Ceo: Difference between revisions
(Add feature requests) |
(Redo member deletion and add membership change) |
||
(39 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
[[Image:Pyceo.png|thumb|300px|right|<tt>pyceo</tt>'s main menu screen]] |
|||
CEO is the CSC member creation and administration interface. CEO was originally written in perl by persons of mysterious-ness. CEO was re-written in python by Michael Spang in early 2007. |
|||
ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, was re-written in python by Michael Spang in early 2007, and re-written again (in Python) by Syscom in 2020-2021. The source-code for ceo can be found in git: [https://git.csclub.uwaterloo.ca/public/pyceo https://git.csclub.uwaterloo.ca/public/pyceo]. |
|||
= Instructions/Usage = |
|||
ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator. |
|||
By default, a curses-based menu interface is presented. Use the arrow keys to navigate; |
|||
on many screens, pressing a letter will select the next menu item beginning with that letter. |
|||
=== Command-line Mode === |
|||
Run <tt>ceo --help</tt> to see a list of command-line utilities. |
|||
== Adding a New Member == |
|||
After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecting "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their WatIAM username, if applicable. For WatIAM users, the name and program fields will automatically be filled after a username is provided. |
|||
== Renewing/Extending a Membership == |
|||
A membership can be renewed or extended by selecting "Renew Membership" in the ceo interface. |
|||
== Hosted Clubs == |
|||
Clubs are hosted free of charge. To create a new club account use the "New Club" option in the ceo interface. |
|||
=== Club Representatives === |
|||
At this time, there is no limit to the number of representatives a club may have, but representative accounts must be registered with the "New Club Rep" option, and renewed with the "Renew Club Rep" option. |
|||
=== Other Club Features === |
|||
For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up. |
|||
= raymo's guide on how to fix things after screwing up = |
|||
== Changing a member to a nonmember (club rep) and vice-versa == |
|||
ssh hfcs |
|||
kinit # if you don't already have <u>[[Kerberos#raymo's guide to keytabs|keytabs]]</u> set up |
|||
ldapvi -Y GSSAPI |
|||
Use <code>/<username></code> to search for the user in vi and change <code>term</code> to <code>nonMemberTerm</code> (or vice-versa) for the relevant terms. When you're done deleting the file should no longer contain the username. Save and quit (<code>:wq</code>) and press <code>y</code> when prompted. |
|||
== Deleting a member == |
|||
* '''RULE: Never do this without good reason. We should NEVER delete accounts or groups that have been used before.''' |
|||
If you accidentally created a club rep as a regular member instead, see the [previous section|Ceo#Changing a member to a nonmember (club rep) and vice-versa]. For another reason that doesn't break the '''RULE''' above, first follow the steps in the change membership section above, up to and including <code>ldapvi</code>, then delete both the user and group LDAP records. These are separated by blank lines. When you're done deleting the file should no longer contain the username. Save and quit as if changing membership. Then: |
|||
ssh auth1 |
|||
sudo kadmin.local |
|||
delprinc <username> |
|||
ssh phosphoric acid |
|||
sudo rm -rfI /users/<username> |
|||
Unsubscribe the user from [https://mailman.csclub.uwaterloo.ca/postorius/lists/syscom.csclub.uwaterloo.ca/members/member/ csc-general on mailman] |
|||
= Feature Requests and Ideas = |
= Feature Requests and Ideas = |
||
* Create a graphical and/or online version of ceo |
|||
* 'New member' should prompt for userid and then use uwldap to pre-fill name and program |
|||
* Add new members to fuse and plugdev groups |
|||
* Merge 'New member' and 'Create an account' |
|||
* Remove 'Library functions', as they are now in koha |
|||
= Contributing to CEO = |
|||
* Remove student ids from CEO and LDAP |
|||
** We do not provide student ids to MathSoc when we present memberlists |
|||
== Preliminary Steps == |
|||
** It is against policy to store both student ids and names |
|||
=== Generate a GPG Key === |
|||
* Remove 'Search for a member by student id' |
|||
In order to sign the ceo packages you will need to generate yourself a GPG key if you do not already have one. Assuming you do not run |
|||
* Add ability to set the executive |
|||
** The positions should be stored in LDAP |
|||
gpg --gen-key |
|||
** CEO should prompt for each position (pre-filling with the current position holder) |
|||
** CEO should then update ldap and regenerate aliases |
|||
Choose option (2) DSA (sign only). Choose no expiration when prompted and then your full name and email when asked. It will ask you to confirm the information and then for a passphrase. |
|||
*** We would have an /etc/aliases.exec or something |
|||
** The exec xml would be auto-generated from LDAP |
|||
=== Add Your Key To Mirror === |
|||
ssh mirror.csclub.uwaterloo.ca |
|||
gpg --list-keys |
|||
Locate the 8-character id string. For example "16E37635" in |
|||
/users/m2ellis/.gnupg/pubring.gpg |
|||
--------------------------------- |
|||
pub 1024D/'''16E37635''' 2010-08-19 |
|||
uid Michael Ellis <m2ellis@csclub.uwaterloo.ca> |
|||
Now you must add this id into the file /srv/debian/conf/uploaders on mirror |
|||
sudo vim /srv/debian/conf/uploaders |
|||
Now in another terminal run |
|||
gpg --export --armor $KEYID |
|||
Now on mirror run |
|||
sudo -s |
|||
GNUPGHOME=/srv/debian/gpg gpg --import |
|||
Then paste the output from gpg --export --armor $KEYID and end with CTRL-D. It should give you a confirmation, example |
|||
gpg: key 16E37635: public key "Michael Ellis <m2ellis@csclub.uwaterloo.ca>" imported |
|||
gpg: Total number processed: 1 |
|||
gpg: imported: 1 |
|||
== Making Changes == |
|||
The source-code for ceo can be found in git: [http://git.csclub.uwaterloo.ca/?p=public/pyceo.git;a=summary csclub:/users/git/public/pyceo.git]. To checkout the code run |
|||
git clone ~git/public/pyceo.git |
|||
When you are done making your change you need to update the changelog with dch. Assuming this is a minor incremental change run |
|||
dch -i |
|||
Add a description of your change and then save and quit. Once you are sure of your changes commit them to the git repository and push them (test them first!). To build the package run debuild |
|||
debuild |
|||
This will generate the *.deb files in the parent directory. |
|||
=== Uploading Changes to Mirror === |
|||
In the directory containing the *.deb and *.changes files run |
|||
dupload |
|||
Then ssh to mirror and run |
|||
sudo rrr-incoming |
|||
The package should now be uploaded and you can update in the usual way with apt-get/aptitude. |
|||
[[Category:Software]] |
Latest revision as of 17:52, 20 January 2022
ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, was re-written in python by Michael Spang in early 2007, and re-written again (in Python) by Syscom in 2020-2021. The source-code for ceo can be found in git: https://git.csclub.uwaterloo.ca/public/pyceo.
