Imported robgmills pure-ftpd

ansible/playbooks/ftp.yaml

@@ -0,0 +1,5 @@
+---
+- name: Install FTP Server
+  hosts: ftp_server
+  roles:
+    - robgmills.pure-ftpd

ansible/playbooks/roles/robgmills.pure-ftpd/.gitignore

@@ -0,0 +1,3 @@
+.idea/
+*.iml
+.vagrant/

ansible/playbooks/roles/robgmills.pure-ftpd/.travis.yml

@@ -0,0 +1,38 @@
+---
+sudo: required
+language: python
+python: "2.7"
+
+env:
+  - SITE=test.yml
+
+before_install:
+  - sudo apt-get update -qq
+  - sudo apt-get install -y curl
+
+install:
+  # Install Ansible.
+  - pip install ansible
+
+  # Add ansible.cfg to pick up roles path.
+  #- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
+
+script:
+  # Check the role/playbook's syntax.
+  - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
+
+  # Run the role/playbook with ansible-playbook.
+  - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
+
+  # Run the role/playbook again, checking to make sure it's idempotent.
+  - >
+    ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
+    | grep -q 'changed=2.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+  # TODO - get the test working.
+  # Request a file via FTP, to make sure pure-ftpd is running and responds.
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

ansible/playbooks/roles/robgmills.pure-ftpd/README.md

@@ -0,0 +1,106 @@
+# Ansible Role: Pure-FTPd
+
+[![Build Status](https://travis-ci.org/robgmills/ansible-pure-ftpd.svg?branch=master)](https://travis-ci.org/robgmills/ansible-pure-ftpd)
+
+Installs Pure-FTPd on Debian/Ubuntu Linux.
+
+This role installs and configures the latest version of Pure-FTPd from the Pure-FTPd via apt (on Debian-based systems).  You will likely need to do extra setup work after this role has installed Pure-FTPd.
+
+## Requirements
+
+None.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+    pure_ftpd_root: "/var/ftp"
+
+A directory path at which to scope the FTP server access.
+
+    pure_ftpd_user: "ftp"
+
+The system-level user that the FTP daemon performs operations under.  This user is setup without login permissions (can't ssh into system) but owns all of the files uploaded via the FTP server.
+
+    pure_ftpd_group: "ftp-sys-group"
+
+The system-level group that the FTP daemon performs operations under.  This is the group assigned to all files uploaded via the FTP server.
+
+    pure_ftpd_vusers:
+      - name: "ftp"
+        password: "FTPisSoC00l?"
+        dir: "/var/ftp" # optional
+
+A list of user definitions virtual FTP users. If left empty, defaults to a single user with the username `ftp` and password `ftp`.  `name` and `password` are required fields.  `dir` is optional and defaults to the value of `ftp_root`.
+
+Since the array of `virtual_users` needs to contain secret credentials, it is recommended to create an [Ansible Vault][vault]-encrypted variable file to include that contains your users and overrides the role default vars.
+
+    pure_ftpd_tls: true
+
+Turns on/off support for FTP TLS encryption.  It is strongly recommended that this remain `true`.
+
+    pure_ftpd_allow_insecure: false
+
+When TLS encryption is enabled, the default is to not allow non-encrypted, insecure connections.  Setting this value to `true` will allow both secure and insecure connections.  Requires that `enable_tls` be `true`.
+
+    pure_ftpd_pem: ""
+
+The contents of the PEM certificate to use for FTP TLS encryption.  It is recommended to create an [Ansible Vault][vault]-encrypted variable file to include that contains your PEM certificate.
+
+If no `pure_ftpd_pem` is provided, a PEM certificate is generated using `openssl`.
+
+    pure_ftpd_openssl_config: {}
+
+The `openssl_config` vars object controls the generation of an openssl PEM certificate + key combination.
+
+The sub-properties of the `openssl_config` object are as follows:
+
+      days: "365"
+
+The number of days for which the certificate is valid.
+
+      size: "2048"
+
+The size of the certificate key.  The larger, the more secure.
+
+      country: ""
+      state: ""
+      locality: ""
+      org: ""
+      unit: ""
+      common: ""
+      email: ""
+
+The values of the certificate subject information.
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+    - hosts: server
+      roles:
+        - role: robgmills.pure-ftpd
+
+## Try It!
+
+From the root of the project:
+
+    vagrant up
+
+...then...
+
+    ansible-playbook -i inventory -b -u vagrant -k playbook.yml
+
+...then use your favorite FTPS client to connect to `ftps://ftp:FTPisSoC00l?@192.168.50.2`
+
+## License
+
+MIT / BSD
+
+## Author Information
+
+This role was created in 2016 by [Rob Mills](https://robgmills.com/).
+
+[vault]: http://docs.ansible.com/ansible/playbooks_vault.html

