|Configuring for Other Aspera Products|
The steps below describe configuring IBM Aspera Connect Server as the transfer server for IBM Aspera Faspex.
If you haven't already, follow the steps in Standard Installation to install Connect Server (the transfer server).The transfer server can be set up in either of the following configurations:
All steps must be performed as root.
In the aspera.conf file (/opt/aspera/etc/aspera.conf) check the following:
If you change settings, you must restart asperacentral and asperanoded.
# /etc/init.d/asperanoded restart # /etc/init.d/asperacentral restart
If you are setting up Connect Server as a remote transfer server node, continue with the steps below.
The system user authenticates the actual ascp transfer and must be an operating system account. Run the following commands to: (1) create the group faspex; (2) create the system user faspex; and (3) configure it to use the Aspera secure shell, aspshell.
# /usr/sbin/groupadd -r faspex # /usr/sbin/useradd -r faspex -s /bin/aspshell-r -g faspex
Run the following commands to create the packages directory /home/faspex/faspex_packages:
# mkdir -p /home/faspex/faspex_packages # chown -R faspex:faspex /home/faspex/faspex_packages
Launch the desktop application and click Configuration.
In Server Configuration, open the Users tab. Then click the button.
In the Add User dialog that appears, fill in the name "faspex" and click OK; faspex is then added to the user list.
To specify a docroot, make sure faspex is selected in the user list, and click the Docroot tab in the right panel. For the Absolute Path setting, check the Override box, and under Effective Value fill in /Users/faspex/faspex_packages. For the read, write, and browse settings, check the Override boxes and select true.
You can also add and configure the faspex user for Connect Server by modifying aspera.conf, instead of using the application GUI. For details, see Setting Up Users.
The aspera.conf file is found in the following location:
Below is a typical aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Copy any absent portions from the example below. Modify the following settings, as necessary:
<?xml version='1.0' encoding='UTF-8'?> <CONF version="2"> <central_server> <address>127.0.0.1</address> <port>40001</port> <compact_on_startup>enable</compact_on_startup> <persistent_store>enable</persistent_store> <persistent_store_on_error>ignore</persistent_store_on_error> <persistent_store_max_age>86400</persistent_store_max_age> <event_buffer_overrun>block</event_buffer_overrun> </central_server> <default> <file_system> <pre_calculate_job_size>yes</pre_calculate_job_size> </file_system> </default> <aaa> <realms> <realm> <users> <user> <name>faspex</name> <file_system> <access> <paths> <path> <absolute>/home/faspex/faspex_packages</absolute> <show_as>/</show_as> <dir_allowed>true</dir_allowed> </path> </paths> </access> <directory_create_mode>770</directory_create_mode> <file_create_mode>660</file_create_mode> </file_system> <authorization> <transfer> <in> <value>token</value> </in> <out> <value>token</value> </out> </transfer> <token> <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key> </token> </authorization> </user> </users> </realm> </realms> </aaa> <http_server> <http_port>8080</http_port> <enable_http>1</enable_http> <https_port>8443</https_port> <enable_https>1</enable_https> </http_server> <server> <server_name>server_ip_or_name</server_name> </server> </CONF>
After modifying aspera.conf, restart the asperacentral and asperanoded services.
# /etc/init.d/asperacentral restart # /etc/init.d/asperanoded restart
Verify that the transfer server has a valid Faspex-enabled license for Connect Server. To check this from the command line, run ascp -A and review the enabled settings list. For example:
Enabled settings: connect, mobile, cargo, node, proxy, http_fallback_server, group_configuration, shared_endpoints, desktop_gui
If the list includes connect and http_fallback_server, you have a Faspex-enabled server license.
You can also check the license from the Connect Server desktop client GUI. The License dialog (Tools > License) includes the fields Connect Clients Enabled and Http Fallback Server Enabled. If both are set to Yes, you have a Faspex-enabled license.
Because this Faspex configuration uses Connect Server as a remote transfer service, it requires the Aspera Node API. For this reason, whenever you update your Connect Server license (see Updating the Product License), you must reload the asperanoded service afterwards. Reload the asperanoded service by running asnodeadmin, found in the following location:
# /opt/aspera/bin/asnodeadmin --reload
Set up the node user and associate it with the faspex user by running the asnodeadmin command, as in the following example--where node-admin is the node user, s3cur3_p433 is the node user's password, and faspex is the system user. Then run asnodeadmin again to reload asperanoded.
# /opt/aspera/bin/asnodeadmin -a -u node-admin -p s3cur3_p433 -x faspex # /opt/aspera/bin/asnodeadmin --reload
First, locate your Connect key:
Then, create a .ssh folder (if it does not already exist) in the faspex user's home directory:
# mkdir -p /home/faspex/.ssh
Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it:
# cat /opt/aspera/var/aspera_id_dsa.pub >> /home/faspex/.ssh/authorized_keys
Run the following commands to change the key directory and keyfile's ownership to the faspex user, to allow access by the faspex group, and to set permission bits:
# chown -R faspex:faspex /home/faspex/.ssh/authorized_keys # chmod 600 /home/faspex/.ssh/authorized_keys # chmod 700 /home/faspex # chmod 700 /home/faspex/.ssh
Follow the instructions in Aspera Faspex Admin Guide: Transfer Server for configuring your remote transfer server in the Faspex Web GUI under.