This topic describes the operations that you must perform before you migrate data from an Elastic Compute Service (ECS) instance to an Object Storage Service (OSS) bucket.

Share a folder on an ECS instance

This section describes how to share the folder in which the data that you want to migrate is stored on the ECS instance.
Note You can only use Data Transport to migrate data from an ECS instance that is deployed in a virtual private cloud (VPC). Data Transport cannot migrate data from an ECS instance that is deployed in the classic network.
  • For Windows-based ECS instances
    If your ECS instance runs the Windows system, you can perform the following steps to share the folder in which the data that you want to migrate is stored:
    1. Move all the data that you want to migrate to a folder and then share the folder. You can follow the instructions that are provided for your specific OS version to share the folder.

      For example, if you want to share the subdir folder in the dir folder, the path of the subdir folder is \\Hostname\dir\subdir. When you create a source data address in the Data Transport console, specify /dir/subdir as the value of the Sub Folder parameter.

    2. Modify the settings of the Windows firewall and your anti-virus software to allow access to port 445 of the ECS instance from all IP addresses in the VPC in which the ECS instance is deployed. If both the Windows firewall and your anti-virus software are disabled, you can skip this step.
    3. Configure a security group rule for the ECS instance to allow access to port 445 of the ECS instance from all IP addresses in the VPC in which the ECS instance is deployed. For more information, see Add security group rules.
  • For Linux-based ECS instances
    If your ECS instance runs the Linux system, you can perform the following steps to share the folder in which the data that you want to migrate is stored:
    1. Enable the network file system (NFS) service and then share the folder. For more information, see Enable the NFS service. If the NFS service is enabled, you can skip this step.

      For example, if you want to share the data folder, the path of the folder is /data. When you create a source data address in the Data Transport console, specify /data as the value of the Sub Folder parameter.

    2. Modify the settings of the Linux firewall to allow access to the ports for the NFS service. Run the rpcinfo -p localhost command to view the ports that must be opened for the portmapper, mountd, and NFS services. For more information, see Firewall settings. If the firewall is disabled, you can skip this step.
    3. Configure a security group rule for the ECS instance to allow access to the ports for the NFS service from all IP addresses in the VPC in which the ECS instance is deployed. For more information, see Add security group rules.
      Warning To ensure data security, we recommend that you disable access to the ports for the NFS service from external networks.

Create a destination OSS bucket

Create a destination bucket to store the migrated data. For more information, see Create buckets.

Create a Resource Access Management (RAM) user and grant required permissions to the RAM user

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click Create User.
  4. On the Create User page, specify Logon Name and Display Name in the User Account Information section.
  5. In the Access Mode section, select Console Access and OpenAPI Access. Then, save the generated logon name, password, AccessKey ID, and AccessKey secret.
    • Console Access: If you select this option, you must configure the console password, password reset settings, and multi-factor authentication settings.
    • OpenAPI Access: If you select this option, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use other development tools to access Alibaba Cloud resources.
    Note If you need to migrate data across accounts, you must save the logon name, password, AccessKey ID, and AccessKey secret that are generated for each RAM user by the corresponding Alibaba Cloud account.
  6. After the RAM user is created, return to the Users page. Find the RAM user and click Add Permissions in the Actions column. In the panel that appears, select the AliyunOSSFullAccess and AliyunMGWFullAccess policies and click OK. This way, the RAM user is granted the permissions to read and write files from OSS and perform online data migrations.
  7. In the left-side navigation pane, click Overview.
  8. On the page that appears, navigate to the Account Management section and click the link under RAM user logon. On the page that appears, enter the logon name and password of the RAM user to log on to the Alibaba Cloud Management Console.

Appendix: How to use the NFS service

Before you use the NFS service, you must enable the NFS service and configure the firewall settings to open the ports for the NFS service.
  • Enable the NFS service. If you want to share the data folder as the data source of the migration, you can perform the following steps:
    1. Install the NFS server.
      [root@test ~]# yum install -y nfs-utils
    2. Specify the folder that you want to share. In this example, /data is specified. In /etc/exports, add the /data *(rw,no_root_squash,insecure) entry.
      [root@test ~]# vi /etc/exports
      
      #If the port number for the mountd service is greater than 1024, you must add the insecure parameter.
      /data *(rw,no_root_squash,insecure)
                                      
      Note

      You must configure parameters based on the format that is required for the exports file. You can run the man 5 exports command to view the details of the format.

      If your settings are invalid, the file system fails to be mounted on the client.

