「OceanBase 征文」“小鱼”是否具有租户资源隔离功能？

小鱼作为单机版的 OceanBase4.0诞生，是否具有租户资源隔离功能？今天我们通过下面实验进行证明。  

1、什么是租户隔离

租户隔离说白了就是进行实例资源的池化、然后进行隔离，就像oracle 12c推出的PDB功能。租户与租户之间数据、权限、资源隔离，每个租户拥有自己独立的访问端口及 CPU、内存访问资源。  

2、oceanbase 建立租户的流程

unit config -> resource pool -> tenant  

3、创建unit

–分别创建2个unit

obclient [oceanbase]> CREATE RESOURCE UNIT unit1 MAX_CPU 1, MEMORY_SIZE ‘1G’,LOG_DISK_SIZE ‘2G’;  
Query OK, 0 rows affected (0.009 sec)  
obclient [oceanbase]> CREATE RESOURCE UNIT unit2 MAX_CPU 1, MEMORY_SIZE ‘1G’,LOG_DISK_SIZE ‘2G’;  
Query OK, 0 rows affected (0.008 sec) 

查询unit是否创建成功

obclient [oceanbase]> SELECT * FROM 	oceanbase.DBA_OB_UNIT_CONFIGS\G  
*************************** 1. row*************************** 
UNIT_CONFIG_ID: 1  
NAME: sys_unit_config  
CREATE_TIME: 2023-03-27 14:41:50.601200  
MODIFY_TIME: 2023-03-27 14:41:50.601200  
MAX_CPU: 1  
MIN_CPU: 1  
MEMORY_SIZE: 2147483648  
LOG_DISK_SIZE: 2147483648  
MAX_IOPS: 10000  
MIN_IOPS: 10000  
IOPS_WEIGHT: 1  
*************************** 2. row***************************
UNIT_CONFIG_ID: 1005  
NAME: unit2  
CREATE_TIME: 2023-03-27 16:50:56.125007  
MODIFY_TIME: 2023-03-27 16:50:56.125007  
MAX_CPU: 1  
MIN_CPU: 1  
MEMORY_SIZE: 1073741824  
LOG_DISK_SIZE: 2147483648  
MAX_IOPS: 10000  
MIN_IOPS: 10000  
IOPS_WEIGHT: 1  
*************************** 3. row***************************
UNIT_CONFIG_ID: 1006  
NAME: unit1  
CREATE_TIME: 2023-03-27 16:51:05.809746  
MODIFY_TIME: 2023-03-27 16:51:05.809746  
MAX_CPU: 1  
MIN_CPU: 1  
MEMORY_SIZE: 1073741824  
LOG_DISK_SIZE: 2147483648  
MAX_IOPS: 10000  
MIN_IOPS: 10000  
IOPS_WEIGHT: 1  
3 rows in set (0.001 sec)  

4、创建resource pool

–分别创建2个资源池，对应unit

obclient [oceanbase]> CREATE RESOURCE POOL pool1 UNIT=‘unit1’,UNIT_NUM=1;  
Query OK, 0 rows affected (0.010 sec)  
obclient [oceanbase]> CREATE RESOURCE POOL pool2 UNIT=‘unit2’,UNIT_NUM=1;  
Query OK, 0 rows affected (0.010 sec)

–查询resource pool是否创建成功

obclient [oceanbase]> select * from DBA_OB_RESOURCE_POOLS\G;  
*************************** 1. row*************************** 
RESOURCE_POOL_ID: 1  
NAME: sys_pool  
TENANT_ID: 1  
CREATE_TIME: 2023-03-27 14:41:50.605285  
MODIFY_TIME: 2023-03-27 14:41:50.612883  
UNIT_COUNT: 1  
UNIT_CONFIG_ID: 1  
ZONE_LIST: zone1  
REPLICA_TYPE: FULL  
*************************** 2. row*************************** 
RESOURCE_POOL_ID: 1002  
NAME: pool1  
TENANT_ID: NULL  
CREATE_TIME: 2023-03-27 16:51:31.437583  
MODIFY_TIME: 2023-03-27 16:51:31.437583  
UNIT_COUNT: 1  
UNIT_CONFIG_ID: 1006  
ZONE_LIST: zone1  
REPLICA_TYPE: FULL  
*************************** 3. row*************************** 
RESOURCE_POOL_ID: 1003  
NAME: pool2  
TENANT_ID: NULL  
CREATE_TIME: 2023-03-27 16:51:44.785672  
MODIFY_TIME: 2023-03-27 16:51:44.785672  
UNIT_COUNT: 1  
UNIT_CONFIG_ID: 1005  
ZONE_LIST: zone1  
REPLICA_TYPE: FULL  
3 rows in set (0.005 sec)  

5、创建租户

–创建2个租户

obclient [oceanbase]> CREATE TENANT IF NOT EXISTS tenant1 CHARSET=‘utf8mb4’, ZONE_LIST=(‘zone1’), PRIMARY_ZONE=‘zone1’, RESOURCE_POOL_LIST=(‘pool1’) SET ob_tcp_invited_nodes=’%’;  
Query OK, 0 rows affected (16.381 sec)  
obclient [oceanbase]> CREATE TENANT IF NOT EXISTS tenant2 CHARSET=‘utf8mb4’, ZONE_LIST=(‘zone1’), PRIMARY_ZONE=‘zone1’, RESOURCE_POOL_LIST=(‘pool2’) SET ob_tcp_invited_nodes=’%’;  
Query OK, 0 rows affected (16.840 sec)

–查看租户是否创建成功

6、登录租户1，创建yk数据库

[root@k8s-node2 conf]# obclient -h192.168.10.4 -uroot@tenant1 -P2881 -p -Doceanbase -A  
Enter password:  
Welcome to the OceanBase. Commands end with ; or \g.  
Your OceanBase connection id is 3221487648  
Server version: OceanBase_CE 4.0.0.0 (r103000022023011215-05bbad0279302d7274e1b5ab79323a2c915c1981) (Built Jan 12 2023 15:28:27)

Copyright © 2000, 2018, OceanBase and/or its affiliates. All rights reserved.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

obclient [oceanbase]> create database yk;  
Query OK, 1 row affected (0.037 sec)  
obclient [oceanbase]> show databases;  
±-------------------+  
| Database |  
±-------------------+  
| information_schema |  
| mysql |  
| oceanbase |  
| test |  
| yk |  
±-------------------+  
5 rows in set (0.014 sec)

6、登录租户2查看是否有yk数据库

[root@k8s-node2 conf]# obclient -h192.168.10.4 -uroot@tenant2 -P2881 -p -Doceanbase -A  
Enter password:  
Welcome to the OceanBase. Commands end with ; or \g.  
Your OceanBase connection id is 3221487649  
Server version: OceanBase_CE 4.0.0.0 (r103000022023011215-05bbad0279302d7274e1b5ab79323a2c915c1981) (Built Jan 12 2023 15:28:27)

Copyright © 2000, 2018, OceanBase and/or its affiliates. All rights reserved.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

obclient [oceanbase]> show databases;  
±-------------------+  
| Database |  
±-------------------+  
| information_schema |  
| mysql |  
| oceanbase |  
| test |  
±-------------------+  
4 rows in set (0.009 sec)

7、结论

从上面的实验可以看到租户2是看不到租户1的数据库，可以看到集群下两个租户的资源、数据、权限都是隔离的。
OceanBase 数据库通过租户实现资源隔离，每个数据库服务的实例不感知其他实例的存在，并通过权限控制确保不同租户数据的安全性。多租户与 OceanBase 数据库强大的可扩展性相结合，能够提供安全、灵活的 DBaaS 服务。