This topic describes how to create a data source in OceanBase Cloud.
Background information
A data source is a collection of database connection information, such as the connection address, port number, username, and password. In OceanBase Cloud, you can configure a data source to quickly establish a database connection during tasks such as data migration and job scheduling, so as to improve the operation efficiency and reliability.
At present, OceanBase Cloud data sources support the following cloud vendors: Amazon Web Services (AWS), Huawei Cloud, Google Cloud, Alibaba Cloud, and Microsoft Azure. Supported database types are OceanBase Database (MySQL and Oracle compatible modes), MySQL (including Aurora MySQL, RDS MySQL, Cloud MySQL, PolarDB MySQL, Azure MySQL, and self-managed MySQL), Oracle (including RDS Oracle and self-managed Oracle), and Kafka (including cloud instance Kafka and self-managed Kafka).
The data source connection type varies based on the database type. You must select a connection type based on your database type.
OceanBase data sources (MySQL and Oracle compatible modes)
OceanBase Cloud provides three connection types for OceanBase data sources.
OceanBase Cloud Instance: This connection type applies to OceanBase Database instances created in the OceanBase Cloud console and realizes quick connection.
Endpoint or public IP: This connection type applies to OceanBase Database instances deployed in AWS, Huawei Cloud, Google Cloud, Alibaba Cloud, or Azure.
Prerequisites
You have created an instance and a tenant of OceanBase Database (MySQL or Oracle compatible mode) in the OceanBase Cloud console, and prepared a database account.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source > OceanBase MySQL Compatible or OceanBase Oracle Compatible based on the actual situation.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select OceanBase Cloud Instance. Region The region of the data source. Instance Type Valid values: Dedicated (Transactional), Shared, and Dedicated (Analytical). This parameter is displayed only when Connection Type is set to OceanBase Cloud Instance. Notice
Migration supports only the Dedicated (Transactional) and Dedicated (Analytical) instance types.
Instance Select the target instance from the drop-down list. This parameter is displayed only when Connection Type is set to OceanBase Cloud Instance. Database Account The username of a user in OceanBase Database. Password The password of the database user. Click Test Connection.
After the test succeeds, click Save.
Prerequisites
You have created an endpoint service on AWS, Huawei Cloud, Google Cloud, Alibaba Cloud, or Azure, and have the privilege to modify the endpoint allowlist.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source > OceanBase MySQL Compatible or OceanBase Oracle Compatible based on the actual situation.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select Endpoint. Region The region of the data source. Connection Information Enter the name of the endpoint service of the selected cloud vendor. Instance The ID or name of the instance to which the OceanBase database belongs. You can view the ID or name of the target instance on the Instances page. Note
When the cloud vendor is Alibaba Cloud, you can also select a cross-account authorized instance of an Alibaba Cloud account. For more information, see Alibaba Cloud account authorization.
Tenant The ID or name of the OceanBase Database tenant. Database Account The username of a user in OceanBase Database. Password The password of the database user. If you set Connection Type to Endpoint, you can choose whether to configure advanced settings as needed.
Notice
If incremental synchronization is required in your migration task, you must also toggle on sys Tenant Account and OBLogProxy.
Parameter Description sys Tenant Account After you toggle on sys Tenant Account, you must specify sys Account and Password. - sys Account: the username of the user in the sys tenant. The user reads incremental logs of OceanBase Database and obtains database object schemas. You must create the user in the sys tenant of your business cluster.
- Password: the password of the user.
OBLogProxy After you toggle on OBLogProxy, you must specify OBLogProxy connection information. oblogproxy is a proxy service for managing incremental logs of OceanBase Database. It provides project intervention and management capabilities as services to allow applications to access and manage real-time incremental logs of OceanBase Database. It also addresses the need for incremental log subscriptions in network isolation mode. The value is in the format of oblogproxy IP address:oblogproxy port number.Click Test Connection.
After the test succeeds, click Save.
