begin:/^\*\*\* +\d+,\d+ +\*\*\*\*$/},{begin:/^\-\-\- +\d+,\d+ +\-\-\-\-$/}]},{className:"comment",variants:[{begin:/Index: /,end:/$/},{begin:/={3,}/,end:/$/},{begin:/^\-{3}/,end:/$/},{begin:/^\*{3} /,end:/$/},{begin:/^\+{3}/,end:/$/},{begin:/^\*{15}$/}]},{className:"addition",begin:"^\\+",end:"$"},{className:"deletion",begin:"^\\-",end:"$"},{className:"addition",begin:"^\\!",end:"$"}]}}}());hljs.registerLanguage("c-like",function(){"use strict";return function(e){function t(e){return"(?:"+e+")?"}var n="(decltype\\(auto\\)|"+t("[a-zA-Z_]\\w*::")+"[a-zA-Z_]\\w*"+t("<.*?>")+")",r={className:"keyword",begin:"\\b[a-z\\d_]*_t\\b"},a={className:"string",variants:[{begin:'(u8?|U|L)?"',end:'"',illegal:"\\n",contains:[e.BACKSLASH_ESCAPE]},{begin:"(u8?|U|L)?'(\\\\(x[0-9A-Fa-f]{2}|u[0-9A-Fa-f]{4,8}|[0-7]{3}|\\S)|.)",end:"'",illegal:"."},{begin:/(?:u8?|U|L)?R"([^()\\ ]{0,16})\((?:.|\n)*?\)\1"/}]},s={className:"number",variants:[{begin:"\\b(0b[01']+)"},{begin:"(-?)\\b([\\d']+(\\.[\\d']*)?|\\.[\\d']+)(u|U|l|L|ul|UL|f|F|b|B)"},{begin:"(-?)(\\b0[xX][a-fA-F0-9']+|(\\b[\\d']+(\\.[\\d']*)?|\\.[\\d']+)([eE][-+]?[\\d']+)?)"}],relevance:0},i={className:"meta",begin:/#\s*[a-z]+\b/,end:/$/,keywords:{"meta-keyword":"if else elif endif define undef warning error line pragma _Pragma ifdef ifndef include"},contains:[{begin:/\\\n/,relevance:0},e.inherit(a,{className:"meta-string"}),{className:"meta-string",begin:/<.*?>/,end:/$/,illegal:"\\n"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},c={className:"title",begin:t("[a-zA-Z_]\\w*::")+e.IDENT_RE,relevance:0},o=t("[a-zA-Z_]\\w*::")+e.IDENT_RE+"\\s*\\(",l={keyword:"int float while private char char8_t char16_t char32_t catch import module export virtual operator sizeof dynamic_cast|10 typedef const_cast|10 const for static_cast|10 union namespace unsigned long volatile static protected bool template mutable if public friend do goto auto void enum else break extern using asm case typeid wchar_t short reinterpret_cast|10 default double register explicit signed typename try this switch continue inline delete alignas alignof constexpr consteval constinit decltype concept co_await co_return co_yield requires noexcept static_assert thread_local restrict final override atomic_bool atomic_char atomic_schar atomic_uchar atomic_short atomic_ushort atomic_int atomic_uint atomic_long atomic_ulong atomic_llong atomic_ullong new throw return and and_eq bitand bitor compl not not_eq or or_eq xor xor_eq",built_in:"std string wstring cin cout cerr clog stdin stdout stderr stringstream istringstream ostringstream auto_ptr deque list queue stack vector map set bitset multiset multimap unordered_set unordered_map unordered_multiset unordered_multimap array shared_ptr abort terminate abs acos asin atan2 atan calloc ceil cosh cos exit exp fabs floor fmod fprintf fputs free frexp fscanf future isalnum isalpha iscntrl isdigit isgraph islower isprint ispunct isspace isupper isxdigit tolower toupper labs ldexp log10 log malloc realloc memchr memcmp memcpy memset modf pow printf putchar puts scanf sinh sin snprintf sprintf sqrt sscanf strcat strchr strcmp strcpy strcspn strlen strncat strncmp strncpy strpbrk strrchr strspn strstr tanh tan vfprintf vprintf vsprintf endl initializer_list unique_ptr _Bool complex _Complex imaginary _Imaginary",literal:"true false nullptr NULL"},d=[r,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,s,a],_={variants:[{begin:/=/,end:/;/},{begin:/\(/,end:/\)/},{beginKeywords:"new throw return else",end:/;/}],keywords:l,contains:d.concat([{begin:/\(/,end:/\)/,keywords:l,contains:d.concat(["self"]),relevance:0}]),relevance:0},u={className:"function",begin:"("+n+"[\\*&\\s]+)+"+o,returnBegin:!0,end:/[{;=]/,excludeEnd:!0,keywords:l,illegal:/[^\w\s\*&:<>]/,contains:[{begin:"decltype\\(auto\\)",keywords:l,relevance:0},{begin:o,returnBegin:!0,contains:[c],relevance:0},{className:"params",begin:/\(/,end:/\)/,keywords:l,relevance:0,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,s,r,{begin:/\(/,end:/\)/,keywords:l,relevance:0,contains:["self",e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,s,r]}]},r,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,i]};return{aliases:["c","cc","h","c++","h++","hpp","hh","hxx","cxx"],keywords:l,disableAutodetect:!0,illegal:"",keywords:l,contains:["self",r]},{begin:e.IDENT_RE+"::",keywords:l},{className:"class",beginKeywords:"class struct",end:/[{;:]/,contains:[{begin://,contains:["self"]},e.TITLE_MODE]}]),exports:{preprocessor:i,strings:a,keywords:l}}}}());hljs.registerLanguage("c",function(){"use strict";return function(e){var n=e.getLanguage("c-like").rawDefinition();return n.name="C",n.aliases=["c","h"],n}}());hljs.registerLanguage("http",function(){"use strict";return function(e){var n="HTTP/[0-9\\.]+";return{name:"HTTP",aliases:["https"],illegal:"\\S",contains:[{begin:"^"+n,end:"$",contains:[{className:"number",begin:"\\b\\d{3}\\b"}]},{begin:"^[A-Z]+ (.