A node is a local, remote, or cloud workstation
running an Aspera transfer server product (IBM Aspera Enterprise Server, IBM Aspera
Connect Server). In order to make transfers, FOD
communicates with a node through the Node API. The Node API is a daemon on the
transfer server that offers REST-inspired file operations and a transfer management
API. Aspera web applications authenticate to remote node services using a Node API
username and password. Different nodes may use different Node API username and
password pairs.
When installing Faspex on the same workstation as
the transfer server, Faspex automatically configures the local node's
aspera.conf configuration file and sets up a Node API user
to communicate with the Node API. When installing Faspex on a machine without a
transfer server, you must configure a remote transfer node for use with Faspex and
connect that node to Faspex during the installation process.
Note: The following instructions require you to have administrative privileges.
-
Verify you have installed IBM Aspera Enterprise Server with a
valid Connect Server license on your transfer server.
Run the following
command:
# ascp -A
In the resulting output, look for the following phrase:
Connect Server License max rate
If you need to update your transfer server license, follow the instructions
in IBM Aspera Enterprise Server Admin Guide: Updating Product
License.
-
Create the faspex system user account on the node.
Run the following commands to create the system user
faspex.
# groupadd -r faspex
# useradd -r faspex -g faspex
-
Create and configure the faspex_packages directory.
Run the following commands to create the
faspex_packages directories
and configure the
faspex user directories:
# mkdir -p /home/faspex/faspex_packages
# chown faspex:faspex /home/faspex/
# chown faspex:faspex /home/faspex/faspex_packages
The following steps use the asconfigurator utility to
modify the aspera.conf configuration file, located at
/opt/aspera/etc/aspera.conf.
-
Add the user to aspera.conf and set the
docroot.
Run the following
asconfigurator command with the transfer username and the
docroot
path:
$ asconfigurator -x "set_user_data;user_name,username;absolute,/
docroot/path"
For example:
$ asconfigurator -x "set_user_data;user_name,faspex;absolute,/home/faspex/faspex_packages"
-
Set up token authorization for the user in
aspera.conf.
Run the following
asconfigurator commands to set the
encryption key for the
user:
> asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token"
> asconfigurator -x "set_user_data;user_name,username;authorization_transfer_out_value,token"
> asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"
The encryption key can be any string of numbers. Aspera recommends a string
that is at least 20 characters long. For
example:
> asconfigurator -x "set_user_data;user_name,faspex;authorization_transfer_in_value,token"
> asconfigurator -x "set_user_data;user_name,faspex;authorization_transfer_out_value,token"
> asconfigurator -x "set_user_data;user_name,faspex;token_encryption_key,gj5o930t78m34ejme9dx"
-
Set the IP address or hostname for the node in the
aspera.conf file with the following
asconfigurator command:
# asconfigurator -x "set_server_data;server_name,ip_or_hostname"
For
example:
# asconfigurator -x "set_server_data;server_name,aspera.example.com"
-
Configure the node for HTTP and HTTPS fallback.
The fallback settings on the node must match the
fallback settings on Faspex. If the settings don't match, Faspex returns a
"Package creation failed" error. Set the HTTP and HTTPS ports to the ports
you configured in Faspex. For more information about HTTP fallback, see
Configuring HTTP and HTTPS Fallback.
$ asconfigurator -x "set_http_server_data;enable_http,true"
$ asconfigurator -x "set_http_server_data;http_port,8080"
$ asconfigurator -x "set_http_server_data;enable_https,true"
$ asconfigurator -x "set_http_server_data;https_port,8443"
Restart
the
asperahttpd service by running the following
commands:
# /etc/init.d/asperahttpd restart
-
Set up a transfer user account with a Node API username and
password.
FOD authenticates to the node
machine using a Node API username and password. The following command creates a
Node API user and password and associates it with the system user you created.
Note: Aspera recommends that you use different names for the system user
account and transfer user account in order to minimize confusion when
tracing transactions and events.
-
Run the following commands to set up the Node API user:
# /opt/aspera/bin/asnodeadmin -a -u node_api_username -p node_api_passwd -x system_username
# /opt/aspera/bin/asnodeadmin -a -u node_user -p XF324cd28 -x faspex
-
Run the following command to check the system user was successfully
added to asnodeadmin:
# /opt/aspera/bin/asnodeadmin -l
Given a node user named
node_user and a
system user named
faspex, the result
should be similar to the following
example:
user system/transfer user acls
==================== ======================= ====================
node_user faspex
Adding, modifying, or deleting a
node-user triggers automatic reloading of the user database and the node's
configuration and license files.
-
Install the IBM Aspera Connect Browser Plug-In key.
-
If the .ssh folder does not already exist in the
faspex
system user's home directory, run the following command to create
the folder:
# mkdir -p /home/username/.ssh
For
example:
# mkdir -p /home/faspex/.ssh
-
If the authorized_keys file does not already
exist, add the aspera_id_dsa.pub public key to the
file by running the following command:
# cat /opt/aspera/var/aspera_id_dsa.pub >> /home/username/.ssh/authorized_keys
-
Transfer the .ssh folder and
authorized_keys file ownership to the system
user by running the following commands:
# chown -R username:username /home/username/.ssh
# chmod 600 /home/username /.ssh/authorized_keys
# chmod 700 /home/username
# chmod 700 /home/username /.ssh
The transfer node is now ready for connection to FOD. For instructions on adding a node to FOD, see Adding a Node to Faspex.