Transcript Legal Aid of Nebraska

Presentation by:
Alex Clark, IT Ma
Stop Paying for Your Case
Management System and
Embrace Community Support
Technology Initiative Grant
Conference
San Antonio, TX,
01/11/2017
Creative Commons 0
Presentation by:
Alex Clark, IT Ma
Pika/OCM as a Model for a Free,
Open Source, and DIY Case
Management Model
Bio
• With Legal Aid of Nebraska for about 4
years. About half the time as an
attorney, and half the time as an IT
manager.
• MCP, CompTIA Security+, SNIA Storage+
• Although Legal Aid of Nebraska makes
very heavy use of Microsoft software,
hardware, and cloud services, I am a
huge advocate of open source software,
and primarily a GNU/Linux user in my
personal life.
Overview
• What is Free Software?
• Why Do I Like Free Software so Much?
• Why You Should Consider Managing Your
own Case Management Server (As
Opposed to Outsourcing Management)
• Walkthrough Time:
– Spinning up the server
– Setting up a LAMP stack
– Installing OCM
– HTTPS Certificate Setup
Overview
• If We Have time:
– Different-Cloud-Service Backups
– Explanation of how OCM Templating
and Customization System Works and
General Structure/Design of the OCM
Back-End
• I expect to run out of time and will cut
the hands-on demo a little short to begin
skimming the rest of the presentation.
What is Free Software?
• Sometimes called “Open Source”
software.
– Sometimes this confuses people who
think you’re talking about “auditable
code.”
• It’s software licensed in such a way that
users have the freedom to:
– run,
– copy,
– distribute,
– study,
– change,
– and improve the software.
What is Free Software?
• It has more to do with freedom than
price.
• Many businesses sell free software.
• This is okay so long as their customers
can redistribute it freely, including
selling it or giving it away.
• Think “free as in freedom”, not “free as
in beer.”
– Very often (99.9999% of the time), the
primary or sole method of distribution
is also “free as in beer.”
– Because as soon as you sell free
software to your first customer, your
first customer has the freedom to
What is Free Software?
• There are examples of software where the software is
free, but goes by a trademarked name, with alternatenamed community versions.
• Red Hat/Fedora Linux is most well-known:
What is Free Software?
• Sometimes there will be two versions of software, and
neither version is ever charged for, but the developer
wants to restrict use of a trademarked name in some
way, or the open source version is always the base
project:
What is Free Software?
• Aaron Worley and Pika Software, LLC announced last
year at TIG that they were doing something similar:
What is Free Software?
• Technically I think the managed-hosting version is called
Pika and the Open Source version is called OCM, but
Pika Software, LLC does not seem to concerned about
branding at this time, and the Pika name and logo is not
scrubbed from the OCM source code repository.
• New versions only.
What is Free Software?
• Anybody can make their own “version” of a piece of free
software and call it whatever they please, but the norm
is to respect the names as trademarks, even if the
developer is not aggressive about it:
Why is Free Software so Great?
• It’s great because of lower cost,
accountability in terms of security, no
vendor “lock in”, and often better
quality.
• I think that there is something to be said
in the way of shared philosophy and
attitudes behind the ideas of legal aid
and access to justice and the free
software movement.
– If something is beneficial to society
and improves quality of life, shouldn’t
we work to make it available to as
many people as we can?
Why is Free Software so Great?
• Free software can help break cycles of
poverty by closing the digital divide
faster, reducing the barrier to entry for
the tech industry.
• Compare a poor teenager growing up in
the 1970s or 1980s wanted to learn how
to administer servers (IBM mainframe),
they would face huge obstacles.
• Today, they can learn this at any library
and on cheap hardware
Why is Free Software so Great?
• The next “killer app” that makes the
justice system easier to understand and
more accessible, or legal aid more
efficient might not come from a
powerhouse like Microsoft or Apple or
Google.
• It might be written by one of our clients.
Why is Free Software so Great?
• No vendor lock-in.
• Doesn’t meet your needs? You can
change it or pay someone to change it.
• Control over the server it runs on rather
than just “software as a service.”
• Sometimes significant cost savings.
Website content management system
that costs $100 per month vs one that
costs around $100 per year.
• It’s the future. More and more
companies are choosing to release
software as open source and just charge
for support/further development. Even
Why DIY Case Management
• I can tell you why we’re doing this soon:
– Cost (regular and customization costs)
– Control
– Innovation
• Before: online intake bridge
• Justice Scraper
• UNL Senior Design Studio Project
Why DIY Case Management
• I can tell you why we’re doing this soon:
– Shorter feedback channels.
Paralegals talking directly to me, and
I do customization.
– Availability
– Accountability
– If interested, can perhaps help
smaller third-party organizations set
up so you can transfer cases smoothly.
Why Not?
• If in-house IT not comfortable with Linux
server administration.
• Time
• Assuming all the risk, can’t point fingers.
• Support more difficult/expensive if you
get really stuck.
• Will make sense for some organizations,
but not for others.
Walkthrough
•
•
•
•
•
•
Spinning up the server
Setting up a LAMP stack
Installing OCM
HTTPS Certificate Setup
Different-Cloud-Service Backups
Explanation of how OCM Templating and
Customization System Works and General
Structure/Design of the OCM Back-End
Spinning Up a Server
– Choose a virtual private server host
like Amazon EC2 or Digital Ocean.
– On Digital Ocean, to set up pick
CentOS and for setup, at least the
$10/month option.
Spinning Up a Server
– Choose a virtual private server host
like Amazon EC2 or Digital Ocean.
– On Digital Ocean, to set up pick
CentOS and for setup, at least the
$10/month option.
Spinning Up a Server
• Pick a backup option, but be aware of
limitations.
• On Digital Ocean will get an email with
root password which you will be forced
to change.
Spinning Up a Server
• For the demo I’ve already created the
servers and changed the root password
to #tig2017
• Putty:
– http://7.ly/pGzk
• IP Addresses:
– 104.236.53.207 (last night)
– 104.236.76.177 (presenter)
– 104.236.79.120 (volunteer)
– 104.236.101.195 (volunteer)
– 104.236.207.11 (volunteer)
• Volunteers???
Disabling Root Login
• adduser demo
• passwd demo
• gpasswd –a demo wheel
Setting up a LAMP Stack
• LAMP stands for Linux, Apache, MySQL,
PHP
• It’s a common configuration for Linuxbased web application servers.
• Before going any further, log out and
log back in as your regular user.
• From here on out, we’re going to
execute all commands that require root
(admin) access with “sudo” which allows
a regular user to run one command at a
time with elevated privileges. It’s a good
habit to not do everything as root and
it’ll help you troubleshoot other
privilege issues if you run into them
later.
Setting Up a LAMP Stack
• sudo yum install httpd
• You’ll see some messages as the server
makes sure it knows where to install
Apache from, and any other software
that needs to be installed. It will ask you
if it’s okay to proceed. Enter a y for yes
and hit enter.
Setting up a LAMP Stack
• Next, let’s start Apache just to make sure
it’s working:
• sudo systemctl start httpd.service
• Pull up a web browser and enter
http://your_server_ip_address_here
and you should see the Apache test
page:
Setting up a LAMP Stack
• Assuming it works, let’s make sure it
starts on boot:
• sudo systemctl enable httpd.service
Setting up a Database
• Next let’s install a database. MariaDB
and MySQL are syntax-compatible
databases and I recommend using
MariaDB over MySQL for various reasons,
including MariaDB being more open.
