Configuring a Watchfolder-enabled Transfer Node

Watchfolders uses the Aspera Watchfolder service (asperawatchfolderd) and the output from the Aspera Watch Service (asperawatchd) to automatically transfer new files added to a source folder on an Aspera node. Follow the instructions below to start the two services.
Note: You must perform the following instructions on the transfer node.
  1. Select a user account to run your services.

    Watchfolder services must be run under a user with access to every area of your file system in which you intend to create a watch folder. Watchfolders allows you to run multiple instances of these services under different users. Most users run these services under one user. Choose a user that has access to your entire file system.

    If you need to run multiple instances of these services to access every area of your file system, see Choosing User Accounts to Run Watchfolder Services.

  2. Configure a docroot for the chosen user.

    The docroot is a security feature that allows you to restrict the area asperawatchfolderd can access. If you need to acces the entire file system, you can set the docroot path as C:\, but you cannot leave it empty.

    Note: On Windows, to set a docroot of C:\, you must run asconfigurator using the value C:\\ or the docroot will not format correctly in aspera.conf.

    Set the docroot for the user using the asconfigurator utility:

    > asconfigurator -x "set_user_data;user_name,username;absolute,docroot"

    For example:

    > asconfigurator -x "set_user_data;user_name,svcAspera;absolute,C:\\"
    success
    user_name: svcAspera
    
    
    The asconfigurator command adds the following configuration to the <aaa> section of aspera.conf:
    <aaa>
        <realms>
            <realm>
                <users>
                    <user>
                        <name>svcAspera</name>
                        <file_system>
                            <access>
                                <paths>
                                    <path>
                                        <absolute>C:\</absolute>
                                    </path>
                                </paths>
                            </access>
                        </file_system>
                    </user>
                </users>
            </realm>
        </realms>
    </aaa>
  3. Configure the asperawatchd and asperawatchfolderd services to run under your user.

    The following commands add the services in the asperarund database; asperarund automatically starts and preserves services in its database. The asperarund service must be running.

    Windows Node:

    > asperawatchd --user username
    > asperawatchfolderd --user username

    Windows requires a password when running services as other users. Enter the password when prompted.

    OS X Node:

    $ /Library/Aspera/sbin/asperawatchd --user username
    $ /Library/Aspera/sbin/asperawatchfolderd --user username

    Linux Node:

    # /opt/aspera/sbin/asperawatchd --user username
    # /opt/aspera/sbin/asperawatchfolderd --user username
  4. Verify that asperawatchd and asperawatchfolderd is running under the given user.

    Use the aswatchadmin and aswatchfolderadmin admin tools to retrieve a list of running daemons. Daemons are named with the username you passed in when starting the service. For example, if you used the svcAspera user to run your services, you should see the svcaspera daemon listed in the output.

    Windows Node:

    > aswatchadmin query-daemons
    [aswatchadmin query-daemons] Found a single daemon:
    	svcaspera
    
    > aswatchfolderadmin query-daemons
    [aswatchfolderadmin query-daemons] Found a single daemon:
    	svcaspera

    Windows requires a password when running services as other users. Enter the password when prompted.

    Linux Node:

    $ /opt/aspera/bin/aswatchadmin query-daemons
    [aswatchadmin query-daemons] Found a single daemon:
    	root
    
    $ /opt/aspera/bin/aswatchfolderadmin query-daemons
    [aswatchfolderadmin query-daemons] Found a single daemon:
    	root
  5. Create a Node API User and map it to a system account. The user account must have administrative privileges to interact with Aspera WatchfolderD.
    Using the REST API provided by the asperanoded service, a user can create, remove, query and modify watchfolder instances. The asperanoded service forwards requests to the corresponding watch folder instances over Redis.

    Windows Node:

    > asnodeadmin -a -u node_username -p node_password -x admin_user --acl-set "admin,impersonation"

    Linux Node:

    # /opt/aspera/binasnodeadmin-a -u node_username -p node_password -x admin_user --acl-set "admin,impersonation"

    For example:

    Windows Node:

    > asnodeadmin -a -u watchfolder_user -p X245lskd3 -x svcaspera --acl-set "admin,impersonation"

    Linux Node:

    # /opt/aspera/bin/asnodeadmin -a -u watchfolder_user -p X245lskd3 -x svcaspera --acl-set "admin,impersonation"
    Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files. For more information on the Node API, see your transfer server's administrator guide.
  6. Verify that you correctly added the node user.
    > asnodeadmin -l
    List of node user(s):
                    user       system/transfer user                    acls
    ====================    =======================    ====================
           node_api_user                system_user    [admin]
    Given the example in the previous step, the output should look like the following:
    > asnodeadmin -l
                    user       system/transfer user                    acls
    ====================    =======================    ====================
    watchfolder_user                      svcAspera   [admin,impersonation]
  7. Add the transfer node to Console as a managed node.
    This transfer node is now ready to be added to Console as a managed node. For instructions on adding nodes to Console, see Creating a Managed Node in Console.
Once you have successfully added the transfer node to Console as a managed node, you can use the node to create watch folders. For instructions on creating a watch folder, see Creating a Watch Folder in Console.