This policy defines and regulates the management, development and deployment workflows, source code and production servers access for all VATEUD web services and applications.
This policy is set in place to standartize consistent good practices, predictability, clarity, margins of authority and responsibility for the members of the EUD Technical Team and smooth succession for the Web Development Team Lead and Deputy positions.
This policy may be revised following an unanimous decision by VATEUD Director, VATEUD Deputy Director, Web development team Lead and Deputy.
A List of Revisions should be kept as an Appendix to this policy, indicating the date, the outdated and the newly introduced paragraphs for each revision.
The VATEUD technical team consists of the following positions:
VATEUD Web Development teal Lead is the development and strategic design position
VATEUD13 is the support & day-to-day ops position
The VATEUD technical team are responsible for the availability, reliability, development and maintenance of the EUD web infrastructure (hardware and software).
VATEUD technical team representatives should make every reasonable effort to work in agreement and seek consensus with other EUD or VATSIM staff, however in the event of an unresolvable disagreement or a dispute, the final authority and responsibility on any software or hardware related decision that is not otherwise regulated within this policy lies with the technical staff.
The following domains are recognized and used by VATEUD:
All subdomains defined on the primary domain should also be mirrored on the aliased domain(s).
Domain names are hosted by a domain registrar unaffiliated with the web hosting and the physical servers.
This "separation of concerns" approach allows domains and subdomains to remain accessible, resolvable and editable in the event of a web infrastructure outage and enables re-pointing domain names to different physical boxes in an emergency.
Domain names are hosted under a dedicated VATEUD account (i.e. not on personal accounts). The credentials to this account are listed in Appendix A (the keychain) and are available to VATEUD1, VATEUD7 and VATEUD13.
Domain renewals should be arranged at least 3 months prior to expiration date and paid for either by VATEUD1 or VATEUD7, unless agreed otherwise.
It's part of the VATEUD7 responsibilities to monitor upcoming domain expiration and alert VATEUD1 for the pending renewal (or alternatively handle the renewal personally).
VATEUD operates VPS-es rather than dedicated physical servers for the added benefit of automatically backing up, manually saving and restoring / re-deploying entire pre-configured server images and dynamic scaling.
Following the "separation of concerns" strategy applications using different server-side technology stacks are deployed to separate servers.
VATEUD has 2 software stacks:
These 2 stacks have little to no commonality and are kept isolated for the sake of better security, easier maintenance and performance efficiency.
VATEUD uses Debian or derivative OS (such as Ubuntu) for its servers.
The server hosting is managed under a dedicated VATEUD hosting account, accessible by VATEUD1, VATEUD7 and VATEUD13. The account credentials are listed in Appendix A (key-chain). Additional access to the account can be granted by a joint decision of VATEUD1 and VATEUD7 and after due diligence.
It should be considered at all times, that a person with access to this account can: intentionally or accidentally, destroy irreversibly the entire EUD web infrastructure, including image backups and the access to this account should therefore be monitored more closely and explained to non-technical staff more thoroughly than even root access to the server boxes.
Unless agreed otherwise, hosting expenses are shared round-robin style on a monthly basis between all VATEUD staff members. Payments are made by a person with an access to the hosting account and are reimbursed thereafter.
It's part of VATEUD7/VATEUD13 responsibilities to monitor and remind of upcoming renewals and service expiration dates.
Root server passwords are available to VATEUD1, VATEUD7 and VATEUD13 and listed in Appendix A (keychain).
Root passwords are not to be used on a day to day basis for logging into the servers. Instead SSH public/private key pairs are to be used.
The source code of all VATEUD applications is available internally for development and collaboration purposes.
VATEUD uses git repositories for version control. Using a modern version control system such as git allows tracing each individual change to the code, provides complete history of all edits, associated with their respective authors, allows reverting newer commits, branching the code in different directions (for example to develop a new feature, while still maintaining a stable milestone on a different branch), allows merging branches, including branches and pieces of code written by other people, thus making collaboration easy and fully controllable.
As part of the "separation of concerns" strategy the git repositories are hosted on an external git hosting service to ensure their availability and independence of the rest of the web infrastructure.
Currently VATEUD uses https://gitlab.com for its code repositories. A personal gitlab.com account is required for anybody requesting access to the source code of our applications.
VATEUD7 and VATEUD13 have full access to all repositories with commit, merge and deploy privileges. VATEUD1 has courtesy access to ensure availability and succession if needed. Other individuals inside or outside VATEUD staff can have different levels of access on an individual repository basis depending on their role or desire to contribute to the codebase.
A maintainer is designated for each repository on VATEUD7 discretion, which should normally be the author of the application code or a successor. The maintainer is solely responsible for ensuring smooth workflow, merging pull requests and monitoring issue tickets.
Only VATEUD7, (or VATEUD13 if explicitly authorized) can deploy code into production and only with the approval of the maintainer (or from the master repository head).
Only git workflows are to be used when deploying code into production! No FTP or copy/pasting of files!
The original author of each VATEUD application retains permanent access to the code repository of that application and is entitled to the role of maintainer for as long as he wants and is able to commit to that role. The author's access and maintainer role are not to be revoked by any 3rd party unless explicitly renounced by the author.
A list of the VATEUD applications and maintainers is available in appendix B.
As always in software development all the software applications and all custom written code for any EUD project remain an intellectual copyrighted property of their respective authors.
The software authors should designate a license to each of their VATEUD-related project, defining the terms and conditions (or lack thereof) under which this software is usable by VATEUD or any 3rd party. The exact license used is on the discretion of the authors, however it should be permissive enough to allow internal collaboration, further development, continued use of the code by VATEUD and developer/maintainer succession.
In order for an application to be recognized as an official VATEUD application, it must meet the following criteria:
VATEUD accepts responsibility and ensures the continued development and availability of its official applications.
VATEUD encourages and welcomes 3rd party applications, occasionally granting them a VATEUD subdomain, however accepts no responsibility or liability related to those applications: they're considered independent and are under the full authority of their respective authors.
A list of official VATEUD applications and maintainers is available in appendix B. Any application not listed there is to be considered a 3rd party application.
VATEUD web applications should endeavor to meet the following general criteria:
The following practices are strongly discouraged and will most likely result in applications being deprecated or retired: