Web Services and Development Policy

1. Preambule

1.1. Scope and objectives

This policy defines and regulates the management, development and deployment workflows, source code and production servers access for all VATEUD web services and applications.

This policy is set in place to standartize consistent good practices, predictability, clarity, margins of authority and responsibility for the members of the EUD Technical Team and smooth succession for the Web Development Team Lead and Deputy positions.

1.2. Policy revisions

This policy may be revised following an unanimous decision by VATEUD Director, VATEUD Deputy Director, Web development team Lead and Deputy.

A List of Revisions should be kept as an Appendix to this policy, indicating the date, the outdated and the newly introduced paragraphs for each revision.

2. VATEUD Technical Team positions

The VATEUD technical team consists of the following positions:

2.1. VATEUD7 (Web Services & Development Director) Responsibilities

VATEUD Web Development teal Lead is the development and strategic design position

  • Lead and manage the VATEUD Web Services Team and all aspects of the division's web presence
  • Develop and implement new web applications and services
  • Enhance, refactor and further develop the existing codebase
  • Introduce ideas for new web applications and solutions

2.1.1. VATEUD Web Development Teal Lead General requirements

  • Creative and analytical thinking, can-do attitude
  • Strong troubleshooting and problem-solving skills
  • Excellent coaching and communication skills
  • Strong vision, individuality and persistence
  • VATSIM account in good standing
  • Previous VATSIM-related staff experience (web development, R&D) might be considered a plus, but is not required

2.1.2. VATEUD Web Development Teal Lead Technical requirements

  • Proficiency with Ruby and Rails, ability to develop and maintain full-stack Rails applications and libraries (gems) from scratch to deployment
  • In-depth understanding of OO programming
  • In-depth understanding of MVC architecture
  • Fluency with rspec, test::unit or other Ruby test framework
  • Currency and experience with most commonly used Ruby/Rails libraries: devise, paperclip, cancan, activeadmin, rails_admin, nested set, simple_form, kaminari/will_paginate, paper_trail, etc
  • Advanced knowledge of relational databases, SQL syntax, O/R mappers, key-value storage solutions
  • Proficiency in git and the associated workflows: cloning, branching, staging, committing, pushing, pulling, submitting pull requests, merging.
  • Excellent command of the following backend/server stack technologies: nginx, phusion passenger, posgtresql, sqlite, bundler, rubygems, resque/redis
  • Excellent command of the following frontend stack technologies: HTML5, CSS3, SASS, HAML, JS and CoffeeScript, jQuery, Twitter Bootstrap, markdown
  • All the technical requirements listed in the VATEUD13 portfolio

2.2. VATEUD Web Development Team Deputy Lead Responsibilities

VATEUD13 is the support & day-to-day ops position

  • Assist and support VATEUD7 (as required)
  • Provide web support to VATEUD and vACCs Staff
  • Manage and maintain the existing VATEUD web services on a day-to-day basis
  • Accommodate content updates, as requested by VATEUD or vACC staff

2.2.1. VATEUD Web Development Team Deputy Lead General requirements

  • Excellent support and troubleshooting skills
  • Good communication skills
  • VATSIM account in good standing
  • Previous VATSIM-related staff experience (web development, R&D) might be considered a plus, but is not required

2.2.2. VATEUD Web Development Team Deputy Lead Technical requirements

  • Decent knowledge of Linux (Debian, Ubuntu) server administration: apt, nginx, postgresql, worker queues, ssh, DNS, cron, iptables configuration and troubleshooting
  • Decent knowledge of git workflows; understanding of github/gitlab concepts and flows: cloning, branching, staging, committing, pushing, pulling, submitting pull requests, merging.
  • Basic knowledge of rubygems: Ruby's package management system and rake: ruby's task management tool: installing, updating and removing gems; understanding gem dependencies, running and analyzing the output of rake tasks
  • Basic knowledge of Rails deployment workflows: pulling and merging from git repository; using capistrano, running DB migrations, precompiling assets, identifying and tracking exceptions
  • Ability to understand and work with custom and pre-built Content Management Systems, application backends and admin panels and to accommodate in a timely manner the update requests coming from other VATEUD or vACC staff members

3. VATEUD Technical Team rights and responsibilities

The VATEUD technical team are responsible for the availability, reliability, development and maintenance of the EUD web infrastructure (hardware and software).

