Last active
August 17, 2019 19:45
-
-
Save stypr/ffe28c8262a8a362be0fd7b1558dc2b4 to your computer and use it in GitHub Desktop.
Docker runner for CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
#-*- coding:utf-8 -*- | |
# Developer: Harold Kim (ho.kim@linecorp.com) | |
import os | |
import sys | |
import time | |
import urllib | |
import urllib2 | |
''' Docker Runner (lol) | |
1. Restart all instances every hour | |
2. Check access to the instance half an hour | |
3. Start instance if something goes wrong | |
''' | |
class DockerRunner: | |
''' DockerRunner class ''' | |
docker_bin = "/usr/bin/docker" | |
docker_opt = " run -d --restart always -m 256M -c 64 " | |
docker_opt += "--name unwind-container-%s -p%s:8080 unwind:latest" | |
maximum_instance_count = 0 | |
# port starts with 8081, 8082, 8083, ... | |
starting_port = 8081 | |
def __init__(self, maximum_instance): | |
self.maximum_instance_count = maximum_instance | |
self.kill() # reset instances | |
def get_port(self): | |
return range(self.starting_port, self.starting_port + self.maximum_instance_count) | |
def count(self): | |
''' count running (ret int) ''' | |
# docker ps -a -q | wc -l | |
c = os.popen("%s ps -a -q | wc -l" % (self.docker_bin, )).read().strip() | |
return int(c) | |
def kill(self, ps=None): | |
''' runner.kill("8081") ''' | |
if ps is None: | |
c = os.popen("%s rm -f $(%s ps -a -q) 2>&1" % (self.docker_bin, self.docker_bin,)).read() | |
else: | |
ps = str(ps) | |
c = os.popen("%s rm -f $(%s ps --filter 'name=unwind-container-%s' -q) 2>&1" % (self.docker_bin, self.docker_bin, ps,)).read() | |
return True | |
def run(self): | |
while self.count() < self.maximum_instance_count: | |
# starting from 8081 | |
count = self.count() | |
# check non-alive ports | |
port = self.get_port() | |
_check_alive = os.popen("%s ps --format \"{{.ID}} {{.Names}}\" 2>&1" % (self.docker_bin,)).read() | |
_check_alive = _check_alive.strip().split("\n") | |
for _check in _check_alive: | |
try: | |
port.remove(int(_check.split("-")[-1])) | |
except: | |
pass | |
print(port) | |
port = port[0] | |
# start docker | |
res = os.popen(self.docker_bin + self.docker_opt % (port, port,)).read() | |
time.sleep(1) | |
print("Instance %s started.." % (port,)) | |
return True | |
def run_infinite(self): | |
c = 1 | |
d = 0 | |
while True: | |
if c % (12 * 30) == 0: | |
# Half hour: check if everything is alright. | |
print(">> Checking if everything is alright.") | |
port = self.get_port() | |
_check1 = [] | |
_check2 = [] | |
for _port in port: | |
try: | |
_check1.append(urllib2.urlopen("http://localhost:%s/healthcheck/" % (str(port), )).read()) | |
_check2.append(urllib2.urlopen("http://localhost:%s/are_you_ok/" % (str(port),)).read()) | |
except: | |
pass | |
# check if all instances returns the same result, otherwise reset all of them | |
if len(set(_check1)) is not 1 or len(set(_check2)) is not 1: | |
self.kill() | |
# 1 hour: Restart all | |
print(">> Rebooting instances..") | |
d += 1 | |
if d % 2 == 0: | |
self.kill() | |
# Instance runner | |
self.run() | |
time.sleep(5) | |
c += 1 | |
if __name__ == "__main__": | |
# Run 3 docker instances, forever. | |
docker = DockerRunner(3) | |
docker.run_infinite() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes auto; | |
pid /run/nginx.pid; | |
include /etc/nginx/modules-enabled/*.conf; | |
events { | |
worker_connections 1024; | |
multi_accept on; | |
} | |
http { | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
server_tokens off; | |
server_names_hash_bucket_size 128; | |
server_name_in_redirect off; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
gzip on; | |
gzip_disable "msie6"; | |
upstream unwind { | |
ip_hash; | |
server localhost:8081; | |
server localhost:8082; | |
server localhost:8083; | |
} | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
root /dev/null; | |
server_name _; | |
location / { | |
auth_basic "Access is denied"; | |
auth_basic_user_file /etc/nginx/.htpasswd; | |
proxy_pass http://unwind/; | |
} | |
location ~ /\.ht { | |
deny all; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment