- 最新动态
- 功能总览
- 产品介绍
- 快速入门
- 用户指南
-
迁移中心Agent操作指南
- 迁移中心Agent概述
- 下载并安装MgC Agent(原Edge)
- 本地发现与采集
- 上云操作
- 云边协同
-
工具采集
- 创建工具采集任务
- 采集器管理
-
采集器参数配置说明
- K8S静态采集器(app-discovery-k8s)
- K8S conntrack采集器(app-discovery-k8s-conntrack)
- K8S pod网络采集器(app-discovery-k8s-pod-net)
- 进程与网络采集器(app-discovery-process-netstat)
- Windows进程与网络采集器(app-discovery-process-netstat-win)
- RabbitMQ采集器(app-discovery-rabbitmq)
- Kafka采集器(app-discovery-kafka)
- Eureka采集器(app-discovery-eureka)
- Redis采集器(app-discovery-redis)
- MongoDB采集器(app-discovery-mongodb)
- MySQL-generallog采集器(app-discovery-mysql-generallog)
- MySQL-jdbc采集器(app-discovery-mysql-jdbc)
- Nginx配置文件采集器(app-discovery-nginx)
- Cloud-vpc-log采集器(app-discovery-cloud-vpc-log)
- Nacos采集器(app-discovery-nacos)
- 应用配置采集器(app-discovery-application-config)
- 最佳实践
-
常见问题
- 安装MgC Agent(原Edge)的主机有哪些要求?
- 以兼容性模式运行程序
- MgC Agent(原Edge)设备离线原因
- MgC Agent(原Edge)安装完成后,无法启动
- 如何升级MgC Agent(原Edge)至最新版本?
- 如何卸载MgC Agent(原Edge)?
- 如何重启MgC Agent(原Edge)?
- 如何查询MgC Agent(原Edge)当前版本?
- 如何获取Linux版本的MgC Agent(原Edge)各种运行日志?
- 采集失败,提示:The collector is not installed如何处理?
- 大数据-Hive Metastore凭证文件获取方法
- MgC Agent(原Edge)安装端口被占用,导致无法安装,如何处理?
- AK/SK验证失败,如何处理?
- Windows服务器WinRM服务配置与故障排查
- 新增大数据校验数据连接时,凭证列表数据缺失
-
最佳实践
- 主机迁移权限配置
- 主机迁移相关最佳实践
- 存储迁移相关最佳实践
- 目的端主机磁盘缩容
- 调整目的端磁盘分区
- 采集Azure容器AKS资源
- 采集谷歌云 GCP容器GKE资源
- 采集AWS容器资源
- 自建Oracle调研评估指导
-
大数据迁移后数据校验
- MaxCompute迁移至DLI数据校验
- MRS ClickHouse迁移至MRS ClickHouse数据校验
- 阿里云EMR ClickHouse迁移至MRS ClickHouse数据校验
- 阿里云 ClickHouse迁移至MRS ClickHouse数据校验
- 阿里云 ClickHouse迁移至CloudTable ClickHouse数据校验
- MRS Doris迁移至MRS Doris数据校验
- MRS Hive/CDH/EMR迁移至MRS Hive数据校验
- MaxCompute迁移至MRS Hive数据校验
- MRS HBase迁移至MRS HBase数据校验
- DeltaLake(有元数据)迁移至MRS DeltaLake数据校验
- DeltaLake(无元数据)迁移至MRS DeltaLake数据校验
- 不使用EIP场景下进行大数据数据迁移
- 大数据迁移驾驶舱
-
常见问题
- 产品咨询
- 网络配置
-
主机迁移工作流
- 迁移工作流状态为“运行中”,如何查看迁移进度?
- 迁移工作流状态一直处于“运行中”,如何判断迁移是否正常?
- 迁移工作流步骤执行失败,提示“Edge is not accessible ...”,如何处理?
