diff --git a/dictionary-octopus.txt b/dictionary-octopus.txt index 5db97e2c0c..5f96d57971 100644 --- a/dictionary-octopus.txt +++ b/dictionary-octopus.txt @@ -9,6 +9,8 @@ ALLUSERSPROFILE anglin anotherdir Antiforgery +antipattern +antipatterns apikey apikeys appcmd @@ -33,8 +35,10 @@ australiaeast australiasoutheast Authentik auths +autoconfigured autodeployoverride autologin +autopopulate awsaccount azureaccount azureactivedirectory @@ -286,7 +290,9 @@ msiexec mssqldb MSSQLSERVER MTTR +multifactor Multipath +multistep myagent myapplication Myatt @@ -507,6 +513,7 @@ storyblok strconv struct stylesheet +subcomponent subcontext sunsetting swaggerui diff --git a/src/pages/docs/administration/spaces/index.mdx b/src/pages/docs/administration/spaces/index.mdx index a96319719a..25bd28dc60 100644 --- a/src/pages/docs/administration/spaces/index.mdx +++ b/src/pages/docs/administration/spaces/index.mdx @@ -130,7 +130,7 @@ When you log into the Octopus Web Portal, the first item on the navigation menu ## System scoped or space scoped \{#system-scope-space-scoped} -There is a hard barrier between spaces, so, for instance, a deployment target configured for Space-A isn't available to projects in Space-B. However, there are some things that aren't scoped to a space, and are available system wide. +There is a hard barrier between spaces, so, for instance, a deployment target configured for Space-A isn't available to projects in Space-B. However, there are some things that aren't scoped to a space, and are available system-wide. The following table shows which Octopus resources are space-scoped, system-scoped, or scoped to both. @@ -157,6 +157,6 @@ If a resource isn't listed below, then it's space-scoped. ## Automation changes to be aware of \{#automation-changes} -As always, using our client libraries offer the best chance of a successful upgrade for your existing automation, and our latest release of Octopus Client has all the changes required to inter-operate with any version of Octopus, as do most of our plugins for other build systems. However, due to the depth and breadth of the changes required to make spaces a reality, we weren't able to maintain backwards compatibility for the REST API in all cases. +As always, using our client libraries offer the best chance of a successful upgrade for your existing automation, and our latest release of Octopus Client has all the changes required to interoperate with any version of Octopus, as do most of our plugins for other build systems. However, due to the depth and breadth of the changes required to make spaces a reality, we weren't able to maintain backwards compatibility for the REST API in all cases. Please refer to [release notes](https://octopus.com/downloads/compare?from=2018.12.1&to=2019.1.0) for a complete list of breaking changes. diff --git a/src/pages/docs/best-practices/deployments/environments-and-deployment-targets-and-roles.md b/src/pages/docs/best-practices/deployments/environments-and-deployment-targets-and-roles.md index 418ebdecab..d5f4148375 100644 --- a/src/pages/docs/best-practices/deployments/environments-and-deployment-targets-and-roles.md +++ b/src/pages/docs/best-practices/deployments/environments-and-deployment-targets-and-roles.md @@ -84,7 +84,7 @@ Our recommendations for environments are: - If you have between one and five data centers (including cloud regions), it's okay to have an environment per data center. For example, **Production - AU** for a data center in Australia and **Production - Central US** for the Azure Central US region. If you have more than five data centers, consider [tenants](/docs/tenants) where each data center is a tenant. - It's okay to have team-specific environments, similar to data center environments. Although if you have more than five or six teams, consider [tenants](//docs/tenants/) where each team is a tenant. -Anti-patterns to avoid are: +Antipatterns to avoid are: - Project names in your environments. An environment name of **QA - OctoPetShop** indicates you need to either have more specific target tags on your deployment targets or you need to leverage spaces to isolate that application. Project-specific environments are a good indicator to consider [spaces](/docs/administration/spaces). - Branch names in your environment names. Consider using temporary [tenants](/docs/tenants) for your branch names or storing your branch name in a pre-release tag in the release version. diff --git a/src/pages/docs/best-practices/deployments/lifecycles-and-environments.md b/src/pages/docs/best-practices/deployments/lifecycles-and-environments.md index 9e635d2b01..5100a8715d 100644 --- a/src/pages/docs/best-practices/deployments/lifecycles-and-environments.md +++ b/src/pages/docs/best-practices/deployments/lifecycles-and-environments.md @@ -42,7 +42,7 @@ Two lifecycles allow you to have your standard workflow, where all the feature b We **_never_** recommend having a lifecycle with only **production**. Any deployment to **production** must deploy to at least one other environment to verify the fix. Skipping straight to **production**, especially during an emergency, will make a bad situation worse. :::div{.hint} -A lifecycle with a single phase is an anti-pattern. We typically see this when users strictly adhere to the [git flow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow) branching strategy. If you create a new build, that build should be deployed to at least one environment to ensure it will work in **production**. +A lifecycle with a single phase is an anti-pattern. We typically see this when users strictly adhere to the [git flow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow) branching strategy. If you create a new build, that build should be deployed to at least one environment to ensure it will work in **production**. ::: ## Production approval diff --git a/src/pages/docs/best-practices/deployments/projects-and-project-groups.md b/src/pages/docs/best-practices/deployments/projects-and-project-groups.md index 815babca89..95183f612a 100644 --- a/src/pages/docs/best-practices/deployments/projects-and-project-groups.md +++ b/src/pages/docs/best-practices/deployments/projects-and-project-groups.md @@ -32,9 +32,9 @@ If you want to have a project per component, you need to ensure each component i Previous versions of this guide recommended having a project per component. Octopus Deploy now includes new features, including ITSM integration, Config as Code, and more options for variable run conditions. There is also a logistical overhead with a project per component. That recommendation was made in 2021. At that time, a project per component made sense. It is no longer applicable with the 2023 version of Octopus Deploy. ::: -## Anti-patterns to avoid +## Antipatterns to avoid -A project should deploy all the coupled components of an application (WebUI, WebAPI, Service, Database). Some common anti-patterns we've seen you should avoid are: +A project should deploy all the coupled components of an application (WebUI, WebAPI, Service, Database). Some common antipatterns we've seen you should avoid are: - A project per component in an application. If the components are referenced in the same "solution" or built in the same build configuration, they need to be deployed together. - A project per application, per environment, such as `OctoPetShop_Dev`, `OctoPetShop_Test`, and so on. That is impossible to maintain and track versions. diff --git a/src/pages/docs/best-practices/deployments/variables.md b/src/pages/docs/best-practices/deployments/variables.md index 283fa77183..f0f95990f3 100644 --- a/src/pages/docs/best-practices/deployments/variables.md +++ b/src/pages/docs/best-practices/deployments/variables.md @@ -87,7 +87,7 @@ Octopus Deploy can set an environment variable or configuration value during dep A common scenario we've talked to customers about is restricting variable edit access to specific environments. For example, a developer can edit any variables scoped to **development** and **test** environments, but not **staging** or **production** environments. On paper this makes sense, in practice this causes messy handovers and claims of "it worked on my machine." The developers working on the application know all the various settings and variables required for their application to work. Our recommendations for variable edit permissions are: -- Variable edit permissions should be all or nothing, either a person can edit variables, or they cannot. Don't scope permissions to environments. Anyone responsible for the application should have permission to update variables (developers, lead developers, DB developers, etc.) along with operations (DBAs, web admins, sys admins) who can create and update service accounts and passwords. +- Variable edit permissions should be all or nothing, either a person can edit variables, or they cannot. Don't scope permissions to environments. Anyone responsible for the application should have permission to update variables (developers, lead developers, DB developers, etc.) along with operations (DBAs, web admins, sysadmins) who can create and update service accounts and passwords. - Variable Sets can be shared across multiple projects. Limit who can edit variable set variables to more experienced Octopus Deploy users, or people who understand "with great power comes great responsibility." Typically, we see senior or lead developers along with operations people who have these permissions. If you want to isolate an application, consider using [spaces](/docs/administration/spaces). - Leverage [sensitive variables](/docs/projects/variables/sensitive-variables) to encrypt and hide sensitive values such as usernames and passwords. Sensitive variables are write-only in the Octopus UI and Octopus API. - Use [composite variables](/docs/projects/variables/variable-substitutions/#binding-variables) to combine sensitive and non-sensitive values. A typical use case is database connection strings. Each language has a specific syntax. In the screenshot below `Project.Database.ConnectionString` is the composite variable, with the username and password referenced by the composite variable, but they are separate sensitive variables. diff --git a/src/pages/docs/best-practices/octopus-administration/partition-octopus-with-spaces.md b/src/pages/docs/best-practices/octopus-administration/partition-octopus-with-spaces.md index 6ae97d863a..6264fa79a2 100644 --- a/src/pages/docs/best-practices/octopus-administration/partition-octopus-with-spaces.md +++ b/src/pages/docs/best-practices/octopus-administration/partition-octopus-with-spaces.md @@ -34,9 +34,9 @@ Internally we have opted for a space per application suite. - Integrations Space (build servers, issue trackers, etc.) - And so on -## Anti-patterns +## Antipatterns -We've also found several anti-patterns with the Spaces feature you should avoid. +We've also found several antipatterns with the Spaces feature you should avoid. - A space per team (Team A Space, Team B space, etc.). In larger corporations, applications typically move between teams; a space per team would require you to move projects between spaces. The project export/import makes this easier, but it doesn't copy everything. You'd need to move packages, deployment targets, and workers. Release and Deployment history is not moved either. - A space per environment (Development Space, Production Space, Test Space, etc.). Spaces were not designed, nor do they support this scenario. You would need a way to keep the deployment process in sync across multiple spaces. Such a syncing process is [difficult to create and maintain](/docs/administration/sync-instances). diff --git a/src/pages/docs/deployments/aws/ecs/index.md b/src/pages/docs/deployments/aws/ecs/index.md index 685a1275b0..d5d8200abb 100644 --- a/src/pages/docs/deployments/aws/ecs/index.md +++ b/src/pages/docs/deployments/aws/ecs/index.md @@ -159,7 +159,7 @@ Specify additional options for the running container, such as `Entry Point`, `Wo In this section, you can specify mount points for the running container. Mount points can refer to the volumes specified in the **Volumes** section of the ECS step. -For container logging the step can either auto-configure CloudWatch logs, or you can provide logging configuration manually. If you choose to have CloudWatch logs auto-configured, please ensure that you have specified a Task Execution Role ARN for this step. +For container logging the step can either autoconfigure CloudWatch logs, or you can provide logging configuration manually. If you choose to have CloudWatch logs autoconfigured, please ensure that you have specified a Task Execution Role ARN for this step. :::figure ![ECS Step Container Definition Storage and Logging](/docs/img/deployments/aws/ecs/images/ecs-container-storage-and-logging.png) diff --git a/src/pages/docs/deployments/aws/index.md b/src/pages/docs/deployments/aws/index.md index e3725fbe4e..6e0c90b7c1 100644 --- a/src/pages/docs/deployments/aws/index.md +++ b/src/pages/docs/deployments/aws/index.md @@ -14,7 +14,7 @@ Octopus Deploy includes dedicated integration with Amazon Web Services (AWS) to - [Deploy an AWS CloudFormation Template](/docs/deployments/aws/cloudformation) allows you to create or update a CloudFormation stack. It offers more flexibility than the UI step. - [Delete an AWS CloudFormation stack](/docs/deployments/aws/removecloudformation) deletes existing CloudFormation stacks. - [Upload a package to an AWS S3 bucket](/docs/deployments/aws/s3) allows you to upload files and packages to S3 buckets. -- [Run an AWS CLI Script](/docs/deployments/custom-scripts/aws-cli-scripts) runs a custom script with AWS credentials pre-loaded. +- [Run an AWS CLI Script](/docs/deployments/custom-scripts/aws-cli-scripts) runs a custom script with AWS credentials preloaded. :::div{.hint} **Where do AWS Steps execute?