ZOOKEEPER-5020: Improve ZooKeeper website#2373
Conversation
yuriipalam
force-pushed
the
ZOOKEEPER-5020
branch
from
146dc71 to
1a7bc1b
Compare
|
this is great, please have a conversation on dev@zookeeper.apache.org about the release process this is our current release process and it involves updating the website: |
Hi @eolivelli , There's already a discussion thread on dev@ with subject "[DISCUSS] The New ZooKeeper Website". |
There was a problem hiding this comment.
For installing Playwright in GH Actions you might find this useful:
https://playwright.dev/docs/ci-intro#setting-up-github-actions
PDavid
left a comment
PDavid
left a comment
There was a problem hiding this comment.
Many thanks, impressive work! 👍 I really like the new website.
I just found that we may miss some recently made updates, please see below.
| ## quit | ||
|
|
||
| Quit the CLI. |
There was a problem hiding this comment.
I think there we re some updates to this section under https://github.com/apache/zookeeper/pull/2358/changes not so long ago.
| enable Prometheus.io exporter. | ||
| - _metricsProvider.httpHost_ : | ||
| **New in 3.8.0:** Prometheus.io exporter will start a Jetty server and listen this address, default is "0.0.0.0" | ||
| - _metricsProvider.httpPort_ : |
There was a problem hiding this comment.
There were some updates to this section in https://github.com/apache/zookeeper/pull/2360/changes not so long ago.
| metricsProvider.httpPort=7000 | ||
| metricsProvider.httpsPort=4443 | ||
| ``` | ||
|
|
There was a problem hiding this comment.
A new section was added here not so long ago, see: https://github.com/apache/zookeeper/pull/2360/changes#diff-ba1b80ad29e393353d4dde0f0895bc2425d0ddaa558f5f81f21f8b19ee1dbf0d
| - _server_stats/srvr_ : | ||
| Server information. | ||
| Returns multiple fields giving a brief overview of server state. | ||
|
|
There was a problem hiding this comment.
I think we should add here shed_connections/shed which was added not so long ago:
|
Thanks for your review @PDavid |
|
Everything seems to be done. The PR for changes in the Once the final feedback is received, I will rebase the documentation changes. In the discussion thread we decided to architect the website in the following way:
|
|
Interestingly the GitHub Actions were not run on the latest changes. Maybe it would worth to squash the commits? EDIT: Now they are working. |
I can try that. Should I squash everything that we got on this branch into one commit? |
|
Many thanks, now the RAT check is successful locally and I can also see that since you resolved the conflicts the GitHub action checks are scheduled. (A committer has to approve it so that it runs.) 🚀 |
|
@yuriipalam Have you finished this patch? |
Yes, I have finished it. The CI check didn't seem to be related to my changes. There were just some conflicts that I had to resolve, and I also fixed fresh CVEs as well. |
tisonkun
left a comment
tisonkun
left a comment
There was a problem hiding this comment.
Rest LGTM. We can move forward.
There was a problem hiding this comment.
How does this data file get generated? I noticed that this is outdated.
There was a problem hiding this comment.
For HBase and Phoenix this file was generated from the respective parts from root pom.xml on build time. For that reason this developers.json was not checked into the git repo and ignored. Is this different here @yuriipalam or should this be the same?
There was a problem hiding this comment.
Here it's not generated from pom.xml. I took the data from the current website.
I just checked and probably it should be generated from it, since we have a list of developers there. I didn't notice it.
I can do it later as a separate patch. Thanks!
There was a problem hiding this comment.
Seems to be outdated. Do we still maintain this channel? If not, we may remove this page later.
There was a problem hiding this comment.
I don't really know, I just moved all the content we had. It's easy to remove if we need to.
|
@yuriipalam Please look at the comments on the following Jira ticket and modify the Security page accordingly: Thanks! |
|
|
||
| The Apache Software Foundation takes security issues very seriously. Due to the infrastructure nature of the Apache ZooKeeper project specifically, we haven't had many reports over time, but it doesn't mean that we haven't had concerns over some bugs and vulnerabilities. If you have any concern or believe you have uncovered a vulnerability, we suggest that you get in touch via the e-mail address [security@zookeeper.apache.org](mailto:security@zookeeper.apache.org?Subject=[SECURITY]%20My%20security%20issue). In the message, try to provide a description of the issue and ideally a way of reproducing it. Note that this security address should be used only for undisclosed vulnerabilities. Dealing with known issues should be handled regularly via jira and the mailing lists. **Please report any security problems to the project security address before disclosing it publicly.** | ||
|
|
||
| The ASF Security team maintains a page with a description of how vulnerabilities are handled, check their [Web page](https://www.apache.org/security/) for more information. |
There was a problem hiding this comment.
A small suggestion: consider linking to https://security.apache.org/report/ instead of https://www.apache.org/security/.
The /report/ page routes reporters to the appropriate channel up front. That keeps the wrong reports out of
security@zookeeper.apache.org. For instance, scanner output claiming that a ZooKeeper distribution bundles third-party dependencies with known CVEs should go to a public channel, not the private security address.
While we are here: as I noted in ZOOKEEPER-5050, it would be very useful if this page (or a subpage) carried a security/threat model summarizing ZooKeeper's security assumptions and guarantees. To get the ball rolling, I had an LLM draft one from the existing documentation: https://gist.github.com/ppkarwasz/f5be1b5c0182fe665252101c5f24d39f
The draft is not finished. It contains a set of open questions that need maintainer answers before it is complete, and an agent can ask those and fold the answers back into the document. I personally find this document's structure very convenient for triaging incoming reports, but the published form might (and probably should) be more narrative, along the lines of the Logging Services threat model or the Airflow security model.
ppkarwasz
left a comment
ppkarwasz
left a comment
There was a problem hiding this comment.
Looks good to me! 💯
Thanks!
|
I have two comments above. They are not blockers but would expect for some replies :D |
|
@tisonkun thanks, I replied! |
7 participants
This is a draft PR of the new ZooKeeper website. The documentation can be found in the
README.mdfile under thezookeeper-websitedirectory. Thezookeeper-docsdirectory is removed.This PR might have more updates in the near future.
There is currently ongoing process of CI/CD integration into the Zookeeper repository. We're considering moving the released docs to another branch and just merge it with the website at a build time, since there's no point to pull a huge archive (1 GB) whenever you want to clone the repo. This discussion is currently ongoing, this app doesn't contain the released docs.
Website preview: https://zookeeper-website.vercel.app/
Previously, the master branch stored docs sources only of the current version, and the
websitebranch had the landing page source code plus the released docs. Currently, the master branch has the code of both documentation and landing page, it's all one app now.