*?) "+n+"$",returnBegin:!0,end:"$",contains:[{className:"string",begin:" ",end:" ",excludeBegin:!0,excludeEnd:!0},{begin:n},{className:"keyword",begin:"[A-Z]+"}]},{className:"attribute",begin:"^\\w",end:": ",excludeEnd:!0,illegal:"\\n|\\s|=",starts:{end:"$",relevance:0}},{begin:"\\n\\n",starts:{subLanguage:[],endsWithParent:!0}}]}}}());hljs.registerLanguage("python",function(){"use strict";return function(e){var n={keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda async await nonlocal|10",built_in:"Ellipsis NotImplemented",literal:"False None True"},a={className:"meta",begin:/^(>>>|\.\.\.) /},i={className:"subst",begin:/\{/,end:/\}/,keywords:n,illegal:/#/},s={begin:/\{\{/,relevance:0},r={className:"string",contains:[e.BACKSLASH_ESCAPE],variants:[{begin:/(u|b)?r?'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(u|b)?r?"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(fr|rf|f)'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(fr|rf|f)"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(u|r|ur)'/,end:/'/,relevance:10},{begin:/(u|r|ur)"/,end:/"/,relevance:10},{begin:/(b|br)'/,end:/'/},{begin:/(b|br)"/,end:/"/},{begin:/(fr|rf|f)'/,end:/'/,contains:[e.BACKSLASH_ESCAPE,s,i]},{begin:/(fr|rf|f)"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,i]},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},l={className:"number",relevance:0,variants:[{begin:e.BINARY_NUMBER_RE+"[lLjJ]?"},{begin:"\\b(0o[0-7]+)[lLjJ]?"},{begin:e.C_NUMBER_RE+"[lLjJ]?"}]},t={className:"params",variants:[{begin:/\(\s*\)/,skip:!0,className:null},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:["self",a,l,r,e.HASH_COMMENT_MODE]}]};return i.contains=[r,l,a],{name:"Python",aliases:["py","gyp","ipython"],keywords:n,illegal:/(<\/|->|\?)|=>/,contains:[a,l,{beginKeywords:"if",relevance:0},r,e.HASH_COMMENT_MODE,{variants:[{className:"function",beginKeywords:"def"},{className:"class",beginKeywords:"class"}],end:/:/,illegal:/[${=;\n,]/,contains:[e.UNDERSCORE_TITLE_MODE,t,{begin:/->/,endsWithParent:!0,keywords:"None"}]},{className:"meta",begin:/^[\t ]*@/,end:/$/},{begin:/\b(print|exec)\(/}]}}}());hljs.registerLanguage("bash",function(){"use strict";return function(e){const s={};Object.assign(s,{className:"variable",variants:[{begin:/\$[\w\d#@][\w\d_]*/},{begin:/\$\{/,end:/\}/,contains:[{begin:/:-/,contains:[s]}]}]});const n={className:"subst",begin:/\$\(/,end:/\)/,contains:[e.BACKSLASH_ESCAPE]},t={className:"string",begin:/"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,n]};n.contains.push(t);const a={begin:/\$\(\(/,end:/\)\)/,contains:[{begin:/\d+#[0-9a-f]+/,className:"number"},e.NUMBER_MODE,s]};return{name:"Bash",aliases:["sh","zsh"],lexemes:/\b-?[a-z\._]+\b/,keywords:{keyword:"if then else elif fi for while in do done case esac function",literal:"true false",built_in:"break cd continue eval exec exit export getopts hash pwd readonly return shift test times trap umask unset alias bind builtin caller command declare echo enable help let local logout mapfile printf read readarray source type typeset ulimit unalias set shopt autoload bg bindkey bye cap chdir clone comparguments compcall compctl compdescribe compfiles compgroups compquote comptags comptry compvalues dirs disable disown echotc echoti emulate fc fg float functions getcap getln history integer jobs kill limit log noglob popd print pushd pushln rehash sched setcap setopt stat suspend ttyctl unfunction unhash unlimit unsetopt vared wait whence where which zcompile zformat zftp zle zmodload zparseopts zprof zpty zregexparse zsocket zstyle ztcp",_:"-ne -eq -lt -gt -f -d -e -s -l -a"},contains:[{className:"meta",begin:/^#![^\n]+sh\s*$/,relevance:10},{className:"function",begin:/\w[\w\d_]*\s*\(\s*\)\s*\{/,returnBegin:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/\w[\w\d_]*/})],relevance:0},a,e.HASH_COMMENT_MODE,t,{className:"",begin:/\\"/},{className:"string",begin:/'/,end:/'/},s]}}}());hljs.registerLanguage("css",function(){"use strict";return function(e){var n={begin:/(?:[A-Z\_\.\-]+|--[a-zA-Z0-9_-]+)\s*:/,returnBegin:!0,end:";",endsWithParent:!0,contains:[{className:"attribute",begin:/\S/,end:":",excludeEnd:!0,starts:{endsWithParent:!0,excludeEnd:!0,contains:[{begin:/[\w-]+\(/,returnBegin:!0,contains:[{className:"built_in",begin:/[\w-]+/},{begin:/\(/,end:/\)/,contains:[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.CSS_NUMBER_MODE]}]},e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.C_BLOCK_COMMENT_MODE,{className:"number",begin:"#[0-9A-Fa-f]+"},{className:"meta",begin:"!important"}]}}]};return{name:"CSS",case_insensitive:!0,illegal:/[=\/|'\$]/,contains:[e.C_BLOCK_COMMENT_MODE,{className:"selector-id",begin:/#[A-Za-z0-9_-]+/},{className:"selector-class",begin:/\.[A-Za-z0-9_-]+/},{className:"selector-attr",begin:/\[/,end:/\]/,illegal:"$",contains:[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},{className:"selector-pseudo",begin:/:(:)?[a-zA-Z0-9\_\-\+\(\)"'.]+/},{begin:"@(page|font-face)",lexemes:"@[a-z-]+",keywords:"@page @font-face"},{begin:"@",end:"[{;]",illegal:/:/,returnBegin:!0,contains:[{className:"keyword",begin:/@\-?