Etherpad is a highly customizable Open Source online editor providing collaborative editing in really real-time.
Version 1.6.0
Collaborating in really real-time
Etherpad allows you to edit documents collaboratively in real-time, much like a live multi-player editor that runs in your browser. Write articles, press releases, to-do lists, etc. together with your friends, fellow students or colleagues, all working on the same document at the same time.
All instances provide access to all data through a well-documented API and supports import/export to many major data exchange formats. And if the built-in feature set isn't enough for you, there's tons of plugins that allow you to customize your instance to suit your needs.
You don't need to set up a server and install Etherpad in order to use it. Just
one of publicly available instances that friendly people from everywhere around the world have set up. Alternatively, you can set up your own instance by following our
Also, see our .
Version 1.6.0
Version 1.6.0
Version 1.4.1
Contribute
Etherpad is an open source project. Lots of passionate, helpful individuals have joined and voluntarily contributed every single bit throughout this project: From this website through the documentation to the very core of the application. So, if you like etherpad and would like to give back some love, we'd like to see your contributions! It doesn't matter how familiar you are with real-time applications, or whether you know how to write programs for Node.js. There are plenty of ways to be helpful!
One of the first things you should do is actually use Etherpad, and get to know it - read about it, evangelise it, and engage with the wider community. You can also translate the user interface to your mother tongue or learn how to write plugins. Be creative!
If you'd like to help, ! Also,
is always a valuable resource.
Development workflow
The main development happens on . To contribute,
the , branch off a
from develop, make your changes and
to your fork and submit a
for ether/develop.
Once in a while we merge develop into master, which results in a new release. This means you will always find the latest stable version in the master branch.
Show your appreciation with a tib
We appreciate your tib
Get in touch
Many individuals, companies and organizations have contributed to Etherpad Lite. We'd like to thank them all!
built Etherpad Lite in 2010 to build an educational product called
have made key contributions in nearly every area since 2012
as an early adopter of Etherpad Lite have contributed to various aspects of bug discovery and resolution
originally open-sourced the key libraries required to create Etherpad Lite after a purchase of Appjet
have been vocal in promoting collaborative writing
helps promote, improve, develop, and defend Free, Libre, and Open Source Software (FLOSS) projects.
Additionally, our thanks go out to the tens of thousands of developers and organizations who have created all the modules we depend on or contributed in some way to our ability to provide Etherpad Lite as open source.
We'd also like to thank you. You, who've been making Etherpad Lite what it is, if you've been developing awesome features or plugins, whether you're runnning an instance or you're just one of our diligent users.
Thank you!参考:https://wiki.openstack.org/wiki/Keystone
什么是Keytone
Keystone是Openstack用来进行身份验证(authN)及高级授权(authZ)的身份识别服务,目前支持基于口令的authN和用户服务授权。Keystone提供Openstack其他项目使用的身份识别、令牌、目录及策略服务。
Identity:身份识别服务提供auth凭证验证和用户、租户及角色数据,和任意关联的元数据一样。The Identity service provides auth credential validation and data&
about Users, Tenants and Roles, as well as any associated metadata.Token:一旦用户/租户的凭证已被验证,令牌服务来验证并管理用于身份验证请求的令牌。Catalog:目录服务提供用于endpoint发现的一个endpoint注册表。Policy:策略服务提供一个基于规则的授权引擎。
每种服务都可以配置使用一个后端来满足各种各样环境和需求。每种服务的后端在keystone.conf配置文件中定义。&
身份识别服务(Identity Service)
身份识别服务执行如下功能:
用户管理:追踪用户及其权限。服务目录:提供可用服务的API endpoint目录。
下面几个概念很重要,是理解Keystone的前提。
User:用户是使用OpenStack云服务的一个人、系统或服务的数字表达。身份识别服务验证要求进行调用的用户传入的请求。用户可以直接分配给特别的租户,就像包含在租户中一样。
Credentials:凭证是只有证明自己身份的用户才知道的数据。在身份识别服务中,凭证可以是用户名和密码、用户和API键或身份识别服务提供的认证令牌。
Authentication:这是用户确认身份的行为。身份识别服务通过验证用户提供的一组凭证来确认传入的请求 。身份识别服务向用户发放一个认证令牌来响应这些凭证,用户在后续请求中提供这个令牌。
Token:令牌是用来访问资源的一个任意文本。每个令牌都有一个范围,描述哪些资源可以访问。令牌可以随时撤回且在有限时间内生效。然而身份识别服务支持基于令牌的认证方式,是为了未来支持额外协议。其首要目的是为了集成服务,不是追求成为一个完整的身份识别存储和管理解决方案。
Tenant:一个用于分组或隔离资源、标识对象的容器。租户可以映射到一个顾客、账户、组织或项目,这取决于服务运营者。
Service:Openstack服务,如Nova、Cinder、Glance等。服务提供一个或多个endpoint,用户可以通过这些endpoint来访问资源和执行操作。
EndPoint:端点是一个可访问的网络地址,通常是一个URL。如果你为模板使用扩展,就可以创建一个endpoint模板,它代表所有跨区域可用的可消费服务的模板。
Role:角色指一个用户承担的个性,使用户能执行一组指定的操作。角色包括一组权力和特权。一个用户承担这个角色就继承了这些权力和特权。一个被分配给用户的令牌包含一组用户拥有的角色列表。用户调用的服务决定他们如何解读一组用户拥有的角色以及每个角色授权访问哪些操作和资源。
身份识别服务的处理流程
图中是一个创建实例的流程图:
1.用户(User)想启动一台服务器,用户发送credential到Keystone,Keystone返回一个生成的临时令牌和一个通用catalog。
2.用户请求其所拥有的所有租户,用户随着请求提供临时令牌,Keystone会将租户列表发送给用户。
3.Keystone将服务列表提供给用户。credential和所需的租户一起发送到Keystone,Keystone发送租户所拥有的服务列表,同时提供租户令牌。
用户确定正确的端点(endpoint)来启动一个服务器,随着请求提供令牌。
4.Service在endpoint上验证用户的令牌。Keystone判断令牌是否正确及是否允许服务使用?
5.Keystone随着令牌提供额外信息到Service。用户的租户被授权访问服务。令牌匹配请求,令牌属于用户。服务根据他自己的策略来验证请求。
6.Service执行请求。service创建一个新的服务器。
7.服务器将状态报告给用户。
定义users、tenants和roles
下面来创建一个管理员用户和一个普通用户。默认身份识别服务创建一个特殊的_member_角色。Openstack dashboard通过这个角色自动向用户授予访问权。我们需要除了admin角色之外还要给admin用户这个角色。我们创建的任何角色必须映射到policy.json文件中指定的角色,包含在每个Openstack服务中,policy.json定义了Identity服务的访问策略。大多Openstack服务的默认的policy文件授予admin角色管理访问权。
创建admin用户
1. 创建admin用户
# keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL
2. 创建admin角色
# keystone role-create --name=admin
3. 创建admin租户
# keystone tenant-create --name=admin --description=&Admin Tenant&
4.&将admin用户、admin角色、admin租户联系到一起# keystone user-role-add --user=admin --tenant=admin --role=admin5. 将admin用户、_member_角色、admin租户联系到一起# keystone user-role-add --user=admin --role=_member_ --tenant=admin
创建普通用户
可以通过重复下面的步骤建立其他用户,创建其他用户时跳过创建租户的步骤。
1. 创建demo用户
# keystone user-create --name=demo --pass=DEMO_PASS--email=DEMO_EMAIL
2. 创建demo租户:
# keystone tenant-create --name=demo --description=&Demo Tenant&
3. 将demo用户、_member_角色、和demo租户联系到一起
# keystone user-role-add --user=demo --role=_member_ --tenant=demo
创建service租户
OpenStack服务需要一个用户名、租户和角色来访问其他OpenStack服务。所有的OpenStack服务通常共享一个名为service的租户。
创建service租户
# keystone tenant-create --name=service --description=&Service Tenant&
定义服务和API endpoint
必须注册每个服务到Openstack,以便身份识别服务可以追踪已经安装了哪些Openstack服务以及安装位置。通过运行如下命令注册服务:
o&keystone service-create:描述服务。
o keystone endpoint-create:将API endpoint与服务相关联。
1. 为Identity Service创建服务对象
# keystone service-create --name=keystone --type=identity --description=&OpenStack Identity&
+-------------+----------------------------------+
| Property
+-------------+----------------------------------+
| description | OpenStack Identity
| 15c11abcbd |
| keystone
| identity
+-------------+----------------------------------+2. 通过返回的service ID为Identity Service指定API endpoint。当指定endpoint时,需要为public API、internal API、admin API提供URLs。
# keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller: \
--internalurl=http://controller: \
--adminurl=http://controller:3
+-------------+-----------------------------------+
+-------------+-----------------------------------+
| adminurl
| http://controller:3
| 11f9c625a3b94a3f8e66bf4e5de2679f
| internalurl | http://controller:
| publicurl
| http://controller:
| regionOne
| service_id
| 15c11abcbd
+-------------+-----------------------------------+
资源的基本隔离
BigCo部署了Openstack后,像让两个不同的开发小组来访问和管理各自的资源。每个小组由两个专门的人,而且还有两个人同时在两个小组。他们想通过Keystone来设置所有的用户和组:
GroupA user A1、A2、Z1和Z2可以访问并操控在goup A拥有的资源。&GroupB user B1、B2、Z1和Z2可以访问并操控在goup B拥有的资源。资源:volumes、VM和floating IP地址。
Keystone结构:&
在V2中,主要结构是有用户、租户和角色来联系这两个小组。Keystone用用户凭证来验证令牌,而令牌包含服务共享的元数据,服务进行许可选择。
&wants to provide a service catalog to each of the users listed above with their relevant API endpoints
created to match their identity stored in Keystone. For example, the user Jill wants to log into the dashboard using her credentials (stored in keystone), and be able to get the URI endpoints to use in command line or GUI clients.
