ftp-cloudfs

================================================= FTP Interface to OpenStack Object Storage (Swift)

:Homepage: https://pypi.python.org/pypi/ftp-cloudfs/ :Credits: Copyright 2009--2019 Chmouel Boudjnah chmouel@chmouel.com :Licence: MIT

DESCRIPTION

ftp-cloudfs is a ftp server acting as a proxy to OpenStack Object Storage (swift)_. It allow you to connect via any FTP client to do upload/download or create containers.

By default the server will bind to port 2021 which allow to be run as a non root/administrator user.

.. _OpenStack Object Storage (Swift): http://launchpad.net/swift

It supports pseudo-hierarchical folders/directories as described in the OpenStack Object Storage API_.

.. _OpenStack Object Storage API: http://docs.openstack.org/openstack-object-storage/developer/content/

REQUIREMENTS

• Python 2 >= 2.6
• python-swiftclient >= 2.1.0 - https://github.com/openstack/python-swiftclient/
• pyftpdlib >= 1.3.0 - http://code.google.com/p/pyftpdlib/
• python-daemon >= 1.5.5 - http://pypi.python.org/pypi/python-daemon/
• python-memcache >= 1.45 - http://www.tummy.com/Community/software/python-memcached/

IMPORTANT: pyftpdlib 1.2.0 has a couple of known issues (memory leak, file descriptor leak) and it shouldn't be used in production systems.

python-swiftclient 2.x uses Requests and it is currently incompatible with ftp-cloudfs < 0.30.

Operating Systems

ftp-cloudfs is developed and tested in Ubuntu and Debian Linux distributions but it should work on any Unix-like (including Mac OS X) as long as you install the requirements listed above.

INSTALL

Use standard setup.py directives ie.::

python setup.py install

Or if you have pip_ installed you can just run::

pip install ftp-cloudfs

which will install ftp-cloudfs with all the required dependencies.

We also provide a requirements.txt file in case you want to install all the dependencies using pip without installing ftp-cloudfs::

pip install -r requirements.txt

ftp-cloudfs has been included in Debian Jessie_.

.. _pip: https://pip.pypa.io/ .. _included in Debian Jessie: http://packages.debian.org/jessie/ftp-cloudfs

USAGE

The install should have created a /usr/bin/ftpcloudfs (or whatever prefix defined in your python distribution or command line arguments) which can be used like this:

Usage: ftpcloudfs [options]

Options: --version show program's version number and exit -h, --help show this help message and exit -p PORT, --port=PORT Port to bind the server (default: 2021) -b BIND_ADDRESS, --bind-address=BIND_ADDRESS Address to bind (default: 127.0.0.1) -a AUTHURL, --auth-url=AUTHURL Authentication URL (required) --insecure Allow to access servers without checking SSL certs --memcache=MEMCACHE Memcache server(s) to be used for cache (ip:port) -v, --verbose Be verbose on logging -f, --foreground Do not attempt to daemonize but run in foreground -l LOG_FILE, --log-file=LOG_FILE Log File: Default stdout when in foreground --syslog Enable logging to the system logger (daemon facility) --pid-file=PID_FILE Pid file location when in daemon mode --uid=UID UID to drop the privilige to when in daemon mode --gid=GID GID to drop the privilige to when in daemon mode --keystone-auth Use OpenStack Identity Service (Keystone, requires keystoneclient) --keystone-auth-version=VERSION Identity API version to be used (default: 2.0) --keystone-region-name=REGION_NAME Region name to be used in Keystone auth --keystone-tenant-separator=TENANT_SEPARATOR Character used to separate tenant_name/username in Keystone auth (default: TENANT.USERNAME) --keystone-domain-separator=DOMAIN_SEPARATOR Character used to separate project_name/project_domain_name and username/user_domain_name in Keystone auth v3 (default: @) --keystone-service-type=SERVICE_TYPE Service type to be used in Keystone auth (default: object-store) --keystone-endpoint-type=ENDPOINT_TYPE Endpoint type to be used in Keystone auth (default: publicURL) --storage-policy=STORAGE_POLICY Swift storage policy to be used (optional) Access to other containers will be denied

The defaults can be changed using a configuration file (by default in /etc/ftpcloudfs.conf). Check the example file included in the package.