VATEUD technical team representatives should make every reasonable effort to work in agreement and seek consensus with other EUD or VATSIM staff, however in the event of an unresolvable disagreement or a dispute, the final authority and responsibility on any software or hardware related decision that is not otherwise regulated within this policy lies with the technical staff.

4. Deployment and production infrastructure

4.1. VATEUD domain names

The following domains are recognized and used by VATEUD:

  • vateud.net - primary domain
  • vateud.org - aliased domain

All subdomains defined on the primary domain should also be mirrored on the aliased domain(s).

4.1.1. Domain hosting

Domain names are hosted by a domain registrar unaffiliated with the web hosting and the physical servers.

This "separation of concerns" approach allows domains and subdomains to remain accessible, resolvable and editable in the event of a web infrastructure outage and enables re-pointing domain names to different physical boxes in an emergency.

4.1.2. Domain registrar access

Domain names are hosted under a dedicated VATEUD account (i.e. not on personal accounts). The credentials to this account are listed in Appendix A (the keychain) and are available to VATEUD1, VATEUD7 and VATEUD13.

4.1.3. Domain renewals and payments

Domain renewals should be arranged at least 3 months prior to expiration date and paid for either by VATEUD1 or VATEUD7, unless agreed otherwise.

It's part of the VATEUD7 responsibilities to monitor upcoming domain expiration and alert VATEUD1 for the pending renewal (or alternatively handle the renewal personally).

4.2. VATEUD web servers

VATEUD operates VPS-es rather than dedicated physical servers for the added benefit of automatically backing up, manually saving and restoring / re-deploying entire pre-configured server images and dynamic scaling.

4.2.1. VPS server and hosting requirements

  • automated server image backups
  • resources scalability (the server should be upgradable / downgradable on the fly depending on our needs without the need to rebuild it from scratch)
  • ability to manually create server images/snapshots
  • reliable, preferably unmetered uplink directly to the EU backbone
  • SSD drives
  • guaranteed (non-shared) CPU cycles

4.2.2. Deployment software stacks

Following the "separation of concerns" strategy applications using different server-side technology stacks are deployed to separate servers.

VATEUD has 2 software stacks:

  • php/mysql serving the forums and other legacy php applications, as well as the TeamSpeak server
  • ruby/rails/postgresql serving the Ruby-on-Rails applications

These 2 stacks have little to no commonality and are kept isolated for the sake of better security, easier maintenance and performance efficiency.

VATEUD uses Debian or derivative OS (such as Ubuntu) for its servers.

4.2.3. Hosting Provider Access

The server hosting is managed under a dedicated VATEUD hosting account, accessible by VATEUD1, VATEUD7 and VATEUD13. The account credentials are listed in Appendix A (key-chain). Additional access to the account can be granted by a joint decision of VATEUD1 and VATEUD7 and after due diligence.

It should be considered at all times, that a person with access to this account can: intentionally or accidentally, destroy irreversibly the entire EUD web infrastructure, including image backups and the access to this account should therefore be monitored more closely and explained to non-technical staff more thoroughly than even root access to the server boxes.

4.2.4. Hosting renewals and expenses

Unless agreed otherwise, hosting expenses are shared round-robin style on a monthly basis between all VATEUD staff members. Payments are made by a person with an access to the hosting account and are reimbursed thereafter.

It's part of VATEUD7/VATEUD13 responsibilities to monitor and remind of upcoming renewals and service expiration dates.

4.2.5. Root SSH access to the servers

Root server passwords are available to VATEUD1, VATEUD7 and VATEUD13 and listed in Appendix A (keychain).

Root passwords are not to be used on a day to day basis for logging into the servers. Instead SSH public/private key pairs are to be used.

5. Development infrastructure

5.1. Code hosting, collaboration, access

5.1.1. Code availability

The source code of all VATEUD applications is available internally for development and collaboration purposes.

VATEUD uses git repositories for version control. Using a modern version control system such as git allows tracing each individual change to the code, provides complete history of all edits, associated with their respective authors, allows reverting newer commits, branching the code in different directions (for example to develop a new feature, while still maintaining a stable milestone on a different branch), allows merging branches, including branches and pieces of code written by other people, thus making collaboration easy and fully controllable.

5.1.2. Repository access

As part of the "separation of concerns" strategy the git repositories are hosted on an external git hosting service to ensure their availability and independence of the rest of the web infrastructure.

Currently VATEUD uses https://gitlab.com for its code repositories. A personal gitlab.com account is required for anybody requesting access to the source code of our applications.

VATEUD7 and VATEUD13 have full access to all repositories with commit, merge and deploy privileges. VATEUD1 has courtesy access to ensure availability and succession if needed. Other individuals inside or outside VATEUD staff can have different levels of access on an individual repository basis depending on their role or desire to contribute to the codebase.

5.1.3. Repository maintainers

A maintainer is designated for each repository on VATEUD7 discretion, which should normally be the author of the application code or a successor. The maintainer is solely responsible for ensuring smooth workflow, merging pull requests and monitoring issue tickets.

5.1.4. Deployment

Only VATEUD7, (or VATEUD13 if explicitly authorized) can deploy code into production and only with the approval of the maintainer (or from the master repository head).

Only git workflows are to be used when deploying code into production! No FTP or copy/pasting of files!

5.1.5. Author privileges

The original author of each VATEUD application retains permanent access to the code repository of that application and is entitled to the role of maintainer for as long as he wants and is able to commit to that role. The author's access and maintainer role are not to be revoked by any 3rd party unless explicitly renounced by the author.

A list of the VATEUD applications and maintainers is available in appendix B.

5.2. Code licensing

As always in software development all the software applications and all custom written code for any EUD project remain an intellectual copyrighted property of their respective authors.

The software authors should designate a license to each of their VATEUD-related project, defining the terms and conditions (or lack thereof) under which this software is usable by VATEUD or any 3rd party. The exact license used is on the discretion of the authors, however it should be permissive enough to allow internal collaboration, further development, continued use of the code by VATEUD and developer/maintainer succession.

5.3. Official VATEUD application and 3rd party applications

In order for an application to be recognized as an official VATEUD application, it must meet the following criteria:

  • must comply with the VATEUD "Code hosting, collaboration, access" policy
  • must be deployed on the EUD servers infrastructure

VATEUD accepts responsibility and ensures the continued development and availability of its official applications.

VATEUD encourages and welcomes 3rd party applications, occasionally granting them a VATEUD subdomain, however accepts no responsibility or liability related to those applications: they're considered independent and are under the full authority of their respective authors.

A list of official VATEUD applications and maintainers is available in appendix B. Any application not listed there is to be considered a 3rd party application.

5.4. Development best practices

VATEUD web applications should endeavor to meet the following general criteria:

  • Usage of modern MVC frameworks, OO programming and ORM mapping
  • Compliance with current web standards such as HTML5/CSS3
  • Integration with JS and CSS frameworks
  • Extensive use and understanding of caching
  • Slick and responsive visual design
  • Performance and CEO optimization
  • Offloading of time-consuming tasks to worker queues
  • Assets unification and minification
  • Integrated tests

The following practices are strongly discouraged and will most likely result in applications being deprecated or retired:

  • intermingling of presentation and logic layers
  • inline SQL
  • extensive inline CSS and JS
  • functional PHP or Perl
  • no inherent protection against XSS and SQL injections

6. List of Appendices

  • Appendix A - credentials and passwords (keychain)
  • Appendix B - list of official VATEUD applications and maintainers
  • Appendix C - list of policy revisions