This topic describes how to add an allowlist for an OceanBase cluster instance, a self-managed database in VPC, and an OceanBase Database tenant instance in the OceanBase data source.
Add an allowlist for an OceanBase cluster instance
If OceanBase Cluster Instance is selected for Instance Type when you add an OceanBase data source, you can add an allowlist for the OceanBase cluster instance.
In the New Data Source dialog box, click the Copy icon next to the selected cluster ID to copy the cluster ID.
Close the dialog box and click Instances in the left-side navigation pane.
On the Instances page, search for the target instance based on the copied cluster ID and click the name of the target instance.
On the Cluster Instance Workspace page, click Security Settings in the left-side navigation pane.
On the Whitelist tab, click Add Whitelist Group in the upper-right corner. You can also click the Edit icon next to an existing allowlist to modify it.
In the Add Whitelist Group dialog box, specify the related parameters.
Parameter
Description
Group Name
The name must be 2 to 32 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.
IP Address
Click Data Transmission, copy the IP address of the OMS server from the New Data Source dialog box, and then paste the IP address here. Note the following rules:
You can enter an IP address such as 192.168.0.1 or a CIDR block such as 192.168.0.0/24.
Multiple IP addresses and CIDR blocks must be separated with commas (,). Example: 192.168.0.1,192.168.0.0/24.
127.0.0.1 indicates that no access is allowed from any IP address.
0.0.0.0 indicates that access from all IP addresses is allowed.
Changes to the allowlist of the cluster instance take effect on all tenants.
You can add up to 40 allowlists.
Click OK.
Add an allowlist for an OceanBase Database tenant instance
If OceanBase Database Tenant Instance is selected for Instance Type when you add an OceanBase data source, you can add an allowlist for the OceanBase Database tenant.
In the New Data Source dialog box, click the Copy icon next to the selected tenant name to copy the tenant name.
Close the dialog box and click Instances in the left-side navigation pane.
On the Instances page, search for the target instance based on the copied tenant name and click the name of the target tenant.
On the Tenant Instance Workspace page, click Security Settings in the left-side navigation pane.
On the Security Settings page, click Add Whitelist Group in the upper-right corner. You can also click the Edit icon next to an existing allowlist to modify it.
In the Add Whitelist Group dialog box, specify the related parameters.
Parameter
Description
Group Name
The name must be 2 to 32 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.
IP Address
Click Data Transmission, copy the IP address of the OMS server from the New Data Source dialog box, and then paste the IP address here. Note the following rules:
You can enter an IP address such as 192.168.0.1 or a CIDR block such as 192.168.0.0/24.
Multiple IP addresses and CIDR blocks must be separated with commas (,). Example: 192.168.0.1,192.168.0.0/24.
127.0.0.1 indicates that no access is allowed from any IP address.
0.0.0.0 indicates that access from all IP addresses is allowed.
You can add up to 40 allowlists.
Click OK.
Add an allowlist for an ECS instance
If Self-Managed Database in VPC is selected for Instance Type when you add an OceanBase data source, you can add the IP address of the OMS server to the allowlist of the corresponding database. This is because a VPC may have access restrictions on the ECS platform. However, a data source for data migration or synchronization must be accessible to the IP address of the OMS server.
If an allowlist has been specified for the ob_tcp_invited_nodes parameter, the situation where the sys tenant account can be used to connect to the data source but a normal account cannot will occur. In this case, add the IP addresses of OMS servers in the allowlist into the value list of this parameter.
In the New Data Source dialog box, click the Copy icon next to the selected VPC to copy the VPC ID.
Go to the Security Groups page of the ECS console. Select VPC ID from the drop-down list next to Create Security Group and paste the VPC ID to filter security groups.
Click the name of the target security group to go to its details page.
Add an IP address on the Inbound tab.
Copy the IP address of the OMS server from the New Data Source dialog box in the OMS console.
On the security group details page, click Quick Add on the Inbound tab in the Access Rule section.
In the Quick Add dialog box, paste the copied IP address into the Grantee field and select any port from Port Range.
Click OK.