Setting Up a Linux Node

A node is a local, remote, or cloud server running an Aspera transfer server product (IBM Aspera High-Speed Transfer Server). Shares uses the Node API on the transfer server to configure the node and to perform transfers to and from the node.

Note: The following instructions require you to have administrative privileges.
  1. Verify you have installed IBM Aspera High-Speed Transfer Server with a valid license on your transfer server. Shares requires that nodes use a Connect Server license.
    Run the following command:
    # ascp -A

    If you need to update your transfer server license, follow the instructions in IBM Aspera High-Speed Transfer Server Admin Guide: Updating Product License.

  2. Verify that the machine's hosts file has an entry for 127.0.0.1 localhost/. You can find this file at /etc/hosts.
  3. Disable SELinux.
    SELinux must be set to "permissive" or "disabled", not "enforced". To check the status of SELinux, run the following:
    # sestatus
    If SELinux is set to "enforced", change the SELINUX value to disabled in the SELinux configuration file (/etc/selinux/config).
    SELINUX=disabled
    On the next reboot, SELinux is permanently disabled. To dynamically disable it before the reboot, run the following command:
    # setenforce 0
  4. Create a system user account on the node.
    Run the following command:
    # useradd username
    The examples in this topic use xfer_user as an example username.

The following steps use the asconfigurator utility to modify the aspera.conf configuration file, located at /opt/aspera/etc/aspera.conf.

  1. Add the user to aspera.conf and set the docroot.
    The directory you choose for the docroot is the absolute path for the transfer user. When this node is added to Shares, users cannot access files or folders outside of the docroot.
    CAUTION:
    Do not use spaces in your docroot. If your docroot contains spaces, you may not receive all email notifications relating to transfer activity.
    Run the following asconfigurator command with the transfer username and the docroot path:
    # asconfigurator -x "set_user_data;user_name,username;absolute,/docroot/path"
    For example:
    # asconfigurator -x "set_user_data;user_name,xfer_user;absolute,/project1"
  2. Set up token authorization for the user in aspera.conf.
    Run the following asconfigurator commands to set the encryption key for the user:
    # asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token"
    # asconfigurator -x "set_user_data;user_name,username;authorization_transfer_out_value,token"
    # asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"
    The encryption key can be any string of numbers. Use a string that is at least 20 characters long. For example:
    # asconfigurator -x "set_user_data;user_name,xfer_user;authorization_transfer_in_value,token"
    # asconfigurator -x "set_user_data;user_name,xfer_user;authorization_transfer_out_value,token"
    # asconfigurator -x "set_user_data;user_name,xfer_user;token_encryption_key,gj5o930t78m34ejme9dx"
  3. Set the IP address or hostname for the node in the aspera.conf file with the following asconfigurator command:
    # asconfigurator -x "set_server_data;server_name,ip_or_hostname"

    For example:

    # asconfigurator -x "set_server_data;server_name,aspera.example.com"
  4. Verify persistent storage is enabled in aspera.conf for use with stats collector.
    Run the following asuserdata command to verify that the persistent_store parameter is set to enable:
    # /opt/aspera/bin/asuserdata -c
    
    central server option set:
      address: "127.0.0.1"
      port: "40001"
      backlog: "200"
      schema_validation: "enable"
      mgmt_backlog: "200"
      mgmt_port: "0"
      transfer_list_path: ""
      persistent_store: "enable"
      persistent_store_path: ""
      persistent_store_max_age: "86400"
      persistent_store_on_error: "ignore"
      event_buffer_capacity: "1000"
      event_buffer_overrun: "block"
      compact_on_startup: "enable"
      files_per_session: "1000000"
      file_errors: "true"
      ignore_empty_files: "true"
      ignore_skipped_files: "true"
      ignore_no_transfer_files: "true"
      db_synchronous: "off"
      db_journal: "wal"
    If persistent storage is not enabled, run the following asconfigurator command to enable it:
    $ asconfigurator -x "set_central_server_data;persistent_store,enable"
    Restart the asperacentral service to update the node configuration:
    service asperacentral restart
  5. Set up a transfer user account with a Node API username and password.
    Shares authenticates to the node machine using a Node API username and password. The following command creates a Node API user and password and associates it with the system user you created.
    Note: Use different names for the system user account and transfer user account in order to minimize confusion when tracing transactions and events.
    1. Run the following commands to set up the Node API user:
      # /opt/aspera/bin/asnodeadmin -a -u node_api_username -p node_api_passwd -x system_username
      For example:
      # /opt/aspera/bin/asnodeadmin -a -u node_user -p XF324cd28 -x xfer_user
      Note: You need to escape special characters such as $ to use them in a password. For example, to use XF324$ as the password:
      # /opt/aspera/bin/asnodeadmin -a -u node_user -x xfer -p XF324\$
    2. Run the following command to check the system user was successfully added to asnodeadmin:
      # /opt/aspera/bin/asnodeadmin -l
      Given a node user named node_user and a system user named xfer_user, the result should be similar to the following example:
                      user       system/transfer user                    acls
      ====================    =======================    ====================
                 node_user                  xfer_user                        
    Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files.
  6. Install the IBM Aspera Connect Browser Plug-In key.
    1. If the .ssh folder does not already exist in the system user's home directory, run the following command to create the folder:
      # mkdir -p ~/.ssh
      For example:
      # mkdir -p /home/xfer_user/.ssh
    2. Add the aspera_id_rsa.pub public key to the authorized_keys file by running the following command:
      # cat /opt/aspera/var/aspera_tokenauth_id_rsa.pub.pub >> ~/.ssh/authorized_keys
    3. Transfer the .ssh folder and authorized_keys file ownership to the system user by running the following commands:
      # chown -R username:username ~/.ssh
      # chmod 600 /home/username /.ssh/authorized_keys
      # chmod 700 /home/username
      # chmod 700 /home/username /.ssh
The transfer node is now ready for connection to Shares.

For instructions on adding a node to Shares, see Adding Nodes.