\w[\w]*(\-\w+)*/},{begin:/\s/,endsWithParent:!0,excludeEnd:!0,relevance:0,keywords:"and or not only",contains:[{begin:/[a-z-]+:/,className:"attribute"},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.CSS_NUMBER_MODE]}]},{className:"selector-tag",begin:"[a-zA-Z-][a-zA-Z0-9_-]*",relevance:0},{begin:"{",end:"}",illegal:/\S/,contains:[e.C_BLOCK_COMMENT_MODE,n]}]}}}());hljs.registerLanguage("csharp",function(){"use strict";return function(e){var n={keyword:"abstract as base bool break byte case catch char checked const continue decimal default delegate do double enum event explicit extern finally fixed float for foreach goto if implicit in int interface internal is lock long object operator out override params private protected public readonly ref sbyte sealed short sizeof stackalloc static string struct switch this try typeof uint ulong unchecked unsafe ushort using virtual void volatile while add alias ascending async await by descending dynamic equals from get global group into join let nameof on orderby partial remove select set value var when where yield",literal:"null false true"},i=e.inherit(e.TITLE_MODE,{begin:"[a-zA-Z](\\.?\\w)*"}),a={className:"number",variants:[{begin:"\\b(0b[01']+)"},{begin:"(-?)\\b([\\d']+(\\.[\\d']*)?|\\.[\\d']+)(u|U|l|L|ul|UL|f|F|b|B)"},{begin:"(-?)(\\b0[xX][a-fA-F0-9']+|(\\b[\\d']+(\\.[\\d']*)?|\\.[\\d']+)([eE][-+]?[\\d']+)?)"}],relevance:0},s={className:"string",begin:'@"',end:'"',contains:[{begin:'""'}]},t=e.inherit(s,{illegal:/\n/}),l={className:"subst",begin:"{",end:"}",keywords:n},r=e.inherit(l,{illegal:/\n/}),c={className:"string",begin:/\$"/,end:'"',illegal:/\n/,contains:[{begin:"{{"},{begin:"}}"},e.BACKSLASH_ESCAPE,r]},o={className:"string",begin:/\$@"/,end:'"',contains:[{begin:"{{"},{begin:"}}"},{begin:'""'},l]},g=e.inherit(o,{illegal:/\n/,contains:[{begin:"{{"},{begin:"}}"},{begin:'""'},r]});l.contains=[o,c,s,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,a,e.C_BLOCK_COMMENT_MODE],r.contains=[g,c,t,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,a,e.inherit(e.C_BLOCK_COMMENT_MODE,{illegal:/\n/})];var d={variants:[o,c,s,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},E=e.IDENT_RE+"(<"+e.IDENT_RE+"(\\s*,\\s*"+e.IDENT_RE+")*>)?(\\[\\])?",_={begin:"@"+e.IDENT_RE,relevance:0};return{name:"C#",aliases:["cs","c#"],keywords:n,illegal:/::/,contains:[e.COMMENT("///","$",{returnBegin:!0,contains:[{className:"doctag",variants:[{begin:"///",relevance:0},{begin:"\x3c!--|--\x3e"},{begin:""}]}]}),e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,{className:"meta",begin:"#",end:"$",keywords:{"meta-keyword":"if else elif endif define undef warning error line region endregion pragma checksum"}},d,a,{beginKeywords:"class interface",end:/[{;=]/,illegal:/[^\s:,]/,contains:[{beginKeywords:"where class"},i,{begin:"<",end:">",keywords:"in out"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{beginKeywords:"namespace",end:/[{;=]/,illegal:/[^\s:]/,contains:[i,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"meta",begin:"^\\s*\\[",excludeBegin:!0,end:"\\]",excludeEnd:!0,contains:[{className:"meta-string",begin:/"/,end:/"/}]},{beginKeywords:"new return throw await else",relevance:0},{className:"function",begin:"("+E+"\\s+)+"+e.IDENT_RE+"\\s*\\(",returnBegin:!0,end:/\s*[{;=]/,excludeEnd:!0,keywords:n,contains:[{begin:e.IDENT_RE+"\\s*\\(",returnBegin:!0,contains:[e.TITLE_MODE],relevance:0},{className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:n,relevance:0,contains:[d,a,e.C_BLOCK_COMMENT_MODE]},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},_]}}}());hljs.registerLanguage("objectivec",function(){"use strict";return function(e){var n=/[a-zA-Z@][a-zA-Z0-9_]*/,_="@interface @class @protocol @implementation";return{name:"Objective-C",aliases:["mm","objc","obj-c"],keywords:{keyword:"int float while char export sizeof typedef const struct for union unsigned long volatile static bool mutable if do return goto void enum else break extern asm case short default double register explicit signed typename this switch continue wchar_t inline readonly assign readwrite self @synchronized id typeof nonatomic super unichar IBOutlet IBAction strong weak copy in out inout bycopy byref oneway __strong __weak __block __autoreleasing @private @protected @public @try @property @end @throw @catch @finally @autoreleasepool @synthesize @dynamic @selector @optional @required @encode @package @import @defs @compatibility_alias __bridge __bridge_transfer __bridge_retained __bridge_retain __covariant __contravariant __kindof _Nonnull _Nullable _Null_unspecified __FUNCTION__ __PRETTY_FUNCTION__ __attribute__ getter setter retain unsafe_unretained nonnull nullable null_unspecified null_resettable class instancetype NS_DESIGNATED_INITIALIZER NS_UNAVAILABLE NS_REQUIRES_SUPER NS_RETURNS_INNER_POINTER NS_INLINE NS_AVAILABLE NS_DEPRECATED NS_ENUM NS_OPTIONS NS_SWIFT_UNAVAILABLE NS_ASSUME_NONNULL_BEGIN NS_ASSUME_NONNULL_END NS_REFINED_FOR_SWIFT NS_SWIFT_NAME NS_SWIFT_NOTHROW NS_DURING NS_HANDLER NS_ENDHANDLER NS_VALUERETURN NS_VOIDRETURN",literal:"false true FALSE TRUE nil YES NO NULL",built_in:"BOOL dispatch_once_t dispatch_queue_t dispatch_sync dispatch_async dispatch_once"},lexemes:n,illegal:"/,end:/$/,illegal:"\\n"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"class",begin:"("+_.split(" ").join("|")+")\\b",end:"({|$)",excludeEnd:!0,keywords:_,lexemes:n,contains:[e.UNDERSCORE_TITLE_MODE]},{begin:"\\."