** diff --git a/src/pages/docs/deployments/azure/deploying-a-package-to-an-azure-web-app/using-deployment-slots-with-azure-web-apps.md b/src/pages/docs/deployments/azure/deploying-a-package-to-an-azure-web-app/using-deployment-slots-with-azure-web-apps.md index e1c86da48a..522303c65f 100644 --- a/src/pages/docs/deployments/azure/deploying-a-package-to-an-azure-web-app/using-deployment-slots-with-azure-web-apps.md +++ b/src/pages/docs/deployments/azure/deploying-a-package-to-an-azure-web-app/using-deployment-slots-with-azure-web-apps.md @@ -21,7 +21,7 @@ Deployment Slots are only available to Azure Web Apps running in Standard or Pre ## Walk-Through {#UsingDeploymentSlotsWithAzureWebApps-Walk-Through} Here we will give an example of how to setup a Blue-Green deployment for an Azure Web App using Deployment Slots. -The scripts below assume you have a variable named 'WebSite' that contains the name of your Azure Web Site and 'ResourceGroup' that contains the Azure Resource Group Name. +The scripts below assume you have a variable named 'WebSite' that contains the name of your Azure Web App and 'ResourceGroup' that contains the Azure Resource Group Name. ### Step 1: Create an Azure Web App Deployment Target diff --git a/src/pages/docs/deployments/certificates/wildfly-certificate-import.md b/src/pages/docs/deployments/certificates/wildfly-certificate-import.md index c28c95e8c9..56586cb33f 100644 --- a/src/pages/docs/deployments/certificates/wildfly-certificate-import.md +++ b/src/pages/docs/deployments/certificates/wildfly-certificate-import.md @@ -66,7 +66,7 @@ The `KeyStore alias` field defines a custom alias under which the certificate an ## Deploying a certificate to a domain -Domains can be used to distribute the configuration required to access a KeyStore, but can not be used to distribute the KeyStore files themselves. Since each slave in the domain needs to have access to the KeyStore file, configuring certificates is therefor a two step process: +Domains can be used to distribute the configuration required to access a KeyStore, but can not be used to distribute the KeyStore files themselves. Since each slave in the domain needs to have access to the KeyStore file, configuring certificates is therefor a two-step process: 1. Deploying a KeyStore file to all slave instances. 2. Configuring the profiles managed by the domain controller to reference the KeyStore files. diff --git a/src/pages/docs/deployments/custom-scripts/run-a-script-step.md b/src/pages/docs/deployments/custom-scripts/run-a-script-step.md index 5b698241c7..789fbb8914 100644 --- a/src/pages/docs/deployments/custom-scripts/run-a-script-step.md +++ b/src/pages/docs/deployments/custom-scripts/run-a-script-step.md @@ -141,7 +141,7 @@ Write-Host "ExtractedPath: $ExtractedPath" #### Package files {#referencing-packages-package-files} -If the package reference was configured to be extracted, then the package will be extracted to a sub-directory in the working-directory of the script. This directory will be named the same as the package-reference. For example, a package reference named `Acme` would be extracted to directory similar to `C:\Octopus\Work\20180821060923-7117-31\Acme` (this is obviously a Windows directory; a script executing on a Linux target may have a path such as `/home/ubuntu/.octopus/Work/20180821062148-7121-35/Acme`). +If the package reference was configured to be extracted, then the package will be extracted to a subdirectory in the working-directory of the script. This directory will be named the same as the package-reference. For example, a package reference named `Acme` would be extracted to directory similar to `C:\Octopus\Work\20180821060923-7117-31\Acme` (this is obviously a Windows directory; a script executing on a Linux target may have a path such as `/home/ubuntu/.octopus/Work/20180821062148-7121-35/Acme`). If the package reference was _not_ configured to be extracted, then the un-extracted package file will be placed in the working directory. The file will be named as the package reference name, with the same extension as the original package file. For example, for a package reference named `Acme`, which resolved to a zip package, the file would be copied to a path such as `C:\Octopus\Work\20180821060923-7117-31\Acme.zip` (for Linux: `/home/ubuntu/.octopus/Work/20180821062148-7121-35/Acme.zip`). diff --git a/src/pages/docs/deployments/custom-scripts/scripts-in-packages/index.md b/src/pages/docs/deployments/custom-scripts/scripts-in-packages/index.md index 8b12be009a..b7b5441e29 100644 --- a/src/pages/docs/deployments/custom-scripts/scripts-in-packages/index.md +++ b/src/pages/docs/deployments/custom-scripts/scripts-in-packages/index.md @@ -19,7 +19,7 @@ You can add any of the following script files in any of the scripting languages - `PostDeploy.` - `DeployFailed.` -Where `` is the appropriate extension for your scripting language of choice. Also note these file names will be case sensitive on certain operating systems. +Where `` is the appropriate extension for your scripting language of choice. Also note these file names will be case-sensitive on certain operating systems. Octopus will detect these scripts and invoke them at the appropriate time during the step. Which file you use depends on when you need your custom activity to run; see the section on [what order are conventions run in](/docs/deployments/packages/package-deployment-feature-ordering/) for details. Your scripts can do anything your scripting language supports, as well as setting [output variables](/docs/projects/variables/output-variables/) and [collecting artifacts](/docs/projects/deployment-process/artifacts). diff --git a/src/pages/docs/deployments/databases/common-patterns/index.md b/src/pages/docs/deployments/databases/common-patterns/index.md index 9289bfec58..043d606a70 100644 --- a/src/pages/docs/deployments/databases/common-patterns/index.md +++ b/src/pages/docs/deployments/databases/common-patterns/index.md @@ -18,7 +18,7 @@ Learn more about [manual approvals](/docs/deployments/databases/common-patterns/ ## Automatic approvals -Manual approvals are a great starting point, when the number of projects that require approval is low. The number of notifications will exponentially grow as time goes on. It is common for the frequency of deployments to go from once a quarter to once a week, and it is important for the signal to noise ratio to remain high. Having a DBA spend time approving minor stored procedure changes is not productive. This section shows you how to take the manual approval process and add logic for automated approvals. +Manual approvals are a great starting point, when the number of projects that require approval is low. The number of notifications will exponentially grow as time goes on. It is common for the frequency of deployments to go from once a quarter to once a week, and it is important for the signal-to-noise ratio to remain high. Having a DBA spend time approving minor stored procedure changes is not productive. This section shows you how to take the manual approval process and add logic for automated approvals. Learn more about [automatic approvals](/docs/deployments/databases/common-patterns/automatic-approvals). diff --git a/src/pages/docs/deployments/databases/common-patterns/manual-approvals.md b/src/pages/docs/deployments/databases/common-patterns/manual-approvals.md index 8b96a3c111..a0e595abaa 100644 --- a/src/pages/docs/deployments/databases/common-patterns/manual-approvals.md +++ b/src/pages/docs/deployments/databases/common-patterns/manual-approvals.md @@ -108,7 +108,7 @@ That sample uses `Notification.Base.Url` instead of the system variable `Octopus A separate variable, such as `Notification.Base.Url` provides a lot more options. For example, you can set that to a publicly exposed URL the approvers can use to approve changes from home. -## Keeping the signal to noise ratio low +## Keeping the signal-to-noise ratio low Imagine a message is sent to the team for every deployment to `Development` and `Test`. At first, that is a good idea. But as time goes on, the number of deployments per day will increase. They are now deploying 20 times a day to each environment. Those notifications went from being useful to being noise. diff --git a/src/pages/docs/deployments/databases/mysql-flyway/index.md b/src/pages/docs/deployments/databases/mysql-flyway/index.md index 2b19063589..a34f3b9455 100644 --- a/src/pages/docs/deployments/databases/mysql-flyway/index.md +++ b/src/pages/docs/deployments/databases/mysql-flyway/index.md @@ -24,7 +24,7 @@ The Flyway download comes with everything it needs to execute, including a versi ::: :::div{.hint} -If Flyway doesn't find Java installed on the machine (detected by the presence of the JAVA_HOME environment variable), it will fall back to the included JRE. The included version of the JRE has the .exe and .dll files located within a `bin` sub-directory. It is often the case that source control will ignore any directory with the name `bin`, so be careful when including a Flyway project and you need the included JRE. +If Flyway doesn't find Java installed on the machine (detected by the presence of the JAVA_HOME environment variable), it will fall back to the included JRE. The included version of the JRE has the .exe and .dll files located within a `bin` subdirectory. It is often the case that source control will ignore any directory with the name `bin`, so be careful when including a Flyway project and you need the included JRE. ::: ## Add scripts to your Flyway project diff --git a/src/pages/docs/deployments/databases/sql-server/redgate.md b/src/pages/docs/deployments/databases/sql-server/redgate.md index 63c255547b..be6eff1178 100644 --- a/src/pages/docs/deployments/databases/sql-server/redgate.md +++ b/src/pages/docs/deployments/databases/sql-server/redgate.md @@ -228,7 +228,7 @@ In Octopus Deploy, that process will look like the following screenshot. This e ![Deployment process overview in Octopus Deploy](/docs/img/deployments/databases/sql-server/images/redgate-octopus-deploy-deployment-process-overview.png) ::: -Before adding steps to the process, a number of variables need to be created. We recommend namespacing the variables using [ProjectName].[Component].[Sub-component]. +Before adding steps to the process, a number of variables need to be created. We recommend namespacing the variables using [ProjectName].[Component].[Subcomponent]. - **Project.Database.Name**: The name of the database on the SQL Server to deploy to. - **Project.Database.Password**: The password of the user account who has permissions to deploy. This is not required if you're using integrated security. diff --git a/src/pages/docs/deployments/packages/stage-package-uploads.md b/src/pages/docs/deployments/packages/stage-package-uploads.md index 4d90d73b46..da054328c4 100644 --- a/src/pages/docs/deployments/packages/stage-package-uploads.md +++ b/src/pages/docs/deployments/packages/stage-package-uploads.md @@ -24,7 +24,7 @@ When the deployment runs, Octopus will insert an "Acquire" step to execute as pa - Run another script - Deploy package C -During the acquire packages stage, Octopus will upload all NuGet packages used in the deployment to all servers. We do this because package uploads can be time consuming, so we want to minimize the downtime between installing packages A and B in this example. +During the acquire packages stage, Octopus will upload all NuGet packages used in the deployment to all servers. We do this because package uploads can be time-consuming, so we want to minimize the downtime between installing packages A and B in this example. If you have a small window for downtime, you might like to **pre-stage** your packages. An easy way to do this is to use a [manual intervention step](/docs/projects/built-in-step-templates/manual-intervention-and-approvals). The deployment process would become: diff --git a/src/pages/docs/deployments/patterns/branching.md b/src/pages/docs/deployments/patterns/branching.md index 7be173b2e0..413613a6fa 100644 --- a/src/pages/docs/deployments/patterns/branching.md +++ b/src/pages/docs/deployments/patterns/branching.md @@ -75,8 +75,8 @@ In this example, packages that start with 2.x go to the "Stable" channel, while **Tip: Channels aren't branches** When designing channels in Octopus, don't think about channels as another name for branches: -- **Branches** can be short lived and tend to get merged, and model the way code changes in the system. -- **Channels** are often long lived, and model your release process. +- **Branches** can be short-lived and tend to get merged, and model the way code changes in the system. +- **Channels** are often long-lived, and model your release process. For example, [Google Chrome have four different channels](https://www.chromium.org/getting-involved/dev-channel) (Stable, Beta, Dev, and Canary). Their channels are designed around user's tolerance for bleeding edge features vs. stability. Underneath, they may have many release branches contributing to those channels. @@ -87,7 +87,7 @@ Eventually, `release/v3` will become more and more stable, and packages from it ### Feature branches -Feature branches are usually short lived, and allow developers to work on a new feature in isolation. When the feature is complete, it is merged back to the `trunk` or the `main` (default) branch. Often, feature branches are not deployed, and so don't need to be mapped in Octopus. +Feature branches are usually short-lived, and allow developers to work on a new feature in isolation. When the feature is complete, it is merged back to the `trunk` or the `main` (default) branch. Often, feature branches are not deployed, and so don't need to be mapped in Octopus. :::figure ![](/docs/img/deployments/patterns/images/3278442.png) diff --git a/src/pages/docs/deployments/patterns/elastic-and-transient-environments/deploying-to-transient-targets.md b/src/pages/docs/deployments/patterns/elastic-and-transient-environments/deploying-to-transient-targets.md index bc28d714f7..9381cd4c2a 100644 --- a/src/pages/docs/deployments/patterns/elastic-and-transient-environments/deploying-to-transient-targets.md +++ b/src/pages/docs/deployments/patterns/elastic-and-transient-environments/deploying-to-transient-targets.md @@ -17,7 +17,7 @@ A typical Octopus deployment requires that all deployment targets are available ## Deploying to Targets that become unavailable during a deployment {#targets-become-unavailable} -This example uses the OctoFX project that does a deployment to two [target tags](/docs/infrastructure/deployment-targets/target-tags): **RateServer** and **TradingWebServer**. We have decided to auto-scale the machines in the **TradingWebServer** tag and want to continue deploying the web site to the available machines, ignoring any machines that are no longer available, perhaps due to being scaled down. +This example uses the OctoFX project that does a deployment to two [target tags](/docs/infrastructure/deployment-targets/target-tags): **RateServer** and **TradingWebServer**. We have decided to auto-scale the machines in the **TradingWebServer** tag and want to continue deploying the website to the available machines, ignoring any machines that are no longer available, perhaps due to being scaled down. 1. Navigate to the OctoFX project overview page. 2. Select the **Settings** option and expand the **Deployment Target** section. @@ -39,7 +39,7 @@ In this example, OctoFX will deploy to **RateServer** and then run a Health Chec ![](/docs/img/deployments/patterns/elastic-and-transient-environments/images/healthcheck.png) 4. Save the step. -5. Back at the deployment process, re-order the steps so that the **Health Check** step occurs before the **Trading Website** step. This will ensure that deployment targets with the **TradingWebServer** target tag are re-evaluated before the trading web site is deployed: +5. Back at the deployment process, re-order the steps so that the **Health Check** step occurs before the **Trading Website** step. This will ensure that deployment targets with the **TradingWebServer** target tag are re-evaluated before the trading website is deployed: ![](/docs/img/deployments/patterns/elastic-and-transient-environments/images/evaluate.png) diff --git a/src/pages/docs/getting-started/first-deployment/deploy-a-package.md b/src/pages/docs/getting-started/first-deployment/deploy-a-package.md index 64f4bd5dce..e9f7c77857 100644 --- a/src/pages/docs/getting-started/first-deployment/deploy-a-package.md +++ b/src/pages/docs/getting-started/first-deployment/deploy-a-package.md @@ -88,7 +88,7 @@ The release will deploy the *hello world* package to the *Hello world tutorial t You completed the first deployment tutorial, well done! πŸŽ‰ -In this series you built a multi-step deployment process, used scoped variables, and deployed a sample package to a deployment target. It's now time to add your applications to Octopus Deploy. +In this series you built a multistep deployment process, used scoped variables, and deployed a sample package to a deployment target. It's now time to add your applications to Octopus Deploy. ### All guides in this tutorial series diff --git a/src/pages/docs/infrastructure/deployment-targets/tentacle/windows/polling-tentacles-web-sockets.md b/src/pages/docs/infrastructure/deployment-targets/tentacle/windows/polling-tentacles-web-sockets.md index fc78adc342..e8bd80ab20 100644 --- a/src/pages/docs/infrastructure/deployment-targets/tentacle/windows/polling-tentacles-web-sockets.md +++ b/src/pages/docs/infrastructure/deployment-targets/tentacle/windows/polling-tentacles-web-sockets.md @@ -89,7 +89,7 @@ It does need to be installed into the Personal certificate store of the Machine The easiest way to get the SSL certificate set up is to configure [Octopus to use HTTPS](/docs/security/exposing-octopus/expose-the-octopus-web-portal-over-https) on that address and port. -If you need to generate a self signed certificate, this can be done by issuing the following PowerShell command. Take note of the thumbprint generated. +If you need to generate a self-signed certificate, this can be done by issuing the following PowerShell command. Take note of the thumbprint generated. ```powershell New-SelfSignedCertificate -Subject "CN=Example Website" -CertStoreLocation "Cert:\localMachine\My" -KeyExportPolicy Exportable diff --git a/src/pages/docs/installation/isolated-octopus-deploy-servers.md b/src/pages/docs/installation/isolated-octopus-deploy-servers.md index 5f32670528..21c1742ec5 100644 --- a/src/pages/docs/installation/isolated-octopus-deploy-servers.md +++ b/src/pages/docs/installation/isolated-octopus-deploy-servers.md @@ -12,7 +12,7 @@ Octopus was designed to be a single, central point of truth for application depl Of course, the real world and the ideal world don't always overlap, and you might need to have separate Octopus Servers. Common examples are: - Solution providers with an internal Octopus Server for pre-production deployments while developing a solution, and then Octopus Servers managed by the client for production deployments, on different networks -- When company policies require production and pre-production environments to be on completely isolated networks, like PCI compliant environments. Learn about [PCI Compliance and Octopus Deploy](/docs/security/pci-compliance-and-octopus-deploy). +- When company policies require production and pre-production environments to be on completely isolated networks, like PCI-compliant environments. Learn about [PCI Compliance and Octopus Deploy](/docs/security/pci-compliance-and-octopus-deploy). On this page, we discuss two different scenarios, and the features and options that exist for dealing with them. diff --git a/src/pages/docs/installation/load-balancers/use-nginx-as-reverse-proxy.md b/src/pages/docs/installation/load-balancers/use-nginx-as-reverse-proxy.md index 4b57540f06..cf589978a3 100644 --- a/src/pages/docs/installation/load-balancers/use-nginx-as-reverse-proxy.md +++ b/src/pages/docs/installation/load-balancers/use-nginx-as-reverse-proxy.md @@ -244,4 +244,4 @@ http { } ``` -By default, NGINX uses round robin. The Octopus Deploy UI is stateless; round robin should work without issues. Another option is the least connections, where the server routes the request with the least amount of active connections. See the [NGINX documentation](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#choosing-a-load-balancing-method) for more details on load balancing. +By default, NGINX uses round-robin. The Octopus Deploy UI is stateless; round-robin should work without issues. Another option is the least connections, where the server routes the request with the least amount of active connections. See the [NGINX documentation](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#choosing-a-load-balancing-method) for more details on load balancing. diff --git a/src/pages/docs/kubernetes/live-object-status/index.md b/src/pages/docs/kubernetes/live-object-status/index.md index 1dea164383..09278082b2 100644 --- a/src/pages/docs/kubernetes/live-object-status/index.md +++ b/src/pages/docs/kubernetes/live-object-status/index.md @@ -145,7 +145,7 @@ The flexibility that Octopus variables provide mean that sensitive variables can ### Kubernetes secrets -The well defined structure of Kubernetes secrets allow us to confidently redact secret data. +The well-defined structure of Kubernetes secrets allow us to confidently redact secret data. To ensure that we never exfiltrate secret data that Octopus is not privy to, the Kubernetes monitor salts and hashes the secret data using sha256. By hashing secrets Octopus can tell you when something changed in your secret, but Octopus will never know what the secrets are unless you have populated them using Octopus sensitive variables. diff --git a/src/pages/docs/kubernetes/steps/helm.md b/src/pages/docs/kubernetes/steps/helm.md index a704d82321..202899ae94 100644 --- a/src/pages/docs/kubernetes/steps/helm.md +++ b/src/pages/docs/kubernetes/steps/helm.md @@ -92,7 +92,7 @@ Remember that since the Kubernetes cluster connection context is available via t #### Kubernetes release -The Kubernetes release uniquely identifies the released chart in the cluster. Because of the unique naming requirements of the release name, the default value provided includes both the project and environment name to ensure that successive Octopus releases do not conflict with one another. When redeploying new versions of the chart, this name is what is used to uniquely identify the resources that are related to that Octopus deployment. Helm requires that this name consist of only lowercase alpha numeric and dash (-) characters. +The Kubernetes release uniquely identifies the released chart in the cluster. Because of the unique naming requirements of the release name, the default value provided includes both the project and environment name to ensure that successive Octopus releases do not conflict with one another. When redeploying new versions of the chart, this name is what is used to uniquely identify the resources that are related to that Octopus deployment. Helm requires that this name consist of only lowercase alphanumeric and dash (-) characters. :::div{.hint} Due to the design of Helm, the release names must be [unique across the entire cluster](https://github.com/helm/helm/issues/2060#issuecomment-287164881), not just namespaces. diff --git a/src/pages/docs/kubernetes/steps/kubernetes-resources.md b/src/pages/docs/kubernetes/steps/kubernetes-resources.md index 48a300a4ea..ff2a66d26e 100644 --- a/src/pages/docs/kubernetes/steps/kubernetes-resources.md +++ b/src/pages/docs/kubernetes/steps/kubernetes-resources.md @@ -228,7 +228,7 @@ When configuring ConfigMap and Secret volumes types, an optional Default Mode ca **Note:** Kubernetes converts and stores Octal permission values to Decimals when applying. Other areas of Octopus UI will reflect this conversion, but editing remains in the more broadly adopted Octal format. -Kubernetes provides a wide range of Volume resource types. The common, cloud agnostic Volume resource types can be configured directly by Octopus. Other Volume resource types are configured as raw YAML. +Kubernetes provides a wide range of Volume resource types. The common, cloud-agnostic Volume resource types can be configured directly by Octopus. Other Volume resource types are configured as raw YAML. #### Common values @@ -469,7 +469,7 @@ Each Volume Mount requires a unique `Name`. The `Mount Path` is the path in the Container resource file system where the Volume resource will be mounted e.g. `/data` or `/etc/my-app/config`. -The `Sub Path` field is optional, and can be used to mount a sub directory exposed by the Volume resource. This is useful when a single Volume resource is shared between multiple Container resources, because it allows each Container resource to mount only the subdirectory it requires. For example, Volume resource may expose a directory structure like: +The `Sub Path` field is optional, and can be used to mount a subdirectory exposed by the Volume resource. This is useful when a single Volume resource is shared between multiple Container resources, because it allows each Container resource to mount only the subdirectory it requires. For example, Volume resource may expose a directory structure like: ``` - webserver diff --git a/src/pages/docs/kubernetes/targets/kubernetes-api/index.md b/src/pages/docs/kubernetes/targets/kubernetes-api/index.md index f1c67fc101..1caa87c91a 100644 --- a/src/pages/docs/kubernetes/targets/kubernetes-api/index.md +++ b/src/pages/docs/kubernetes/targets/kubernetes-api/index.md @@ -81,7 +81,7 @@ users: 4. Select at least one [environment](/docs/infrastructure/environments) for the target. 5. Select at least one [target tag](/docs/infrastructure/deployment-targets/target-tags) for the target. 6. Select the authentication method. Kubernetes targets support multiple [account types](https://oc.to/KubernetesAuthentication): - - **Usernames/Password**: In the example YAML above, the user name is found in the `username` field, and the password is found in the `password` field. These values can be added as an Octopus [Username and Password](/docs/infrastructure/accounts/username-and-password) account. + - **Usernames/Password**: In the example YAML above, the username is found in the `username` field, and the password is found in the `password` field. These values can be added as an Octopus [Username and Password](/docs/infrastructure/accounts/username-and-password) account. - **Tokens**: In the example YAML above, the token is defined in the `token` field. This value can be added as an Octopus [Token](/docs/infrastructure/accounts/tokens) account. - **Azure Service Principal**: When using an AKS cluster, [Azure Service Principal accounts](/docs/infrastructure/accounts/azure) allow Azure Active Directory accounts to be used. @@ -154,7 +154,7 @@ users: 7. Enter the Kubernetes cluster URL. Each Kubernetes target requires the cluster URL, which is defined in the `Kubernetes cluster URL` field. In the example YAML about, this is defined in the `server` field. 