fic/server
2
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

Document backend launch

Browse Source
This commit is contained in:
nemunaire 2014-11-21 12:47:10 +01:00
parent 016d530b57
commit 6c69867bcc
1 changed files with 49 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
README.md
View File

@ -34,6 +34,14 @@ Use `docker ps` to view to which local ports was assigned the contained
webserver.
### Database
Demo data are available in `/var/www/fic-server/db/feed.sql`. In test
environment, you can run the following command:
mysql -u root fic < /var/www/fic-server/db/feed.sql
Production Environnement
------------------------
@ -88,6 +96,18 @@ CONNTRACK states.
`build-essential`) to decrypt submissions (see
https://metacpan.org/pod/Mcrypt);
##### Files distribution
You need to manually place challenge given files in the tree. To avoid path
guessing, files path are hashed. To generate hashed paths, use the script
`gen_hash_link_files.sh`:
mkdir $TO
./gen_hash_link_files.sh FROM TO
Where `FROM` is the directory with the orignal tree and `TO` the directory
where placed symlink.
##### Firewall rules
This machine shouldn't have any network connection, except outgoing one to the
@ -98,14 +118,27 @@ frontend for synchronization.
Indicate in `/etc/hosts.conf` IP(s) of the frontend.
### Run
Two scripts are available, depending if directories synchronization has to be
made or not.
You don't need to handle synchronization if it's done by a separate container
or if frontend is linked to backend.
The `launch.sh` and `launch_local.sh` scripts do all backend stuff for you:
synchronization with frontend (only `launch.sh`), submission checking and
smart static pages regeneration.
### History
#### FIC2014
Two machines were used : one for backend (Deimos) and one for frontend
(Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 kernel without
module loading, unused and unecessary components and with all GrSecurity
features activated.
Two machines (DC7900: Core 2 Quad) were used : one for backend (Deimos) and one
for frontend (Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2
kernel without module loading, unused and unecessary components and with all
GrSecurity features activated.
Each machine was two network interfaces: one was used to permit to the backend
machine to connect to the frontend (over IPv6). The second interface on the
@ -113,8 +146,20 @@ backend was used for administration purpose (with a laptop not connected to
Internet). The second interface on the frontend was used to provide network
connectivity to participants.
Both frontend and backend were 2 500GB hard-drives with software RAID1. The
whole logical RAID disk was LUKS encrypted using Serpent algorithm.
The D Day
---------
### Interact with the scheduler
When you launch `launch.sh` or `launch_local.sh` script, a socket is open at
`/tmp/test.sock`. Use `perl comm-socket.pl /tmp/test.sock` to connect to the
scheduler. Consult `gen_site.pl` manual (`perldoc gen_site.pl`) for list of
available instructions.
### More
TODO