- 迁移工作流步骤执行失败,提示“server require to bind credenlial first ...”,如何处理?
- 大批量主机同时迁移时,可能出现的异常问题
- 主机迁移工作流错误码处理方法汇总
- VMware主机迁移时,出现报错如何处理?
- MgC主机工作流资源与SMS迁移服务器列表之间的映射关系
- 为什么MgC迁移进度和SMS迁移进度显示不一致?
- sudo用户进行主机迁移时,主机迁移工作流校验源端环境失败
- 主机迁移运行到“启动迁移Agent”步骤时报错:System.OutOfMemoryException
- 主机迁移工作流步骤执行失败,失败原因:SMS-Workflow.0503:SMS migration task failed 'SMS.xxxx'
- 迁移完成后,目的端主机有磁盘处于未挂载状态
-
存储迁移
- 存储迁移的约束与限制有哪些?
- 迁移对源端和目的端有什么要求?
- 进行存储迁移时,如何选择集群规格?
- 影响大对象迁移速度的关键因素有哪些?
- 影响小对象迁移速度的关键因素有哪些?
- 如何监控和查看影响迁移速度的关键指标?
- 为什么存储迁移工作流进度长时间没有变化?
- 将HTTP/HTTPS数据源迁移到OBS时,如果存在URL不同但对象名称相同的情况,会如何处理?
- OBS迁移到NAS,如果源端存在同名但大小写不同的对象,会如何处理?
- 关于OBS、NAS和SMB存储系统之间进行异构迁移的对象长度限制说明
- 如何解决迁移集群创建失败问题
- 如何获取微软云的访问凭证
- 存储工作流执行失败,列表提示“COMPARISON_ATTRIBUTE_NOT_SAME”,如何处理?
- 存储类型介绍
- 迁移任务执行失败如何处理?
- 可用区迁移
- 上云调研
- 资源采集
- 规格评估
- 大数据数据迁移
- 大数据校验
- 错误码描述和处理方法
- 通用参考
展开导读
链接复制成功!
公网采集权限要求
通过公网采集各云平台资源所需的权限如下:
阿里云资源采集
采集阿里云各类资源所需的权限参见下表。
|
资源类型 |
云服务 |
Action |
最小权限策略 |
|---|---|---|---|
|
主机 |
ECS |
ecs:DescribeInstances |
Read |
|
ecs:DescribeDisks |
List |
||
|
ecs:DescribeMetricData |
List |
||
|
存储 |
NAS |
nas:DescribeFileSystems |
Read |
|
OSS |
ListBuckets |
oss:ListBuckets |
|
|
oss:DescribeMetricData |
List |
||
|
数据库 |
RDS |
rds:DescribeDBInstances |
Read |
|
rds:DescribeDBInstanceAttribute |
Read |
||
|
MongoDB |
rds:DescribeDBInstances |
Read |
|
|
rds:DescribeDBInstanceAttribute |
Read |
||
|
中间件 |
Redis |
kvstore:DescribeInstances |
List |
|
kvstore:DescribeInstanceAttribute |
Read |
||
|
kvstore:DescribeMetricData |
List |
||
|
Kafka |
alikafka:ListInstance |
Read |
|
|
kafka::DescribeMetricData |
List |
||
|
RocketMQ |
rocketmq:GetInstance |
Read |
|
|
rocketmq::DescribeMetricData |
List |
||
|
容器 |
K8S ACK |
cs:GetClusters |
Read |
|
cs:DescribeClusterDetail |
Read |
||
|
k8s::DescribeMetricData |
List |
||
|
大数据 |
EMR |
emr:ListClusters |
List |
|
网络 |
CEN |
cen:ListTransitRouters |
Read |
|
cen:DescribeCenPrivateZoneRoutes |
Read |
||
|
cen:DescribeRouteServicesInCen |
Read |
||
|
cen:ListTransitRouterVpcAttachments |
List |
||
|
cen:ListTransitRouterVbrAttachments |
List |
||
|
cen:ListTransitRouterVpnAttachments |
List |
||
|
cen:DescribeCenAttachedChildInstances |
Read |
||
|
cen:DescribeCenAttachedChildInstanceAttribute |
Read |
||
|
cen:ListTransitRouterPeerAttachments |
Read |
||
|
cen:ListTransitRouterRouteTables |
Read |
||
|
cen:ListTransitRouterRouteEntries |
Read |
||
|
cen:ListTransitRouterRouteTableAssociations |
Read |
||
|
cen:ListTransitRouterPrefixListAssociation |
Read |
||
|
cen:DescribeCenRouteMaps |
Read |
||
|
cen:ListTransitRouterRouteTables |
Read |
||
|
cen:DescribeCenRegionDomainRouteEntries |
Read |
||
|
cen:ListTransitRouters |
Read |
||
|
cen:DescribeCens |
Read |
||
|
ALB |
alb:ListLoadBalancers |
Read |
|
|
alb:ListServerGroupServers |
Read |
||
|
CLB |
slb:DescribeLoadBalancers |
Read |
|
|
slb:DescribeLoadBalancerListeners |
Read |
||
|
slb:DescribeVServerGroupAttribute |
Read |
||
|
slb:DescribeMasterSlaveServerGroupAttribute |
Read |
||
|
slb:DescribeHealthStatus |
Read |
||
|
slb:DescribeMasterSlaveServerGroupAttribute |
Read |
||
|
slb:DescribeMasterSlaveServerGroups |
Read |
||
|
VPC |
vpc:DescribePhysicalConnections |
Read |
|
|
vpc:DescribeVirtualBorderRouters |
Read |
||
|
vpc:DescribeRouteTables |
Read |
||
|
vpc:DescribeRouteTableList |
List |
||
|
DNS |
alidns:DescribeDomainRecords |
Read |
|
|
alidns:DescribeDomains |
Read |
||
|
Private Zone |
pvtz:DescribeZoneVpcTree |
Read |
|
|
pvtz:DescribeZoneRecords |
Read |
||
|
EIP |
ens:DescribeEipAddresses |
Read |
|
|
NAT |
ens:DescribeNatGateways |
Read |
|
|
ens:DescribeSnatTableEntries |
List |
||
|
ens:DescribeForwardTableEntries |
List |
华为云资源采集
采集华为云各类资源所需的权限参见下表。
|
资源类型 |
云服务 |
Action |
最小权限策略 |
|---|---|---|---|
|
主机 |
ECS |
ecs:ListServersDetails ces:BatchListMetricData evs:ListVolumes eip:ListPublicips |
|
|
容器 |
CCE |
cce:ListNodes cce:ListClusters aom:ShowMetricsData |
|
|
大数据 |
MRS |
mrs:ListClusters mrs:ListHosts |
MRS ReadOnlyAccess |
|
数据库 |
DDS |
dds:ListInstances dds:ListFlavors |
DDS ReadOnlyAccess |
|
RDS |
rds:ListInstances |
RDS ReadOnlyAccess |
|
|
中间件 |
分布式消息服务Kafka版 |
dms:ListInstances dms:ShowInstance dms:ListAvailableZones dms:ShowCluster ces:BatchListMetricData |
DMS ReadOnlyAccess |
|
分布式缓存服务 DCS |
dcs:ListInstances dcs:ListFlavors dcs:ListGroupReplicationInfo ces:BatchListMetricData |
DCS ReadOnlyAccess |
|
|
存储 |
OBS |
obs:ListBuckets obs:GetBucketPolicy obs:GetBucketAcl obs:GetBucketLifecycle obs:GetBucketMetadata obs:GetBucketVersioning obs:GetBucketStorageInfo obs:GetBucketStoragePolicy ces:BatchListMetricData |
以上两个策略不包含的action需要创建自定义策略 |
|
SFS Turbo |
sfsturbo:ListShares |
SFS Turbo ReadOnlyAccess |
|
|
网络 |
ELB |
elb:ListListeners elb:ListLoadbalancers elb:ListPools elb:ListL7policies elb:ListL7rules elb:ListMembers elb:ListFlavors vpc:ListSubnets |
ELB ReadOnlyAccess |
|
DNS |
dns:ListPublicZones dns:ListPrivateZones dns:ListRecordSetsByZone |
DNS ReadOnlyAccess |
|
|
EIP |
eip:ListPublicips |
EIP ReadOnlyAccess |
|
|
NAT |
nat:ListNatGateways nat:ListNatGatewayDnatRules nat:ListNatGatewaySnatRules vpc:ShowPort vpc:ShowSubnet vpc:ListSubnets |
NAT ReadOnlyAccess |
|
|
VPC |
vpc:ListRouteTables vpc:ShowRouteTable vpc:ListVpcs vpc:ListSecurityGroups vpc:ListSecurityGroupRules vpc:ListSubnets |
VPC ReadOnlyAccess |
AWS资源采集
采集AWS各类资源所需的权限参见下表。
|
资源类型 |
云服务 |
Action |
最小权限策略 |
|---|---|---|---|
|
主机 |
EC2 |
ec2:DescribeInstances |
AmazonEC2ReadOnlyAccess |
|
ec2:DescribeAddresses |
|||
|
ec2:DescribeImages |
|||
|
ec2:DescribeVolumes |
|||
|
cloudwatch:GetMetricStatistics |
|||
|
存储 |
EFS |
elasticfilesystem:DescribeFileSystems |
AmazonElasticFileSystemReadOnlyAccess |
|
elasticfilesystem:DescribeMountTargets |
|||
|
cloudwatch:GetMetricStatistics |
|||
|
S3 |
s3:ListObjectsV2 |
AmazonS3ReadOnlyAccess |
|
|
cloudwatch:GetMetricStatistics |
|||
|
数据库 |
RDS |
rds:DescribeDBClusters |
AmazonRDSReadOnlyAccess |
|
rds:DescribeDBInstances |
|||
|
ec2:DescribeSecurityGroups |
|||
|
中间件 |
ElastiCache |
elasticache:DescribeCacheClusters |
AmazonElastiCacheReadOnlyAccess |
|
elasticache:DescribeReplicationGroups |
|||
|
cloudwatch:GetMetricStatistics |
|||
|
MSK |
kafka:ListClustersV2 |
AmazonMSKReadOnlyAccess |
|
|
cloudwatch:GetMetricStatistics |
|||
|
容器 |
EKS |
eks:DescribeCluster |
无对应的权限策略,需自定义策略 |
|
eks:ListClusters |
|||
|
ec2:DescribeInstances |
|||
|
ec2:DescribeSubnets |
|||
|
cloudwatch:GetMetricStatistics |
|||
|
大数据 |
EMR |
elasticmapreduce:DescribeCluster |
AmazonEMRReadOnlyAccessPolicy_v2 |
|
elasticmapreduce:ListClusters |
|||
|
elasticmapreduce:ListInstanceGroups |
|||
|
elasticmapreduce:ListInstances |
|||
|
ec2:DescribeInstances |
AmazonEC2ReadOnlyAccess |
||
|
网络 |
EIP |
ec2:DescribeAddresses |
AmazonEC2ReadOnlyAccess |
|
ELB |
elasticloadbalancing:DescribeLoadBalancers |
ElasticLoadBalancingReadOnly |
|
|
NAT |
ec2:DescribeNatGateways |
AmazonEC2ReadOnlyAccess |
|
|
Route53(PublicDomain) |
route53:ListHostedZones |
AmazonRoute53ReadOnlyAccess |
|
|
route53:ListResourceRecordSets |
|||
|
RouteTable |
ec2:DescribeRouteTables |
AmazonEC2ReadOnlyAccess |
|
|
SecurityGroup |
ec2:DescribeSecurityGroups |
AmazonEC2ReadOnlyAccess |
|
|
ec2:DescribeSecurityGroupRules |
|||
|
Route53(VpcDomain) |
route53:GetHostedZone |
AmazonRoute53ReadOnlyAccess |
|
|
route53:ListHostedZones |
|||
|
route53:ListResourceRecordSets |
|||
|
VPC |
ec2:DescribeSubnets |
AmazonEC2ReadOnlyAccess |
|
|
ec2:DescribeVpcs |
腾讯云资源采集
采集腾讯云各类资源所需的权限参见下表。
|
资源类型 |
云服务 |
Action |
最小权限策略 |
|---|---|---|---|
|
主机 |
CVM |
cvm: DescribeInstances cvm: DescribeImages cvm:DescribeSecurityGroups cbs: DescribeDisks vpc: DescribeAddresses vpc: DescribeNetworkInterfaces vpc: DescribeSubnets monitor:GetMonitorData |
