This is a draft of a document on the architecture of ceo.

Getting

All of these components are available in source form in the the public/pyceo.git repository. The official Debian packages are on http://debian.csclub.uwaterloo.ca/. This server should be in the APT sources list of all club machines.

Architecture

Overview

The ceo ecosystem consists of the following components:

ceo

a command-line interface to various club-related administation functions

ceod

a Kerberized daemon responsible for executing tasks requiring special access (e.g. creating Kerberos principals or MySQL databases) on behalf of the user

ceoc

a client program used by ceo to send messages to ceod for execution

ceo

ceo is the user interface with which users interact. It is implemented in Python and presents a curses-based menu system (though some features can also be accessed by passing command-line flags). It is installed at /usr/bin/ceo by the ceo-python Debian package.

When launched, users may be prompted for their password. This is used to obtain a Kerberos ticket for the LDAP service if neither a service ticket nor ticket-granting ticket are found in the cache.

The following tasks are completed by creating a request which is relayed by ceoc and executed by ceod on the appropriate machine.

• Adding new users (members, club reps, clubs) is done on ginseng.
• Creating MySQL databases is done on caffeine since mysqld is configured to allow only local connections.

The library feature queries a PostgreSQL database; all other functions (at time of writing) are done over LDAP using the user's previously obtained ticket.