Ceo: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
(Redo member deletion and add membership change)
 
(33 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[[Image:Pyceo.png|thumb|300px|right|<tt>pyceo</tt>'s main menu screen]]
CEO is the CSC member creation and administration interface. CEO was originally written in perl by persons of mysterious-ness. CEO was re-written in python by Michael Spang in early 2007.

ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, was re-written in python by Michael Spang in early 2007, and re-written again (in Python) by Syscom in 2020-2021. The source-code for ceo can be found in git: [https://git.csclub.uwaterloo.ca/public/pyceo https://git.csclub.uwaterloo.ca/public/pyceo].

= Instructions/Usage =
ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator.
By default, a curses-based menu interface is presented. Use the arrow keys to navigate;
on many screens, pressing a letter will select the next menu item beginning with that letter.

=== Command-line Mode ===
Run <tt>ceo --help</tt> to see a list of command-line utilities.

== Adding a New Member ==
After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecting "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their WatIAM username, if applicable. For WatIAM users, the name and program fields will automatically be filled after a username is provided.

== Renewing/Extending a Membership ==
A membership can be renewed or extended by selecting "Renew Membership" in the ceo interface.

== Hosted Clubs ==
Clubs are hosted free of charge. To create a new club account use the "New Club" option in the ceo interface.

=== Club Representatives ===
At this time, there is no limit to the number of representatives a club may have, but representative accounts must be registered with the "New Club Rep" option, and renewed with the "Renew Club Rep" option.

=== Other Club Features ===
For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up.

= raymo's guide on how to fix things after screwing up =

== Changing a member to a nonmember (club rep) and vice-versa ==

ssh hfcs
kinit # if you don't already have <u>[[Kerberos#raymo's guide to keytabs|keytabs]]</u> set up
ldapvi -Y GSSAPI
Use <code>/<username></code> to search for the user in vi and change <code>term</code> to <code>nonMemberTerm</code> (or vice-versa) for the relevant terms. When you're done deleting the file should no longer contain the username. Save and quit (<code>:wq</code>) and press <code>y</code> when prompted.

== Deleting a member ==

* '''RULE: Never do this without good reason. We should NEVER delete accounts or groups that have been used before.'''

If you accidentally created a club rep as a regular member instead, see the [previous section|Ceo#Changing a member to a nonmember (club rep) and vice-versa]. For another reason that doesn't break the '''RULE''' above, first follow the steps in the change membership section above, up to and including <code>ldapvi</code>, then delete both the user and group LDAP records. These are separated by blank lines. When you're done deleting the file should no longer contain the username. Save and quit as if changing membership. Then:
ssh auth1
sudo kadmin.local
delprinc <username>
ssh phosphoric acid
sudo rm -rfI /users/<username>
Unsubscribe the user from [https://mailman.csclub.uwaterloo.ca/postorius/lists/syscom.csclub.uwaterloo.ca/members/member/ csc-general on mailman]


= Feature Requests and Ideas =
= Feature Requests and Ideas =


* Create a graphical and/or online version of ceo
* 'New member' should prompt for userid and then use uwldap to pre-fill name and program
* Add new members to fuse and plugdev groups
* Manage exec positions with ceo

** The positions should be stored in LDAP
= Contributing to CEO =
** CEO should prompt for each position (pre-filling with the current position holder)

** CEO should then update ldap and regenerate aliases
== Preliminary Steps ==
*** We would have an /etc/aliases.exec or something
=== Generate a GPG Key ===
** The exec xml would be auto-generated from LDAP
In order to sign the ceo packages you will need to generate yourself a GPG key if you do not already have one. Assuming you do not run
* 'Register for a term' should pre-fill term with the current term [done, but the "first future unregistered term" rather than the next term]

* Manage office staff and syscom
gpg --gen-key
* Integrate club creation and sudo management

* Create a graphical version of CEO
Choose option (2) DSA (sign only). Choose no expiration when prompted and then your full name and email when asked. It will ask you to confirm the information and then for a passphrase.

=== Add Your Key To Mirror ===
ssh mirror.csclub.uwaterloo.ca
gpg --list-keys

Locate the 8-character id string. For example "16E37635" in
/users/m2ellis/.gnupg/pubring.gpg
---------------------------------
pub 1024D/'''16E37635''' 2010-08-19
uid Michael Ellis <m2ellis@csclub.uwaterloo.ca>

Now you must add this id into the file /srv/debian/conf/uploaders on mirror
sudo vim /srv/debian/conf/uploaders

Now in another terminal run
gpg --export --armor $KEYID

Now on mirror run
sudo -s
GNUPGHOME=/srv/debian/gpg gpg --import

Then paste the output from gpg --export --armor $KEYID and end with CTRL-D. It should give you a confirmation, example
gpg: key 16E37635: public key "Michael Ellis <m2ellis@csclub.uwaterloo.ca>" imported
gpg: Total number processed: 1
gpg: imported: 1

== Making Changes ==
The source-code for ceo can be found in git: [http://git.csclub.uwaterloo.ca/?p=public/pyceo.git;a=summary csclub:/users/git/public/pyceo.git]. To checkout the code run

git clone ~git/public/pyceo.git

When you are done making your change you need to update the changelog with dch. Assuming this is a minor incremental change run

dch -i

Add a description of your change and then save and quit. Once you are sure of your changes commit them to the git repository and push them (test them first!). To build the package run debuild

debuild

This will generate the *.deb files in the parent directory.