QcloudCVMReadOnlyAccess |
|
数据库 |
CDB |
cdb:DescribeDBInstances |
QcloudCDBReadOnlyAccess |
|
PostgreSQL |
postgres:DescribeDBInstances |
QcloudPostgreSQLReadOnlyAccess |
|
|
MongoDB |
mongodb:DescribeDBInstances mongodb:DescribeDBInstanceNodeProperty |
QcloudMongoDBReadOnlyAccess |
|
|
SQLServer |
sqlserver:DescribeDBInstances sqlserver:DescribeReadOnlyGroupList |
QcloudSQLServerReadOnlyAccess |
|
|
存储 |
COS |
cos:GetService cos:GetBucketACL cos:GetBucketLifecycle cos:GetBucketVersioning monitor:GetMonitorData |
QcloudCOSReadOnlyAccess |
|
CFS |
cfs:DescribeCfsFileSystems cfs:DescribeMountTargets |
QcloudCFSReadOnlyAccess |
|
|
网络 |
DNSPod |
dnspod:DescribeDomainList dnspod:DescribeRecordList |
QcloudDNSPodReadOnlyAccess |
|
WAF |
waf:DescribeDomains waf:DescribeInstances |
QcloudWAFReadOnlyAccess |
|
|
CLB |
clb:DescribeLoadBalancersDetail clb:DescribeTargets cvm: DescribeInstances |
QcloudCLBReadOnlyAccess QcloudCVMReadOnlyAccess |
Azure资源采集
采集Azure各类资源所需的权限参见下表。
|
资源类型 |
云服务 |
服务 |
最小权限策略 |
|---|---|---|---|
|
主机 |
Virtual Machines |
Microsoft Classic Compute |
Microsoft.ClassicCompute/virtualMachines/read |
|
Microsoft Azure Monitor |
Microsoft.Insights/MetricDefinitions/Read |
||
|
Microsoft Network |
Microsoft.Network/networkInterfaces/read |
||
|
存储 |
Storage Accounts |
Microsoft Azure Monitor |
Microsoft.Insights/MetricDefinitions/Read |
|
Microsoft Classic Storage |
Microsoft.ClassicStorage/storageAccounts/read |
||
|
数据库 |
Azure Database for PostgreSQL Flexible Server |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
Azure Database for PostgreSQL |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
|
Azure Database for MySQL |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
|
Azure Database for MySQL Flexible Server |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
|
SQL servers |
Microsoft Azure Arc Data |
Microsoft.AzureArcData/sqlServerInstances/read |
|
|
Microsoft Management |
Microsoft.Management/getEntities/action |
||
|
中间件 |
Azure Cache for Redis |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
Event Hubs |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
|
容器 |
Kubernetes services |
Microsoft Classic Compute |
Microsoft.ClassicCompute/virtualMachines/read |
|
Microsoft Azure Monitor |
Microsoft.Insights/MetricDefinitions/Read |
||
|
Microsoft Management |
Microsoft.Management/getEntities/action |
||
|
网络 |
Public IP addresses |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
Load Balancer |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
|
NAT gateways |