+e.UNDERSCORE_IDENT_RE,relevance:0}]}}}());hljs.registerLanguage("rust",function(){"use strict";return function(e){var n="([ui](8|16|32|64|128|size)|f(32|64))?",t="drop i8 i16 i32 i64 i128 isize u8 u16 u32 u64 u128 usize f32 f64 str char bool Box Option Result String Vec Copy Send Sized Sync Drop Fn FnMut FnOnce ToOwned Clone Debug PartialEq PartialOrd Eq Ord AsRef AsMut Into From Default Iterator Extend IntoIterator DoubleEndedIterator ExactSizeIterator SliceConcatExt ToString assert! assert_eq! bitflags! bytes! cfg! col! concat! concat_idents! debug_assert! debug_assert_eq! env! panic! file! format! format_args! include_bin! include_str! line! local_data_key! module_path! option_env! print! println! select! stringify! try! unimplemented! unreachable! vec! write! writeln! macro_rules! assert_ne! debug_assert_ne!";return{name:"Rust",aliases:["rs"],keywords:{keyword:"abstract as async await become box break const continue crate do dyn else enum extern false final fn for if impl in let loop macro match mod move mut override priv pub ref return self Self static struct super trait true try type typeof unsafe unsized use virtual where while yield",literal:"true false Some None Ok Err",built_in:t},lexemes:e.IDENT_RE+"!?",illegal:""}]}}}());hljs.registerLanguage("properties",function(){"use strict";return function(e){var n="[ \\t\\f]*",t="("+n+"[:=]"+n+"|[ \\t\\f]+)",a="([^\\\\:= \\t\\f\\n]|\\\\.)+",s={end:t,relevance:0,starts:{className:"string",end:/$/,relevance:0,contains:[{begin:"\\\\\\n"}]}};return{name:".properties",case_insensitive:!0,illegal:/\S/,contains:[e.COMMENT("^\\s*[!#]","$"),{begin:"([^\\\\\\W:= \\t\\f\\n]|\\\\.)+"+t,returnBegin:!0,contains:[{className:"attr",begin:"([^\\\\\\W:= \\t\\f\\n]|\\\\.)+",endsParent:!0,relevance:0}],starts:s},{begin:a+t,returnBegin:!0,relevance:0,contains:[{className:"meta",begin:a,endsParent:!0,relevance:0}],starts:s},{className:"attr",relevance:0,begin:a+n+"$"}]}}}());hljs.registerLanguage("json",function(){"use strict";return function(n){var e={literal:"true false null"},i=[n.C_LINE_COMMENT_MODE,n.C_BLOCK_COMMENT_MODE],t=[n.QUOTE_STRING_MODE,n.C_NUMBER_MODE],a={end:",",endsWithParent:!0,excludeEnd:!0,contains:t,keywords:e},l={begin:"{",end:"}",contains:[{className:"attr",begin:/"/,end:/"/,contains:[n.BACKSLASH_ESCAPE],illegal:"\\n"},n.inherit(a,{begin:/:/})].concat(i),illegal:"\\S"},s={begin:"\\[",end:"\\]",contains:[n.inherit(a)],illegal:"\\S"};return t.push(l,s),i.forEach((function(n){t.push(n)})),{name:"JSON",contains:t,keywords:e,illegal:"\\S"}}}());hljs.registerLanguage("perl",function(){"use strict";return function(e){var n="getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qq fileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmget sub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedir ioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when",t={className:"subst",begin:"[$@]\\{",end:"\\}",keywords:n},s={begin:"->{",end:"}"},r={variants:[{begin:/\$\d/},{begin:/[\$%@](\^\w\b|#\w+(::\w+)*|{\w+}|\w+(::\w*)*)/},{begin:/[\$%@][^\s\w{]/,relevance:0}]},i=[e.BACKSLASH_ESCAPE,t,r],a=[r,e.HASH_COMMENT_MODE,e.COMMENT("^\\=\\w","\\=cut",{endsWithParent:!0}),s,{className:"string",contains:i,variants:[{begin:"q[qwxr]?\\s*\\(",end:"\\)",relevance:5},{begin:"q[qwxr]?\\s*\\[",end:"\\]",relevance:5},{begin:"q[qwxr]?\\s*\\{",end:"\\}",relevance:5},{begin:"q[qwxr]?\\s*\\|",end:"\\|",relevance:5},{begin:"q[qwxr]?\\s*\\<",end:"\\>",relevance:5},{begin:"qw\\s+q",end:"q",relevance:5},{begin:"'",end:"'",contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"'},{begin:"`",end:"`",contains:[e.BACKSLASH_ESCAPE]},{begin:"{\\w+}",contains:[],relevance:0},{begin:"-?\\w+\\s*\\=\\>",contains:[],relevance:0}]},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\/\\/|"+e.RE_STARTERS_RE+"|\\b(split|return|print|reverse|grep)\\b)\\s*",keywords:"split return print reverse grep",relevance:0,contains:[e.HASH_COMMENT_MODE,{className:"regexp",begin:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",relevance:10},{className:"regexp",begin:"(m|qr)?/",end:"/[a-z]*",contains:[e.BACKSLASH_ESCAPE],relevance:0}]},{className:"function",beginKeywords:"sub",end:"(\\s*\\(.*?\\))?[;{]",excludeEnd:!0,relevance:5,contains:[e.TITLE_MODE]},{begin:"-\\w\\b",relevance:0},{begin:"^__DATA__$",end:"^__END__$",subLanguage:"mojolicious",contains:[{begin:"^@@.*",end:"$",className:"comment"}]}];return t.contains=a,s.contains=a,{name:"Perl",aliases:["pl","pm"],lexemes:/[\w\.]