Aspera

 View Only
  • 1.  SOAP API call for a file transfer

    Posted Sat October 19, 2024 10:20 PM

    I'm running Aspera Enterprise Server 4.4.3 on Rocky 9 and ran into an issue when using the SOAP API call to transfer a file.  The issue is the file cannot be read or get a "stat", according to the log file, to be transferred.  The directories and file are not readable by everyone for permissions.  If I run the ascp command manually from the CLI as root, it works.  I know I can just change the UMASK and the permissions on all directories and files to be readable by everyone, but would rather not due to security.  Does anyone know which user the ascp is executed by when the server receives a SOAP API call?  The log also shows a userid = 0, which is root, but if that was the case, this would work.  If I knew the user, I could add it to the group that owns the files/directories and it should work.

    On an older version of Aspera, 3.9.6, it works with the same file/directory permissions.  Both the servers are connected to the same NAS.



    ------------------------------
    Jeremy Meissner
    ------------------------------


  • 2.  RE: SOAP API call for a file transfer

    Posted Mon October 21, 2024 03:35 AM

    Hi Jeremy,

    I think the SOAP calls are executed by the daemon named : asperacentral

    Since 4.x it is run under user: asperadaemon

    Note that the SOAP API is deprecated and it is recommended to use the REST API instead.

    (The REST API has a mechanism ensuring that a transfer is executed as the right user in /ops/transfers)

    You can check relatively easily on the HSTS which user runs ascp yourself if you have access to the HSTS (I do that from time to time for some verifications):

    • method 1: in a terminal run: while :;do ps -ef|grep ascp|grep -v grep;done : this will display the ascp command and the user running it as soon as it is executed.
    • method 2:

    cd /opt/aspera/bin

    mv ascp ascp.bin

    cat<<EOF>ascp

    #!/usr/bin/bash

    env >> /tmp/ascp.info

    id >> /tmp/ascp.info

    exec $0.bin "${@}"

    EOF

    chmod a+x ascp

    This replaces the ascp executable with a script that will eventually run it, but in the meantime you have the possibility to extract the information you want.

    Of course after testing, replace the original ascp.

    Just for curiosity: is there a specific reason why you want to the legacy SOAP API instead of the newer REST API ?



    ------------------------------
    Laurent Martin
    ------------------------------



  • 3.  RE: SOAP API call for a file transfer

    Posted Mon October 21, 2024 10:36 AM

    Thank you for the information!  I'm going through some tests now.  I don't want to use the legacy SOAP API, I have to at this time.  We have a content management system that is using the Aspera commands to transfer video files from location to another.  The API calls are imbedded in a module and can't be changed without development.  With this new information with SOAP API commands being deprecated, I will be putting in a change request to update the API commands.

     

                                -Jeremy

     

    signature_3473998402

     

    Jeremy Meissner | Principal Engineer II, Video Delivery Engineering – VOD | (O) 720.699.5071, (M) 303.437.9173

    8560 Upland Drive | Suite B | Englewood, CO 80112

     

     






  • 4.  RE: SOAP API call for a file transfer

    Posted Mon October 21, 2024 01:54 PM

    Soap Deprecation

    https://www.ibm.com/docs/en/ahts/4.3?topic=notes-release-aspera-hsts-430

     

     

    The version 4.0 series of HSTS/E change all the running deamons like asperanoded and asperacentral from running as the root user. These applications now run as asperadaemon as Laurent mentioned in the earlier post.

     

    On Linux systems, we make use of the sudoers functionality to run as different users. If you do not specify a user, then the daemon application will run the ascp process as the system user corresponding to the node user. This is seen through the command

     

    /opt/aspera/bin/asnodeadmin -l

     

    There is an option in the SOAP API to specify the user account. You would have to configure sudoers to make sure that the asperadaemon process can run as that user. If you can match the system user to the node user it would simplify things.

     

    https://developer.ibm.com/apis/catalog/aspera--aspera-soap-web-services/Job+Submission

    Look for LocalLocation

     

     






  • 5.  RE: SOAP API call for a file transfer

    Posted Wed October 23, 2024 04:04 PM
    By default it runs with the user running the asperacentral process (the default user is asperadaemon).
     
    You can specify the local user/password in the SOAP request. See the LocalLocation part:

    https://developer.ibm.com/apis/catalog/aspera--aspera-soap-web-services/Job+Submission



    ------------------------------
    Sebastien David
    ------------------------------