Instructions/Usage
ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator. By default, a curses-based menu interface is presented. Use the arrow keys to navigate; on many screens, pressing a letter will select the next menu item beginning with that letter.
Command-line Mode
Run ceo --help to see a list of command-line utilities.
Adding a New Member
After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecting "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their WatIAM username, if applicable. For WatIAM users, the name and program fields will automatically be filled after a username is provided.
Renewing/Extending a Membership
A membership can be renewed or extended by selecting "Renew Membership" in the ceo interface.
Hosted Clubs
Clubs are hosted free of charge. To create a new club account use the "New Club" option in the ceo interface.
Club Representatives
At this time, there is no limit to the number of representatives a club may have, but representative accounts must be registered with the "New Club Rep" option, and renewed with the "Renew Club Rep" option.
Other Club Features
For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up.
raymo's guide on how to fix things after screwing up
Changing a member to a nonmember (club rep) and vice-versa
ssh hfcs kinit # if you don't already have keytabs set up ldapvi -Y GSSAPI
Use /<username>
to search for the user in vi and change term
to nonMemberTerm
(or vice-versa) for the relevant terms. When you're done deleting the file should no longer contain the username. Save and quit (:wq
) and press y
when prompted.
Deleting a member
- RULE: Never do this without good reason. We should NEVER delete accounts or groups that have been used before.
If you accidentally created a club rep as a regular member instead, see the [previous section|Ceo#Changing a member to a nonmember (club rep) and vice-versa]. For another reason that doesn't break the RULE above, first follow the steps in the change membership section above, up to and including ldapvi
, then delete both the user and group LDAP records. These are separated by blank lines. When you're done deleting the file should no longer contain the username. Save and quit as if changing membership. Then:
ssh auth1 sudo kadmin.local delprinc <username> ssh phosphoric acid sudo rm -rfI /users/<username>
Unsubscribe the user from csc-general on mailman
Feature Requests and Ideas
- Create a graphical and/or online version of ceo
- Add new members to fuse and plugdev groups
Contributing to CEO
Preliminary Steps
Generate a GPG Key
In order to sign the ceo packages you will need to generate yourself a GPG key if you do not already have one. Assuming you do not run
gpg --gen-key
Choose option (2) DSA (sign only). Choose no expiration when prompted and then your full name and email when asked. It will ask you to confirm the information and then for a passphrase.
Add Your Key To Mirror
ssh mirror.csclub.uwaterloo.ca gpg --list-keys
Locate the 8-character id string. For example "16E37635" in
/users/m2ellis/.gnupg/pubring.gpg --------------------------------- pub 1024D/16E37635 2010-08-19 uid Michael Ellis <m2ellis@csclub.uwaterloo.ca>
Now you must add this id into the file /srv/debian/conf/uploaders on mirror
sudo vim /srv/debian/conf/uploaders
Now in another terminal run
gpg --export --armor $KEYID
Now on mirror run
sudo -s GNUPGHOME=/srv/debian/gpg gpg --import
Then paste the output from gpg --export --armor $KEYID and end with CTRL-D. It should give you a confirmation, example
gpg: key 16E37635: public key "Michael Ellis <m2ellis@csclub.uwaterloo.ca>" imported gpg: Total number processed: 1 gpg: imported: 1
Making Changes
The source-code for ceo can be found in git: csclub:/users/git/public/pyceo.git. To checkout the code run
git clone ~git/public/pyceo.git
When you are done making your change you need to update the changelog with dch. Assuming this is a minor incremental change run
dch -i
Add a description of your change and then save and quit. Once you are sure of your changes commit them to the git repository and push them (test them first!). To build the package run debuild
debuild
This will generate the *.deb files in the parent directory.
Uploading Changes to Mirror
In the directory containing the *.deb and *.changes files run
dupload
Then ssh to mirror and run
sudo rrr-incoming
The package should now be uploaded and you can update in the usual way with apt-get/aptitude.