This topic describes how to prepare for a migration job.
Share a folder on an ECS instance
- WindowsIf your ECS instance runs the Windows system, you can perform the following steps to share the folder in which the data that you want to migrate is stored:
- Move all the data that you want to migrate to a folder and then share the folder. You can follow the instructions that are provided for your specific OS version to share the folder.
For example, if you want to share the subdir folder in the dir folder, the path of the subdir folder is \\Hostname\dir\subdir. When you create a source data address in the Data Transport console, set the Sub Folder parameter to /dir/subdir.
- Modify the settings of the Windows firewall and your anti-virus software to allow access to port 445 of the ECS instance from all IP addresses in the VPC in which the ECS instance is deployed. If both the Windows firewall and your anti-virus software are disabled, you can skip this step.
- Configure a security group rule for the ECS instance to allow access to port 445 of the ECS instance from all IP addresses in the VPC in which the ECS instance is deployed. For more information, see Add a security group rule.
- Move all the data that you want to migrate to a folder and then share the folder. You can follow the instructions that are provided for your specific OS version to share the folder.
- LinuxIf your ECS instance runs the Linux system, you can perform the following steps to share the folder in which the data that you want to migrate is stored:
- Enable the network file system (NFS) service and then share the folder. For more information, see the Appendix: How to use the NFS service section of this topic. If the NFS service is enabled, you can skip this step.
For example, if you want to share the data folder, the path of the folder is /data. When you create a source data address in the Data Transport console, set the Sub Folder parameter to /data.
- Modify the settings of the Linux firewall to allow access to the ports for the NFS service. Run the rpcinfo -p localhost command to view the ports that must be opened for the
PortMapper
,mountd
, andNFS
services. For more information, see the Appendix: How to use the NFS service section of this topic. If the firewall is disabled, you can skip this step. - Configure a security group rule for the ECS instance to allow access to the ports for the NFS service from all IP addresses in the VPC in which the ECS instance is deployed. For more information, see Add a security group rule. Warning To ensure data security, we recommend that you disable access to the ports for the NFS service from external networks.
- Enable the network file system (NFS) service and then share the folder. For more information, see the Appendix: How to use the NFS service section of this topic. If the NFS service is enabled, you can skip this step.
Alibaba Cloud OSS
Create an Object Storage Service (OSS) bucket to store the migrated data. For more information, see Create buckets.
Create a RAM user and grant required permissions to the RAM user
- Log on to the RAM console.
- In the left-side navigation pane, choose .
- On the Users page, click Create User.
- On the Create User page, specify Logon Name and Display Name in the User Account Information section.
- In the Access Mode section, select Console Access and OpenAPI Access. Then, save the generated logon name, password, AccessKey ID, and AccessKey secret.
- Console Access: If you select this option, you must configure the console password, password reset settings, and multi-factor authentication settings.
- OpenAPI Access: If you select this option, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use other development tools to access Alibaba Cloud resources.
Note If you need to migrate data across accounts, you must save the logon name, password, AccessKey ID, and AccessKey secret that are generated for each RAM user by the corresponding Alibaba Cloud account. - After the RAM user is created, return to the Users page. Find the RAM user and click Add Permissions in the column. In the panel that appears, select the AliyunOSSFullAccess and AliyunMGWFullAccess policies and click OK. This way, the RAM user is granted the permissions to read and write files from OSS and perform online data migrations.
- In the left-side navigation pane, click Overview.
- On the page that appears, navigate to the Account Management section and click the link under RAM user logon. On the page that appears, enter the logon name and password of the RAM user to log on to the Alibaba Cloud Management Console.
Appendix: How to use the NFS service
- Enable the NFS service. If you want to share the /data folder as the data source of the migration, perform the following steps:
- Enable the NFS service.
[root@test ~]# yum install -y nfs-utils
- Specify the folder that you want to share. In this example, /data is specified. In the /etc/exports file, add the /data *(rw,no_root_squash,insecure) entry.