Expose service APIs for a given user
(i.e. craft Swift and related API endpoints for a specific user/tenant) - Swift API endpoints have tenant & userid in the URI (others too?)
Two Open Questions:
Is there a use case around supporting a user without a tenant?Is there a use case around having a tenant without any users?
&has an openstack deployment, being used by 2 development teams and managed by a separate operations team.
They want to set up the operations team to be able to manipulate all resources within the&&deployment,
and limit the development team's users to only manipulating their own volumes and virtual machines. They also want to limit network operations (setting and changing floating IP addresses) to only their operations team.
Enable role based access
(see&&for discussion)ROLE - A group that a user can be in, which gives them privileges - combination of user+tenant from identity aboveACTION - Doing something - this is specific to a serviceCAPABILITY - An action that's been granted to a role (role+action)for an example set of actions wrapped into a policy set, see&
&needs a global private cloud. Instead of deploying multi-region cloud files, they would prefer to use
Rackspace Cloud Files. Their cloud has shared authentication with their existing enterprise systems (Keystone backends to AD - see stories below). They want to add to their cloud's service catalog an entry for rackspace cloud files and use their existing authentication.
(In the stories &windows& means a windows desktop with central AD authentication)
Jill arrives at work and logs into his desktop with his corporate username/password, and sees an email that the private cloud is now available. She clicks the link and it takes him to a sign-on page. She enters his corporate username/password and it lets him
in. After exploring the features, she is ready to start using the cloud.
Jill decides to launch a Windows VM. After a few minutes later she clicks &Open Remote Desktop& and her RDP viewer opens the windows desktop. She is able to use her corporate username/password to login to the virtual machine and access all corporate resources.
Technical Assumptions:
cloud management layer and VMs have access to corporate AD/LDAPcorporation has an existing AD/LDAP that will need to be integratedcloud & VMs only need (minimal) read access to LDAP/AD
check if the username/password is correctlist all tenants for a user (groups the user is a member of)list all roles for the user/tenant (for cloud permissions)
1) LDAP Simple * document how to setup a cloud so that keystone and linux VMs use a shared LDAP * any LDAP user is able to login to VM (independent of tenant that created it)
2) LDAP Tenant * linux guest agent pulls tenant information from metadata * only users in that tenant (group in LDAP) can login to the server
3) LDAP Tenant + Cloud Operator * cloud operator can configure an addition LDAP group that is allowed admin access * additional group is exposed via metadata, guest agent adds admin group
4) LDAP Simple + Windows * windows image setup to authenticate against LDAP (same as 1 except windows guest)
5) LDAP Tenant + Windows * similar to 2 except with Windows Image
1) AD Simple * active directory backend for Keystone (light) * windows image that is hardcoded to use the AD
2) AD join Domain * in addition to authentication against an AD, register against the AD
3) AD Tenant * in addition to registering against the AD, restrict access to only those users who a member of the tenant (similar to A.2 but with AD+Windows)
4) AD Tenant + Cloud Operator * in additional to B.3, an admin tenant is added (similar to A.3)
5) AD Tenant + Cloud Operator + Linux * similar to 4 except linux image that delegates to AD
Jill is an administrator for the&&environment at&.
She's been asked to bulk load a division of people into a proof of concept/prototype setup (Identity is being backed by DB). In doing so, she has a list of usernames that should all be added, to be broken up into groups of multiple tenants by a later task.
