Adding Resource Credentials

You need to provide the MgC Agent (formerly Edge) with the credentials for accessing your source resources, so it can collect information about them and migrate them to Huawei Cloud. After you connect the MgC Agent to MgC, only the attributes of source resources' credentials will be synchronized to MgC. The credentials themselves are encrypted and stored locally, and will not be synced to MgC.

Prerequisites

You have installed the MgC Agent in your source environment and connected the MgC Agent to MgC.

Authentication Methods

You can add credentials of the following types of resources to the MgC Agent: cloud platforms, servers, big data clusters, containers, and databases. For details about the authentication methods supported for each resource type, see Table 1.

When adding a big data cluster credential, ensure that you are using the MgC Agent for Linux and the Agent is online and enabled.

**Table 1** Authentication methods
Resource Type	Authentication Method	Description
Public cloud	AK/SK Configuration file ID/Secret	You can provide AK/SK pairs used to access cloud platforms, such as Huawei Cloud, Alibaba Cloud, AWS, Tencent Cloud, Qiniu Cloud, and Kingsoft Cloud. You can upload the configuration file used to access Google Cloud. The configuration file contains credentials for Google Cloud service accounts, and the file must be in .json format and cannot exceed 4 KB. For details about how to obtain the configuration file, see Obtaining Google Cloud Credentials Configuration Files. You can provide an ID/secret pair used to access Azure. To learn how to obtain Azure credentials, see How Do I Obtain Azure Credentials?
Private cloud	Username/Password	Enter the username and password for logging in to the source private cloud.
Databases	Username/Password	Enter the username and password of the database.
Big data - Executor	Username/Password	Enter the username and password for logging in to the server deployed as an executor. Then specify Network Range, which can be a single IP address or an IP address range. The value can be: A single IP address, for example, 192.168.10.10/32 An IP address range, for example, 192.168.52.0/24 All IP addresses. You need to enter 0.0.0.0/0.
Big data - Hive Metastore	Username/Key	Upload the core-site.xml, hivemetastore-site.xml, hive-site.xml, krb5.conf, and user.keytab files. For details about how to obtain the certificate files, see How Do I Obtain the Hive Metastore Credential Files?
Big data - Data Lake Search (DLI)	AK/SK	Enter the AK/SK pair of the Huawei Cloud account. For details about how to obtain an AK/SK pair, see How Do I Obtain the AK/SK and Project ID?
Big data - MaxCompute	AK/SK	Enter the AK/SK pair of the source Alibaba Cloud account. For details about how to obtain the key pair, see Viewing the Information About AccessKey Pairs of a RAM User.
Big data - Doris	Username/Password	Enter the username and password of the Doris database.
Big data - HBase	Username/Key	For an unsecured cluster, upload the core-site.xml, hdfs-site.xml, yarn-site.xml, mapred-site.xml, and hbase-site.xml files. For a secured cluster, upload seven files, including core-site.xml, hdfs-site.xml, yarn-site.xml, krb5.conf, user.keytab, mapred-site.xml, and hbase-site.xml. The preceding configuration files are usually stored in the conf subdirectory of the Hadoop and HBase installation directories.
Big data - ClickHouse	Username/Password	Enter the username and password of the ClickHouse database.
Windows servers	Username/Password	Choose whether to set up an HTTPS connection. By default, WinRM connections to Windows servers are established over port 5985 using HTTP. Using WinRM HTTPS (port 5986) to establish connections is more secure. Enter the username and password for logging in to the server. Then specify Network Range, which can be a single IP address or an IP address range. The value can be: A single IP address, for example, 192.168.10.10/32 An IP address range, for example, 192.168.52.0/24 All IP addresses. You need to enter 0.0.0.0/0.
Linux servers	Username/Password Username/Key	If you select Username/Password, enter the username and password for logging in to the server. If you select Username/Key, enter the username and the password of the key file for logging in to the server, and upload the key file in .pem format. NOTICE: If the key file is not encrypted, you do not need to enter the password. Then specify Network Range, which can be a single IP address or an IP address range. The value can be: A single IP address, for example, 192.168.10.10/32 An IP address range, for example, 192.168.52.0/24 All IP addresses. You need to enter 0.0.0.0/0.
Containers	Configuration file	The configuration file must be a .json or .yml file.

Adding Credentials

If your MgC Agent has not been connected to MgC, the added credentials can be used for deep collection of local resources. If it has been connected to MgC, the added credentials will be automatically synchronized to MgC.

Sign in to the MgC Agent console.
In the navigation pane, choose Credentials.
Click Add Credential above the list.

Figure 1 Adding a credential
Select a resource type and authentication method, specify a credential name, and enter your credentials.
Set a credential validity period.
- Custom: Set the number of days the credential remains valid. The validity period starts when you click OK to save the credential. After this period ends, the credential becomes invalid. The default period is 60 days. You can specify an integer ranging from 1 to 365. You can extend the validity period for the credential when it is in the Unexpired, Expire soon, or Expired state.
- Unlimited: The credential remains valid permanently. You can manually delete the credential when it is no longer needed.
Click OK to save the credential.

Importing Credentials

Only server and database credentials can be imported.

Sign in to the MgC console. In the navigation pane, under Project, choose a project from the drop-down list.
In the navigation pane, choose Applications.
Click Export above the application list.
Locate the Resources row and click Export in the Operation column. In the displayed dialog box, select Servers or Databases from the Resource Type drop-down list, and click Confirm to generate a file.

Figure 2 Exporting resource information
After the file is generated, click Download in the Operation column to download the resource list as a CSV file to the local PC.
Open the exported CSV file, add columns user_name and password at the end, and enter the username and password for each resource. Save the file.

Ensure that the saved CSV file is correct and has no incorrect configuration or garbled characters.
On the Credentials page of the MgC Agent console, click Import above the list.

Figure 3 Importing credentials
Click Select File to upload the saved CSV file.
- A maximum of 1,000 complete credential records can be imported at a time. If there are any blanks or incomplete credentials, they will be ignored.
- Credential names are automatically generated based on the resource name and access address.
- Credentials can be imported repeatedly, but they will be named differently.
Set a credential validity period.
- Custom: Set the number of days the credential remains valid. The validity period starts when you click OK to save the credential. After this period ends, the credential becomes invalid. The default period is 60 days. You can specify an integer ranging from 1 to 365. You can extend the validity period for the credential when it is in the Unexpired, Expire soon, or Expired state.
- Unlimited: The credential remains valid permanently. You can manually delete the credential when it is no longer needed.
Click OK to complete the import. After the import is successful, the system automatically synchronizes the credentials to MgC and associate them with corresponding resources.

Synchronizing Credentials

If the MgC Agent is disconnected from MgC, you need to manually synchronize added credentials to MgC after the connection is restored using the Sync button.

Extending the Validity Period of Credentials

When you add a resource credential, you can set the validity period for the credential. If the credential expires, it cannot be used. If you want to continue to use the credential, perform the following operations to extend the validity period. You can extend the validity period of a credential regardless of whether the credential is in the Unexpired, Expire soon, or Expired state. The validity period can be extended by 60 days at a time, with the new period starting from the moment the extension operation is executed.

Sign in to the MgC Agent console.
In the navigation pane, choose Credentials.
In the row of the credential whose validity period needs to be extended, click Extend Validity Period. If multiple credentials need to be extended, you can select them and click Extend Validity Period above the credential list.
Click OK. The validity period of the credential is extended by 60 days.

Modifying a Credential

After the MgC Agent is connected to MgC, you can edit the saved credentials, including changing their names and resetting their validity periods.

Sign in to the MgC Agent console.
In the navigation pane, choose Credentials.
In the credential list, locate the desired credential and click Modify in the Operation column. In the displayed Configure Credential dialog box, change the credential name and validity period.
The options for setting the validity period include:
- Custom: Set the number of days the credential remains valid. The validity period starts when you click OK to save the credential. After this period ends, the credential becomes invalid. The default period is 60 days. You can specify an integer ranging from 1 to 365. You can extend the validity period for the credential when it is in the Unexpired, Expire soon, or Expired state.
- Unlimited: The credential remains valid permanently. You can manually delete the credential when it is no longer needed.