Skip to content
/ sftp-geesefs-butane Public

Butane configuration for a Fedora CoreOS SFTP server using S3 buckets mounted by geesefs

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ScilifelabDataCentre/sftp-geesefs-butane

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
butane-files-dir
butane-files-dir
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sftp-geesefs.butane
sftp-geesefs.butane
 
 

Repository files navigation

butane-sftp-geesefs

Butane configuration (variant: fcos, version: 1.4.0) for running an SFTP server on Fedora CoreOS. For storage geesefs mounts S3 buckets. (One S3 bucket per user).

Zincati, the agent for Fedora CoreOS auto-updates, is configured to have a maintenance window on Sunday mornings (see butane-files-dir/30-updates-strategy.toml). If there was an update available, the VM will reboot after performing the update. After the reboot the S3 buckets will be emptied by instances of the templated service [email protected].

Requirements

The command-line tools

  • butane
  • envsubst
  • scp

and some way to boot up a Fedora CoreOS computer (or VM) from an Ignition file.

Installation

  1. Install butane. For example on macOS brew install butane

  2. Clone this Git repository

    git clone URL

  3. Change directory

    cd butane-sftp-geesefs

  4. Set the environment variable MY_SSH_KEY to your public SSH key. The command envsubst will do text replacement and insert your public SSH key into the butane file.

    export MY_SSH_KEY="ssh-ed25519 AAAAC3Nza..."

  5. Create Ignition file

    cat sftp-geesefs.butane | envsubst | butane --pretty --files-dir butane-files-dir --strict > sftp-geesefs.ign

  6. Boot up a Fedora CoreOS from the Ignitition file sftp-geesefs.ign

  7. Copying the user configuration file install-sftp-users.json to the directory /srv/sftp_geesefs/install-sftp-users/trigger/ will trigger an installation. The JSON format is

    [ {
  "s3_endpoint" : "https://s3.example.com",
  "s3_bucket_name" : "some_bucket1", 
  "aws_access_key_id" : "3R9...",
  "aws_secret_access_key" : "9Bf...",
  "user" : "myuser1", 
  "ssh_authorized_keys" : "ssh-rsa AAAAB3NzaC1yc2EA..." },

{
  "s3_endpoint" : "https://s3.example.com",
  "s3_bucket_name" : "some_bucket2", 
  "aws_access_key_id" : "5R2...",
  "aws_secret_access_key" : "3Be...",
  "user" : "myuser2", 
  "ssh_authorized_keys" : "ssh-rsa AAAAB3EvL..." }
]

    (Multiple users can be installed from the same JSON file).

    To copy the file, run a command similar to

    scp install-sftp-users.json root@fcos:/srv/sftp_geesefs/install-sftp-users/trigger/

    (replace fcos with the IP address or hostname of the installed Fedora CoreOS computer/VM)

Usage

sftp myuser1@server

Note, by default the server will empty the S3 buckets after a reboot. To disable automatic emptying of the S3 bucket used by the user myuser1, run

sudo systemctl disable [email protected]

Reboots will for instance happen after an update by Zincati. Zincati can be configure by adjusting/adding configuration files under /etc/zincati/config.d/

Note about POSIX compliance

Note that geesefs is not fully POSIX compliant. See POSIX Compatibility Matrix

About

Butane configuration for a Fedora CoreOS SFTP server using S3 buckets mounted by geesefs

Topics

s3 sftp sftp-server openssh fedora-coreos butane geesefs

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages