diff --git a/.coveragerc b/.coveragerc index a63754a1..e06501b3 100644 --- a/.coveragerc +++ b/.coveragerc @@ -19,5 +19,6 @@ exclude_lines = if __name__ == .__main__.: def __repr__ raise AssertionError + if TYPE_CHECKING: ignore_errors = True diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0987ae36..41582a43 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,11 +26,11 @@ pre-commit-check: <<: *only-default stage: pre-commit image: python:3.11-bullseye - variables: - PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit - cache: - paths: - - ${PRE_COMMIT_HOME} + # variables: + # PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit + # cache: + # paths: + # - ${PRE_COMMIT_HOME} script: - pip install pre-commit - pre-commit run --all-files diff --git a/.readthedocs.yml b/.readthedocs.yml index 6837aabd..b3b00bfd 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -12,6 +12,9 @@ build: - redis tools: python: "3.11" + jobs: + post_system_dependencies: + - redis-server --daemonize yes # Build documentation in the docs/ directory with Sphinx sphinx: diff --git a/allianceauth/__init__.py b/allianceauth/__init__.py index 17b15dc9..e97a70f7 100644 --- a/allianceauth/__init__.py +++ b/allianceauth/__init__.py @@ -5,7 +5,7 @@ manage online service access. # This will make sure the app is always imported when # Django starts so that shared_task will use this app. -__version__ = '4.0.0a4' +__version__ = '4.0.0b1' __title__ = 'Alliance Auth' __url__ = 'https://gitlab.com/allianceauth/allianceauth' NAME = f'{__title__} v{__version__}' diff --git a/allianceauth/authentication/auth_hooks.py b/allianceauth/authentication/auth_hooks.py index abc22803..b29a3300 100644 --- a/allianceauth/authentication/auth_hooks.py +++ b/allianceauth/authentication/auth_hooks.py @@ -1,6 +1,6 @@ from allianceauth.hooks import DashboardItemHook from allianceauth import hooks -from .views import dashboard_characters, dashboard_groups, dashboard_admin +from .views import dashboard_characters, dashboard_esi_check, dashboard_groups, dashboard_admin class UserCharactersHook(DashboardItemHook): @@ -26,6 +26,15 @@ class AdminHook(DashboardItemHook): DashboardItemHook.__init__( self, dashboard_admin, + 1 + ) + + +class ESICheckHook(DashboardItemHook): + def __init__(self): + DashboardItemHook.__init__( + self, + dashboard_esi_check, 0 ) @@ -43,3 +52,8 @@ def register_groups_hook(): @hooks.register('dashboard_hook') def register_admin_hook(): return AdminHook() + + +@hooks.register('dashboard_hook') +def register_esi_hook(): + return ESICheckHook() diff --git a/allianceauth/authentication/constants.py b/allianceauth/authentication/constants.py new file mode 100644 index 00000000..5a7412e4 --- /dev/null +++ b/allianceauth/authentication/constants.py @@ -0,0 +1,12 @@ +from django.utils.translation import gettext_lazy as _ + +# Overide ESI messages in the dashboard widget +# when the returned messages are not helpful or out of date +ESI_ERROR_MESSAGE_OVERRIDES = { + 420: _("This software has exceeded the error limit for ESI. " + "If you are a user, please contact the maintainer of this software." + " If you are a developer/maintainer, please make a greater " + "effort in the future to receive valid responses. For tips on how, " + "come have a chat with us in ##3rd-party-dev-and-esi on the EVE " + "Online Discord. https://www.eveonline.com/discord") +} diff --git a/allianceauth/authentication/templates/authentication/dashboard_bs3.html b/allianceauth/authentication/templates/authentication/dashboard_bs3.html new file mode 100644 index 00000000..14bb8cbc --- /dev/null +++ b/allianceauth/authentication/templates/authentication/dashboard_bs3.html @@ -0,0 +1,10 @@ +{% extends 'allianceauth/base.html' %} + + +{% block page_title %}Dashboard{% endblock page_title %} + +{% block content %} +
+

Dashboard Dummy

+
+{% endblock %} diff --git a/allianceauth/authentication/templates/authentication/dashboard.characters.html b/allianceauth/authentication/templates/authentication/dashboard_characters.html similarity index 95% rename from allianceauth/authentication/templates/authentication/dashboard.characters.html rename to allianceauth/authentication/templates/authentication/dashboard_characters.html index b2e0588d..83075233 100644 --- a/allianceauth/authentication/templates/authentication/dashboard.characters.html +++ b/allianceauth/authentication/templates/authentication/dashboard_characters.html @@ -1,5 +1,5 @@ {% load i18n %} -
+
diff --git a/allianceauth/authentication/templates/authentication/dashboard.groups.html b/allianceauth/authentication/templates/authentication/dashboard_groups.html similarity index 88% rename from allianceauth/authentication/templates/authentication/dashboard.groups.html rename to allianceauth/authentication/templates/authentication/dashboard_groups.html index 88ed15c1..39acde52 100644 --- a/allianceauth/authentication/templates/authentication/dashboard.groups.html +++ b/allianceauth/authentication/templates/authentication/dashboard_groups.html @@ -1,5 +1,5 @@ {% load i18n %} -
+

{% translate "Membership" %}

diff --git a/allianceauth/authentication/templates/authentication/tokens.html b/allianceauth/authentication/templates/authentication/tokens.html index e7907893..42e3c61b 100644 --- a/allianceauth/authentication/templates/authentication/tokens.html +++ b/allianceauth/authentication/templates/authentication/tokens.html @@ -16,7 +16,7 @@ {% translate "This page is a best attempt, but backups or database logs can still contain your tokens. Always revoke tokens on https://community.eveonline.com/support/third-party-applications/ where possible."|urlize %}

- +
diff --git a/allianceauth/authentication/templates/public/lang_select.html b/allianceauth/authentication/templates/public/lang_select.html index 6bf5fa9f..05883f2a 100644 --- a/allianceauth/authentication/templates/public/lang_select.html +++ b/allianceauth/authentication/templates/public/lang_select.html @@ -4,7 +4,7 @@ {% csrf_token %} - {% get_language_info_list for LANGUAGES as languages %} {% for language in languages %} diff --git a/allianceauth/authentication/templates/public/register.html b/allianceauth/authentication/templates/public/register.html index a4f1e77d..062bcb1e 100644 --- a/allianceauth/authentication/templates/public/register.html +++ b/allianceauth/authentication/templates/public/register.html @@ -1,6 +1,6 @@ {% extends 'public/base.html' %} -{% load bootstrap %} +{% load django_bootstrap5 %} {% load i18n %} {% block page_title %}{% translate "Registration" %}{% endblock %} @@ -12,16 +12,20 @@ {% endblock %} {% block content %} -
-
-
- - {% csrf_token %} - {{ form|bootstrap }} - - +
+
+
- {% include 'public/lang_select.html' %}
{% endblock %} diff --git a/allianceauth/authentication/tests/test_views.py b/allianceauth/authentication/tests/test_views.py index 09aa4807..ec7601a9 100644 --- a/allianceauth/authentication/tests/test_views.py +++ b/allianceauth/authentication/tests/test_views.py @@ -1,10 +1,12 @@ import json +import requests_mock from unittest.mock import patch from django.test import RequestFactory, TestCase -from allianceauth.authentication.views import task_counts +from allianceauth.authentication.views import task_counts, esi_check from allianceauth.tests.auth_utils import AuthUtils +from allianceauth.authentication.constants import ESI_ERROR_MESSAGE_OVERRIDES MODULE_PATH = "allianceauth.authentication.views" @@ -21,6 +23,8 @@ class TestRunningTasksCount(TestCase): super().setUpClass() cls.factory = RequestFactory() cls.user = AuthUtils.create_user("bruce_wayne") + cls.user.is_superuser = True + cls.user.save() def test_should_return_data( self, mock_active_tasks_count, mock_queued_tasks_count @@ -35,5 +39,164 @@ class TestRunningTasksCount(TestCase): # then self.assertEqual(response.status_code, 200) self.assertDictEqual( - jsonresponse_to_dict(response), {"tasks_running": 2, "tasks_queued": 3} + jsonresponse_to_dict(response), { + "tasks_running": 2, "tasks_queued": 3} ) + + def test_su_only( + self, mock_active_tasks_count, mock_queued_tasks_count + ): + self.user.is_superuser = False + self.user.save() + self.user.refresh_from_db() + # given + mock_active_tasks_count.return_value = 2 + mock_queued_tasks_count.return_value = 3 + request = self.factory.get("/") + request.user = self.user + # when + response = task_counts(request) + # then + self.assertEqual(response.status_code, 302) + + +class TestEsiCheck(TestCase): + @classmethod + def setUpClass(cls) -> None: + super().setUpClass() + cls.factory = RequestFactory() + cls.user = AuthUtils.create_user("bruce_wayne") + cls.user.is_superuser = True + cls.user.save() + + @requests_mock.Mocker() + def test_401_data_returns_200( + self, m + ): + error_json = { + "error": "You have been banned from using ESI. Please contact Technical Support. (support@eveonline.com)" + } + status_code = 401 + m.get( + "https://esi.evetech.net/latest/status/?datasource=tranquility", + text=json.dumps(error_json), + status_code=status_code + ) + # given + request = self.factory.get("/") + request.user = self.user + # when + response = esi_check(request) + # then + self.assertEqual(response.status_code, 200) + self.assertDictEqual( + jsonresponse_to_dict(response), { + "status": status_code, + "data": error_json + } + ) + + @requests_mock.Mocker() + def test_504_data_returns_200( + self, m + ): + error_json = { + "error": "Gateway timeout message", + "timeout": 5000 + } + status_code = 504 + m.get( + "https://esi.evetech.net/latest/status/?datasource=tranquility", + text=json.dumps(error_json), + status_code=status_code + ) + # given + request = self.factory.get("/") + request.user = self.user + # when + response = esi_check(request) + # then + self.assertEqual(response.status_code, 200) + self.assertDictEqual( + jsonresponse_to_dict(response), { + "status": status_code, + "data": error_json + } + ) + + @requests_mock.Mocker() + def test_420_data_override( + self, m + ): + error_json = { + "error": "message from CCP", + } + status_code = 420 + m.get( + "https://esi.evetech.net/latest/status/?datasource=tranquility", + text=json.dumps(error_json), + status_code=status_code + ) + # given + request = self.factory.get("/") + request.user = self.user + # when + response = esi_check(request) + # then + self.assertEqual(response.status_code, 200) + self.assertNotEqual( + jsonresponse_to_dict(response)["data"], + error_json + ) + self.assertDictEqual( + jsonresponse_to_dict(response), { + "status": status_code, + "data": { + "error": ESI_ERROR_MESSAGE_OVERRIDES.get(status_code) + } + } + ) + + @requests_mock.Mocker() + def test_200_data_returns_200( + self, m + ): + good_json = { + "players": 5, + "server_version": "69420", + "start_time": "2030-01-01T23:59:59Z" + } + status_code = 200 + + m.get( + "https://esi.evetech.net/latest/status/?datasource=tranquility", + text=json.dumps(good_json), + status_code=status_code + ) + # given + request = self.factory.get("/") + request.user = self.user + # when + response = esi_check(request) + # then + self.assertEqual(response.status_code, 200) + self.assertDictEqual( + jsonresponse_to_dict(response), { + "status": status_code, + "data": good_json + } + ) + + def test_su_only( + self, + ): + self.user.is_superuser = False + self.user.save() + self.user.refresh_from_db() + # given + request = self.factory.get("/") + request.user = self.user + # when + response = esi_check(request) + # then + self.assertEqual(response.status_code, 302) diff --git a/allianceauth/authentication/urls.py b/allianceauth/authentication/urls.py index a7dc66e3..72bc1e10 100644 --- a/allianceauth/authentication/urls.py +++ b/allianceauth/authentication/urls.py @@ -38,5 +38,7 @@ urlpatterns = [ name='token_refresh' ), path('dashboard/', views.dashboard, name='dashboard'), + path('dashboard_bs3/', views.dashboard_bs3, name='dashboard_bs3'), path('task-counts/', views.task_counts, name='task_counts'), + path('esi-check/', views.esi_check, name='esi_check'), ] diff --git a/allianceauth/authentication/views.py b/allianceauth/authentication/views.py index fce8d4ee..2e8f4e2c 100644 --- a/allianceauth/authentication/views.py +++ b/allianceauth/authentication/views.py @@ -1,6 +1,6 @@ import logging -from allianceauth.hooks import get_hooks +import requests from django_registration.backends.activation.views import ( REGISTRATION_SALT, ActivationView as BaseActivationView, RegistrationView as BaseRegistrationView, @@ -10,7 +10,7 @@ from django_registration.signals import user_registered from django.conf import settings from django.contrib import messages from django.contrib.auth import authenticate, login -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, user_passes_test from django.contrib.auth.models import User from django.core import signing from django.http import JsonResponse @@ -23,14 +23,16 @@ from esi.decorators import token_required from esi.models import Token from allianceauth.eveonline.models import EveCharacter +from allianceauth.hooks import get_hooks +from .constants import ESI_ERROR_MESSAGE_OVERRIDES from .core.celery_workers import active_tasks_count, queued_tasks_count from .forms import RegistrationForm from .models import CharacterOwnership if 'allianceauth.eveonline.autogroups' in settings.INSTALLED_APPS: _has_auto_groups = True - from allianceauth.eveonline.autogroups.models import * + from allianceauth.eveonline.autogroups.models import * # noqa: F401, F403 else: _has_auto_groups = False @@ -54,7 +56,7 @@ def dashboard_groups(request): context = { 'groups': groups, } - return render_to_string('authentication/dashboard.groups.html', context=context, request=request) + return render_to_string('authentication/dashboard_groups.html', context=context, request=request) def dashboard_characters(request): @@ -66,7 +68,7 @@ def dashboard_characters(request): context = { 'characters': characters } - return render_to_string('authentication/dashboard.characters.html', context=context, request=request) + return render_to_string('authentication/dashboard_characters.html', context=context, request=request) def dashboard_admin(request): @@ -76,6 +78,13 @@ def dashboard_admin(request): return "" +def dashboard_esi_check(request): + if request.user.is_superuser: + return render_to_string('allianceauth/admin-status/esi_check.html', request=request) + else: + return "" + + @login_required def dashboard(request): _dash_items = list() @@ -135,23 +144,30 @@ def token_refresh(request, token_id=None): @login_required @token_required(scopes=settings.LOGIN_TOKEN_SCOPES) def main_character_change(request, token): - logger.debug(f"main_character_change called by user {request.user} for character {token.character_name}") + logger.debug( + f"main_character_change called by user {request.user} for character {token.character_name}") try: - co = CharacterOwnership.objects.get(character__character_id=token.character_id, user=request.user) + co = CharacterOwnership.objects.get( + character__character_id=token.character_id, user=request.user) except CharacterOwnership.DoesNotExist: if not CharacterOwnership.objects.filter(character__character_id=token.character_id).exists(): co = CharacterOwnership.objects.create_by_token(token) else: messages.error( request, - _('Cannot change main character to %(char)s: character owned by a different account.') % ({'char': token.character_name}) + _('Cannot change main character to %(char)s: character owned by a different account.') % ( + {'char': token.character_name}) ) co = None if co: request.user.profile.main_character = co.character request.user.profile.save(update_fields=['main_character']) - messages.success(request, _('Changed main character to %(char)s') % {"char": co.character}) - logger.info('Changed user %(user)s main character to %(char)s' % ({'user': request.user, 'char': co.character})) + messages.success(request, _('Changed main character to %s') % co.character) + logger.info( + 'Changed user {user} main character to {char}'.format( + user=request.user, char=co.character + ) + ) return redirect("authentication:dashboard") @@ -159,9 +175,11 @@ def main_character_change(request, token): def add_character(request, token): if CharacterOwnership.objects.filter(character__character_id=token.character_id).filter( owner_hash=token.character_owner_hash).filter(user=request.user).exists(): - messages.success(request, _('Added %(name)s to your account.' % ({'name': token.character_name}))) + messages.success(request, _( + 'Added %(name)s to your account.' % ({'name': token.character_name}))) else: - messages.error(request, _('Failed to add %(name)s to your account: they already have an account.' % ({'name': token.character_name}))) + messages.error(request, _('Failed to add %(name)s to your account: they already have an account.' % ( + {'name': token.character_name}))) return redirect('authentication:dashboard') @@ -204,8 +222,10 @@ def sso_login(request, token): token.delete() messages.error( request, - _('Unable to authenticate as the selected character. ' - 'Please log in with the main character associated with this account.') + _( + 'Unable to authenticate as the selected character. ' + 'Please log in with the main character associated with this account.' + ) ) return redirect(settings.LOGIN_URL) @@ -278,7 +298,8 @@ class RegistrationView(BaseRegistrationView): return super().dispatch(request, *args, **kwargs) def register(self, form): - user = User.objects.get(pk=self.request.session.get('registration_uid')) + user = User.objects.get( + pk=self.request.session.get('registration_uid')) user.email = form.cleaned_data['email'] user_registered.send(self.__class__, user=user, request=self.request) if getattr(settings, 'REGISTRATION_VERIFY_EMAIL', True): @@ -295,7 +316,8 @@ class RegistrationView(BaseRegistrationView): def get_email_context(self, activation_key): context = super().get_email_context(activation_key) - context['url'] = context['site'].domain + reverse('registration_activate', args=[activation_key]) + context['url'] = context['site'].domain + \ + reverse('registration_activate', args=[activation_key]) return context @@ -328,20 +350,24 @@ class ActivationView(BaseActivationView): def registration_complete(request): - messages.success(request, _('Sent confirmation email. Please follow the link to confirm your email address.')) + messages.success(request, _( + 'Sent confirmation email. Please follow the link to confirm your email address.')) return redirect('authentication:login') def activation_complete(request): - messages.success(request, _('Confirmed your email address. Please login to continue.')) + messages.success(request, _( + 'Confirmed your email address. Please login to continue.')) return redirect('authentication:dashboard') def registration_closed(request): - messages.error(request, _('Registration of new accounts is not allowed at this time.')) + messages.error(request, _( + 'Registration of new accounts is not allowed at this time.')) return redirect('authentication:login') +@user_passes_test(lambda u: u.is_superuser) def task_counts(request) -> JsonResponse: """Return task counts as JSON for an AJAX call.""" data = { @@ -349,3 +375,31 @@ def task_counts(request) -> JsonResponse: "tasks_queued": queued_tasks_count() } return JsonResponse(data) + + +def check_for_override_esi_error_message(response): + if response.status_code in ESI_ERROR_MESSAGE_OVERRIDES: + return {"error": ESI_ERROR_MESSAGE_OVERRIDES.get(response.status_code)} + else: + return response.json() + + +@user_passes_test(lambda u: u.is_superuser) +def esi_check(request) -> JsonResponse: + """Return if ESI ok With error messages and codes as JSON""" + _r = requests.get("https://esi.evetech.net/latest/status/?datasource=tranquility") + + data = { + "status": _r.status_code, + "data": check_for_override_esi_error_message(_r) + } + return JsonResponse(data) + + +@login_required +def dashboard_bs3(request): + """Render dashboard view with BS3 theme. + + This is an internal view used for testing BS3 backward compatibility in AA4 only. + """ + return render(request, 'authentication/dashboard_bs3.html') diff --git a/allianceauth/corputils/templates/corputils/corpstats.html b/allianceauth/corputils/templates/corputils/corpstats.html index 4fb18861..988b40ae 100644 --- a/allianceauth/corputils/templates/corputils/corpstats.html +++ b/allianceauth/corputils/templates/corputils/corpstats.html @@ -31,7 +31,7 @@
-
`) with 4 columns (``) with 4 columns (`
{% translate "Scopes" %}
`). Column #1 is the service name, column #2 is the users username for this service, column #3 is the services URL, and column #4 is the action buttons. +It should return a string (usually from `render_to_string`) of a table row (`
`). Column #1 is the service name, column #2 is the user's username for this service, column #3 is the services URL, and column #4 is the action buttons. You may either define your own service template or use the default one provided. The default can be used like this example: @@ -260,61 +260,61 @@ def render_services_ctrl(self, request): }, request=request) ``` -the `Urls` class defines the available URL names for the 4 actions available in the default template: +the `Urls` class defines the available URL names for the four actions available in the default template: -- Activate (create service account) -- Deactivate (delete service account) +- Activate (create a service account) +- Deactivate (delete a service account) - Reset Password (random password) - Set Password (custom password) -If you don't define one or all of these variable the button for the undefined URLs will not be displayed. +If you don't define one or all of these variables, the button for the undefined URLs will not be displayed. -Most services will survive with the default template. If, however, you require extra buttons for whatever reason, you are free to provide your own template as long as you stick within the 4 columns. Multiple rows should be OK, though may be confusing to users. +Most services will survive with the default template. If, however, you require extra buttons for whatever reason, you are free to provide your own template as long as you stick within the 4 columns. Multiple rows should be OK, though it may be confusing to users. ### Menu Item Hook -If you services needs cannot be satisfied by the Service Control row, you are free to specify extra hooks by subclassing or instantiating the `services.hooks.MenuItemHook` class. +If your service needs cannot be satisfied by the Service Control row, you are free to specify extra hooks by subclassing or instantiating the `services.hooks.MenuItemHook` class. -For more information see the [Menu Hooks](menu-hooks.md) page. +For more information, see the [Menu Hooks](menu-hooks.md) page. ### The Service Manager -The service manager is what interacts with the external service. Ideally it should be completely agnostic about its environment, meaning that it should avoid calls to Alliance Auth and Django in general (except in special circumstances where the service is managed locally, e.g. Mumble). Data should come in already arranged by the Tasks and data passed back for the tasks to manage or distribute. +The service manager is what interacts with the external service. Ideally, it should be completely agnostic about its environment, meaning that it should avoid calls to Alliance Auth and Django in general (except in special circumstances where the service is managed locally, e.g., Mumble). Data should come in already arranged by the Tasks and data passed back for the tasks to manage or distribute. -The reason for maintaining this separation is that managers may be reused from other sources and there may not even be a need to write a custom manager. Likewise, by maintaining this neutral environment others may reuse the managers that we write. It can also significantly ease the unit testing of services. +The reason for maintaining this separation is that managers may be reused from other sources, and there may not even be a need to write a custom manager. Likewise, by maintaining this neutral environment, others may reuse the managers that we write. It can also significantly ease the unit testing of services. ### The Views As mentioned at the start of this page, service modules are fully fledged Django apps. This means you're free to do whatever you wish with your views. -Typically most traditional username/password services define four views. +Typically, most traditional username/password services define four views. - Create Account - Delete Account - Reset Password - Set Password -These views should interact with the service via the Tasks, though in some instances may bypass the Tasks and access the manager directly where necessary, for example OAuth functionality. +These views should interact with the service via the Tasks, though in some instances may bypass the Tasks and access the manager directly where necessary, for example, OAuth functionality. ### The Tasks -The tasks component is the glue that holds all of the other components of the service module together. It provides the function implementation to handle things like adding and deleting users, updating groups, validating the existence of a users account. Whatever tasks `auth_hooks` and `views` have with interacting with the service will probably live here. +The tasks component is the glue that holds all the other components of the service module together. It provides the function implementation to handle things like adding and deleting users, updating groups, and validating the existence of a user's account. Whatever tasks `auth_hooks` and `views` have with interacting with the service will probably live here. ### The Models -Its very likely that you'll need to store data about a users remote service account locally. As service modules are fully fledged Django apps you are free to create as many models as necessary for persistent storage. You can create foreign keys to other models in Alliance Auth if necessary, though I _strongly_ recommend you limit this to the User and Groups models from `django.contrib.auth.models` and query any other data manually. +It's very likely that you'll need to store data about a users remote service account locally. As service modules are fully fledged Django apps, you are free to create as many models as necessary for persistent storage. You can create foreign keys to other models in Alliance Auth if necessary, though I _strongly_ recommend you limit this to the User and Groups models from `django.contrib.auth.models` and query any other data manually. -If you create models you should create the migrations that go along with these inside of your