diff --git a/.gitignore b/.gitignore index 8ac91c5..367b238 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ /osbuild/ /contestops/certs/ +/contestops/backups* /contestops/local.known_hosts diff --git a/contestops/readme.md b/contestops/readme.md index a9e5623..14a3f5d 100644 --- a/contestops/readme.md +++ b/contestops/readme.md @@ -2,8 +2,8 @@ Here are instructions and various scripts and files for running contests. -The setup consists of a machine for each contestant, a machine running the grader, and an admin machine. -All these should be connected through a network, preferably wired. +The setup consists of a machine for each contestant, a machine running the grader, and an admin machine (e.g. your personal laptop). +All these should be connected through a network. The grader can be a machine accessible over the internet or in the local network. ## Grader setup @@ -17,7 +17,7 @@ sudo apt install ntpsec ``` Configure the grader to accept client certificates. -The CA certificate (`certs/ca.pem`) is generated as part of the admin setup. +The CA certificate (`certs/ca.pem`) is generated as part of the admin setup below. ## Contestant machine setup @@ -36,15 +36,30 @@ The OS is loaded into RAM during boot, so you can remove the stick once the boot ## Network setup If there is not already an existing network, you need to set it up yourself. -Connect all contestant machines and the admin machine to a network switch with LAN cables. -If you use multiple switches, don't forget to also link the switches together. +You can use either WiFi or wired Ethernet. +WiFi has the advantage that you don't need to bring and install all those Ethernet cables, and avoids the ugly cable mess. -If the grader must be accessed over the internet, you can connect the admin machine to WiFi or USB tethering with a phone. -You can then share the internet with the local network. +**Ethernet:** +Connect all contestant machines and the admin machine to a network switch with Ethernet cables. +If you use multiple switches, don't forget to also link the switches together, such that the entire network forms a tree. -If you have Gnome, go to Network settings, click on the gear on the Ethernet connection, go to IPv4 tab, and select "Shared to other computers". +**WiFi:** +The contestant OS already has a WiFi pre-configured. +The SSID is `contest`, and the password is configured in the `contestant_wifi_password` variable in `os/config/config.toml`. +Configure the access point with this SSID and password, and the machines will connect automatically. -If you have docker installed, this doesn't work yet, because docker blocks routing. +For larger contests (10 or more contestants) it's recommended to use a dedicated device as the Internet router. +SOI has a FRITZ!Box 4040 which can be used for this. +Here, you can easily get the list of IP addresses of contestant machines from the web interface. +It's best to connect the admin machine to the router box over LAN instead of WiFi, such that admin traffic only takes one wireless hop instead of two. + +For smaller contests, you can also use the admin machine as a router. +For Ethernet, if you have Gnome, go to Network settings, click on the gear on the Ethernet connection, go to IPv4 tab, and select "Shared to other computers". +For WiFi, you can set up a WiFi hotspot in the WiFi settings. +However, with a hotspot enabled, Gnome does not let you connect to a WiFi network for Internet access at the same time, even though the hardware would in many cases support it. +Instead, you can connect a phone to WiFi and to your laptop with USB and enable USB tethering on the phone. + +If you have Docker installed, this doesn't work yet, because docker blocks routing. You can fix it by running the following commands. ```bash @@ -81,6 +96,8 @@ sudo apt install golang-cfssl ./create-certs.sh ``` +## Before the contest + Edit `local.ssh_config` and create an entry with hostname and IP address for each contestant machine. You can get the IP address by running `ip addr` in a terminal on the contestant machine. @@ -118,7 +135,16 @@ Assign users to machines. ./assign-user.sh contestant02 binna1 ``` +You may want to test on one machine that the certificate was properly installed and the grader is accessible. +This should only be done after the machines are configured and users assigned, but with a contest lock start time before the current time. +You can then set the start time and apply the contest lock config again. + +```bash +parallel-scp -x "-F local.ssh_config" -h hostlist ./contest-lock.json /etc/contest-lock.json +``` + Start periodic backup of contestant machines. +Backups are stored every 2 minutes in the folder `backups`. ```bash ./backup-create.sh timer @@ -138,6 +164,19 @@ replacing `contestant03` in the commands below with the spare machine hostname. rsync -e "ssh -F local.ssh_config" -av --chown contestant:contestant backups/contestantxx/xxxx/ contestant03:/home/contestant/ ``` +## After the contest + +Stop the periodic backup command with Ctrl+C. +Rename the `backups` folder to e.g. `backups-day1`. + +You can shut down all machines. + +``` +parallel-ssh -x "-F local.ssh_config" -h hostlist poweroff +``` + +Machines should be shut down and booted again from USB stick between contests (e.g. between practice and actual contest) to ensure all data is erased. + ## Contest lock screen The contest lock screen is a gnome extension which can lock the screen and show a countdown until the contest starts.