    3. Start the NFS service.
      [root@test ~]# systemctl start nfs.service
    4. Check the status of the NFS service. The following information indicates that the NFS service is running.
      [root@test ~]# systemctl status nfs.service
      nfs-server.service - NFS server and services
      Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
      Active: active (exited) since Thu 2018-12-06 15:47:03 CST; 58s ago
      Process: 10641 ExecStartPost=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl restart gssproxy ; fi (code=exited, status=0/SUCCESS)
      Process: 10623 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
      Process: 10621 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
      Main PID: 10623 (code=exited, status=0/SUCCESS)
      CGroup: /system.slice/nfs-server.service
      
      
      Dec 06 15:47:03 test systemd[1]: Starting NFS server and s...
      Dec 06 15:47:03 test systemd[1]: Started NFS server and se...
      Hint: Some lines were ellipsized, use -l to show in full.
    5. Enable the NFS service to run at startup.
      [root@test ~]# systemctl enable nfs.service
    6. Check the status of the rpcbind service. The following information indicates that the rpcbind service is running.
      [root@test ~]# systemctl status rpcbind.service
      rpcbind.service - RPC bind service
      Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
      Active: active (running) since Thu 2018-12-06 15:47:03 CST; 7min ago
      Main PID: 10598 (rpcbind)
      CGroup: /system.slice/rpcbind.service
       10598 /sbin/rpcbind -w
      
      
      Dec 06 15:47:03 test systemd[1]: Starting RPC bind service...
      Dec 06 15:47:03 test systemd[1]: Started RPC bind service.
      Hint: Some lines were ellipsized, use -l to show in full.
  • Open the ports for the NFS service. By default, ECS instances that run CentOS 7 use firewalld. You can use the systemctl status firewalld command to check whether the firewall is enabled for an ECS instance. If you use iptables, you can run the related iptables commands to configure the firewall settings to open the ports for the NFS service. Perform the following steps to configure the firewall settings:
    1. View the ports that must be opened for the NFS service.
      [root@test ~]# rpcinfo -p localhost
         program vers proto   port  service
          100000    4   tcp    111  portmapper
          100000    3   tcp    111  portmapper
          100000    2   tcp    111  portmapper
          100000    4   udp    111  portmapper
          100000    3   udp    111  portmapper
          100000    2   udp    111  portmapper
          100024    1   udp  50382  status
          100024    1   tcp  59133  status
          100005    1   udp  20048  mountd
          100005    1   tcp  20048  mountd
          100005    2   udp  20048  mountd
          100005    2   tcp  20048  mountd
          100005    3   udp  20048  mountd
          100005    3   tcp  20048  mountd
          100003    3   tcp   2049  nfs
          100003    4   tcp   2049  nfs
          100227    3   tcp   2049  nfs_acl
          100003    3   udp   2049  nfs
          100003    4   udp   2049  nfs
          100227    3   udp   2049  nfs_acl
          100021    1   udp  37473  nlockmgr
          100021    3   udp  37473  nlockmgr
          100021    4   udp  37473  nlockmgr
          100021    1   tcp  37688  nlockmgr
          100021    3   tcp  37688  nlockmgr
          100021    4   tcp  37688  nlockmgr
    2. Configure firewall rules to open the ports for the portmapper, mountd, and NFS services. These ports include port 111, port 20048, and port 2049 on TCP and UDP.
      Note The mountd service uses a random port. You must use one of the following methods to obtain the number of the port for the mountd service and then configure the firewall.
      • Run the rpcinfo -p localhost command to query the port that is used by the mountd service.
      • In /etc/sysconfig/nfs, replace xxx in the MOUNTD_PORT=xxx expression with the number of the port that is used for the mountd service.
    3. Add firewall rules by running the following commands:
      [root@test ~]# firewall-cmd --zone=public --add-port=111/tcp --permanent
      success
      [root@test ~]# firewall-cmd --zone=public --add-port=20048/tcp --permanent
      success
      [root@test ~]# firewall-cmd --zone=public --add-port=2049/tcp --permanent
      success
      [root@test ~]# firewall-cmd --zone=public --add-port=111/udp --permanent
      success
      [root@test ~]# firewall-cmd --zone=public --add-port=20048/udp --permanent
      success
      [root@test ~]# firewall-cmd --zone=public --add-port=2049/udp --permanent
      success
    4. Update firewall rules by running the following command:
      [root@test ~]# firewall-cmd --reload
      success