=== Uploading Changes to Mirror ===

In the directory containing the *.deb and *.changes files run
dupload

Then ssh to mirror and run
sudo rrr-incoming


The package should now be uploaded and you can update in the usual way with apt-get/aptitude.
= Magnetic Strip Member Card Proposal =


[[Category:Software]]
Another idea for the CSC is to have a magnetic strip (MagStripe), membership
card which stores part of the account data on the card. CEO and our existing
library system can integrate with the card allowing member renewals to occur
with the swipe of a card, or library books getting checked in/out via a card
swipe. We may wish to have magstripe integration within CEO in the future.

Latest revision as of 17:52, 20 January 2022

pyceo's main menu screen

ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, was re-written in python by Michael Spang in early 2007, and re-written again (in Python) by Syscom in 2020-2021. The source-code for ceo can be found in git: https://git.csclub.uwaterloo.ca/public/pyceo.

Instructions/Usage

ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator. By default, a curses-based menu interface is presented. Use the arrow keys to navigate; on many screens, pressing a letter will select the next menu item beginning with that letter.

Command-line Mode

Run ceo --help to see a list of command-line utilities.

Adding a New Member

After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecting "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their WatIAM username, if applicable. For WatIAM users, the name and program fields will automatically be filled after a username is provided.

Renewing/Extending a Membership

A membership can be renewed or extended by selecting "Renew Membership" in the ceo interface.

Hosted Clubs

Clubs are hosted free of charge. To create a new club account use the "New Club" option in the ceo interface.

Club Representatives

At this time, there is no limit to the number of representatives a club may have, but representative accounts must be registered with the "New Club Rep" option, and renewed with the "Renew Club Rep" option.

Other Club Features

For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up.

raymo's guide on how to fix things after screwing up

Changing a member to a nonmember (club rep) and vice-versa

ssh hfcs
kinit # if you don't already have keytabs set up
ldapvi -Y GSSAPI

Use /<username> to search for the user in vi and change term to nonMemberTerm (or vice-versa) for the relevant terms. When you're done deleting the file should no longer contain the username. Save and quit (:wq) and press y when prompted.

Deleting a member

  • RULE: Never do this without good reason. We should NEVER delete accounts or groups that have been used before.

If you accidentally created a club rep as a regular member instead, see the [previous section|Ceo#Changing a member to a nonmember (club rep) and vice-versa]. For another reason that doesn't break the RULE above, first follow the steps in the change membership section above, up to and including ldapvi, then delete both the user and group LDAP records. These are separated by blank lines. When you're done deleting the file should no longer contain the username. Save and quit as if changing membership. Then:

ssh auth1
sudo kadmin.local
delprinc <username>
ssh phosphoric acid
sudo rm -rfI /users/<username>

Unsubscribe the user from csc-general on mailman

Feature Requests and Ideas

  • Create a graphical and/or online version of ceo
  • Add new members to fuse and plugdev groups

Contributing to CEO

Preliminary Steps

Generate a GPG Key

In order to sign the ceo packages you will need to generate yourself a GPG key if you do not already have one. Assuming you do not run

gpg --gen-key

Choose option (2) DSA (sign only). Choose no expiration when prompted and then your full name and email when asked. It will ask you to confirm the information and then for a passphrase.

Add Your Key To Mirror

ssh mirror.csclub.uwaterloo.ca
gpg --list-keys

Locate the 8-character id string. For example "16E37635" in

/users/m2ellis/.gnupg/pubring.gpg
---------------------------------
pub   1024D/16E37635 2010-08-19
uid                  Michael Ellis <m2ellis@csclub.uwaterloo.ca>

Now you must add this id into the file /srv/debian/conf/uploaders on mirror

sudo vim /srv/debian/conf/uploaders

Now in another terminal run

gpg --export --armor $KEYID

Now on mirror run

sudo -s
GNUPGHOME=/srv/debian/gpg gpg --import

Then paste the output from gpg --export --armor $KEYID and end with CTRL-D. It should give you a confirmation, example

gpg: key 16E37635: public key "Michael Ellis <m2ellis@csclub.uwaterloo.ca>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Making Changes

The source-code for ceo can be found in git: csclub:/users/git/public/pyceo.git. To checkout the code run

git clone ~git/public/pyceo.git

When you are done making your change you need to update the changelog with dch. Assuming this is a minor incremental change run

dch -i

Add a description of your change and then save and quit. Once you are sure of your changes commit them to the git repository and push them (test them first!). To build the package run debuild

debuild

This will generate the *.deb files in the parent directory.

Uploading Changes to Mirror

In the directory containing the *.deb and *.changes files run

dupload

Then ssh to mirror and run

sudo rrr-incoming

The package should now be uploaded and you can update in the usual way with apt-get/aptitude.