This is a repository for useful information for programmers who are new to CSCF.

Overview

Welcome to CSCF. Here are some hints, tips, and guidelines.

First Day

After your supervisor hires you in Workday, you should be able to log on and fill out any required forms as indicated.

Also, complete the following training modules:

Basic Setup

Microsoft Teams

  • Log in to Microsoft Teams at https://teams.microsoft.com/ using your userid@uwaterloo.ca account.
  • Let your supervisor know, and they can then request you're added to the CSCF team.

TWiki

Lots of our documentation is stored in this twiki.

  • Create a TWiki account with the display name FirstnameLastname, and login username as your Quest ID.
  • If you're unable to edit CSCF pages (such as this one), ask your supervisor to grant your account access.

Request Tracker

  • Log in to RT with your Quest login information.
  • You should be able to see CSCF tickets in the queue list. If not, ask your supervisor to grant you access.
  • We'll begin with an interactive session / demo and you can further familiarize yourself with the RT documentation here.

git.uwaterloo.ca

SSH Key

  • Log in to GitLab with your Quest login information
  • Click on your user icon and go to 'Settings'.
  • In the left sidebar, click on 'SSH Keys' and follow the linked instructions on generating an SSH key (under 'Add an SSH key').
  • On the same page, follow the instructions under 'Key' to add your public key. The key should then be visible at the bottom of the page.
  • If you're working on odyssey, give your supervisor your public key so they can grant you access to the odyssey-test server.

git setup and campus security

  • Most of our projects involve Personally Identifiable Information (PII) in some form or another, which is critical we keep private.
    • examples: client names, emails, student and staff ID numbers.
  • Best practice is not storing PII locally at all, and using fake data where possible. If this isn't possible, you have a duty to keep the PII private.
  • If you receive a .sql file with data to import, and it isn't part of a git repo, there is probably a good reason for it staying out of git.
    • Similarly for config files containing secrets such as passwords.
  • You must ensure that PII and secrets are not checked into a git repo and pushed to git.uwaterloo.ca
    • Best practice is deleting the .sql once it's been loaded. If you need to store it, keep .sql containing PII out of any directory kept in a git repo
    • If the PII needs to go within a directory that is checked in to git, you must add it to .gitignore
    • every time you git add, confirm that you're avoiding PII data
  • If you add PII to a git repo, or you discover PII or other secrets in a git repo, let your manager know.
    • the remedy will probably involve replacing the repo with a copy that does not include that commit; or if it's secrets such as passwords, changing them where ever they are used.
    • And if there is any chance PII has been downloaded outside our control, we have to have conversations with the campus privacy office

SCS "CS-General" account

  • A linux account has been provided on linux.cs.uwaterloo.ca - you can set the password by following https://cs.uwaterloo.ca/password/ (and the "Change my password" link)

SCS VPN

Connecting to the SCS VPN allows you access to campus resources as if you were on the CS network.

  • Setup instructions can be found here: https://vpn.cs.uwaterloo.ca/
  • If you're working on odyssey, and if your SSH connection request or browser connection to odyssey-test.uwaterloo.ca is timing out, check that you're connected to the VPN.

authman public key management

  • once you have CS VPN working, and you have a SSH public key generated for your userid, you can upload it to https://authman.uwaterloo.ca/, which will allow us to grant you access to various linux servers or accounts.
  • Follow the instructions on that page to upload your public key
  • read-access to the key will be available at the URL https://authman.uwaterloo.ca/keys/your_userid

Other training

Mac Environment Setup

Install VS Code.

You'll need a package manager. We recommend Homebrew. Follow the instructions on their site for installing into your user directory:

   /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

To install third-party libraries easily, install pip by running the following command:

   curl https://bootstrap.pypa.io/get-pip.py | python

Depending on the projects you'll be working on, you may be installing a Linux virtual machine, which means you'll proceed as directed by your manager (probably under "PHP" or "Python" below).

Linux Setup

TODO: update this for Ubuntu 20.04 (LTS).

Ubuntu 18.04 (LTS) should be mostly "good to go." However, for video services, we need to install ffmpeg packages.

$ sudo -s
[sudo] password for (user): 
root@RSG-PC280:~# apt-get install ffmpeg
[ many packages are displayed]
After this operation, 179 MB of additional disk space will be used.
Do you want to continue? [Y/n]
[say 'y']
[...]

Additionally:

  • apt-get install openssh-server
  • You should set up a firewall. A simple option is 'ufw':


$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow from 129.97.0.0/16 to any port ssh
$ sudo ufw allow proto tcp from 129.97.0.0/16 to any port 80,443
$ sudo ufw allow proto tcp from 172.16.0.0/16 to any port 80,443
$ sudo ufw allow proto tcp from 10.0.0.0/8 to any port 80,443
$ sudo ufw logging on
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    129.97.0.0/16             
80,443/tcp                 ALLOW IN    129.97.0.0/16             
80,443/tcp                 ALLOW IN    172.16.0.0/16             
80,443/tcp                 ALLOW IN    10.0.0.0/8                
$

Commands you should run above come after the '$' character, and is bold. The command output, not bold, should match as above. Any differences should be confirmed with your manager, as they might open connections from the wider internet.

The above commands set up a default deny (DROP) firewall for incoming connections, with all outbound connections allowed with state tracking. It adds SSH connections from the wired campus public network, and web access to both HTTP and HTTPS from the three campus networks (public and the two private).

The rest of the Linux setup is broken into whether you're going to be principally working on PHP or python applications.

PHP

See detailed notes about setting up Linux, Apache, MySQL, PHP, PHPMyAdmin, and a developer environment complete with debugging tools.

Python

If you're working on the Odyssey web application, see OdysseyCoopGuide .

If you're working on the Standardized Administration Tool (SAT), you'll be installing a virtual machine from instructions starting with the co-op guide at https://git.uwaterloo.ca/cscf/people-app

For other python dev, the following ubuntu packages will be a good start for developing in Python. (TODO: update for python 3)

  • Install git, psql, mysql, python-pip, phpmyadmin, phppgadmin, pyscopg2, python-memcache
    
            sudo apt-get update && sudo apt-get install git postgresql phppgadmin mysql-server phpmyadmin python-pip python-psycopg2 python-memcache sublime-text-installer
    - You will receive prompts to setup mysql root user and phpmyadmin server type (apache2) and admin user
  • Install python modules django 1.6, tastypie, south, requests, yaml, django-cas, prettyTable, numpy
            sudo pip install django==1.6 django-tastypie south pyyaml prettyTable numpy
    
            hg clone https://bitbucket.org/cpcc/django-cas
    
            cd django-cas && sudo python setup.py install 
    
            git clone https://github.com/joequery/requests-sslv3
    
            cd requests-sslv3 && sudo python setup.py install 

References

Chirag's TODO list:

Extras:

  • explanation/guide how to set up pages to be viewable to others--very useful knowledge to be able to show clients the current progress of the software.
  • Very brief section describing the network (i.e. what has access to the outside world, doesn't need to be detailed, but is helpful)
-- DanielAllen - 2015-01-30
Edit | Attach | Watch | Print version | History: r30 < r29 < r28 < r27 < r26 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r30 - 2021-05-03 - DanielAllen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback