Help Center/ Migration Center/ MgC Agent Usage Guide/ Agent-based Discovery/ Adding Resource Credentials
Updated on 2025-02-17 GMT+08:00
View PDF
Share

Adding Resource Credentials

You need to provide the MgC Agent (formerly Edge) with the credentials for accessing your source resources, so it can collect information about them and migrate them to Huawei Cloud. After you connect the MgC Agent to MgC, only the attributes of source resources' credentials will be synchronized to MgC. The credentials themselves are encrypted and stored locally, and will not be synced to MgC.

Credentials you add to the MgC Agent are valid for 60 days. After the validity period expires, you need to add the credentials to the MgC Agent again if you still want to discover or migrate the resources.

Prerequisites

You have installed the MgC Agent in your source environment and connected the MgC Agent to MgC.

Authentication Methods

You can add credentials of the following types of resources to the MgC Agent: private clouds, servers, big data clusters, and containers. For details about the authentication methods supported for each resource type, see Table 1.

Table 1 Authentication methods

Resource Type

Authentication Method

Description

Public cloud
  • AK/SK
  • Configuration file
  • ID/Secret
  • AK/SK pairs of cloud platforms, such as Huawei Cloud, Alibaba Cloud, AWS, Tencent Cloud, Qiniu Cloud, and Kingsoft Cloud
  • Upload the configuration file used to access Google Cloud. The configuration file contains credentials for Google Cloud service accounts, and the file must be in .json format and cannot exceed 4 KB.
  • IDs and secrets are Azure credentials. To learn how to obtain Azure credentials, see How Do I Obtain Azure Credentials?

Private cloud

Username/Password

Enter the username and password for logging in to the source private cloud.

Databases

Username/Password

Enter the username and password of the database.

Big data - Executor

Username/Password

Enter the username and password for logging in to the server deployed as an executor. Then specify Network Range, which can be a single IP address or an IP address range.

The value can be:

  • A single IP address, for example, 192.168.10.10/32
  • An IP address range, for example, 192.168.52.0/24
  • All IP addresses. You need to enter 0.0.0.0/0.

Big data - Hive Metastore

Username/Key

Upload the core-site.xml, hivemetastore-site.xml, hive-site.xml, krb5.conf, and user.keytab files. For details about how to obtain the certificate files, see How Do I Obtain the Hive Metastore Credential Files?

Big data - Data Lake Search (DLI)

AK/SK

Enter the AK/SK pair of the Huawei Cloud account. For details about how to obtain an AK/SK pair, see How Do I Obtain the AK/SK and Project ID?

Big Data - MaxCompute

AK/SK

Enter the AK/SK pair of the source Alibaba Cloud account. For details about how to obtain the key pair, see Viewing the Information About AccessKey Pairs of a RAM User.

Big data - Doris

Username/Password

Enter the username and password of the Doris database.

Big data - HBase

Username/Key
  • For an unsecured cluster, upload the core-site.xml, hdfs-site.xml, yarn-site.xml, mapred-site.xml, and hbase-site.xml files.
  • For a secured cluster, upload seven files, including core-site.xml, hdfs-site.xml, yarn-site.xml, krb5.conf, user.keytab, mapred-site.xml, and hbase-site.xml.

The preceding configuration files are usually stored in the conf subdirectory of the Hadoop and HBase installation directories.

Big data - ClickHouse

Username/Password

Enter the username and password of the ClickHouse database.

Windows server

Username/Password

Enter the username and password for logging in to the server. Then specify Network Range, which can be a single IP address or an IP address range.

The value can be:

  • A single IP address, for example, 192.168.10.10/32
  • An IP address range, for example, 192.168.52.0/24
  • All IP addresses. You need to enter 0.0.0.0/0.

Linux server
  • Username/Password
  • Username/Key
  • If you select Username/Password, enter the username and password for logging in to the server.
  • If you select Username/Key, enter the username and the password of the key file for logging in to the server, and upload the key file in .pem format.
    NOTICE:

    If the key file is not encrypted, you do not need to enter the password.

Then specify Network Range, which can be a single IP address or an IP address range. The value can be:

  • A single IP address, for example, 192.168.10.10/32
  • An IP address range, for example, 192.168.52.0/24
  • All IP addresses. You need to enter 0.0.0.0/0.

Container

Configuration file

The configuration file must be a .json or .yml file.

Adding Credentials

  1. Use the registered username and password to log in to the MgC Agent console.
  2. In the navigation pane, choose Agent-based Discovery > Credentials.
  3. Click Create Certificate above the list.

    Figure 1 Adding a credential

  4. Select a resource type and authentication method as prompted. Specify a credential name, enter your credentials, and click Confirm.

    • If the MgC Agent is not connected to MgC, the added resource credentials can be used for deep collection.
    • If the MgC Agent is connected to MgC, the added resource credentials will be automatically synchronized to MgC.

Importing Credentials

  1. On the MgC console, switch to the Applications page and export the discovered source servers and databases to a CSV file.

    Figure 2 Exporting resource information

  2. Open the exported CSV file, add columns user_name and password to the end, and enter the username and password for each resource. Save the file.

    Ensure that the saved CSV file is correct and has no incorrect configuration or garbled characters.

  3. On the Credentials page of the MgC Agent console, click Import Credential above the list.

    Figure 3 Importing credentials

  4. Click Select File to upload the saved CSV file.

    • A maximum of 1,000 complete credential records can be imported at a time. If there are any blanks or incomplete credentials, they will be ignored.
    • Credential names are automatically generated based on the resource name and access address.
    • Credentials can be imported repeatedly, but they will be named differently.

  5. Click OK to complete the import. After the import is successful, the system automatically synchronizes the credentials to MgC and associate them with corresponding resources.

Synchronizing Credentials

If the MgC Agent is disconnected from MgC, you need to manually synchronize added credentials to MgC after the connection is restored. In the Source Credentials area, click Sync.

Parent Topic: Agent-based Discovery