CTFd icon indicating copy to clipboard operation
CTFd copied to clipboard

Published 20 hours ago verified publisher icon CTFd

Deployment + Challenge Management

Open ColdHeat opened this issue 7 years ago • 5 comments
trafficstars

At one point CTFd managed docker containers for CTFs. This wasn't used very often and was poorly implemented.

Docker has progressed much farther since its use and I think it's useful for CTFd to get involved in the management of challenges themselves.

This could be quite complex so I want to ask the community about different ways they might get this done. I thought that you could get away with wrappers around a Docker registry.

ColdHeat avatar Jan 10 '18 18:01 ColdHeat

What if we integrated with an open source PaaS. Dokku perhaps?

ColdHeat avatar Jan 22 '18 16:01 ColdHeat

I thought about this for some time but I'm not sure I like any of the existing PaaS. They don't fit what I would expect... As much as I dont want to write a custom PaaS, it almost seems like a necessity.

ColdHeat avatar Feb 19 '18 08:02 ColdHeat

FWIW, we've done some stuff in the past you may or may consider similar/relevant enough to know about. We've run multiple CTFs using CTFd and then docker-compose-based challenges deployed to per-team publicly-reachable AWS EC2 instances, each with an obfuscated team-specific AWS route53 DNS name.

This worked pretty well for us and minimized the amount of unintentional and intentional interference across teams and seemed like a nice compromise between flexibility and loose coupling, allowing us to deploy more elaborate/risky challenges than we'd otherwise be comfortable with.

To do this we did the following:

  • added variable interpolation to the challenge markdown syntax
  • added a specific variable called $teamkey that was essentially HMAC(team_id, SOME_SECRET)
  • created challenges with per-team host names in the description: superhardchallenge.$teamkey.domain.name -> superhardchallenge.0389fe92ba.domain.name
  • extended CTFd with an additional team-list REST API endpoint that just returned the list of teams with name and id
  • created a separate provisioner system that had the same configured SOME_SECRET value that would poll the new team-list API and provision per-team hosts with the matching DNS records using AWS APIs

Understandably this may be more complex than what many people are after, but I figured it might be worth sharing, and if I ever get around to it I'll probably try to package some of CTFd extension stuff as a plugin at some point (unless it gets included in the core project).

frohoff avatar May 01 '18 19:05 frohoff

It may also be work looking at using stuff like gitlab.com's CI/CD offering since they have a pretty generous free service tier that may help with at least some of what you're looking to solve.

frohoff avatar May 01 '18 20:05 frohoff

This has been on the roadmap for V4 for a few years now. What are the expectations for this? Is there something we can contribute? We see a lot of use cases for container based challenges.

pve avatar May 13 '24 11:05 pve