fic/server
2
0
Fork 0
Code Issues Pull Requests 10 Releases Wiki Activity

Document backend launch

Browse Source
This commit is contained in:
nemunaire 2014-11-21 12:47:10 +01:00
parent 016d530b57
commit 6c69867bcc
1 changed files with 49 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
README.md
View File

@ -34,6 +34,14 @@ Use `docker ps` to view to which local ports was assigned the contained
webserver. webserver.
### Database
Demo data are available in `/var/www/fic-server/db/feed.sql`. In test
environment, you can run the following command:
mysql -u root fic < /var/www/fic-server/db/feed.sql
Production Environnement Production Environnement
------------------------ ------------------------
@ -88,6 +96,18 @@ CONNTRACK states.
`build-essential`) to decrypt submissions (see `build-essential`) to decrypt submissions (see
https://metacpan.org/pod/Mcrypt); https://metacpan.org/pod/Mcrypt);
##### Files distribution
You need to manually place challenge given files in the tree. To avoid path
guessing, files path are hashed. To generate hashed paths, use the script
`gen_hash_link_files.sh`:
mkdir $TO
./gen_hash_link_files.sh FROM TO
Where `FROM` is the directory with the orignal tree and `TO` the directory
where placed symlink.
##### Firewall rules ##### Firewall rules
This machine shouldn't have any network connection, except outgoing one to the This machine shouldn't have any network connection, except outgoing one to the
@ -98,14 +118,27 @@ frontend for synchronization.
Indicate in `/etc/hosts.conf` IP(s) of the frontend. Indicate in `/etc/hosts.conf` IP(s) of the frontend.
### Run
Two scripts are available, depending if directories synchronization has to be
made or not.
You don't need to handle synchronization if it's done by a separate container
or if frontend is linked to backend.
The `launch.sh` and `launch_local.sh` scripts do all backend stuff for you:
synchronization with frontend (only `launch.sh`), submission checking and
smart static pages regeneration.
### History ### History
#### FIC2014 #### FIC2014
Two machines were used : one for backend (Deimos) and one for frontend Two machines (DC7900: Core 2 Quad) were used : one for backend (Deimos) and one
(Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 kernel without for frontend (Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2
module loading, unused and unecessary components and with all GrSecurity kernel without module loading, unused and unecessary components and with all
features activated. GrSecurity features activated.
Each machine was two network interfaces: one was used to permit to the backend Each machine was two network interfaces: one was used to permit to the backend
machine to connect to the frontend (over IPv6). The second interface on the machine to connect to the frontend (over IPv6). The second interface on the
@ -113,8 +146,20 @@ backend was used for administration purpose (with a laptop not connected to
Internet). The second interface on the frontend was used to provide network Internet). The second interface on the frontend was used to provide network
connectivity to participants. connectivity to participants.
Both frontend and backend were 2 500GB hard-drives with software RAID1. The
whole logical RAID disk was LUKS encrypted using Serpent algorithm.
The D Day The D Day
--------- ---------
### Interact with the scheduler
When you launch `launch.sh` or `launch_local.sh` script, a socket is open at
`/tmp/test.sock`. Use `perl comm-socket.pl /tmp/test.sock` to connect to the
scheduler. Consult `gen_site.pl` manual (`perldoc gen_site.pl`) for list of
available instructions.
### More
TODO TODO