Help Sheet - Prepare for Appliance Import Jobs
Use this help sheet to prepare and use your Data Transfer Appliance.
Preparing
Install the OCI Command Line Interface on the Linux machine where the data will be copied from and the Data Transfer Appliance will be mounted. You should have root access to the Linux machine.
Installation instructions are located at: Install CLI.
On the machine where data will be copied from generate public/private keys for the user(s) who will do the data copy, run the following command:
oci setup keysSee Required Keys and OCIDs for more information on keys.
-
Login to OCI with an Administrative user for the tenancy.
-
Create the user policies. Ensure that the policies include the following:
Allow group group_name to {DTA_ENTITLEMENT_CREATE} in tenancySee Managing Policies for more information on policies.
- Create a compartment where the transfer job and landing bucket will reside. This compartment must be in a region that supports usage pf the Data Transfer Appliance.
See Managing Compartments for more information on compartments.
- Create the necessary user accounts for those individuals who will copy data to the appliance. Include the public key that was previously generated.
- Create a group for the user who will copy data to the appliance. Include the following policies in the group:
Allow group group_name to manage data-transfer-jobs in compartment compartment_name Allow group group_name to manage buckets in compartment compartment_name Allow group group_name to manage objects in compartment compartment_nameSee Managing Groups for more information on groups.
If you want to include notifications for the group, includes these additional policies:
Allow group group name to manage ons-topics in tenancy Allow group group name to manage ons-subscriptions in tenancy Allow group group name to manage cloudevents-rules in tenancy Allow group group name to inspect compartments in tenancySee Notifications for more information on notifications.
See Overview of Events for more information on events.
-
Create an upload user for Oracle personnel to upload data into the bucket.
See Managing Users for more information on users.
-
Create a group for the upload user, and include the public key that was previously generated.
See Managing Groups for more information on groups.
-
Add the following policies for the upload user group:
Allow group group_name to manage buckets in compartment compartment_name where all { request.permission='BUCKET_READ', target.bucket.name='bucket_name' } Allow group group_name to manage objects in compartment compartment_name where all { target.bucket.name='bucket_name', any { request.permission='OBJECT_CREATE', request.permission='OBJECT_OVERWRITE', request.permission='OBJECT_INSPECT' }}The permissions for upload users allow Oracle personnel to upload standard and multi-part objects on your behalf and inspect bucket and object metadata. The permissions do not allow Oracle personnel to inspect the actual data.
See Managing Policies for more information on policies
-
Open firewall to OCI Data Transfer Service on the IP address ranges:
140.91.0.0/16
-
Open firewall to OCI Object Storage IP address ranges:
134.70.0.0/17
Creating the Transfer Job
Run these command line items on the host where you plan on mounting USB HDD and copying data and/or the host that you will use to manage the data transfer job:
-
As root, create the configuration files:
sudo bash mkdir /root/.oci cd /root/.oci vi config [DEFAULT] user=<The OCID for the data transfer administrator> fingerprint=<The fingerprint of the above user's public key> key_file=<The _absolute_ path to the above user's private key file on the host machine> tenancy=<The OCID for the tenancy that owns the data transfer job and bucket> region=<The region where the transfer job and bucket should exist. Valid values are: us-ashburn-1, us-phoenix-1, eu-frankfurt-1, and uk-london-1.> vi config_upload_user [DEFAULT] user=<The OCID for the data transfer upload user> fingerprint=<The fingerprint of the above user's public key> key_file=<The _absolute_ path to the above user's private key file on the host machine> tenancy=<The OCID for the tenancy that owns the data transfer job and bucket> region=<The region where the transfer job and bucket should exist. Valid values are: us-ashburn-1, us-phoenix-1, eu-frankfurt-1, and uk-london-1.> endpoint=https://objectstorage.<region information>.com -
Get the tenancy namespace:
oci os ns get -
Create a bucket in the compartment created for the transfer job
oci os bucket create –namespace object_storage_namespace --name bucket_name --compartment-id compartment_id -
Verify the data transfer upload user credentials:
dts job verify-upload-user-credentials --bucket bucket_name -
Create the transfer job:
oci dts job create -–bucket bucket_name --compartment-id compartment_id --display-name display_nameThe job OCID is displayed in the CLI return after you create the job. Send this job OCID to the person who will copy data to the disk.
-
(Optional) Add notifications:
oci dts job setup-notifications --job-id job_id -
Request the appliance:
oci dts appliance request --job-id job_id --addressee addressee --care-of care_of --address1 address_line1 --city-or-locality city_or_locality --state-province-region state_province_region --country country --zip-postal-code zip_postal_code --phone-number phone_number --email emailNote the appliance label in the output (the label will begin with "XA"). You will need to this label value for other commands involving the appliance.
To include job notifications when requesting an import appliance, include the
--setup-notificationsoption:oci dts appliance request --job-id job_id --addressee addressee --address1 address_line1 --city-or-locality city_or_locality --state-or-region state_or_region --country country --zip-postal_code zip_code ... --setup-notificationsIf you have already made your appliance request without including notifications, but subsequently want to include them, run the following:
oci dts appliance setup-notifications --appliance-label appliance_label