Web application entitlement feature

Aspera highly recommends users to take advantage of our pre-configured images available in AWS or SoftLayer, as these are more reliable and easier to configure. If you must install the software on AWS or SoftLayer manually, ensure you have the supported versions of each.


This article is available for customers who are manually installing Aspera web applications, for use in Aspera on Demand and need to use an On Demand Entitlement. Please note that in order for the Aspera web applications (Faspex, Shares and Console)to use the entitlement system, it is necessary to have the Enterprise Server installed on the same system.  The Aspera Enterprise Server package provides the 'Asperanoded' service which provides a license API for the web applications.   There are also instructions available for enabling entitlement for your Aspera Enterprise Server here.

As of June 2014, Shares 1.7.3, Faspex 3.7.8 and Console 2.3.2 can use entitlements, rather than a perpetual license. This feature is used in all On Demand products to simplify the entitlement process. This article covers some of the basic background information on how this to set and unset this feature.


Faspex: How to enable and disable entitlement feature

You must log on to the server as root.

How to turn entitlement on:

# export RAILS_ENV=production
# asctl faspex:rake entitlement:turn_safe_net_entitlement_mode_on

How to turn entitlement off: 

# export RAILS_ENV=production
# asctl faspex:rake entitlement:turn_safe_net_entitlement_mode_off 

How to entitle the system via the command line: 

# export RAILS_ENV=production
# asctl faspex:rake --trace entitlement:config_license_server EL_KEY="cd0904ae-f85a-4e3b-8ae0-615d79e5dea1" EL_CUSTOMER_ID="Test"

Note 1: --trace is not required, but helpful for debugging any issues.

Note 2: This step will only work if entitlement mode is turned on. Please see details above.

Shares: How to enable and disable entitlement feature

Shares comes with a wrapper utility, so you can turn the feature on and off with one command line call. 

To turn on shares entitlement: 

# /opt/aspera/shares/u/shares/bin/run rake aspera:ami:entitlement:license_mode_on
Note: You can also use aspera:ami:enable (old rake task which will also turn on license mode on)

To turn off shares entitlement:

# /opt/aspera/shares/u/shares/bin/run rake aspera:ami:entitlement:license_mode_off

To entitle the web application via the command line (NOTE: you must substituted a valid customer ID and entitlement key):

# /opt/aspera/shares/u/shares/bin/run rake aspera:ami:entitlement:config_license_server EL_KEY="cd0904ae-f85a-4e3b-8ae0-615d79e5dea1" EL_CUSTOMER_ID="Test"

Console: How to enable and disable entitlement feature

# cd /opt/aspera/console/
# export RAILS_ENV=production
# export PATH=/opt/aspera/common/ruby/bin:$PATH

How to turn on entitlement:

# rake --trace aspera:ami:entitlement:license_mode_on

How to turn off entitlement:

# rake --trace aspera:ami:entitlement:license_mode_off

Note: Console will now contact the local aspera node for license information. Please restart console to enable the license poller.

# asctl console:restart

How to entitle via the command line:

# rake --trace aspera:ami:entitlement:config_license_server EL_KEY="cd0904ae-f85a-4e3b-8ae0-615d79e5dea1" EL_CUSTOMER_ID="Test"
If you have a unique node user or password, and want to map console to use a specific node users / password, then the command looks like this:

# rake --trace aspera:ami:entitlement:config_license_server EL_KEY="cd0904ae-f85a-4e3b-8ae0-615d79e5dea1" EL_CUSTOMER_ID="Test" EL_NODE_USERNAME="YOUR_NODE_USER" EL_NODE_PASSWORD="YOUR_NODE_PASSWORD"

 If you need to reset this node users password, it can be done as follows

/opt/aspera/bin/asnodeadmin --internal -m -u YOUR_NODE_USER -p YOUR_NODE_PASSWORD
If you're on Console 3.0.6 a specific AMI setting in the console database must be set, which you can do with following rake task:
/opt/aspera/common/ruby/bin/rake --trace aspera:ami:init

Privilege node user management

The asperanoded service now supports the concept of acls, a.k.a 'internal' users.  The acl was designed to give applications like Faspex, Shares, and Console privileged access to asperanoded service to obtain information about licensing. This section describe how to interact with those users.

For the most part, you do not need to worry about 'internal' node users.  The applications (Shares, Faspex, Console) will create them automatically if they need them. The details below is just for your information.

Listing 'internal' node users

[root@ip-10-41-9-150 faspex]# /opt/aspera/bin/asnodeadmin --internal -l
List of node user(s):
                 user      system/transfer user                    acls
====================    =======================    ====================
     f_el_1403206014        f_el_1403206014_sys    [internal]
      8NrAyQe/r0rqTL                     faspex    []
       faspex_source              faspex_source    []

Creating 'internal' node users

To create an internal user, you need to use two new options: --internal and --add-acl. Here is an example:

# asnodeadmin --internal -a -u USER -p PASSWORD -x SYSTEM_USER --acl-add internal --internal

Deleting 'internal' node users

# /opt/aspera/bin/asnodeadmin --internal -d -u foo
Powered by Zendesk