Prerequisites
You have the privilege to modify the security group allowlist of AWS, Huawei Cloud, Google Cloud, Alibaba Cloud, or Azure.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source > OceanBase MySQL Compatible or OceanBase Oracle Compatible based on the actual situation.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select Public IP. Region The region of the data source. Connection Information Enter the IP address or host name to connect. Instance The ID or name of the instance to which the OceanBase database belongs. You can view the ID or name of the target instance on the Instances page. Note
When the cloud vendor is Alibaba Cloud, you can also select a cross-account authorized instance of an Alibaba Cloud account. For more information, see Alibaba Cloud account authorization.
Tenant The ID or name of the OceanBase Database tenant. Database Account The username of a user in OceanBase Database. Password The password of the database user. If you set Connection Type to Public IP, you can choose whether to configure advanced settings as needed.
Notice
If incremental synchronization is required in your migration task, you must also toggle on sys Tenant Account and OBLogProxy.
Parameter Description sys Tenant Account After you toggle on sys Tenant Account, you must specify sys Account and Password. - sys Account: the username of the user in the sys tenant. The user reads incremental logs of OceanBase Database and obtains database object schemas. You must create the user in the sys tenant of your business cluster.
- Password: the password of the user.
OBLogProxy After you toggle on OBLogProxy, you must specify OBLogProxy connection information. oblogproxy is a proxy service for managing incremental logs of OceanBase Database. It provides project intervention and management capabilities as services to allow applications to access and manage real-time incremental logs of OceanBase Database. It also addresses the need for incremental log subscriptions in network isolation mode. The value is in the format of oblogproxy IP address:oblogproxy port number.Click Test Connection.
After the test succeeds, click Save.
MySQL data sources
OceanBase Cloud provides two connection types for MySQL data sources: Endpoint and Public IP.
Prerequisites
You have created an endpoint service on AWS, Huawei Cloud, Google Cloud, Alibaba Cloud, or Azure, and have the privilege to modify the endpoint allowlist.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, choose Data Services > Data Source.
On the Data Source page, choose Create Data Source > MySQL.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select Endpoint. You must add the account ID displayed on the page to the allowlist of your endpoint service. This way, the endpoint of this account can connect to your endpoint service. For more information, see the corresponding topic under Connect via private network. - If you set Cloud Vendor to AWS and select Require acceptance for endpoint when you create your endpoint service, you are prompted to go to the Amazon Virtual Private Cloud (VPC) console and select Accept endpoint connection request to accept the connection request when Migration connects to PrivateLink for the first time.
- If you set Cloud Vendor to Google Cloud, add an authorized project to Published Services. After that, no manual authorization is required during a data source connection test.
Region The region of the data source. Instance Type - When Cloud Vendor is set to Alibaba Cloud, instance types RDS MySQL, PolarDB MySQL, and Self-managed MySQL are supported.
- When Cloud Vendor is set to AWS, instance types Aurora MySQL, RDS MySQL, and Self-managed MySQL are supported.
- When Cloud Vendor is set to Google Cloud, instance types Cloud SQL and Self-managed MySQL are supported.
- When Cloud Vendor is set to Huawei Cloud, instance types RDS MySQL and Self-managed MySQL are supported.
- When Cloud Vendor is set to Azure, instance types Azure MySQL and Self-managed MySQL are supported.
Connection Information Enter the name of the endpoint service of the selected cloud vendor. Database Account The username of a user in the MySQL database. Password The password of the database user. Click Test Connection.
After the test succeeds, click Save.
Prerequisites
You have the privilege to modify the security group allowlist of AWS, Huawei Cloud, Google Cloud, Alibaba Cloud, or Azure.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source > MySQL.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select Public IP. You must first add the data source IP address displayed on the page to the allowlist of the MySQL database instance to ensure connectivity. For more information, see the corresponding topic under Connect via public network. Region The region of the data source. Instance Type - When Cloud Vendor is set to Alibaba Cloud, instance types RDS MySQL, PolarDB MySQL, and Self-managed MySQL are supported.