Microsoft Management |
Microsoft.Management/getEntities/action |
|
|
Route tables |
Microsoft Network |
Microsoft.Network/networkInterfaces/read |
|
|
Network security groups |
Microsoft Network |
Microsoft.Network/networkInterfaces/read |
|
|
Virtual networks |
Microsoft Network |
Microsoft.Network/networkInterfaces/read |
七牛云资源采集
采集七牛云存储资源所需的权限参见下表。
|
资源类型 |
云服务 |
Action |
最小权限策略 |
|---|---|---|---|
|
存储 |
对象存储(Kodo) |
kodo:buckets |
QiniuKodoReadOnlyAccess |
金山云资源采集
采集金山云存储资源所需的权限参见下表。
|
资源类型 |
云服务 |
Action |
最小权限策略 |
|---|---|---|---|
|
存储 |
对象存储(KS3) |
ks3:ListBuckets |
KS3ReadOnlyAccess |
谷歌云资源采集
采集谷歌云各类资源所需的权限参见下表。
|
资源类型 |
云服务 |
权限 |
角色(角色ID) |
|---|---|---|---|
|
主机 |
Compute Engine |
compute.instances.list |
Compute Viewer(roles/compute.viewer) |
|
compute.machineTypes.get |
|||
|
compute.disks.get |
|||
|
compute.networks.get |
|||
|
compute.regions.get |
|||
|
存储 |
Cloud Storage |
storage.buckets.list |
Storage Admin(roles/storage.admin) 或 Viewer(roles/viewer) |
|
storage.objects.list |
Storage Object Viewer(roles/storage.objectViewer) 或 Storage Admin(roles/storage.admin) |
||
|
Compute Engine(obs) |
compute.regions.get |
Compute Viewer(roles/compute.viewer) |
|
|
compute.networks.list |
|||
|
Cloud Filestore |
file.instances.list |
Cloud Filestore Viewer(roles/file.viewer) |
|
|
数据库 |
Cloud SQL |
cloudsql.instances.list |
Cloud SQL Viewer(roles/cloudsql.viewer) |
|
cloudsql.databases.list |
|||
|
cloudsql.tiers.list |
不需要角色 |
||
|
中间件 |
Memorystore Redis |
redisService.instances.list |
Cloud Memorystore Redis Viewer(roles/redis.viewer) |
|
redisService.clusters.list |
|||
|
容器 |
Kubernetes Engine |
container.clusters.list |
Kubernetes Engine Cluster Viewer(roles/container.clusterViewer) |
|
Compute Engine(k8s) |
compute.regions.get |
Compute Viewer(roles/compute.viewer) |
|
|
compute.networks.list |
|||
|
compute.subnetworks.list |
|||
|
网络 |
Compute Engine(clb) |
compute.firewalls.list |
Compute Viewer(roles/compute.viewer) |
|
compute.forwardingRules.list |
|||
|
compute.globalForwardingRules.list |
|||
|
compute.backendServices.get |
|||
|
compute.networks.list |
|||
|
compute.subnetworks.list |
|||
|
Compute Engine(eip) |
compute.addresses.list |
||
|
compute.globalAddresses.list |
|||
|
compute.regions.get |
|||
|
compute.instances.list |
|||
|
Compute Engine(route table) |
compute.routes.list |
||
|
compute.networks.list |
|||
|
compute.subnetworks.list |
|||
|
Compute Engine(vpc) |
compute.networks.list |
||
|
compute.subnetworks.list |
|||
|
Compute Engine(security group) |
compute.firewalls.list |
