Customizing Cluster Nodes Using First-boot Scripts
To modify the default cluster node images provided by Aspera, you can enter a first-boot script into the Firstboot Script field when launching a node.
The script is executed during the initialization process of each cluster node, before the default Aspera first-boot sequence and before the Cluster Manager starts (but not when a node instance restarts). Because no Aspera services are running at this time, any configuration changes (such as modifications to trapd.properties) can be executed without needing to restart the services.
The following example scripts configure users and the system, and can be combined or expanded to include other configuration settings.
Print a Test Message
Use the following script to print a test message to confirm that the first-boot scripts are running:
#!/bin/bash
echo "Cluster Manager first-boot scripts are running."
Add a User to the Cluster Manager
Use the following script to add a new user and configure their SSH key. Replace public_key with the text string in /opt/aspera/var/aspera_tokenauth_id_rsa.pub (the server's public SSH key).
#!/bin/bash
useradd username
mkdir -p /home/username/.ssh
echo "public_key" > /home/username/.ssh/authorized_keys
chown -R username:username /home/username/.ssh/
chmod 700 /home/username/.ssh/
chmod 600 /home/username/.ssh/authorized_keys
Adding the user to the sshd configuration: Once the cluster is updated with the new user, log in to the Cluster Manager web UI as an admin, go to the Clusters page, and click Action > Edit Cluster Configuration for your cluster. Locate the following text:
"sshd_transfer_config":...AllowUsers xfer xfer1 xfer2 xfer3\n\n...
Add the new username to the list of allowed users. For example:
AllowUsers xfer xfer1 xfer2 xfer3 username\n\n
Click Save Changes.
Create a Node API User and Password
Use the following script to create a Node API username (xfer2) and password that can be used to monitor your clusters by using IBM Aspera Console. Replace node_api_password with your desired password.
#!/bin/bash
echo "/opt/aspera/bin/asnodeadmin -a -u xfer2 -x root -p node_api_password --acl-set impersonation" >> /opt/aspera/atcm/bin/configure-node-users.sh
Create a New Default System User to Use with Access Keys
The cluster connects to cloud storage using access keys, which provide a more secure and flexible alternative to authenticating with the Aspera node user or system user. For more information about access keys, see Access Key Overview.
Aspera recommends creating a new system user to use with all access keys. To create this system user, use the first-boot script and replace username with the desired name of your default user:
#!/bin/bash
SYSTEM_USER=username
function createUser() {
local user=$1
groupadd -f aspusers
adduser -s /bin/aspshell -G aspusers ${user}
pushd /home/${user}
mkdir -p .ssh
cp -f /opt/aspera/var/aspera_id_dsa.pub .ssh/authorized_keys
chown -R ${user}:${user} .ssh/
chmod 755 .ssh/
chmod 644 .ssh/authorized_keys
popd
}
createUser "$SYSTEM_USER"
echo "
/opt/aspera/bin/asnodeadmin -d -u \"\$3\"
/opt/aspera/bin/asnodeadmin -a -u \"\$3\" -x \"$SYSTEM_USER\" -p \"\$4\"" >> /opt/aspera/atcm/bin/configure-node-users.sh