我正在尝试访问隐藏在堡垒EC2实例后面的我们的一个远程数据库(AWS RDS)。我可以通过SQL客户端轻松访问数据库,但是不能通过正在构建的CLI工具(使用Sequelize
和tunnel-ssh
)访问数据库。我一直在关注此GitHub Gist,但它在所有地方都使用相同的值,不幸的是,这非常令人困惑。
我将承认对SSH隧道的总体了解不足,这在以下示例中可能很明显。我的配置有问题吗?
数据库配置
Host: wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com
Port: 5432
User: [DB_USER]
Password: [DB_PASSWORD]
Database: [DB_NAME]
堡垒配置
Server: 35.183.XX.XXX
Port: 22
Password:
SSH Key: ~/.ssh/id_rsa.aws
const config = {
// I don't need to specify any local values, do I?
// localHost: "127.0.0.1",
// localPort: 5432,
// This should be bastion config, correct?
username: "ec2-user",
host: 35.183.XX.XXX,
port: 22,
privateKey: require("fsf").readFileSync("/path/to/ssh/key"),
// This should be destination (database) config, correct?
dstHost: wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com,
dstPort: 5432
};
// NOTE: If I don't have an "await" here, nothing seems to run inside the function itself (no consoles, etc)
const server = await tunnel(config, async (error, server) => {
if (error) return console.error(error);
const db = new Sequelize(DB_NAME, DB_USER, DB_PASSWORD, {
dialect: "postgres",
// NOTE: If this is already the destination in the SSH tunnel, should I use it again vs localhost?
host: "wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com",
port: 5432
});
db.authenticate().then(async () => {
const orgs = await db.organization.findAll();
console.log("Successful query", orgs);
}).catch(err => {
console.error("DB auth error": err);
});
});
上面的配置有问题吗?我对隧道的理解是否被隧道配置中使用的值所破坏?
而且,为什么隧道回调似乎没有被调用除非我await
函数(它似乎根本不是Promise
)?
P.S。还有Sequelize GitHub问题,提到了通过SSH隧道与Sequelize连接,但未提供示例。
我最终弄清楚了这个问题,并且能够解决问题(启动后12小时)...数据库和堡垒配置在技术上是正确的,但是由于错误理解SSH隧道,我传递了一些错误的值)。
数据库配置
Host: wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com
Port: 5432
User: [DB_USER]
Password: [DB_PASSWORD]
Database: [DB_NAME]
堡垒配置
Server: 35.183.XX.XXX
Port: 22
Password:
SSH Key: ~/.ssh/id_rsa.aws
const config = {
// I have confirmed that the local values are unnecessary (defaults work)
// Configuration for SSH bastion
username: "ec2-user",
host: 35.183.XX.XXX,
port: 22,
privateKey: require("fs").readFileSync("/path/to/ssh/key"),
// Configuration for destination (database)
dstHost: wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com,
dstPort: 5432
};
// NOTE: Moved to its own function, refactor likely fixed a few issues along the way
const getDB = () => new Promise((resolve, reject) => {
const tnl = await tunnel(config, async error => {
if (error) return reject(error);
const db = new Sequelize(DB_NAME, DB_USER, DB_PASSWORD, {
dialect: "postgres",
// NOTE: This is super important as the tunnel has essentially moved code execution to the database server already...
host: "localhost",
port: 5432
});
return resolve(db);
});
});
最后,主要更改是在Sequelize配置中使用localhost
,因为SSH隧道“出现”在数据库实例上,因此它应该引用自己。可能还需要进行其他一些调整(据我所知,我曾经尝试过这样做),但最终我还是完整了。