Manual:FTP Server Configuration On Debian 5 and Ubuntu 9.10 and 10.10
From IASO Wiki
FTP Server Configuration
- Install pure-ftpd-mysql and mysql-server packages:
apt-get -y install pure-ftpd-mysql mysql-server
- Start mysql server:
/etc/init.d/mysql start
- Create database (default name is iaso2012) with following tables:
CREATE DATABASE iaso2012; USE iaso2012; CREATE TABLE `user` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `user` VARCHAR(256) NOT NULL, `password` VARCHAR(32) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL DEFAULT '', `nodeid` VARCHAR(128) DEFAULT NULL, `backup_group` INT(11) DEFAULT '1', `comment` tinytext, `status` enum('0', '1') NOT NULL DEFAULT '1', PRIMARY KEY (`id`), UNIQUE KEY `User` (`user`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1; CREATE TABLE `node` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `path` VARCHAR(128) NOT NULL DEFAULT '', `name` VARCHAR(36) NOT NULL DEFAULT '', `backup_groupid` INT(11) DEFAULT '1', `users` INT(11) DEFAULT '0', `diskusage` INT(11) DEFAULT '0', `maxusers` INT(11) DEFAULT '500', PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
- Create mysql account with full access to iaso2012 database:
CREATE USER 'iaso2012'@'localhost' IDENTIFIED BY 'o69n78xuJAwLNZWyUKATDwfgpQ6Jgv6teBWk8vfXCJubWZDpNZ'; GRANT ALL PRIVILEGES ON iaso2012.* TO 'iaso2012'@'localhost'; FLUSH PRIVILEGES;
(Please use generated passwords for each installation)
- Configure pure-ftpd:
mv /etc/pure-ftpd/conf /etc/pure-ftpd/conf.old mv /etc/pure-ftpd/db/mysql.conf /etc/pure-ftpd/db/mysql.conf.old echo ",443" > /etc/pure-ftpd/conf/Bind echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles echo "500" > /etc/pure-ftpd/conf/MaxClientsNumber echo "500" > /etc/pure-ftpd/conf/MaxClientsPerIP echo "1000" > /etc/pure-ftpd/conf/MinUID echo "/etc/pure-ftpd/db/mysql.conf" > /etc/pure-ftpd/conf/MySQLConfigFile echo "yes" > /etc/pure-ftpd/conf/NoAnonymous echo "no" > /etc/pure-ftpd/conf/PAMAuthentication echo "30000 35000" > /etc/pure-ftpd/conf/PassivePortRange echo "2" > /etc/pure-ftpd/conf/TLS echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
(in example we used 30000:35000 tcp port range for passive mode connections. You could change it. Calculation is: 2 ports per online contract. Please make sure that this port range is opened at firewall/router)
- Configure /etc/pure-ftpd/db/mysql.conf, by adding folling in file:
MYSQLServer 127.0.0.1 MYSQLPort 3306 MYSQLSocket /tmp/mysql.sock MYSQLUser iaso2012 MYSQLPassword o69n78xuJAwLNZWyUKATDwfgpQ6Jgv6teBWk8vfXCJubWZDpNZ MYSQLDatabase iaso2012 MYSQLCrypt md5 MYSQLGetPW SELECT password FROM user WHERE User="\L" MYSQLDefaultUID 2001 MYSQLDefaultGID 2001 MYSQLGetDir SELECT concat(n.path, '/',c.user) FROM user c INNER JOIN node n ON c.nodeid = n.id WHERE c.status = '1' AND c.user = "\L" MySQLTransactions On
(Here we also set UID and GID to 2001. This means that all files at storage folder will be created with this UID&GID. You could change it also to different one)
- Insert required information to database:
USE iaso2012; INSERT INTO `node` VALUES (1, '/storage/FtpStorage', 'localstorage', 1, 0, 0, 500);
/storage/FtpStorage — full path to storage location, 500 — its contracts limit per storage.
Note that with few storage configurations (/storage2, /storage3), it could be easily added to the table. New accounts will be automatically triggered between them.
INSERT INTO `user` VALUES (1, 'common_user', '48ac9c1692b503390e41818ba296c83c', '1', 1, NULL, '1'); INSERT INTO `user` VALUES (2, 'backup_admin', md5('youpasswordtoMC'), '1', 1, NULL, '1');
(replace yourpasswordforMC with your password).