Allow Jill to upload the list and bulk create users without identifying tenants for those users a priori
Jill is an administrator for an&&environment at&.
She's been asked to enable Dept A, B, C, and D for the&&environment. All the members of Division
X can be determined by an LDAP query against&'s directory containing a list of departments. All members
of will need to log in with their corporate credentials. Jill doesn't have any update authority to the corporate directory.
Allow Jill to specify allowed users by some form of directory queryAllow users to login with directory credentials, but assume that the directory is not updatable in any way from&&(all
additional metadata that needs to be stored, much be done in a seperate&&store).
&wants to run two separate&&clusters
with a single instance of keystone.&&wants to be able to identify these clusters within a single instance
of keystone, and make role responses contingent on which cluster is asking - i.e. they have a Dev Cloud and a Prod Cloud. Fredford has &admin& access to Nova in devcloud, but not in&.
This could also be viewed as different roles in different service endpoints on Keystone - so Fredford has &admin& access to Nova in devloud, but &just a regular guy& access to the production Glance instance.
(This is part of what is intended with the HP-IDM-EXTENSION)
&has a large installation of&&with
multiple clusters of Nova, and potentially a single instance of Keystone. Various departments in&are
tenants, and a few people provide administrative assistance for the Cloud services to those departments.&&wants
to be able to assign permissions to sets of those departments so that a single user or group of users (Mark, Jill, and Aspen, for example) can provide administration across several tenants(endpoints and groups of resources), without having to be assigned to
every tenant and given a role associated with each Tenant.
(This is part of what is intended with the HP-IDM-EXTENSION)
(vishy) here is the problem I'm trying to solve:
As an admin, I want to trigger a resize for a user (within Nova) or a block-migration command. At some point that command has to interact with external services, in this case glance. So if i need to access that tenant's images, I need a token that is valid
for that tenant. (currently logged as)
&has a big&&private
cloud.&&has an R&D division with resources in a separate tenant from other&&resources.
To gain access to&R&D resources, an employee needs to provide more than just one set of credentials.R&D
employees that only supply 1 set of credentials can still access&&non-R&D resources. The additional sets
of credentials needed to access R&D resources could involve a hardware token, push-notification approval, SMS texts with pins, or even voice approval.
As an enterprise using&, I would expect Keystone support the notion of a half-token - a token
that isn't fully authenticated but could still allow access to some services/resources that only require the credentials I supplied.
&doesn't want “internal” and “admin” endpoints URLs are publicly available, thus&&needs
filtering the URL endpoints depending on the user role. e.g.: userA as member of tenantA will get just the public endpoints URL, userB as service admin of tenantB will get all the endpoints URLs.
we need to add one about adding an experimental/third party service - and supporting it without giving it complete power to do everythign (eg if we send it a user token, they can send it to all the other services and act as the user) [6:44pm] Vanchester joined
the chat room. [6:44pm] anotherjesse: (service = new cloud service to the catalog) [6:44pm] heckj: For some of the fundamental changes that were originally planned in essex, there were side-effects that I don't think were clearly communicated to all the other
projects (nova, glance, swift, horizon). My goal is to have a basis to do that at the summit, talking in concrete terms [6:45pm] heckj: anotherjesse: can you add that in to the wiki page? [6:45pm] anotherjesse: sure [6:45pm] heckj: or send me an email with
the details, and I can pester you until I understand and I'll add it [6:45pm] anotherjesse: it is in the folsom summit topics as &Trust & Service&
参考知识库
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
访问:11619次
排名:千里之外
原创:19篇
转载:10篇
(2)(1)(2)(9)(5)(9)(3)君,已阅读到文档的结尾了呢~~
etherpad使用手册
扫扫二维码,随身浏览文档
手机或平板扫扫即可继续访问
etherpad使用手册
举报该文档为侵权文档。
举报该文档含有违规或不良信息。
反馈该文档无法正常浏览。
举报该文档为重复文档。
推荐理由:
将文档分享至:
分享完整地址
文档地址:
粘贴到BBS或博客
flash地址:
支持嵌入FLASH地址的网站使用
html代码:
&embed src='/DocinViewer--144.swf' width='100%' height='600' type=application/x-shockwave-flash ALLOWFULLSCREEN='true' ALLOWSCRIPTACCESS='always'&&/embed&
450px*300px480px*400px650px*490px
支持嵌入HTML代码的网站使用
您的内容已经提交成功
您所提交的内容需要审核后才能发布,请您等待!
3秒自动关闭窗口Basecamp 3: Manage projects, groups, and client work.
Working with other people? Struggling to keep everyone on the same page?
It’s time to try the Basecamp&way.
Rallying people around a project and keeping everyone on the same page is already tough enough. And it’s easy to make it harder than it needs to be.
Using multiple products, chatting constantly, or sending a bunch of emails around makes things more complicated. What’s official? How do I see it all? Where’s the right place to share something? It’s a hot mess.
Come over to the Basecamp way and you’ll have everything you need neatly organized in one place. It’s a calmer, more peaceful way to work.
For 12 years and running, over 100,000 companies have adopted the Basecamp way of working. Not just tried, but signed up, said “ah-ha!”, and never looked back. There’s nothing else like Basecamp.
Just last week,
companies got started with Basecamp 3!
Or, sign up with your email
Basecamp is used by the best organizations across every industry
World-famously-easy-to-use
A place to work + a way to work
A Basecamp is a private, secure space online where people working together can organize and discuss everything they need to get a project done. See it, track it, discuss it, act on it. Tasks, discussions, deadlines, and files - everything’s predictably organized in Basecamp.
Every time a new project or initiative comes up, spin up a new Basecamp in your account, name it ("Q3 Marketing Pitches"), invite the people involved, and keep everything related to that project neatly organized inside that Basecamp.
Now everyone knows where everything is, they know what they need to do, and nothing slips through the cracks. Basecamp even works over email - people who prefer email can simply reply to discussions via any email app without ever having to log into Basecamp.
How does it work? Why&does&it&work?
Basecamp 3 and the unique mix&of&six
We’ve been studying highly productive groups for 16 years. We’ve discovered there are six core things every group needs to do their best work together. Basecamp 3 is the only product specifically designed around this bundle of six tools and methods. And they are...
Message boards and comment threads. Basecamp’s threads keep discussions on-topic and in-context so the whole story stays together in a way that’s easy to follow and reference for the record later. You can comment directly on anything in Basecamp. Comments are designed in a way that people can respond over time as their busy schedules permit.
Real-time chat/pings. Basecamp’s real-time Campfire chats and Pings let you hash something out quickly, show work and get fast feedback, or just ask a question out loud when you don’t know who to ask.
Automatic check-ins. Basecamp’s automatic check-ins surface what’s on people’s minds, what they’ve been working on, and what they plan on doing next. And it happens automatically on a recurring daily/weekly schedule so you don’t have to personally nag anyone for answers.
To-do lists. Basecamp’s to-do lists let you organize and divvy up work to be done. To-do lists let you break down big chunks of work into easily digestible lists that are simpler to attack, track, and complete.
Docs & file storage. Basecamp’s docs & files section lets you visually organize PDFs, Google Docs, images, or other files into folders so everyone on your team can find what they need on their own without having to ask anyone.
A centralized schedule. Basecamp’s schedule keeps track of all major milestones, deadlines, upcoming events, and to-dos with due dates. Dates are clearly posted so everyone can find out what’s due when. You can add Basecamp’s schedule to your Google, iCal, or Outlook calendar.
Hungry for more? See the .
A few final words + thank you
A note from our founder
If you’re in charge of running a team, you’ve got a big responsibility. It isn’t easy. We know what you’re up against. We built Basecamp to lend a hand.
We built Basecamp because we need what you need: a system to help you stay on top of it all. To keep people on the same page, to organize and disseminate information, to discuss and make decisions official.
We knew it had to be easy to follow, find, and refer back to anything later. And everyone needed to know what they needed to do without having to ask someone else.
We looked at everything, and nothing else did the job. So we had to invent something new. That something was Basecamp. And for 2016, we just released the best version of Basecamp yet & the all-new, completely redesigned and reimagined Basecamp 3.
Everything we do at our company runs through Basecamp 3. Every person, every group, every department runs their work on Basecamp.
We’re 100% committed to making Basecamp better every day. We’ve been in business for 16 years, we’re debt-free, and we’ve been profitable since year one. We’re here for the long haul.
We’d love for you to give Basecamp 3 a try. It’s entirely free to try with no time limit. If you have any questions, or there’s anything we can do to make you successful, . Thank you!
Jason Fried, Basecamp CEO
P.S. If you tried Basecamp way back when, we invite you to try it again. Basecamp 3 is unlike any Basecamp before. We’d love to welcome you back home.
Ready to sign up?
