Add functionality and document the redeploy-one tag

Allows more convenient development.
hi-liang · Jun 8, 2020 · 4bffd61 · 4bffd61
1 parent 5a1dc68
commit 4bffd61
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 4 deletions.
diff --git a/ansible/README.md b/ansible/README.md
@@ -27,3 +27,24 @@ Some common tags:
   - `shell-api`: minimal update of just `shell_manager`/`hacksport`
   - `deploy-all`: install and deploy all configured challenges
 - `nginx`: update the nginx configuration including HTTPS state
+
+## Tags + Playbooks
+
+A more complex example of using a tag is `redeploy-one` as found in
+`pico-shell/tasks` and triggering `redeploy_single_challenge.yml`. These tasks
+require additional variables be passed (`slug` and `problem_dir`). A full
+invocation would look like:
+
+```
+export SLUG=docker-world-867a1ac
+export PD=/picoCTF/problems/examples/on-demand/minimal/
+ansible-playbook site.yml --tags redeploy-one -e slug=$SLUG -e problem_dir=$PD
+```
+
+Note once you have exported the variables once, you can simply keep re-running
+the final line as you develop your challenge.
+
+## Next Steps
+
+As you perform administrative tasks consider writing and integrating some
+ansible tasks/playbooks to make your setup more automated.
diff --git a/ansible/common/tasks/main.yml b/ansible/common/tasks/main.yml
@@ -18,3 +18,4 @@
     - web-static
     - shell-api
     - deploy-all
+    - redeploy-one
diff --git a/ansible/pico-shell/tasks/main.yml b/ansible/pico-shell/tasks/main.yml
@@ -22,6 +22,11 @@
 
 - include: deploy_problems.yml
   tags:
-    deploy-all
+    - deploy-all
+
+- include: redeploy_single_challenge.yml
+  tags:
+    - redeploy-one
+  when: slug is defined and problem_dir is defined
 
 - include: permissions.yml
diff --git a/ansible/pico-shell/tasks/redeploy_single_challenge.yml b/ansible/pico-shell/tasks/redeploy_single_challenge.yml
@@ -0,0 +1,19 @@
+---
+# development convenience to undeploy/redeploy a challenge
+# expects:
+#   slug        (e.g. docker-world-867a1ac)
+#   problem_dir (e.g. /picoCTF/problems/examples/on-demand/minimal/)
+# optional:
+#   deploy_number (defaults to 2)
+
+- name: Undeploy existing problem ({{slug}})
+  command: "shell_manager undeploy -n {{deploy_number}} {{slug}}"
+
+- name: Uninstall existing problem
+  command: "shell_manager uninstall {{slug}}"
+
+- name: Install revised problem ({{problem_dir}})
+  command: "shell_manager install {{problem_dir}}"
+
+- name: Redeploy revised problem
+  command: "shell_manager deploy -n {{deploy_number}} {{slug}}"
diff --git a/ansible/pico-web/tasks/auto_configure.yml b/ansible/pico-web/tasks/auto_configure.yml
@@ -17,5 +17,8 @@
 - include: auto_add_shell.yml
   when: auto_add_shell
 
+# allow triggering after a dev challenge redeploy
 - include: auto_load_deployment.yml
-  when: auto_load_problems
+  when: auto_load_problems or (slug is defined and problem_dir is defined)
+  tags:
+    - redeploy-one
diff --git a/infra_local/README.md b/infra_local/README.md
@@ -99,6 +99,13 @@ Update `shell_manger`/`hacksport`
 ansible-playbook site.yml --limit shell --tags shell-api
 ```
 
+You can also run one-off, ad-hoc, commands with ansible (without having to
+manually ssh to a machine):
+
+```
+ansible -become -a 'shell_manager status' shell
+```
+
 [web]:../picoCTF-web/web/
 [api]:../picoCTF-web/api/
 
@@ -158,8 +165,8 @@ For example:
   become_method: sudo
   roles:
     - {role: common     , tags: ["common"]}
-    - {role: pico-docker, tags: ["pico-docker"]}
-    - {role: pico-shell , tags: ["pico-shell"]}
+    - {role: pico-docker, tags: ["docker"]}
+    - {role: pico-shell , tags: ["shell"]}
 ```
 
 This causes the tasks from the `common`, `pico-docker`, and `pico-shell` roles