- Add mysql triggers. Triggers requires super mysql privileges (add it with root for example):
-
Create FtpStorage, common_user folder and symlink for the backup_admin user:
mkdir -p /storage/FtpStorage/common_user/status ln -s /storage/FtpStorage/common_user/status /storage/FtpStorage/backup_admin chown -R 2001:2001 /storage/FtpStorage
- Generate certificate for TSL:
mkdir -p /etc/ssl/private openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem chmod 600 /etc/ssl/private/*.pem
- Start pure-ftpd server:
/etc/init.d/pure-ftpd-mysql start
- Install mailing software:
apt-get -y install xsltproc msmtp
- Install server side software (engine)- for the latest engine builds please check our wiki page: IASO2012 Downloads:
cd /opt wget http://www.iaso.com/download/release/12.0.4/12081/iaso-me-12.0.4.12081-linux-x86_64.run chmod +x iaso-me-12.0.4.12081-linux-x86_64.run
./iaso-me-12.0.4.12081-linux-x86_64.runVerifying archive integrity... All good. Uncompressing Backup Manager Management Engine........................... -- Creating directories -- Copying files -- Running configuration script Enter statistic server address [192.168.1.1]: 127.0.0.1 Enter backup server address [127.0.0.1]: Enter username for statistic server [backup_admin]: Enter Business Partner Code: {{@(please enter here your BPCode)@}} Enter Email for dashboards [email@example.com]: {{@(please enter here 'from' email from dashboard emails, in example its support@company.com)@}} If you need more SMTP options please configure 'smtp.config' file manualy Sending test mail... Select storage configuration 1: FTP with MySQL authentication and home folder autocreation 2: None (where ftp users are not controlled) Enter number of configuration [1]: 1 Enter sql server address [127.0.0.1]: {{@(enter here ip of mysql server. in example - just 'Enter' pressed)@}} Enter sql user name [root]: iaso2012 Enter password for sql user iaso2012 [123456]: o69n78xuJAwLNZWyUKATDwfgpQ6Jgv6teBWk8vfXCJubWZDpNZ Enter sql database name [iaso2012]: ================================ Configuration file 'config.ini': ================================ [Reporting] Protocol=FTPS:443 Server=127.0.0.1 User=backup_admin Password=youpasswordtoMC BPCode=0000000 Email=support@company.com ProvisioningScript=scripts/ftp-mysql/Unix ProvisioningConfig=127.0.0.1 iaso2012 o69n78xuJAwLNZWyUKATDwfgpQ6Jgv6teBWk8vfXCJubWZDpNZ iaso2012 TempDir=/tmp/ManagementEngine ================================ Enter path where Licence.lic and Public.key are. Or leave empty and copy this files into '/opt/IASO/ManagementEngine' folder:Now you should just press 'Enter' button - all the required license files will be downloaded automatically from our SAP server.
- Add right UID/GID to /opt/IASO folder (by default Engine starts with UID 2001 and GID 2001. You could specify your GID and UID in /opt/IASO/etc/ProcessController.config file):
chown -R 2001:2001 /opt/IASO
ManagementEngine should start in background with UID 2001 and bind on port 5325. You could check it using:
netstat -nlp | grep Mana
You will get such output:
tcp 0 0 0.0.0.0:5325 0.0.0.0:* LISTEN 18862/ManagementEng
DELIMITER // CREATE TRIGGER `insert_user` BEFORE INSERT ON `user` FOR EACH ROW BEGIN DECLARE req_backup_group INTEGER; DECLARE total_users INTEGER; IF NEW.`backup_group` = 0 THEN SELECT `id` INTO req_backup_group FROM `node` WHERE `backup_groupid` = 0 LIMIT 1; SET NEW.`nodeid` = req_backup_group; SELECT COUNT(*) INTO total_users FROM `user` WHERE `nodeid` = req_backup_group; UPDATE `node` SET `users` = total_users + 1 WHERE `id` = req_backup_group; END IF; IF NEW.`backup_group` = 1 THEN SELECT `id` INTO req_backup_group FROM `node` WHERE `backup_groupid` = 1 AND `maxusers` != 0 AND `users` <= `maxusers` AND `diskusage` < 1800 ORDER BY `users` LIMIT 1; SET NEW.`nodeid` = req_backup_group; SELECT COUNT(*) INTO total_users FROM `user` WHERE `nodeid` = req_backup_group; UPDATE `node` SET `users` = total_users + 1 WHERE `id` = req_backup_group; END IF; IF NEW.`backup_group` = 2 THEN SELECT `id` INTO req_backup_group FROM `node` WHERE `backup_groupid` = 2 AND `maxusers` != 0 AND `users` <= `maxusers` AND `diskusage` < 1800 ORDER BY `users` LIMIT 1; SET NEW.`nodeid` = req_backup_group; SELECT COUNT(*) INTO total_users FROM `user` WHERE `nodeid` = req_backup_group; UPDATE `node` SET `users` = total_users + 1 WHERE `id` = req_backup_group; END IF; END;// CREATE TRIGGER `delete_user` BEFORE DELETE ON `user` FOR EACH ROW BEGIN DECLARE req_nodeid INTEGER; DECLARE total_users INTEGER; SELECT `nodeid` INTO req_nodeid FROM `user` WHERE `id` = OLD.`id`; SELECT COUNT(*) INTO total_users FROM `user` WHERE `nodeid` = req_nodeid; UPDATE `node` SET `users` = total_users - 1 WHERE `id` = req_nodeid; END;// DELIMITER ;
(please note that in example we used UID and GID 2001. it was set in /etc/pure-ftpd/db/mysql.conf file)
In case there is no openssl package installed, please install it using:
# apt-get -y install openssl
Note:
There were few cases when pure-ftpd binary from Debian and Ubuntu repos was not supporting data channel encryption (PROT P). To fix this issue you should manually compile pure-ftpd binary from sources and replace original file. Debian system doesn't contains gcc and mysql dev libraries, so install it:
apt-get -y install libmysql++-dev libssl-dev make cd /usr/src wget http://download.pureftpd.org/pub/pure-ftpd/releases/obsolete/pure-ftpd-1.0.29.tar.gz tar xzf pure-ftpd-1.0.29.tar.gz cd pure-ftpd-1.0.29 ./configure --with-mysql --with-tls make cp src/pure-ftpd /usr/sbin/pure-ftpd-mysql cd / rm -rf /usr/src/pure-ftpd-1.0.29*
Now you should be able to connect to the appliance with backup_admin username and 'youpasswordtoMC' password.
Download