Skip to content

Commit

Permalink
improve serverless dms doc
Browse files Browse the repository at this point in the history
  • Loading branch information
zhangyangyu committed Dec 19, 2023
1 parent 85471a0 commit 4145e03
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 9 deletions.
Binary file removed media/tidb-cloud/aws-dms-from-oracle-to-tidb-10.png
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
29 changes: 22 additions & 7 deletions tidb-cloud/migrate-from-oracle-using-aws-dms.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,6 @@ After you finish executing the SQL script, check the data in Oracle. The followi

5. Click **Generate Password** to generate a password and copy the generated password.

6. Select your preferred connection method and operating system, and then connect to your cluster using the displayed connection string.

## Step 5. Create an AWS DMS replication instance

1. Go to the [Replication instances](https://console.aws.amazon.com/dms/v2/home#replicationInstances) page in the AWS DMS console, and switch to the corresponding region.
Expand All @@ -91,19 +89,36 @@ After you finish executing the SQL script, check the data in Oracle. The followi

![Create AWS DMS Instance](/media/tidb-cloud/aws-dms-from-oracle-to-tidb-8.png)


### Connectivity to TiDB Serverless cluster

You need to make sure the replication instance could connect to the TiDB Serverless cluster, otherwise there is an error like

```shell
Test Endpoint failed: Application-Status: 1020912, Application-Message: Cannot connect to ODBC provider ODBC general error., Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HY000 NativeError: 2003 Message: [MySQL][ODBC 8.0(w) Driver]Can't connect to MySQL server on 'gateway01.eu-central-1.prod.aws.tidbcloud.com' (110)
```
If you are not familiar with AWS network configuration, please consult AWS support. We'll give several typical network settings.

1. To connect to TiDB Serverless public endpoint, you can deploy the replication instance to public subnets and enable `Public accessible` when creation. `Public accessible` is not available for serverless replication.

2. To connect to TiDB Serverless public endpoint, you can deploy the replication instance to private subnets and route the traffic to a public subnet. In this case, you need at least three subnets, two private subnets and one public subnet. The two private subnets forms a subnet group where the replication instance lives in. Then you need to create a NAT gateway in the public subnet and route traffic of the two private subnets to the NAT gateway.

3. To connect to TiDB Serverless private endpoint, [setup a private endpoint](/tidb-cloud/set-up-private-endpoint-connections-serverless.md) first and deploy the replication instance to private subnets.

## Step 6. Create DMS endpoints

1. In the [AWS DMS console](https://console.aws.amazon.com/dms/v2/home), click the `Endpoints` menu item on the left pane.

2. Create the Oracle source endpoint and the TiDB target endpoint.

The following screenshot shows the configurations of the source endpoint.
2. Create the Oracle source endpoint. The following screenshot shows the configurations of the source endpoint.

![Create AWS DMS Source endpoint](/media/tidb-cloud/aws-dms-from-oracle-to-tidb-9.png)

The following screenshot shows the configurations of the target endpoint.
3. Create the TiDB target endpoint. The following screenshot shows the configurations of the target endpoint(using TiDB Serverless public endpoint).

![Create AWS DMS Target endpoint](/media/tidb-cloud/aws-dms-from-oracle-to-tidb-15.png)

![Create AWS DMS Target endpoint](/media/tidb-cloud/aws-dms-from-oracle-to-tidb-10.png)
If you are going to use public endpoint for the migration, we recommend setting `SSL mode` to `verify-full` to ensure security. The `CA certificate` is [ISRG Root X1 certificate](https://letsencrypt.org/certs/isrgrootx1.pem). You can learn more in [TLS Connections to TiDB Serverless](/tidb-cloud/secure-connections-to-serverless-clusters.md).

## Step 7. Migrate the schema

Expand Down
4 changes: 2 additions & 2 deletions tidb-cloud/secure-connections-to-serverless-clusters.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ TiDB Serverless uses certificates from [Let's Encrypt](https://letsencrypt.org/)

If the client uses the system's root CA stores by default, such as Java and Go, you can easily connect securely to TiDB Serverless clusters without specifying the path of CA roots. However, some drivers and ORMs do not use the system root CA stores. In those cases, you need to configure the CA root path of the drivers or ORMs to your system root CA stores. For example, when you use [mysqlclient](https://github.com/PyMySQL/mysqlclient) to connect a TiDB Serverless cluster in Python on macOS, you need to set `ca: /etc/ssl/cert.pem` in the `ssl` argument.

If you are using a GUI client, such as DBeaver, which does not accept a certificate file with multiple certificates inside, you must download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem.txt) certificate.
If you are using a GUI client, such as DBeaver, which does not accept a certificate file with multiple certificates inside, you must download the [ISRG Root X1 certificate](https://letsencrypt.org/certs/isrgrootx1.pem).

### Root certificate default path

Expand Down Expand Up @@ -85,7 +85,7 @@ In different operating systems, the default storage paths of the root certificat

Windows does not offer a specific path to the CA root. Instead, it uses the [registry](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores) to store certificates. For this reason, to specify the CA root path on Windows, take the following steps:

1. Download the [ISRG Root X1 certificate](https://letsencrypt.org/certs/isrgrootx1.pem.txt) and then save it in a path you prefer, such as `<path_to_ca>`.
1. Download the [ISRG Root X1 certificate](https://letsencrypt.org/certs/isrgrootx1.pem) and then save it in a path you prefer, such as `<path_to_ca>`.
2. Use the path (`<path_to_ca>`) as your CA root path when you connect to a TiDB Serverless cluster.

## FAQs
Expand Down

0 comments on commit 4145e03

Please sign in to comment.