- When Cloud Vendor is set to AWS, instance types Aurora MySQL, RDS MySQL, and Self-managed MySQL are supported.
- When Cloud Vendor is set to Google Cloud, instance types Cloud SQL and Self-managed MySQL are supported.
- When Cloud Vendor is set to Huawei Cloud, instance types RDS MySQL and Self-managed MySQL are supported.
- When Cloud Vendor is set to Azure, instance types Azure MySQL and Self-managed MySQL are supported.
Connection Information Enter the IP address or host name to connect. Database Account The username of a user in the MySQL database. Password The password of the database user. Click Test Connection.
After the test succeeds, click Save.
Oracle data sources
OceanBase Cloud provides two connection types for Oracle data sources: Endpoint and Public IP.
Prerequisites
You have created an endpoint service on AWS, Huawei Cloud, Google Cloud, or Alibaba Cloud, and have the privilege to modify the endpoint allowlist.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source > Oracle.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select Endpoint. You must add the account ID displayed on the page to the allowlist of your endpoint service. This way, the endpoint of this account can connect to your endpoint service. For more information, see the corresponding topic under Connect via private network. - If you set Cloud Vendor to AWS and select Require Acceptance for Require Acceptance for Endpoint when you create your endpoint service, you are prompted to go to the Amazon Virtual Private Cloud (VPC) console and select Accept Endpoint Connection Request to accept the connection request when Migration connects to PrivateLink for the first time.
- If you set Cloud Vendor to Google Cloud, add an authorized project to Published Services. After that, no manual authorization is required during a data source connection test.
Region The region of the data source. Instance Type - When Cloud Vendor is set to AWS, instance types RDS Oracle and Self-managed Oracle are supported.
- When Cloud Vendor is set to Alibaba Cloud, Google Cloud, Huawei Cloud, or Azure, only the Self-managed Oracle instance type is supported.
Connection Information Enter the name of the endpoint service of the selected cloud vendor. Service Name The service name of the Oracle database. Database Account The username of a user in the Oracle database. Password The password of the database user. Click Test Connection.
After the test succeeds, click Save.
Prerequisites
You have the privilege to modify the security group allowlist of AWS, Huawei Cloud, Google Cloud, Alibaba Cloud, or Azure.
You have the privileges of the organization admin or project admin of the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source > Oracle.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor At present, Alibaba Cloud, AWS, Google Cloud, Huawei Cloud, and Azure are supported. Connection Type Select Public IP. You must first add the data source IP address displayed on the page to the allowlist of the Oracle database instance to ensure connectivity. For more information, see the corresponding topic under Connect via public network. Region The region of the data source. Instance Type - When Cloud Vendor is set to AWS, instance types RDS Oracle and Self-managed Oracle are supported.
- When Cloud Vendor is set to Alibaba Cloud, Google Cloud, Huawei Cloud, or Azure, only the Self-managed Oracle instance type is supported.
Connection Information Enter the IP address or host name to connect. Service Name The service name of the Oracle database. Database Account The username of a user in the Oracle database. Password The password of the database user. Click Test Connection.
After the test succeeds, click Save.
Kafka data sources
OceanBase Cloud supports two connection methods for a Kafka instance: Endpoint and Public IP.
Prerequisites
You have created a endpoint service on Alibaba Cloud, AWS, Google Cloud, or Huawei Cloud and have the permission to modify the allowlist of the endpoint service.
You have the permissions of an organization admin or project admin in the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Source.
On the Data Source page, click Create Data Source > Kafka.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor Currently, Alibaba Cloud, AWS, Google Cloud, and Huawei Cloud are supported. Connection Type Select Endpoint. You need to add the account ID displayed on the page to the allowlist of your endpoint service to allow the endpoint to connect to the endpoint service. For more information, see the corresponding topic under Connect via private network. - If you select Cloud Vendor as AWS, and if you selected Acceptance required for the parameter Require acceptance for endpoint when you created the endpoint service, you will be prompted to perform the Accept endpoint connection request operation in the AWS console when the data migration service first connects to the PrivateLink.
