Difference between revisions of "Ceo"

From CSCWiki
Jump to navigation Jump to search
(both of these features appear to be implemented in the latest HEAD of public/pyceo.git)
(Redo member deletion and add membership change)
 
(15 intermediate revisions by 3 users not shown)
Line 1: Line 1:
  +
[[Image:Pyceo.png|thumb|300px|right|<tt>pyceo</tt>'s main menu screen]]
ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, and was re-written in python by Michael Spang in early 2007. The source-code for ceo can be found in git: csclub:/users/git/public/pyceo.git.
 
  +
 
ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, was re-written in python by Michael Spang in early 2007, and re-written again (in Python) by Syscom in 2020-2021. The source-code for ceo can be found in git: [https://git.csclub.uwaterloo.ca/public/pyceo https://git.csclub.uwaterloo.ca/public/pyceo].
   
 
= Instructions/Usage =
 
= Instructions/Usage =
 
ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator.
 
ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator.
  +
By default, a curses-based menu interface is presented. Use the arrow keys to navigate;
  +
on many screens, pressing a letter will select the next menu item beginning with that letter.
   
 
=== Command-line Mode ===
 
=== Command-line Mode ===
Run ceo --help to see a list of command-line utilities.
+
Run <tt>ceo --help</tt> to see a list of command-line utilities.
   
 
== Adding a New Member ==
 
== Adding a New Member ==
After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecing "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their NEXUS username, if applicable. For NEXUS users, the name and program fields will automatically be filled after a username is provided.
+
After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecting "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their WatIAM username, if applicable. For WatIAM users, the name and program fields will automatically be filled after a username is provided.
   
 
== Renewing/Extending a Membership ==
 
== Renewing/Extending a Membership ==
Line 21: Line 25:
 
=== Other Club Features ===
 
=== Other Club Features ===
 
For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up.
 
For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up.
  +
  +
= raymo's guide on how to fix things after screwing up =
  +
  +
== Changing a member to a nonmember (club rep) and vice-versa ==
  +
  +
ssh hfcs
  +
kinit # if you don't already have <u>[[Kerberos#raymo's guide to keytabs|keytabs]]</u> set up
  +
ldapvi -Y GSSAPI
  +
Use <code>/<username></code> to search for the user in vi and change <code>term</code> to <code>nonMemberTerm</code> (or vice-versa) for the relevant terms. When you're done deleting the file should no longer contain the username. Save and quit (<code>:wq</code>) and press <code>y</code> when prompted.
  +
  +
== Deleting a member ==
  +
  +
* '''RULE: Never do this without good reason. We should NEVER delete accounts or groups that have been used before.'''
  +
  +
If you accidentally created a club rep as a regular member instead, see the [previous section|Ceo#Changing a member to a nonmember (club rep) and vice-versa]. For another reason that doesn't break the '''RULE''' above, first follow the steps in the change membership section above, up to and including <code>ldapvi</code>, then delete both the user and group LDAP records. These are separated by blank lines. When you're done deleting the file should no longer contain the username. Save and quit as if changing membership. Then:
  +
ssh auth1
  +
sudo kadmin.local
  +
delprinc <username>
  +
ssh phosphoric acid
  +
sudo rm -rfI /users/<username>
  +
Unsubscribe the user from [https://mailman.csclub.uwaterloo.ca/postorius/lists/syscom.csclub.uwaterloo.ca/members/member/ csc-general on mailman]
   
 
= Feature Requests and Ideas =
 
= Feature Requests and Ideas =
   
* Manage exec, positions, syscom, etc... aliases in /etc/aliases
 
 
* Create a graphical and/or online version of ceo
 
* Create a graphical and/or online version of ceo
 
* Add new members to fuse and plugdev groups
 
* Add new members to fuse and plugdev groups
  +
  +
= Contributing to CEO =
  +
  +
== Preliminary Steps ==
  +
=== Generate a GPG Key ===
  +
In order to sign the ceo packages you will need to generate yourself a GPG key if you do not already have one. Assuming you do not run
  +
  +
gpg --gen-key
  +
  +
Choose option (2) DSA (sign only). Choose no expiration when prompted and then your full name and email when asked. It will ask you to confirm the information and then for a passphrase.
  +
  +
=== Add Your Key To Mirror ===
  +
ssh mirror.csclub.uwaterloo.ca
  +
gpg --list-keys
  +
  +
Locate the 8-character id string. For example "16E37635" in
  +
/users/m2ellis/.gnupg/pubring.gpg
  +
---------------------------------
  +
pub 1024D/'''16E37635''' 2010-08-19
  +
uid Michael Ellis <m2ellis@csclub.uwaterloo.ca>
  +
  +
Now you must add this id into the file /srv/debian/conf/uploaders on mirror
  +
sudo vim /srv/debian/conf/uploaders
  +
  +
Now in another terminal run
  +
gpg --export --armor $KEYID
  +
  +
Now on mirror run
  +
sudo -s
  +
GNUPGHOME=/srv/debian/gpg gpg --import
  +
  +
Then paste the output from gpg --export --armor $KEYID and end with CTRL-D. It should give you a confirmation, example
  +
gpg: key 16E37635: public key "Michael Ellis <m2ellis@csclub.uwaterloo.ca>" imported
  +
gpg: Total number processed: 1
  +
gpg: imported: 1
  +
  +
== Making Changes ==
  +
The source-code for ceo can be found in git: [http://git.csclub.uwaterloo.ca/?p=public/pyceo.git;a=summary csclub:/users/git/public/pyceo.git]. To checkout the code run
  +
  +
git clone ~git/public/pyceo.git
  +
  +
When you are done making your change you need to update the changelog with dch. Assuming this is a minor incremental change run
  +
  +
dch -i
  +
  +
Add a description of your change and then save and quit. Once you are sure of your changes commit them to the git repository and push them (test them first!). To build the package run debuild
  +
  +
debuild
  +
  +
This will generate the *.deb files in the parent directory.
  +
  +
=== Uploading Changes to Mirror ===
  +
  +
In the directory containing the *.deb and *.changes files run
  +
dupload
  +
  +
Then ssh to mirror and run
  +
sudo rrr-incoming
  +
  +
The package should now be uploaded and you can update in the usual way with apt-get/aptitude.
   
 
[[Category:Software]]
 
[[Category:Software]]

Latest revision as of 17:52, 20 January 2022

pyceo's main menu screen

ceo is the CSC member creation and administration interface. It was originally written in perl by persons of mysterious-ness, was re-written in python by Michael Spang in early 2007, and re-written again (in Python) by Syscom in 2020-2021. The source-code for ceo can be found in git: https://git.csclub.uwaterloo.ca/public/pyceo.

Instructions/Usage

ceo can be accessed by running the "ceo" command from a terminal, or terminal emulator. By default, a curses-based menu interface is presented. Use the arrow keys to navigate; on many screens, pressing a letter will select the next menu item beginning with that letter.

Command-line Mode

Run ceo --help to see a list of command-line utilities.

Adding a New Member

After a new member has paid the membership fee and signed the Machine Usage Policy forms, a new member account is added to the CSC system by selecting "New Member" in ceo and following the on-screen instructions. The new member's username is to be identical to their WatIAM username, if applicable. For WatIAM users, the name and program fields will automatically be filled after a username is provided.

Renewing/Extending a Membership

A membership can be renewed or extended by selecting "Renew Membership" in the ceo interface.

Hosted Clubs

Clubs are hosted free of charge. To create a new club account use the "New Club" option in the ceo interface.

Club Representatives

At this time, there is no limit to the number of representatives a club may have, but representative accounts must be registered with the "New Club Rep" option, and renewed with the "Renew Club Rep" option.

Other Club Features

For access to features beyond basic hosting (ie, databases), one of the club representatives will need to email the Systems Committee to have this set up.

raymo's guide on how to fix things after screwing up

Changing a member to a nonmember (club rep) and vice-versa

ssh hfcs
kinit # if you don't already have keytabs set up
ldapvi -Y GSSAPI

Use /<username> to search for the user in vi and change term to nonMemberTerm (or vice-versa) for the relevant terms. When you're done deleting the file should no longer contain the username. Save and quit (:wq) and press y when prompted.

Deleting a member

  • RULE: Never do this without good reason. We should NEVER delete accounts or groups that have been used before.

If you accidentally created a club rep as a regular member instead, see the [previous section|Ceo#Changing a member to a nonmember (club rep) and vice-versa]. For another reason that doesn't break the RULE above, first follow the steps in the change membership section above, up to and including ldapvi, then delete both the user and group LDAP records. These are separated by blank lines. When you're done deleting the file should no longer contain the username. Save and quit as if changing membership. Then:

ssh auth1
sudo kadmin.local
delprinc <username>
ssh phosphoric acid
sudo rm -rfI /users/<username>

Unsubscribe the user from csc-general on mailman

Feature Requests and Ideas

  • Create a graphical and/or online version of ceo
  • Add new members to fuse and plugdev groups

Contributing to CEO

Preliminary Steps

Generate a GPG Key

In order to sign the ceo packages you will need to generate yourself a GPG key if you do not already have one. Assuming you do not run

gpg --gen-key

Choose option (2) DSA (sign only). Choose no expiration when prompted and then your full name and email when asked. It will ask you to confirm the information and then for a passphrase.

Add Your Key To Mirror

ssh mirror.csclub.uwaterloo.ca
gpg --list-keys

Locate the 8-character id string. For example "16E37635" in

/users/m2ellis/.gnupg/pubring.gpg
---------------------------------
pub   1024D/16E37635 2010-08-19
uid                  Michael Ellis <m2ellis@csclub.uwaterloo.ca>

Now you must add this id into the file /srv/debian/conf/uploaders on mirror

sudo vim /srv/debian/conf/uploaders

Now in another terminal run

gpg --export --armor $KEYID

Now on mirror run

sudo -s
GNUPGHOME=/srv/debian/gpg gpg --import

Then paste the output from gpg --export --armor $KEYID and end with CTRL-D. It should give you a confirmation, example

gpg: key 16E37635: public key "Michael Ellis <m2ellis@csclub.uwaterloo.ca>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Making Changes

The source-code for ceo can be found in git: csclub:/users/git/public/pyceo.git. To checkout the code run

git clone ~git/public/pyceo.git

When you are done making your change you need to update the changelog with dch. Assuming this is a minor incremental change run

dch -i

Add a description of your change and then save and quit. Once you are sure of your changes commit them to the git repository and push them (test them first!). To build the package run debuild

debuild

This will generate the *.deb files in the parent directory.

Uploading Changes to Mirror

In the directory containing the *.deb and *.changes files run

dupload

Then ssh to mirror and run

sudo rrr-incoming

The package should now be uploaded and you can update in the usual way with apt-get/aptitude.