← 返回 Skills 市场
pintudeyudi

Huawei Cloud Cce Container Migration Planner

作者 shijingcheng · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
22
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install huawei-cloud-cce-container-migration-planner
功能描述
Huawei Cloud CCE container migration planning skill using Python SDK dispatcher for read-only resource inventory, dependency mapping, migration batch design,...
使用说明 (SKILL.md)

\r \r

Huawei Cloud CCE Container Migration Planner\r

\r

⚠️ Execution Method (Must Read): This skill executes queries via the local Python dispatcher script. Using hcloud, openstack, or other CLI tools or direct API calls is prohibited.\r \r

  • The dispatcher script is located at scripts/huawei-cloud.py within the skill directory\r
  • All scripts and environment check scripts are inside the skill package. You must use skill action=exec to execute them. Do not run them directly in a shell.\r
  • Do not attempt hcloud, openstack, curl IAM, or any other CLI/API methods. This skill does not depend on those tools.\r
  • All paths are relative to the skill directory, which is the directory where this SKILL.md is located.\r \r

Overview\r

\r This skill plans Huawei Cloud CCE container migrations by inventorying source clusters, mapping dependencies, designing migration batches, and generating risk assessments with rollback strategies. It performs read-only resource discovery and planning only — it does NOT create target resources, modify networks, migrate data, or delete source resources.\r \r Architecture: Python dispatcher (scripts/huawei-cloud.py) → Huawei Cloud Python SDK + Kubernetes client → CCE clusters, node pools, addons, workloads, Services, Ingresses, PVCs, PVs, ConfigMaps, Secrets, VPC, subnets, security groups, ELB, EIP, EVS, SFS/SFS Turbo → Dependency matrix → Migration batches → Risk assessment → Rollback & validation plans → Output report\r \r Related Skills:\r \r | Skill | Purpose |\r |-------|---------|\r | huawei-cloud-cce-availability-risk-scanner | Scan availability risks before migration |\r | huawei-cloud-cce-dependency-impact-analyzer | Analyze dependency impact for changes |\r | huawei-cloud-cce-change-impact-analyzer | Assess change impact before migration |\r | huawei-cloud-cce-daily-cluster-inspector | Pre-migration cluster health inspection |\r | huawei-cloud-cce-cost-optimization-advisor | Cost analysis for migration sizing |\r \r Capabilities:\r \r

  1. CCE cluster inventory: clusters, node pools, addons, network model, key configurations\r
  2. Workload inventory: Deployments, StatefulSets, DaemonSets, Services, Ingresses, PVCs, PVs, ConfigMaps, Secrets\r
  3. Cloud resource inventory: VPC, subnets, security groups, ELB, EIP, EVS, SFS/SFS Turbo\r
  4. Dependency matrix construction: ingress traffic, service dependencies, storage dependencies, configuration dependencies, external system dependencies\r
  5. Migration batch design with validation points, rollback strategies, and downtime windows\r
  6. Risk assessment with severity classification and manual confirmation checklists\r
  7. Structured output following the migration planning schema\r \r Typical Use Cases:\r \r
  • "Plan migration from my CCE cluster to another region"\r
  • "Inventory all workloads and dependencies in my CCE cluster"\r
  • "Design migration batches for a multi-cluster migration"\r
  • "Assess risks for a CCE version upgrade migration"\r
  • "Build a dependency matrix for my container workloads"\r
  • "Generate a rollback plan for cluster migration"\r
  • "Plan hybrid cloud migration from CCE"\r
  • "Create a migration assessment report with risk classification"\r \r

Prerequisites\r

\r

1. Python Requirements (MANDATORY)\r

\r

  • Python >= 3.6 installed\r
  • Required packages: huaweicloudsdkcore, huaweicloudsdkcce, huaweicloudsdkvpc, huaweicloudsdkecs, huaweicloudsdkevs, huaweicloudsdkeip, huaweicloudsdkelb, huaweicloudsdkiam, kubernetes\r
  • Verify: python3 --version\r
  • Install packages: pip3 install huaweicloudsdkcore huaweicloudsdkcce huaweicloudsdkvpc huaweicloudsdkecs huaweicloudsdkevs huaweicloudsdkeip huaweicloudsdkelb huaweicloudsdkiam kubernetes\r \r

2. Credential Configuration\r

\r

  • Valid Huawei Cloud credentials (AK/SK mode)\r
  • Security Rules:\r
    • 🚫 Never expose AK/SK values in code, conversation, or commands\r
    • 🚫 Never use echo $HUAWEI_AK or echo $HUAWEI_SK to check credentials\r
    • 🚫 Never write credentials to files, logs, or responses\r
    • ✅ Use environment variables: HUAWEI_AK, HUAWEI_SK, HUAWEI_REGION\r
    • ✅ Credentials exist only in the current request call stack and are released after each invocation\r
    • ✅ Prefer IAM users over root account for cloud operations\r \r Configuration Method (Environment Variables Only):\r \r
export HUAWEI_AK=\x3Cyour-ak>\r
export HUAWEI_SK=\x3Cyour-sk>\r
export HUAWEI_REGION=cn-north-4\r
```\r
\r
**Additional Variables**:\r
\r
| Variable | Required | Description |\r
|----------|----------|-------------|\r
| `HUAWEI_AK` | Yes | Huawei Cloud Access Key |\r
| `HUAWEI_SK` | Yes | Huawei Cloud Secret Key |\r
| `HUAWEI_REGION` | No | Default region (overrides `region` param if set) |\r
| `HUAWEI_PROJECT_ID` | No | Project ID (auto-obtained via IAM API when not set) |\r
| `HUAWEI_SECURITY_TOKEN` | No | Required when using temporary AK/SK |\r
\r
### 3. IAM Permission Requirements\r
\r
| API Action | Service | Purpose |\r
|------------|---------|---------|\r
| CCE cluster read | CCE | `huawei_list_cce_clusters` |\r
| CCE node read | CCE | `huawei_list_cce_nodes` |\r
| CCE nodepool read | CCE | `huawei_list_cce_nodepools` |\r
| CCE addon read | CCE | `huawei_list_cce_addons` |\r
| CCE workload read | CCE | `huawei_get_cce_deployments` |\r
| CCE Service read | CCE | `huawei_get_cce_services` |\r
| CCE Ingress read | CCE | `huawei_get_cce_ingresses` |\r
| CCE PVC read | CCE | `huawei_get_cce_pvcs` |\r
| CCE PV read | CCE | `huawei_get_cce_pvs` |\r
| CCE ConfigMap read | CCE | `huawei_list_cce_configmaps` |\r
| CCE Secret read | CCE | `huawei_list_cce_secrets` |\r
| VPC read | VPC | `huawei_list_vpc`, `huawei_list_vpc_subnets`, `huawei_list_security_groups` |\r
| ELB read | ELB | `huawei_list_elb` |\r
| EIP read | EIP | `huawei_list_eip` |\r
| EVS read | EVS | `huawei_list_evs` |\r
| SFS read | SFS | `huawei_list_sfs`, `huawei_list_sfs_turbo` |\r
\r
**Permission Failure Handling**:\r
\r
1. When any action fails due to permission errors, display the required permission list\r
2. Guide the user to create a custom policy in the IAM console\r
3. Pause execution and wait for user confirmation that permissions have been granted\r
4. Retry the failed action\r
\r
## Core Commands\r
\r
All actions are invoked via the dispatcher script:\r
\r
```bash\r
python3 scripts/huawei-cloud.py \x3Caction> region=\x3Cregion> cluster_id=\x3Ccluster_id> [key=value ...]\r
```\r
\r
### 1. CCE Cluster Inventory\r
\r
| Action | Required Params | Description |\r
|--------|----------------|-------------|\r
| `huawei_list_cce_clusters` | `region` | List CCE clusters in the region |\r
| `huawei_list_cce_nodes` | `region`, `cluster_id` | List cluster nodes |\r
| `huawei_list_cce_nodepools` | `region`, `cluster_id` | List node pools |\r
| `huawei_list_cce_addons` | `region`, `cluster_id` | List installed addons |\r
\r
### 2. Workload Inventory\r
\r
| Action | Required Params | Description |\r
|--------|----------------|-------------|\r
| `huawei_get_cce_deployments` | `region`, `cluster_id` | List Deployments |\r
| `huawei_get_cce_services` | `region`, `cluster_id` | List Services |\r
| `huawei_get_cce_ingresses` | `region`, `cluster_id` | List Ingresses |\r
| `huawei_get_cce_pvcs` | `region`, `cluster_id` | List PersistentVolumeClaims |\r
| `huawei_get_cce_pvs` | `region`, `cluster_id` | List PersistentVolumes |\r
| `huawei_list_cce_configmaps` | `region`, `cluster_id` | List ConfigMaps |\r