module/app. +If you create models, you should create the migrations that go along with them inside your module/app. ## Examples -There is a bare bones example service included in `services.modules.example`, you may like to use this as the base for your new service. +There is a bare-bones example service included in `services.modules.example`, you may like to use this as the base for your new service. -You should have a look through some of the other service modules before you get started to get an idea of the general structure of one. A lot of them aren't perfect so don't feel like you have to rigidly follow the structure of the existing services if you think its sub-optimal or doesn't suit the external service you're integrating. +You should have a look through some of the other service modules before you get started to get an idea of the general structure. A lot of them aren't perfect, so don't feel like you have to rigidly follow the structure of the existing services if you think its suboptimal or doesn't suit the external service you're integrating. ## Testing -You will need to add unit tests for all aspects of your service module before it is accepted. Be mindful that you don't actually want to make external calls to the service so you should mock the appropriate components to prevent this behavior. +You will need to add unit tests for all aspects of your service module before it is accepted. Be mindful that you don't actually want to make external calls to the service, so you should mock the appropriate components to prevent this behavior. ```{eval-rst} .. autoclass:: allianceauth.services.hooks.ServicesHook diff --git a/docs/development/custom/menu-hooks.md b/docs/development/custom/menu-hooks.md index 0274e590..2ff0aed2 100644 --- a/docs/development/custom/menu-hooks.md +++ b/docs/development/custom/menu-hooks.md @@ -1,8 +1,8 @@ # Menu Hooks -The menu hooks allow you to dynamically specify menu items from your plugin app or service. To achieve this you should subclass or instantiate the `services.hooks.MenuItemHook` class and then register the menu item with one of the hooks. +The menu hooks allow you to dynamically specify menu items from your plugin app or service. To achieve this, you should subclass or instantiate the `services.hooks.MenuItemHook` class and then register the menu item with one of the hooks. -To register a MenuItemHook class you would do the following: +To register a MenuItemHook class, you would do the following: ```python @hooks.register('menu_item_hook') @@ -18,16 +18,36 @@ The `MenuItemHook` class specifies some parameters/instance variables required f :undoc-members: ``` -## count +### text + +The text shown as menu item, e.g., usually the name of the app. + +### classes + +The classes that should be applied to the bootstrap menu item icon + +### url_name + +The name of the Django URL to use + +### order + +An integer which specifies the order of the menu item, lowest to highest. Community apps are free ot use an oder above `1000`. The numbers below are reserved for Auth. + +### navactive + +A list of views or namespaces the link should be highlighted on. See [django-navhelper](https://github.com/geelweb/django-navhelper#navactive) for usage. Defaults to the supplied `url_name`. + +### count `count` is an integer shown next to the menu item as badge when `count` is not `None`. -This is a great feature to signal the user, that he has some open issues to take care of within an app. For example Auth uses this feature to show the specific number of open group request to the current user. +This is a great feature to signal the user that he has some open issues to take care of within an app. For example, Auth uses this feature to show the specific number of open group request to the current user. :::{hint} Here is how to stay consistent with the Auth design philosophy for using this feature: -1. Use it to display open items that the current user can close by himself only. Do not use it for items, that the user has no control over. +1. Use it to display open items that the current user can close by himself only. Do not use it for items that the user has no control over. 2. If there are currently no open items, do not show a badge at all. ::: To use it set count the `render()` function of your subclass in accordance to the current user. Here is an example: diff --git a/docs/development/custom/url-hooks.md b/docs/development/custom/url-hooks.md index 410a2061..4790b1bd 100644 --- a/docs/development/custom/url-hooks.md +++ b/docs/development/custom/url-hooks.md @@ -2,9 +2,9 @@ ## Base functionality -The URL hooks allow you to dynamically specify URL patterns from your plugin app or service. To achieve this you should subclass or instantiate the `services.hooks.UrlHook` class and then register the URL patterns with the hook. +The URL hooks allow you to dynamically specify URL patterns from your plugin app or service. To achieve this, you should subclass or instantiate the `services.hooks.UrlHook` class and then register the URL patterns with the hook. -To register a UrlHook class you would do the following: +To register a UrlHook class, you would do the following: ```python @hooks.register('url_hook') @@ -26,12 +26,12 @@ The URL prefix to match against in regex form. Example `r'^app_name/'`. This pre ### Public views -In addition is it possible to make views public. Normally, all views are automatically decorated with the `main_character_required` decorator. That decorator ensures a user needs to be logged in and have a main before he can access that view. This feature protects against a community app sneaking in a public view without the administrator knowing about it. +In addition, is it possible to make views public. Normally, all views are automatically decorated with the `main_character_required` decorator. That decorator ensures a user needs to be logged in and have a main before he can access that view. This feature protects against a community app sneaking in a public view without the administrator knowing about it. -An app can opt-out of this feature by adding a list of views to be excluded when registering the URLs. See the `excluded_views` parameter for details. +An app can opt out of this feature by adding a list of views to be excluded when registering the URLs. See the `excluded_views` parameter for details. :::{note} -Note that for a public view to work, administrators need to also explicitly allow apps to have public views in their AA installation, by adding the apps label to ``APPS_WITH_PUBLIC_VIEWS`` setting. +Note that for a public view to work, administrators need to also explicitly allow apps to have public views in their AA installation, by adding the app label to ``APPS_WITH_PUBLIC_VIEWS`` setting. ::: >>>>>>> @@ -55,7 +55,7 @@ urlpatterns = [ ] ``` -Subsequently it would implement the UrlHook in a dedicated `auth_hooks.py` file like so: +Subsequently, it would implement the UrlHook in a dedicated `auth_hooks.py` file like so: ```python from alliance_auth import hooks diff --git a/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md b/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md index c5f91a73..9d828abb 100644 --- a/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md +++ b/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md @@ -1,20 +1,20 @@ # Development on Windows 10 with WSL and Visual Studio Code -This document describes step-by-step how to setup a complete development environment for Alliance Auth apps on Windows 10 with Windows Subsystem for Linux (WSL) and Visual Studio Code. +This document describes step-by-step how to set up a complete development environment for Alliance Auth apps on Windows 10 with Windows Subsystem for Linux (WSL) and Visual Studio Code. -The main benefit of this setup is that it runs all services and code in the native Linux environment (WSL) and at the same time can be full controlled from within a comfortable Windows IDE (Visual Studio Code) including code debugging. +The main benefit of this setup is that it runs all services and code in the native Linux environment (WSL) and at the same time can be fully controlled from within a comfortable Windows IDE (Visual Studio Code) including code debugging. -In addition all tools described in this guide are open source or free software. +In addition, all tools described in this guide are open source or free software. :::{hint} -This guide is meant for development purposes only and not for installing AA in a production environment. For production installation please see chapter **Installation**. +This guide is meant for development purposes only and not for installing AA in a production environment. For production installation, please see chapter **Installation**. ::: ## Overview The development environment consists of the following components: -- Visual Studio Code with Remote WSL and Python extension +- Visual Studio Code with the Remote WSL and Python extension - WSL with Ubuntu (18.04. LTS or higher) - Python environment on WSL (3.8 or higher) - MySQL server on WSL @@ -22,15 +22,15 @@ The development environment consists of the following components: - Alliance Auth on WSL - Celery on WSL -We will use the build-in Django development web server, so we don't need to setup a WSGI server or a web server. +We will use the build-in Django development web server, so we don't need to set up a WSGI server or a web server. :::{note} -This setup works with both WSL 1 and WSL 2. However, due to the significantly better performance we recommend WSL 2. +This setup works with both WSL 1 and WSL 2. However, due to the significantly better performance, we recommend WSL 2. ::: ## Requirement -The only requirement is a PC with Windows 10 and Internet connection in order to download the additional software components. +The only requirement is a PC with Windows 10 and Internet connection to download the additional software components. ## Installing Windows apps @@ -45,7 +45,7 @@ The only requirement is a PC with Windows 10 and Internet connection in order to - Open the app and install the following VSC extensions: - Remote WSL - Connect to WSL. This will automatically install the VSC server on the VSC server for WSL -- Once connected to WSL install the Python extension on the WSL side +- Once connected to WSL, install the Python extension on the WSL side ## Setting up WSL / Linux @@ -64,13 +64,13 @@ sudo apt-get install gettext ### Install Python -Next we need to install Python and related development tools. +Next, we need to install Python and related development tools. :::{note} -Should your Ubuntu come with a newer version of Python we recommend to still setup your dev environment with the oldest Python 3 version currently supported by AA (e.g Python 3.8 at this time of writing) to ensure your apps are compatible with all current AA installations -You an check out this `page `_ on how to install additional Python versions on Ubuntu. +Should your Ubuntu come with a newer version of Python we recommend to still set up your dev environment with the oldest Python 3 version currently supported by AA (e.g., Python 3.8 at this time of writing) to ensure your apps are compatible with all current AA installations +You can check out this `page `_ on how to install additional Python versions on Ubuntu. -If you install a different python version from the default you need to adjust some of the commands below to install appopriate versions of those packages for example using Python 3.8 you might need to run the following after using the setup steps for the repository mentioned in the AskUbuntu post above: +If you install a different python version from the default, you need to adjust some commands below to install appopriate versions of those packages, for example, using Python 3.8 you might need to run the following after using the setup steps for the repository mentioned in the AskUbuntu post above: ```shell sudo apt-get install python3.8 python3.8-dev python3.8-venv python3-setuptools python3-pip python-pip @@ -108,7 +108,7 @@ sudo apt-get install mysql-server mysql-client libmysqlclient-dev We chose to use MySQL instead of MariaDB, because the standard version of MariaDB that comes with this Ubuntu distribution will not work with AA. ::: -We need to apply a permission fix to mysql or you will get a warning with every startup: +We need to apply a permission fix to mysql, or you will get a warning with every startup: ```shell sudo usermod -d /var/lib/mysql/ mysql @@ -120,7 +120,7 @@ Start the mysql server sudo service mysql start ``` -Create database and user for AA +Create a database and user for AA ```shell sudo mysql -u root @@ -141,7 +141,7 @@ sudo mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql -u root mysql ``` :::{note} -If your WSL does not have an init.d service, it will not automatically start your services such as MySQL and Redis when you boot your Windows machine and you have to manually start them. For convenience we recommend putting these commands in a bash script. Here is an example: +If your WSL does not have an init.d service, it will not automatically start your services such as MySQL and Redis when you boot your Windows machine, and you have to manually start them. For convenience, we recommend putting these commands in a bash script. Here is an example: ```shell #/bin/bash @@ -154,7 +154,7 @@ sudo redis-server --daemonize yes ### Setup dev folder on WSL -Setup your folders on WSL bash for your dev project. Our approach will setup one AA project with one venv and multiple apps running under the same AA project, but each in their own folder and git. +Set up your folders on WSL bash for your dev project. Our approach will set up one AA project with one venv and multiple apps running under the same AA project, but each in their own folder and git. A good location for setting up this folder structure is your home folder or a subfolder of your home: @@ -167,7 +167,7 @@ A good location for setting up this folder structure is your home folder or a su |- ... ``` -Following this approach you can also setup additional AA projects, e.g. aa-dev-2, aa-dev-3 if needed. +Following this approach, you can also set up additional AA projects, e.g. aa-dev-2, aa-dev-3 if needed. Create the root folder `aa-dev`. @@ -203,13 +203,13 @@ pip install -U pip setuptools wheel pip install allianceauth ``` -Now we are ready to setup our AA instance. Make sure to run this command in your aa-dev folder: +Now we are ready to set up our AA instance. Make sure to run this command in your aa-dev folder: ```shell allianceauth start myauth ``` -Next we will setup our VSC project for aa-dev by starting it directly from the WSL bash: +Next, we will set up our VSC project for aa-dev by starting it directly from the WSL bash: ```shell code . @@ -217,11 +217,11 @@ code . First you want to make sure exclude the venv folder from VSC as follows: Open settings and go to Files:Exclude -Add pattern: `**/venv` +Add the pattern: `**/venv` ### Create EVE Online SSO App -For the Eve Online related setup you need to create a SSO app on the developer site: +For the Eve Online related setup you need to create an SSO app on the developer site: - Create your Eve Online SSO App on the [Eve Online developer site](https://developers.eveonline.com/) - Add all ESI scopes @@ -277,7 +277,7 @@ REGISTRATION_VERIFY_EMAIL = False ### Migrations and superuser -Before we can start AA we need to run migrations: +Before we can start AA, we need to run migrations: ```shell cd myauth @@ -300,7 +300,7 @@ We are now ready to run out AA instance with the following command: python manage.py runserver ``` -Once running you can access your auth site on the browser under `http://localhost:8000`. Or the admin site under `http://localhost:8000/admin` +Once running, you can access your auth site on the browser under `http://localhost:8000`. Or the admin site under `http://localhost:8000/admin` :::{hint} You can start your AA server directly from a terminal window in VSC or with a VSC debug config (see chapter about debugging for details). @@ -308,14 +308,14 @@ You can start your AA server directly from a terminal window in VSC or with a VS :::{note} **Debug vs. Non-Debug mode** -Usually it is best to run your dev AA instance in debug mode, so you get all the detailed error messages that helps a lot for finding errors. But there might be cases where you want to test features that do not exist in debug mode (e.g. error pages) or just want to see how your app behaves in non-debug / production mode. +Usually it is best to run your dev AA instance in debug mode, so you get all the detailed error messages that help a lot for finding errors. But there might be cases where you want to test features that do not exist in debug mode (e.g. error pages) or just want to see how your app behaves in non-debug / production mode. -When you turn off debug mode you will see a problem though: Your pages will not render correctly. The reason is that Django will stop serving your static files in production mode and expect you to serve them from a real web server. Luckily, there is an option that forces Django to continue serving your static files directly even when not in debug mode. Just start your server with the following option: ``python manage.py runserver --insecure`` +When you turn off debug mode, you will see a problem though: Your pages will not render correctly. The reason is that Django will stop serving your static files in production mode and expect you to serve them from a real web server. Luckily, there is an option that forces Django to continue serving your static files directly even when not in debug mode. Start your server with the following option: ``python manage.py runserver --insecure`` ::: ### Celery -In addition you can start a celery worker instance for myauth. For development purposed it makes sense to only start one instance and add some additional logging. +In addition, you can start a celery worker instance for myauth. For development purposes, it makes sense to only start one instance and add some additional logging. This can be done from the command line with the following command in the myauth folder (where manage.py is located): @@ -323,21 +323,21 @@ This can be done from the command line with the following command in the myauth celery -A myauth worker -l info -P solo ``` -Same as AA itself you can start Celery from any terminal session, from a terminal window within VSC or as a debug config in VSC (see chapter about debugging for details). For convenience we recommend starting Celery as debug config. +Same as AA itself, you can start Celery from any terminal session, from a terminal window within VSC or as a debug config in VSC (see chapter about debugging for details). For convenience, we recommend starting Celery as debug config. ## Debugging setup -To be able to debug your code you need to add debugging configuration to VSC. At least one for AA and one for celery. +To be able to debug your code, you need to add a debugging configuration to VSC. At least one for AA and one for celery. ### Breakpoints -By default VSC will break on any uncaught exception. Since every error raised by your tests will cause an uncaught exception we recommend to deactivate this feature. +By default, VSC will break on any uncaught exception. Since every error raised by your tests will cause an uncaught exception, we recommend deactivating this feature. -To deactivate open click on the debug icon to switch to the debug view. Then un-check "Uncaught Exceptions" on the breakpoints window. +To deactivate, click on the debug icon to switch to the debug view. Then uncheck "Uncaught Exceptions" in the "Breakpoints" window. ### AA debug config -In VSC click on Debug / Add Configuration and choose "Django". Should Django not appear as option make sure to first open a Django file (e.g. the local.py settings) to help VSC detect that you are using Django. +In VSC, click on Debug / Add Configuration and choose "Django". Should Django not appear as an option, make sure to first open a Django file (e.g., the local.py settings) to help VSC detect that you are using Django. The result should look something like this: @@ -359,7 +359,7 @@ The result should look something like this: ### Debug celery -For celery we need another debug config, so that we can run it in parallel to our AA instance. +For celery, we need another debug config, so that we can run it in parallel to our AA instance. Here is an example debug config for Celery: @@ -387,7 +387,7 @@ Here is an example debug config for Celery: ### Debug config for unit tests -Finally it makes sense to have a dedicated debug config for running unit tests. Here is an example config for running all tests of the app `example`. +Finally, it makes sense to have a dedicated debug config for running unit tests. Here is an example config for running all tests of the app `example`. ```json { @@ -407,11 +407,11 @@ Finally it makes sense to have a dedicated debug config for running unit tests. }, ``` -You can also specify to run just a part of your test suite down to a test method. Just give the full path to the test you want to run, e.g. `example.test.test_models.TestDemoModel.test_this_method` +You can also specify to run just a part of your test suite down to a test method. Give the full path to the test you want to run, e.g. `example.test.test_models.TestDemoModel.test_this_method` ### Debugging normal python scripts -Finally you may also want to have a debug config to debug a non-Django Python script: +Finally, you may also want to have a debug config to debug a non-Django Python script: ```json { @@ -447,39 +447,37 @@ Extension for Visual Studio Code - Markdown linting and style checking for Visua #### Live Server -Live Server allows you to start a mini webserver for any file quickly. This can e.g. be useful for looking at changes to to Sphinx docs.: [Live Server](https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer) +Live Server allows you to start a mini webserver for any file quickly. This can e.g. be useful for looking at changes to Sphinx docs.: [Live Server](https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer) ### Django apps #### Django Extensions -[django-extensions](https://django-extensions.readthedocs.io/en/latest/) is a swiss army knife for django developers with adds a lot of very useful features to your Django site. Here are a few highlights: +[django-extensions](https://django-extensions.readthedocs.io/en/latest/) is a swiss army knife for django developers with adds a lot of useful features to your Django site. Here are a few highlights: -- shell_plus - An enhanced version of the Django shell. It will auto-load all your models at startup so you don't have to import anything and can use them right away. -- graph_models - Creates a dependency graph of Django models. Visualizing a model dependency structure can be very useful for trying to understand how an existing Django app works, or e.g. how all the AA models work together. -- runserver_plus - The standard runserver stuff but with the Werkzeug debugger baked in. This is a must have for any serious debugging. +- `shell_plus` - An enhanced version of the Django shell. It will autoload all your models at startup, so you don't have to import anything and can use them right away. +- `graph_models` - Creates a dependency graph of Django models. Visualizing a model dependency structure can be useful for trying to understand how an existing Django app works, or e.g., how all the AA models work together. +- `runserver_plus` - The standard runserver stuff but with the debugger baked in. This is a must-have for any serious debugging. #### Django Debug Toolbar -The [Django Debug Toolbar](https://github.com/jazzband/django-debug-toolbar) is a configurable set of panels that display various debug information about the current request/response and when clicked, display more details about the panel's content. - -E.g. this tool is invaluable to debug and fix performance issues with Django queries. +The [Django Debug Toolbar](https://github.com/jazzband/django-debug-toolbar) is a configurable set of panels that display various debug information about the current request/response and when clicked, display more details about the panel's content. This tool is invaluable to debug and fix performance issues with Django queries. ### Windows applications #### DBeaver -DBeaver is a free universal database tool and works with many different kinds of databases include MySQL. It can be installed on Windows 10 and will be able to help manage your MySQL databases running on WSL. +DBeaver is a free universal database tool and works with many different kinds of databases including MySQL. It can be installed on Windows 10 and will be able to help manage your MySQL databases running on WSL. Install from here. [DBeaver](https://dbeaver.io/) ## Adding apps for development -The idea behind the particular folder structure of aa-dev is to have each and every app in its own folder and git repo. To integrate them with the AA instance they need to be installed once using the -e option that enabled editing of the package. And then added to the INSTALLED_APPS settings. +The idea behind the particular folder structure of aa-dev is to have each and every app in its own folder and git repo. To integrate them with the AA instance, they need to be installed once using the -e option that enabled editing of the package. And then added to the INSTALLED_APPS settings. -To demonstrate let's add the example plugin to our environment. +To demonstrate, let's add the example plugin to our environment. -Open a WSL bash and navigate to the aa-dev folder. Make sure you have activate your virtual environment. (`source venv/bin/activate`) +Open a WSL bash and navigate to the aa-dev folder. Make sure you have activated your virtual environment. (`source venv/bin/activate`) Run these commands: diff --git a/docs/development/tech_docu/api/index.md b/docs/development/tech_docu/api/index.md index daa45209..a9e650c6 100644 --- a/docs/development/tech_docu/api/index.md +++ b/docs/development/tech_docu/api/index.md @@ -1,6 +1,6 @@ # API -To reduce redundancy and help speed up development we encourage developers to utilize the following packages when developing apps for Alliance Auth. +To reduce redundancy and help speed up development, we encourage developers to utilize the following packages when developing apps for Alliance Auth. :::{toctree} :maxdepth: 1 diff --git a/docs/development/tech_docu/celery.md b/docs/development/tech_docu/celery.md index 42b27cc2..537b7d3d 100644 --- a/docs/development/tech_docu/celery.md +++ b/docs/development/tech_docu/celery.md @@ -2,31 +2,31 @@ **Alliance Auth** uses Celery for asynchronous task management. This page aims to give developers some guidance on how to use Celery when developing apps for Alliance Auth. -For a complete documentation of Celery please refer to the [official Celery documentation](http://docs.celeryproject.org/en/latest/index.html). +For the complete documentation of Celery, please refer to the [official Celery documentation](http://docs.celeryproject.org/en/latest/index.html). ## When should I use Celery in my app? -There are two main cases for using celery. Long duration of a process and recurrence of a process. +There are two main reasons for using celery. Long duration of a process, and recurrence of a process. ### Duration -Alliance Auth is an online web application and as such the user expects fast and immediate responses to any of his clicks or actions. Same as with any other good web site. Good response times are measures in ms and a user will perceive everything that takes longer than 1 sec as an interruption of his flow of thought (see also [Response Times: The 3 Important Limits](https://www.nngroup.com/articles/response-times-3-important-limits/)). +Alliance Auth is an online web application, and as such, the user expects fast and immediate responses to any of his clicks or actions. Same as with any other good website. Good response times are measured in ms, and a user will perceive everything that takes longer than 1 sec as an interruption of his flow of thought (see also [Response Times: The 3 Important Limits](https://www.nngroup.com/articles/response-times-3-important-limits/)). -As a rule of thumb we therefore recommend to use celery tasks for every process that can take longer than 1 sec to complete (also think about how long your process might take with large amounts of data). +As a rule of thumb, we therefore recommend using celery tasks for every process that can take longer than 1 sec to complete (also think about how long your process might take with large amounts of data). :::{note} -Another solution for dealing with long response time in particular when loading pages is to load parts of a page asynchronously, for example with AJAX. +Another solution for dealing with long response time in particular when loading pages is to load parts of a page asynchronously, for example, with AJAX. ::: ### Recurrence -Another case for using celery tasks is when you need recurring execution of tasks. For example you may want to update the list of characters in a corporation from ESI every hour. +Another case for using celery tasks is when you need recurring execution of tasks. For example, you may want to update the list of characters in a corporation from ESI every hour. -These are called periodic tasks and Alliance Auth uses [celery beat](https://docs.celeryproject.org/en/latest/userguide/periodic-tasks.html) to implement them. +These are called periodic tasks, and Alliance Auth uses [celery beat](https://docs.celeryproject.org/en/latest/userguide/periodic-tasks.html) to implement them. ## What is a celery task? -For the most part a celery task is a Python functions that is configured to be executed asynchronously and controlled by Celery. Celery tasks can be automatically retried, executed periodically, executed in work flows and much more. See the [celery docs](https://docs.celeryproject.org/en/latest/userguide/tasks.html) for a more detailed description. +For the most part, a celery task is a Python function configured to be executed asynchronously and controlled by Celery. Celery tasks can be automatically retried, executed periodically, executed in work flows and much more. See the [celery docs](https://docs.celeryproject.org/en/latest/userguide/tasks.html) for a more detailed description. ## How should I use Celery in my app? @@ -61,21 +61,21 @@ example.delay() ## How should I use celery tasks in the UI? -There is a well established pattern for integrating asynchronous processes in the UI, for example when the user asks your app to perform a longer running action: +There is a well-established pattern for integrating asynchronous processes in the UI, for example, when the user asks your app to perform a longer running action: 1. Notify the user immediately (with a Django message) that the process for completing the action has been started and that he will receive a report once completed. 2. Start the celery task -3. Once the celery task is completed it should send a notification containing the result of the action to the user. It's important to send that notification also in case of errors. +3. Once the celery task is completed, it should send a notification containing the result of the action to the user. It's important to send that notification also in case of errors. -## Can I use long running tasks? +## Can I use long-running tasks? -Long running tasks are possible, but in general Celery works best with short running tasks. Therefore we strongly recommend to try and break down long running tasks into smaller tasks if possible. +Long-running tasks are possible, but in general Celery works best with short running tasks. Therefore, we strongly recommend trying to break down long-running tasks into smaller tasks if possible. -If contextually possible try to break down your long running task in shorter tasks that can run in parallel. +If contextually possible, try to break down your long-running task in shorter tasks that can run in parallel. -However, many long running tasks consist of several smaller processes that need to run one after the other. For example you may have a loop where you perform the same action on hundreds of objects. In those cases you can define each of the smaller processes as it's own task and then link them together, so that they are run one after the other. That is called chaining in Celery and is the preferred approach for implementing long running processes. +However, many long-running tasks consist of several smaller processes that need to run one after the other. For example, you may have a loop where you perform the same action on hundreds of objects. In those cases, you can define each of the smaller processes as its own task and then link them together, so that they are run one after the other. That is called chaining in Celery and is the preferred approach for implementing long-running processes. Example implementation for a celery chain: @@ -101,7 +101,7 @@ def long_runner(): chain(my_tasks).delay() ``` -In this example we fist add 10 example tasks that need to run one after the other to a list. This can be done by creating a so called signature for a task. Those signature are a kind of wrapper for tasks and can be used in various ways to compose work flow for tasks. +In this example, we first add 10 example tasks that need to run one after the other to a list. This can be done by creating a so-called signature for a task. Those signatures are a kind of wrapper for tasks and can be used in various ways to compose work flow for tasks. The list of task signatures is then converted to a chain and started asynchronously. @@ -110,12 +110,12 @@ In our example we use ``si()``, which is a shortcut for "immutable signatures" a For more information on signature and work flows see the official documentation on `Canvas `_. -In this context please note that Alliance Auth currently only supports chaining, because all other variants require a so called results back, which Alliance Auth does not have. +In this context, please note that Alliance Auth currently only supports chaining because all other variants require a so-called results back, which Alliance Auth does not have. ::: ## How can I define periodic tasks for my app? -Periodic tasks are normal celery tasks which are added the scheduler for periodic execution. The convention for defining periodic tasks for an app is to define them in the local settings. So user will need to add those settings manually to his local settings during the installation process. +Periodic tasks are normal celery tasks that are added to the scheduler for periodic execution. The convention for defining periodic tasks for an app is to define them in the local settings. So user will need to add those settings manually to his local settings during the installation process. Example setting: @@ -126,14 +126,14 @@ CELERYBEAT_SCHEDULE['structures_update_all_structures'] = { } ``` -- `structures_update_all_structures` is the name of the scheduling entry. You can chose any name, but the convention is name of your app plus name of the task. +- `structures_update_all_structures` is the name of the scheduling entry. You can choose any name, but the convention is name of your app plus name of the task. - `'task'`: Name of your task (full path) - `'schedule'`: Schedule definition (see Celery documentation on [Periodic Tasks](https://docs.celeryproject.org/en/latest/userguide/periodic-tasks.html) for details) ## How can I use priorities for tasks? -In Alliance Auth we have defined task priorities from 0 - 9 as follows: +In Alliance Auth we have defined task priorities from 0 to 9 as follows: ```{eval-rst} ====== ========= =========== @@ -151,12 +151,12 @@ In Alliance Auth we have defined task priorities from 0 - 9 as follows: :::{warning} Please make sure to use task priorities with care and especially do not use higher priorities without a good reason. All apps including Alliance Auth share the same task queues, so using higher task priorities excessively can potentially prevent more important tasks (of other apps) from completing on time. -You also want to make sure to run use lower priorities if you have a large amount of tasks or long running tasks, which are not super urgent. (e.g. the regular update of all Eve characters from ESI runs with priority 7) +You also want to make sure to run use lower priorities if you have a large number of tasks or long-running tasks, which are not super urgent. (e.g., the regular update of all Eve characters from ESI runs with priority 7) ::: :::{hint} -If no priority is specified all tasks will be started with the default priority, which is 5. +If no priority is specified, all tasks will be started with the default priority, which is 5. ::: -To run a task with a different priority you need to specify it when starting it. +To run a task with a different priority, you need to specify it when starting it. Example for starting a task with priority 3: @@ -165,7 +165,7 @@ example.apply_async(priority=3) ``` :::{hint} -For defining a priority to tasks you can not use the convenient shortcut ``delay()``, but instead need to start a task with ``apply_async()``, which also requires you to pass parameters to your task function differently. Please check out the `official docs `_ for details. +For defining a priority to tasks, you cannot use the convenient shortcut ``delay()``, but instead need to start a task with ``apply_async()``, which also requires you to pass parameters to your task function differently. Please check out the `official docs `_ for details. ::: ## What special features should I be aware of? @@ -174,7 +174,7 @@ Every Alliance Auth installation will come with a couple of special celery relat ### celery-once -Celery-once is a celery extension "that allows you to prevent multiple execution and queuing of celery tasks". What that means is that you can ensure that only one instance of a celery task runs at any given time. This can be useful for example if you do not want multiple instances of you task to talk to the same external service at the same time. +Celery-once is a celery extension "that allows you to prevent multiple execution and queuing of celery tasks". What that means is that you can ensure that only one instance of a celery task runs at any given time. This can be useful, for example, if you do not want multiple instances of your task to talk to the same external service at the same time. We use a custom backend for celery_once in Alliance Auth defined [here](https://gitlab.com/allianceauth/allianceauth/-/blob/master/allianceauth/services/tasks.py#L14) You can import it for use like so: @@ -183,7 +183,7 @@ You can import it for use like so: from allianceauth.services.tasks import QueueOnce ``` -An example of AllianceAuth's use within the `@sharedtask` decorator, can be seen [here](https://gitlab.com/allianceauth/allianceauth/-/blob/master/allianceauth/services/modules/discord/tasks.py#L62) in the discord module +An example of Alliance Auth's use within the `@sharedtask` decorator, can be seen [here](https://gitlab.com/allianceauth/allianceauth/-/blob/master/allianceauth/services/modules/discord/tasks.py#L62) in the discord module You can use it like so: ```python @@ -194,4 +194,4 @@ Please see the [official documentation](https://pypi.org/project/celery_once/) o ### task priorities -Alliance Auth is using task priorities to enable priority based scheduling of task execution. Please see [How can I use priorities for tasks?](#how-can-i-use-priorities-for-tasks) for details. +Alliance Auth is using task priorities to enable priority-based scheduling of task execution. Please see [How can I use priorities for tasks?](#how-can-i-use-priorities-for-tasks) for details. diff --git a/docs/development/tech_docu/index.md b/docs/development/tech_docu/index.md index 0cc0b51b..4d44a1c3 100644 --- a/docs/development/tech_docu/index.md +++ b/docs/development/tech_docu/index.md @@ -1,6 +1,6 @@ # Developing apps -In this section you find topics useful for app developers. +In this section, you find topics useful for app developers. :::{toctree} :maxdepth: 1 diff --git a/docs/features/apps/autogroups.md b/docs/features/apps/autogroups.md index 5bcb335f..7bce5ebf 100644 --- a/docs/features/apps/autogroups.md +++ b/docs/features/apps/autogroups.md @@ -1,6 +1,6 @@ # Auto Groups -Auto groups allows you to automatically place users of certain states into Corp or Alliance based groups. These groups are created when the first user is added to them and removed when the configuration is deleted. +Auto Groups allows you to automatically place users of certain states into corp or alliance-based groups. These groups are created when the first user is added to them and removed when the configuration is deleted. ## Installation @@ -10,19 +10,19 @@ To install this app add `'allianceauth.eveonline.autogroups',` to your `INSTALLE ## Configuring a group -When you create an autogroup config you will be given the following options: +When you create an autogroup config, you will be given the following options: ![Create Autogroup page](/_static/images/features/apps/autogroups/group-creation.png) :::{warning} -After creating a group you wont be able to change the Corp and Alliance group prefixes, name source and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these you will have to create a new autogroup config. +After creating a group, you won't be able to change the Corp and Alliance group prefixes, name source, and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these, you will have to create a new autogroup config. ::: -- States selects which states will be added to automatic Corp/Alliance groups +- States select which states will be added to automatic Corp/Alliance groups - Corp/Alliance groups checkbox toggles Corp/Alliance autogroups on or off for this config. -- Corp/Alliance group prefix sets the prefix for the group name, e.g. if your Corp was called `MyCorp` and your prefix was `Corp`, your autogroup name would be created as `Corp MyCorp`. This field accepts leading/trailing spaces. -- Corp/Alliance name source sets the source of the Corp/Alliance name used in creating the group name. Currently the options are Full name and Ticker. -- Replace spaces allows you to replace spaces in the autogroup name with the value in the Replace spaces with field. This can be blank. +- Corp/Alliance group prefix sets the prefix for the group name, e.g., if your corp was called `MyCorp` and your prefix was `Corp`, your autogroup name would be created as `Corp MyCorp`. This field accepts leading/trailing spaces. +- Corp/Alliance name source sets the source of the Corp/Alliance name used in creating the group name. Currently, the options are Full name and Ticker. +- Replace spaces allows you to replace spaces in the autogroup name with the value in the replace spaces with field. This can be blank. ## Permissions diff --git a/docs/features/apps/corpstats.md b/docs/features/apps/corpstats.md index 215abaeb..c96d4240 100644 --- a/docs/features/apps/corpstats.md +++ b/docs/features/apps/corpstats.md @@ -12,13 +12,13 @@ Add `'allianceauth.corputils',` to your `INSTALLED_APPS` list in your auth proje ## Creating a Corp Stats -Upon initial install, nothing will be visible. For every Corp, a model will have to be created before data can be viewed. +Upon initial installation, nothing will be visible. For every Corp, a model will have to be created before data can be viewed. ![nothing is visible](/_static/images/features/apps/corpstats/blank_header.png) -If you are a superuser, the add button will be immediate visible to you. If not, your user account requires the `add_corpstats` permission. +If you are a superuser, the "add" button will be immediately visible to you. If not, your user account requires the `add_corpstats` permission. -Corp Stats requires an EVE SSO token to access data from the EVE Swagger Interface. Upon pressing the Add button, you will be prompted to authenticated. Please select the character who is in the Corporation you want data for. +Corp Stats requires an EVE SSO token to access data from the EVE Swagger Interface. Upon pressing the Add button, you will be prompted to authenticate. Please select the character who is in the Corporation you want data for. ![authorize from the EVE site](/_static/images/features/apps/corpstats/eve_sso_authorization.png) @@ -26,8 +26,8 @@ You will return to auth where you are asked to select a token with the green arr ![select an SSO token to create with](/_static/images/features/apps/corpstats/select_sso_token.png) -If this works (and you have permission to view the Corp Stats you just created) you'll be returned to a view of the Corp Stats. -If it fails an error message will be displayed. +If this works (and you have permission to view the Corp Stats you just created), you'll be returned to a view of the Corp Stats. +If it fails, an error message will be displayed. ## Corp Stats View @@ -63,13 +63,13 @@ Each view contains a sortable and searchable table. The number of listings shown ![main list](/_static/images/features/apps/corpstats/main_list.png) -This list contains all main characters in registered in the selected Corporation and their alts. Each character has a link to [zKillboard](https://zkillboard.com). +This list contains all main characters registered in the selected Corporation and their alts. Each character has a link to [zKillboard](https://zkillboard.com). #### Member List ![member list](/_static/images/features/apps/corpstats/member_list.png) -The list contains all characters in the Corporation. Red backgrounds means they are not registered in auth. A link to [zKillboard](https://zkillboard.com) is present for all characters. +The list contains all characters in the Corporation. Red backgrounds mean they are not registered in auth. A link to [zKillboard](https://zkillboard.com) is present for all characters. If registered, the character will also have a main character, main Corporation, and main Alliance field. #### Unregistered List @@ -108,7 +108,7 @@ Users who add a Corp Stats with their token will be granted permissions to view ## Automatic Updating -By default Corp Stats are only updated on demand. If you want to automatically refresh on a schedule, add an entry to your project's settings file: +By default, Corp Stats are only updated on demand. If you want to automatically refresh on a schedule, add an entry to your project's settings file: ```python CELERYBEAT_SCHEDULE['update_all_corpstats'] = { @@ -134,11 +134,11 @@ Only one Corp Stats may exist at a time for a given Corporation. >Failed to gather corporation statistics with selected token. -During initial population, the EVE Swagger Interface did not return any member data. This aborts the creation process. Please wait for the API to start working before attempting to create again. +During the initial population, the EVE Swagger Interface did not return any member data. This aborts the creation process. Please wait for the API to start working before attempting to create again. ### Failure to update Corp Stats -Any of the following errors will result in a notification to the owning user, and deletion of the Corp Stats model. +Any of the following errors will result in a notification to the owning user and deletion of the Corp Stats model. >Your token has expired or is no longer valid. Please add a new one to create a new CorpStats. @@ -146,7 +146,7 @@ This occurs when the SSO token is invalid, which can occur when deleted by the u >CorpStats for (corp name) cannot update with your ESI token as you have left corp. -The SSO token's character is no longer in the Corporation which the Corp Stats is for, and therefore membership data cannot be retrieved. +The SSO token's character is no longer in the Corporation that the Corp Stats are for, and therefore membership data cannot be retrieved. >HTTPForbidden diff --git a/docs/features/apps/hrapplications.md b/docs/features/apps/hrapplications.md index 6f01c6ff..9833591d 100644 --- a/docs/features/apps/hrapplications.md +++ b/docs/features/apps/hrapplications.md @@ -4,7 +4,7 @@ This app allows you to manage applications for multiple corporations in your all - Define application questionnaires for corporations - Users can apply to corporations by filling outquestionnaires -- Manage review and approval process of applications +- Manage a review and approval process of applications ![hr](/_static/images/features/apps/hr.png) @@ -20,11 +20,11 @@ The most common task is creating ApplicationForm models for corps. Only when suc The first step is to create questions. This is achieved by creating ApplicationQuestion models, one for each question. Titles are not unique. -Next step is to create the actual ApplicationForm model. It requires an existing EveCorporationInfo model to which it will belong. It also requires the selection of questions. ApplicationForm models are unique per Corporation: only one may exist for any given Corporation concurrently. +The next step is to create the actual ApplicationForm model. It requires an existing EveCorporationInfo model to which it will belong. It also requires the selection of questions. ApplicationForm models are unique per Corporation: only one may exist for any given Corporation concurrently. -You can adjust these questions at any time. This is the preferred method of modifying the form: deleting and recreating will cascade the deletion to all received applications from this form which is usually not intended. +You can adjust these questions at any time. This is the preferred method of modifying the form: deleting and recreating will cascade the deletion to all received applications from this form, which is usually not intended. -Once completed the Corporation will be available to receive applications. +Once completed, the Corporation will be available to receive applications. ### Reviewing Applications @@ -32,7 +32,7 @@ Superusers can see all applications, while normal members with the required perm Selecting an application from the management screen will provide all the answers to the questions in the form at the time the user applied. -When a reviewer assigns themselves an application, they mark it as in progress. This notifies the applicant and permanently attached the reviewer to the application. +When a reviewer assigns themselves an application, they mark it as in progress. This notifies the applicant and permanently attaches the reviewer to the application. Only the assigned reviewer can approve/reject/delete the application if they possess the appropriate permission. @@ -62,25 +62,25 @@ Users do not require any permission to apply to a corporation and fill out the f A user with `auth.human_resources` can only see applications to their own corp. -Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these don't make much sense. +Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these make little sense. ## Models ### ApplicationQuestion -This is the model representation of a question. It contains a title, and a field for optional "helper" text. It is referenced by ApplicationForm models but acts independently. Modifying the question after it has been created will not void responses, so it's not advisable to edit the title or the answers may not make sense to reviewers. +This is the model representation of a question. It contains a title and a field for optional "helper" text. It is referenced by ApplicationForm models but acts independently. Modifying the question after it has been created will not void responses, so it's not advisable to edit the title or the answers may not make sense to reviewers. ### ApplicationForm -This is the template for an application. It points at a Corporation, with only one form allowed per Corporation. It also points at ApplicationQuestion models. When a user creates an application, they will be prompted with each question the form includes at the given time. Modifying questions in a form after it has been created will not be reflected in existing applications, so it's perfectly fine to adjust them as you see fit. Changing Corporations however is not advisable, as existing applications will point at the wrong Corporation after they've been submitted, confusing reviewers. +This is the template for an application. It points at a Corporation, with only one form allowed per Corporation. It also points at ApplicationQuestion models. When a user creates an application, they will be prompted with each question the form includes at the given time. Modifying questions in a form after it has been created will not be reflected in existing applications, so it's perfectly fine to adjust them as you see fit. Changing corporations, however, is not advisable, as existing applications will point at the wrong Corporation after they've been submitted, confusing reviewers. ### Application -This is the model representation of a completed application. It references an ApplicationForm from which it was spawned which is where the Corporation specificity comes from. It points at a user, contains info regarding its reviewer, and has a status. Shortcut properties also provide the applicant's main character, the applicant's APIs, and a string representation of the reviewer (for cases when the reviewer doesn't have a main character or the model gets deleted). +This is the model representation of a completed application. It references an ApplicationForm from which it was spawned, which is where the Corporation specificity comes from. It points at a user, contains info regarding its reviewer, and has a status. Shortcut properties also provide the applicant's main character, the applicant's APIs, and a string representation of the reviewer (for cases when the reviewer doesn't have a main character or the model gets deleted). ### ApplicationResponse -This is an answer to a question. It points at the Application to which it belongs, to the ApplicationQuestion which it is answering, and contains the answer text. Modifying any of these fields in dangerous. +This is an answer to a question. It points at the Application to which it belongs, to the ApplicationQuestion which it is answering, and contains the answer text. Modifying any of these fields is dangerous. ### ApplicationComment @@ -90,8 +90,8 @@ This is a reviewer's comment on an application. Points at the application, point ### No corps accepting applications -Ensure there are ApplicationForm models in the admin site. Ensure the user does not already have an application to these Corporations. If the users wishes to re-apply they must first delete their completed application +Ensure there are ApplicationForm models in the admin site. Ensure the user does not already have an application to these Corporations. If the users wish to re-apply, they must first delete their completed application ### Reviewer unable to complete application -Reviewers require a permission for each of the three possible outcomes of an application, Approve Reject or Delete. Any user with the human resources permission can mark an application as in-progress, but if they lack these permissions then the application will get stuck. Either grant the user the required permissions or change the assigned reviewer in the admin site. Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these don't serve much purpose. +Reviewers require permission for each of the three possible outcomes of an application, Approve Reject or Delete. Any user with the human resources permission can mark an application as in-progress, but if they lack these permissions, then the application will get stuck. Either grant the user the required permissions or change the assigned reviewer in the admin site. Best practice is to bundle the `auth.human_resources` permission alongside the `hrapplications.approve_application` and `hrapplications.reject_application` permissions, as in isolation these serve little purpose. diff --git a/docs/features/apps/index.md b/docs/features/apps/index.md index 63b04f63..e56dada6 100644 --- a/docs/features/apps/index.md +++ b/docs/features/apps/index.md @@ -1,6 +1,6 @@ # Apps -**Alliance Auth** comes with a set of apps (also called plugin-apps) which provide basic functions useful to many organizations in Eve Online like a fleet schedule and a timerboard. This section describes which apps are available and how to install and use them. Please note that any app need to be installed before it can be used. +**Alliance Auth** comes with a set of apps (also called plugin-apps) which provide basic functions useful to many organizations in Eve Online like a fleet schedule and a timerboard. This section describes which apps are available and how to install and use them. Please note that any app needs to be installed before it can be used. :::{toctree} :maxdepth: 1 diff --git a/docs/features/apps/permissions_tool.md b/docs/features/apps/permissions_tool.md index e25a914f..419971f3 100644 --- a/docs/features/apps/permissions_tool.md +++ b/docs/features/apps/permissions_tool.md @@ -1,6 +1,6 @@ # Permissions Auditing -Access to most of Alliance Auth's features are controlled by Django's permissions system. In order to help you secure your services, Alliance Auth provides a permissions auditing tool. +Access to most of Alliance Auth's features is controlled by Django's permissions system. To help you secure your services, Alliance Auth provides a permission auditing tool. This is an optional app that needs to be installed. @@ -10,9 +10,9 @@ To install it add `'allianceauth.permissions_tool',` to your `INSTALLED_APPS` li ### Access -In order to grant users access to the permissions auditing tool they will need to be granted the `permissions_tool.audit_permissions` permission or be a superuser. +To grant users access to the permission auditing tool, they will need to be granted the `permissions_tool.audit_permissions` permission or be a superuser. -When a user has access to the tool they will see the "Permissions Audit" menu item under the "Util" sub menu. +When a user has access to the tool, they will see the "Permissions Audit" menu item. ### Permissions Overview diff --git a/docs/features/community/index.md b/docs/features/community/index.md index b24e538b..692ca1a7 100644 --- a/docs/features/community/index.md +++ b/docs/features/community/index.md @@ -1,7 +1,7 @@ # Community Contributions -Another key feature of **Alliance Auth** is that it can be easily extended. Our great community is providing a variety of plug-in apps and services, which you can choose from to add more functions to your AA installation. +Another key feature of **Alliance Auth** is that it can be easily extended. Our great community is providing a variety of plug-in apps and services, which you can choose from to add more functions to your AA installation. Check out the [Community Creations](https://gitlab.com/allianceauth/community-creations) repo for more details. -Or if you have specific needs you can of course always develop your own plugin- apps and services. Please see the [Development](/development/index.md) chapter for details. +Or if you have specific needs, you can always develop your own plugin-apps and services. Please see the [Development](/development/index.md) chapter for details. diff --git a/docs/features/core/admin_site.md b/docs/features/core/admin_site.md index bf5756e9..c5e455f1 100644 --- a/docs/features/core/admin_site.md +++ b/docs/features/core/admin_site.md @@ -1,26 +1,26 @@ # Admin Site -The admin site allows administrators to configure, manage and trouble shoot Alliance Auth and all it's applications and services. E.g. you can create new groups and assign groups to users. +The admin site allows administrators to configure, manage and troubleshoot Alliance Auth and all its applications and services. E.g., you can create new groups and assign groups to users. -You can open the admin site by clicking on "Admin" in the drop down menu for a user that has access. +You can open the admin site by clicking on "Admin" in the drop-down menu for a user that has access. ![Admin Site](/_static/images/features/core/admin_site.png) ## Setup for small to medium size installations -For small to medium size alliances it is often sufficient to have no more then two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup. +For small to medium size alliances, it is often sufficient to have no more than two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup. :::{warning} -Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges. +Superusers have read & write access to everything on your AA installation. Superuser also automatically have all permissions and therefore access to all features of your apps. Therefore, we recommend to be very careful to whom you give superuser privileges. ::: ## Setup for large installations -For large alliances and coalitions you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern. +For large alliances and coalitions, you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern. -As an alternative to superusers admins you can define staff admins. Staff admins can perform most of the daily admin work, but are not superusers and therefore can be restricted in what they can access. +As an alternative to superusers admins, you can define staff admins. Staff admins can perform most of the daily admin work, but are not superusers and therefore can be restricted in what they can access. -To create a staff admin you need to do two things: +To create a staff admin, you need to do two things: 1. Enable the `is_staff` property for a user 1. Give the user permissions for admin tasks @@ -28,21 +28,21 @@ To create a staff admin you need to do two things: :::{note} Note that staff admins have the following limitations: -- Can not promote users to staff -- Can not promote users to superuser -- Can not add/remove permissions for users, groups and states +- Cannot promote users to staff +- Cannot promote users to superuser +- Cannot add/remove permissions for users, groups and states -These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions. +These limitations exist to prevent staff admins from promoting themselves to quasi superusers. Only superusers can perform these actions. ::: ### Staff property -Access to the admin site is restricted. Users needs to have the `is_staff` property to be able to open the site at all. The superuser that is created during the installation +Access to the admin site is restricted. Users need to have the `is_staff` property to be able to open the site at all. The superuser created during the installation process will automatically have access to the admin site. :::{hint} -Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions. +Without any permissions, a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions. ::: ### Permissions for common admin tasks @@ -91,4 +91,4 @@ Here is a list of permissions a staff admin would need to perform some common ad ### Permissions for other apps -The permissions a staff admin needs to perform tasks for other applications depends on how the applications are configured. the default is to have four permissions (change, delete, edit view) for each model of the applications. The view permission is usually required to see the model list on the admin site and the other three permissions are required to perform the respective action to an object of that model. However, app developer can chose to define permissions differently. +The permission a staff admin needs to perform tasks for other applications depends on how the applications are configured. The default is to have four permissions (change, delete, edit view) for each model of the applications. The view permission is usually required to see the model list on the admin site, and the other three permissions are required to perform the respective action to an object of that model. However, an app developer can choose to define permissions differently. diff --git a/docs/features/core/analytics.md b/docs/features/core/analytics.md index 78761cdd..368f8e6a 100644 --- a/docs/features/core/analytics.md +++ b/docs/features/core/analytics.md @@ -6,7 +6,7 @@ Before you proceed, please read through this page and/or raise any concerns on the Alliance Auth discord. This data helps us make AA better. -To Opt-Out, modify our pre-loaded token using the Admin dashboard */admin/analytics/analyticstokens/1/change/ +To opt out, modify our preloaded token using the Admin dashboard */admin/analytics/analyticstokens/1/change/ Each of the three features Daily Stats, Celery Events and Page Views can be enabled/Disabled independently. @@ -20,13 +20,13 @@ ANALYTICS_DISABLED = True ## What -Alliance Auth has taken great care to anonymize the data sent. In order to identify _unique_ installs we generate a UUIDv4, a random mathematical construct which does not contain any identifying information [UUID - UUID Objects](https://docs.python.org/3/library/uuid.html#uuid.uuid4) +Alliance Auth has taken great care to anonymize the data sent. To identify _unique_ installs, we generate a UUIDv4, a random mathematical construct which does not contain any identifying information [UUID - UUID Objects](https://docs.python.org/3/library/uuid.html#uuid.uuid4) -Analytics comes pre-loaded with our Google Analytics Token, and the Three Types of task can be opted out independently. Analytics can also be loaded with your _own_ GA token and the analytics module will act any/all tokens loaded. +Analytics comes preloaded with our Google Analytics token, and the three types of tasks can be opted out independently. Analytics can also be loaded with your _own_ GA token, and the analytics module will act any/all tokens loaded. Our Daily Stats contain the following: -- A phone-in task to identify a servers existence +- A phone-in task to identify a server's existence - A task to send the Number of User models - A task to send the Number of Token Models - A task to send the Number of Installed Apps @@ -36,7 +36,7 @@ Our Daily Stats contain the following: Our Celery Events contain the following: - Unique Identifier (The UUID) -- Celery Namespace of the task eg allianceauth.eveonline +- Celery Namespace of the task e.g., allianceauth.eveonline - Celery Task - Task Success or Exception - A context number for bulk tasks or sometimes a binary True/False @@ -47,18 +47,18 @@ Our Page Views contain the following: - Page Path - Page Title - The locale of the users browser -- The User-Agent of the users browser +- The User-Agent of the user's browser - The Alliance Auth Version ## Why -This data allows Alliance Auth development to gather accurate statistics on our install base, as well as how those installs are used. +This data allows Alliance Auth development to gather accurate statistics on our installation base, as well as how those installations are used. This allows us to better target our development time to commonly used modules and features and test them at the scales in use. ## Where -This data is stored in a Team Google Analytics Dashboard. The Maintainers all have Management permissions here, and if you have contributed to the Alliance Auth project or third party applications feel free to ask in the Alliance Auth discord for access. +This data is stored in a Team Google Analytics Dashboard. The Maintainers all have Management permissions here, and if you have contributed to the Alliance Auth project or third party applications, feel free to ask in the Alliance Auth discord for access. ## Using Analytics in my App diff --git a/docs/features/core/dashboard.md b/docs/features/core/dashboard.md index 037fc547..57f3fb25 100644 --- a/docs/features/core/dashboard.md +++ b/docs/features/core/dashboard.md @@ -1,10 +1,10 @@ # Dashboard -The dashboard is the main page of the **Alliance Auth** website and the first page every logged in user will see. +The dashboard is the main page of the **Alliance Auth** website, and the first page every logged-in user will see. -The content of the dashboard is specific to the logged in user. It has a sidebar, which will display the list of apps a user currently as access to based on his permissions. And it also shows which character the user has registered and to which group he belongs. +The content of the dashboard is specific to the logged-in user. It has a sidebar, which will display the list of apps a user currently as access to based on his permissions. And it also shows which character the user has registered and to which group he belongs. -For admin users the dashboard shows additional technical information about the AA instance. +For admin users, the dashboard shows additional technical information about the AA instance. ![dashboard](/_static/images/features/core/dashboard/dashboard.png) diff --git a/docs/features/core/groups.md b/docs/features/core/groups.md index ee59264f..4f9dae1f 100644 --- a/docs/features/core/groups.md +++ b/docs/features/core/groups.md @@ -14,7 +14,7 @@ Here you have several options: ### Internal -Users cannot see, join or request to join this group. This is primarily used for Auth's internally managed groups, though can be useful if you want to prevent users from managing their membership of this group themselves. This option will override the Hidden, Open and Public options when enabled. +Users cannot see, join or request to join this group. This is primarily used for Auth's internally managed groups, though it can be useful if you want to prevent users from managing their membership of this group themselves. This option will override the Hidden, Open and Public options when enabled. By default, every new group created will be an internal group. @@ -36,11 +36,11 @@ Group is accessible to any registered user, even when they do not have permissio The key difference is that the group is completely unmanaged by Auth. **Once a member joins they will not be removed unless they leave manually, you remove them manually, or their account is deliberately set inactive or deleted.** -Most people won't have a use for public groups, though it can be useful if you wish to allow public access to some services. You can grant service permissions on a public group to allow this behavior. +Most people won't have a use for public groups, though it can be useful if you wish to allow public access to some services. You can grant service permissions to a public group to allow this behavior. ### Restricted -When a group is restricted only superuser admins can directly add or remove them to/from users. The purpose of this property is prevent staff admins from assigning themselves to groups that are security sensitive. The "restricted" property can be combined with all the other properties. +When a group is restricted, only superuser admins can directly add or remove them to/from users. The purpose of this property is to prevent staff admins from assigning themselves to groups that are security sensitive. The "restricted" property can be combined with all the other properties. ```{eval-rst} .. _ref-reserved-group-names: @@ -48,15 +48,15 @@ When a group is restricted only superuser admins can directly add or remove them ## Reserved group names -When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g. on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases you can define a list of reserved group names. Auth will ensure that you can not create groups with a reserved name. You will find this list on the admin site under groupmanagement. +When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g., on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases, you can define a list of reserved group names. Auth will ensure that you cannot create groups with a reserved name. You will find this list on the admin site under groupmanagement. :::{note} -While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability. +While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be built in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability. ::: ## Managing groups -In order to access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later). +To access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later). ### Group Requests @@ -64,7 +64,7 @@ When a user joins or leaves a group which is not marked as "Open", their group r ### Group Membership -The group membership tab gives an overview of all of the non-internal groups. +The group membership tab gives an overview of all the non-internal groups. ![Group overview](/_static/images/features/core/groupmanagement/group-membership.png) @@ -89,7 +89,7 @@ Group leaders have the same abilities as users with the `group_management` permi - Approve requests for groups they are a leader of. - View the Group Membership and Group Members of groups they are leaders of. -This allows you to more finely control who has access to manage which groups. +This allows you to more fine control who has access to manage which groups. ### Auto Leave @@ -121,7 +121,7 @@ Note that all settings are optional and the app will use the documented default ## Permissions -In order to join a group other than a public group, the permission `groupmanagement.request_groups` (`Can request non-public groups` in the admin panel) must be active on their account, either via a group or directly applied to their User account. +To join a group other than a public group, the permission `groupmanagement.request_groups` (`Can request non-public groups` in the admin panel) must be active on their account, either via a group or directly applied to their User account. When a user loses this permission, they will be removed from all groups _except_ Public groups. diff --git a/docs/features/core/index.md b/docs/features/core/index.md index 92b10a84..14a48fb2 100644 --- a/docs/features/core/index.md +++ b/docs/features/core/index.md @@ -1,6 +1,6 @@ # Core Features -Managing access to applications and services is one of the core functions of **Alliance Auth**. The related key concepts and functionalities are describes in this section. +Managing access to applications and services is one of the core functions of **Alliance Auth**. The related key concepts and functionalities are described in this section. :::{toctree} :maxdepth: 1 diff --git a/docs/features/core/notifications.md b/docs/features/core/notifications.md index 1c680e47..819403ba 100644 --- a/docs/features/core/notifications.md +++ b/docs/features/core/notifications.md @@ -1,14 +1,14 @@ # Notifications -Alliance Auth has a build in notification system. The purpose of the notification system is to provide an easy and quick way to send messages to users of Auth. For example some apps are using it to inform users about results after long running tasks have completed and admins will automatically get notifications about system errors. +Alliance Auth has a build in notification system. The purpose of the notification system is to provide an easy and quick way to send messages to users of Auth. For example, some apps are using it to inform users about results after long-running tasks have been completed, and admins will automatically get notifications about system errors. -The number of unread notifications is shown to the user in the top menu. And the user can click on the notification count to open the notifications app. +The number of unread notifications is shown to the user in the top menu. And the user can click on the notification count to open the Notifications app. ![notification app](/_static/images/features/core/notifications.png) ## Settings -The notifications app can be configured through settings. +The Notifications app can be configured through settings. -- `NOTIFICATIONS_REFRESH_TIME`: The unread count in the top menu is automatically refreshed to keep the user informed about new notifications. This setting allows to set the time between each refresh in seconds. You can also set it to `0` to turn off automatic refreshing. Default: `30` -- `NOTIFICATIONS_MAX_PER_USER`: Maximum number of notifications that are stored per user. Older notifications are replaced by newer once. Default: `50` +- `NOTIFICATIONS_REFRESH_TIME`: The unread count in the top menu is automatically refreshed to keep the user informed about new notifications. This setting allows setting the time between each refresh in seconds. You can also set it to `0` to turn off automatic refreshing. Default: `30` +- `NOTIFICATIONS_MAX_PER_USER`: Maximum number of notifications that are stored per user. Newer replace older notifications. Default: `50` diff --git a/docs/features/core/states.md b/docs/features/core/states.md index f1281e5e..48973eb3 100644 --- a/docs/features/core/states.md +++ b/docs/features/core/states.md @@ -1,10 +1,10 @@ # States -States define the basic role of a user based on his affiliation with your organization. A user that has a character in your organization (e.g. alliance) will usually have the `Member` state. And a user, that has no characters in your organization will usually have the `Guest` state. +States define the basic role of a user based on his affiliation with your organization. A user that has a character in your organization (e.g., alliance) will usually have the `Member` state. And a user, that has no characters in your organization will usually have the `Guest` state. -States are assigned and updated automatically. So a user which character just left your organization will automatically loose his `Member` state and get the `Guest` state instead. +States are assigned and updated automatically. So a user which character just left your organization will automatically lose his `Member` state and get the `Guest` state instead. -The main purpose of states like `Member` is to have one place where you can assign all permissions that should apply to all users with that particular state. For example if all your members should have access to the SRP app you would add the permission that gives access to the SRP app to the `Member` state. +The main purpose of states like `Member` is to have one place where you can assign all permissions that should apply to all users with that particular state. For example, if all your members should have access to the SRP app, you would add the permission that gives access to the SRP app to the `Member` state. ## Creating a State @@ -14,7 +14,7 @@ A number of fields are available and are described below. ### Name -This is the displayed name of a state. Should be self-explanatory. +This is the displayed name of a state. It should be self-explanatory. ### Permissions @@ -50,9 +50,9 @@ This lets you select which factions the state is available to. Factions can be a States are mutually exclusive, meaning a user can only be in one at a time. -Membership is determined based on a user's main character. States are tested in order of descending priority - the first one which allows membership to the main character is assigned to the user. +Membership is determined based on a user's main character. States are tested in order of descending priority - the first one, which allows membership to the main character, is assigned to the user. -States are automatically assigned when a user registers to the site, their main character changes, they are activated or deactivated, or states are edited. Note that editing states triggers lots of state checks so it can be a very slow process. +States are automatically assigned when a user registers to the site, their main character changes, they are activated or deactivated, or states are edited. Note that editing states triggers lots of state checks, so it can be a very slow process. Assigned states are visible in the `Users` section of the `Authentication` admin site. @@ -60,4 +60,4 @@ Assigned states are visible in the `Users` section of the `Authentication` admin If no states are available to a user's main character, or their account has been deactivated, they are assigned to a catch-all `Guest` state. This state cannot be deleted nor can its name be changed. -The `Guest` state allows permissions to be granted to users who would otherwise not get any. For example access to public services can be granted by giving the `Guest` state a service access permission. +The `Guest` state allows permissions to be granted to users who would otherwise not get any. For example, access to public services can be granted by giving the `Guest` state a service access permission. diff --git a/docs/features/overview.md b/docs/features/overview.md index 8ad47f8c..d62882c9 100644 --- a/docs/features/overview.md +++ b/docs/features/overview.md @@ -1,17 +1,17 @@ # Overview -**Alliance Auth** (AA) is a web site that helps Eve Online organizations efficiently manage access to applications and external services. +**Alliance Auth** (AA) is a website that helps Eve Online organizations efficiently manage access to applications and external services. It has the following key features: - Automatically grants or revokes users access to external services (e.g. Discord, Mumble) and web apps (e.g. SRP requests) based on the user's current membership to [in-game organizations](/features/core/states) and [groups](/features/core/groups) -- Provides a central web site where users can directly access web apps (e.g. SRP requests) and manage their access to external services and groups. +- Provides a central website where users can directly access web apps (e.g., SRP requests) and manage their access to external services and groups. - Includes a set of connectors (called ["services"](/features/services/index)) for integrating access management with many popular external services like Discord, Mumble, Teamspeak 3, SMF and others - Includes a set of web [apps](/features/apps/index) which add many useful functions, e.g.: fleet schedule, timer board, SRP request management, fleet activity tracker -- Can be easily extended with additional services and apps. Many are provided by the [community](/features/community/index). +- It can be easily extended with additional services and apps. Many are provided by the [community](/features/community/index). - Chinese, English, German and Spanish localization diff --git a/docs/features/services/discord.md b/docs/features/services/discord.md index 04db3374..eedaa225 100644 --- a/docs/features/services/discord.md +++ b/docs/features/services/discord.md @@ -34,21 +34,21 @@ CELERYBEAT_SCHEDULE['discord.update_all_usernames'] = { ``` :::{note} - You will have to add most the values for these settings, e.g. your Discord server ID (aka guild ID), later in the setup process. + You will have to add most of the values for these settings, e.g., your Discord server ID (aka guild ID), later in the setup process. ::: ### Creating a Server Navigate to the [Discord site](https://discord.com/) and register an account, or log in if you have one already. -On the left side of the screen you’ll see a circle with a plus sign. This is the button to create a new server. Go ahead and do that, naming it something obvious. +On the left side of the screen, you’ll see a circle with a plus sign. This is the button to create a new server. Go ahead and do that, naming it something obvious. Now retrieve the server ID [following this procedure.](https://support.discord.com/hc/en-us/articles/206346498-Where-can-I-find-my-User-Server-Message-ID-) Update your auth project's settings file, inputting the server ID as `DISCORD_GUILD_ID` :::{note} -If you already have a Discord server skip the creation step, but be sure to retrieve the server ID +If you already have a Discord server, skip the creation step, but be sure to retrieve the server ID ::: ### Registering an Application @@ -58,7 +58,7 @@ Give it a name and description relating to your auth site. Add a redirect to `ht Update your auth project's settings file, inputting this redirect address as `DISCORD_CALLBACK_URL` -On the application summary page, press Create a Bot User. +On the application summary page, press "Create a Bot User". Update your auth project's settings file with these pieces of information from the summary page: @@ -68,15 +68,15 @@ Update your auth project's settings file with these pieces of information from t ### Preparing Auth -Before continuing it is essential to run migrations and restart Gunicorn and Celery. +Before continuing, it is essential to run migrations and restart Gunicorn and Celery. ### Adding a Bot to the Server -Once created, navigate to the services page of your Alliance Auth install as the superuser account. At the top there is a big green button labelled Link Discord Server. Click it, then from the drop down select the server you created, and then Authorize. +Once created, navigate to the "Services" page of your Alliance Auth install as the superuser account. At the top there is a big green button labeled "Link Discord Server". Click it, then from the drop-down select the server you created, and then Authorize. This adds a new user to your Discord server with a `BOT` tag, and a new role with the same name as your Discord application. Don't touch either of these. If for some reason the bot loses permissions or is removed from the server, click this button again. -To manage roles, this bot role must be at the top of the hierarchy. Edit your Discord server, roles, and click and drag the role with the same name as your application to the top of the list. This role must stay at the top of the list for the bot to work. Finally, the owner of the bot account must enable 2 Factor Authentication (this is required from Discord for kicking and modifying member roles). If you are unsure what 2FA is or how to set it up, refer to [this support page](https://support.discord.com/hc/en-us/articles/219576828). It is also recommended to force 2FA on your server (this forces any admins or moderators to have 2fa enabled to perform similar functions on discord). +To manage roles, this bot role must be at the top of the hierarchy. Edit your Discord server, roles, and click and drag the role with the same name as your application to the top of the list. This role must stay at the top of the list for the bot to work. Finally, the owner of the bot account must enable 2-Factor Authentication (this is required from Discord for kicking and modifying member roles). If you are unsure what 2FA is or how to set it up, refer to [this support page](https://support.discord.com/hc/en-us/articles/219576828). It is also recommended to force 2FA on your server (this forces any admins or moderators to have 2FA enabled to perform similar functions on discord). Note that the bot will never appear online as it does not participate in chat channels. @@ -90,22 +90,22 @@ If you want users to have their Discord nickname changed to their in-game charac ## Managing Roles -Once users link their accounts you’ll notice Roles get populated on Discord. These are the equivalent to groups on every other service. The default permissions should be enough for members to use text and audio communications. Add more permissions to the roles as desired through the server management window. +Once users link their accounts, you’ll notice Roles get populated on Discord. These are the equivalent to groups on every other service. The default permissions should be enough for members to use text and audio communications. Add more permissions to the roles as desired through the server management window. -By default Alliance Auth is taking over full control of role assignments on Discord. This means that users on Discord can in general only have roles that correlate to groups on Auth. However, there are two exceptions to this rule. +By default, Alliance Auth is taking over full control of role assignments on Discord. This means that users in Discord can in general only have roles that correlate to groups on Auth. However, there are two exceptions to this rule. ### Internal Discord roles -First, users will keep their so called "Discord managed roles". Those are internal roles created by Discord e.g. for Nitro. +First, users will keep their so-called "Discord managed roles". Those are internal roles created by Discord, e.g., for Nitro. ### Excluding roles from being managed by Auth Second, it is possible to exclude Discord roles from being managed by Auth at all. This can be useful if you have other bots on your Discord server that are using their own roles and which would otherwise conflict with Auth. This would also allow you to manage a role manually on Discord if you so chose. -To exclude roles from being managed by Auth you only have to add them to the list of reserved group names in Group Management. +To exclude roles from being managed by Auth, you only have to add them to the list of reserved group names in Group Management. :::{note} -Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted. +Role names on Discord are case-sensitive, while reserved group names on Auth are not. Therefore, reserved group names will cover all roles regardless of their case. For example, if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted. ::: ```{eval-rst} @@ -116,7 +116,7 @@ Role names on Discord are case sensitive, while reserved group names on Auth are The Discord service contains a number of tasks that can be run to manually perform updates to all users. -You can run any of these tasks from the command line. Please make sure that you are in your venv and then you can run this command from the same folder that your manage.py is located: +You can run any of these tasks from the command line. Please make sure that you are in your venv, and then you can run this command from the same folder that your manage.py is located: ```shell celery -A myauth call discord.update_all_groups @@ -175,8 +175,8 @@ This indicates your callback URL doesn't match. Ensure the `DISCORD_CALLBACK_URL ### "Add/Remove" Errors in Discord Service -If you are receiving errors in your Notifications after verifying that your settings are all correct try the following: +If you are receiving errors in your Notifications after verifying that your settings are all correct, try the following: -- Ensure that the bot's role in Discord is at the top of the roles list. Each time you add it to your server you will need to do this again. -- Make sure that the bot is not trying to modify the Owner of the discord, as it will fail. A holding discord account added with invite link will mitigate this. +- Ensure that the bot role in Discord is at the top of the roles list. Each time you add it to your server, you will need to do this again. +- Make sure that the bot is not trying to modify the Owner of the discord, as it will fail. A holding discord account added with an invite link will mitigate this. - Make sure that the bot role on discord has all needed permissions, Admin etc., remembering that these will need to be set every time you add the bot to the Discord server. diff --git a/docs/features/services/discourse.md b/docs/features/services/discourse.md index a0ee6150..0f383d61 100644 --- a/docs/features/services/discourse.md +++ b/docs/features/services/discourse.md @@ -131,9 +131,9 @@ rake admin:create Follow prompts, being sure to answer `y` when asked to allow admin privileges. -### Create API key +### Create an API key -Navigate to `discourse.example.com` and log on. Top right press the 3 lines and select `Admin`. Go to API tab and press `Generate Master API Key`. +Navigate to `discourse.example.com` and log on. Top right, press the 3 lines and select `Admin`. Go to API tab and press `Generate Master API Key`. Add the following values to your auth project's settings file: @@ -149,9 +149,9 @@ Navigate to `discourse.example.com` and log in. Back to the admin site, scroll d - `sso_url`: `http://example.com/discourse/sso` - `sso_secret`: some secure key -Save, now set `DISCOURSE_SSO_SECRET` in your auth project's settings file to the secure key you just put in Discourse. +Now set `DISCOURSE_SSO_SECRET` in your auth project's settings file to the secure key you put in Discourse. -Finally run migrations and restart Gunicorn and Celery. +Finally, run migrations and restart Gunicorn and Celery. ## Permissions diff --git a/docs/features/services/mumble.md b/docs/features/services/mumble.md index fb3180bc..6a7112fc 100644 --- a/docs/features/services/mumble.md +++ b/docs/features/services/mumble.md @@ -1,9 +1,9 @@ # Mumble -Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And is better. I may be slightly biased. +Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And it is better. I may be slightly biased. :::{note} -Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor. +Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly, it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor. ::: :::{warning} @@ -50,7 +50,7 @@ We will now install the authenticator into your Auth virtual environment. Please source /home/allianceserver/venv/auth/bin/activate ``` -Install the python dependencies for the mumble authenticator. Note that this process can take 2-10 minutes to complete. +Install the python dependencies for the mumble authenticator. Note that this process can take 2 to 10 minutes to complete. ```shell pip install -r requirements.txt @@ -58,7 +58,7 @@ pip install -r requirements.txt ## Configuring Mumble Server -The mumble server needs it's own database. Open an SQL shell with `mysql -u root -p` and execute the SQL commands to create it: +The mumble server needs its own database. Open an SQL shell with `mysql -u root -p` and execute the SQL commands to create it: ```sql CREATE DATABASE alliance_mumble CHARACTER SET utf8mb4; @@ -68,7 +68,7 @@ CREATE DATABASE alliance_mumble CHARACTER SET utf8mb4; GRANT ALL PRIVILEGES ON alliance_mumble . * TO 'allianceserver'@'localhost'; ``` -Mumble ships with a configuration file that needs customization. By default it’s located at `/etc/mumble-server.ini`. Open it with your favorite text editor: +Mumble ships with a configuration file that needs customization. By default, it’s located at `/etc/mumble-server.ini`. Open it with your favorite text editor: ```shell sudo nano /etc/mumble-server.ini @@ -132,7 +132,7 @@ Test your configuration by starting it: python /home/allianceserver/mumble-authenticator/authenticator.py ``` -And finally ensure the allianceserver user has read/write permissions to the mumble authenticator files before proceeding: +And finally, ensure the allianceserver user has read/write permissions to the mumble authenticator files before proceeding: ```shell sudo chown -R allianceserver:allianceserver /home/allianceserver/mumble-authenticator @@ -153,7 +153,7 @@ startsecs=10 priority=996 ``` -In addition we'd recommend to add the authenticator to Auth's restart group in your supervisor conf. For that you need to add it to the group line as shown in the following example: +In addition, we'd recommend adding the authenticator to Auth's restart group in your supervisor conf. For that, you need to add it to the group line as shown in the following example: ```ini [group:myauth] @@ -161,7 +161,7 @@ programs=beat,worker,gunicorn,authenticator priority=999 ``` -To enable the changes in your supervisor configuration you need to restart the supervisor process itself. And before we do that we are shutting down the current Auth supervisors gracefully: +To enable the changes in your supervisor configuration, you need to restart the supervisor process itself. And before we do that, we are shutting down the current Auth supervisors gracefully: ```shell sudo supervisor stop myauth: @@ -225,28 +225,28 @@ The needs and available resources will vary between Alliance Auth installations. ### Bandwidth -This is likely the most important setting for scaling a Mumble install, The default maximum Bandwidth is 72000bps Per User. Reducing this value will cause your clients to automatically scale back their bandwidth transmitted, while causing a reduction in voice quality. A value thats still high may cause robotic voices or users with bad connections to drop due entirely due to network load. +This is likely the most important setting for scaling a Mumble installation, The default maximum Bandwidth is 72000bps Per User. Reducing this value will cause your clients to automatically scale back their bandwidth transmitted, while causing a reduction in voice quality. A value that's still high may cause robotic voices or users with bad connections to drop due entirely due to the network load. Please tune this value to your individual needs, the below scale may provide a rough starting point. -72000 - Superior voice quality - Less than 50 users. -54000 - No noticeable reduction in quality - 50+ Users or many channels with active audio. -36000 - Mild reduction in quality - 100+ Users -30000 - Noticeable reduction in quality but not function - 250+ Users +`72000` - Superior voice quality - Less than 50 users. +`54000` - No noticeable reduction in quality - 50+ Users or many channels with active audio. +`36000` - Mild reduction in quality - 100+ Users +`30000` - Noticeable reduction in quality but not function - 250+ Users ### Forcing Opus -A Mumble server by default, will fall back to the older CELT codec as soon as a single user connects with an old client. This will significantly reduce your audio quality and likely place higher load on your server. We *highly* reccommend setting this to Zero, to force OPUS to be used at all times. Be aware any users with Mumble clients prior to 1.2.4 (From 2013...) Will not hear any audio. +A Mumble server, by default, will fall back to the older CELT codec as soon as a single user connects with an old client. This will significantly reduce your audio quality and likely place a higher load on your server. We *highly* recommend setting this to Zero, to force OPUS to be used at all times. Be aware any users with Mumble clients prior to 1.2.4 (From 2013...) Will not hear any audio. `opusthreshold=0` ### AutoBan and Rate Limiting -The AutoBan feature has some sensible settings by default, You may wish to tune these if your users keep locking themselves out by opening two clients by mistake, or if you are receiving unwanted attention +The AutoBan feature has some sensible settings by default. You may wish to tune these if your users keep locking themselves out by opening two clients by mistake, or if you are receiving unwanted attention -This too, is set to a sensible configuration by default. Take note on upgrading older installs, as this may actually be set too restrictively and will rate-limit your admins accidentally, take note of the configuration in +This, too, is set to a sensible configuration by default. Take note on upgrading older installs, as this may actually be set too restrictively and will rate-limit your admins accidentally, take note of the configuration in ### "Suggest" Options @@ -264,34 +264,34 @@ If Push to Talk is to your tastes, configure the suggestion as follows ### Setting a server password -With the default configuration your mumble server is public. Meaning that everyone who has the address can at least connect to it and might also be able join all channels that don't have any permissions set (Depending on your ACL configured for the root channel). If you want only registered member being able to join your mumble, you have to set a server password. To do so open your mumble server configuration which is by default located at `/etc/mumble-server.ini`. +With the default configuration, your mumble server is public. Meaning that everyone who has the address can at least connect to it and might also be able to join all channels that don't have any permissions set (Depending on your ACL configured for the root channel). If you want only registered member being able to join your mumble, you have to set a server password. To do so open your mumble server configuration which is by default located at `/etc/mumble-server.ini`. ```shell sudo nano /etc/mumble-server.ini ``` -Now search for `serverpassword=` and set your password here. If there is no such line, simply add it. +Now search for `serverpassword=` and set your password here. If there is no such line, add it. ```ini serverpassword=YourSuperSecretServerPassword ``` -Save the file and restart your mumble server afterwards. +Save the file and restart your mumble server afterward. ```shell sudo service mumble-server restart ``` -From now on, only registered member can join your mumble server. Now if you still want to allow guests to join you have 2 options. +From now on, only registered member can join your mumble server. Now if you still want to allow guests to join, you have two options. - Allow the "Guest" state to activate the Mumble service in your Auth instance - Use [Mumble temporary links](https://github.com/pvyParts/allianceauth-mumble-temp) ### Enabling Avatars in Overlay (V1.0.0+) -Ensure you have an up to date Mumble-Authenticator, this feature was added in V1.0.0 +Ensure you have an up-to-date Mumble-Authenticator. This feature was added in V1.0.0 -Edit `authenticator.ini` and change (or add for older installs) This code block. +Edit `authenticator.ini` and change (or add for older installations) This code block. ```ini ;If enabled, textures are automatically set as player's EvE avatar for use on overlay. diff --git a/docs/features/services/nameformats.md b/docs/features/services/nameformats.md index 3a007137..059e054d 100644 --- a/docs/features/services/nameformats.md +++ b/docs/features/services/nameformats.md @@ -4,7 +4,7 @@ This app allows you to customize how usernames for services are created. Each service's username or nickname, depending on which the service supports, can be customized through the use of the Name Formatter config provided the service supports custom formats. This config can be found in the admin panel under **Services -> Name format config** -Currently the following services support custom name formats: +Currently, the following services support custom name formats: ```{eval-rst} +-------------+-----------+-------------------------------------+ @@ -35,7 +35,7 @@ It's important to note here, before we get into what you can do with a name form ## Available format data -The following fields are available from a users account and main character: +The following fields are available for a user account and main character: - `username` - Alliance Auth username - `character_id` @@ -53,7 +53,7 @@ The following fields are available from a users account and main character: The name formatter uses the advanced string formatting specified by [PEP-3101](https://www.python.org/dev/peps/pep-3101/). Anything supported by this specification is supported in a name formatter. -A more digestible documentation of string formatting in Python is available on the [PyFormat](https://pyformat.info/) website. +More digestible documentation of string formatting in Python is available on the [PyFormat](https://pyformat.info/) website. Some examples of strings you could use: @@ -70,9 +70,9 @@ Some examples of strings you could use: ``` :::{important} -For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter it wont retroactively alter the format of users names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply. +For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter, it won't retroactively alter the format of users' names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply. ::: :::{important} -You must only create one formatter per service per state. E.g. don't create two formatters for Mumble for the Member state. In this case one of the formatters will be used and it may not be the formatter you are expecting: +You must only create one formatter per service per state. E.g., don't create two formatters for Mumble for the Member state. In this case, one of the formatters will be used, and it may not be the formatter you are expecting: ::: diff --git a/docs/features/services/openfire.md b/docs/features/services/openfire.md index 7477bffb..c9cd5b84 100644 --- a/docs/features/services/openfire.md +++ b/docs/features/services/openfire.md @@ -58,11 +58,11 @@ sudo dnf install java-11-openjdk java-11-openjdk-devel ### Download Installer -Openfire is not available through repositories so we need to get a package from the developer. +Openfire is not available through repositories, so we need to get a package from the developer. -On your PC, navigate to the [Ignite Realtime downloads section](https://www.igniterealtime.org/downloads/index.jsp), and under Openfire select Linux, click on the Ubuntu: Debian package (second from bottom of list, ends with .deb) or CentOS: RPM Package (no JRE bundled, as we have installed it on the host) +On your PC, navigate to the [Ignite Realtime downloads section](https://www.igniterealtime.org/downloads/index.jsp), and under Openfire select Linux, click on the Ubuntu: Debian package (second from bottom of the list, ends with .deb) or CentOS: RPM Package (no JRE bundled, as we have installed it on the host) -Retrieve the file location by copying the URL from the “click here” link, depending on your browser you may have a Copy Link or similar option in your right click menu. +Retrieve the file location by copying the URL from the “click here” link. Depending on your browser, you may have a Copy Link or similar option in your right click menu. In the console, ensure you’re in your user’s home directory: @@ -92,7 +92,7 @@ yum install -y openfire-4.7.2-1.noarch.rpm ### Create Database -Performance is best when working from a SQL database. If you installed MySQL or MariaDB alongside your auth project, go ahead and create a database for Openfire: +Performance is best when working from an SQL database. If you installed MySQL or MariaDB alongside your auth project, go ahead and create a database for Openfire: ```shell mysql -u root -p @@ -128,11 +128,11 @@ Create an administrator account. The actual name is irrelevant, just don’t los Finally, log in to the console with your admin account. -Edit your auth project's settings file and enter the values you just set: +Edit your auth project's settings file and enter the values you set: -- `JABBER_URL` is the pubic address of your jabber server +- `JABBER_URL` is the public address of your jabber server - `JABBER_PORT` is the port for clients to connect to (usually 5223) -- `JABBER_SERVER` is the name of the jabber server. If you didn't alter it during install it'll usually be your domain (eg `example.com`) +- `JABBER_SERVER` is the name of the jabber server. If you didn't alter it during the installation, it'll usually be your domain (eg `example.com`) - `OPENFIRE_ADDRESS` is the web address of Openfire's web interface. Use http:// with port 9090 or https:// with port 9091 if you configure SSL in Openfire ### REST API Setup diff --git a/docs/features/services/permissions.md b/docs/features/services/permissions.md index 2f809e70..8b8c92dd 100644 --- a/docs/features/services/permissions.md +++ b/docs/features/services/permissions.md @@ -4,17 +4,17 @@ In the past, access to services was dictated by a list of settings in `settings. ## Permissions based access -Instead of granting access to services by the previous rigid structure, access to services is now granted by the built in Django permissions system. This means that service access can be more granular, allowing only certain states, certain groups, for instance Corp CEOs, or even individual user access to each enabled service. +Instead of granting access to services by the previous rigid structure, access to services is now granted by the built-in Django permissions system. This means that service access can be more granular, allowing only certain states, certain groups, for instance, Corp CEOs, or even individual user access to each enabled service. :::{important} -If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member. +If you grant access to an individual user, they will have access to that service regardless of whether they are a member. ::: Each service has an access permission defined, named like `Can access the service`. -To mimick the old behaviour of enabling services for all members, you would select the `Member` group from the admin panel, add the required service permission to the group and save. Likewise for Blues, select the `Blue` group and add the required permission. +To mimic the old behaviour of enabling services for all members, you would select the `Member` group from the admin panel, add the required service permission to the group and save. Likewise for Blues, select the `Blue` group and add the required permission. -A user can be granted the same permission from multiple sources. e.g. they may have it granted by several groups and directly granted on their account as well. Auth will not remove their account until all instances of the permission for that service have been revoked. +A user can be granted the same permission from multiple sources. e.g., they may have it granted by several groups and directly granted on their account as well. Auth will not remove their account until all instances of the permission for that service have been revoked. ## Removing access @@ -22,10 +22,10 @@ A user can be granted the same permission from multiple sources. e.g. they may h Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service. ::: -When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group. +When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users, this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group. -If a user no longer has permission to access the service when this permissions check is triggered, that service will be immediately disabled for them. +If a user no longer has permission to access the service when this permission check is triggered, that service will be immediately disabled for them. ### Disabling user accounts -When you unset a user as active in the admin panel, all of that users service accounts will be immediately disabled or removed. This is due to the built in behaviour of the Django permissions system, which will return False for all permissions if a users account is disabled, regardless of their actual permissions state. +When you unset a user as active in the admin panel, all of that user's service accounts will be immediately disabled or removed. This is due to the built-in behaviour of the Django permissions system, which will return False for all permissions if a user's account is disabled, regardless of their actual permissions state. diff --git a/docs/features/services/phpbb3.md b/docs/features/services/phpbb3.md index aea7e2f5..4513d202 100644 --- a/docs/features/services/phpbb3.md +++ b/docs/features/services/phpbb3.md @@ -67,7 +67,7 @@ Now we need to move this to our web directory. Usually `/var/www/forums`. mv phpBB3 /var/www/forums ``` -The web server needs read/write permission to this folder +The web server needs read/write permissions to this folder Apache: `chown -R www-data:www-data /var/www/forums` Nginx: `chown -R nginx:nginx /var/www/forums` @@ -80,7 +80,7 @@ Nginx: `chown -R nginx:nginx /var/www/forums` ### Configuring Web Server -You will need to configure you web server to serve PHPBB3 before proceeding with installation. +You will need to configure your web server to serve PHPBB3 before proceeding with installation. A minimal Apache config file might look like: @@ -128,7 +128,7 @@ Enter your forum's web address as the `PHPBB3_URL` setting in your auth project' ### Web Install -Navigate to your forums web address where you will be presented with an installer. +Navigate to your forum web address where you will be presented with an installer. Click on the `Install` tab. @@ -155,7 +155,7 @@ phpBB will then write its own config file. ### Open the Forums -Before users can see the forums, we need to remove the install directory +Before users can see the forums, we need to remove the installation directory ```shell rm -rf /var/www/forums/install diff --git a/docs/features/services/smf.md b/docs/features/services/smf.md index 96ce7c42..3a39334e 100644 --- a/docs/features/services/smf.md +++ b/docs/features/services/smf.md @@ -32,7 +32,7 @@ DATABASES['smf'] = { ### Download SMF -Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at . Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser you may have a Copy Link or similar option in your right click menu. +Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at . Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser, you may have a Copy Link or similar option in your right click menu. Download using wget, replacing the URL with the URL for the package you just retrieved @@ -52,13 +52,13 @@ Now we need to move this to our web directory. Usually `/var/www/forums`. mv smf /var/www/forums ``` -The web server needs read/write permission to this folder +The web server needs read/write permissions to this folder Apache: `chown -R www-data:www-data /var/www/forums` Nginx: `chown -R nginx:nginx /var/www/forums` :::{tip} -Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions try it instead. +Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions, try it instead. ::: ### Database Preparation @@ -117,7 +117,7 @@ Enter the web address to your forums into the `SMF_URL` setting in your auth pro ### Web Install -Navigate to your forums address where you will be presented with an installer. +Navigate to your forum address where you will be presented with an installer. Click on the `Install` tab. diff --git a/docs/features/services/teamspeak3.md b/docs/features/services/teamspeak3.md index 559301bc..8f2baee0 100644 --- a/docs/features/services/teamspeak3.md +++ b/docs/features/services/teamspeak3.md @@ -34,7 +34,7 @@ CELERYBEAT_SCHEDULE['run_ts3_group_update'] = { ### Download Installer -To install we need a copy of the server. You can find the latest version from the [TeamSpeak site](https://www.teamspeak.com/downloads#)). Be sure to get a link to the Linux version. +To install, we need a copy of the server. You can find the latest version on the [TeamSpeak website](https://www.teamspeak.com/downloads#). Be sure to get a link to the Linux version. Download the server, replacing the link with the link you got earlier. @@ -75,7 +75,7 @@ ln -s /usr/local/teamspeak/ts3server_startscript.sh /etc/init.d/teamspeak update-rc.d teamspeak defaults ``` -Finally we start the server. +Finally, we start the server. ```shell service teamspeak start @@ -109,7 +109,7 @@ Click the URL provided to automatically connect to our server. It will prompt yo ### Groups -Now we need to make groups. AllianceAuth handles groups in teamspeak differently: instead of creating groups it creates an association between groups in TeamSpeak and groups in AllianceAuth. Go ahead and make the groups you want to associate with auth groups, keeping in mind multiple TeamSpeak groups can be associated with a single auth group. +Now we need to make groups. AllianceAuth handles groups in teamspeak differently: instead of creating groups, it creates an association between groups in TeamSpeak and groups in AllianceAuth. Go ahead and make the groups you want to associate with auth groups, keeping in mind multiple TeamSpeak groups can be associated with a single auth group. Navigate back to the AllianceAuth admin interface (example.com/admin) and under `Teamspeak3`, select `Auth / TS Groups`. @@ -127,7 +127,7 @@ To enable advanced permissions, on your client go to the `Tools` menu, `Applicat ### TS group models not populating on admin site -The method which populates these runs every 30 minutes. To populate manually you start the process from the admin site or from the Django shell. +The method which populates these runs every 30 minutes. To populate manually, you start the process from the admin site or from the Django shell. #### Admin Site @@ -156,7 +156,7 @@ Ensure that command does not return an error. This usually occurs because auth is trying to remove a user from the `Guest` group (group ID 8). The guest group is only assigned to a user when they have no other groups, unless you have changed the default teamspeak server config. -Teamspeak servers v3.0.13 and up are especially susceptible to this. Ensure the Channel Admin Group is not set to `Guest (8)`. Check by right clicking on the server name, `Edit virtual server`, and in the middle of the panel select the `Misc` tab. +Teamspeak servers v3.0.13 and up are especially susceptible to this. Ensure the Channel Admin Group is not set to `Guest (8)`. Check by right-clicking on the server name, `Edit virtual server`, and in the middle of the panel select the `Misc` tab. ### `TypeError: string indices must be integers, not str` @@ -174,7 +174,7 @@ The serverquery account login specified in local.py is incorrect. Please verify ### `2568 insufficient client permissions` -This usually occurs if you've created a separate serverquery user to use with auth. It has not been assigned sufficient permissions to complete all the tasks required of it. The full list of required permissions is not known, so assign liberally. +This usually occurs if you've created a separate serverquery user to use with auth. It has not been assigned sufficient permissions to complete all the tasks required of it. The full list of required permissions is not known, so assign them liberally. ## Permissions diff --git a/docs/features/services/xenforo.md b/docs/features/services/xenforo.md index 0412e2c2..c83d0475 100644 --- a/docs/features/services/xenforo.md +++ b/docs/features/services/xenforo.md @@ -2,7 +2,7 @@ ## Overview -[XenForo](https://xenforo.com/) is a popular paid forum. This guide will assume that you already have XenForo installed with a valid license (please keep in mind that XenForo is not free nor open-source, therefore you need to purchase a license first). If you come across any problems related with the installation of XenForo please contact their support service. +[XenForo](https://xenforo.com/) is a popular, paid forum. This guide will assume that you already have XenForo installed with a valid license (please keep in mind that XenForo is not free nor open-source, therefore, you need to purchase a license first). If you come across any problems related with the installation of XenForo please contact their support service. ## Prepare Your Settings @@ -20,12 +20,12 @@ XENFORO_APIKEY = 'yourapikey' ## XenAPI -By default XenForo does not support any kind of API, however there is a third-party package called [XenAPI](https://github.com/Contex/XenAPI) which provides a simple REST interface by which we can access XenForo's functions in order to create and edit users. +By default, XenForo does not support any kind of API, however, there is a third-party package called [XenAPI](https://github.com/Contex/XenAPI) which provides a simple REST interface by which we can access XenForo's functions to create and edit users. The installation of XenAPI is pretty straight forward. The only thing you need to do is to download the `api.php` from the official repository and upload it in the root folder of your XenForo installation. The final result should look like this: *forumswebsite.com/***api.php** -Now that XenAPI is installed the only thing left to do is to provide a key. +Now that XenAPI is installed, the only thing left to do is to provide a key. ```php $restAPI = new RestAPI('REPLACE_THIS_WITH_AN_API_KEY'); @@ -37,7 +37,7 @@ The settings you created earlier now need to be filled out. `XENFORO_ENDPOINT` is the address to the API you added. No leading `http://`, but be sure to include the `/api.php` at the end. -`XENFORO_DEFAULT_GROUP` is the ID of the group in XenForo auth users will be added to. Unfortunately XenAPI **cannot create new groups**, therefore you have to create a group manually and then get its ID. +`XENFORO_DEFAULT_GROUP` is the ID of the group in XenForo auth users will be added to. Unfortunately, XenAPI **cannot create new groups**, therefore, you have to create a group manually and then get its ID. `XENFORO_API_KEY` is the API key value you set earlier. diff --git a/docs/installation-containerized/index.md b/docs/installation-containerized/index.md index 2b702a99..326b6162 100644 --- a/docs/installation-containerized/index.md +++ b/docs/installation-containerized/index.md @@ -4,14 +4,11 @@ This document describes how to install **Alliance Auth** using various Container If you would like to install on Bare Metal instead see :doc:`/installation/index` instead -```eval_rst -.. note:: - There are additional installation steps for activating services and apps that come with **Alliance Auth**. Please see the page for the respective service or apps in chapter :doc:`/features/index` for details. -``` +:::{note} +There are additional installation steps for activating services and apps that come with **Alliance Auth**. Please see the page for the respective service or apps in chapter :doc:`/features/index` for details. +::: -```eval_rst -.. toctree:: - :maxdepth: 1 - - docker -``` +:::{toctree} +:maxdepth: 1 +docker +::: diff --git a/docs/installation/allianceauth.md b/docs/installation/allianceauth.md index 785cce6d..9ebae33b 100644 --- a/docs/installation/allianceauth.md +++ b/docs/installation/allianceauth.md @@ -24,7 +24,7 @@ To install on your favorite flavour of Linux, identify and install equivalent pa ### OS Maintenance -It is recommended to ensure your OS is fully up to date before proceeding. We may also add Package Repositories here, used later in the documentation. +It is recommended to ensure your OS is fully up-to-date before proceeding. We may also add Package Repositories here, used later in the documentation. ::::{tabs} :::{group-tab} Ubuntu 2004, 2204 @@ -281,7 +281,7 @@ For security and permissions, it’s highly recommended you create a separate us :::{group-tab} Ubuntu 2004, 2204 ```shell -sudo useradd -s /bin/bash allianceserver +sudo adduser --disabled-login allianceserver ``` ::: @@ -319,7 +319,7 @@ sudo chown -R allianceserver:allianceserver /var/www/myauth/static/ ``` :::{warning} -When installing and performing maintenance on Alliance Auth, virtual environments and python packages, _sudo_ means _superuser_ _do_, this will not use your venv or your allianceserver user and will routinely break your permission structure. +When installing and performing maintenance on Alliance Auth, virtual environments and python packages, _sudo_ means _superuser_ _do_, this will not use your venv or your allianceserver user and will routinely break your permission structure. Only use sudo for _system_ management or if you are unsure, when explicitly instructed to do so. @@ -337,7 +337,7 @@ Switch to the allianceserver user. sudo su allianceserver ``` -And switch to it's home directory: +And switch to its home directory: ```shell cd ~ @@ -371,14 +371,14 @@ Each time you come to do maintenance on your Alliance Auth installation, you sho You need to have a dedicated Eve SSO app for Alliance auth. Please go to [EVE Developer](https://developers.eveonline.com/applications) to create one. -For **scopes** your SSO app needs to have at least `publicData`. Additional scopes depends on which Alliance Auth apps you will be using. For convenience, we recommend adding all available ESO scopes to your SSO app. Note that Alliance Auth will always ask the users to approve specific scopes before they are used. +For **scopes** your SSO app needs to have at least `publicData`. Additional scopes depend on which Alliance Auth apps you will be using. For convenience, we recommend adding all available ESO scopes to your SSO app. Note that Alliance Auth will always ask the users to approve specific scopes before they are used. As **callback URL** you want to define the URL of your Alliance Auth site plus the route: `/sso/callback`. Example for a valid callback URL: `https://auth.example.com/sso/callback` ### Alliance Auth Project :::{warning} -Before installing any Python packages please double-check that you have activated in the virtual environment. This is usually indicated by your command line in the terminal starting with: `(auth)`. +Before installing any Python packages, please double-check that you have activated in the virtual environment. This is usually indicated by your command line in the terminal starting with: `(auth)`. ::: #### Install Python packages @@ -395,7 +395,7 @@ You can install **Alliance Auth** with the following command. This will install pip install allianceauth superlance gunicorn ``` -#### Create Alliance Auth project +#### Create the Alliance Auth project Now you need to create the Django project that will run **Alliance Auth**. Ensure you are in the allianceserver home directory by issuing: @@ -427,7 +427,7 @@ nano myauth/myauth/settings/local.py #### Install database & static files -Django needs to setup the database before it can start. +Django needs to set up the database before it can start. ```shell python /home/allianceserver/myauth/manage.py migrate @@ -462,9 +462,9 @@ Before using your auth site, it is essential to create a superuser account. This python /home/allianceserver/myauth/manage.py createsuperuser ``` -Once your install is complete, the superuser account is accessed by logging in via the admin site at `https://example.com/admin`. +Once your installation is complete, the superuser account is accessed by logging in via the admin site at `https://example.com/admin`. -If you intend to use this account as your personal auth account you need to add a main character. Navigate to the normal user dashboard (at `https://example.com`) after logging in via the admin site and select `Change Main`. Once a main character has been added, it is possible to use SSO to login to this account. +If you intend to use this account as your personal auth account, you need to add a main character. Navigate to the normal user dashboard (at `https://example.com`) after logging in via the admin site and select `Change Main`. Once a main character has been added, it is possible to use SSO to log in to this account. ## Services @@ -472,7 +472,9 @@ Alliance Auth needs some additional services to run, which we will set up and co ### Gunicorn -To run the **Alliance Auth** website a [WSGI Server](https://www.fullstackpython.com/wsgi-servers.html) is required. For this [Gunicorn](http://gunicorn.org/) is highly recommended for its ease of configuring. It can be manually run from within your `myauth` base directory with `gunicorn --bind 0.0.0.0 myauth.wsgi` or automatically run using Supervisor. +To run the **Alliance Auth** website, a [WSGI Server](https://www.fullstackpython.com/wsgi-servers.html) is required. For this [Gunicorn](http://gunicorn.org/) is highly recommended for its ease of configuring. It can be manually run from within your `myauth` base directory with `gunicorn --bind 0.0.0.0 myauth.wsgi` or automatically run using Supervisor. + +If you don't see any errors, this means that Gunicorn is running fine. You can stop it with `Ctrl+C` now. The default configuration is good enough for most installations. Additional information is available in the [gunicorn](gunicorn.md) doc. @@ -583,7 +585,7 @@ Activate it with `sudo supervisorctl reload`. You can check the status of the processes with `sudo supervisorctl status`. Logs from these processes are available in `/home/allianceserver/myauth/log` named by process. :::{note} -Any time the code or your settings change you'll need to restart Gunicorn and Celery. :: +Any time the code or your settings change, you'll need to restart Gunicorn and Celery. :: ```shell sudo supervisorctl restart myauth: @@ -595,13 +597,13 @@ sudo supervisorctl restart myauth: Once installed, decide on whether you're going to use [NGINX](nginx.md) or [Apache](apache.md) and follow the respective guide. -Note that Alliance Auth is designed to run with web servers on HTTPS. While running on HTTP is technically possible, it is not recommended for production use, and some functions (e.g. Email confirmation links) will not work properly. +Note that Alliance Auth is designed to run with web servers on HTTPS. While running on HTTP is technically possible, it is not recommended for production use, and some functions (e.g., Email confirmation links) will not work properly. ## Updating Periodically [new releases](https://gitlab.com/allianceauth/allianceauth/tags) are issued with bug fixes and new features. Be sure to read the [release notes](https://gitlab.com/allianceauth/allianceauth/-/releases) which will highlight changes. -To update your install, swap to your allianceserver user +To update your installation, swap to your allianceserver user ```shell sudo su allianceserver @@ -631,7 +633,7 @@ Some releases come with new or changed models. Update your database to reflect t python /home/allianceserver/myauth/manage.py migrate ``` -Finally, some releases come with new or changed static files. Run the following command to update your static files folder: +Finally, some releases come with new or changed static files. Run the following command to update your static files' folder: ```shell python /home/allianceserver/myauth/manage.py collectstatic --noinput diff --git a/docs/installation/apache.md b/docs/installation/apache.md index 1c173329..4380b4c8 100644 --- a/docs/installation/apache.md +++ b/docs/installation/apache.md @@ -2,7 +2,7 @@ ## Overview -Alliance Auth gets served using a Web Server Gateway Interface (WSGI) script. This script passes web requests to Alliance Auth which generates the content to be displayed and returns it. This means very little has to be configured in Apache to host Alliance Auth. +Alliance Auth gets served using a Web Server Gateway Interface (WSGI) script. This script passes web requests to Alliance Auth, which generates the content to be displayed and returns it. This means very little has to be configured in Apache to host Alliance Auth. If you're using a small VPS to host services with very limited memory, consider using [NGINX](nginx.md). @@ -78,7 +78,7 @@ chown -R apache:apache /var/www/myauth/static Apache serves sites through defined virtual hosts. These are located in `/etc/apache2/sites-available/` on Ubuntu and `/etc/httpd/conf.d/httpd.conf` on CentOS. -A virtual host for auth need only proxy requests to your WSGI server (Gunicorn if you followed the install guide) and serve static files. Examples can be found below. Create your config in its own file e.g. `myauth.conf` +A virtual host for auth needs only proxy requests to your WSGI server (Gunicorn if you followed the installation guide) and serve static files. Examples can be found below. Create your config in its own file e.g. `myauth.conf` ::::{tabs} :::{group-tab} Ubuntu 2004, 2204 @@ -152,7 +152,7 @@ a2dissite 000-default.conf It's 2018 - there's no reason to run a site without SSL. The EFF provides free, renewable SSL certificates with an automated installer. Visit their [website](https://certbot.eff.org/) for information. -After acquiring SSL the config file needs to be adjusted. Add the following lines inside the `` block: +After acquiring SSL, the config file needs to be adjusted. Add the following lines inside the `` block: ```ini RequestHeader set X-FORWARDED-PROTOCOL https @@ -163,7 +163,7 @@ After acquiring SSL the config file needs to be adjusted. Add the following line #### Apache2 vs. Django -For some versions of Apache2 you might have to tell the Django framework explicitly +For some versions of Apache2, you might have to tell the Django framework explicitly to use SSL, since the automatic detection doesn't work. SSL in general will work, but internally created URLs by Django might still be prefixed with just `http://` instead of `https://`, so it can't hurt to add these lines to diff --git a/docs/installation/gunicorn.md b/docs/installation/gunicorn.md index 524d3bf7..ec911f2b 100644 --- a/docs/installation/gunicorn.md +++ b/docs/installation/gunicorn.md @@ -2,12 +2,12 @@ [Gunicorn](http://gunicorn.org) is a Python WSGI HTTP Server for UNIX. The Gunicorn server is light on server resources, and fairly speedy. -If you find Apache's `mod_wsgi` to be a headache or want to use NGINX (or some other webserver), then Gunicorn could be for you. There are a number of other WSGI server options out there and this documentation should be enough for you to piece together how to get them working with your environment. +If you find Apache's `mod_wsgi` to be a headache or want to use NGINX (or some other webserver), then Gunicorn could be for you. There are a number of other WSGI server options out there, and this documentation should be enough for you to piece together how to get them working with your environment. Check out the full [Gunicorn docs](http://docs.gunicorn.org/en/latest/index.html). :::{note} -The page contains additional steps on how to setup and configure Gunicorn that are not required for users who decide to stick with the default Gunicorn configuration as described in the main installation guide for AA. +The page contains additional steps on how to set up and configure Gunicorn that are not required for users who decide to stick with the default Gunicorn configuration as described in the main installation guide for AA. ::: ## Setting up Gunicorn @@ -30,7 +30,7 @@ Once you validate its running, you can kill the process with Ctrl+C and continue ## Running Gunicorn with Supervisor -If you are following this guide, we already use [Supervisor](allianceauth.md#supervisor) to keep all of Alliance Auth components running. You don't _have to_ but we will be using it to start and run Gunicorn for consistency. +If you are following this guide, we already use [Supervisor](allianceauth.md#supervisor) to keep all of Alliance Auth's components running. You don't _have to_, but we will be using it to start and run Gunicorn for consistency. ### Sample Supervisor config @@ -51,7 +51,7 @@ stopsignal=INT - `[program:gunicorn]` - Change `gunicorn` to whatever you wish to call your process in Supervisor. - `user = allianceserver` - Change to whatever user you wish Gunicorn to run as. You could even set this as allianceserver if you wished. I'll leave the question security of that up to you. - `directory=/home/allianceserver/myauth/` - Needs to be the path to your Alliance Auth project. -- `command=/home/allianceserver/venv/auth/bin/gunicorn myauth.wsgi --workers=3 --timeout 120` - Running Gunicorn and the options to launch with. This is where you have some decisions to make, we'll continue below. +- `command=/home/allianceserver/venv/auth/bin/gunicorn myauth.wsgi --workers=3 --timeout 120` - Running Gunicorn and the options to launch with. This is where you have some decisions to make. We'll continue below. #### Gunicorn Arguments @@ -59,7 +59,7 @@ See the [Commonly Used Arguments](http://docs.gunicorn.org/en/latest/run.html#co ##### Where to bind Gunicorn to -What address are you going to use to reference it? By default, without a bind parameter, Gunicorn will bind to `127.0.0.1:8000`. This might be fine for your application. If it clashes with another application running on that port you will need to change it. I would suggest using UNIX sockets too, if you can. +What address are you going to use to reference it? By default, without a bind parameter, Gunicorn will bind to `127.0.0.1:8000`. This might be fine for your application. If it clashes with another application running on that port, you will need to change it. I would suggest using UNIX sockets too if you can. For UNIX sockets add `--bind=unix:/run/allianceauth.sock` (or to a path you wish to use). Remember that your web server will need to be able to access this socket file. @@ -69,13 +69,13 @@ Whatever you decide to use, remember it because we'll need it when configuring y ##### Number of workers -By default Gunicorn will spawn only one worker. The number you set this to will depend on your own server environment, how many visitors you have etc. Gunicorn suggests `(2 x $num_cores) + 1` for the number of workers. So for example if you have 2 cores you want 2 x 2 + 1 = 5 workers. See [here](https://docs.gunicorn.org/en/stable/design.html#how-many-workers) for the official discussion on this topic. +By default, Gunicorn will spawn only one worker. The number you set this to will depend on your own server environment, how many visitors you have etc. Gunicorn suggests `(2 x $num_cores) + 1` for the number of workers. So, for example, if you have 2 cores, you want 2 x 2 + 1 = 5 workers. See [here](https://docs.gunicorn.org/en/stable/design.html#how-many-workers) for the official discussion on this topic. Change it by adding `--workers=5` to the command. ##### Running with a virtual environment -Following this guide, you are running with a virtual environment. Therefore you'll need to add the path to the `command=` config line. +Following this guide, you are running with a virtual environment. Therefore, you'll need to add the path to the `command=` config line. e.g. `command=/path/to/venv/bin/gunicorn myauth.wsgi` @@ -91,11 +91,11 @@ Once you have your configuration all sorted, you will need to reload your superv ## Configuring your webserver -Any web server capable of proxy passing should be able to sit in front of Gunicorn. Consult their documentation armed with your `--bind=` address and you should be able to find how to do it relatively easy. +Any web server capable of proxy passing should be able to sit in front of Gunicorn. Consult their documentation armed with your `--bind=` address, and you should be able to find how to do it relatively easily. ## Restarting Gunicorn -In the past when you made changes you restarted the entire Apache server. This is no longer required. When you update or make configuration changes that ask you to restart Apache, instead you can just restart Gunicorn: +In the past, when you made changes, you restarted the entire Apache server. This is no longer required. When you update or make configuration changes that ask you to restart Apache, instead you can just restart Gunicorn: ```shell supervisorctl restart myauth:gunicorn diff --git a/docs/installation/index.md b/docs/installation/index.md index 9c277597..18753d54 100644 --- a/docs/installation/index.md +++ b/docs/installation/index.md @@ -2,7 +2,7 @@ This chapter contains the main installation guides for **Alliance Auth**. -In addition to main guide for installation Alliance Auth you also find guides for configuring web servers (Apache, NGINX) and the recommended WSGI server (Gunicorn). +In addition to the main guide for installation Alliance Auth, you also find guides for configuring web servers (Apache, NGINX) and the recommended WSGI server (Gunicorn). :::{toctree} :maxdepth: 1 diff --git a/docs/installation/nginx.md b/docs/installation/nginx.md index 2c5a52b4..ed8136e2 100644 --- a/docs/installation/nginx.md +++ b/docs/installation/nginx.md @@ -2,9 +2,9 @@ ## Overview -Nginx (engine x) is a HTTP server known for its high performance, stability, simple configuration, and low resource consumption. Unlike traditional servers (i.e. Apache), Nginx doesn't rely on threads to serve requests, rather using an asynchronous event driven approach which permits predictable resource usage and performance under load. +Nginx (engine x) is an HTTP server known for its high performance, stability, simple configuration, and low-resource consumption. Unlike traditional servers (i.e., Apache), Nginx doesn't rely on threads to serve requests, rather using an asynchronous event-driven approach which permits predictable resource usage and performance under load. -If you're trying to cram Alliance Auth into a very small VPS of say, 1-2GB or less, then Nginx will be considerably friendlier to your resources compared to Apache. +If you're trying to cram Alliance Auth into a very small VPS of say, 1 to 2GB or less, then Nginx will be considerably friendlier to your resources compared to Apache. You can read more about NGINX on the [NGINX wiki](https://www.nginx.com/resources/wiki/). @@ -12,7 +12,7 @@ You can read more about NGINX on the [NGINX wiki](https://www.nginx.com/resource If you're converting from Apache, here are some things to consider. -Nginx is lightweight for a reason. It doesn't try to do everything internally and instead concentrates on just being a good HTTP server. This means that, unlike Apache, it won't automatically run PHP scripts via mod_php and doesn't have an internal WSGI server like mod_wsgi. That doesn't mean that it can't, just that it relies on external processes to run these instead. This might be good or bad depending on your outlook. It's good because it allows you to segment your applications, restarting Alliance Auth wont impact your PHP applications. On the other hand it means more config and more management of services. For some people it will be worth it, for others losing the centralised nature of Apache may not be worth it. +Nginx is lightweight for a reason. It doesn't try to do everything internally and instead concentrates on just being a good HTTP server. This means that, unlike Apache, it won't automatically run PHP scripts via mod_php and doesn't have an internal WSGI server like mod_wsgi. That doesn't mean that it can't, just that it relies on external processes to run these instead. This might be good or bad depending on your outlook. It's good because it allows you to segment your applications, restarting Alliance Auth won't impact your PHP applications. On the other hand, it means more config and more management of services. For some people it will be worth it, for others losing the centralised nature of Apache may not be worth it. ```{eval-rst} +-----------+----------------------------------------+ @@ -28,12 +28,12 @@ Your .htaccess files won't work. Nginx has a separate way of managing access to ## Setting up Nginx -Install Nginx via your preferred package manager or other method. If you need help just search, there are plenty of guides on installing Nginx out there. +Install Nginx via your preferred package manager or other method. If you need help, search, there are plenty of guides on installing Nginx out there. Nginx needs to be able to read the folder containing your auth project's static files. `chown -R nginx:nginx /var/www/myauth/static`. :::{tip} -Some specific distros may use ``www-data:www-data`` instead of ``nginx:nginx``, causing static files (images, stylesheets etc) not to appear. You can confirm what user Nginx will run under by checking either its base config file ``/etc/nginx/nginx.conf`` for the "user" setting, or once Nginx has started ``ps aux | grep nginx``. +Some specific distros may use ``www-data:www-data`` instead of ``nginx:nginx``, causing static files (images, stylesheets etc.) not to appear. You can confirm what user Nginx will run under by checking either its base config file ``/etc/nginx/nginx.conf`` for the "user" setting, or once Nginx has started ``ps aux | grep nginx``. Adjust your chown commands to the correct user if needed. ::: diff --git a/docs/installation/switch_to_non_root.md b/docs/installation/switch_to_non_root.md index 1e04bcb5..085b8772 100644 --- a/docs/installation/switch_to_non_root.md +++ b/docs/installation/switch_to_non_root.md @@ -1,12 +1,12 @@ # Switch to non-root -If you followed the official installation guide for Alliance Auth (AA) pre AA 3.x you usually ended up with a "root installation". A root installation means that you have installed AA with the root user and now need to log in as root every time to perform maintenance for AA, e.g. updating existing apps. +If you followed the official installation guide for Alliance Auth (AA) pre AA 3.x you usually ended up with a "root installation". A root installation means that you have installed AA with the root user and now need to log in as root every time to perform maintenance for AA, e.g., updating existing apps. Since working as root is [generally not recommended](https://askubuntu.com/questions/16178/why-is-it-bad-to-log-in-as-root), this guide explains how you can easily migrate your existing "root installation" to a "non-root installation". ## How to switch to non-root -We will change the setup so that you can use your `allianceserver` user to perform most maintenance operations. In addition, you also need a sudo user for invoking root privileges, e.g. when restarting the AA services. +We will change the setup so that you can use your `allianceserver` user to perform most maintenance operations. In addition, you also need a sudo user for invoking root privileges, e.g., when restarting the AA services. The migration itself is rather straightforward. The main idea is to change ownership for all relevant directories and files to `allianceserver`. diff --git a/docs/installation/upgrade_python.md b/docs/installation/upgrade_python.md index 03ce224d..8bbff7ab 100644 --- a/docs/installation/upgrade_python.md +++ b/docs/installation/upgrade_python.md @@ -2,7 +2,7 @@ This guide describes how to upgrade an existing Alliance Auth (AA) installation to a newer Python 3 version. -This guide shares many similarities with the Alliance Auth install guide, but it is targeted towards existing installs needing to update. +This guide shares many similarities with the Alliance Auth install guide, but it is targeted towards existing installations needing to update. :::{note} This guide will upgrade the software components only but not change any data or configuration. @@ -10,7 +10,7 @@ This guide will upgrade the software components only but not change any data or ## Install a new Python version -To run AA with a newer Python 3 version than your system's default you need to install it first. Technically it would be possible to upgrade your system's default Python 3, but since many of your system's tools have been tested to work with that specific version we would not recommend it. Instead we recommend to install an additional Python 3 version alongside your default version and use that for AA. +To run AA with a newer Python 3 version than your system's default, you need to install it first. Technically, it would be possible to upgrade your system's default Python 3, but since many of your system's tools have been tested to work with that specific version, we would not recommend it. Instead, we recommend installing an additional Python 3 version alongside your default version and using that for AA. To install other Python versions than those included with your distribution, you need to add a new installation repository. Then you can install the specific Python 3 to your system. @@ -20,7 +20,7 @@ Ubuntu 2204 ships with Python 3.10 already Centos Stream 8/9: :::{note} -A Python 3.9 Package is available for Stream 8 and 9. You _may_ use this instead of building your own package. But our documentation will assume Python3.11 and you may need to substitute as neccessary +A Python 3.9 Package is available for Stream 8 and 9. You _may_ use this instead of building your own package. But our documentation will assume Python3.11, and you may need to substitute as necessary sudo dnf install python39 python39-devel ::: @@ -77,12 +77,12 @@ sudo make altinstall ## Preparing your venv -Before updating your venv it is important to make sure that your current installation is stable. Otherwise your new venv might not be consistent with your data, which might create problems. +Before updating your venv, it is important to make sure that your current installation is stable. Otherwise, your new venv might not be consistent with your data, which might create problems. -Start by navigating to your main project folder (the one that has `manage.py` in it). If you followed the default installation the path is: `/home/allianceserver/myauth` +Start by navigating to your main project folder (the one that has `manage.py` in it). If you followed the default installation, the path is: `/home/allianceserver/myauth` :::{note} -If you installed Alliance Auth under the allianceserver user, as reccommended. Remember to switch users for easier permission management:: +If you installed Alliance Auth under the allianceserver user, as recommended. Remember to switch users for easier permission management:: ::: ```bash @@ -121,9 +121,9 @@ supervisorctl restart myauth: ### Upgrade your apps -You also need to upgrade all additional apps to their newest version that you have installed. And you need to make sure that you can reinstall all your apps later, e.g. you know from which repo they came. We recommend to make a list of all your apps, so you can just go through them later when you rebuild your venv. +You also need to upgrade all additional apps to their newest version that you have installed. And you need to make sure that you can reinstall all your apps later, e.g., you know from which repo they came. We recommend making a list of all your apps, so you can go through them later when you rebuild your venv. -If you unsure which apps you have installed from repos check `INSTALLED_APPS` in your settings. Alternatively run this command to get a list all apps in your venv. +If you unsure which apps you have installed from repos check `INSTALLED_APPS` in your settings. Alternatively, run this command to get a list of all apps in your venv. ```shell pip list @@ -149,13 +149,13 @@ python manage.py collectstatic Do a final restart of your AA supervisors and make sure your installation is still running normally. -For a final check that they are no issues - e.g. any outstanding migrations - run this command: +For a final check that there are no issues - e.g., any outstanding migrations - run this command: ```shell python manage.py check ``` -If you get the following result you are good to go. Otherwise make sure to fix any issues first before proceeding. +If you get the following result, you are good to go. Otherwise, make sure to fix any issues first before proceeding. ```shell System check identified no issues (0 silenced). @@ -165,22 +165,22 @@ System check identified no issues (0 silenced). Make sure you are in your venv! -First we create a list of all installed packages in your venv. You can use this list later as reference to see what packages should be installed. +First, we create a list of all installed packages in your venv. You can use this list later as a reference to see what packages should be installed. ```shell pip freeze > requirements.txt ``` -At this point we recommend creating a list of the additional packages that you need to manually reinstall later on top of AA: +At this point, we recommend creating a list of the additional packages that you need to manually reinstall later on top of AA: - Community AA apps (e.g. aa-structures) -- Additional tools you are using (e.g. flower, django-extensions) +- Additional tools you are using (e.g., flower, django-extensions) :::{hint} -While `requirements.txt` will contain a complete list of your packages, it will also contain many packages that are automatically installed as dependencies and don't need be manually reinstalled. +While `requirements.txt` will contain a complete list of your packages, it will also contain many packages that are automatically installed as dependencies and don't need to be manually reinstalled. ::: :::{note} -Some guide on the Internet will suggest to use use the requirements.txt file to recreate a venv. This is indeed possible, but only works if all packages can be installed from PyPI. Since most community apps are installed directly from repos this guide will not follow that approach. +Some guides on the Internet will suggest using the `requirements.txt` file to recreate a venv. This is indeed possible, but only works if all packages can be installed from PyPI. Since most community apps are installed directly from repos, this guide will not follow that approach. ::: Leave the venv and shutdown all AA services: @@ -193,7 +193,7 @@ deactivate supervisorctl stop myauth: ``` -Rename and keep your old venv so we have a fallback in case of some unforeseeable issues: +Rename and keep your old venv, so we have a fallback in case of some unforeseeable issues: ```shell mv /home/allianceserver/venv/auth /home/allianceserver/venv/auth_old @@ -233,37 +233,37 @@ pip install gunicorn ### Install all other packages -Last, but not least you need to reinstall all other packages, e.g. for AA community apps or additional tools. +Last, but not least, you need to reinstall all other packages, e.g., for AA community apps or additional tools. Use the list of packages you created earlier as a checklist. Alternatively you use the `requirements.txt` file we created earlier to see what you need. During the installation process you can run `pip list` to see what you already got installed. -To check whether you are missing any apps you can also run the check command: +To check whether you are missing any apps, you can also run the check command: ```shell python manage.py check ``` -Note: In case you forget to install an app you will get this error +Note: In case you forget to install an app, you will get this error ```shell ModuleNotFoundError: No module named 'xyz' ``` -Note that you should not need to run any migrations unless you forgot to upgrade one of your existing apps or you got the newer version of an app through a dependency. In that case you just migrations normally. +Note that you should not need to run any migrations unless you forgot to upgrade one of your existing apps, or you got the newer version of an app through a dependency. In that case, you run migrations normally. ## Restart -After you have completed installing all packages just start your AA supervisor again. +After you have completed installing all packages, start your AA supervisor again. ```shell supervisorctl start myauth: ``` -We recommend to keep your old venv copy for a couple of days so you have a fallback just in case. After that you should be fine to remove it. +We recommend keeping your old venv copy for a couple of days, so you have a fallback just in case. After that, you should be fine to remove it. ## Fallback -In case you run into any major issue you can always switch back to your initial venv. +In case you run into any major issue, you can always switch back to your initial venv. Before you start double-check that you still have your old venv for auth: @@ -271,7 +271,7 @@ Before you start double-check that you still have your old venv for auth: ls /home/allianceserver/venv/auth /home/allianceserver/venv ``` -If the output shows these two folders you should be safe to proceed: +If the output shows these two folders, you should be safe to proceed: - `auth` - `auth_old` diff --git a/docs/maintenance/apps.md b/docs/maintenance/apps.md index 99f4bc5a..762269e4 100644 --- a/docs/maintenance/apps.md +++ b/docs/maintenance/apps.md @@ -11,7 +11,7 @@ Your auth project is just a regular Django project - you can add in [other Djang ## Removing Apps -The following instructions will explain how you can remove an app properly fom your Alliance Auth installation. +The following instructions will explain how you can remove an app properly from your Alliance Auth installation. :::{note} We recommend following these instructions to avoid dangling foreign keys or orphaned Python packages on your system, which might cause conflicts with other apps down the road. @@ -29,9 +29,9 @@ Let's first try the automatic approach by running the following command: python manage.py migrate appname zero ``` -If that worked you'll get a confirmation message. +If that works, you'll get a confirmation message. -If that did not work and you got error messages, you will need to remove the tables manually. This is pretty common btw, because many apps use sophisticated table setups, which can not be removed automatically by Django. +If that did not work, and you got error messages, you will need to remove the tables manually. This is pretty common btw, because many apps use sophisticated table setups, which cannot be removed automatically by Django. #### Manual table removal @@ -48,7 +48,7 @@ sudo mysql -u root use alliance_auth; ``` -Next disable foreign key check. This makes it much easier to drop tables in any order. +Next, disable foreign key check. This makes it much easier to drop tables in any order. ```shell SET FOREIGN_KEY_CHECKS=0; @@ -77,7 +77,7 @@ exit; ### Step 2 - Remove the app from Alliance Auth -Once the tables have been removed, you you can remove the app from Alliance Auth. This is done by removing the applabel from the `INSTALLED_APPS` list in your local settings file. +Once the tables have been removed, you can remove the app from Alliance Auth. This is done by removing the applabel from the `INSTALLED_APPS` list in your local settings file. ### Step 3 - Remove the Python package @@ -101,4 +101,4 @@ python manage.py remove_stale_contenttypes --include-stale-apps This inbuilt Django command will step through each contenttype and offer to delete it, displaying what exactly this will cascade to delete. Pay attention and ensure you understand exactly what is being removed before answering `yes`. -This should only cleanup uninstalled apps, deprecated permissions within apps should be cleaned up using Data Migrations by each responsible application. +This should only clean up uninstalled apps, deprecated permissions within apps should be cleaned up using Data Migrations by each responsible application. diff --git a/docs/maintenance/index.md b/docs/maintenance/index.md index 1e44b218..c5fe9ee1 100644 --- a/docs/maintenance/index.md +++ b/docs/maintenance/index.md @@ -1,6 +1,6 @@ # Maintenance -In the maintenance chapter you find details about where important log files are found, how you can customize your AA installation and how to solve common issues. +In the maintenance chapter, you find details about where important log files are found, how you can customize your AA installation and how to solve common issues. :::{toctree} :maxdepth: 1 diff --git a/docs/maintenance/project.md b/docs/maintenance/project.md index c28f1058..3a71a04f 100644 --- a/docs/maintenance/project.md +++ b/docs/maintenance/project.md @@ -1,6 +1,6 @@ # Folder structure -When installing Alliance Auth you are instructed to run the `allianceauth start` command which generates a folder containing your auth project. This auth project is based off Alliance Auth but can be customized how you wish. +When installing Alliance Auth, you are instructed to run the `allianceauth start` command which generates a folder containing your auth project. This auth project is based off Alliance Auth but can be customized how you wish. ## The myauth folder @@ -26,9 +26,9 @@ And finally the settings folder. With the settings folder lives two settings files: `base.py` and `local.py` -The base settings file contains everything needed to run Alliance Auth. It handles configuration of Django and Celery, defines logging, and many other Django-required settings. This file should not be edited. While updating Alliance Auth you may be instructed to update the base settings file - this is achieved through the `allianceauth update` command which overwrites the existing base settings file. +The base settings file contains everything needed to run Alliance Auth. It handles configuration of Django and Celery, defines logging, and many other Django-required settings. This file should not be edited. While updating Alliance Auth, you may be instructed to update the base settings file - this is achieved through the `allianceauth update` command which overwrites the existing base settings file. -The local settings file is referred to as "your auth project's settings file" and you are instructed to edit it during the install process. You can add any additional settings required by other apps to this file. Upon creation the first line is `from .base import *` meaning all settings defined in the base settings file are loaded. You can override any base setting by simply redefining it in your local settings file. +The local settings file is referred to as "your auth project's settings file" and you are instructed to edit it during the installation process. You can add any additional settings required by other apps to this file. Upon creation the first line is `from .base import *` meaning all settings defined in the base settings file are loaded. You can override any base setting by simply redefining it in your local settings file. ## Log Files @@ -39,4 +39,4 @@ Your auth project comes with four log file definitions by default. These are cre - `beat.log` contains logging messages from the background task scheduler. This is of limited use unless the scheduler isn't starting. - `gunicorn.log` contains logging messages from Gunicorn workers. This contains all web-sourced messages found in `allianceauth.log` as well as runtime errors from the workers themselves. -When asking for assistance with your auth project be sure to first read the logs, and share any relevant entries. +When asking for assistance with your auth project, be sure to first read the logs, and share any relevant entries. diff --git a/docs/maintenance/troubleshooting.md b/docs/maintenance/troubleshooting.md index 33f1f530..f9ea1ceb 100644 --- a/docs/maintenance/troubleshooting.md +++ b/docs/maintenance/troubleshooting.md @@ -2,13 +2,13 @@ ## Logging -In its default configuration your auth project logs INFO and above messages to myauth/log/allianceauth.log. If you're encountering issues it's a good idea to view DEBUG messages as these greatly assist the troubleshooting process. These are printed to the console with manually starting the webserver via `python manage.py runserver`. +In its default configuration, your auth project logs INFO and higher messages to myauth/log/allianceauth.log. If you're encountering issues, it's a good idea to view DEBUG messages as these greatly assist the troubleshooting process. These are printed to the console with manually starting the webserver via `python manage.py runserver`. -To record DEBUG messages in the log file, alter a setting in your auth project's settings file: `LOGGING['handlers']['log_file']['level'] = 'DEBUG'`. After restarting gunicorn and celery your log file will record all logging messages. +To record DEBUG messages in the log file, alter a setting in your auth project's settings file: `LOGGING['handlers']['log_file']['level'] = 'DEBUG'`. After restarting gunicorn and celery, your log file will record all logging messages. ## Common Problems -### I'm getting an error 500 trying to connect to the website on a new install +### I'm getting error 500 when trying to connect to the website on a new installation *Great.