added proftpd role

Author: jyotipm29

.gitmodules

@@ -30,3 +30,7 @@
 [submodule "galaxy/ansible/roles/galaxy-htcondor"]
 	path = galaxy/ansible/roles/galaxy-htcondor
 	url = https://github.com/usegalaxy-eu/ansible-htcondor-grycap
+
+[submodule "galaxy/ansible/roles/galaxy-proftpd"]
+	path = galaxy/ansible/roles/galaxy-proftpd
+	url = https://github.com/galaxyproject/ansible-proftpd

galaxy/Dockerfile

@@ -96,7 +96,6 @@ RUN groupadd -r postgres -g $GALAXY_POSTGRES_GID \
     ## && apt-get install postgresql-10 --no-install-recommends -y \
     && apt-get install nginx-extras nginx-common --no-install-recommends -y \
     && apt-get install docker-ce --no-install-recommends -y \
-    && apt-get install proftpd proftpd-mod-pgsql proftpd-mod-crypto --no-install-recommends -y \
     && apt-get install nano --no-install-recommends -y \
     && apt-get install git --no-install-recommends -y \
     && apt-get install gridengine-common gridengine-drmaa1.0 --no-install-recommends -y \
@@ -174,7 +173,7 @@ ADD ansible/ /ansible/
 
 # Install ansible and related dependencies
 RUN apt update -qq && apt install --no-install-recommends -y software-properties-common dirmngr gpg gpg-agent bsdmainutils \
-    && sudo add-apt-repository ppa:ansible/ansible \
+    && sudo add-apt-repository ppa:ansible/ansible-7 \
     && apt install --no-install-recommends -y ansible \
     && apt purge -y systemd && apt-get autoremove -y && apt-get clean
 
@@ -207,11 +206,18 @@ RUN ansible-playbook /ansible/slurm_provision.yml \
 
 # Install htcondor
 RUN ansible-playbook /ansible/htcondor_provision.yml \
+    --extra-vars galaxy_user_name=$GALAXY_USER
+
+# Install proftpd
+RUN ansible-playbook /ansible/proftpd_provision.yml \
     --extra-vars galaxy_user_name=$GALAXY_USER \
-    && apt purge -y systemd && apt-get autoremove -y && apt-get clean
+    --extra-vars proftpd_sql_db=galaxy@galaxy \
+    --extra-vars proftpd_sql_user=$GALAXY_USER \
+    --extra-vars proftpd_sql_password=$GALAXY_USER \
+    --extra-vars galaxy_ftp_upload_dir=$EXPORT_DIR/ftp
 
-RUN mkdir -p /shed_tools $EXPORT_DIR/ftp/ \
-    && chown $GALAXY_USER:$GALAXY_USER /shed_tools $EXPORT_DIR/ftp \
+RUN mkdir -p /shed_tools \
+    && chown $GALAXY_USER:$GALAXY_USER /shed_tools \
     && ln -s /tool_deps/ $EXPORT_DIR/tool_deps \
     # Configure Galaxy to use the Tool Shed
     && chown $GALAXY_USER:$GALAXY_USER $EXPORT_DIR/tool_deps \
@@ -234,16 +240,14 @@ RUN mkdir -p /shed_tools $EXPORT_DIR/ftp/ \
     --extra-vars galaxy_extras_config_tusd=True \
     --extra-vars galaxy_extras_config_cvmfs=True \
     --extra-vars galaxy_extras_config_gravity=True \
-    --extra-vars proftpd_db_connection=galaxy@galaxy \
-    --extra-vars proftpd_files_dir=$EXPORT_DIR/ftp \
-    --extra-vars proftpd_use_sftp=True \
     --extra-vars galaxy_extras_docker_legacy=False \
     --extra-vars supervisor_postgres_config_path=$PG_CONF_DIR_DEFAULT/postgresql.conf \
     --extra-vars supervisor_postgres_autostart=false \
     --extra-vars nginx_use_remote_header=True \
     --extra-vars tus_upload_store_path=$GALAXY_CONFIG_TUS_UPLOAD_STORE \
     --extra-vars gx_it_proxy_sessions_path=$GALAXY_CONFIG_INTERACTIVETOOLS_MAP \
-    --tags=galaxyextras,cvmfs --skip-tags=tusd,flower,redis,slurm,condor -c local \
+    --extra-vars use_pbkdf2=True \
+    --tags=galaxyextras,cvmfs --skip-tags=tusd,flower,redis,slurm,condor,proftpd -c local \
     && . $GALAXY_VIRTUAL_ENV/bin/activate \
     && pip install WeasyPrint \
     && deactivate \
@@ -288,7 +292,7 @@ ENV GALAXY_CONFIG_JOB_WORKING_DIRECTORY=$EXPORT_DIR/galaxy-central/database/job_
     GALAXY_CONFIG_CITATION_CACHE_DATA_DIR=$EXPORT_DIR/galaxy-central/database/citations/data \
     GALAXY_CONFIG_FTP_UPLOAD_DIR=$EXPORT_DIR/ftp \
     GALAXY_CONFIG_FTP_UPLOAD_SITE=galaxy.docker.org \
-    GALAXY_CONFIG_USE_PBKDF2=False \
+    GALAXY_CONFIG_USE_PBKDF2=True \
     GALAXY_CONFIG_NGINX_X_ACCEL_REDIRECT_BASE=/_x_accel_redirect \
     GALAXY_CONFIG_DYNAMIC_PROXY_MANAGE=False \
     GALAXY_CONFIG_VISUALIZATION_PLUGINS_DIRECTORY=config/plugins/visualizations \

galaxy/ansible/htcondor_provision.yml

@@ -68,7 +68,7 @@
         - 'DISCARD_SESSION_KEYRING_ON_STARTUP=False'
         - 'TRUST_UID_DOMAIN=true'
 
