Sequelize PostgreSQL数据库的SSH隧道

问题描述 投票:0回答:1

我正在尝试访问隐藏在堡垒EC2实例后面的我们的一个远程数据库(AWS RDS)。我可以通过SQL客户端轻松访问数据库,但是不能通过正在构建的CLI工具(使用Sequelizetunnel-ssh)访问数据库。我一直在关注此GitHub Gist,但它在所有地方都使用相同的值,不幸的是,这非常令人困惑。

我将承认对SSH隧道的总体了解不足,这在以下示例中可能很明显。我的配置有问题吗?


数据库配置

Host:     wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com
Port:     5432
User:     [DB_USER]
Password: [DB_PASSWORD]
Database: [DB_NAME]

堡垒配置

Server:   35.183.XX.XXX
Port:     22
Password:
SSH Key:  ~/.ssh/id_rsa.aws
const config = {
  // I don't need to specify any local values, do I?
  // localHost: "127.0.0.1",
  // localPort: 5432,

  // This should be bastion config, correct?
  username: "ec2-user",
  host: 35.183.XX.XXX,
  port: 22,
  privateKey: require("fsf").readFileSync("/path/to/ssh/key"),

  // This should be destination (database) config, correct?
  dstHost: wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com,
  dstPort: 5432
};

// NOTE: If I don't have an "await" here, nothing seems to run inside the function itself (no consoles, etc)
const server = await tunnel(config, async (error, server) => {
  if (error) return console.error(error);

  const db = new Sequelize(DB_NAME, DB_USER, DB_PASSWORD, {
    dialect: "postgres",
    // NOTE: If this is already the destination in the SSH tunnel, should I use it again vs localhost?
    host: "wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com",
    port: 5432
  });

  db.authenticate().then(async () => {
    const orgs = await db.organization.findAll();

    console.log("Successful query", orgs);
  }).catch(err => {
    console.error("DB auth error": err);
  });
});

上面的配置有问题吗?我对隧道的理解是否被隧道配置中使用的值所破坏?

而且,为什么隧道回调似乎没有被调用除非await函数(它似乎根本不是Promise)?

P.S。还有Sequelize GitHub问题,提到了通过SSH隧道与Sequelize连接,但未提供示例。

database sequelize.js ssh-tunnel
1个回答
0
投票

我最终弄清楚了这个问题,并且能够解决问题(启动后12小时)...数据库和堡垒配置在技术上是正确的,但是由于错误理解SSH隧道,我传递了一些错误的值)。

数据库配置

Host:     wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com
Port:     5432
User:     [DB_USER]
Password: [DB_PASSWORD]
Database: [DB_NAME]

堡垒配置

Server:   35.183.XX.XXX
Port:     22
Password:
SSH Key:  ~/.ssh/id_rsa.aws
const config = {
  // I have confirmed that the local values are unnecessary (defaults work)

  // Configuration for SSH bastion
  username: "ec2-user",
  host: 35.183.XX.XXX,
  port: 22,
  privateKey: require("fs").readFileSync("/path/to/ssh/key"),

  // Configuration for destination (database)
  dstHost: wdXXXXXXXXXXXX.XXXXXXXXX.XX-XXXXX-X.rds.amazonaws.com,
  dstPort: 5432
};

// NOTE: Moved to its own function, refactor likely fixed a few issues along the way
const getDB = () => new Promise((resolve, reject) => {
  const tnl = await tunnel(config, async error => {
    if (error) return reject(error);

    const db = new Sequelize(DB_NAME, DB_USER, DB_PASSWORD, {
      dialect: "postgres",
      // NOTE: This is super important as the tunnel has essentially moved code execution to the database server already...
      host: "localhost",
      port: 5432
    });

    return resolve(db);
  });
});

最后,主要更改是在Sequelize配置中使用localhost,因为SSH隧道“出现”在数据库实例上,因此它应该引用自己。可能还需要进行其他一些调整(据我所知,我曾经尝试过这样做),但最终我还是完整了。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.