CACHE MANAGEMENT

OpenStack Object Storage (Swift)_ is an object storage and not a real file system. This proxy simulates enough file system functionality to be used over FTP, but it has a performance impact.

To improve the performance a cache is used. It can be local or external (with Memcache). By default a local cache is used, unless one or more Memcache servers are configured.

If you're using just one client the local cache may be fine, but if you're using several connections, configuring an external cache is highly recommended.

If an external cache is available it will be used to cache authentication tokens too so any Memcache server must be secured to prevent unauthorized access as it could be possible to associate a token with a specific user (not trivial) or even use the cache key (MD5 hash) to brute-force the user password.

OPENSTACK IDENTITY SERVICE (KEYSTONE)

By default ftp-cloudfs will use Swift auth 1.0, that is compatible with OpenStack Object Storage using swauth_ auth middleware and Swift implementations such as Rackspace Cloud Files or Memset's Memstore Cloud Storage.

Optionally OpenStack Identity Service_ (Keystone) v2.0 or v3 can be used. Currently python-keystoneclient (0.3.2+ recommended) is required to use Keystone auth and it can be enabled with keystone-auth option.

With Keystone v2.0, you can provide a tenant name in the FTP login user with TENANT.USERNAME (using a dot as separator). With Keystone v3, you can also provide domain name in the FTP login user with PROJECT_NAME@PROJECT_DOMAIN_NAME.USERNAME@USER_DOMAIN_NAME (using @ as a separator). Please check the example configuration file for further details.

.. _swauth: https://github.com/gholt/swauth .. _OpenStack Identity Service: https://developer.openstack.org/api-ref/identity/index.html .. _RackSpace Cloud Files: http://www.rackspace.com/cloud/cloud_hosting_products/files/ .. _Memset's Memstore Cloud Storage: https://www.memset.com/cloud/storage/

LARGE FILE SUPPORT

The object storage has a limit on the size of a single uploaded object (by default this is 5GB). Files larger than that can be split in parts and merged back on the fly using a manifest file.

ftp-cloudfs supports this transparently with the split-large-files configuration token, setting it to the number of megabytes wanted to use for each part (disabled by default).

When a FILE is larger than the specified amount of MB, a FILE.part directory will be created and n parts will be created splitting the file automatically. The original file name will be used to store the manifest. If the original file is downloaded, the parts will be served as it was a single file.

The FILE.part directory can be removed from directory listings using the hide-part-dir configuration token. Please be aware that the directory will still be visible when accessing the storage using swift API.

STORAGE POLICIES

Swift storage policies may be used to add some level of segmentation inside a single Swift cluster : durability levels (Replication / Erasure Coding), storage backend performance (SSD vs HDD), ...

With storage_policy paramter, you can restrict user access to a single policy : If no name is specified, the default policy is used (and if no other policies, defined Policy-0 is considered the default). Policy-0 is what is used by Swift when accessing pre-storage-policy containers which won’t have a policy.

See Openstack Storage Policies for implementation details.

.. _Openstack Storage Policies: https://docs.openstack.org/swift/latest/overview_policies.html

SUPPORT

The project website is at:

https://github.com/cloudfs/ftp-cloudfs/issues

There you can file bug reports, ask for help or contribute patches. There's additional information at:

https://github.com/cloudfs/ftp-cloudfs/wiki

LICENSE

Unless otherwise noted, all files are released under the MIT_ license, exceptions contain licensing information in them.

.. _MIT: http://en.wikipedia.org/wiki/MIT_License

Copyright (C) 2009-2019 Chmouel Boudjnah chmouel@chmouel.com

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Authors

• Chmouel Boudjnah chmouel@chmouel.com
• Nick Craig-Wood nick@craig-wood.com
• Juan J. Martinez jjm@usebox.net

Contributors

• Christophe Le Guern c35sys@gmail.com
• Konstantin vz'One Enchant sirkonst@gmail.com
• Maxim Mitroshin mitroshin@selectel.org
• Sokolov Ilya falconmain@gmail.com
• John Leach john@johnleach.co.uk
• Vil Surkin vills@webzilla.com
• Julien Lutran julien.lutran@ovh.net