| `huawei_list_cce_secrets` | `region`, `cluster_id` | List Secrets (existence only, no values) |\r
\r
### 3. Cloud Resource Inventory\r
\r
| Action | Required Params | Description |\r
|--------|----------------|-------------|\r
| `huawei_list_vpc` | `region` | List VPCs |\r
| `huawei_list_vpc_subnets` | `region`, `vpc_id` | List subnets in a VPC |\r
| `huawei_list_security_groups` | `region` | List security groups |\r
| `huawei_list_elb` | `region` | List Elastic Load Balancers |\r
| `huawei_list_eip` | `region` | List Elastic IPs |\r
| `huawei_list_evs` | `region` | List EVS disks |\r
| `huawei_list_sfs` | `region` | List SFS file systems |\r
| `huawei_list_sfs_turbo` | `region` | List SFS Turbo file systems |\r
\r
### 4. Example Commands\r
\r
```bash\r
# List clusters for migration scope\r
python3 scripts/huawei-cloud.py huawei_list_cce_clusters region=cn-north-4\r
\r
# Inventory cluster workloads\r
python3 scripts/huawei-cloud.py huawei_get_cce_deployments region=cn-north-4 cluster_id=\x3Ccluster_id>\r
\r
# Inventory networking resources\r
python3 scripts/huawei-cloud.py huawei_get_cce_services region=cn-north-4 cluster_id=\x3Ccluster_id>\r
python3 scripts/huawei-cloud.py huawei_get_cce_ingresses region=cn-north-4 cluster_id=\x3Ccluster_id>\r
\r
# Inventory storage resources\r
python3 scripts/huawei-cloud.py huawei_get_cce_pvcs region=cn-north-4 cluster_id=\x3Ccluster_id>\r
python3 scripts/huawei-cloud.py huawei_get_cce_pvs region=cn-north-4 cluster_id=\x3Ccluster_id>\r
\r
# Inventory cloud resources\r
python3 scripts/huawei-cloud.py huawei_list_vpc region=cn-north-4\r
python3 scripts/huawei-cloud.py huawei_list_elb region=cn-north-4\r
python3 scripts/huawei-cloud.py huawei_list_evs region=cn-north-4\r
```\r
\r
## Parameter Reference\r
\r
### Common Parameters\r
\r
| Parameter | Required | Description | Default |\r
|-----------|----------|-------------|---------|\r
| `region` | Yes | Huawei Cloud region (e.g., `cn-north-4`) | - |\r
| `cluster_id` | Yes (most actions) | CCE cluster ID | - |\r
| `namespace` | Context-dependent | Kubernetes namespace | - |\r
| `vpc_id` | Yes (subnet listing) | VPC ID for subnet queries | - |\r
\r
### Common Region IDs\r
\r
| Region Name | Region ID |\r
|-------------|-----------|\r
| North China - Beijing 4 | `cn-north-4` |\r
| North China - Beijing 1 | `cn-north-1` |\r
| East China - Shanghai 1 | `cn-east-3` |\r
| East China - Shanghai 2 | `cn-east-2` |\r
| South China - Guangzhou | `cn-south-1` |\r
| South China - Shenzhen | `cn-south-4` |\r
| Southwest China - Guiyang 1 | `cn-southwest-2` |\r
| Asia Pacific - Bangkok | `ap-southeast-2` |\r
| Asia Pacific - Singapore | `ap-southeast-1` |\r
| Asia Pacific - Hong Kong | `ap-southeast-3` |\r
| Europe - Paris | `eu-west-0` |\r
\r
## Output Format\r
\r
See [Output Schema](references/output-schema.md) for the complete JSON response structure.\r
\r
**Key Output Fields**:\r
\r
| Field | Description |\r
|-------|-------------|\r
| `summary` | Migration planning summary with scope description |\r
| `source` | Source region and cluster ID |\r
| `inventory.clusters` | CCE cluster inventory |\r
| `inventory.nodepools` | Node pool inventory |\r
| `inventory.workloads` | Workload inventory (Deployments, Services, Ingresses, etc.) |\r
| `inventory.networking` | Networking inventory (VPC, subnets, security groups, ELB, EIP) |\r
| `inventory.storage` | Storage inventory (PVC/PV, EVS, SFS/SFS Turbo) |\r
| `inventory.configuration` | Configuration inventory (ConfigMaps, Secrets existence only) |\r
| `dependency_matrix` | Dependency relationships (ingress traffic, service calls, storage bindings, config references, external systems) |\r
| `migration_batches` | Migration batch design with validation points and downtime windows |\r