ansible/playbooks/roles/robgmills.pure-ftpd/Vagrantfile

@@ -0,0 +1,4 @@
+Vagrant.configure(2) do |config|
+  config.vm.box = "debian/jessie64"
+  config.vm.network "private_network", ip: "192.168.50.2"
+end

ansible/playbooks/roles/robgmills.pure-ftpd/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+roles_path = ../

ansible/playbooks/roles/robgmills.pure-ftpd/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+# Used only for Debian/Ubuntu installation, as the -t option for apt.
+pureftpd_default_release: ""
+
+pure_ftpd_user: "ftp"
+pure_ftpd_group: "ftp"
+pure_ftpd_root: "/var/ftp"
+pure_ftpd_vusers:
+  - name: ftp
+    dir: "{{ pure_ftpd_root }}"
+    password: "FTPisSoC00l?"
+pure_ftpd_tls: true
+pure_ftpd_allow_insecure: false
+pure_ftpd_openssl_config:
+  days: "365"
+  size: "2048"
+  country: ""
+  state: ""
+  locality: ""
+  org: ""
+  unit: ""
+  common: ""
+  email: ""

ansible/playbooks/roles/robgmills.pure-ftpd/inventory

@@ -0,0 +1 @@
+192.168.50.2

ansible/playbooks/roles/robgmills.pure-ftpd/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Thu Sep 25 13:49:03 2025
+version: 1.0.1

ansible/playbooks/roles/robgmills.pure-ftpd/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  author: Rob Mills
+  description: Installs and configures a Pure-FTPd server
+  company: RGM
+  license: MIT
+  min_ansible_version: 2.0
+  platforms:
+  - name: Debian
+    versions:
+    - all
+  galaxy_tags:
+    - ftp
+    - server
+    - ftps
+    - tls
+    - openssl
+dependencies: []

ansible/playbooks/roles/robgmills.pure-ftpd/playbook.yml

@@ -0,0 +1,5 @@
+---
+- hosts: 192.168.50.2
+  become: true
+  roles:
+    - ansible-pure-ftpd

ansible/playbooks/roles/robgmills.pure-ftpd/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+# Variable setup.
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family }}.yml"
+
+# Setup/install tasks.
+- include: setup-Debian.yml
+  when: ansible_os_family == 'Debian'
+
+# Pure-FTPd setup
+- name: Create the FTP system group '{{ pure_ftpd_group }}'
+  group: name={{ pure_ftpd_group }} state=present
+
+- name: Create the FTP system user '{{ pure_ftpd_user }}'
+  user: name={{ pure_ftpd_user }} group={{ pure_ftpd_group }} home=/dev/null shell=/sbin/nologin state=present
+
+- name: Create FTP server root directory '{{ pure_ftpd_root }}'
+  file: dest={{ pure_ftpd_root }} mode=0755 state=directory owner={{ pure_ftpd_user }} group={{ pure_ftpd_group }}
+
+# Create and/or install SSL certificate
+- include: tls.yml
+  when: pure_ftpd_tls
+
+# Create the virtual FTP users and set their passwords
+- include: virtual-user.yml
+  with_items: "{{ pure_ftpd_vusers }}"
+
+- name: Link virtual FTP user database to the correct location
+  file: src={{ __ftp_user_db }} dest={{ __ftp_user_db_sym }} state=link
+  register: r_linkdb
+
+- name: Restart pure-ftpd
+  service: name=pure-ftpd state=restarted
+  when: r_linkdb.changed
+
+# - Ensure that FTP service is running
+- name: Ensure pure-ftpd is started and enabled to start at boot.
+  service: name=pure-ftpd state=started enabled=yes

ansible/playbooks/roles/robgmills.pure-ftpd/tasks/setup-Debian.yml

@@ -0,0 +1,15 @@
+---
+- name: Update apt cache.
+  apt: update_cache=yes cache_valid_time=86400
+
+- name: Ensure requisite apt packages are installed.
+  apt: name={{ item }} state=present default_release={{ pureftpd_default_release }}
+  with_items:
+    - pure-ftpd
+    - python-pip
+    - openssl
+
+- name: Install pexpect
+  pip:
+    name: "pexpect"
+    state: present

