FTP Interface to OpenStack Object Storage (Swift)
|Credits:||Copyright 2009--2019 Chmouel Boudjnah <firstname.lastname@example.org>|
ftp-cloudfs is a ftp server acting as a proxy to OpenStack Object Storage (swift). It allow you to connect via any FTP client to do upload/download or create containers.
By default the server will bind to port 2021 which allow to be run as a non root/administrator user.
It supports pseudo-hierarchical folders/directories as described in the OpenStack Object Storage API.
- Python 2 >= 2.6
- python-swiftclient >= 2.1.0 - https://github.com/openstack/python-swiftclient/
- pyftpdlib >= 1.3.0 - http://code.google.com/p/pyftpdlib/
- python-daemon >= 1.5.5 - http://pypi.python.org/pypi/python-daemon/
- python-memcache >= 1.45 - http://www.tummy.com/Community/software/python-memcached/
IMPORTANT: pyftpdlib 1.2.0 has a couple of known issues (memory leak, file descriptor leak) and it shouldn't be used in production systems.
python-swiftclient 2.x uses Requests and it is currently incompatible with ftp-cloudfs < 0.30.
ftp-cloudfs is developed and tested in Ubuntu and Debian Linux distributions but it should work on any Unix-like (including Mac OS X) as long as you install the requirements listed above.
Use standard setup.py directives ie.:
python setup.py install
Or if you have pip installed you can just run:
pip install ftp-cloudfs
which will install ftp-cloudfs with all the required dependencies.
We also provide a requirements.txt file in case you want to install all the dependencies using pip without installing ftp-cloudfs:
pip install -r requirements.txt
ftp-cloudfs has been included in Debian Jessie.
The install should have created a /usr/bin/ftpcloudfs (or whatever prefix defined in your python distribution or command line arguments) which can be used like this:
Usage: ftpcloudfs [options]
--version show program's version number and exit -h, --help show this help message and exit -p PORT, --port=PORT Port to bind the server (default: 2021) -b BIND_ADDRESS, --bind-address=BIND_ADDRESS Address to bind (default: 127.0.0.1) -a AUTHURL, --auth-url=AUTHURL Authentication URL (required) --insecure Allow to access servers without checking SSL certs --memcache=MEMCACHE Memcache server(s) to be used for cache (ip:port) -v, --verbose Be verbose on logging -f, --foreground Do not attempt to daemonize but run in foreground -l LOG_FILE, --log-file=LOG_FILE Log File: Default stdout when in foreground --syslog Enable logging to the system logger (daemon facility) --pid-file=PID_FILE Pid file location when in daemon mode --uid=UID UID to drop the privilige to when in daemon mode --gid=GID GID to drop the privilige to when in daemon mode --keystone-auth Use OpenStack Identity Service (Keystone, requires keystoneclient) --keystone-auth-version=VERSION Identity API version to be used (default: 2.0) --keystone-region-name=REGION_NAME Region name to be used in Keystone auth --keystone-tenant-separator=TENANT_SEPARATOR Character used to separate tenant_name/username in Keystone auth (default: TENANT.USERNAME) --keystone-domain-separator=DOMAIN_SEPARATOR Character used to separate project_name/project_domain_name and username/user_domain_name in Keystone auth v3 (default: @) --keystone-service-type=SERVICE_TYPE Service type to be used in Keystone auth (default: object-store) --keystone-endpoint-type=ENDPOINT_TYPE Endpoint type to be used in Keystone auth (default: publicURL) --storage-policy=STORAGE_POLICY Swift storage policy to be used (optional) Access to other containers will be denied
The defaults can be changed using a configuration file (by default in /etc/ftpcloudfs.conf). Check the example file included in the package.
OpenStack Object Storage (Swift) is an object storage and not a real file system. This proxy simulates enough file system functionality to be used over FTP, but it has a performance impact.
To improve the performance a cache is used. It can be local or external (with Memcache). By default a local cache is used, unless one or more Memcache servers are configured.
If you're using just one client the local cache may be fine, but if you're using several connections, configuring an external cache is highly recommended.
If an external cache is available it will be used to cache authentication tokens too so any Memcache server must be secured to prevent unauthorized access as it could be possible to associate a token with a specific user (not trivial) or even use the cache key (MD5 hash) to brute-force the user password.
OPENSTACK IDENTITY SERVICE (KEYSTONE)
By default ftp-cloudfs will use Swift auth 1.0, that is compatible with OpenStack Object Storage using swauth auth middleware and Swift implementations such as Rackspace Cloud Files or Memset's Memstore Cloud Storage.
Optionally OpenStack Identity Service (Keystone) v2.0 or v3 can be used.
Currently python-keystoneclient (0.3.2+ recommended) is required to use Keystone auth
and it can be enabled with
With Keystone v2.0, you can provide a tenant name in the FTP login user with TENANT.USERNAME (using a dot as separator). With Keystone v3, you can also provide domain name in the FTP login user with PROJECT_NAME@PROJECT_DOMAIN_NAME.USERNAME@USER_DOMAIN_NAME (using @ as a separator). Please check the example configuration file for further details.
LARGE FILE SUPPORT
The object storage has a limit on the size of a single uploaded object (by default this is 5GB). Files larger than that can be split in parts and merged back on the fly using a manifest file.
ftp-cloudfs supports this transparently with the split-large-files configuration token, setting it to the number of megabytes wanted to use for each part (disabled by default).
When a FILE is larger than the specified amount of MB, a FILE.part directory will be created and n parts will be created splitting the file automatically. The original file name will be used to store the manifest. If the original file is downloaded, the parts will be served as it was a single file.
The FILE.part directory can be removed from directory listings using the hide-part-dir configuration token. Please be aware that the directory will still be visible when accessing the storage using swift API.
Swift storage policies may be used to add some level of segmentation inside a single Swift cluster : durability levels (Replication / Erasure Coding), storage backend performance (SSD vs HDD), ...
With storage_policy paramter, you can restrict user access to a single policy : If no name is specified, the default policy is used (and if no other policies, defined Policy-0 is considered the default). Policy-0 is what is used by Swift when accessing pre-storage-policy containers which won’t have a policy.
See Openstack Storage Policies for implementation details.
The project website is at:
There you can file bug reports, ask for help or contribute patches. There's additional information at:
Unless otherwise noted, all files are released under the MIT license, exceptions contain licensing information in them.
Copyright (C) 2009-2019 Chmouel Boudjnah <email@example.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- Chmouel Boudjnah <firstname.lastname@example.org>
- Nick Craig-Wood <email@example.com>
- Juan J. Martinez <firstname.lastname@example.org>