More info: https://seravo.fi/2015/10reasons-to-migrate-to-mariadb-if-stillusing-mysql
• sudo yum install mariadb-server
mariadb
• Again, you’ll be asked for confirmation
that you want to do this, and see some
messages scroll across the screen. If it
finishes with any errors, you’ll want to
research and resolve these before
continuing. To start Mariadb, type
Setting up a Database
• Both MySQL and MariaDB come with a
script that should be run that makes the
database a bit more secure than the way
it is set up by default:
• sudo mysql_secure_installation
• The prompt will ask you for your current
root password for your database. Since
you just installed it, it will be blank, so
just hit enter. Then it will ask if you
want to set a password. Go ahead and
hit y and follow the prompts
Setting up a Database
• For the rest of the questions, you should
simply hit the "ENTER" key through each
prompt to accept the default values. This
will remove some sample users and
databases, disable remote root logins,
and load these new rules so that MySQL
immediately respects the changes we
have made.
Setting up a Database
• For the rest of the questions, you should
simply hit the "ENTER" key through each
prompt to accept the default values. This
will remove some sample users and
databases, disable remote root logins,
and load these new rules so that MySQL
immediately respects the changes we
have made.
• The last thing you want to do is enable
MariaDB/MySQL to start on boot:
– sudo systemctl enable
mariadb.service
Setting up PHP
• We are done now with the LAM in LAMP.
• That means we’ve set up a server
running CentOS Linux, and loaded it up
with web server software and database
software.
• PHP is a programming language (and a
little bit old) used for writing dynamic
web applications.
• Install it with:
– sudo yum install php php-mysql
• Then restart with:
– sudo systemctl restart httpd.service
Setting up PHP
• Next, install the following php modules
by typing:
– sudo yum install php-mysql php-cli
php-xml php-mcrypt php-mbstring
php-soap
• Finally we need to install a module
called mod_ssl
– sudo yum install mod_ssl
Setting up PHP
• At this point, I recommend testing to
make sure php is working by creating
an info.php file:
• sudo touch /var/www/html/info.php
• sudo sh -c 'echo "<?php phpinfo(); ?>"
>> /var/www/html/info.php'
Setting up PHP
• You could also save <?php phpinfo(); ?>
into the file using a text editor, but by
default the only one installed on CentOS
will be VI, which has a learning curve.
You can however install a more userfriendly one called Nano with:
sudo yum install nano
• Test that php is working by opening a
web browser and navigating to:
• http://your_ip_address_here/info.php.
You should see a page that looks like
the image on the next slide.
Setting up PHP
Installing OCM
• Before even grabbing a copy of OCM,
we’re going to make an empty database
called cms. To do this, we’ll connect to
the database’s command line console
with:
• mysql –uroot –p
• create database cms;
• exit
Installing OCM
• At this point, we are ready to download
and start setting up OCM itself, with one
last step because CentOS doesn’t actually
come with a program to decompress a
zip file:
• sudo yum install zip
• sudo yum install unzip
• Get OCM with:
• wget
https://github.com/aworley/ocm/archi
ve/master.zip
• Unzip it with:
• unzip master.zip
Installing OCM
• Enter the ocm-master directory and look
at what has been unpacked. We need to
move cms and cms-custom:
Installing OCM
• At this point, if you were just following
the instructions on the repo, you would
probably get stuck.
• I did.
• The problem is that the command in the
instructions assumes you’re logged in as
root, and that you want to log into your
database as root, so if you’re not doing
that (as I wasn’t), you’ll get an error.
Installing OCM
• Also, the new_install.sql is mixing
MyISAM and InnoDB engine types, which
causes an error referring to FULLTEXT
indices. So we’re going to fix it with the
following commands:
• sudo sed -i -e 's/INNODB/MyISAM/g'
/var/www/html/cms/app/sql/install/
new_install.sql
• sudo sed -i -e 's/InnoDB/MyISAM/g'
/var/www/html/cms/app/sql/install/
new_install.sql
Installing OCM
• Also, the new_install.sql is mixing
MyISAM and InnoDB engine types, which
causes an error referring to FULLTEXT
indices. So we’re going to fix it with the
following commands:
• sudo sed -i -e 's/INNODB/MyISAM/g'
/var/www/html/cms/app/sql/install/
new_install.sql
• sudo sed -i -e 's/InnoDB/MyISAM/g'
/var/www/html/cms/app/sql/install/
new_install.sql
Installing OCM
• Now we’ll set up the OCM database with the
following command:
• sudo cat
/var/www/html/cms/app/sql/install/new_i
nstall.sql | mysql -uroot -p cms
• At this point, you need to edit the config file at
/var/www/html/cmscustom/config/settings.php to enter a valid
username and password so that OCM can
connect to the database.
• I ran into a snag once at this stage when I
used a password with a dollar sign in the
middle of it because of the way that php looks
for variables (denoted with dollar signs)
within text strings.
• The empty config file is set up with double
Installing OCM
• If you’re not comfortable using vi, installing
nano is going to help here.
• sudo nano /var/www/html/cmscustom/config/settings.php
Installing OCM
• At this point, the instructions in the repository
say to pull up
https://your_ip_address_here/cms/ and you
should see the login page. I got a “connection
refused” error in Chrome, and found that I
needed to do a restart of Apache to get it
working:
• sudo systemctl restart httpd.service
Installing OCM
• If you see any errors on this page (in
particular, one that says that it couldn’t
connect to the database), you should resolve
those errors before proceeding.
• Note also that you will get a browser warning
about the SSL certificate for the site not being
trusted. We’ll address that later.
• Next, we’re going to log into the database and
set a password for a system user.
Installing OCM
update users set username='system',
password=MD5('#tig2017');
OCM is Installed
• Next you can try to log in, and if all goes well,
you should see this:
HTTPS Certificate Setup
• Exit the MariaDB console by typing exit if you
haven’t already. The last thing we’re going to
do before delving into customization is finish
setting up SSL.
• You’ll want to log into whatever system you
use for managing your domains and
subdomains.
• This might by your registrar (i.e., Google
Domains, Network Solutions, GoDaddy), or it
might be a third party service like DNSPark.
HTTPS Certificate Setup
• You’ll want to make up a subdomain and add
an “A” record connecting that subdomain to
the IP address for your new server.
• It might take time to allow the records to
propogate to DNS servers.
• Once it does, you should now be able to access
your cms at
https://subdomainyouchose.yourdomainname
.org/cms.
• Again, you’ll get errors related to the a
missing certificate.
• We’re going to set up a certificate with Let’s
Encrypt.
HTTPS Certificate Setup
• We need to set up virtual hosts for the domain
first. Begin by executing the following
commands:
– cd /etc/httpd
– sudo mkdir /etc/httpd/sites-available
– sudo mkdir /etc/httpd/sites-enabled
– sudo nano /etc/httpd/conf/httpd.conf
• Within the httpd.conf file you need to add the
following line at the bottom:
– IncludeOptional sites-enabled/*.conf
HTTPS Certificate Setup
• Next you need to create and edit a new virtual
host configuration file:
• sudo nano /etc/httpd/sitesavailable/yoursubdomain.yourdomainname.c
om.conf
• Add the following content to the file,
• <VirtualHost *:80>
•
ServerName
yoursubdomain.yourdomainname.org
•
ServerAlias
yoursubdomain.yourdomainname.org
•
DocumentRoot /var/www/html/
HTTPS Certificate Setup
• Save and exit the file.
• Next run the following command:
• sudo ln -s /etc/httpd/sites-available/
yoursubdomain.yourdomainname.org.conf
/etc/httpd/sites-enabled/
yoursubdomain.yourdomainname.org.conf
• Restart Apache:
• sudo systemctl restart httpd.service
HTTPS Certificate Setup
• Now let’s get the Let’s Encrypt certbot and start
the process
• cd /usr/local/sbin
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x /usr/local/sbin/certbotauto
sudo /usr/local/sbin/certbot-auto --apache d subdomainyouchose.yourdomainrpname.org
• While developing this guide, I found that the
last command would not run on a machine
with only 512mb of ram.
• GCC compiler was running out of memory
while trying to set everything up, and gave a
pretty useless error message.
