Lyve Cloud S3 Storage Resources Guide
Lyve Cloud S3 Storage Resources 

このコンテンツは役に立ちましたか?

メニューを開く メニューを閉じる

Lyve Cloud with IBM Aspera HSTS Server and Desktop

IBM Aspera HSTS Server and License installation

Packages required

  • ibm-aspera-hsts-4.4.3.891-linux-64-release.rpm
  • ibm-aspera-hsts-4.4.3-linux64-public-key.pgp.zip
  • 85703-AsperaEnterprise-unlim.eval.aspera-license

Installation

  1. Import the PGP key:

# cd <path_of_the_.pgp_file>
# sudo unzip ibm-aspera-hsts-4.4.3-linux64-public-key.pgp.zip
# sudo rpm --import ibm-aspera-hsts-4.4.3-linux64-public-key.pgp

 Note—If the unzip command does not work, install the package by running sudo yum install unzip.
  1. Run the HSTS Server installer:

# cd <path_of_the_installer_file>
# sudo rpm -ivh ibm-aspera-hsts-4.4.3.891-linux-64-release.rpm

warning: ibm-aspera-hsts-4.4.3.891-linux-64-release.rpm: Header V4 RSA/SHA256 Signature, key ID 90770d18: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:aspera-entsrv-4.4.3.891-1        ################################# [100%]
systemd enabled       
  1. Install Dumper-perl& MD5-perl. The Digest::MD5 module allows you to use the RSA Data Security Inc. MD5 Message Digest algorithm from within Perl programs.

# sudo yum install perl-Digest-MD5
# sudo yum install perl-Data-Dumper

Once Installation completed, the license can be activated.

  1. Check the current license file:

# cd <path_of_the_license_file>
# base64 -d 85703-AsperaEnterprise-unlim.eval.aspera-license

<?xml version="1.0" encoding="UTF-8"?>
<license version="1">
  <!-- Void if modified -->
  <product_id>10</product_id>
  <customer_id>1</customer_id>
  <license_id>85703</license_id>
  <expiration_date>2024-03-31</expiration_date>
  <maximum_bandwidth>unlimited</maximum_bandwidth>
  <accounts>unlimited</accounts>
  <unique_concurrent_logins>unlimited</unique_concurrent_logins>
  <connect_enabled>yes</connect_enabled>
  <mobile_enabled>yes</mobile_enabled>
  <cargo_enabled>yes</cargo_enabled>
  <node_enabled>yes</node_enabled>
  <drive_enabled>yes</drive_enabled>
  <http_fallback_server_enabled>yes</http_fallback_server_enabled>
  <group_configuration_enabled>yes</group_configuration_enabled>
  <shared_endpoints_enabled>yes</shared_endpoints_enabled>
  <desktop_gui_enabled>yes</desktop_gui_enabled>
  <stream_enabled>yes</stream_enabled>
  <sync2>
    <enabled>yes</enabled>
    <direction>bidi</direction>
    <maximum_files>unlimited</maximum_files>
  </sync2>
  <watchfolder>
    <enabled>yes</enabled>
    <growing_files>yes</growing_files>
    <file_lists>yes</file_lists>
  </watchfolder>
</license>==SIGNATURE==
WLrYjcAq7/0ZOt42+96o0xRI1hzqRRssXuME+nxBL56zJwg00GN/BCtPU8sO
v+DkWufzWpRoSNbCJ1pwZqQyqlrNq1Z42vmlz7VNuWJNa2Cb8kTR/SgZr1gm
SdQzizyATQW0dYpbCxXs7O8RJjUynhmZd+k4MS1plALQ6MP5kmz6+NTcwUSo
5f+iffbKJ5W+3tD6dHIMOIyJDY1BRaayXjAjakyIIZtkfGl6MQtP7ya0uyF7
0X5Kv7ybzjckfm4XdAJ2aZ4kCMyNS1Ayhxlxb7h/0blVRDWUpB9IWH2hiOrI
DLXRMf+cRROkeC9fZIJqBv6GPTFpYO6pDDvB57JhEg==       
  1. Create a license file “aspera-license” under “/opt/aspera/etc”:

# cd /opt/aspera/etc
# sudo touch aspera-license

  1. Copy and paste your license key string into “aspera-license”, and then save and close the file.

# sudo cp /home/centos/aspera/85703-AsperaEnterprise-unlim.eval.aspera-license asper-license

  1. Verify the license information:

# ascp -A

IBM Aspera High-Speed Transfer Server version 4.4.3.891
ascp version 4.4.3.891 ecd7192
Operating System: Linux
FIPS 140-2-validated crypto ready to configure
AES-NI Supported
Connect Server License max rate=(unlimited), account no.=1, license no.=85703. Expiration date: Mon Apr  1 06:59:59 2024
Enabled settings: connect, mobile, cargo, node, drive, http_fallback_server, group_configuration, shared_endpoints, desktop_gui, stream and sync2       

SSH configuration

  1. Open “sshd_config” file and make the following changes:

AllowTcpForwarding no AllowAgentForwarding no
PubkeyAuthentication yes
PasswordAuthentication yes
port 33001

 Note—Do not comment/remove port 22 for now. Let it be open.
  1. Restart the sshd service:

# sudo systemctl restart sshd.service

  1. Verify that port 33001 is now listening:

# netstat -na |grep 33001

tcp        0      0 0.0.0.0:33001           0.0.0.0:*               LISTEN
tcp        0      0 10.0.10.242:33001       125.20.120.90:52332     ESTABLISHED
tcp        0      0 10.0.10.242:33001       125.20.120.90:57615     ESTABLISHED
tcp        0      0 10.0.10.242:33001       14.194.8.182:62305      ESTABLISHED
tcp6       0      0 :::33001                :::*         
    
==========================================================================================================  

Add user (test aspera)

# useradd test_aspera
# sudo chsh -s /bin/aspshell test_aspera

Changing shell for test_aspera.
chsh: Warning: "/bin/aspshell" is not listed in /etc/shells.
Shell changed.  

# su test_aspera

Password:

Setting up a user's public key on the server:  

# sudo mkdir /home/test_aspera/.ssh
# sudo chown test_aspera:test_aspera /home/test_aspera/.ssh
# sudo chmod 700 /home/test_aspera/.ssh
# sudo touch /home/test_aspera/.ssh/authorized_keys
# sudo chown test_aspera:test_aspera /home/test_aspera/.ssh/authorized_keys
# sudo chmod 600 /home/test_aspera/.ssh/authorized_keys

Set global and user-specific transfer settings

Global

# sudo asconfigurator -x "set_node_data;authorization_transfer_in_value,deny"
# sudo asconfigurator -x "set_node_data;authorization_transfer_out_value,deny"

User-specific (test_aspera)

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;authorization_transfer_in_value,allow"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;authorization_transfer_out_value,allow"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;absolute,s3:// s3.us-west-1.sv15.lyve.seagate.com/aspera-test-bucket"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_in_bandwidth_flow_target_rate_cap,unlimited"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_out_bandwidth_flow_target_rate_cap,unlimited"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_in_bandwidth_flow_target_rate_default,96000"

success
user_name: test_aspera  

# sudo asconfigurator -x "set_user_data;user_name,test_aspera;transfer_out_bandwidth_flow_target_rate_default,96000"

success
user_name: test_aspera  

After setting the global and user-specific transfer settings, restart the noded service to activate your changes. Run the following commands to restart asperanoded:

# sudo systemctl restart asperanoded

Set up Trapd

Trapd is disabled by default in HSTS, however it can be enabled by running the following  command:

# /opt/aspera/bin/astrap-config.sh enable

S3.properties configuration for object storage class

  1. Open the “/opt/aspera/etc/trapd/s3.properties” file and make the following changes:

s3service.https-only=true
s3service.s3-endpoint=test.lyvecloud.com
s3service.s3-endpoint-https-port=443
s3service.disable-dns-buckets=true
s3service.use-path-style-url=true

  1. Restart the trapd service:

# sudo systemctl restart asperatrapd