| `risks` | Risk list with severity classification and mitigation strategies |\r
| `rollback_plan` | Rollback strategy per batch |\r
| `validation_plan` | Validation steps per batch |\r
\r
## Verification\r
\r
To verify this skill is working correctly:\r
\r
1. **Credential check**: Run `python3 scripts/huawei-cloud.py huawei_list_cce_clusters region=cn-north-4` and confirm it returns cluster data\r
2. **Workload inventory**: Run `python3 scripts/huawei-cloud.py huawei_get_cce_deployments region=cn-north-4 cluster_id=\x3Ccluster_id>` and confirm it returns deployment data\r
3. **Cloud resource inventory**: Run `python3 scripts/huawei-cloud.py huawei_list_vpc region=cn-north-4` and confirm it returns VPC data\r
4. **Read-only boundary**: Verify that no create, delete, scale, migrate, bind, unbind, or modify actions are invoked\r
\r
## Best Practices\r
\r
1. **Start with scope confirmation**: Confirm migration goal (same-region, cross-region, multi-cluster, hybrid cloud, version upgrade, or architecture adjustment) before inventory\r
2. **Full inventory first**: Always inventory all resource categories (cluster, workloads, networking, storage, configuration) before building dependency matrix\r
3. **Secret handling**: Only record Secret existence, name, and purpose — never output sensitive values\r
4. **Desensitization**: All `project_id`, AK/SK, tokens, and certificates in output must be masked or omitted\r
5. **Dependency matrix**: Build dependency matrix covering ingress traffic, service dependencies, storage dependencies, configuration dependencies, and external system dependencies\r
6. **Batch design**: Design migration batches with clear validation points, rollback strategies, and downtime windows per batch\r
7. **Manual confirmation**: All execution actions must be placed in a manual confirmation checklist — this skill does NOT execute changes\r
8. **Risk assessment**: Use `huawei-cloud-cce-availability-risk-scanner` as a pre-migration health check before finalizing the migration plan\r
\r
## Reference Documents\r
\r
| Document | Description |\r
|----------|-------------|\r
| [Workflow](references/workflow.md) | Migration planning workflow, inventory steps, dependency mapping, and batch design process |\r
| [Risk Rules](references/risk-rules.md) | Safety constraints, prohibited actions, and authorization boundaries |\r
| [Output Schema](references/output-schema.md) | Complete JSON response format for migration planning results |\r
\r
## Notes\r
\r
- **Read-only by design** — this skill does NOT create target resources, modify networks, migrate data, or delete source resources\r
- **Secret safety** — Secret inventory only records existence, name, and purpose; sensitive values are never exposed\r
- **Desensitization** — all project_id, AK/SK, tokens, and certificates in output are masked or omitted\r
- **Manual confirmation** — all execution actions are placed in a confirmation checklist; no auto-execution\r
- **All actions are executed via `python3 scripts/huawei-cloud.py \x3Caction>`; do not use hcloud CLI or direct API calls**\r
- **Never expose or log AK/SK or environment variable values**\r
\r
## Common Pitfalls\r
\r
| Pitfall | Symptom | Quick Fix |\r
|---------|---------|-----------|\r
| Skipping dependency mapping | Migration batches miss cross-service dependencies | Always build dependency matrix before batch design |\r
| Exposing Secret values | Output contains sensitive Secret data | Only record Secret existence and name; never output values |\r
| Unmasked credentials | Output contains project_id, AK/SK, or tokens | Mask or omit all credential fields in output |\r
| Missing cloud resource inventory | Migration plan ignores VPC/ELB/EVS dependencies | Include all cloud resource categories in inventory |\r
