- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with pureftpd
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
The pureftpd module installs, configures, and manages the Pure-FTPd service.
This module manages both the installation and configuration of Pure-FTPd. It manages also different Pure-FTPd versions with compiled backends like MySQL, PostgreSQL and LDAP.
To install a server with the default options:
include '::pureftpd'.
To install a server with MySQL, PostgreSQL or LDAP backend you need to set the "server_type":
class { '::pureftpd':
server_type => 'mysql',
mysql_config => { }
}See Config Options below for examples of the hash structure for $config, $ldap_config, $mysql_config and $pgsql_config.
All interaction is done via pureftpd. There is no additional public class available.
This module is fully configureable with hiera. Only include the module with
include '::pureftpd'and setup your configuration in hiera here with yaml backend:
---
pureftpd::config:
'TLS': 1
pureftpd::manage_ssl: true
pureftpd::server_mode: standalone
pureftpd::server_type: mysql
pureftpd::ssl_config:
'country': 'US'
'organization': 'example.org Inc.'
'commonname': 'ftp.example.org'
pureftpd::virtualchroot: trueTo define server options, structure a hash structure of config key => value pairs. This hash create for each key a file with content of value:
$config = {
'AltLog' => 'clf:/var/log/pure-ftpd/transfer.log',
'FSCharset' => 'UTF-8',
'MinUID' => '1000',
'NoAnonymous' => 'yes'
}This will create for example the following files:
root@localhost:~# tail /etc/pure-ftpd/conf/*
==> /etc/pure-ftpd/conf/AltLog <==
clf:/var/log/pure-ftpd/transfer.log
==> /etc/pure-ftpd/conf/FSCharset <==
UTF-8
==> /etc/pure-ftpd/conf/MinUID <==
1000
==> /etc/pure-ftpd/conf/NoAnonymous <==
yes
This following options will be parsed by the pure-ftpd-wrapper. This List is maybe not completely and just for reference.
'AnonymousCantUpload' => ['-i'],
'AnonymousOnly', => ['-e'],
'AnonymousRatio' => ['-q %d:%d', \&parse_number_2],
'AntiWarez' => ['-s'],
'AutoRename' => ['-r'],
'Bind' => ['-S %s', \&parse_string],
'BrokenClientsCompatibility' => ['-b'],
'CallUploadScript' => ['-o'],
'ChrootEveryone' => ['-A'],
'CreateHomeDir' => ['-j'],
'CustomerProof' => ['-Z'],
'Daemonize' => ['-B'],
'DisplayDotFiles' => ['-D'],
'DontResolve' => ['-H'],
'ForcePassiveIP' => ['-P %s', \&parse_string],
'FortunesFile' => ['-F %s', \&parse_filename],
'FSCharset' => ['-8 %s', \&parse_string],
'ClientCharset' => ['-9 %s', \&parse_string],
'IPV4Only' => ['-4'],
'IPV6Only' => ['-6'],
'KeepAllFiles' => ['-K'],
'LimitRecursion' => ['-L %d:%d', \&parse_number_2_unlimited],
'LogPID' => ['-1'],
'MaxClientsNumber' => ['-c %d', \&parse_number_1],
'MaxClientsPerIP' => ['-C %d', \&parse_number_1],
'MaxDiskUsage' => ['-k %d', \&parse_number_1],
'MaxIdleTime' => ['-I %d', \&parse_number_1],
'MaxLoad' => ['-m %d', \&parse_number_1],
'MinUID' => ['-u %d', \&parse_number_1],
'NATmode' => ['-N'],
'NoAnonymous' => ['-E'],
'NoChmod' => ['-R'],
'NoRename' => ['-G'],
'NoTruncate' => ['-0'],
'PassivePortRange' => ['-p %d:%d', \&parse_number_2],
'PerUserLimits' => ['-y %d:%d', \&parse_number_2],
'ProhibitDotFilesRead' => ['-X'],
'ProhibitDotFilesWrite' => ['-x'],
'Quota' => ['-n %d:%d', \&parse_number_2],
'SyslogFacility' => ['-f %s', \&parse_word, 99],
'TLS' => ['-Y %d', \&parse_number_1],
'TLSCipherSuite' => ['-J %s', \&parse_string],
'TrustedGID' => ['-a %d', \&parse_number_1],
'TrustedIP' => ['-V %s', \&parse_ip],
'Umask' => ['-U %s:%s', \&parse_umask],
'UserBandwidth' => ['-T %s', \&parse_number_1_2],
'UserRatio' => ['-Q %d:%d', \&parse_number_2],
'VerboseLog' => ['-d'],pureftpd: Installs and configures the complete Pure-FTPd.
pureftpd::install: Installs and manage packages.pureftpd::config: Configures the Pure-FTPd server.pureftpd::service: Manages the service.
Specifies options which parsed by pure-ftpd-wrapper. This must be a hash.
$config = {
'AltLog' => 'clf:/var/log/pure-ftpd/transfer.log',
'FSCharset' => 'UTF-8',
'MinUID' => '1000',
'NoAnonymous' => 'yes'
}See Customize Options and Known Options (Debian) above for usage details.
Absolute path to directory for backend configuration files. Value must be a string.
Default: /etc/pure-ftpd/db
Absolute path to directory for configuration files. Value must be a string.
Default: /etc/pure-ftpd/conf
Whether the Pure-FTPd configuration files should be managed. Valid values are true, false. Defaults to true.
Specifies options to pass pureftpd-dir-aliases file. Structured like a hash, same as config:
$dir_aliases = {
'public' => '/srv/public',
'uploads' => '/tmp/uploads'
}Absolute path to directory for configuration files. Value must be a string.
