From d01ef6465034ce794896a88f338980b8838a7947 Mon Sep 17 00:00:00 2001 From: Barak Nehmad Date: Sat, 29 Aug 2020 12:04:16 +0300 Subject: [PATCH 1/4] Added ansible hosts file. --- build/ansible/hosts | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 build/ansible/hosts diff --git a/build/ansible/hosts b/build/ansible/hosts new file mode 100644 index 0000000..3c3ae9f --- /dev/null +++ b/build/ansible/hosts @@ -0,0 +1,3 @@ +[ctfservers] +ec2-user@ctf.mrnice.dev + From abf6fa2528ef47441763cfcd8cc88b028be1afeb Mon Sep 17 00:00:00 2001 From: Barak Nehmad Date: Sat, 29 Aug 2020 13:46:49 +0300 Subject: [PATCH 2/4] Added Ansible build playbook. --- build/ansible/build.yaml | 58 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 build/ansible/build.yaml diff --git a/build/ansible/build.yaml b/build/ansible/build.yaml new file mode 100644 index 0000000..ad175f3 --- /dev/null +++ b/build/ansible/build.yaml @@ -0,0 +1,58 @@ +- hosts: ctfservers + vars: + time: "{{ lookup('pipe', 'date +%Y-%m-%d:%H:%M:%S%z') }}" + tasks: + - name: Pull CTF repo + git: + repo: 'https://github.com/TheCoreMan/make-git-better-2.git' + dest: ~/make-git-better-2 + version: dev + accept_hostkey: yes + + - name: Compile rust + command: ~/.cargo/bin/cargo run --bin generate-pre-receive-hook -- --verbose ~/make-git-better-2/levels/game-config.toml src/bin/templates/hook.tmpl + args: + chdir: ~/make-git-better-2/scripts + + - name: Build Docker image + docker_image: + build: + path: ~/make-git-better-2 + args: + CACHE_DATE: "{{ time }}" + tag: 0.1 + name: mgb + + - name: Clone docker-tcp-switchboard + git: + repo: 'https://github.com/OverTheWireOrg/docker-tcp-switchboard.git' + dest: ~/docker-tcp-switchboard + accept_hostkey: yes + + - name: Install docker-tcp-switchboard requirements + pip: + requirements: ~/docker-tcp-switchboard/requirements.txt + executable: pip3 + + - name: Create switchboard log + file: + path: /var/log/docker-tcp-switchboard.log + mode: a+w + state: touch + become: yes + + - name: Copy our switchboard conf to /etc + copy: + src: /home/ec2-user/make-git-better-2/build/docker-tcp-switchboard.conf + dest: /etc/docker-tcp-switchboard.conf + remote_src: yes + become: yes + + - name: Kill docker-tcp-switchboard + command: pkill -f "python3 .*docker-tcp-switchboard.py" + ignore_errors: true + become: yes + + - name: Start docker-tcp-switchboard + shell: nohup python3 /home/ec2-user/docker-tcp-switchboard/docker-tcp-switchboard.py /dev/null 2>&1 & + become: yes From c98180873f9a695959f68cfa1d35b1bfed186d45 Mon Sep 17 00:00:00 2001 From: Barak Nehmad Date: Sat, 29 Aug 2020 14:12:02 +0300 Subject: [PATCH 3/4] Fixed Ansible playbook CR issues, and updated README. --- README.md | 18 ++++++++++++++++-- build/ansible/build.yaml | 19 +++++++++++-------- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 293b0ea..e3fa393 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ Git CTF 🚩 but good this time. - [make-git-better-2](#make-git-better-2) - [Dependencies](#dependencies) - [Build](#build) - - [How to build the challenge Docker](#how-to-build-the-challenge-docker) + - [Ansible](#ansible) + - [How to build the challenge Docker manually](#how-to-build-the-challenge-docker-manually) - [Create the hook script](#create-the-hook-script) - [powershell](#powershell) - [sh](#sh) @@ -28,10 +29,23 @@ Git CTF 🚩 but good this time. - Rust - Docker - Python 3.6 (for docker TCP switchboard) +- Ansible (optional) ## Build -### How to build the challenge Docker +### Ansible + +Using Ansible, you can build and deploy the game server from nothing. + +```bash +cd build/ansible +sed -i 's/ctf.mrnice.dev/your.server.com/g' hosts +ansible-playbook -v -i hosts build.yaml +``` + +Make sure that you have Ansible configured correctly with your SSH keys. + +### How to build the challenge Docker manually #### Create the hook script diff --git a/build/ansible/build.yaml b/build/ansible/build.yaml index ad175f3..6559817 100644 --- a/build/ansible/build.yaml +++ b/build/ansible/build.yaml @@ -5,19 +5,19 @@ - name: Pull CTF repo git: repo: 'https://github.com/TheCoreMan/make-git-better-2.git' - dest: ~/make-git-better-2 + dest: /home/{{ ansible_facts['user_id'] }}/make-git-better-2 version: dev accept_hostkey: yes - name: Compile rust - command: ~/.cargo/bin/cargo run --bin generate-pre-receive-hook -- --verbose ~/make-git-better-2/levels/game-config.toml src/bin/templates/hook.tmpl + command: /home/{{ ansible_facts['user_id'] }}/.cargo/bin/cargo run --bin generate-pre-receive-hook -- --verbose /home/{{ ansible_facts['user_id'] }}/make-git-better-2/levels/game-config.toml src/bin/templates/hook.tmpl args: - chdir: ~/make-git-better-2/scripts + chdir: /home/{{ ansible_facts['user_id'] }}/make-git-better-2/scripts - name: Build Docker image docker_image: build: - path: ~/make-git-better-2 + path: /home/{{ ansible_facts['user_id'] }}/make-git-better-2 args: CACHE_DATE: "{{ time }}" tag: 0.1 @@ -26,12 +26,12 @@ - name: Clone docker-tcp-switchboard git: repo: 'https://github.com/OverTheWireOrg/docker-tcp-switchboard.git' - dest: ~/docker-tcp-switchboard + dest: /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard accept_hostkey: yes - name: Install docker-tcp-switchboard requirements pip: - requirements: ~/docker-tcp-switchboard/requirements.txt + requirements: /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard/requirements.txt executable: pip3 - name: Create switchboard log @@ -43,7 +43,7 @@ - name: Copy our switchboard conf to /etc copy: - src: /home/ec2-user/make-git-better-2/build/docker-tcp-switchboard.conf + src: /home/{{ ansible_facts['user_id'] }}/make-git-better-2/build/docker-tcp-switchboard.conf dest: /etc/docker-tcp-switchboard.conf remote_src: yes become: yes @@ -54,5 +54,8 @@ become: yes - name: Start docker-tcp-switchboard - shell: nohup python3 /home/ec2-user/docker-tcp-switchboard/docker-tcp-switchboard.py /dev/null 2>&1 & + shell: nohup python3 /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard/docker-tcp-switchboard.py /dev/null 2>&1 & + # This shell line is required because Ansible sends a kill signal to Python + # when it finishes running. The nohup is there to prevent it, and the redirections + # prevent breaking the process. become: yes From f91004b374ea532e6bb016477c07ad998526afdc Mon Sep 17 00:00:00 2001 From: Barak Nehmad Date: Sat, 29 Aug 2020 14:32:55 +0300 Subject: [PATCH 4/4] Fixed Docker build task and formatted yaml --- build/ansible/build.yaml | 112 ++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 59 deletions(-) diff --git a/build/ansible/build.yaml b/build/ansible/build.yaml index 6559817..7bc3e69 100644 --- a/build/ansible/build.yaml +++ b/build/ansible/build.yaml @@ -1,61 +1,55 @@ - hosts: ctfservers - vars: - time: "{{ lookup('pipe', 'date +%Y-%m-%d:%H:%M:%S%z') }}" tasks: - - name: Pull CTF repo - git: - repo: 'https://github.com/TheCoreMan/make-git-better-2.git' - dest: /home/{{ ansible_facts['user_id'] }}/make-git-better-2 - version: dev - accept_hostkey: yes - - - name: Compile rust - command: /home/{{ ansible_facts['user_id'] }}/.cargo/bin/cargo run --bin generate-pre-receive-hook -- --verbose /home/{{ ansible_facts['user_id'] }}/make-git-better-2/levels/game-config.toml src/bin/templates/hook.tmpl - args: - chdir: /home/{{ ansible_facts['user_id'] }}/make-git-better-2/scripts - - - name: Build Docker image - docker_image: - build: - path: /home/{{ ansible_facts['user_id'] }}/make-git-better-2 - args: - CACHE_DATE: "{{ time }}" - tag: 0.1 - name: mgb - - - name: Clone docker-tcp-switchboard - git: - repo: 'https://github.com/OverTheWireOrg/docker-tcp-switchboard.git' - dest: /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard - accept_hostkey: yes - - - name: Install docker-tcp-switchboard requirements - pip: - requirements: /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard/requirements.txt - executable: pip3 - - - name: Create switchboard log - file: - path: /var/log/docker-tcp-switchboard.log - mode: a+w - state: touch - become: yes - - - name: Copy our switchboard conf to /etc - copy: - src: /home/{{ ansible_facts['user_id'] }}/make-git-better-2/build/docker-tcp-switchboard.conf - dest: /etc/docker-tcp-switchboard.conf - remote_src: yes - become: yes - - - name: Kill docker-tcp-switchboard - command: pkill -f "python3 .*docker-tcp-switchboard.py" - ignore_errors: true - become: yes - - - name: Start docker-tcp-switchboard - shell: nohup python3 /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard/docker-tcp-switchboard.py /dev/null 2>&1 & - # This shell line is required because Ansible sends a kill signal to Python - # when it finishes running. The nohup is there to prevent it, and the redirections - # prevent breaking the process. - become: yes + - name: Pull CTF repo + git: + repo: "https://github.com/TheCoreMan/make-git-better-2.git" + dest: /home/{{ ansible_facts['user_id'] }}/make-git-better-2 + version: dev + accept_hostkey: yes + + - name: Compile rust + command: /home/{{ ansible_facts['user_id'] }}/.cargo/bin/cargo run --bin generate-pre-receive-hook -- --verbose /home/{{ ansible_facts['user_id'] }}/make-git-better-2/levels/game-config.toml src/bin/templates/hook.tmpl + args: + chdir: /home/{{ ansible_facts['user_id'] }}/make-git-better-2/scripts + + - name: Build Docker image + shell: docker build --tag mgb:0.1 --build-arg CACHE_DATE=$(date +%Y-%m-%d:%H:%M:%S) . + args: + chdir: /home/{{ ansible_facts['user_id'] }}/make-git-better-2 + + - name: Clone docker-tcp-switchboard + git: + repo: "https://github.com/OverTheWireOrg/docker-tcp-switchboard.git" + dest: /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard + accept_hostkey: yes + + - name: Install docker-tcp-switchboard requirements + pip: + requirements: /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard/requirements.txt + executable: pip3 + + - name: Create switchboard log + file: + path: /var/log/docker-tcp-switchboard.log + mode: a+w + state: touch + become: yes + + - name: Copy our switchboard conf to /etc + copy: + src: /home/{{ ansible_facts['user_id'] }}/make-git-better-2/build/docker-tcp-switchboard.conf + dest: /etc/docker-tcp-switchboard.conf + remote_src: yes + become: yes + + - name: Kill docker-tcp-switchboard + command: pkill -f "python3 .*docker-tcp-switchboard.py" + ignore_errors: true + become: yes + + - name: Start docker-tcp-switchboard + shell: nohup python3 /home/{{ ansible_facts['user_id'] }}/docker-tcp-switchboard/docker-tcp-switchboard.py /dev/null 2>&1 & + # This shell line is required because Ansible sends a kill signal to Python + # when it finishes running. The nohup is there to prevent it, and the redirections + # prevent breaking the process. + become: yes