Setting Up a Transfer Node for a Linux Node

Aspera's Web applications authenticate to remote node services using a Node API username and password. The Node API credentials can then be used to create nodes. Different nodes may use different Node API username and password pairs.
Note: The following instructions require you to have administrative privileges.
  1. Verify you have installed a valid Shares license on your transfer server.
    # ascp -A
    If you need to update your transfer server license, follow the instructions in the Updating Product License section of the IBM Aspera Enterprise Server Admin Guide.
  2. Create a system user on the node.
    # useradd shares

The following steps require you to modify the aspera.conf file. You can find the aspera.conf file at /opt/aspera/etc/aspera.conf.

  1. Add the user in aspera.conf and set the docroot.
    <user>
        <name>shares</name>
        <file_system>
            <access>
                <paths>
                    <path>
                        <absolute>home/shares</absolute>
                        <read_allowed>true</read_allowed>
                        <write_allowed>true</write_allowed>
                        <dir_allowed>true</dir_allowed>
                    </path>
                </paths>
            </access>
        </file_system>
    </user>
    CAUTION:
    Aspera recommends that you not use spaces in your docroot. If your docroot contains spaces, you may not receive all email notifications relating to transfer activity.
  2. Set up token authorization for the user.
    <user>    
        <authorization>
            <transfer>
                <in>
                    <value>token</value>
                </in>
                <out>
                    <value>token</value>
                </out>
            </transfer>
            <token>
                <encryption_key>gj5o930t78m34ejme9dx</encryption_key>
            </token>
        </authorization>
    <user>
  3. Verify persistent storage is enabled in aspera.conf for use with stats collector.
    In the central_server section, set persistent_store to enable as shown below.
    <central_server>
        <address>127.0.0.1</address>
        <port>40001</port>
        <compact_on_startup>enable</compact_on_startup>
        <persistent_store>enable</persistent_store>
        <persistent_store_on_error>ignore</persistent_store_on_error>
        <persistent_store_max_age>86400</persistent_store_max_age>
        <event_buffer_overrun>block</event_buffer_overrun>
    </central_server>
  4. Restart the Aspera Central service and reload the node configuration.
    # service asperacentral restart
  5. Set up a transfer user with a Node API username and password.
    # /opt/aspera/bin/asnodeadmin -a -u transfer_user -p secure_password -x system_user
    Run the following command to check the system user was successfully added to asnodeadmin:
    # /opt/aspera/bin/asnodeadmin -l
    The result should be similar to the following example:
                    user       system/transfer user                    acls
    ====================    =======================    ====================
               nodeadmin                     shares    []
  6. Install the IBM Aspera Connect Browser Plug-In key. Locate the key in the following location: /opt/aspera/var/aspera_id_dsa.pub.
    Then, run the following commands to create a .ssh folder (if it does not already exist) in the shares user's home directory:
    # mkdir -p /home/shares/.ssh
    Run the following commands to create the keyfile authorized_keys if it does not already exist and append the key text to it:
    # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/shares/.ssh/authorized_keys
    Run the following commands to change the key directory and key's ownership to the shares user:
    # chown shares:shares /home/shares/.ssh
    # chown shares:shares /home/shares/.ssh/authorized_keys
    # chmod 600 /home/shares/.ssh/authorized_keys
    # chmod 700 /home/shares
    # chmod 700 /home/shares/.ssh