Skip to content

Systems Administration

Jump to bottom
Daniel Chiquito edited this page Oct 29, 2019 · 1 revision

ctf.chiquito.us and ctf-staging.chiquito.us/ are being run on an assortment of Raspberry Pis in Daniel's closet, so naturally Daniel is responsible for the systems administration of the website.

Intended Deployment Setup

cectf requires a number of moving parts to get everything set up. Nginx is an excellent solution to host both the cect-server WSGI app and the compiled cectf-frontend files. User and challenge data are stored in MySQL, so either a MySQL or MariaDB server are required. Challenge files are not good candidates for storage in a relational database, so they are stored on the file system; NFS storage is recommended, but not necessary.

Environments

Like all well developed products, I maintain a number of different environments to ensure code quality.

  • Development - My development environment is entirely contained on my PC. All development work is tracked in dev branches on each repository. For cectf-server and cectf-frontend, Travis CI will run tests on everything pushed to the dev branches, although nothing will be built.
  • Staging - Once I am happy with what is in the dev branch, it can be merged to master. cectf-server and cectf-frontend will be tested, built, and code deployed to the correct build repository. I have some scripts on the staging machine that will pull from the build repositories and deploy it. These scripts must be run manually, as I don't think it's a good idea to deploy potentially unstable code without human involvement. cectf-test runs against this environment. Before each test, cectf-test will wipe all data from the environment and insert some dummy data. While it is publicly accessible, all data in the staging environment is expendable.
  • Production - Once cectf-test has been run against the staging deployment and all necessary manual testing is done, the deployment scripts on the production machine can be run. This environment contains all active user information.

Current Configuration

  • Raspberry Pi 1: Rasbperry Pi 3 Model B, 32 GB, Raspbian. Hosts ctf.chiquito.us. It is running Nginx to both server cectf-server as a WSGI app and the built cectf-frontend files as static resources.
  • Raspberry Pi 2: Rasbperry Pi 3 Model B, 16 GB, Raspbian. Hosts ctf-staging.chiquito.us. It is running Nginx to both server cectf-server as a WSGI app and the built cectf-frontend files as static resources. This is as close to a clone as I can get of the production environment.
  • Synology NAS: Serves two MariaDB servers (one for each environment) and offers NFS storage to both Raspberry Pis. Mixing development and production environments is bad practice, but I am working with limited resources and closet space.

Development Configuration

For development purposes it is useful to run everything on a local machine. My local development environment is an Ubuntu machine. I am running a local MariaDB server that is set up identically to the staging database with test credentials. I use the cectf-server ./run.sh script to launch the server with a local .sock file to allow it to connect to a WSGI server. I use a local Nginx server set up with config files from cectf-server/dev_deploy to serve the server WSGI app and the cectf-frontend files straight from my local repository. Challenge files are stored in my /tmp directory.

Clone this wiki locally