Skip to content

Commit

Permalink
Add docker support to local_development ansible
Browse files Browse the repository at this point in the history 
Allows docker support on the local development Vagrant vm. Currently
collocates docker challenges on the shell server, but does all the
certificate configuration as if it were on a separate host.
  • Loading branch information
@royragsdale
royragsdale committed May 21, 2020
1 parent 861255d commit f108297
Show file tree
Hide file tree
Showing 6 changed files with 65 additions and 15 deletions.
1 change: 1 addition & 0 deletions ansible/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
deploy_keys
certs
12 changes: 7 additions & 5 deletions ansible/group_vars/local_development/vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,11 @@ redis_conf_auth: False
##
# Docker challenge options
##
docker_public_host: "{{ lookup('env','SIP') or '192.168.2.3' }}"
docker_internal_host: "tcp://{{ lookup('env','SIP') or '192.168.2.3' }}:2376"
docker_ca: "/home/{{ansible_user}}/.docker/ca.pem"
docker_client: "/home/{{ansible_user}}/.docker/cert.pem"
docker_key: "/home/{{ansible_user}}/.docker/key.pem"
docker_public_host : "{{ lookup('env','SIP') or '192.168.2.3' }}"
docker_internal_host : "tcp://{{ docker_public_host }}:2376"
docker_server_SAN : "DNS:localhost,IP:{{docker_public_host}},IP:127.0.0.1"
docker_dir : "/home/{{ ansible_user }}/.docker"
docker_ca : "{{ docker_dir }}/ca.pem"
docker_client : "{{ docker_dir }}/cert.pem"
docker_key : "{{ docker_dir }}/key.pem"
docker_containers_per_team: 3
12 changes: 9 additions & 3 deletions ansible/inventories/local_development
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,22 @@

[local_development:children]
db
shell
web
shell
docker

# In a development environment, or simple deployment collocate the database
# with the web server
[db]
dev_web ansible_connection=local hostname=pico-local-dev-web-db

[web]
dev_web ansible_connection=local hostname=pico-local-dev-web-db

# In a development environment, or simple deployment collocate the docker
# challenges with the shell server
[shell]
dev_shell ansible_connection=local hostname=pico-local-dev-shell

[web]
dev_web ansible_connection=local hostname=pico-local-dev-web-db
[docker]
dev_shell ansible_connection=local hostname=pico-local-dev-shell
30 changes: 23 additions & 7 deletions ansible/site.yml
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,42 @@
---
# Playbook to deploy the entire picoCTF environment

- hosts: db
- hosts: docker
remote_user: "{{ ansible_user }}"
become: yes
become_method: sudo
roles:
- common
- mongodb
- {role: common , tags: ["common"]}
- {role: docker , tags: ["docker"]}
- {role: docker_tls , tags: ["docker"], vars: {server_SAN: "{{docker_server_SAN}}"}}
post_tasks:
- import_tasks: "tasks/docker_gen_client_certs.yml"

- hosts: shell
remote_user: "{{ ansible_user }}"
become: yes
become_method: sudo
pre_tasks:
- import_tasks: "tasks/docker_deploy_client_certs.yml"
roles:
- {role: common , tags: ["common"]}
- {role: docker , tags: ["docker"]}
- {role: pico-shell , tags: ["shell"]}

- hosts: db
remote_user: "{{ ansible_user }}"
become: yes
become_method: sudo
roles:
- common
- pico-shell
- {role: common , tags: ["common"]}
- {role: mongodb , tags: ["db"]}

- hosts: web
remote_user: "{{ ansible_user }}"
become: yes
become_method: sudo
pre_tasks:
- import_tasks: "tasks/docker_deploy_client_certs.yml"
roles:
- common
- pico-web
- {role: common , tags: ["common"]}
- {role: pico-web , tags: ["web"]}
11 changes: 11 additions & 0 deletions ansible/tasks/docker_deploy_client_certs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
# deploy a client certificate to a server
# must have already been generated with docker_gen_client_certs.yml

- name: "Deploy docker client certs ({{client}}"
import_role:
name: docker_tls
tasks_from: config_user
vars:
user : "{{ansible_user}}"
tags: ["docker", "docker-client"]
14 changes: 14 additions & 0 deletions ansible/tasks/docker_gen_client_certs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
# tasks to run after the docker server is provisioned
# generate certificates as nessecary

- name: "Generate Docker Client Certs ({{client}})"
include_role:
name: docker_tls
tasks_from: gen_client
with_items:
- "{{ web_fqdn }}"
- "{{ shell_hostname }}"
loop_control:
loop_var: client
tags: ["docker", "docker-client"]

0 comments on commit f108297

Please sign in to comment.