-  # Remove the init script
+  # Remove the init script and systemd
   post_tasks:
     - name: Stop HTCondor service
       command: /etc/init.d/condor stop
@@ -80,3 +80,6 @@
 
     - name: Remove HTCondor init script registration
       command: update-rc.d -f condor remove
+    
+    - name: Purge systemd and perform cleanup
+      shell: apt purge -y systemd && apt-get autoremove -y && apt-get clean

galaxy/ansible/proftpd_provision.yml

@@ -0,0 +1,69 @@
+- hosts: localhost
+  connection: local
+  remote_user: root
+  vars:
+    proftpd_galaxy_auth: yes
+    galaxy_user:
+      name: "{{ galaxy_user_name }}"
+    proftpd_galaxy_modules:
+      - mod_sql.c
+      - mod_sql_passwd.c
+      - mod_sql_postgres.c
+      - mod_sftp.c
+      - mod_sftp_pam.c
+      - mod_sftp_sql.c
+    proftpd_create_ftp_upload_dir: yes
+    proftpd_options:
+      - User: "{{ galaxy_user_name }}"
+      - Group: "{{ galaxy_user_name }}"
+    proftpd_global_options:
+      - PassivePorts: 30000 40000
+    proftpd_display_connect: |
+      Public Galaxy FTP
+    base_ssh_host_keys_dir: /etc/proftpd/ssh_host_keys
+    proftpd_virtualhosts:
+      - id: sftp
+        address: 0.0.0.0
+        options:
+          - Port: 22
+          - SFTPEngine: on
+          - SFTPPAMEngine: off
+          - CreateHome: on dirmode 700
+          - SFTPHostKey: "{{ base_ssh_host_keys_dir}}/rsa"
+          - SFTPHostKey: "{{ base_ssh_host_keys_dir }}/dsa"
+          - SFTPCompression: delayed
+          - SQLEngine: on
+          - SQLPasswordEngine: on
+          - SQLLogFile: /var/log/proftpd/sql.log
+          - SQLBackend: postgres
+          - SQLAuthenticate: users
+          - SQLConnectInfo: "{{ proftpd_sql_db }} {{ proftpd_sql_user }} {{ proftpd_sql_password }}"
+          - SQLAuthTypes: PBKDF2 SHA1
+          - SQLPasswordPBKDF2: sql:/GetPBKDF2Params
+          - SQLPasswordEncoding: base64
+          - SQLUserInfo: custom:/LookupGalaxyUser
+          - SQLPasswordUserSalt: sql:/GetUserSalt
+          - SQLNamedQuery: GetPBKDF2Params  SELECT "(CASE WHEN split_part(password, '$', 1) = 'PBKDF2' THEN UPPER(split_part(password, '$', 2)) ELSE 'SHA256' END), (CASE WHEN split_part(password, '$', 1) = 'PBKDF2' THEN split_part(password, '$', 3) ELSE '10000' END), 24 FROM galaxy_user WHERE email='%U'"
+          - SQLNamedQuery: GetUserSalt      SELECT "(CASE WHEN split_part(password, '$', 1) = 'PBKDF2' THEN split_part(password, '$', 4) END) FROM galaxy_user WHERE email='%U'"
+          - SQLNamedQuery: LookupGalaxyUser SELECT "email, (CASE WHEN split_part(password, '$', 1) = 'PBKDF2' THEN split_part(password, '$', 5) ELSE encode(decode(password, 'hex'), 'base64') END),'{{ galaxy_user_name }}','{{ galaxy_user_name }}','{{ galaxy_ftp_upload_dir }}/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
+
+  # Required for sftp server
+  pre_tasks:
+    - name: Install OpenSSH client package
+      apt: pkg=openssh-client
+
+    - name: Create ssh host keys directory
+      file: path="{{ base_ssh_host_keys_dir }}" state=directory
+
+    - name: Generate new SSH keys (rsa)
+      shell: ssh-keygen -b 2048 -t rsa -f "{{ base_ssh_host_keys_dir }}/rsa" -N ""
+      args:
+        creates: "{{ base_ssh_host_keys_dir }}/rsa"
+
+    - name: Generate new SSH keys (dsa)
+      shell: ssh-keygen -b 1024 -t dsa -f "{{ base_ssh_host_keys_dir }}/dsa" -N ""
+      args:
+        creates: "{{ base_ssh_host_keys_dir }}/dsa"
+
+  roles:
+      - role: galaxy-proftpd