Lyve Cloud S3 Storage Resources Guide
Lyve Cloud S3 Storage Resources 

Heeft deze informatie u geholpen?

MENU OPENEN MENU SLUITEN

Lyve Cloud with IBM Aspera HSTS Server and Desktop

IBM Aspera HSTS Server and License installation

Packages required

  • ibm-aspera-hsts-4.4.3.891-linux-64-release.rpm
  • ibm-aspera-hsts-4.4.3-linux64-public-key.pgp.zip
  • 85703-AsperaEnterprise-unlim.eval.aspera-license

Installation

  1. Import the PGP key:

# cd <path_of_the_.pgp_file>
# sudo unzip ibm-aspera-hsts-4.4.3-linux64-public-key.pgp.zip
# sudo rpm --import ibm-aspera-hsts-4.4.3-linux64-public-key.pgp

 Note—If the unzip command does not work, install the package by running sudo yum install unzip.
  1. Run the HSTS Server installer:

# cd <path_of_the_installer_file>
# sudo rpm -ivh ibm-aspera-hsts-4.4.3.891-linux-64-release.rpm

warning: ibm-aspera-hsts-4.4.3.891-linux-64-release.rpm: Header V4 RSA/SHA256 Signature, key ID 90770d18: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:aspera-entsrv-4.4.3.891-1        ################################# [100%]
systemd enabled       
  1. Install Dumper-perl& MD5-perl. The Digest::MD5 module allows you to use the RSA Data Security Inc. MD5 Message Digest algorithm from within Perl programs.

# sudo yum install perl-Digest-MD5
# sudo yum install perl-Data-Dumper

Once Installation completed, the license can be activated.

  1. Check the current license file:

# cd <path_of_the_license_file>
# base64 -d 85703-AsperaEnterprise-unlim.eval.aspera-license

<?xml version="1.0" encoding="UTF-8"?>
<license version="1">
  <!-- Void if modified -->
  <product_id>10</product_id>
  <customer_id>1</customer_id>
  <license_id>85703</license_id>
  <expiration_date>2024-03-31</expiration_date>
  <maximum_bandwidth>unlimited</maximum_bandwidth>
  <accounts>unlimited</accounts>
  <unique_concurrent_logins>unlimited</unique_concurrent_logins>
  <connect_enabled>yes</connect_enabled>
  <mobile_enabled>yes</mobile_enabled>
  <cargo_enabled>yes</cargo_enabled>
  <node_enabled>yes</node_enabled>
  <drive_enabled>yes</drive_enabled>
  <http_fallback_server_enabled>yes</http_fallback_server_enabled>
  <group_configuration_enabled>yes</group_configuration_enabled>
  <shared_endpoints_enabled>yes</shared_endpoints_enabled>
  <desktop_gui_enabled>yes</desktop_gui_enabled>
  <stream_enabled>yes</stream_enabled>
  <sync2>
    <enabled>yes</enabled>
    <direction>bidi</direction>
    <maximum_files>unlimited</maximum_files>
  </sync2>
  <watchfolder>
    <enabled>yes</enabled>
    <growing_files>yes</growing_files>
    <file_lists>yes</file_lists>
  </watchfolder>
</license>==SIGNATURE==
WLrYjcAq7/0ZOt42+96o0xRI1hzqRRssXuME+nxBL56zJwg00GN/BCtPU8sO
v+DkWufzWpRoSNbCJ1pwZqQyqlrNq1Z42vmlz7VNuWJNa2Cb8kTR/SgZr1gm
SdQzizyATQW0dYpbCxXs7O8RJjUynhmZd+k4MS1plALQ6MP5kmz6+NTcwUSo
5f+iffbKJ5W+3tD6dHIMOIyJDY1BRaayXjAjakyIIZtkfGl6MQtP7ya0uyF7
0X5Kv7ybzjckfm4XdAJ2aZ4kCMyNS1Ayhxlxb7h/0blVRDWUpB9IWH2hiOrI
DLXRMf+cRROkeC9fZIJqBv6GPTFpYO6pDDvB57JhEg==       
  1. Create a license file “aspera-license” under “/opt/aspera/etc”:

# cd /opt/aspera/etc
# sudo touch aspera-license

  1. Copy and paste your license key string into “aspera-license”, and then save and close the file.

# sudo cp /home/centos/aspera/85703-AsperaEnterprise-unlim.eval.aspera-license asper-license

  1. Verify the license information:

# ascp -A

IBM Aspera High-Speed Transfer Server version 4.4.3.891
ascp version 4.4.3.891 ecd7192
Operating System: Linux
FIPS 140-2-validated crypto ready to configure
AES-NI Supported
Connect Server License max rate=(unlimited), account no.=1, license no.=85703. Expiration date: Mon Apr  1 06:59:59 2024
Enabled settings: connect, mobile, cargo, node, drive, http_fallback_server, group_configuration, shared_endpoints, desktop_gui, stream and sync2       

SSH configuration

  1. Open “sshd_config” file and make the following changes:

AllowTcpForwarding no AllowAgentForwarding no
PubkeyAuthentication yes
PasswordAuthentication yes
port 33001

 Note—Do not comment/remove port 22 for now. Let it be open.
  1. Restart the sshd service:

# sudo systemctl restart sshd.service

  1. Verify that port 33001 is now listening:

# netstat -na |grep 33001

tcp        0      0 0.0.0.0:33001           0.0.0.0:*               LISTEN
tcp        0      0 10.0.10.242:33001       125.20.120.90:52332     ESTABLISHED
tcp        0      0 10.0.10.242:33001       125.20.120.90:57615     ESTABLISHED
tcp        0      0 10.0.10.242:33001       14.194.8.182:62305      ESTABLISHED
tcp6       0      0 :::33001                :::*         
    
==========================================================================================================  

Add user (test aspera)

# useradd test_aspera
# sudo chsh -s /bin/aspshell test_aspera

Changing shell for test_aspera.
chsh: Warning: "/bin/aspshell" is not listed in /etc/shells.
Shell changed.  

# su test_aspera

Password:

Setting up a user's public key on the server:  

# sudo mkdir /home/test_aspera/.ssh
# sudo chown test_aspera:test_aspera /home/test_aspera/.ssh
# sudo chmod 700 /home/test_aspera/.ssh
# sudo touch /home/test_aspera/.ssh/authorized_keys
# sudo chown test_aspera:test_aspera /home/test_aspera/.ssh/authorized_keys
# sudo chmod 600 /home/test_aspera/.ssh/authorized_keys

Set global and user-specific transfer settings

Global

# sudo asconfigurator -x "set_node_data;authorization_transfer_in_value,deny"
# sudo asconfigurator -x "set_node_data;authorization_transfer_out_value,deny"

User-specific (test_aspera)

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;authorization_transfer_in_value,allow"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;authorization_transfer_out_value,allow"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;absolute,s3:// s3.us-west-1.sv15.lyve.seagate.com/aspera-test-bucket"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_in_bandwidth_flow_target_rate_cap,unlimited"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_out_bandwidth_flow_target_rate_cap,unlimited"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_in_bandwidth_flow_target_rate_default,96000"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_out_bandwidth_flow_target_rate_default,96000"

success
user_name: test_aspera  

After setting the global and user-specific transfer settings, restart the noded service to activate your changes. Run the following commands to restart asperanoded:

# sudo systemctl restart asperanoded

Set up Trapd

Trapd is disabled by default in HSTS, however it can be enabled by running the following  command:

# /opt/aspera/bin/astrap-config.sh enable

S3.properties configuration for object storage class

  1. Open the “/opt/aspera/etc/trapd/s3.properties” file and make the following changes:

s3service.https-only=true
s3service.s3-endpoint=test.lyvecloud.com
s3service.s3-endpoint-https-port=443
s3service.disable-dns-buckets=true
s3service.use-path-style-url=true

  1. Restart the trapd service:

# sudo systemctl restart asperatrapd