- If you select Google Cloud as the cloud vendor, you need to add the authorized project to the published services. After you add the authorization, you do not need to manually authorize the data source when you test the connection.
Region The region where the data source is located. Instance Type The type of the Kafka instance. Valid values: Self-managed Kafka and Cloud Instance Kafka. Connection Information The name of the endpoint service and the Kafka endpoint of the selected cloud vendor. Notice
For Alibaba Cloud Kafka Instance, you can enter only an IP address, not a domain name, when you enter the Kafka endpoint. If you must use a domain name, you need to configure it in the
advertised.listenerparameter of the Kafka instance.You can choose to enable SASL in Security Authentication as needed. If you enable SASL, configure the following parameters.
Parameter Description Authentication Method The authentication method. Valid values: PLAIN, SCRAM-SHA-256, and SCRAM-SHA-512. - The PLAIN authentication method is simple but cannot dynamically change users. It stores usernames and passwords in plaintext, which is not secure.
- SCRAM (Salted Challenge Response Authentication Mechanism) solves security issues by using the traditional username and password authentication mechanism. Kafka supports SCRAM-SHA-256, which can be used together with TLS for secure authentication.
This authentication method allows dynamic user changes, and stores user data in Zookeeper. Before starting a broker, you need to communicate with Zookeeper to create a communication user between the broker and Zookeeper. However, this authentication method stores the username and password in plaintext. - Kafka also supports SCRAM-SHA-512, which can be used together with TLS for secure authentication.
Username The username for data migration. Password The password for data migration. Click Test Connection.
After the test succeeds, click Save.
Prerequisites
You have the permission to modify the allowlist of the security group of AWS, Huawei Cloud, Google Cloud, or Alibaba Cloud.
You have the permissions of an organization admin or project admin in the OceanBase Cloud console.
Procedure
Log in to the OceanBase Cloud console.
In the left-side navigation pane, click Data Services > Data Source.
On the Data Source page, click Create Data Source > Kafka.
In the Create Data Source dialog box, configure the parameters.
Parameter Description Cloud Vendor Currently, Alibaba Cloud, AWS, Google Cloud, and Huawei Cloud are supported. Connection Type Select Public IP. You need to add the data source IP address displayed on the page to the allowlist of the Kafka instance to ensure connectivity. For more information, see the corresponding topic under Select public connection. Region The region where the data source is located. Instance Type The type of the Kafka instance. Valid values: Self-managed Kafka and Cloud Instance Kafka. Connection Information The Kafka endpoint. If the Kafka data source has not been configured with security authentication, a data migration task that uses the data source as the source or destination may fail to connect. Configure the security authentication parameters as follows.
Click Upload File and upload a trusted certificate with the .jks extension.
You can choose to enable SASL as needed. If you enable SASL, configure the following parameters.
Parameter Description Authentication Method The authentication method. Valid values: PLAIN, SCRAM-SHA-256, and SCRAM-SHA-512. - The PLAIN authentication method is simple but cannot dynamically change users. It stores usernames and passwords in plaintext, which is not secure.
- SCRAM (Salted Challenge Response Authentication Mechanism) solves security issues by using the traditional username and password authentication mechanism. Kafka supports SCRAM-SHA-256, which can be used together with TLS for secure authentication.
This authentication method allows dynamic user changes, and stores user data in Zookeeper. Before starting a broker, you need to communicate with Zookeeper to create a communication user between the broker and Zookeeper. However, this authentication method stores the username and password in plaintext. - Kafka also supports SCRAM-SHA-512, which can be used together with TLS for secure authentication.
Username The username for data migration. Password The password for data migration.
Click Test Connection.
After the test succeeds, click Save.