8. Optionally, select the certificate authority if you've added one. Kubernetes clusters are often protected with self-signed certificates. In the YAML example above the certificate is saved as a base 64 encoded string in the `certificate-authority-data` field. -To communicate with a Kubernetes cluster with a self signed certificate over HTTPS, you can either select the **Skip TLS verification** option, or supply the certificate in `The optional cluster certificate authority` field. +To communicate with a Kubernetes cluster with a self-signed certificate over HTTPS, you can either select the **Skip TLS verification** option, or supply the certificate in `The optional cluster certificate authority` field. Decoding the `certificate-authority-data` field results in a string that looks something like this (the example has been truncated for readability): diff --git a/src/pages/docs/octopus-cloud/frequently-asked-questions.md b/src/pages/docs/octopus-cloud/frequently-asked-questions.md index 891613d11e..bc2ce96f11 100644 --- a/src/pages/docs/octopus-cloud/frequently-asked-questions.md +++ b/src/pages/docs/octopus-cloud/frequently-asked-questions.md @@ -211,7 +211,7 @@ Our [retention policies](/docs/administration/retention-policies) let you contro ### What access do Octopus staff have to our data? -We protect all access with multi-factor authentication (MFA), role-based access control (RBAC), and the principle of least privilege (PLP). +We protect all access with multifactor authentication (MFA), role-based access control (RBAC), and the principle of least privilege (PLP). In case of issues related to your data or the availability of your Cloud instance, Support Users can be granted temporary access to your Cloud instance, and queries can be run against your Cloud instance database. Only competent, trained, background-checked, and authorized engineers can gain this access. These activities are tightly controlled and have automatic revocation of access mechanisms. diff --git a/src/pages/docs/octopus-rest-api/octopus-cli/complete.md b/src/pages/docs/octopus-rest-api/octopus-cli/complete.md index f016d8e9ff..466a55e9e3 100644 --- a/src/pages/docs/octopus-rest-api/octopus-cli/complete.md +++ b/src/pages/docs/octopus-rest-api/octopus-cli/complete.md @@ -7,7 +7,7 @@ description: Supports command line auto completion. navOrder: 100 --- -Supports command line auto completion. +Supports command line auto-completion. **complete options** diff --git a/src/pages/docs/octopus-rest-api/octopus.migrator.exe-command-line/index.md b/src/pages/docs/octopus-rest-api/octopus.migrator.exe-command-line/index.md index 16df2caeb0..614525a42e 100644 --- a/src/pages/docs/octopus-rest-api/octopus.migrator.exe-command-line/index.md +++ b/src/pages/docs/octopus-rest-api/octopus.migrator.exe-command-line/index.md @@ -10,7 +10,7 @@ navOrder: 80 **Octopus.Migrator.exe** is a command line tool that provides the ability to back-up and restore parts of an Octopus Deploy instance as well as migrate data from **Octopus 2.6** builds. :::div{.warning} -Octopus.Migrator.exe is not designed to support migrating projects between spaces. Issues and unintended results may occur when attempting to use the tool in this manner. If you wish to migrate projects between spaces or from an on-premise installation to a cloud instance, please see our [Exporting and Importing Projects](/docs/projects/export-import) documentation. +Octopus.Migrator.exe is not designed to support migrating projects between spaces. Issues and unintended results may occur when attempting to use the tool in this manner. If you wish to migrate projects between spaces or from an on-premises installation to a cloud instance, please see our [Exporting and Importing Projects](/docs/projects/export-import) documentation. ::: For more in depth information about applicable data migration scenarios and tips, please reference the [data migration documentation](/docs/administration/data/data-migration). @@ -52,7 +52,7 @@ And you can get help for a specific command using: Octopus.Migrator help ``` -Arguments are not case sensitive and can take the following forms: +Arguments are not case-sensitive and can take the following forms: ```powershell --project OctoFX # Space between argument name and value diff --git a/src/pages/docs/octopus-rest-api/octopus.server.exe-command-line/watchdog.md b/src/pages/docs/octopus-rest-api/octopus.server.exe-command-line/watchdog.md index e58f696007..51f9c7b91a 100644 --- a/src/pages/docs/octopus-rest-api/octopus.server.exe-command-line/watchdog.md +++ b/src/pages/docs/octopus-rest-api/octopus.server.exe-command-line/watchdog.md @@ -44,7 +44,7 @@ Comma separated: octopus.server watchdog --delete --instances="default,MyNewInstance" ``` -Semi-colon separated: +Semicolon separated: ``` octopus.server watchdog --delete --instances="default;MyNewInstance" diff --git a/src/pages/docs/octopus-rest-api/openid-connect/other-issuers.md b/src/pages/docs/octopus-rest-api/openid-connect/other-issuers.md index f15573eced..0a953ad0eb 100644 --- a/src/pages/docs/octopus-rest-api/openid-connect/other-issuers.md +++ b/src/pages/docs/octopus-rest-api/openid-connect/other-issuers.md @@ -116,7 +116,7 @@ Authorization: Bearer {the-access-token-obtained-from-octopus} Some issuers may not be able to generate an OIDC token with the id of the Octopus service account set in the audience (`aud`) field. Examples of this include when connecting to Octopus from a custom application running in Azure. -When configuring an OIDC identity for an other issuer, the audience can be set to a custom string. Click the edit icon next to the Audience field to do this. +When configuring an OIDC identity for another issuer, the audience can be set to a custom string. Click the edit icon next to the Audience field to do this. :::figure ![OIDC Identity with custom audience](/docs/img/octopus-rest-api/images/oidc-identity-other-issuer-custom-audience.png 'width=500') diff --git a/src/pages/docs/packaging-applications/build-servers/bamboo.md b/src/pages/docs/packaging-applications/build-servers/bamboo.md index d65da882fd..3cbb9ac265 100644 --- a/src/pages/docs/packaging-applications/build-servers/bamboo.md +++ b/src/pages/docs/packaging-applications/build-servers/bamboo.md @@ -13,7 +13,7 @@ The Octopus Deploy [add-on for Bamboo](https://octopus.com/downloads) allows pac The plugin relies on a local copy of the [Octopus CLI](/docs/octopus-rest-api/octopus-cli) being available to the build agent. The command line tool can be downloaded from the [Octopus Deploy Download page](https://octopus.com/downloads). -Note that while the command line tool package is largely self contained, some Linux distributions require additional libraries to be installed before .NET Core applications will run. These packages are documented at the [Get started with .NET Core](https://www.microsoft.com/net/core) website. +Note that while the command line tool package is largely self-contained, some Linux distributions require additional libraries to be installed before .NET Core applications will run. These packages are documented at the [Get started with .NET Core](https://www.microsoft.com/net/core) website. To verify that the command line tool can be run, execute it from a terminal. When run with no arguments, the `Octo` executable will display a list of available commands. @@ -241,7 +241,7 @@ For this reason it is recommended that the promote release task not be used as p ### Octopus command line tool failed to run in Linux -The Octopus Command Line tool packages for Linux are relatively self contained, but depending on your Linux distribution you may need to install some additional dependencies for the command line tool to run. +The Octopus Command Line tool packages for Linux are relatively self-contained, but depending on your Linux distribution you may need to install some additional dependencies for the command line tool to run. For example, in Centos 7 you might see this error: diff --git a/src/pages/docs/packaging-applications/build-servers/tfs-azure-devops/using-octopus-extension/install-octopus-cli-capability.md b/src/pages/docs/packaging-applications/build-servers/tfs-azure-devops/using-octopus-extension/install-octopus-cli-capability.md index 6ecfbb2590..f4a79f8f55 100644 --- a/src/pages/docs/packaging-applications/build-servers/tfs-azure-devops/using-octopus-extension/install-octopus-cli-capability.md +++ b/src/pages/docs/packaging-applications/build-servers/tfs-azure-devops/using-octopus-extension/install-octopus-cli-capability.md @@ -11,7 +11,7 @@ Tasks in the Octopus extension use the [Octopus CLI](/docs/octopus-rest-api/octo 1. Use the tool installer task, **Octopus CLI Installer** as part of a build pipeline definition 2. Install the Octopus CLI into a [self-hosted agent](https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents#install) -Using the tool installer task **Octopus CLI Installer** in a build pipeline definition is suitable for installing the Octopus CLI just in time for a build. This is required for builds executed on [Microsoft-hosted agents](https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted), which do not offer the ability to pre-load custom software. Alternatively, the Octopus CLI may be installed on a self-hosted agent and expressed as a capability. Once configured, a pipeline may express demands of agents to ensure that the Octopus CLI is available when executing builds. +Using the tool installer task **Octopus CLI Installer** in a build pipeline definition is suitable for installing the Octopus CLI just in time for a build. This is required for builds executed on [Microsoft-hosted agents](https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted), which do not offer the ability to preload custom software. Alternatively, the Octopus CLI may be installed on a self-hosted agent and expressed as a capability. Once configured, a pipeline may express demands of agents to ensure that the Octopus CLI is available when executing builds. ## Using the Octopus CLI Installer diff --git a/src/pages/docs/packaging-applications/create-packages/versioning.md b/src/pages/docs/packaging-applications/create-packages/versioning.md index 4b470c0385..4ae9c236b5 100644 --- a/src/pages/docs/packaging-applications/create-packages/versioning.md +++ b/src/pages/docs/packaging-applications/create-packages/versioning.md @@ -98,7 +98,7 @@ The Qualifier can hold any value, although some qualifiers have special meanings * (the empty string) or ga or final * sp -Qualifiers are case insensitive, and some of the qualifiers have shorthand aliases, for instance, `alpha` and `a`. If you use an alias it must include a number, for instance, `a1`. If you do not include a number after the alias, it will be treated as an unrecognized qualifier which will be compared as a case insensitive string after the qualified versions. +Qualifiers are case-insensitive, and some of the qualifiers have shorthand aliases, for instance, `alpha` and `a`. If you use an alias it must include a number, for instance, `a1`. If you do not include a number after the alias, it will be treated as an unrecognized qualifier which will be compared as a case-insensitive string after the qualified versions. Where version stings cannot be parsed as major.minor.patch.build and the qualifier is not recognized, the entire string is considered a qualifier. diff --git a/src/pages/docs/packaging-applications/package-repositories/built-in-repository/index.md b/src/pages/docs/packaging-applications/package-repositories/built-in-repository/index.md index 200577965c..4774989334 100644 --- a/src/pages/docs/packaging-applications/package-repositories/built-in-repository/index.md +++ b/src/pages/docs/packaging-applications/package-repositories/built-in-repository/index.md @@ -82,7 +82,7 @@ You can upload packages using npm.exe or using our grunt or gulp tasks. Take a l ## Using Curl {#UsingCurl} -You can upload packages using **curl**. Like all the other examples you will need your Octopus Server URL and an API Key. This will perform a POST uploading the file contents as multi-part form data. +You can upload packages using **curl**. Like all the other examples you will need your Octopus Server URL and an API Key. This will perform a POST uploading the file contents as multipart form data. ```powershell curl -X POST https://demo.octopus.app/api/packages/raw -H "X-Octopus-ApiKey: API-YOUR-API-KEY" -F "data=@Demo.1.0.0.zip" diff --git a/src/pages/docs/packaging-applications/package-repositories/github-feeds.md b/src/pages/docs/packaging-applications/package-repositories/github-feeds.md index 544ccf6b1e..d0472bad81 100644 --- a/src/pages/docs/packaging-applications/package-repositories/github-feeds.md +++ b/src/pages/docs/packaging-applications/package-repositories/github-feeds.md @@ -26,7 +26,7 @@ If you're attempting to configure access for your organization, and you would pr Create a GitHub package feed through **Library ➜ External feeds**. You can add as many GitHub feeds as you need. Each can have different credentials if required. -In most cases the `FeedUri` that you will need to provide is the standard public GitHub endpoint `https://api.github.com`. You would only need to provide a different url if you have self hosted GitHub Enterprise (in which case you would provide `https://my-github-repo.com/api/v3`) or if you access GitHub via a proxy. +In most cases the `FeedUri` that you will need to provide is the standard public GitHub endpoint `https://api.github.com`. You would only need to provide a different url if you have self-hosted GitHub Enterprise (in which case you would provide `https://my-github-repo.com/api/v3`) or if you access GitHub via a proxy. For authorization, it is recommended that you create a [Personal access tokens](https://github.com/blog/1509-personal-api-tokens) for your account and use this token as the password. Tokens can be created for your GitHub account by logging in to GitHub and navigating to **Settings ➜ Developer Settings ➜ Personal access tokens** and click **Generate new token**. diff --git a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/amazon-ec2-container-services.md b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/amazon-ec2-container-services.md index d1d6548df3..92f54e21a7 100644 --- a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/amazon-ec2-container-services.md +++ b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/amazon-ec2-container-services.md @@ -10,7 +10,7 @@ navOrder: 30 AWS provides a Docker Image registry, known as [Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/) . Support for EC2 Container registries is provided as a special feed type itself. :::div{.warning} -The credentials used for ECR feeds [only last 12 hours](http://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html). This may not be suitable for long lived container workloads. +The credentials used for ECR feeds [only last 12 hours](http://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html). This may not be suitable for long-lived container