+/,keywords:n,contains:a}}}());hljs.registerLanguage("typescript",function(){"use strict";return function(e){var n={keyword:"in if for while finally var new function do return void else break catch instanceof with throw case default try this switch continue typeof delete let yield const class public private protected get set super static implements enum export import declare type namespace abstract as from extends async await",literal:"true false null undefined NaN Infinity",built_in:"eval isFinite isNaN parseFloat parseInt decodeURI decodeURIComponent encodeURI encodeURIComponent escape unescape Object Function Boolean Error EvalError InternalError RangeError ReferenceError StopIteration SyntaxError TypeError URIError Number Math Date String RegExp Array Float32Array Float64Array Int16Array Int32Array Int8Array Uint16Array Uint32Array Uint8Array Uint8ClampedArray ArrayBuffer DataView JSON Intl arguments require module console window document any number boolean string void Promise"},r={className:"meta",begin:"@[A-Za-z$_][0-9A-Za-z$_]*"},a={begin:"\\(",end:/\)/,keywords:n,contains:["self",e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.NUMBER_MODE]},t={className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:n,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,r,a]},s={className:"number",variants:[{begin:"\\b(0[bB][01]+)n?"},{begin:"\\b(0[oO][0-7]+)n?"},{begin:e.C_NUMBER_RE+"n?"}],relevance:0},i={className:"subst",begin:"\\$\\{",end:"\\}",keywords:n,contains:[]},o={begin:"html`",end:"",starts:{end:"`",returnEnd:!1,contains:[e.BACKSLASH_ESCAPE,i],subLanguage:"xml"}},c={begin:"css`",end:"",starts:{end:"`",returnEnd:!1,contains:[e.BACKSLASH_ESCAPE,i],subLanguage:"css"}},E={className:"string",begin:"`",end:"`",contains:[e.BACKSLASH_ESCAPE,i]};return i.contains=[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,o,c,E,s,e.REGEXP_MODE],{name:"TypeScript",aliases:["ts"],keywords:n,contains:[{className:"meta",begin:/^\s*['"]use strict['"]/},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,o,c,E,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,s,{begin:"("+e.RE_STARTERS_RE+"|\\b(case|return|throw)\\b)\\s*",keywords:"return throw case",contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.REGEXP_MODE,{className:"function",begin:"(\\(.*?\\)|"+e.IDENT_RE+")\\s*=>",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:e.IDENT_RE},{begin:/\(\s*\)/},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:n,contains:["self",e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]}]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/[\{;]/,excludeEnd:!0,keywords:n,contains:["self",e.inherit(e.TITLE_MODE,{begin:"[A-Za-z$_][0-9A-Za-z$_]*"}),t],illegal:/%/,relevance:0},{beginKeywords:"constructor",end:/[\{;]/,excludeEnd:!0,contains:["self",t]},{begin:/module\./,keywords:{built_in:"module"},relevance:0},{beginKeywords:"module",end:/\{/,excludeEnd:!0},{beginKeywords:"interface",end:/\{/,excludeEnd:!0,keywords:"interface extends"},{begin:/\$[(.]/},{begin:"\\."+e.IDENT_RE,relevance:0},r,a]}}}());hljs.registerLanguage("shell",function(){"use strict";return function(s){return{name:"Shell Session",aliases:["console"],contains:[{className:"meta",begin:"^\\s{0,3}[/\\w\\d\\[\\]()@-]*[>%$#]",starts:{end:"$",subLanguage:"bash"}}]}}}());hljs.registerLanguage("plaintext",function(){"use strict";return function(t){return{name:"Plain text",aliases:["text","txt"],disableAutodetect:!0}}}());hljs.registerLanguage("python-repl",function(){"use strict";return function(n){return{aliases:["pycon"],contains:[{className:"meta",starts:{end:/ |$/,starts:{end:"$",subLanguage:"python"}},variants:[{begin:/^>>>(?=[ ]|$)/},{begin:/^\.\.\.(?=[ ]|$)/}]}]}}}());hljs.registerLanguage("apache",function(){"use strict";return function(e){var n={className:"number",begin:"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?"};return{name:"Apache config",aliases:["apacheconf"],case_insensitive:!0,contains:[e.HASH_COMMENT_MODE,{className:"section",begin:"",contains:[n,{className:"number",begin:":\\d{1,5}"},e.inherit(e.QUOTE_STRING_MODE,{relevance:0})]},{className:"attribute",begin:/\w+/,relevance:0,keywords:{nomarkup:"order deny allow setenv rewriterule rewriteengine rewritecond documentroot sethandler errordocument loadmodule options header listen serverroot servername"},starts:{end:/$/,relevance:0,keywords:{literal:"on off all deny allow"},contains:[{className:"meta",begin:"\\s\\[",end:"\\]$"},{className:"variable",begin:"[\\$%]\\{",end:"\\}",contains:["self",{className:"number",begin:"[\\$%]\\d+"}]},n,{className:"number",begin:"\\d+"},e.QUOTE_STRING_MODE]}}],illegal:/\S/}}}());hljs.registerLanguage("kotlin",function(){"use strict";return function(e){var n={keyword:"abstract as val var vararg get set class object open private protected public noinline crossinline dynamic final enum if else do while for when throw try catch finally import package is in fun override companion reified inline lateinit init interface annotation data sealed internal infix operator out by constructor super tailrec where const inner suspend typealias external expect actual trait volatile transient native default",built_in:"Byte Short Char Int Long Boolean Float Double Void Unit Nothing",literal:"true false null"},a={className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"@"},i={className:"subst",begin:"\\${",end:"}",contains:[e.C_NUMBER_MODE]},s={className:"variable",begin:"\\$"+e.UNDERSCORE_IDENT_RE},t={className:"string",variants:[{begin:'"""',end:'"""(?