HTTPS Certificate Setup
• Let’s Encrypt is automated and only asks you a
couple questions.
•
HTTPS Certificate Setup
• It will also ask if you want to force the use of
https.
• I think OCM enforces this on its own, but select
“secure” just in case.
• At this point, if you pull up
https://subdomainyouchose.yourdomainname
.org/cms/, https should be working properly
with a valid certification.
OCM Customization and Structure
• Customization of OCM is covered in more detail
in
https://github.com/aworley/ocm/wiki/Admi
n-Manual---Customization and
https://github.com/aworley/ocm/wiki/Admi
n-Manual---HTML-Fields-and-Template-Tags
• A few notes:
– It’s critical to understand the structure of
OCM and have a solid grasp of relational
databases before you begin customizing
anything or you risk damaging the
structural soundness and logic of the
database underlying your case
management system.
OCM Customization and Structure
• Customization of OCM is covered in more detail
in
https://github.com/aworley/ocm/wiki/Admi
n-Manual---Customization and
https://github.com/aworley/ocm/wiki/Admi
n-Manual---HTML-Fields-and-Template-Tags
• It’s critical to understand the structure of OCM
and have a solid grasp of relational databases
before you begin customizing anything.
• If you don’t, you risk damaging the structural
soundness and logic of the database
underlying your case management system.
OCM Customization and Structure
• The underlying structure of Pika/OCM has
three kinds of tables:
– Type 1: Underlying Structure Tables.
– Type 2: “Codes” tables.
– Type 3: The Activities, Contacts, and Cases
tables
•
OCM Customization and Structure
• Underlying structure tables:
– Stores things like user account information,
session information, counters, the message
of the day.
– There is some case-related information in
this category, like the document storage or
conflicts of interest or alias tables.
– For the most part, don’t touch.
•
OCM Customization and Structure
• Codes Tables:
– These tables enumerate valid values for
data to be stored in other fields.
– These are the tables that store the
dropdown menus, but also zip codes for the
zipcode lookup.
– If you add a cases, contacts, or activities
field and you want its values to be limited
to enumerated values in a dropdown, these
enumerated values need to be in their own
“codes table”
OCM Customization and Structure
• The “actual data” tables are the contacts,
cases, and activities tables. Everything else just
supports their functioning.
• These are the tables that you actually pull
reports in MegaReport from.
• They are, for the most part, the tables that
need to be altered in order for you to track
custom information in custom fields.
OCM Customization and Structure
• Let’s add a custom field. We’re going to add a
“Pet’s name” field to the client contact card,
so that if a client has a dog or a cat, you have
somewhere to record that information.
• For pet name, connect to the database and
enter the following command:
• ALTER TABLE contacts ADD pet_name
varchar(15);
OCM Customization and Structure
• Let’s add a custom field. We’re going to add a
“Pet’s name” field to the client contact card,
so that if a client has a dog or a cat, you have
somewhere to record that information.
• For pet name, connect to the database and
enter the following command:
• ALTER TABLE contacts ADD pet_name
varchar(15);
• Now we’re ready to customize the template.
• Remember how there’s a cms directory and a
cms-custom directory?
OCM Customization and Structure
• Most customization you do should be done in
the cms-custom directory structure. So let’s
copy the files we’re going to customize to the
cms-custom directory structure:
– mkdir /var/www/html/cms-custom/subtemplates
– cp
/var/www/html/cms/subtemplates/contact_full.
html /var/www/html/cms-custom/subtemplates
– cd /var/www/html/cms-custom/subtemplates/
– nano /var/www/html/cmscustom/subtemplates/contact_full.html
OCM Customization and Structure
• Let’s add this field right below the Frail/Needy
checkbox:
• The Admin manual explains the %%[]%%
templating system.
OCM Customization and Structure
• Make sure that values entered are being saved
when you hit the save button and reload the
card.
Questions?
•
• Questions? Comments?
• Contact: [email protected], 402502-7254
• http://sched.co/8ydK