* Error 500 is the generic message given by your web server when *anything* breaks. The actual error message is hidden in one of your auth project's log files. Read them to identify it. @@ -39,7 +39,7 @@ This usually indicates an issue with your email settings. Ensure these are corre ### No images are available to users accessing the website -This is likely due to a permissions mismatch. Check the setup guide for your web server. Additionally ensure the user who owns `/var/www/myauth/static` is the same user as running your webserver, as this can be non-standard. +This is likely due to a permission mismatch. Check the setup guide for your web server. Additionally ensure the user who owns `/var/www/myauth/static` is the same user as running your webserver, as this can be non-standard. ### Unable to execute 'gunicorn myauth.wsgi' or ImportError: No module named 'myauth.wsgi' @@ -55,4 +55,4 @@ Specified key was too long; max key length is 767 bytes This error will occur if one is trying to use Maria DB prior to 10.2.x, which is not compatible with Alliance Auth. -Install a never Maria DB version to fix this issue another DBMS supported by Django 2.2. +Install a newer Maria DB version to fix this issue another DBMS supported by Django 2.2. diff --git a/docs/maintenance/tuning/celery.md b/docs/maintenance/tuning/celery.md index 5e5590f9..bdc44df3 100644 --- a/docs/maintenance/tuning/celery.md +++ b/docs/maintenance/tuning/celery.md @@ -1,7 +1,7 @@ # Celery :::{hint} -Most tunings will require a change to your supervisor configuration in your `supervisor.conf` file. Note that you need to restart the supervisor daemon in order for any changes to take effect. And before restarting the daemon you may want to make sure your supervisors stop gracefully:(Ubuntu): +Most tunings will require a change to your supervisor configuration in your `supervisor.conf` file. Note that you need to restart the supervisor daemon in order for any changes to take effect. And before restarting the daemon, you may want to make sure your supervisors stop gracefully:(Ubuntu): ```bash supervisor stop myauth: @@ -12,7 +12,7 @@ systemctl supervisor restart ## Task Logging -By default task logging is deactivated. Enabling task logging allows you to monitor what tasks are doing in addition to getting all warnings and error messages. To enable info logging for tasks add the following to the command configuration of your worker in the `supervisor.conf` file: +By default, task logging is deactivated. Enabling task logging allows you to monitor what tasks are doing in addition to getting all warnings and error messages. To enable info logging for tasks, add the following to the command configuration of your worker in the `supervisor.conf` file: ```ini -l info @@ -26,7 +26,7 @@ command=/home/allianceserver/venv/auth/bin/celery -A myauth worker -l info ## Protection against memory leaks -Celery workers often have memory leaks and will therefore grow in size over time. While the Alliance Auth team is working hard to ensure Auth is free of memory leaks some may still be cause by bugs in different versions of libraries or community apps. It is therefore good practice to enable features that protect against potential memory leaks. +Celery workers often have memory leaks and will therefore grow in size over time. While the Alliance Auth team is working hard to ensure Auth is free of memory leaks, some may still be caused by bugs in different versions of libraries or community apps. It is therefore good practice to enable features that protect against potential memory leaks. :::{hint} The 256 MB limit is just an example and should be adjusted to your system configuration. We would suggest to not go below 128MB though, since new workers start with around 80 MB already. Also take into consideration that this value is per worker and that you may have more than one worker running in your system. @@ -36,9 +36,9 @@ The 256 MB limit is just an example and should be adjusted to your system config It is also possible to configure your supervisor to monitor and automatically restart programs that exceed a memory threshold. -This is not a built in feature and requires the 3rd party extension [superlance](https://superlance.readthedocs.io/en/latest/), which includes a set of plugin utilities for supervisor. The one that watches memory consumption is [memmon](https://superlance.readthedocs.io/en/latest/memmon.html). +This is not a built-in feature and requires the 3rd party extension [superlance](https://superlance.readthedocs.io/en/latest/), which includes a set of plugin utilities for supervisor. The one that watches memory consumption is [memmon](https://superlance.readthedocs.io/en/latest/memmon.html). -To setup install superlance into your venv with: +To install superlance into your venv, run: ```shell pip install superlance @@ -53,13 +53,13 @@ directory=/home/allianceserver/myauth events=TICK_60 ``` -This setup will check the memory consumption of the program "worker" every 60 secs and automatically restart it if is goes above 256 MB. Note that it will use the stop signal configured in supervisor, which is `TERM` by default. `TERM` will cause a "warm shutdown" of your worker, so all currently running tasks are completed before the restart. +This setup will check the memory consumption of the program "worker" every 60 secs and automatically restart it if it goes above 256 MB. Note that it will use the stop signal configured in supervisor, which is `TERM` by default. `TERM` will cause a "warm shutdown" of your worker, so all currently running tasks are completed before the restart. Again, the 256 MB is just an example and should be adjusted to fit your system configuration. ## Increasing task throughput -Celery tasks are designed to run concurrently, so one obvious way to increase task throughput is run more tasks in parallel. The default celery worker configuration will allow either of these options to be configured out of the box. +Celery tasks are designed to run concurrently, so one obvious way to increase task throughput is to run more tasks in parallel. The default celery worker configuration will allow either of these options to be configured out of the box. ### Extra Worker Threads @@ -73,13 +73,13 @@ process_name=%(program_name)s_%(process_num)02d ... ``` -This number will be multiplied by your concurrency setting, +This number will be multiplied by your concurrency setting. For example: ```text numprocs * concurency = workers ``` -increasing this number will require a modification to the memmon settings as each `numproc` worker will get a unique name for example with `numproc=3` +Increasing this number will require a modification to the memmon settings as each `numproc` worker will get a unique name for example with `numproc=3` ```ini [eventlistener:memmon] @@ -89,7 +89,7 @@ command=... -p worker_00=256MB -p worker_01=256MB -p worker_02=256MB ``` :::{hint} -You will want to experiment with different settings to find the optimal. One way to generate task load and verify your configuration is to run a model update with the following command: +You will want to experiment with different settings to find the optimal. One way to generate some task load and verify your configuration is to run a model update with the following command: ```bash celery -A myauth call allianceauth.eveonline.tasks.run_model_update @@ -106,7 +106,7 @@ This can be achieved by the setting the concurrency parameter of the celery work ``` :::{hint} -The optimal number will hugely depend on your individual system configuration and you may want to experiment with different settings to find the optimal. One way to generate task load and verify your configuration is to run a model update with the following command: +The optimal number will hugely depend on your individual system configuration, and you may want to experiment with different settings to find the optimal. One way to generate some task load and verify your configuration is to run a model update with the following command: ```bash celery -A myauth call allianceauth.eveonline.tasks.run_model_update @@ -115,5 +115,5 @@ celery -A myauth call allianceauth.eveonline.tasks.run_model_update ::: :::{hint} -The optimal number of concurrent workers will be different for every system and we recommend experimenting with different figures to find the optimal for your system. Note, that the example of 10 threads is conservative and should work even with smaller systems. +The optimal number of concurrent workers will be different for every system, and we recommend experimenting with different figures to find the optimal for your system. Note that the example of 10 threads is conservative and should work even with smaller systems. ::: diff --git a/docs/maintenance/tuning/gunicorn.md b/docs/maintenance/tuning/gunicorn.md index 5c856c34..587e1407 100644 --- a/docs/maintenance/tuning/gunicorn.md +++ b/docs/maintenance/tuning/gunicorn.md @@ -2,11 +2,11 @@ ## Number of workers -The default installation will have 3 workers configured for Gunicorn. This will be fine on most system, but if your system as more than one core than you might want to increase the number of workers to get better response times. Note that more workers will also need more RAM though. +The default installation will have 3 workers configured for Gunicorn. This will be fine on most systems, but if your system as more than one core than you might want to increase the number of workers to get better response times. Note that more workers will also need more RAM though. -The number you set this to will depend on your own server environment, how many visitors you have etc. Gunicorn suggests `(2 x $num_cores) + 1` for the number of workers. So for example if you have 2 cores you want 2 x 2 + 1 = 5 workers. See [here](https://docs.gunicorn.org/en/stable/design.html#how-many-workers) for the official discussion on this topic. +The number you set this to will depend on your own server environment, how many visitors you have etc. Gunicorn suggests `(2 x $num_cores) + 1` for the number of workers. So for example, if you have 2 cores, you want 2 x 2 + 1 = 5 workers. See [here](https://docs.gunicorn.org/en/stable/design.html#how-many-workers) for the official discussion on this topic. -For example to get 5 workers change the setting `--workers=5` in your `supervisor.conf` file and then reload the supervisor with the following command to activate the change (Ubuntu): +For example, to get 5 workers change the setting `--workers=5` in your `supervisor.conf` file and then reload the supervisor with the following command to activate the change (Ubuntu): ```shell systemctl restart supervisor diff --git a/docs/maintenance/tuning/index.md b/docs/maintenance/tuning/index.md index 157151c7..56cef0f7 100644 --- a/docs/maintenance/tuning/index.md +++ b/docs/maintenance/tuning/index.md @@ -1,13 +1,14 @@ # Tuning -The official installation guide will install a stable version of Alliance Auth that will work fine for most cases. However, there are a lot of levels that can be used to optimize a system. For example some installations may we short on RAM and want to reduce the total memory footprint, even though that may reduce system performance. Others are fine with further increasing the memory footprint to get better system performance. +The official installation guide will install a stable version of Alliance Auth that will work fine for most cases. However, there are a lot of levels that can be used to optimize a system. For example, some installations may we short on RAM and want to reduce the total memory footprint, even though that may reduce system performance. Others are fine with further increasing the memory footprint to get better system performance. :::{warning} -Tuning usually has benefits and costs and should only be performed by experienced Linux administrators who understand the impact of tuning decisions on to their system. +Tuning usually has benefits and costs and should only be performed by experienced Linux administrators who understand the impact of tuning decisions on their system. ::: :::{toctree} :maxdepth: 1 + gunicorn celery redis diff --git a/docs/maintenance/tuning/python.md b/docs/maintenance/tuning/python.md index b0777d97..1ac87f17 100644 --- a/docs/maintenance/tuning/python.md +++ b/docs/maintenance/tuning/python.md @@ -6,9 +6,9 @@ Newer versions of python can focus heavily on performance improvements, some mor As a general rule, Python 3.9 and Python 3.11 both had a strong focus on performance improvements. Python 3.12 is looking promising but has yet to have widespread testing, adoption and deployment. A simple comparison is available at [speed.python.org](https://speed.python.org/comparison/?exe=12%2BL%2B3.11%2C12%2BL%2B3.12%2C12%2BL%2B3.10%2C12%2BL%2B3.9%2C12%2BL%2B3.8&ben=746&env=1&hor=false&bas=none&chart=normal+bars). -[Djangobench](https://github.com/django/djangobench/tree/master) is source of synthetic benchmarks and a useful tool for running comparisons. Below are some examples to inform your investigations. +[Djangobench](https://github.com/django/djangobench/tree/master) is the source of synthetic benchmarks and a useful tool for running comparisons. Below are some examples to inform your investigations. -Keep in mind while a 1.2x faster result is significant, it's only one step of the process, Celery, SQL, Redis and many other factors will influence the end result and this _python_ speed improvement will not translate 1:1 into real world performance. +Keep in mind while a 1.2x faster result is significant, it's only one step of the process, Celery, SQL, Redis, and many other factors will influence the endresult, and this _python_ speed improvement will not translate 1:1 into real world performance. ### Django 4.0.10 diff --git a/docs/maintenance/tuning/sql.md b/docs/maintenance/tuning/sql.md index 17253608..29904465 100644 --- a/docs/maintenance/tuning/sql.md +++ b/docs/maintenance/tuning/sql.md @@ -2,15 +2,15 @@ SQL Tuning is usually the realm of experienced Database Admins, as it can be full of missteps leading to worse performance. It is _extremely_ important that you take it slowly, make one change at a time with dedicated research and test before and after. -Before you start down this path its best to update [MariaDB](https://mariadb.org/download/?t=repo-config) / MySQL. Performance Schemas, some default tuning and other general performance improvements are only available on new versions. You must also allow your server to run for 24 hours at least to gather accurate data. +Before you start down this path, it's best to update [MariaDB](https://mariadb.org/download/?t=repo-config) / MySQL. Performance Schemas, some default tuning and other general performance improvements are only available on new versions. You must also allow your server to run for 24 hours at least to gather accurate data. ## MySQLTuner -[MySQLTuner](https://github.com/major/MySQLTuner-perl) is a Perl script that will analyze inbuilt metrics and spit out recommendations. +[MySQLTuner](https://github.com/major/MySQLTuner-perl) is a Perl script that will analyze inbuilt metrics and provide recommendations. ### [performance_schema](https://mariadb.com/kb/en/performance-schema-system-variables/#performance_schema) -This should be ON for 24 hours before applying any recommendations, then can be turned _OFF_ to save Memory while its not needed. +This should be ON for 24 hours before applying any recommendations, then can be turned _OFF_ to save Memory while it's not needed. ```bash -------- Performance schema ------------------------------------------------------------------------ @@ -30,7 +30,7 @@ Note you must use 127.0.0.1 for localhost connections, and all entries in GRANT ### [table_definition_cache](https://mariadb.com/kb/en/server-system-variables/#table_definition_cache) -Will usually need to be expanded on installs with many extensions +Usually need to be expanded on installations with many extensions. Most installs should cache all their tables, but if your hit rate is still quite high, you may have a lot of rarely used tables that you don't need to waste memory caching. @@ -49,9 +49,9 @@ table_definition_cache (400) > 567 or -1 (autosizing if supported) ### [innodb_buffer_pool_size](https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size) -This is in short, the amount of memory assigned to store data for faster reads. If you are memory starved you should not increase this variable regardless of the suggestions of this tool. Pushing SQL cache to pagefile will not result in faster queries. +This is in short, the amount of memory assigned to store data for faster reads. If you are memory starved, you should not increase this variable regardless of the suggestions of this tool. Pushing SQL cache to pagefile will not result in faster queries. -If you are not memory starved, you can wind this up to the amount of total data you have to store it all in memory. This would be a significant performance increase for larger installs on dedicated hardware with memory to spare. +If you are not memory starved, you can wind this up to the amount of total data you have to store it all in memory. This would be a significant performance increase for larger installations on dedicated hardware with memory to spare. ```bash [!!] InnoDB buffer pool / data size: 128.0M / 651.6M @@ -67,7 +67,7 @@ If you are not memory starved, you can wind this up to the amount of total data [innodb_log_file_size](https://mariadb.com/kb/en/innodb-system-variables/#innodb_log_file_size) This is your _write_ log, used to redo any commits in the event of a crash. MySQLTuner recommends this be 1/4 of your innodb_buffer_pool / read buffer. I would not lower this past the default size. -[innodb_log_buffer_size](https://mariadb.com/kb/en/innodb-system-variables/#innodb_log_buffer_size) This is the memory buffer for the write log. Larger transactions will benefit from a larger setting. +[innodb_log_buffer_size](https://mariadb.com/kb/en/innodb-system-variables/#innodb_log_buffer_size) This is the memory buffer for the "write" log. Larger transactions will benefit from a larger setting. ```bash [!!] Ratio InnoDB log file size / InnoDB Buffer pool size (75%): 96.0M \* 1 / 128.0M should be equal to 25% @@ -79,7 +79,7 @@ If you are not memory starved, you can wind this up to the amount of total data ### [innodb_file_per_table](https://mariadb.com/kb/en/innodb-system-variables/#innodb_file_per_table) -This is not for performance, but for file system utilization and ease of use. While off all tables are stored in a single monolith file, as opposed to individual files. This is deprecated and set to ON in MariaDB 11.x +This is not for performance, but for file system utilization and ease of use. While off, all tables are stored in a single monolith file, as opposed to individual files. This is deprecated and set to ON in MariaDB 11.x ```bash [OK] InnoDB File per table is activated @@ -87,7 +87,7 @@ This is not for performance, but for file system utilization and ease of use. Wh ### [join_buffer_size](https://mariadb.com/kb/en/server-system-variables/#join_buffer_size) -It is always better to optimize a table with indexes, if you have valuable performance data and analysis please reach out to either the Alliance Auth or Community dev responsible for the data that could benefit from indexes. MySQLTuner will likely recommend increasing this number for as long as there are any queries that could benefit, regardless of their resulting performance impact. +It is always better to optimize a table with indexes, if you have valuable performance data and analysis, please reach out to either the Alliance Auth or Community dev responsible for the data that could benefit from indexes. MySQLTuner will likely recommend increasing this number for as long as there are any queries that could benefit, regardless of their resulting performance impact. Also keep in mind this is _per thread_, if you have a potential 200 connections, 256KB * 200 = 50MB, scaling this setting out too far can result in more memory use than expected. @@ -121,7 +121,7 @@ tmp_table_size and max_heap_table_size should be increased together. Index buffer for MyISAM tables, If you use no or very little data in MyISAM tables. You may reclaim some memory here -In this example we still have some MyISAM tables, you may have none +In this example, we still have some MyISAM tables. You may have none. ```bash [--] General MyIsam metrics: @@ -152,7 +152,7 @@ Index and data buffer for Aria tables, If you use no or very little data in Aria ## Swappiness -Swappiness is not an SQL variable but part of your system kernel. Swappiness controls how much free memory a server "likes" to have at any given time, and how frequently it shifts data to swapfile in order to free up memory. Desktop operating systems will have this value set quite high, whereas servers are less aggressive with their swapfile. +Swappiness is not an SQL variable but part of your system kernel. Swappiness controls how much free memory a server "likes" to have at any given time, and how frequently it shifts data to swapfile to free up memory. Desktop operating systems will have this value set quite high, whereas servers are less aggressive with their swapfile. Database workloads especially benefit from having their caches stay in memory and will recommend values under 10 for a dedicated database server. 10 is a good compromise for a mixed use server with adequate memory. @@ -193,7 +193,7 @@ vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness) or vm.swappiness=10 in / ## Max Asynchronous IO -Unless you are still operating on spinning rust (Hard Disk Drives), or an IO limited VPS, you can likely increase this value. Database workloads appreciate the additional scaling. +Unless you are still operating on spinning rust (Hard Disk Drives), or an IO-limited VPS, you can likely increase this value. Database workloads appreciate the additional scaling. ```bash [--] Information about kernel tuning: diff --git a/docs/support/index.md b/docs/support/index.md index 3558d415..9b2d7edf 100644 --- a/docs/support/index.md +++ b/docs/support/index.md @@ -1,6 +1,6 @@ # Support -If you encounter any AA related issues during installation or otherwise please first check the following resources: +If you encounter any AA related issues during installation or otherwise, please first check the following resources: - See the section on [troubleshooting](/maintenance/troubleshooting.md) your AA instance, e.g. the list of common problems - Search the AA [issue list](https://gitlab.com/allianceauth/allianceauth/issues?scope=all&utf8=%E2%9C%93&state=all&search=my+issue) (especially the closed ones) diff --git a/pyproject.toml b/pyproject.toml index 73b7f111..fb728a65 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,7 +66,7 @@ test = [ ] docs = [ "sphinx", - "sphinx_rtd_theme>=1.0.0,<2.0.0", + "sphinx_rtd_theme>=2.0.0,<3.0.0", "myst-parser", "sphinxcontrib-django", "sphinx-copybutton", diff --git a/tests/settings_all.py b/tests/settings_all.py index 707eac69..5bddee70 100644 --- a/tests/settings_all.py +++ b/tests/settings_all.py @@ -41,6 +41,13 @@ CACHES = { } } +########################## +# Django ESI Configuration +########################## +ESI_SSO_CLIENT_ID = "dummy" +ESI_SSO_CLIENT_SECRET = "dummy" +ESI_SSO_CALLBACK_URL = f"{SITE_URL}/sso/callback" + ######################## # XenForo Configuration ######################## diff --git a/tests/settings_core.py b/tests/settings_core.py index fffb86a0..6403cfa8 100644 --- a/tests/settings_core.py +++ b/tests/settings_core.py @@ -29,3 +29,11 @@ PASSWORD_HASHERS = [ LOGGING = None # Comment out to enable logging for debugging ALLIANCEAUTH_DASHBOARD_TASK_STATISTICS_DISABLED = True # disable for tests + + +########################## +# Django ESI Configuration +########################## +ESI_SSO_CLIENT_ID = "dummy" +ESI_SSO_CLIENT_SECRET = "dummy" +ESI_SSO_CALLBACK_URL = f"{SITE_URL}/sso/callback"