[root@test ~]# vi /etc/exports #If the port number for the mountd service is greater than 1024, you must add the insecure parameter. /data *(rw,no_root_squash,insecure)
NoteYou must configure parameters based on the format that is required for the exports file. You can run the
man 5 exports
command to view the details of the format.If your settings are invalid, the file system fails to be mounted on the client.
- Start the NFS service.
[root@test ~]# systemctl start nfs.service
- Check the status of the NFS service. The following information indicates that the NFS service is running.
[root@test ~]# systemctl status nfs.service â- nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled) Active: active (exited) since Thu 2018-12-06 15:47:03 CST; 58s ago Process: 10641 ExecStartPost=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl restart gssproxy ; fi (code=exited, status=0/SUCCESS) Process: 10623 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS) Process: 10621 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Main PID: 10623 (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs-server.service Dec 06 15:47:03 test systemd[1]: Starting NFS server and s... Dec 06 15:47:03 test systemd[1]: Started NFS server and se... Hint: Some lines were ellipsized, use -l to show in full.
- Enable the NFS service to run at startup.
[root@test ~]# systemctl enable nfs.service
- Check the status of the rpcbind service. The following information indicates that the rpcbind service is running.
[root@test ~]# systemctl status rpcbind.service â- rpcbind.service - RPC bind service Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-12-06 15:47:03 CST; 7min ago Main PID: 10598 (rpcbind) CGroup: /system.slice/rpcbind.service └─10598 /sbin/rpcbind -w Dec 06 15:47:03 test systemd[1]: Starting RPC bind service... Dec 06 15:47:03 test systemd[1]: Started RPC bind service. Hint: Some lines were ellipsized, use -l to show in full.
- Enable the NFS service.
- Open the ports for the NFS service. By default, ECS instances that run CentOS 7 use firewalls. You can use the systemctl status firewalld command to check whether the firewall is enabled for an ECS instance. If you use iptables, you can run the related iptables commands to configure the firewall settings to open the ports for the NFS service. Perform the following steps to configure the firewall settings:
- View the ports that must be opened for the NFS service.
[root@test ~]# rpcinfo -p localhost program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 50382 status 100024 1 tcp 59133 status 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 2 udp 20048 mountd 100005 2 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100021 1 udp 37473 nlockmgr 100021 3 udp 37473 nlockmgr 100021 4 udp 37473 nlockmgr 100021 1 tcp 37688 nlockmgr 100021 3 tcp 37688 nlockmgr 100021 4 tcp 37688 nlockmgr
- Configure firewall rules to open the ports for the
PortMapper
,mountd
, andNFS
services. These ports include port 111, port 20048, and port 2049 on TCP and UDP.Note Themountd
service uses a random port. You must use one of the following methods to obtain the number of the port for themountd
service and then configure the firewall.- Run the rpcinfo -p localhost command to query the port that is used by the
mountd
service. - In the /etc/sysconfig/nfs file, replace xxx in the
MOUNTD_PORT=xxx
expression with the number of the port that is used for themountd
service.
- Run the rpcinfo -p localhost command to query the port that is used by the
- Add firewall rules by running the following commands:
[root@test ~]# firewall-cmd --zone=public --add-port=111/tcp --permanent success [root@test ~]# firewall-cmd --zone=public --add-port=20048/tcp --permanent success [root@test ~]# firewall-cmd --zone=public --add-port=2049/tcp --permanent success [root@test ~]# firewall-cmd --zone=public --add-port=111/udp --permanent success [root@test ~]# firewall-cmd --zone=public --add-port=20048/udp --permanent success [root@test ~]# firewall-cmd --zone=public --add-port=2049/udp --permanent success
- Update firewall rules by running the following command:
[root@test ~]# firewall-cmd --reload success
- View the ports that must be opened for the NFS service.