=[^"])',contains:[s,i]},{begin:"'",end:"'",illegal:/\n/,contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"',illegal:/\n/,contains:[e.BACKSLASH_ESCAPE,s,i]}]};i.contains.push(t);var r={className:"meta",begin:"@(?:file|property|field|get|set|receiver|param|setparam|delegate)\\s*:(?:\\s*"+e.UNDERSCORE_IDENT_RE+")?"},l={className:"meta",begin:"@"+e.UNDERSCORE_IDENT_RE,contains:[{begin:/\(/,end:/\)/,contains:[e.inherit(t,{className:"meta-string"})]}]},c=e.COMMENT("/\\*","\\*/",{contains:[e.C_BLOCK_COMMENT_MODE]}),o={variants:[{className:"type",begin:e.UNDERSCORE_IDENT_RE},{begin:/\(/,end:/\)/,contains:[]}]},d=o;return d.variants[1].contains=[o],o.variants[1].contains=[d],{name:"Kotlin",aliases:["kt"],keywords:n,contains:[e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{className:"doctag",begin:"@[A-Za-z]+"}]}),e.C_LINE_COMMENT_MODE,c,{className:"keyword",begin:/\b(break|continue|return|this)\b/,starts:{contains:[{className:"symbol",begin:/@\w+/}]}},a,r,l,{className:"function",beginKeywords:"fun",end:"[(]|$",returnBegin:!0,excludeEnd:!0,keywords:n,illegal:/fun\s+(<.*>)?[^\s\(]+(\s+[^\s\(]+)\s*=/,relevance:5,contains:[{begin:e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,relevance:0,contains:[e.UNDERSCORE_TITLE_MODE]},{className:"type",begin://,keywords:"reified",relevance:0},{className:"params",begin:/\(/,end:/\)/,endsParent:!0,keywords:n,relevance:0,contains:[{begin:/:/,end:/[=,\/]/,endsWithParent:!0,contains:[o,e.C_LINE_COMMENT_MODE,c],relevance:0},e.C_LINE_COMMENT_MODE,c,r,l,t,e.C_NUMBER_MODE]},c]},{className:"class",beginKeywords:"class interface trait",end:/[:\{(]|$/,excludeEnd:!0,illegal:"extends implements",contains:[{beginKeywords:"public protected internal private constructor"},e.UNDERSCORE_TITLE_MODE,{className:"type",begin://,excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:/[,:]\s*/,end:/[<\(,]|$/,excludeBegin:!0,returnEnd:!0},r,l]},t,{className:"meta",begin:"^#!/usr/bin/env",end:"$",illegal:"\n"},{className:"number",begin:"\\b(0[bB]([01]+[01_]+[01]+|[01]+)|0[xX]([a-fA-F0-9]+[a-fA-F0-9_]+[a-fA-F0-9]+|[a-fA-F0-9]+)|(([\\d]+[\\d_]+[\\d]+|[\\d]+)(\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))?|\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))([eE][-+]?\\d+)?)[lLfF]?",relevance:0}]}}}());hljs.registerLanguage("java",function(){"use strict";return function(e){var a="false synchronized int abstract float private char boolean var static null if const for true while long strictfp finally protected import native final void enum else break transient catch instanceof byte super volatile case assert short package default double public try this switch continue throws protected public private module requires exports do",n={className:"meta",begin:"@[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*",contains:[{begin:/\(/,end:/\)/,contains:["self"]}]};return{name:"Java",aliases:["jsp"],keywords:a,illegal:/<\/|#/,contains:[e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{begin:/\w+@/,relevance:0},{className:"doctag",begin:"@[A-Za-z]+"}]}),e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,{className:"class",beginKeywords:"class interface",end:/[{;=]/,excludeEnd:!0,keywords:"class interface",illegal:/[:"\[\]]/,contains:[{beginKeywords:"extends implements"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"new throw return else",relevance:0},{className:"function",begin:"([À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*(<[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*(\\s*,\\s*[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*)*>)?\\s+)+"+e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,end:/[{;=]/,excludeEnd:!0,keywords:a,contains:[{begin:e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,relevance:0,contains:[e.UNDERSCORE_TITLE_MODE]},{className:"params",begin:/\(/,end:/\)/,keywords:a,relevance:0,contains:[n,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.C_NUMBER_MODE,e.C_BLOCK_COMMENT_MODE]},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"number",begin:"\\b(0[bB]([01]+[01_]+[01]+|[01]+)|0[xX]([a-fA-F0-9]+[a-fA-F0-9_]+[a-fA-F0-9]+|[a-fA-F0-9]+)|(([\\d]+[\\d_]+[\\d]+|[\\d]+)(\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))?|\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))([eE][-+]?\\d+)?)[lLfF]?",relevance:0},n]}}}());hljs.registerLanguage("cpp",function(){"use strict";return function(e){var t=e.getLanguage("c-like").rawDefinition();return t.disableAutodetect=!1,t.name="C++",t.aliases=["cc","c++","h++","hpp","hh","hxx","cxx"],t}}());