ansible/playbooks/roles/robgmills.pure-ftpd/tasks/tls.yml

@@ -0,0 +1,41 @@
+---
+# assumes that `enable_tls: true`
+- name: Define TLS support level.
+  no_log: true
+  set_fact:
+    tls_level: 2
+  when: not pure_ftpd_allow_insecure
+
+- name: Define TLS support level.
+  no_log: true
+  set_fact:
+    tls_level: 1
+  when: pure_ftpd_allow_insecure
+
+- name: Set TLS config level ({{ tls_level | default(2) }})
+  copy: content={{ tls_level | default(2) }} dest={{ __ftp_conf_root }}/TLS owner=root group=root
+
+- name: Install configured TLS PEM for pure-ftpd
+  no_log: true
+  copy: content="{{ pure_ftpd_pem }}" dest=/etc/ssl/private/pure-ftpd.pem owner=root group=root
+  when: pure_ftpd_pem is defined
+
+- name: Check if pure-pw centificate file exists
+  stat: path=/etc/ssl/private/pure-ftpd.pem
+  register: r_ftppem
+
+- name: Generate TLS PEM for pure-ftpd
+  expect:
+    command: openssl req -x509 -nodes -days {{ pure_ftpd_openssl_config.days }} -newkey rsa:{{ pure_ftpd_openssl_config.size }} -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
+    responses:
+      (?i)country name: "{{ pure_ftpd_openssl_config.country }}"
+      (?i)state or province name: "{{ pure_ftpd_openssl_config.state }}"
+      (?i)locality name: "{{ pure_ftpd_openssl_config.locality }}"
+      (?i)organization name: "{{ pure_ftpd_openssl_config.org }}"
+      (?i)organizational unit name: "{{ pure_ftpd_openssl_config.unit }}"
+      (?i)common name: "{{ pure_ftpd_openssl_config.common }}"
+      (?i)email address: "{{ pure_ftpd_openssl_config.email }}"
+  when: pure_ftpd_pem is not defined and not r_ftppem.stat.exists
+
+- name: Restrict permissions on PEM
+  file: state=file path=/etc/ssl/private/pure-ftpd.pem mode=0600 owner=root group=root

ansible/playbooks/roles/robgmills.pure-ftpd/tasks/virtual-user.yml

@@ -0,0 +1,34 @@
+---
+- name: Create directory {{ item.dir | default( pure_ftpd_root ) }} for virtual FTP user {{ item.name }}
+  file: dest={{ item.dir | default( pure_ftpd_root ) }} mode=0755 state=directory owner={{ pure_ftpd_user }} group={{ pure_ftpd_group}}
+
+- name: Check if pure-pw passwords file exists
+  stat: path={{ __ftp_passwd }}
+  register: r_passwd
+
+- name: Check if virtual FTP user {{ item.name }} exists
+  command: pure-pw show {{ item.name }}
+  register: r_userexists
+  when: r_passwd.stat.exists
+  changed_when: "r_userexists.rc != 0"
+  ignore_errors: true
+
+- name: Create virtual FTP user {{ item.name }}
+  expect:
+    command: pure-pw useradd {{ item.name }} -u {{ pure_ftpd_user }} -g {{ pure_ftpd_group }} -d {{ item.dir | default( pure_ftpd_root ) }} -m
+    responses:
+      (?i)password: "{{ item.password }}"
+      (?i)enter it again: "{{ item.password }}"
+  when: (r_userexists|failed) or (not r_passwd.stat.exists)
+
+- name: Update virtual FTP user {{ item.name }}
+  command: pure-pw usermod {{ item.name }} -u {{ pure_ftpd_user }} -g {{ pure_ftpd_group }} -d {{ item.dir | default( pure_ftpd_root ) }} -m
+  when: r_userexists|success
+
+- name: Update virtual FTP user {{ item.name }} password
+  expect:
+    command: pure-pw passwd {{ item.name }}
+    responses:
+      (?i)password: "{{ item.password }}"
+      (?i)enter it again: "{{ item.password }}"
+  when: r_userexists|success

ansible/playbooks/roles/robgmills.pure-ftpd/tests/inventory

@@ -0,0 +1 @@
+localhost

ansible/playbooks/roles/robgmills.pure-ftpd/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - role: ansible-pure-ftpd

ansible/playbooks/roles/robgmills.pure-ftpd/vars/Debian.yml

@@ -0,0 +1,6 @@
+---
+__ftp_root: "/etc/pure-ftpd"
+__ftp_passwd: "{{ __ftp_root }}/pureftpd.passwd"
+__ftp_conf_root: "{{ __ftp_root }}/conf"
+__ftp_user_db: "{{ __ftp_conf_root }}/PureDB"
+__ftp_user_db_sym: "{{ __ftp_root }}/auth/60puredb"