Setting Up an OS X Node

A node is a local, remote, or cloud workstation running an Aspera transfer server product (IBM Aspera Enterprise Server, IBM Aspera Connect Server). In order to make transfers, Faspex communicates with a node through the Node API. The Node API is a daemon on the transfer server that offers REST-inspired file operations and a transfer management API. Aspera web applications authenticate to remote node services using a Node API username and password. Different nodes may use different Node API username and password pairs.

When installing Faspex on the same workstation as the transfer server, Faspex automatically configures the local node's aspera.conf configuration file and sets up a Node API user to communicate with the Node API. When installing Faspex on a machine without a transfer server, you must configure a remote transfer node for use with Faspex and connect that node to Faspex during the installation process.

Note: The following instructions require you to have administrative privileges.
  1. Verify you have installed IBM Aspera Enterprise Server with a valid Connect Server license on your transfer server.
    Run the following command:
    # ascp -A
    In the resulting output, look for the following phrase: 
    Connect Server License max rate

    If you need to update your transfer server license, follow the instructions in IBM Aspera Enterprise Server Admin Guide: Updating Product License.

  2. Create the faspex system admin account on the node.
    1. Go to System Preferences # Users & Groups.
    2. Click the lock button and enter your admin credentials to make changes.
    3. Click the add button.
    4. Name the user faspex.
    5. Select Administrator from the New Account drop-down menu.
    6. Name the account.
    7. Enter and verify a password for the account.
    8. Click Create User.
    9. Click Login Options in the users panel.
    10. Click the Join button next to Network Account Server.
    11. Click Open Directory Utility.
    12. In the Directory Utility window, click the lock button and enter an administrator account and password to make changes.
    13. From the menu bar, select Edit # Enable Root User.
    14. Enter and verify the password.
    15. Click OK.

The following steps use the asconfigurator utility to modify the aspera.conf configuration file, located at: 

/Library/Aspera/etc/aspera.conf

  1. Add the user to aspera.conf and set the docroot.
    The directory you choose for the docroot is the absolute path for the transfer user. When this node is added to Faspex, users cannot access files or folders outside of the docroot.
    CAUTION:
    Aspera recommends that you not use spaces in your docroot. If your docroot contains spaces, you may not receive all email notifications relating to transfer activity.
    Run the following asconfigurator command with the transfer username and the docroot path:
    # asconfigurator -x "set_user_data;user_name,username;absolute,/
                        docroot/path"
    For example: 
    # asconfigurator -x "set_user_data;user_name,faspex;absolute,/home/faspex/faspex_packages"
  2. Set up token authorization for the user in aspera.conf.
    Run the following asconfigurator commands to set the encryption key for the user:
    # asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,allow"
# asconfigurator -x "set_user_data;user_name,username;authorization_transfer_out_value,allow"
# asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"
    The encryption key can be any string of numbers. Aspera recommends a string that is at least 20 characters long. For example:
    # asconfigurator -x "set_user_data;user_name,faspex;authorization_transfer_in_value,allow"
# asconfigurator -x "set_user_data;user_name,faspex;authorization_transfer_out_value,allow"
# asconfigurator -x "set_user_data;user_name,faspex;token_encryption_key,gj5o930t78m34ejme9dx"
  3. Set the IP address or hostname for the node in the aspera.conf file with the following asconfigurator command: 
    # asconfigurator -x "set_server_data;server_name,ip_or_hostname"

    For example:

    # asconfigurator -x "set_server_data;server_name,aspera.example.com"
  4. Configure the node for HTTP and HTTPS fallback.

    The fallback settings on the node must match the fallback settings on Faspex. If the settings don't match, Faspex returns a "Package creation failed" error. Set the HTTP and HTTPS ports to the ports you configured in Faspex. For more information about HTTP fallback, see Configuring HTTP and HTTPS Fallback.

    # asconfigurator -x "set_http_server_data;enable_http,true"
# asconfigurator -x "set_http_server_data;http_port,8080"
# asconfigurator -x "set_http_server_data;enable_https,true"
# asconfigurator -x "set_http_server_data;https_port,8443"
    Restart the asperahttpd service by running the following commands:
    # sudo launchctl stop com.aspera.asperahttpd
# sudo launchctl start com.aspera.asperahttpd
  5. Set up a transfer user account with a Node API username and password.
    Faspex authenticates to the node machine using a Node API username and password. The following command creates a Node API user and password and associates it with the system user you created.
    Note: Aspera recommends that you use different names for the system user account and transfer user account in order to minimize confusion when tracing transactions and events.
    1. Run the following commands to set up the Node API user: 
      # /Library/Aspera/bin/asnodeadmin -a -u node_api_username -p node_api_passwd -x system_username 
      # /Library/Aspera/bin/asnodeadmin -a -u node_user -p XF324cd28 -x faspex
    2. Run the following command to check the system user was successfully added to asnodeadmin: 
      # /Library/Aspera/bin/asnodeadmin -l
      Given a node user named node_user and a system user named faspex, the result should be similar to the following example:
                      user       system/transfer user                    acls
====================    =======================    ====================
           node_user                  faspex
    Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files.
  6. Set up the transfer user account as a user in Enterprise Server, if it is not already configured.
    For more information on adding users, see the IBM Aspera Enterprise Server Admin Guide: Setting Up Users.
The transfer node is now ready for connection to Faspex.