| No rollback strategy | Migration batch has no rollback plan | Every batch must include a rollback strategy and validation steps |\r
| Ignoring downtime windows | Migration plan schedules batches during peak hours | Align batch design with business downtime windows |\r
| Assuming migration can execute | Skill attempts to create target resources | This skill is read-only; all execution goes to manual confirmation checklist |\r
| Wrong cluster_id | API returns 404 or empty results | Verify cluster ID via `huawei_list_cce_clusters` |\r
| Credential permission denied | API returns 403 | Check IAM permissions for CCE/VPC/ELB/EVS/SFS read access |
安全使用建议
Install only if you intend to grant this package broad Huawei Cloud and Kubernetes administration capability, not just read-only migration planning. Prefer a read-only IAM/RBAC account, avoid production write credentials, do not enable Secret data or log collection unless needed, and review or remove the undocumented mutating dispatcher actions before use.
能力标签
requires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
The SKILL.md, Chinese skill file, workflow, risk rules, and skill-profile all describe inventory and planning only, but the dispatcher registers create, delete, scale, resize, rollback, node drain/cordon, addon install/update/uninstall, EIP bind/unbind, HPA configure, AOM alarm administration, and remediation actions.
Instruction Scope
The user-facing instructions and profile list a narrow read-only action set, while the executable dispatcher accepts many undocumented high-impact actions. Some dangerous actions require confirm=true, but several creation/reconfiguration actions do not have an explicit confirmation gate.
Install Mechanism
No separate installer, autostart hook, or hidden persistence mechanism was found. The skill does require Python packages and Huawei Cloud credentials to run the dispatcher.
Credentials
Huawei AK/SK credentials and Kubernetes cluster certificate generation are coherent for inventory, but the exposed actions go beyond least-privilege read-only migration planning. The code can also retrieve pod/application/audit logs and optionally include Kubernetes Secret data.
Persistence & Privilege
No background persistence was found, but the code writes Kubernetes client certificate/key material to /tmp or temporary files, sometimes with fixed paths, and can write reports/history to caller-supplied local paths. This is under-disclosed relative to the stated security rules.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install huawei-cloud-cce-container-migration-planner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /huawei-cloud-cce-container-migration-planner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release
元数据
Slug huawei-cloud-cce-container-migration-planner
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Huawei Cloud Cce Container Migration Planner 是什么?

Huawei Cloud CCE container migration planning skill using Python SDK dispatcher for read-only resource inventory, dependency mapping, migration batch design,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 22 次。

如何安装 Huawei Cloud Cce Container Migration Planner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install huawei-cloud-cce-container-migration-planner」即可一键安装,无需额外配置。

Huawei Cloud Cce Container Migration Planner 是免费的吗?

是的,Huawei Cloud Cce Container Migration Planner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Huawei Cloud Cce Container Migration Planner 支持哪些平台?

Huawei Cloud Cce Container Migration Planner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Huawei Cloud Cce Container Migration Planner?

由 shijingcheng(@pintudeyudi)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论