From 6c69867bcc59cdc1652da9a7b5fcdb6a843fdc73 Mon Sep 17 00:00:00 2001 From: nemunaire Date: Fri, 21 Nov 2014 12:47:10 +0100 Subject: [PATCH] Document backend launch --- README.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cf6efbea..44b4a67d 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,14 @@ Use `docker ps` to view to which local ports was assigned the contained webserver. +### Database + +Demo data are available in `/var/www/fic-server/db/feed.sql`. In test +environment, you can run the following command: + + mysql -u root fic < /var/www/fic-server/db/feed.sql + + Production Environnement ------------------------ @@ -88,6 +96,18 @@ CONNTRACK states. `build-essential`) to decrypt submissions (see https://metacpan.org/pod/Mcrypt); +##### Files distribution + +You need to manually place challenge given files in the tree. To avoid path +guessing, files path are hashed. To generate hashed paths, use the script +`gen_hash_link_files.sh`: + + mkdir $TO + ./gen_hash_link_files.sh FROM TO + +Where `FROM` is the directory with the orignal tree and `TO` the directory +where placed symlink. + ##### Firewall rules This machine shouldn't have any network connection, except outgoing one to the @@ -98,14 +118,27 @@ frontend for synchronization. Indicate in `/etc/hosts.conf` IP(s) of the frontend. +### Run + +Two scripts are available, depending if directories synchronization has to be +made or not. + +You don't need to handle synchronization if it's done by a separate container +or if frontend is linked to backend. + +The `launch.sh` and `launch_local.sh` scripts do all backend stuff for you: +synchronization with frontend (only `launch.sh`), submission checking and +smart static pages regeneration. + + ### History #### FIC2014 -Two machines were used : one for backend (Deimos) and one for frontend -(Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 kernel without -module loading, unused and unecessary components and with all GrSecurity -features activated. +Two machines (DC7900: Core 2 Quad) were used : one for backend (Deimos) and one +for frontend (Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 +kernel without module loading, unused and unecessary components and with all +GrSecurity features activated. Each machine was two network interfaces: one was used to permit to the backend machine to connect to the frontend (over IPv6). The second interface on the @@ -113,8 +146,20 @@ backend was used for administration purpose (with a laptop not connected to Internet). The second interface on the frontend was used to provide network connectivity to participants. +Both frontend and backend were 2 500GB hard-drives with software RAID1. The +whole logical RAID disk was LUKS encrypted using Serpent algorithm. + The D Day --------- +### Interact with the scheduler + +When you launch `launch.sh` or `launch_local.sh` script, a socket is open at +`/tmp/test.sock`. Use `perl comm-socket.pl /tmp/test.sock` to connect to the +scheduler. Consult `gen_site.pl` manual (`perldoc gen_site.pl`) for list of +available instructions. + +### More + TODO