If you select endpoint as the connection type when you create a data source or data migration task with Alibaba Cloud as the cloud vendor, you must add the account ID displayed on the page to the allowlist of your endpoint service. This way, the endpoint of this account can connect to your endpoint service. This topic describes how to obtain the account ID and add it to the allowlist of your endpoint service.
Prerequisites
You have created a database instance of the corresponding type and obtained its connection address in your virtual private cloud (VPC). For example, for a MySQL database instance, the connection address is usually a single address-port pair in the format of
address:port. For a Kafka instance, multiple address-port pairs in the format ofbroker_address1:broker_port1,broker_address2:broker_port2, and so on, are possible.If the load balancing service or virtual server associated with the endpoint service has enabled security group, add the private IP address of the OceanBase Cloud data source to the corresponding security group. For more information, see Private IP address segments.
Use data source addresses proxied by Nginx as endpoint service backend
Each forwarding server configuration in Nginx corresponds to an address used for exposing a data source instance. Here is an example with the Nginx port 3306:
server {
listen 3306;
proxy_pass address:port;
proxy_timeout 60s;
}
If a data source (for example, a Kafka data source) has multiple connection addresses, you must use Nginx to forward requests to those addresses simultaneously. Here is an example with two brokers and Nginx ports 19092 and 19093:
server {
listen 19092;
proxy_pass broker_address1:broker_port1;
proxy_timeout 60s;
}
server {
listen 19093;
proxy_pass broker_address2:broker_port2;
proxy_timeout 60s;
}
Notice
Nginx must support
ngx_stream_module.We recommend that you set
proxy_timeoutto 60 seconds or more.
Create an NLB instance
Log in to the NLB console. Go to the Instances page and click Create NLB.
On the Cloud Service Buy Page page, select the region where the network load balancer (NLB) instance is located and configure the parameters.
Parameter Description Network Type Select Internal-facing. VPC Select the desired VPC from the drop-down list. To create a VPC, click Create VPC. For more information, see Create and manage a VPC. Zone Select at least two complete zones and vSwitches. IP Version Select IPv4. Click Create Now.
Configure a listener for the NLB instance.
Return to the Instances page, click Create Listener next to the created NLB instance.
In the Configure Listener step, configure the parameters and click Next.
The following table describes the parameters. For more information, see Add a TCP listener.
Parameter Description Listener Protocol Select TCP here. Multi-port Listening/Forwarding Choose whether to enable the listener to listen by port range. If you enable this feature, the NLB instance listens on all ports in the specified listener port range, and redirects requests destined for the ports to the backend servers. Listener Port Range Specify the first and last port to define the listener port range if you want to enable the listener to listen by port range. Listener Port Specify the listener port if you choose not to enable the listener to listen by port range. The NLB instance uses the port to receive requests and forward the requests to the backend servers. It must be the same as the Nginx forwarding port. In the Select Server Group step, select the created server group and click Next.
In the Confirm step, confirm the information and click Submit.
In the Configure Server Load Balancer dialog box, click OK after the listener is successfully created.
Create an endpoint service
Log in to the Alibaba Cloud console and go to the Endpoint Service page of VPC.
Select the region of the endpoint service at the top of the page and click Create Endpoint Service.
In the Create Endpoint Service dialog box, complete the configurations.
Add the created NLB instance as a service resource and configure the parameters as prompted.
Parameter Description Region The region where the endpoint service resides. Service Resource Type Select NLB. Select Service Resource Select the created NLB instance and its zone as a service resource. Automatically Accept Endpoint Connections Choose whether to automatically accept endpoint connections as needed. If you select No, the endpoint service will be in the Disconnected state. You can manually accept connection requests on the Endpoint Connections tab of the endpoint service details page. Enable Zone Affinity Choose whether to first resolve the domain name of the nearest endpoint that is associated with the endpoint service. Service Payer Select Service Consumer. Resource Group Select the resource group to which the endpoint service belongs. Tag Key / Tag Value Select or enter a tag key and tag value to identify the endpoint service, thereby facilitating flexible management. Description The description of the endpoint service to be created. Click OK.
Add an account ID to the allowlist of the endpoint service
After the endpoint service is created, you must add the account that needs to access the created endpoint service to its allowlist.
Obtain the account ID to be added to the allowlist
Log in to the OceanBase Cloud console.
Access the Create Data Source page.
Here takes the procedure on the Create Data Source page as an example. You can also click Data Services > Migrations > Migrate Data, and obtain the IP address to be added to the allowlist from the Create Task page.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source in the upper-right corner and select the data source type.
On the Create Data Source page, select Alibaba Cloud for Cloud Vendor, Endpoint for Connection Method, and the instance type as needed.
Copy the account ID displayed below the Connection Information text box.
Note
The account ID to be added to the allowlist is displayed only after you select a region. The region selected here must be the same as the region where the Alibaba Cloud instance is located.
Add the account ID to the allowlist of the endpoint service
Log in to the Alibaba Cloud console and go to the Endpoint Service page of VPC.
Select the region of the endpoint service on the menu bar at the top.
On the Endpoint Service page, click the ID of the target endpoint service.
On the endpoint service details page, choose Service Whitelist > Add to Whitelist.
In the Add to Whitelist dialog box, enter the account ID to be added to the allowlist.
To add multiple account IDs to the allowlist, separate them with commas (,).
Click OK.
Use an endpoint service
After you create an endpoint service and add the obtained account ID to its allowlist, copy the endpoint service name or ID, then enter it in Connection if you select Endpoint for Connection Type when you create a data source or data migration task with Alibaba Cloud as the cloud vendor in the OceanBase Cloud console. For more information about how to create a data source, see Create a data source. For more information about how to create a data migration task, see the corresponding topic under Migrate data.
To copy the endpoint service name or ID, perform the following steps:
Log in to the Alibaba Cloud console and go to the Endpoint Service page of VPC.
Select the region of the endpoint service on the menu bar at the top.
On the Endpoint Service page, click the ID of the target endpoint service.
On the endpoint service details page, click Copy next to Endpoint Service ID or Endpoint Service Name on the Basic Information tab, depending on your needs.
