Migrating a local SMC server to a cloud-based SMC server

If you wish to host your local SMC server in the cloud, you can migrate it from your hypervisor to the Amazon Web Services or 3DS Outscale cloud, while keeping its configuration and the configuration on your SNS firewalls.

To migrate an existing local SMC server to the cloud, you must first install an SMC server in the AWS or 3DS Outscale cloud. Refer to these sections to find out how to do so:

To migrate an existing local SMC server to the AWS cloud, follow the major steps below:

  • Edit the configuration of local SMC server,

  • Create a user ec2-user on the local SMC server,

  • Migrate the server to the SMC server hosted in the AWS cloud installed earlier.

Follow the detailed procedure below to proceed with the migration:

  1. Log in to the local SMC server in SSH using the “root” user account.

  2. Run the following commands to edit the configuration of the server:

    sed -i -E 's/^#*(PasswordAuthentication).*$/\1 no/g' /data/users/ssh/sshd_config
    sed -i -E 's/^#*(PermitRootLogin).*$/\1 no/g' /data/users/ssh/sshd_config
    sed -i -E 's/(\/data\/ssh)(.*)/\1\/\%u\2/' /data/users/ssh/sshd_config

  1. Run the following commands to create the user ec2-user on the local SMC server:

    echo "ec2-user:x:99999:65534::/home/ec2-user:/bin/sh" >> /etc/passwd
    echo "ec2-user:!:18908:0:99999:7:::" >> /etc/shadow
    echo "ec2-user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ec2-user
    echo "[[ \${USER} == "ec2-user" ]] && sudo -i" > /etc/profile.d/ec2-user.sh

  2. On the SMC server on AWS, copy the folder ec2-user and its contents found in /data/ssh/ on the local SMC server.

  3. Ensure that the folder ec2-user contains a file named authorized_keys.ec2-user.

  4. Run the following command to grant the necessary privileges to the copied folder:

    chown -R ec2-user:nogroup /data/ssh/ec2-user

  5. Restart the sshd service by using the command /etc/init.d/sshd restart.

  6. Ensure that you are able to connect to the local SMC server in SSH as the user ec2-user and with the AWS SSH key.

  7. Adapt the following script, then run it from the local SMC server on the SNS firewalls connected to your server, so that you can provide them with the contact address of the SMC server on AWS:

    CONFIG FWADMIN CONTACT ADD address=<contact address of the AWS-based SMC> port=<port of the AWS-based SMC>
    CONFIG FWADMIN ACTIVATE

  8. Check on one of the SNS firewalls whether the new IP address has been applied, by using the CLI command CONFIG FWADMIN CONTACT LIST.

  9. Your local SMC server must have only one network interface. Configure it as a DHCP interface where necessary.

  10. You are now about to migrate the local server to the AWS server. Back up the configuration of the local SMC server, then shut down the virtual machine.

  11. Restore the backup on the AWS SMC server.

  12. Ensure that you are able to connect to the AWS SMC server in SSH as the user ec2-user and with the AWS SSH key.

  13. Delete the contact address of the local SMC server on the attached SNS firewalls with the following operations:

    1. Run the following CLI command on the firewalls connected to the AWS SMC server to identify the position of the local SMC server's contact address:

      CONFIG FWADMIN CONTACT LIST

      The command output should look like this:

      pos=1 address=<contact address of the local SMC> port=<port of the local SMC> bindaddr=
      pos=2 address=<contact address of the AWS-based SMC> port=<port of the AWS-based SMC> bindaddr=

    2. On the AWS-based SMC server, run the following script on the SNS firewalls attached to your server:

      CONFIG FWADMIN CONTACT REMOVE pos=<position of the local SMC's contact address>
      CONFIG FWADMIN ACTIVATE

To migrate an existing local SMC server to the 3DS Outscale cloud, follow the major steps below:

  • Edit the configuration of local SMC server,

  • Create an Outscale user on the local SMC server,

  • Migrate the server to the SMC server hosted in the 3DS Outscale cloud installed earlier.

Follow the detailed procedure below to proceed with the migration:

  1. Log in to the local SMC server in SSH using the “root” user account.

  2. Run the following commands to edit the configuration of the server:

    sed -i -E 's/^#*(PasswordAuthentication).*$/\1 no/g' /data/users/ssh/sshd_config
    sed -i -E 's/^#*(PermitRootLogin).*$/\1 no/g' /data/users/ssh/sshd_config
    sed -i -E 's/(\/data\/ssh)(.*)/\1\/\%u\2/' /data/users/ssh/sshd_config

  1. Run the following commands to create the Outscale user on the local SMC server:

    echo "outscale:x:99999:65534::/home/outscale:/bin/sh" >> /etc/passwd
    echo "outscale:!:18908:0:99999:7:::" >> /etc/shadow
    echo "outscale ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/outscale
    echo "[[ \${USER} == "outscale" ]] && sudo -i" > /etc/profile.d/outscale.sh

  2. On the SMC server on 3DS Outscale, copy the folder outscale and its contents found in /data/ssh/ on the local SMC server.

  3. Ensure that the folder outscale contains a file named authorized_keys.outscale.

  4. Run the following command to grant the necessary privileges to the copied folder:

    chown -R outscale:nogroup /data/ssh/outscale

  5. Restart the sshd service by using the command /etc/init.d/sshd restart.

  6. Ensure that you are able to connect to the local SMC server in SSH as the Outscale user and with the 3DS Outscale SSH key.

  7. Adapt the following script, then run it from the local SMC server on the SNS firewalls connected to your server, so that you can provide them with the contact address of the SMC server on 3DS Outscale:

    CONFIG FWADMIN CONTACT ADD address=<contact address of the 3DS Outscale SMC> port=<port of the 3DS Outscale SMC>
    CONFIG FWADMIN ACTIVATE

  8. Check on one of the SNS firewalls whether the new IP address has been applied, by using the CLI command CONFIG FWADMIN CONTACT LIST.

  9. Your local SMC server must have only one network interface. Configure it as a DHCP interface where necessary.

  10. You are now about to migrate the local server to the 3DS Outscale server. Back up the configuration of the local SMC server, then shut down the virtual machine.

  11. Restore the backup on the 3DS Outscale SMC server.

  12. Ensure that you are able to connect to the 3DS Outscale SMC server in SSH as the Outscale user and with the 3DS Outscale SSH key.

  13. Delete the contact address of the local SMC server on the attached SNS firewalls with the following operations:

    1. Run the following CLI command on the firewalls connected to the 3DS Outscale SMC server to identify the position of the local SMC server's contact address:

      CONFIG FWADMIN CONTACT LIST

      The command output should look like this:

      pos=1 address=<contact address of the local SMC> port=<port of the local SMC> bindaddr=
      pos=2 address=<contact address of the 3DS Outscale SMC> port=<port of the 3DS Outscale SMC> bindaddr=

    2. On the 3DS Outscale SMC server, run the following script on the SNS firewalls attached to your server:

      CONFIG FWADMIN CONTACT REMOVE pos=<position of the local SMC's contact address>
      CONFIG FWADMIN ACTIVATE