SFTP Gateway 3.x Migration Guide from Version 1.x
SFTP Gateway 3.x adds a number of improvements such as:
- The ability to read and write directly to S3
- Folder management to allow multiple users to read and write to the same location.
If you are an existing SFTP Gateway customer running version 1.x, you can migrate your users and settings to a new SFTP Gateway 3.x stack.
You can also migrate from one 3.x stack to another. Use this to upgrade a single instance to high availability architecture. Or quickly spin up your setup in a different region as a cold failover.
This involves 3 main steps:
- Run an export script to generate a YAML file
- Transfer the YAML file to the new server
- Import the YAML file into the web admin UI
Export existing users
SSH into your 1.0 server, and run the following commands:
cd /home/ec2-user/
wget https://s3.amazonaws.com/thorntech-public-documents/sftpgateway/migration-scripts/sftpgw-export.py
sudo python sftpgw-export.py
This downloads and runs the export script, generating a new file: sftpgw.yml.
This YAML file contains your global settings, as well as the settings for each SFTP user.
Take a look, and make sure each setting is correct.
Transfer the YAML file
The backup artifact is saved in this location:
/home/ec2-user/
Download the YAML file from the old server to your local machine:
scp -i <private.key> ec2-user@<old-server-public-ip>:/home/ec2-user/sftpgw.yml .
Proofing the YAML file
Before we import the backup file into the new server there are a few steps we must take to ensure it successfully imports. These steps involve editing the backup file to remove and check for content within the backup file that may cause it to produce an error during the import process.
Issues that can cause the import process to fail are as listed:
ssh_host_dsa_key: Due to security issues with version 3.x, this host key and pub value need to be removed from the backup file.
SSH-Keys: Blank SSH-Keys, malformed SSH-Keys and sometimes SSH-Keys missing a comment at the end can cause errors while importing.
Lack of sse.option: When you reference an
s3.uploadpathfor a user under its properties, you must also make sure there is also ansse.optionunder its properties for that user.
Importing the file into SFTP Gateway v3
To import the backup artifact, open the web admin portal on your SFTP Gateway v3 instance.
Go to the Settings page.
Toward the bottom, you can upload the .yml file.
You should see a status of which SFTP users were imported.