Document backend launch
This commit is contained in:
parent
016d530b57
commit
6c69867bcc
53
README.md
53
README.md
@ -34,6 +34,14 @@ Use `docker ps` to view to which local ports was assigned the contained
|
||||
webserver.
|
||||
|
||||
|
||||
### Database
|
||||
|
||||
Demo data are available in `/var/www/fic-server/db/feed.sql`. In test
|
||||
environment, you can run the following command:
|
||||
|
||||
mysql -u root fic < /var/www/fic-server/db/feed.sql
|
||||
|
||||
|
||||
Production Environnement
|
||||
------------------------
|
||||
|
||||
@ -88,6 +96,18 @@ CONNTRACK states.
|
||||
`build-essential`) to decrypt submissions (see
|
||||
https://metacpan.org/pod/Mcrypt);
|
||||
|
||||
##### Files distribution
|
||||
|
||||
You need to manually place challenge given files in the tree. To avoid path
|
||||
guessing, files path are hashed. To generate hashed paths, use the script
|
||||
`gen_hash_link_files.sh`:
|
||||
|
||||
mkdir $TO
|
||||
./gen_hash_link_files.sh FROM TO
|
||||
|
||||
Where `FROM` is the directory with the orignal tree and `TO` the directory
|
||||
where placed symlink.
|
||||
|
||||
##### Firewall rules
|
||||
|
||||
This machine shouldn't have any network connection, except outgoing one to the
|
||||
@ -98,14 +118,27 @@ frontend for synchronization.
|
||||
Indicate in `/etc/hosts.conf` IP(s) of the frontend.
|
||||
|
||||
|
||||
### Run
|
||||
|
||||
Two scripts are available, depending if directories synchronization has to be
|
||||
made or not.
|
||||
|
||||
You don't need to handle synchronization if it's done by a separate container
|
||||
or if frontend is linked to backend.
|
||||
|
||||
The `launch.sh` and `launch_local.sh` scripts do all backend stuff for you:
|
||||
synchronization with frontend (only `launch.sh`), submission checking and
|
||||
smart static pages regeneration.
|
||||
|
||||
|
||||
### History
|
||||
|
||||
#### FIC2014
|
||||
|
||||
Two machines were used : one for backend (Deimos) and one for frontend
|
||||
(Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 kernel without
|
||||
module loading, unused and unecessary components and with all GrSecurity
|
||||
features activated.
|
||||
Two machines (DC7900: Core 2 Quad) were used : one for backend (Deimos) and one
|
||||
for frontend (Phobos). They ran a GNU/Linux Gentoo Hardened with custom 3.2
|
||||
kernel without module loading, unused and unecessary components and with all
|
||||
GrSecurity features activated.
|
||||
|
||||
Each machine was two network interfaces: one was used to permit to the backend
|
||||
machine to connect to the frontend (over IPv6). The second interface on the
|
||||
@ -113,8 +146,20 @@ backend was used for administration purpose (with a laptop not connected to
|
||||
Internet). The second interface on the frontend was used to provide network
|
||||
connectivity to participants.
|
||||
|
||||
Both frontend and backend were 2 500GB hard-drives with software RAID1. The
|
||||
whole logical RAID disk was LUKS encrypted using Serpent algorithm.
|
||||
|
||||
|
||||
The D Day
|
||||
---------
|
||||
|
||||
### Interact with the scheduler
|
||||
|
||||
When you launch `launch.sh` or `launch_local.sh` script, a socket is open at
|
||||
`/tmp/test.sock`. Use `perl comm-socket.pl /tmp/test.sock` to connect to the
|
||||
scheduler. Consult `gen_site.pl` manual (`perldoc gen_site.pl`) for list of
|
||||
available instructions.
|
||||
|
||||
### More
|
||||
|
||||
TODO
|
||||
|
Loading…
Reference in New Issue
Block a user