workloads. ::: ## Configuring an AWS Elastic Container Registry (ECR) diff --git a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/artifactory-container-registry.md b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/artifactory-container-registry.md index ef0f099dcd..e42eac3532 100644 --- a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/artifactory-container-registry.md +++ b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/artifactory-container-registry.md @@ -7,7 +7,7 @@ description: How to add Artifactory as an Octopus Deploy feed for use in Docker navOrder: 20 --- -Artifactory offers both self hosted and cloud instances, both of which are capable of hosting [Docker registries](https://jfrog.com/help/r/jfrog-artifactory-documentation/jfrog-container-registry). The process for adding a Docker registry for either type is the same. +Artifactory offers both self-hosted and cloud instances, both of which are capable of hosting [Docker registries](https://jfrog.com/help/r/jfrog-artifactory-documentation/jfrog-container-registry). The process for adding a Docker registry for either type is the same. ## Adding Artifactory as an Octopus External Feed diff --git a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/azure-container-services.md b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/azure-container-services.md index ec46ab7adc..0068539e19 100644 --- a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/azure-container-services.md +++ b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/azure-container-services.md @@ -57,5 +57,5 @@ Add the following properties to the feed credentials: - **Audience** *{{The audience set on the Federated Credential}}* *This can be set to the default of* `api://AzureADTokenExchange` *or a custom value if needed* :::div{.warning} -At this time, OpenID Connect external feeds are not supported for use with Kubernetes containers. This is because the short lived credentials they generate are not suitable for long running workloads. +At this time, OpenID Connect external feeds are not supported for use with Kubernetes containers. This is because the short-lived credentials they generate are not suitable for long-running workloads. ::: diff --git a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/google-container-registry.md b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/google-container-registry.md index 0e2b5b4427..17a9ff10ad 100644 --- a/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/google-container-registry.md +++ b/src/pages/docs/packaging-applications/package-repositories/guides/container-registries/google-container-registry.md @@ -41,5 +41,5 @@ To set up an OpenID Connect GCR feed: - **Audience** _{{The audience set on the workload identity provider}}_ *This should match the audience set on the Workload Identity Federation. By default, this is* `https://iam.googleapis.com/projects/{project-id}/locations/global/workloadIdentityPools/{pool-id}/providers/{provider-id}` :::div{.warning} -At this time, OpenID Connect external feeds are not supported for use with Kubernetes containers. This is because the short lived credentials they generate are not suitable for long running workloads. +At this time, OpenID Connect external feeds are not supported for use with Kubernetes containers. This is because the short-lived credentials they generate are not suitable for long-running workloads. ::: diff --git a/src/pages/docs/packaging-applications/package-repositories/guides/maven-repositories/artifactory-maven-feed.md b/src/pages/docs/packaging-applications/package-repositories/guides/maven-repositories/artifactory-maven-feed.md index 7db6bdc6b1..4f4842c48c 100644 --- a/src/pages/docs/packaging-applications/package-repositories/guides/maven-repositories/artifactory-maven-feed.md +++ b/src/pages/docs/packaging-applications/package-repositories/guides/maven-repositories/artifactory-maven-feed.md @@ -48,7 +48,7 @@ From the Artifactory web portal, navigate to **Administration ➜ Identity and A ![Artifactory Add user](/docs/img/packaging-applications/package-repositories/guides/nuget-repositories/images/artifactory-local-nuget-add-user.png) ::: -Fill out the **User Name**, **Email Address**, **Password** and any other settings. +Fill out the **Username**, **Email Address**, **Password** and any other settings. :::div{.hint} If you have an existing group to add the user to, you can do that here. Alternatively you can add the user account when creating a new group. diff --git a/src/pages/docs/packaging-applications/package-repositories/guides/nuget-repositories/artifactory-nuget-feed.md b/src/pages/docs/packaging-applications/package-repositories/guides/nuget-repositories/artifactory-nuget-feed.md index 2f41dbcd25..4c49d9ea1b 100644 --- a/src/pages/docs/packaging-applications/package-repositories/guides/nuget-repositories/artifactory-nuget-feed.md +++ b/src/pages/docs/packaging-applications/package-repositories/guides/nuget-repositories/artifactory-nuget-feed.md @@ -49,7 +49,7 @@ From the Artifactory web portal, navigate to **Administration ➜ Identity and A ![Artifactory Add user](/docs/img/packaging-applications/package-repositories/guides/nuget-repositories/images/artifactory-local-nuget-add-user.png) ::: -Fill out the **User Name**, **Email Address**, **Password** and any other settings. +Fill out the **Username**, **Email Address**, **Password** and any other settings. :::div{.hint} If you have an existing group to add the user to, you can do that here. Alternatively you can add the user account when creating a new group. diff --git a/src/pages/docs/platform-hub/process-templates/best-practices.md b/src/pages/docs/platform-hub/process-templates/best-practices.md index 252e03dba5..e68caee6a0 100644 --- a/src/pages/docs/platform-hub/process-templates/best-practices.md +++ b/src/pages/docs/platform-hub/process-templates/best-practices.md @@ -98,7 +98,7 @@ A large all-in-one template requires significant complexity to account for multi 2. More use cases are encountered and additional steps are added. Steps solely focused on business logic and creating output variables become the norm. 3. Conditional run conditions for multiple steps become the default. The template becomes very brittle as people need to β€œhold it just right” for everything to work. 4. Conditional steps start to fail randomly, or steps are skipped randomly because of a configuration change. -5. Consumers are forced to update the templates repeatedly to fix the ever growing list of bugs. +5. Consumers are forced to update the templates repeatedly to fix the ever-growing list of bugs. 6. Consumers start asking for the ability to cherry-pick steps when running the template. Eventually, the template becomes unusable, and users want a complete rewrite or ask how they can get out of using the templates. diff --git a/src/pages/docs/projects/deployment-process/artifacts.mdx b/src/pages/docs/projects/deployment-process/artifacts.mdx index c642acef59..12c6492b95 100644 --- a/src/pages/docs/projects/deployment-process/artifacts.mdx +++ b/src/pages/docs/projects/deployment-process/artifacts.mdx @@ -33,7 +33,7 @@ You can collect artifacts using any of the scripting languages supported by Octo # Collect a custom log file from the current working directory using the file name as the name of the artifact New-OctopusArtifact "output.log" -# Collect all .xml files contained in the current working directory recursing sub-directories +# Collect all .xml files contained in the current working directory recursing subdirectories Get-ChildItem . -Recurse -Include *.xml | New-OctopusArtifact # Collect the hosts file but using a custom name for each machine so you can differentiate between them diff --git a/src/pages/docs/projects/updating-step-templates.md b/src/pages/docs/projects/updating-step-templates.md index 1a899574f4..3d68c7fd13 100644 --- a/src/pages/docs/projects/updating-step-templates.md +++ b/src/pages/docs/projects/updating-step-templates.md @@ -16,7 +16,7 @@ If your project is using an out-of-date step template, you'll see a warning when ![Step Templates inline merge](/docs/img/projects/images/step-templates-inline-merge.png) ::: -If you have a lot of projects using a step template, updating them one by one can be time consuming. Fortunately, there is a way to update all of them at once. To do that, navigate to **Deploy ➜ Step Templates ➜ Name of the Step Template ➜ Usage**. +If you have a lot of projects using a step template, updating them one by one can be time-consuming. Fortunately, there is a way to update all of them at once. To do that, navigate to **Deploy ➜ Step Templates ➜ Name of the Step Template ➜ Usage**. Once you are there you should see a list of steps that are using the step template. The steps that are not on the latest version will have an **Update...** button next to them. Steps can be updated individually or all at once by clicking the **Update all...** button. diff --git a/src/pages/docs/projects/variables/system-variables.md b/src/pages/docs/projects/variables/system-variables.md index 6596d3e9ee..9bb6f1425d 100644 --- a/src/pages/docs/projects/variables/system-variables.md +++ b/src/pages/docs/projects/variables/system-variables.md @@ -446,7 +446,7 @@ The name of the Trigger that created the deployment. It is possible for a deploy This is an opt-in variable to help distribute multiple steps referencing the same package (including container) across a worker pool. By setting this, a worker will be reused for steps up to the cap, after which another worker will be selected and reused in the same way. If all workers have reached the cap, additional steps will be spread out evenly. By default, this behavior is disabled, and the same worker will be reused for all steps referencing the same package. Opt in by setting the variable to a number higher than 0. -Example: `1` - achieves a similar effect to round robin. +Example: `1` - achieves a similar effect to round-robin. Example: `5` - a balance between reducing package transfer and distributing load. Note: This value applies to both deployment processes and runbooks, as long as it's scoped to the particular scenario. @@ -1537,7 +1537,7 @@ Example: `c:\temp\octopus-debug` This is an opt-in variable to help distribute multiple steps referencing the same package (including container) across a worker pool. By setting this, a worker will be reused for steps up to the cap, after which another worker will be selected and reused in the same way. If all workers have reached the cap, additional steps will be spread out evenly. By default, this behavior is disabled, and the same worker will be reused for all steps referencing the same package. Opt in by setting the variable to a number higher than 0. -Example: `1` - achieves a similar effect to round robin. +Example: `1` - achieves a similar effect to round-robin. Example: `5` - a balance between reducing package transfer and distributing load. Note: This value applies to both deployment processes and runbooks, as long as it's scoped to the particular scenario. diff --git a/src/pages/docs/projects/version-control/converting/index.mdx b/src/pages/docs/projects/version-control/converting/index.mdx index d7c1e11a7c..1a14d4f118 100644 --- a/src/pages/docs/projects/version-control/converting/index.mdx +++ b/src/pages/docs/projects/version-control/converting/index.mdx @@ -32,10 +32,10 @@ Once you click the **Save** button, you'll be sent to the version control screen Learn more about [Git credentials in Octopus Deploy](/docs/projects/version-control/config-as-code-reference). -Next, add the directory you would like Octopus to store the project configuration. You can connect multiple projects to the same repository if they all use a different sub-directory (e.g. `.octopus/acme` and `.octopus/another-project`). +Next, add the directory you would like Octopus to store the project configuration. You can connect multiple projects to the same repository if they all use a different subdirectory (e.g. `.octopus/acme` and `.octopus/another-project`). :::div{.hint} -You can have multiple deployment processes in the same repository if they all use a different sub-directory. +You can have multiple deployment processes in the same repository if they all use a different subdirectory. ::: Finally, add your default branch name in Branch Settings and click **Configure**. Once you press the **Configure** button, a modal window will appear to confirm this change and give you the option to provide a summary and description for the first commit or cancel the conversion. @@ -75,7 +75,7 @@ Enter the connection information for your Git repository. You need to provide: Learn more about [Git credentials in Octopus Deploy](/docs/projects/version-control/config-as-code-reference). :::div{.hint} -You can have multiple deployment processes in the same repository if they all use a different sub-directory. +You can have multiple deployment processes in the same repository if they all use a different subdirectory. ::: Once you press the **Configure** button, a modal window will appear to confirm this change and give you the option to provide a summary and description for the first commit or cancel the conversion. diff --git a/src/pages/docs/releases/channels/index.md b/src/pages/docs/releases/channels/index.md index 900222fb84..971be1dd40 100644 --- a/src/pages/docs/releases/channels/index.md +++ b/src/pages/docs/releases/channels/index.md @@ -89,7 +89,7 @@ You can use the full semantic version as part of your version range specificatio 4. Enter any pre-release tags you want to include. -Following the standard 2.0.0 [SemVer syntax](http://semver.org/), a pre-release tag is the alpha numeric text that can appear after the standard *major.minor.patch* pattern immediately following a hyphen. Providing a regex pattern for this field allows the channel to filter packages based on their tag in a very flexible manner. The [SemVer build metadata](https://semver.org/#spec-item-10) will also be evaluated by the regex pattern. Some examples are. +Following the standard 2.0.0 [SemVer syntax](http://semver.org/), a pre-release tag is the alphanumeric text that can appear after the standard *major.minor.patch* pattern immediately following a hyphen. Providing a regex pattern for this field allows the channel to filter packages based on their tag in a very flexible manner. The [SemVer build metadata](https://semver.org/#spec-item-10) will also be evaluated by the regex pattern. Some examples are. | **Pattern** | **Description** | **Example use-case** | | --- | --- | --- | diff --git a/src/pages/docs/runbooks/runbook-examples/databases/backup-rds-mssql-s3-database.md b/src/pages/docs/runbooks/runbook-examples/databases/backup-rds-mssql-s3-database.md index ccc59559f3..dbc00b0038 100644 --- a/src/pages/docs/runbooks/runbook-examples/databases/backup-rds-mssql-s3-database.md +++ b/src/pages/docs/runbooks/runbook-examples/databases/backup-rds-mssql-s3-database.md @@ -18,7 +18,7 @@ In the following example, we'll use the [AWS RDS SQL Server - Backup to S3 Bucke * An AWS Identity and Access Management (IAM) Role to access the bucket. * The SQLSERVER_BACKUP_RESTORE option added to an option group on the DB instance. -For more information on setting up AWS RDS instances for native backups, please see this [AWS knowledgebase article](https://aws.amazon.com/premiumsupport/knowledge-center/native-backup-rds-sql-server/). +For more information on setting up AWS RDS instances for native backups, please see this [AWS knowledge base article](https://aws.amazon.com/premiumsupport/knowledge-center/native-backup-rds-sql-server/). ## Create the runbook @@ -30,11 +30,11 @@ For more information on setting up AWS RDS instances for native backups, please | Parameter | Description | Example | | ------------- | ------------- | ------------- | -| SQL Server | The SQL Server to perform the work on. | mydatabase.region.rds.amazonaws.com | -| SQL Login | The login of the user who has permissions to create a database. | backupuser | +| SQL Server | The SQL Server to perform the work on. | my-database.region.rds.amazonaws.com | +| SQL Login | The login of the user who has permissions to create a database. | backup-user | | SQL Password | The password of the user who has permissions to create SQL Logins. | MyGreatPassword! | | Database Name | The name of the database to backup. | MyDatabase | -| S3 Bucket Name | The name of the bucket (including any sub directories). | MyS3Bucket/backups/sql | +| S3 Bucket Name | The name of the bucket (including any subdirectories). | MyS3Bucket/backups/sql | | Backup File Name and Extension | The name of the back up file (including the extension). | MyBackup.bak | :::div{.hint} diff --git a/src/pages/docs/runbooks/runbook-examples/databases/restore-rds-mssql-s3-database.md b/src/pages/docs/runbooks/runbook-examples/databases/restore-rds-mssql-s3-database.md index 4ee4129122..15b3b1ee9e 100644 --- a/src/pages/docs/runbooks/runbook-examples/databases/restore-rds-mssql-s3-database.md +++ b/src/pages/docs/runbooks/runbook-examples/databases/restore-rds-mssql-s3-database.md @@ -18,7 +18,7 @@ In the following example, we'll use the [AWS RDS SQL Server - Restore from S3 Bu * An AWS Identity and Access Management (IAM) Role to access the bucket. * The SQLSERVER_BACKUP_RESTORE option added to an option group on the DB instance. -For more information on setting up AWS RDS instances for native backup and restores, please see this [AWS knowledgebase article](https://aws.amazon.com/premiumsupport/knowledge-center/native-backup-rds-sql-server/). +For more information on setting up AWS RDS instances for native backup and restores, please see this [AWS knowledge base article](https://aws.amazon.com/premiumsupport/knowledge-center/native-backup-rds-sql-server/). ## Create the runbook @@ -30,11 +30,11 @@ For more information on setting up AWS RDS instances for native backup and resto | Parameter | Description | Example | | ------------- | ------------- | ------------- | -| SQL Server | The SQL Server to perform the work on. | mydatabase.region.rds.amazonaws.com | -| SQL Login | The login of the user who has permissions to create a database. | backupuser | +| SQL Server | The SQL Server to perform the work on. | my-database.region.rds.amazonaws.com | +| SQL Login | The login of the user who has permissions to create a database. | backup-user | | SQL Password | The password of the user who has permission to create SQL Logins. | MyGreatPassword! | | Database Name | The name of the database to restore to. | MyDatabase | -| S3 Bucket Name | The name of the bucket (including any sub directories) where the backup is stored. | MyS3Bucket/backups/sql | +| S3 Bucket Name | The name of the bucket (including any subdirectories) where the backup is stored. | MyS3Bucket/backups/sql | | Backup File Name and Extension | The name of the back up file (including the extension). | MyBackup.bak | :::div{.hint} diff --git a/src/pages/docs/runbooks/runbook-examples/routine/services-runbooks.md b/src/pages/docs/runbooks/runbook-examples/routine/services-runbooks.md index 5ba3bbae4f..8c264e5a56 100644 --- a/src/pages/docs/runbooks/runbook-examples/routine/services-runbooks.md +++ b/src/pages/docs/runbooks/runbook-examples/routine/services-runbooks.md @@ -59,7 +59,7 @@ Using a runbook in Octopus can provide a self-service mechanism for developers t | Parameter | Description | Example | | ------------- | ------------- | ------------- | -| Service Name | Name of the service to start (case sensitive). | wildfly | +| Service Name | Name of the service to start (case-sensitive). | wildfly | | Action | Start, Stop, Restart. | Restart | | Sleep in seconds | Length of time in seconds to wait for the service to start. | 5 (default) | diff --git a/src/pages/docs/runbooks/runbook-examples/terraform/index.md b/src/pages/docs/runbooks/runbook-examples/terraform/index.md index adef6adeda..d487b3dd7b 100644 --- a/src/pages/docs/runbooks/runbook-examples/terraform/index.md +++ b/src/pages/docs/runbooks/runbook-examples/terraform/index.md @@ -7,7 +7,7 @@ description: Octopus Deploy can help you automate provisioning infrastructure wi navOrder: 70 --- -Terraform is a popular, platform agnostic implementation of Infrastructure as Code (IaC). Terraform is designed to ensure that the resources it creates are kept within the desired state, this is known as Desired State Configuration (DSC). +Terraform is a popular, platform-agnostic implementation of Infrastructure as Code (IaC). Terraform is designed to ensure that the resources it creates are kept within the desired state, this is known as Desired State Configuration (DSC). Out of the box, Octopus Deploy comes with built-in step templates for using Terraform: - Apply a Terraform template diff --git a/src/pages/docs/security/authentication/active-directory/index.md b/src/pages/docs/security/authentication/active-directory/index.md index e0445e58bd..628bfa1a62 100644 --- a/src/pages/docs/security/authentication/active-directory/index.md +++ b/src/pages/docs/security/authentication/active-directory/index.md @@ -120,7 +120,7 @@ Here's a simple checklist to help you on your way to allowing Kerberos Authentic - A valid Service Principal Name (SPN) for the `HTTP` service class for each Octopus host NETBIOS name. If you are accessing your Host via its FQDN then you will need to also add an FQDN also for the `HTTP` service class. (Please Note: Whether you've configured your Octopus host to use `HTTP` or `HTTPS`, you will only need to set an `HTTP` SPN.) - Included FQDNs of all Octopus Deploy Hosts and Octopus clusters within your trusted sites or Intranet zones. -- Client Machines configured to allow auto logon with current user name and password. +- Client Machines configured to allow auto logon with current username and password. **SPN Configuration** @@ -287,7 +287,7 @@ Where `"CN=Users,DC=GPN,DC=COM"` should be replaced with your Container. Using Trusted Domains is supported by Octopus Deploy. Users from the domain the Octopus Server is a member of will always be allowed to log in. Users from domains that the Octopus Server's domain trusts will also be able to log in. -The following diagram illustrates a typical configuration when there is a two way trust between the domains. +The following diagram illustrates a typical configuration when there is a two-way trust between the domains. :::figure ![Two-way Trust](/docs/img/security/authentication/active-directory/images/domains-twoway.png) diff --git a/src/pages/docs/security/authentication/active-directory/troubleshooting-active-directory-integration.md b/src/pages/docs/security/authentication/active-directory/troubleshooting-active-directory-integration.md index 1ee0a79f01..5db2a7e72d 100644 --- a/src/pages/docs/security/authentication/active-directory/troubleshooting-active-directory-integration.md +++ b/src/pages/docs/security/authentication/active-directory/troubleshooting-active-directory-integration.md @@ -98,7 +98,7 @@ $principalContext.Dispose() Notes: - Ensure you replace the domain name ``acme.local`` with the appropriate value for you network. -- Ensure you replace the domain user name ``ExampleUser`` with a sample Octopus username who would normally log into the system. +- Ensure you replace the domain username ``ExampleUser`` with a sample Octopus username who would normally log into the system. - It's recommended that you run this script as the same user you're running the Octopus service under and on the same server so it reproduces the problem accurately. If specifying a container. diff --git a/src/pages/docs/security/authentication/index.md b/src/pages/docs/security/authentication/index.md index 47ab0d940c..60772fe9d0 100644 --- a/src/pages/docs/security/authentication/index.md +++ b/src/pages/docs/security/authentication/index.md @@ -81,7 +81,7 @@ When using the Active Directory provider, auto login will only be active when th ## Associating users with multiple external identities -In versions up to 3.5, only a single Authentication Provider could be enabled at a time (either Domain or UsernamePassword). In that scenario Users were managed based on the currently enabled provider and switching providers meant re-configuring Users. With 3.5 comes the ability to have multiple Authentication Providers enabled simultaneously and as such the User management has been adjusted to be provider agnostic. What does that mean? Let's consider an example scenario. +In versions up to 3.5, only a single Authentication Provider could be enabled at a time (either Domain or UsernamePassword). In that scenario Users were managed based on the currently enabled provider and switching providers meant re-configuring Users. With 3.5 comes the ability to have multiple Authentication Providers enabled simultaneously and as such the User management has been adjusted to be provider-agnostic. What does that mean? Let's consider an example scenario. Let's consider that we have UsernamePassword enabled and we create some users, and we've set their email address to their Active Directory domain email address. The users can now log in with the username and password stored against their user record. If we now enable the Active Directory authentication provider, then the users can authenticate using either their original username and password, or they can use a username of user@domain or domain\user along with their domain password, or they can use the Integrated authentication button. In the first scenario they are actually logging in via the UsernamePassword provider, in the latter 2 scenarios they are using the Active Directory provider, but in all cases they end up logged in as the same user (this is the driver behind the fallback checks described in the next section). diff --git a/src/pages/docs/security/authentication/troubleshooting-authentication-problems.md b/src/pages/docs/security/authentication/troubleshooting-authentication-problems.md index 299bc496e1..77b8a76568 100644 --- a/src/pages/docs/security/authentication/troubleshooting-authentication-problems.md +++ b/src/pages/docs/security/authentication/troubleshooting-authentication-problems.md @@ -26,7 +26,7 @@ This can happen for quite a number of reasons: 1. Your web browser does not support cookies. Configure your browser to accept cookies from your Octopus Server. You may need to ask your systems administrator for help with this. 1. The time is incorrect on your computer, or the time is incorrect on the Octopus Server. This can cause your authentication cookies to expire and become unusable. Correct the time and configure your computers to automatically synchronize their time from a time server. -1. You are using Chrome and have not configured your Octopus Server to use HTTPS. Chrome has started to consider web sites served over `http://` as unsafe and will refuse to accept cookies from those unsafe sites. [Configure your Octopus Server to use HTTPS](/docs/security/exposing-octopus/expose-the-octopus-web-portal-over-https) instead of HTTP. [Learn more about Chrome and the move toward a more secure web](https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html). +1. You are using Chrome and have not configured your Octopus Server to use HTTPS. Chrome has started to consider websites served over `http://` as unsafe and will refuse to accept cookies from those unsafe sites. [Configure your Octopus Server to use HTTPS](/docs/security/exposing-octopus/expose-the-octopus-web-portal-over-https) instead of HTTP. [Learn more about Chrome and the move toward a more secure web](https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html). 