\ No newline at end of file
diff --git a/612/js/main.min.d0b5594a58881d76643839c90ace353d66139058f0ee49bd0e7077fae617cb89.js b/612/js/main.min.d0b5594a58881d76643839c90ace353d66139058f0ee49bd0e7077fae617cb89.js
new file mode 100644
index 0000000000..6ec82431e3
--- /dev/null
+++ b/612/js/main.min.d0b5594a58881d76643839c90ace353d66139058f0ee49bd0e7077fae617cb89.js
@@ -0,0 +1 @@
+(function(e){"use strict";e(function(){e('[data-toggle="tooltip"]').tooltip(),e('[data-toggle="popover"]').popover(),e(".popover-dismiss").popover({trigger:"focus"})});function t(e){return e.offset().top+e.outerHeight()}e(function(){var n,o,i,s=e(".js-td-cover");if(!s.length)return;o=t(s),i=e(".js-navbar-scroll").offset().top,n=Math.ceil(e(".js-navbar-scroll").outerHeight()),o-i',t.href="#"+e.id,e.insertAdjacentElement("beforeend",t),e.addEventListener("mouseenter",function(){t.style.visibility="initial"}),e.addEventListener("mouseleave",function(){t.style.visibility="hidden"})}})})}(jQuery),function(e){"use strict";e(document).ready(function(){const t=e(".td-search-input");t.data("html",!0),t.data("placement","bottom"),t.data("template",'
Organisations who want to register their IdP in Check-in needs to fill this
+form in case the IdP is not publishing
+REFEDS R&S and
+Sirtfi compliance in eduGAIN. A PDF scan of a
+printed and signed copy should be sent to operations_at_egi.eu
Identity Provider integration workflow
To integrate your Identity Provider with the EGI Check-in service, you need to
+submit a GGUS ticket indicating your request. The responsible
+support unit is AAI Support.
+The integration follows a two-step process:
Register your Identity Provider and test integration with the development
+instance of EGI Check-in. The development instance allows for testing
+authentication and authorisation to EGI services and resources without
+affecting the production environment of EGI. Note that the development
+instance is not connected to the production service and no information is
+shared between the two systems.
Register your Identity Provider with the production instance of EGI Check-in
+to allow members of your Community to access production EGI services and
+resources protected by Check-in. This requires that your Identity Provider
+meets all the policy requirements
+and that integration has been thoroughly tested during Step 1.
The most important URLs for each environment are listed in the table below but
+more information can be found in the protocol-specific sections that follow.
General requirements for integrating identity providers
An institution or a community may connect their IdP with Check-in to allow their
+users to access EGI services, or any other services that have enabled Check-in
+as an authentication provider. This section presents the general requirements
+for integrating an IdP with EGI Check-in, while protocol-specific instructions
+are provided in the sections that follow.
Attribute release requirements
As a bare minimum, the IdP of a user’s Home Organisation or Community is
+expected to release a non-reassignable identifier that uniquely identifies the
+user within the scope of that organisation or community. The unique identifier
+must be accompanied with a minimum set of attributes which the Check-in Service
+Provider Proxy will attempt to retrieve from the user’s IdP. If this is not
+possible, the missing user attributes will be acquired and verified through the
+user registration process with the EGI Account Registry. The following table
+describes the data requested from the user’s Home Organisation, which are
+communicated to the Check-in SP as either SAML attributes or OIDC claims,
+depending on the protocol supported by the authenticating IdP.
Description
Notes
At least one of the following unique user identifiers:
pseudonymous, non-targeted identifier;
name-based, non-targeted identifier;
pseudonymous, targeted identifier
Preferred name for display purposes
For example to be used in a greeting or a descriptive listing
First name
Surname
Email address
Affiliation within Home Organisation or Community
To be released only if relevant for accessing EGI services
Note that the above set of requested attributes, particularly the identifier,
+name, email and affiliation information, complies with the
+REFEDS R&S attribute bundle.
Information about group membership and role information released by your IdP
+should follow the URN scheme below (see also
+AARC-G002):
<NAMESPACE> is in the form of
+urn:<NID>:<DELEGATED-NAMESPACE>[:<SUBNAMESPACE>*], where
<NID> is the namespace identifier associated with a URN namespace
+registered with
+IANA,
+as per RFC8141, ensuring global uniqueness. Implementers can and should use
+one of the existing registered URN namespaces, such as
+urn:geant
+and
+urn:mace;
<DELEGATED-NAMESPACE> is a URN sub-namespace delegated from one of the
+IANA registered NIDs
to an organisation representing the e-infrastructure, research infrastructure or
+research collaboration.
