galaxyproject.proftpd

Panoramica Versioni Approfondimenti

ProFTPD

This is an Ansible role for installing and managing ProFTPD servers. It's designed to help set up ProFTPD on Galaxy servers and can connect user authentication to the Galaxy PostgreSQL database. It can also set up TLS for FTPS (not SFTP).

Requirements

This role installs ProFTPD using APT on Debian systems and EPEL on Enterprise Linux systems. Other systems or methods of installation are not supported.

Role Variables

Required Variables

Needed if proftpd_galaxy_auth is set:

  • proftpd_sql_db: Name of the database for authentication. It may include host info—check the ProFTPD SQLConnectInfo documentation for more details.
  • galaxy_user: The username for the Galaxy server.
  • galaxy_ftp_upload_dir: Path to the Galaxy FTP upload folder, which should match the ftp_upload_dir in your Galaxy config.
    • Use proftpd_create_ftp_upload_dir to let the role create this directory with the owner set to galaxy_user.
  • Also, set User and Group in proftpd_options to match your Galaxy user and group names.

Optional Variables

Configuration

  • proftpd_options: Custom options for the server configuration in proftpd.conf. This is a list of key-value pairs where keys are ProFTPD config options and values are their corresponding values.
  • proftpd_global_options: Options to set in the <Global> section, similar to proftpd_options. Changes here will not comment out matching options in the main proftpd.conf.

Optional Feature Control

  • proftpd_galaxy_auth: Enable user authentication against a Galaxy database.
  • proftpd_conf_ssl_certificate and proftpd_conf_ssl_certificate_key: If set, enables TLS configuration.

Connect Message

  • proftpd_display_connect: Message shown when users connect to the FTP server.
  • proftpd_display_connect_context (default: server): Decide where to place the ServerConnect directive.

FTP over SSL/TLS

These variables control TLS usage. If not set, TLS will be disabled:

  • proftpd_deploy_ssl: Control copying local SSL keys to the remote host.
  • proftpd_ssl_src_dir: The source for SSL certificates.
  • proftpd_conf_ssl_certificate: Path for the SSL certificate file on the remote host.
  • proftpd_conf_ssl_cert_key: Path for the SSL private key file on the remote host.
  • proftpd_conf_ssl_ca_certificate: Path for the SSL CA certificate chain on the remote host.
  • sslkeys: A set containing private keys.
  • proftpd_tls_protocol (default: TLSv1.1 TLSv1.2): Set the TLS Protocol.
  • proftpd_tls_cipher_suite: Set your desired TLS cipher suite.
  • proftpd_tls_context (default: server): Decide whether to place TLS directives in the <Global> or server context.

Galaxy Authentication Options

Variables for Galaxy authentication (used if proftpd_galaxy_auth is set):

  • proftpd_galaxy_options: Additional options for the Galaxy authentication include file.
  • proftpd_galaxy_default_options: Default options for Galaxy authentication.
  • proftpd_sql_user: Username for SQL authentication.
  • proftpd_sql_password: Password for SQL authentication.
  • galaxy_user_uid: User ID for the Galaxy server user.
  • galaxy_user_gid: Group ID for the Galaxy server user.
  • proftpd_galaxy_modules: Modules loaded for Galaxy authentication.
  • proftpd_galaxy_auth_context (default: server): Decide where to place Galaxy authentication directives.

Virtual Servers/Hosts

  • proftpd_virtualhosts: Define ProFTPD virtual servers/hosts. Each entry should include an ID, address, and options.

Dependencies

While not mandatory, the geerlingguy.repo-epel role can help enable EPEL with Ansible.

Example Playbook

Install ProFTPD for Galaxy with TLS:

- name: Install and configure ProFTPD
  hosts: ftpservers
  remote_user: root
  vars:
    galaxy_user: galaxy
    galaxy_ftp_upload: /srv/galaxy/ftp
    proftpd_display_connect: |
      example.org FTP server

      Unauthorized access is prohibited
    proftpd_galaxy_auth: yes
    proftpd_options:
      - User: galaxy
      - Group: galaxy
    proftpd_sql_db: galaxy@/var/run/postgresql
    proftpd_sql_user: galaxy
    sslkeys:
      'snakeoil_privatekey.pem': |
        -----BEGIN PRIVATE KEY-----
        MIIE...
        -----END PRIVATE KEY-----
    proftpd_conf_ssl_certificate: snakeoil_cert.pem
    proftpd_conf_ssl_certificate_key: snakeoil_privatekey.pem
    proftpd_ssl_src_dir: files/ssl

  roles:
    - galaxyproject.proftpd

If you are using virtual servers along with Galaxy authentication, use the mod_vroot module to avoid issues with DefaultRoot. Here’s how you can do that:

proftpd_galaxy_auth_context: global
proftpd_galaxy_modules:
  - mod_sql.c
  - mod_sql_passwd.c
  - mod_sql_postgres.c
  - mod_vroot.c
proftpd_galaxy_options:
  - VRootEngine: 'on'

License

Academic Free License ("AFL") v. 3.0

Author Information

Nate Coraor

Informazioni sul progetto

Install and Configure ProFTPD (optionally, for Galaxy Servers).

role ftp system
Installa
ansible-galaxy install galaxyproject.proftpd
GitHub repository
5 stelle
7 fork
3 problemi aperti
Licenza
Unknown
Download
7.9k
Proprietario
Galaxy Project
Galaxy is an open, web-based platform for data-intensive research.