1. You are hosting Octopus Server on the same domain as other applications. One of the other applications may be issuing a malformed cookie causing the Octopus authentication cookies to be misinterpreted. Move Octopus Server to a different domain to isolate it from the other applications, or stop the other applications from issuing malformed cookies. See [this GitHub Issue](https://github.com/OctopusDeploy/Issues/issues/2343) for more details. ## Octopus anti-forgery token @@ -52,7 +52,7 @@ This can happen for quite a number of reasons: 1. Your web browser does not support cookies. Configure your browser to accept cookies from your Octopus Server. You may need to ask your systems administrator for help with this. 1. The time is incorrect on your computer, or your external authentication provider. This can cause your authentication cookies to expire and become unusable. Correct the time and configure your computers to automatically synchronize their time from a time server. -1. You are using Chrome and have not configured your external authentication provider to use HTTPS. Chrome has started to consider web sites served over `http://` as unsafe and will refuse to accept cookies from those unsafe sites. Configure your external authentication provider to use HTTPS instead of HTTP. [Learn more about Chrome and the move toward a more secure web](https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html). +1. You are using Chrome and have not configured your external authentication provider to use HTTPS. Chrome has started to consider websites served over `http://` as unsafe and will refuse to accept cookies from those unsafe sites. Configure your external authentication provider to use HTTPS instead of HTTP. [Learn more about Chrome and the move toward a more secure web](https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html). ### Getting help from us {#support} diff --git a/src/pages/docs/security/caiq/index.md b/src/pages/docs/security/caiq/index.md index 07053dfc38..5ee01fd38a 100644 --- a/src/pages/docs/security/caiq/index.md +++ b/src/pages/docs/security/caiq/index.md @@ -563,7 +563,7 @@ CAIQ ID: **TVM-01.1** > Do you have anti-malware programs that support or connect to your cloud service offerings installed on all of your IT infrastructure network and systems components? -No. A large majority of our system components are provisioned using PaaS services, whose infrastructure we don't own. Threat & vulnerability management for those applications is tackled via automated tools that review our source code, and ultimately human review. The production components that do use IaaS use real time anti-virus. Employees are required to use default operating system anti-virus applications running when using company provisioned hardware. +No. A large majority of our system components are provisioned using PaaS services, whose infrastructure we don't own. Threat & vulnerability management for those applications is tackled via automated tools that review our source code, and ultimately human review. The production components that do use IaaS use real time antivirus. Employees are required to use default operating system antivirus applications running when using company provisioned hardware. ### Vulnerability / Patch Management diff --git a/src/pages/docs/security/cve/shattered-and-octopus-deploy.md b/src/pages/docs/security/cve/shattered-and-octopus-deploy.md index 395c23289c..6d9803fda4 100644 --- a/src/pages/docs/security/cve/shattered-and-octopus-deploy.md +++ b/src/pages/docs/security/cve/shattered-and-octopus-deploy.md @@ -35,7 +35,7 @@ You'll want to check whether SHA1 is being used in other places. Common examples - The certificate used for the Octopus web frontend if you use HTTPS. Normally this is something people provide themselves. - Certificates used for authenticating with third party services, like Azure management certificates. -- Certificates used to provide HTTPS for web sites that you deploy. +- Certificates used to provide HTTPS for websites that you deploy. ## Detecting SHA1 certificates with PowerShell diff --git a/src/pages/docs/security/exposing-octopus/index.md b/src/pages/docs/security/exposing-octopus/index.md index e81125bcd4..679de5d849 100644 --- a/src/pages/docs/security/exposing-octopus/index.md +++ b/src/pages/docs/security/exposing-octopus/index.md @@ -40,7 +40,7 @@ If you do not want to expose your Octopus Server to the public Internet, but wan However, you may want to provide access for your users, or external services which leverage Octopus, and using a VPN is impractical. If you decide to expose the HTTP API and Octopus Web Portal of your Octopus Server to the public Internet, here are some things you should consider: 1. Always enable HTTPS using SSL. We also recommend forcing all requests to use HTTPS, and enabling HSTS. Learn about [exposing Octopus Server over HTTPS](/docs/security/exposing-octopus/expose-the-octopus-web-portal-over-https). Avoid exposing your Octopus Server via HTTP without SSL. -1. Consider how your users authenticate with your Octopus Server. You should use an authentication provider which supports multi-factor authentication (MFA). Learn about [authentication providers](/docs/security/authentication). +1. Consider how your users authenticate with your Octopus Server. You should use an authentication provider which supports multifactor authentication (MFA). Learn about [authentication providers](/docs/security/authentication). 1. Consider setting up a routine security scan of your Octopus Server using a tool of your choice. This will provide further insights into the security precautions you should take. 1. Octopus enables certain security-related HTTP headers by default, however some of them are optional. Learn about [security headers](/docs/security/http-security-headers). diff --git a/src/pages/docs/security/fips-and-octopus-deploy.md b/src/pages/docs/security/fips-and-octopus-deploy.md index ffb490061c..171d6f0956 100644 --- a/src/pages/docs/security/fips-and-octopus-deploy.md +++ b/src/pages/docs/security/fips-and-octopus-deploy.md @@ -15,7 +15,7 @@ The 140 series of **Federal Information Processing Standards** ([FIPS](https://e ## How is FIPS enforced? {#FIPSandOctopusDeploy-HowisFIPSenforced?} -You can configure a Windows Server to enforce the use of FIPS 140 compliant cryptographic algorithms by configuring the Security Policy for [System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms](https://technet.microsoft.com/en-us/library/jj852197.aspx) to **Enabled**. The effects of this security policy setting are far reaching, but the most common result you will see in .NET applications is where a **System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms** being thrown whenever you attempt to use one of the non-FIPS compliant APIs. +You can configure a Windows Server to enforce the use of FIPS 140 compliant cryptographic algorithms by configuring the Security Policy for [System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms](https://technet.microsoft.com/en-us/library/jj852197.aspx) to **Enabled**. The effects of this security policy setting are far-reaching, but the most common result you will see in .NET applications is where a **System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms** being thrown whenever you attempt to use one of the non-FIPS compliant APIs. ## Known issues {#FIPSandOctopusDeploy-Knownissues} diff --git a/src/pages/docs/security/hardening-octopus.mdx b/src/pages/docs/security/hardening-octopus.mdx index 379c11522e..c079b9605a 100644 --- a/src/pages/docs/security/hardening-octopus.mdx +++ b/src/pages/docs/security/hardening-octopus.mdx @@ -3,7 +3,7 @@ layout: src/layouts/Default.astro pubDate: 2023-01-01 modDate: 2023-10-04 title: Hardening Octopus -description: If you are hosting Octopus Deploy yourself, this guide will help you harden your network, host operating system, and Octopus Server itself. This includes things such as configuring malware protection (anti-virus), and using allow lists. +description: If you are hosting Octopus Deploy yourself, this guide will help you harden your network, host operating system, and Octopus Server itself. This includes things such as configuring malware protection (antivirus), and using allow lists. navOrder: 10 --- import SecurityDisclaimer from 'src/shared-content/security-disclaimer.include.md'; @@ -216,7 +216,7 @@ Once the version of TLS is set in your config, you'll want to restart any Tentac #### Verification of disabling weak TLS protocols \{#disable-weak-tls-protocols-verify} -Once you have performed changes to the available versions of TLS, you should verify that they have been disabled successfully. Tools such as [openssl](https://www.openssl.org/) and [nmap](https://nmap.org/), and web sites like [Qualys SSL Labs](https://www.ssllabs.com/ssltest/) can be used to verify the TLS version and cipher suites available. +Once you have performed changes to the available versions of TLS, you should verify that they have been disabled successfully. Tools such as [openssl](https://www.openssl.org/) and [nmap](https://nmap.org/), and websites like [Qualys SSL Labs](https://www.ssllabs.com/ssltest/) can be used to verify the TLS version and cipher suites available. ### Prevent user-provided scripts from doing harm diff --git a/src/pages/docs/security/http-security-headers.md b/src/pages/docs/security/http-security-headers.md index 21ef3c3b97..7d612d53bb 100644 --- a/src/pages/docs/security/http-security-headers.md +++ b/src/pages/docs/security/http-security-headers.md @@ -69,7 +69,7 @@ The Octopus portal does not support this header. ## Octopus Server communications port -The Octopus Server listens on a port (usually 10943) for connections from polling Tentacles. It uses a [custom communications protocol](/docs/security/octopus-tentacle-communication) with self signed certificates, and shows a diagnostics page when accessed via a web browser. +The Octopus Server listens on a port (usually 10943) for connections from polling Tentacles. It uses a [custom communications protocol](/docs/security/octopus-tentacle-communication) with self-signed certificates, and shows a diagnostics page when accessed via a web browser. While there is limited scope for attack on this page, as some security scanning tools can report errors on this page, the following headers are supported on this port since **Octopus 3.17.13**. @@ -99,7 +99,7 @@ The Octopus Server sets this header to `1; block`, enabling the filters and inst ## Octopus Tentacle communications port -The Octopus Tentacle listens on a port (usually 10933) for connections from the Octopus Server. It uses a [custom communications protocol](/docs/security/octopus-tentacle-communication) with self signed certificates, and shows a diagnostics page when accessed via a web browser. +The Octopus Tentacle listens on a port (usually 10933) for connections from the Octopus Server. It uses a [custom communications protocol](/docs/security/octopus-tentacle-communication) with self-signed certificates, and shows a diagnostics page when accessed via a web browser. While there is limited scope for attack on this page, as some security scanning tools can report errors on this page, the following headers are supported on this port since **Tentacle 3.16.1**. diff --git a/src/pages/docs/security/index.md b/src/pages/docs/security/index.md index be7ad57587..5e24cf700e 100644 --- a/src/pages/docs/security/index.md +++ b/src/pages/docs/security/index.md @@ -119,7 +119,7 @@ Learn about [HTTP security headers](/docs/security/http-security-headers). ## PCI/DSS compliance -We have a lot of customers running Octopus Deploy in their PCI compliant environments. We don't claim to be experts in PCI compliance, especially since every situation is slightly different. What we can do is offer some recommendations primarily focused on your use of Octopus Deploy and different models you can achieve with it. +We have a lot of customers running Octopus Deploy in their PCI-compliant environments. We don't claim to be experts in PCI compliance, especially since every situation is slightly different. What we can do is offer some recommendations primarily focused on your use of Octopus Deploy and different models you can achieve with it. Learn about [PCI/DSS compliance and Octopus Deploy](/docs/security/pci-compliance-and-octopus-deploy). diff --git a/src/pages/docs/security/pci-compliance-and-octopus-deploy.md b/src/pages/docs/security/pci-compliance-and-octopus-deploy.md index b62d6c957c..01851b4835 100644 --- a/src/pages/docs/security/pci-compliance-and-octopus-deploy.md +++ b/src/pages/docs/security/pci-compliance-and-octopus-deploy.md @@ -7,7 +7,7 @@ description: Using Octopus Deploy in PCI compliant environments. navOrder: 90 --- -We have a lot of customers running Octopus Deploy in their PCI compliant environments. We don't claim to be experts in PCI compliance, especially since every situation is slightly different. What we can do is offer some recommendations primarily focused on your use of Octopus Deploy and different models you can achieve with it. +We have a lot of customers running Octopus Deploy in their PCI-compliant environments. We don't claim to be experts in PCI compliance, especially since every situation is slightly different. What we can do is offer some recommendations primarily focused on your use of Octopus Deploy and different models you can achieve with it. ## Try not to give up too much automation @@ -18,7 +18,7 @@ Pessimistic approaches to PCI compliance controls will, at first glance, make it PCI Compliance is primarily concerned with implementing "controls" or "practices" which help ensure the safety and security of sensitive information, and the ability to audit that those practices are being enforced and followed. In many ways, full end-to-end automation helps with that since the interaction with your secure systems is tightly controlled: everything is scripted! - In Octopus Deploy, everything is scripted which leaves less room for human error or uncontrolled activities. -- Octopus Deploy supports authentication with Active Directory and other external identity providers which can be used to enforce multi-factor authentication. Learn about [authentication providers](/docs/security/authentication). +- Octopus Deploy supports authentication with Active Directory and other external identity providers which can be used to enforce multifactor authentication. Learn