Configuring a Remote Transfer-Server Node

Follow the steps below to set up a remote transfer-server node for IBM Aspera Shares.

Important: Note that all steps must be performed on the remote machine (transfer server), as the root user.
  1. Set up the Node API.
    The Node API must be set up in the IBM Aspera Enterprise Server for Shares to communicate with the remote machine. Refer to the Node API Setup section in the Managing the Node API section of the IBM Aspera Enterprise Server Administrator's Guide for instructions on how to set up the Node API in Enterprise Server.
  2. Create the system user "shares".

    This is the user who authenticates the actual ascp transfer, and must be an operating system account. Run the following commands to create the system user "shares".

    # /usr/sbin/groupadd -r shares
    # /usr/sbin/useradd -r shares -s /bin/aspshell-r -g shares
  3. Create and configure the "shares" package directory.
    Run the following commands to configure the "Shares" directory /home/shares/ and the shares_packages subdirectory:
    # mkdir -p /home/shares/shares_packages
    # chown shares:shares /home/shares/
    # chown shares:shares /home/shares/shares_packages 
  4. Configure aspera.conf.

    Add the shares package directory as a docroot in aspera.conf. The aspera.conf file can be found in the following location:

    /opt/aspera/etc/aspera.conf

    Below is a typical Shares aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Modify the following, as necessary:

    • In the file below, look for the <absolute> tag to see how the docroot has been defined in this installation, and adjust yours accordingly.
    • Look for the <server_name> tag below, and ensure that SERVER_IP_OR_NAME has been replaced with the name or IP address of your server.
    • In the <central_server> section, set <persistent_store> to enable as shown below. Shares 3.5+ requires persistent storage to be enabled. By default, <persistent_store> is disabled (not set).

    <?xml version='1.0' encoding='UTF-8'?>
    <CONF version="2"> 
    
    <central_server>
      <address>127.0.0.1</address>
      <port>40001</port>
      <compact_on_startup>enable</compact_on_startup>
      <persistent_store>enable</persistent_store>
      <persistent_store_on_error>ignore</persistent_store_on_error>
      <persistent_store_max_age>86400</persistent_store_max_age>
      <event_buffer_overrun>block</event_buffer_overrun>
    </central_server>
    <default>
      <file_system>
        <pre_calculate_job_size>yes</pre_calculate_job_size>
      </file_system>
    </default>
    <aaa>
      <realms>
        <realm>
          <users>
            <user>
              <name>shares</name>
              <file_system>
                <access>
                  <paths>
                    <path>
                      <absolute>/home/shares/shares_packages</absolute>
                      <show_as>/</show_as>
                      <dir_allowed>true</dir_allowed>
                    </path>
                  </paths>
                </access>
                <directory_create_mode>770</directory_create_mode>
                <file_create_mode>660</file_create_mode>
              </file_system>
              <authorization>
                <transfer>
                  <in>
                    <value>token</value>
                  </in>
                  <out>
                    <value>token</value>
                  </out>
                </transfer>
                <token>
                  <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key>
                </token>
              </authorization>
            </user>
          </users>
        </realm>
      </realms>
    </aaa>
    <http_server>
      <http_port>8080</http_port>
      <enable_http>1</enable_http>
      <https_port>8443</https_port>
      <enable_https>1</enable_https>
    </http_server>
    <server>
      <server_name>SERVER_IP_OR_NAME</server_name>
    </server>
    </CONF>

    After modifying aspera.conf, restart Aspera Central and Aspera NodeD services.

    # /etc/init.d/asperacentral restart
    # /etc/init.d/asperanoded restart
  5. Verify you have installed a valid Shares license on your transfer server.

    If you need to update your transfer server license (by following the instructions in the Updating Product License section of the Enterprise Server Admin Guide), you must reload the asperanoded service afterwards. Reload the asperanoded service by running asnodeadmin.exe, found in the following location:

    # /opt/aspera/bin/asnodeadmin --reload 
  6. Set up the node user.

    Run the following commands to set up the node user (where "node-admin" is the node user, "s3cur3_p433" is his password and "shares" is the system user), and then reload asperanoded.

    # /opt/aspera/bin/asnodeadmin -a -u node-admin -p s3cur3_p433 -x shares
    # /opt/aspera/bin/asnodeadmin --reload 
  7. Install the Aspera Connectâ„¢ key.

    First, locate your Aspera Connect key as follows:

    /opt/aspera/var/aspera_id_dsa.pub
    Then, run the following commands to create a .ssh folder (if it does not already exist) in the shares user's home directory:
    # mkdir -p /home/shares/.ssh
    Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it:
    # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/shares/.ssh/authorized_keys
    Run the following commands to change the key directory and keyfile's ownership to the shares user and set permission bits:
    # chown shares:shares /home/shares/.ssh  
    # chown shares:shares /home/shares/.ssh/authorized_keys
    # chmod 600 /home/shares/.ssh/authorized_keys
    # chmod 700 /home/shares
    # chmod 700 /home/shares/.ssh
  8. Set up token authorization.
    Refer to the Setting Up Token Authorization topic in the Aspera Enterprise Server Administrator's Guide.