<GROUP> is the name of a VO, research collaboration or a top level arbitrary
+group. <GROUP> names are unique within the urn:mace:egi.eu:group
+namespace;
zero or more <SUBGROUP> components represent the hierarchy of subgroups in
+the <GROUP>; specifying sub-groups is optional
the optional <ROLE> component is scoped to the rightmost (sub)group; if no
+group information is specified, the role applies to the VO
<GROUP-AUTHORITY> is a non-empty string that indicates the authoritative
+source for the entitlement value. For example, it can be the FQDN of the group
+management system that is responsible for the identified group membership
+information
Example entitlement values expressing VO/group membership and role
+information:
The IdP needs to comply with additional requirements to achieve a higher level
+of assurance and allow its users to gain access to a wider set of EGI services.
+A first group of additional requirements are defined by the
+Sirtfi framework v1.0.
+Adherence to these requirements can be asserted either by publishing Sirtfi
+compliance in the eduGAIN metadata or by declaring it in this
+form. These requirements are in the
+areas of operational security, incident response, traceability and IdPs and
+users responsibility.
Branding requirements
Check-in provides a central Discovery Service (or “Where Are You From” - WAYF)
+page where users in your Home Organisation or Community will be automatically
+redirected when necessary to select to authenticate at your IdP. You can provide
+us with a logo of your Organisation or Community (in high-res PNG or preferably
+in svg format) to include a dedicated login button that will allow users to
+easily identify your IdP.
SAML Identity Provider
To allow users in your community to sign into federated EGI applications, you
+need to connect to the EGI AAI SP Proxy as a SAML Identity Provider (IdP). Users
+of the application will be redirected to the central Discovery Service page of
+the EGI AAI Proxy where they will able to select to authenticate at your IdP.
+Once the user is authenticated, the EGI AAI Proxy will return a SAML assertion
+to the application containing the information returned by your IdP about the
+authenticated user.
Metadata registration
SAML authentication relies on the use of metadata. Both parties (you as an IdP
+and the EGI AAI SP) need to exchange metadata in order to know and trust each
+other. The metadata include information such as the location of the service
+endpoints that need to be invoked, as well as the certificates that will be used
+to sign SAML messages. The format of the exchanged metadata should be based on
+the XML-based
+SAML 2.0 specification.
+Usually, you will not need to manually create such an XML document, as this is
+automatically generated by all major SAML 2.0 IdP software solutions (e.g.,
+Shibboleth, SimpleSAMLphp). It is important that you serve your metadata over
+HTTPS using a browser-friendly SSL certificate, i.e. issued by a trusted
+certificate authority.
To exchange metadata, please send an email including the following information:
entityID
Metadata URL
Depending on the software you are using, the authoritative XML metadata URL for
+your IdP might be in the following form:
Note that if your IdP is part of a federation, then it would be preferred to
+send us the URL to a signed federation metadata aggregate. We can then cherry
+pick the appropriate entityID from that.
You can get the metadata of the EGI Check-in SP Proxy on a dedicated URL that
+depends on the integration environment being used:
For the production environment, it is recommended that you get the metadata for
+the EGI Check-in SP (entityID:
+https://aai.egi.eu/proxy/module.php/saml/sp/metadata.php/sso)
+from a signed eduGAIN metadata aggregate. For example, the following aggregates
+are provided by GRNET:
The SAML based Identity Provider of your Home Organisation or Community is
+expected to release a non-reassignable identifier that uniquely identifies the
+user within the scope of that organisation or community, along with a set of
+additional information as described in the following table (see also
+general attribute release requirements):
Description
SAML attribute
At least one of the following unique user identifiers:
pseudonymous, non-targeted identifier;
name-based, non-targeted identifier;
pseudonymous, targeted identifier
SubjectID (public) or eduPersonUniqueId
eduPersonPrincipalName
SubjectID (pairwise) or eduPersonTargetedID or SAML persistent identifier
Preferred name for display purposes
displayName
First name
givenName
Surname
sn
Email address
mail
Affiliation within Home Organisation or Community
eduPersonScopedAffiliation
Group(s)/role(s) within Home Organisation or Community
eduPersonEntitlement
OpenID Connect Identity Provider
Users in your community can sign into federated EGI applications through the
+Check-in service using your OpenID Connect or OAuth 2.0 based Identity Provider.
Client registration
To enable your OIDC Identity Provider for user login, Check-in needs to be
+registered as a client in order to obtain OAuth 2.0 credentials, such as a
+client ID and client secret, and to register one or more redirect URIs. Once
+Check-in is registered as a client, your users will be redirected to the central
+Discovery Service page of Check-in when logging into EGI federated applications,
+where they will able to select to authenticate at your IdP. Once the user is
+authenticated, Check-in will be responsible for communicating the information
+returned by your IdP about the authenticated user to the connected application.
+Depending on the protocol, this information will be expressed through a SAML
+assertion, a set of OIDC claims or a (proxy) X.509 certificate.
Provider configuration
Check-in needs to obtain your OpenID Provider's configuration information,
+including the location of the Authorisation, Token and UserInfo endpoints. Your
+OpenID Provider is expected to make a JSON document available at the path formed
+by concatenating the string /.well-known/openid-configuration to the Issuer,
+following the
+OpenID Connect Discovery 1.0 specification.
Attribute release
The OpenID Connect or OAuth 2.0 based Identity Provider of your Home
+Organisation or Community is expected to release a non-reassignable identifier
+that uniquely identifies the user within the scope of that organisation or
+community, along with a set of additional information as described in the
+following table (see also
+general attribute release requirements):
Description
OIDC claim
At least one of the following unique user identifiers:
pseudonymous, non-targeted identifier;
name-based, non-targeted identifier;
pseudonymous, targeted identifier
sub (public)
N/A
sub (pairwise)
Preferred name for display purposes
name
First name
given_name
Surname
family_name
Email address
email
Affiliation within Home Organisation or Community
eduperson_scoped_affiliation
Group(s)/role(s) within Home Organisation or Community