Default: /etc/pure-ftpd/pureftpd-dir-aliases
Passes install_options array to managed package resources. You must pass the appropriate options for the specified package manager. Defaults to undefined.
Configures the ldap.conf options in the config_db_dir. Structured like a hash, same as config:
$ldap_config = {
'public' => '/srv/public',
'uploads' => '/tmp/uploads'
}- LDAPServer
- LDAPPort
- LDAPBaseDN
- LDAPBindDN
- LDAPBindPW
- LDAPDefaultUID
- LDAPDefaultGID
- LDAPFilter
- LDAPHomeDir
- LDAPVersion
- LDAPUseTLS
- LDAPAuthMethod
- LDAPDefaultHomeDirectory
For more information see the file itself. All comments available.
Absolute path to file for ldap configuration. Value must be a string.
Default: /etc/pure-ftpd/db/ldap.conf
This options needs the openssl module from camptocamp it provides an self-signed certificate, which is needed if you will use SSL/TLS. For more configuration see ssl_config and ssl_pemfile. Defaults to false.
Configures the mysql.conf options in the config_db_dir. Structured like a hash, same as config:
$mysql_config = {
'public' => '/srv/public',
'uploads' => '/tmp/uploads'
}- MYSQLServer
- MYSQLPort
- MYSQLSocket
- MYSQLUser
- MYSQLPassword
- MYSQLDatabase
- MYSQLCrypt
- MYSQLGetPW
- MYSQLGetUID
- MYSQLDefaultUID
- MYSQLGetGID
- MYSQLDefaultGID
- MYSQLGetDir
- MySQLGetQTAFS
- MySQLGetQTASZ
- MySQLGetRatioUL
- MySQLGetRatioDL
- MySQLGetBandwidthUL
- MySQLGetBandwidthDL
- MySQLForceTildeExpansion
- MySQLTransactions
For more information see the file itself. All comments available.
Absolute path to file for ldap configuration. Value must be a string.
Default: /etc/pure-ftpd/db/mysql.conf
Whether the package exists or should be a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Defaults to 'present'.
Whether to manage the Pure-FTPd server package. Defaults to true.
The name of the Pure-FTPd server package to install. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'default'.
The name of the Pure-FTPd server package to install. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'ldap'.
The name of the Pure-FTPd server package to install. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'mysql'.
The name of the Pure-FTPd server package to install. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'postgres'.
Configures the postgresql.conf options in the config_db_dir. Structured like a hash, same as config:
$mysql_config = {
'public' => '/srv/public',
'uploads' => '/tmp/uploads'
}- PGSQLServer
- PGSQLPort
- PGSQLUser
- PGSQLPassword
- PGSQLDatabase
- PGSQLCrypt
- PGSQLGetPW
- PGSQLGetUID
- PGSQLDefaultUID
- PGSQLGetGID
- PGSQLDefaultGID
- PGSQLGetDir
- PGSQLGetQTAFS
- PGSQLGetQTASZ
- PGSQLGetRatioUL
- PGSQLGetRatioDL
- PGSQLGetBandwidthUL
- PGSQLGetBandwidthDL
For more information see the file itself. All comments available.
Absolute path to file for postgresql configuration. Value must be a string.
Default: /etc/pure-ftpd/db/postgresql.conf
Whether the config_db_dir and config_dir directory should be purged. Valid values are true, false. Defaults to true.
Whether the service should be restarted when things change. Valid values are true, false. Defaults to true.
Whether the service should start in 'standalone' or 'inetd' mode. Defaults to standalone.
Defines which server type for Pure-FTPd should be used. Valid options are 'default', 'postgres', 'ldap', 'mysql'. Defaults to default.
Note After a server type is installed an managed and if you would like to switch to another type. Remove / Purge first and then switch server_type.
Specifies whether the service should be enabled. Valid values are true, false. Defaults to true.
Specifies whether the service should be managed. Valid values are true, false. Defaults to true.
The name of the Pure-FTPd server service. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'default'.
The name of the Pure-FTPd server service. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'ldap'.
The name of the Pure-FTPd server service. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'mysql'.
The name of the Pure-FTPd server service. Defaults are OS dependent, defined in params.pp. Used if server_type is set to 'postgres'.
The provider to use to manage the service. Defaults to 'systemd'.
Optional hash of values to create the self-signed certificate with openssl. This is only used if manage_ssl is set to true.
$ssl_config => {
'public' => '/srv/public',
'uploads' => '/tmp/uploads'
}- country (2 digit country code)
- organization (String)
- commonname (fqdn)
- days
Absolute path to file where the self-signed certificate and private key will be placed. Value must be a string. Used only if manage_ssl is enabled.
Default: /etc/ssl/private/pure-ftpd.pem
If set, pure-uploadscript will spawn running as the given gid. Defaults to undefined.
If set, pure-uploadscript will spawn running as the given uid. Defaults to undefined.
If this is set and the daemon is run in standalone mode, pure-uploadscript will also be run to spawn the program given below for handling uploads. Defaults to undefined.
Whether to use binary with virtualchroot support valid values are "true" or "false". Defaults to false.
Defines not used in this module.
This module currently uses no puppet Types.
Currently the module does not provide any facts. If some facts are required open an issue.
This module has been tested on:
- Debian 9
- Debian 10
- Debian 11
My main distribution is Debian and to support other platforms please let me note the differences, that we can append this platform.
Testing on other platforms has been minimal and cannot be guaranteed.
This puppet module is published under Apache-2.0 license and full opensource. Do not hesitate to contact the main developer on GitHub and open bugs, merge requests or anything else.
This module is initial written by Benjamin Kübler. The following contributors have contributed to this module:
- Benjamin Kübler