about [authentication providers](/docs/security/authentication). - You can implement strict, fine-grained, environment-aware security permissions. Learn about [managing users and teams](/docs/security/users-and-teams). - Every activity is carefully audited. Learn more about [auditing](/docs/security/users-and-teams/auditing). - You can control how long you retain data and packages. Learn about [Retention Policies](/docs/administration/retention-policies). @@ -41,7 +41,7 @@ We conduct independent security analysis and penetration testing for Octopus Dep ### Network security considerations -Octopus supports a wide range of networking features to help fit into your PCI compliant network design. +Octopus supports a wide range of networking features to help fit into your PCI-compliant network design. - You can use a VPN between your network security zones. A VPN is a transparent network tunnel between two zones, and you can happily use our Tentacle or SSH connections through a VPN tunnel in the same way you can use them on a local network. - You can use a networking proxy for Tentacle or SSH communication, where the proxy controls and monitors access from your Octopus Server to your workers and deployment targets. [Learn about proxy support](/docs/infrastructure/deployment-targets/proxy-support) diff --git a/src/pages/docs/support/troubleshooting-failed-or-hanging-tasks.md b/src/pages/docs/support/troubleshooting-failed-or-hanging-tasks.md index 2d6483d939..4e9f6b4b46 100644 --- a/src/pages/docs/support/troubleshooting-failed-or-hanging-tasks.md +++ b/src/pages/docs/support/troubleshooting-failed-or-hanging-tasks.md @@ -47,26 +47,26 @@ Remember these connections are usually initiated by your deployment targets or w ## Hanging tasks -Sometimes tasks appear to be unresponsive or "hanging". In most cases, this ends up being anti-virus or anti-malware software interfering with the task, and the first step in diagnosing the problem is to eliminate this source of interference, [see below](#anti-virus-software). +Sometimes tasks appear to be unresponsive or "hanging". In most cases, this ends up being antivirus or anti-malware software interfering with the task, and the first step in diagnosing the problem is to eliminate this source of interference, [see below](#anti-virus-software). -If you can completely rule out anti-virus software as a source of interference, then the problem may lie in your [custom scripts](/docs/deployments/custom-scripts). The next step to diagnosing these problems is to examine your logs and determine the exact location that the task became unresponsive. If this occurs within the logs output by a custom script, then the bug likely originates from your script. +If you can completely rule out antivirus software as a source of interference, then the problem may lie in your [custom scripts](/docs/deployments/custom-scripts). The next step to diagnosing these problems is to examine your logs and determine the exact location that the task became unresponsive. If this occurs within the logs output by a custom script, then the bug likely originates from your script. If you are still unable to determine the cause of your hanging tasks, please contact support for further assistance. -### Anti-virus software {#anti-virus-software} +### Antivirus software {#anti-virus-software} -If the task appears to hang after a log message output by the Octopus Server or Tentacle, then in most cases the cause is anti-virus or anti-malware software interfering with the task. The first step is to determine if your anti-virus software is actually affecting your Tasks, and this can easily be done by removing your anti-virus protection and confirming whether the tasks continue to be unresponsive. +If the task appears to hang after a log message output by the Octopus Server or Tentacle, then in most cases the cause is antivirus or anti-malware software interfering with the task. The first step is to determine if your antivirus software is actually affecting your Tasks, and this can easily be done by removing your antivirus protection and confirming whether the tasks continue to be unresponsive. -If this test shows that anti-virus is interfering with your tasks, you may need to configure your anti-virus software with the appropriate exclusions to ensure that it does not lock any files owned by Octopus, or affect any running processes initiated by Octopus. Consult your anti-virus provider's documentation for more information. +If this test shows that antivirus is interfering with your tasks, you may need to configure your antivirus software with the appropriate exclusions to ensure that it does not lock any files owned by Octopus, or affect any running processes initiated by Octopus. Consult your antivirus provider's documentation for more information. -Some examples of directories (and their sub-directories) you could try adding to an allow list are: +Some examples of directories (and their subdirectories) you could try adding to an allow-list are: - `\Tools` - This is where the Calamari packages and other tools are installed so Tentacle can execute deployments on your behalf. - `\Work` - This is the temporary working directory used when Tentacle and Calamari execute deployments on your behalf. -If you're still seeing issues you could also try including these additional directories (and their sub-directories): +If you're still seeing issues you could also try including these additional directories (and their subdirectories): - `\Files` - This is the package cache used to store the most recent packages in case they need to be used again. @@ -74,7 +74,7 @@ If you're still seeing issues you could also try including these additional dire - This is where the Tentacle log files are stored. :::div{.hint} -We recommend including sub-directories in any allow list for the directories listed above as processes initiated by Octopus may also create new folders within them. +We recommend including subdirectories in any allow list for the directories listed above as processes initiated by Octopus may also create new folders within them. ::: ## Steps are slow to start diff --git a/src/shared-content/octopus-cli/octo-autocomplete-tab-completion.include.md b/src/shared-content/octopus-cli/octo-autocomplete-tab-completion.include.md index 4d160a76d8..d916d0f7e2 100644 --- a/src/shared-content/octopus-cli/octo-autocomplete-tab-completion.include.md +++ b/src/shared-content/octopus-cli/octo-autocomplete-tab-completion.include.md @@ -1,5 +1,5 @@ ## Tab completion for commands and options {#OctopusCLI-TabCompletion} -Tab completion is available for the following shell environments: `powershell`, `pwsh` (PowerShell Core), `bash` & `zsh`. This feature requires that `octo` or `Octo` is available from your $PATH, which is the default state if installed via a package manager or Chocolatey. If you've manually installed the CLI, please ensure your $PATH is also updated if you wish to use this feature. This is an optional feature that requires additional [installation steps](#OctopusCLI-TabCompletionInstallation) on a per user basis, since this feature relies on built-in shell auto completion facilities. +Tab completion is available for the following shell environments: `powershell`, `pwsh` (PowerShell Core), `bash` & `zsh`. This feature requires that `octo` or `Octo` is available from your $PATH, which is the default state if installed via a package manager or Chocolatey. If you've manually installed the CLI, please ensure your $PATH is also updated if you wish to use this feature. This is an optional feature that requires additional [installation steps](#OctopusCLI-TabCompletionInstallation) on a per-user basis, since this feature relies on built-in shell auto-completion facilities. ### Additional installation steps for tab completion. {#OctopusCLI-TabCompletionInstallation} diff --git a/src/shared-content/projects/deployment-process/collect-artifact-in-execution-container.include.md b/src/shared-content/projects/deployment-process/collect-artifact-in-execution-container.include.md index a4456f578f..fc5e2d2a12 100644 --- a/src/shared-content/projects/deployment-process/collect-artifact-in-execution-container.include.md +++ b/src/shared-content/projects/deployment-process/collect-artifact-in-execution-container.include.md @@ -1,4 +1,4 @@ -The source file for the artifact must be saved and collected from the **fully qualified path** of one of the directories (or sub-directories) mapped into the execution container as a volume. +The source file for the artifact must be saved and collected from the **fully qualified path** of one of the directories (or subdirectories) mapped into the execution container as a volume. The recommended volume to use is the temporary directory created within the `/Work` workspace, for example, `/etc/octopus/Tentacle/Work/20221128114036-119427-56`. diff --git a/src/shared-content/projects/version-control/build-server-plugin-version-control-fields.include.md b/src/shared-content/projects/version-control/build-server-plugin-version-control-fields.include.md index 87f466b574..2da16a4be7 100644 --- a/src/shared-content/projects/version-control/build-server-plugin-version-control-fields.include.md +++ b/src/shared-content/projects/version-control/build-server-plugin-version-control-fields.include.md @@ -1,5 +1,5 @@ -Octopus does not guess or auto-populate the commit or branch when creating a release from a build-server plug-in. Instead, to provide this information, we have added two new fields to our standard integrations - TeamCity, Azure DevOps, Jenkins, GitHub Actions, and Bamboo. +Octopus does not guess or autopopulate the commit or branch when creating a release from a build-server plug-in. Instead, to provide this information, we have added two new fields to our standard integrations - TeamCity, Azure DevOps, Jenkins, GitHub Actions, and Bamboo. * Git Reference - a user-friendly alias for a commit hash. This is typically a branch name or tag. * Git Commit - the commit SHA-1 hash. diff --git a/src/shared-content/rollbacks/zero-configuration-rollback.include.md b/src/shared-content/rollbacks/zero-configuration-rollback.include.md index 71194056f9..9af69e733e 100644 --- a/src/shared-content/rollbacks/zero-configuration-rollback.include.md +++ b/src/shared-content/rollbacks/zero-configuration-rollback.include.md @@ -13,5 +13,5 @@ That redeployment will work because a snapshot is taken when you create a releas Re-deploying the previous release will re-run the deployment process as it existed when that release was created. By default, the deploy package steps (such as deploy to IIS or deploy a Windows Service) will extract to a new folder each time a deployment is run, perform the [configuration transforms](/docs/projects/steps/configuration-features/structured-configuration-variables-feature/), and [run any scripts embedded in the package](/docs/deployments/custom-scripts/scripts-in-packages). :::div{.hint} -Zero Configuration Rollbacks should work for most our customers. However, your deployment process might need a bit more fine tuning. The rest of this guide is focused on disabling specific steps during a rollback process. +Zero Configuration Rollbacks should work for most our customers. However, your deployment process might need a bit more fine-tuning. The rest of this guide is focused on disabling specific steps during a rollback process. ::: \ No newline at end of file diff --git a/src/shared-content/structured-configuration-variables.include.md b/src/shared-content/structured-configuration-variables.include.md index a01ee8ede3..094b731ef6 100644 --- a/src/shared-content/structured-configuration-variables.include.md +++ b/src/shared-content/structured-configuration-variables.include.md @@ -23,7 +23,7 @@ or :::div{.info} -If you are using a **Run a script** step, packages are extracted to a sub-directory with the name of the package reference. Please refer to [package files](/docs/deployments/custom-scripts/run-a-script-step/#referencing-packages-package-files) to learn more. +If you are using a **Run a script** step, packages are extracted to a subdirectory with the name of the package reference. Please refer to [package files](/docs/deployments/custom-scripts/run-a-script-step/#referencing-packages-package-files) to learn more. ::: Octopus will find the target files, match structures described by the names of Octopus variables, and replace their contents with the values of the variables. @@ -105,7 +105,7 @@ The easiest way to workaround this is to change the name of your variable to sta #### Variable casing -Octopus matches variable names to the structure in target files in a **case insensitive way**. +Octopus matches variable names to the structure in target files in a **case-insensitive way**. For example, given the following JSON input file: diff --git a/src/shared-content/teamcity/teamcity-pack.include.md b/src/shared-content/teamcity/teamcity-pack.include.md index 7f20e81276..56b8ddf793 100644 --- a/src/shared-content/teamcity/teamcity-pack.include.md +++ b/src/shared-content/teamcity/teamcity-pack.include.md @@ -7,7 +7,7 @@ You configure TeamCity to package your applications by creating a [build configu 1. Give the step a name. 2. Enter the [package ID](/docs/packaging-applications/#package-id). 3. Select the type of **package format** you want to create, NuGet(default) or Zip. -4. Enter the **package version**. The package version cannot be a single number (learn about [version numbers in Octopus](/docs/packaging-applications/#version-numbers)). Make sure this evaluates to a multi-part number, for instance, **1.1.3.**, or **1.0.%build.counter%** to include the build +4. Enter the **package version**. The package version cannot be a single number (learn about [version numbers in Octopus](/docs/packaging-applications/#version-numbers)). Make sure this evaluates to a multipart number, for instance, **1.1.3.**, or **1.0.%build.counter%** to include the build 5. Enter the **source path**. 6. Enter the **output path**.