Setting Up a Linux Node

A node is any server running IBM Aspera High-Speed Transfer Server. Aspera web applications, such as IBM Aspera Faspex, communicate with a node through the IBM Aspera Node API. When a node is added to Faspex, it is called a tethered node.

The instructions below assume you have already installed HSTS on your server. For instructions on installing IBM Aspera High-Speed Transfer Server Admin Guide: Installing HSTS.

  1. Aspera recommends setting up the node as the root user. If you do not have access to the root user, you must give the current system user permissions to make changes to the /opt/aspera/etc/aspera.conf configuration file.
    Change ownership of the aspera.conf file to the current system user:
    # chown system_user:root /opt/aspera/etc/aspera.conf
  2. Verify that the node is running IBM Aspera High-Speed Transfer Server with a valid Connect Server license on your transfer server:
    Run the following command:
    # ascp -A
    In the resulting output, look for the following phrase: 
    Connect Server License max rate

    If you need to update your transfer server license, follow the instructions in IBM Aspera Enterprise Server Admin Guide: Updating Product License.

  3. Create the faspex system user account on the node.
    Run the following commands to create the system user faspex.
    # groupadd -r faspex
# useradd -r faspex -g faspex
  4. Create and configure the faspex_packages directory.
    Run the following commands to create the faspex_packages directories and configure the faspex user directories: 
    # mkdir -p /home/faspex/faspex_packages
# chown faspex:faspex /home/faspex/
# chown faspex:faspex /home/faspex/faspex_packages

The asconfigurator utility modifies the aspera.conf configuration file, located at: /opt/aspera/etc/aspera.conf.

  1. Add the user to aspera.conf and set the docroot.
    The directory you choose for the docroot is the absolute path for the transfer user. When this node is added to Faspex, users cannot access files or folders outside of the docroot.
    CAUTION:
    Aspera recommends that you not use spaces in your docroot. If your docroot contains spaces, you may not receive all email notifications relating to transfer activity.
    Run the following asconfigurator command with the transfer username and the docroot path:
    # asconfigurator -x "set_user_data;user_name,username;absolute,/docroot/path"
    For example: 
    # asconfigurator -x "set_user_data;user_name,faspex;absolute,/home/faspex/faspex_packages"
  2. Set up token authorization for the user in aspera.conf.
    Run the following asconfigurator commands to set the encryption key for the user:
    # asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,allow"
# asconfigurator -x "set_user_data;user_name,username;authorization_transfer_out_value,allow"
# asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"
    The encryption key can be any string of numbers. Aspera recommends a string that is at least 20 characters long. For example:
    # asconfigurator -x "set_user_data;user_name,faspex;authorization_transfer_in_value,allow"
# asconfigurator -x "set_user_data;user_name,faspex;authorization_transfer_out_value,allow"
# asconfigurator -x "set_user_data;user_name,faspex;token_encryption_key,gj5o930t78m34ejme9dx"
  3. Set the IP address or hostname for the node in the aspera.conf file with the following asconfigurator command: 
    # asconfigurator -x "set_server_data;server_name,ip_or_hostname"
    For example:
    # asconfigurator -x "set_server_data;server_name,aspera.example.com"
  4. Configure the node for HTTP and HTTPS fallback.

    The fallback settings on the node must match the fallback settings on Faspex. If the settings don't match, Faspex returns a "Package creation failed" error. Set the HTTP and HTTPS ports to the ports you configured in Faspex. For more information about HTTP fallback, see Configuring HTTP and HTTPS Fallback.

    $ asconfigurator -x "set_http_server_data;enable_http,true"
$ asconfigurator -x "set_http_server_data;http_port,8080"
$ asconfigurator -x "set_http_server_data;enable_https,true"
$ asconfigurator -x "set_http_server_data;https_port,8443"
    Restart the asperahttpd service by running the following commands:
    # /etc/init.d/asperahttpd restart
  5. Configure a HSTS transfer user account with a Node API username and password.

    Faspex communicates to the HSTS transfer user account through the Node API to start transfers on the node.

    For instructions on adding users to HSTS, see the IBM Aspera High-Speed Transfer Server Admin Guide: Setting Up Users.

    1. Set up the Node API user: 
      # /opt/aspera/bin/asnodeadmin -a -u node_api_username -p node_api_passwd -x system_username
      Note: Aspera recommends that you use different names for the system user account and transfer user account in order to minimize confusion when tracing transactions and events.
      For example:
      # /opt/aspera/bin/asnodeadmin -a -u node_user -p XF324cd28 -x faspex
    2. Run the following command to check the system user was successfully added to asnodeadmin: 
      # /opt/aspera/bin/asnodeadmin -l
      Given a node user named node_user and a system user named faspex, the result should be similar to the following example:
                      user       system/transfer user                    acls
====================    =======================    ====================
           node_user                  faspex
  6. Copy the IBM Aspera Connect public key to authorized_keys to allow Connect to connect to Faspex.
    1. If the .ssh folder does not already exist in the faspex system user's home directory, run the following command to create the folder: 
      # mkdir -p /home/username/.ssh
      For example:
      # mkdir -p /home/faspex/.ssh
    2. If the authorized_keys file does not already exist, add the aspera_tokenauth_id_rsa.pub public key to the file by running the following command: 
      # cat /opt/aspera/var/aspera_tokenauth_id_rsa.pub >> /home/username/.ssh/authorized_keys
    3. Transfer the .ssh folder and authorized_keys file ownership to the system user by running the following commands: 
      # chown -R username:username /home/username/.ssh
# chmod 600 /home/username /.ssh/authorized_keys
# chmod 700 /home/username
# chmod 700 /home/username /.ssh
You can now add this node to Faspex.