Setting Up a Linux Node
A node is a local, remote, or cloud server running an Aspera transfer server product (IBM Aspera High-Speed Transfer Server). Shares uses the Node API on the transfer server to configure the node and to perform transfers to and from the node.
Note: The following instructions require you to have administrative privileges.
-
Verify you have installed IBM Aspera High-Speed Transfer Server with
a valid license on your transfer server. Shares
requires that nodes use a Connect Server license.
Run the following command:
# ascp -A
If you need to update your transfer server license, follow the instructions in IBM Aspera High-Speed Transfer Server Admin Guide: Updating Product License.
-
Verify that the machine's hosts file has an entry for
127.0.0.1 localhost/
. You can find this file at /etc/hosts. -
Disable SELinux.
SELinux must be set to "permissive" or "disabled", not "enforced". To check the status of SELinux, run the following:
# sestatus
If SELinux is set to "enforced", change the SELINUX value to disabled in the SELinux configuration file (/etc/selinux/config).SELINUX=disabled
On the next reboot, SELinux is permanently disabled. To dynamically disable it before the reboot, run the following command:# setenforce 0
-
Create a system user account on the node.
Run the following command:
# useradd username
The examples in this topic use xfer_user as an example username.
The following steps use the asconfigurator utility to modify the aspera.conf configuration file, located at /opt/aspera/etc/aspera.conf.
-
Add the user to aspera.conf and set the
docroot.
The directory you choose for the docroot is the absolute path for the transfer user. When this node is added to Shares, users cannot access files or folders outside of the docroot.CAUTION:Do not use spaces in your docroot. If your docroot contains spaces, you may not receive all email notifications relating to transfer activity.Run the following asconfigurator command with the transfer username and the docroot path:
# asconfigurator -x "set_user_data;user_name,username;absolute,/docroot/path"
For example:# asconfigurator -x "set_user_data;user_name,xfer_user;absolute,/project1"
-
Set up token authorization for the user in
aspera.conf.
Run the following asconfigurator commands to set the encryption key for the user:
# asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token" # asconfigurator -x "set_user_data;user_name,username;authorization_transfer_out_value,token" # asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"
The encryption key can be any string of numbers. Use a string that is at least 20 characters long. For example:# asconfigurator -x "set_user_data;user_name,xfer_user;authorization_transfer_in_value,token" # asconfigurator -x "set_user_data;user_name,xfer_user;authorization_transfer_out_value,token" # asconfigurator -x "set_user_data;user_name,xfer_user;token_encryption_key,gj5o930t78m34ejme9dx"
-
Set the IP address or hostname for the node in the
aspera.conf file with the following
asconfigurator command:
# asconfigurator -x "set_server_data;server_name,ip_or_hostname"
For example:
# asconfigurator -x "set_server_data;server_name,aspera.example.com"
-
Verify persistent storage is enabled in
aspera.conf for use with stats collector.
Run the following asuserdata command to verify that the
persistent_store
parameter is set toenable
:# /opt/aspera/bin/asuserdata -c
central server option set: address: "127.0.0.1" port: "40001" backlog: "200" schema_validation: "enable" mgmt_backlog: "200" mgmt_port: "0" transfer_list_path: "" persistent_store: "enable" persistent_store_path: "" persistent_store_max_age: "86400" persistent_store_on_error: "ignore" event_buffer_capacity: "1000" event_buffer_overrun: "block" compact_on_startup: "enable" files_per_session: "1000000" file_errors: "true" ignore_empty_files: "true" ignore_skipped_files: "true" ignore_no_transfer_files: "true" db_synchronous: "off" db_journal: "wal"
If persistent storage is not enabled, run the following asconfigurator command to enable it:
Restart the asperacentral service to update the node configuration:$ asconfigurator -x "set_central_server_data;persistent_store,enable"
service asperacentral restart
-
Set up a transfer user account with a Node API username and
password.
Shares authenticates to the node machine using a Node API username and password. The following command creates a Node API user and password and associates it with the system user you created.Note: Use different names for the system user account and transfer user account in order to minimize confusion when tracing transactions and events.
-
Run the following commands to set up the Node API user:
# /opt/aspera/bin/asnodeadmin
-a -u node_api_username -p node_api_passwd -x system_username
For example:# /opt/aspera/bin/asnodeadmin
-a -u node_user -p XF324cd28 -x xfer_user
Note: You need to escape special characters such as$
to use them in a password. For example, to useXF324$
as the password:# /opt/aspera/bin/asnodeadmin -a -u node_user -x xfer -p XF324\$
-
Run the following command to check the system user was successfully added to
asnodeadmin:
# /opt/aspera/bin/asnodeadmin -l
Given a node user named node_user and a system user named xfer_user, the result should be similar to the following example:user system/transfer user acls ==================== ======================= ==================== node_user xfer_user
Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files. -
Run the following commands to set up the Node API user:
-
Install the IBM Aspera Connect Browser Plug-In key.
-
If the .ssh folder does not already exist in the
system user's home directory, run the following command to create
the folder:
# mkdir -p ~/.ssh
For example:# mkdir -p /home/xfer_user/.ssh
-
Add the aspera_id_rsa.pub public key to the
authorized_keys file by running the following
command:
# cat /opt/aspera/var/aspera_tokenauth_id_rsa.pub.pub >> ~/.ssh/authorized_keys
-
Transfer the .ssh folder and
authorized_keys file ownership to the system
user by running the following commands:
# chown -R username:username ~/.ssh # chmod 600 /home/username /.ssh/authorized_keys # chmod 700 /home/username # chmod 700 /home/username /.ssh
-
If the .ssh folder does not already exist in the
system user's home directory, run the following command to create
the folder:
The transfer node is now ready for connection to Shares.
For instructions on adding a node to Shares, see Adding Nodes.