0

我正在尝试通过我的 AWS EC2 Bastion 运行 Knex 迁移。这是代码:

import { GetSecretValueCommand, SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
import tunnel from 'tunnel-ssh';
import * as fs from 'fs';
import * as path from 'path';
import { knex } from 'knex';

const run = async () => {
    const secretsClient = new SecretsManagerClient({ region: process.env.CDK_DEPLOY_REGION });
    const data = await secretsClient.send(new GetSecretValueCommand({ SecretId: process.env.SECRET_MANAGER_ARN }));

    if (!data.SecretString) throw new Error('SecretString is undefined');

    const secretThing = JSON.parse(data.SecretString);
    if (!('password' in secretThing)) throw new Error('SecretString does not contain password');

    const tnl = tunnel(
        {
            host: process.env.SSH_HOST_ADDRESS,
            port: 22,
            username: 'ec2-user',
            privateKey: fs.readFileSync(path.resolve(__dirname, '../bastion-key-pair.pem')),
            keepaliveInterval: 60000,
            keepAlive: true,
            dstHost: process.env.RDS_ENDPOINT,
            dstPort: 5432,
            localHost: '127.0.0.1',
            localPort: 5432,
            debug: (info) => console.log(`DEBUG: ${info}`),
        },
        async (err: any, server: any) => {
            if (err) {
                throw err;
            }

            const knexClient = knex({
                client: 'postgresql',
                connection: {
                    user: process.env.DB_USERNAME,
                    password: secretThing.password,
                    database: process.env.DB_NAME,
                    host: '127.0.0.1',
                    port: 5432,
                },
                pool: {
                    min: 1,
                    max: 2,
                },
                migrations: {
                    extension: 'ts',
                    schemaName:
                        process.env.BITBUCKET_PR_DESTINATION_BRANCH == 'master'
                            ? `pr${process.env.BITBUCKET_BRANCH?.match(/\d+/)?.[0]}`
                            : process.env.DB_SCHEMA,
                    directory: '../../db/knex/migrations',
                    tableName: 'migrations_history',
                },
            });

            const rows = await knexClient.raw('SELECT NOW()');
            console.log(rows);

            await knexClient.destroy();

            tnl.close();
        },
    );
};

run().catch((err) => console.error(err));

但是,我无法建立连接,即使当我尝试使用完全相同的数据但通过命令行连接到数据库时,它也可以工作。以下是上述代码产生的调试消息:

> dotenv -e ../.env -- ts-node src/migrate.ts

DEBUG: Custom crypto binding not available
DEBUG: Client: Trying bastion.myserver.com on port 22 ...
DEBUG: Local ident: 'SSH-2.0-ssh2js1.4.0'
DEBUG: Socket connected
DEBUG: Remote ident: 'SSH-2.0-OpenSSH_8.6'
DEBUG: Outbound: Sending KEXINIT
DEBUG: Inbound: Handshake in progress
DEBUG: Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
DEBUG: Handshake: (remote) KEX method: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
DEBUG: Handshake: KEX algorithm: curve25519-sha256@libssh.org
DEBUG: Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
DEBUG: Handshake: (remote) Host key format: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
DEBUG: Handshake: Host key format: ssh-ed25519
DEBUG: Handshake: (local) C->S cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
DEBUG: Handshake: (remote) C->S cipher: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
DEBUG: Handshake: C->S Cipher: aes128-gcm@openssh.com
DEBUG: Handshake: (local) S->C cipher: aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
DEBUG: Handshake: (remote) S->C cipher: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
DEBUG: Handshake: S->C cipher: aes128-gcm@openssh.com
DEBUG: Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Handshake: (remote) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
DEBUG: Handshake: C->S MAC: <implicit>
DEBUG: Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Handshake: (remote) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
DEBUG: Handshake: S->C MAC: <implicit>
DEBUG: Handshake: (local) C->S compression: none,zlib@openssh.com,zlib
DEBUG: Handshake: (remote) C->S compression: none,zlib@openssh.com
DEBUG: Handshake: C->S compression: none
DEBUG: Handshake: (local) S->C compression: none,zlib@openssh.com,zlib
DEBUG: Handshake: (remote) S->C compression: none,zlib@openssh.com
DEBUG: Handshake: S->C compression: none
DEBUG: Outbound: Sending KEXECDH_INIT
DEBUG: Received DH Reply
DEBUG: Host accepted by default (no verification)
DEBUG: Host accepted (verified)
DEBUG: Outbound: Sending NEWKEYS
DEBUG: Inbound: NEWKEYS
DEBUG: Verifying signature ...
DEBUG: Verified signature
DEBUG: Handshake completed
DEBUG: Outbound: Sending SERVICE_REQUEST (ssh-userauth)
DEBUG: Inbound: Received SERVICE_ACCEPT (ssh-userauth)
DEBUG: Outbound: Sending USERAUTH_REQUEST (none)
DEBUG: Inbound: Received USERAUTH_FAILURE (publickey,gssapi-keyex,gssapi-with-mic)
DEBUG: Client: none auth failed
DEBUG: Outbound: Sending USERAUTH_REQUEST (publickey -- check)
DEBUG: Inbound: Received USERAUTH_FAILURE (publickey,gssapi-keyex,gssapi-with-mic)
DEBUG: Client: publickey auth failed
DEBUG: Agent: No more keys left to try
DEBUG: Client: agent auth failed
/project/node_modules/ssh2/lib/client.js:802
        const err = new Error('All configured authentication methods failed');
                    ^
Error: All configured authentication methods failed
    at doNextAuth (/project/node_modules/ssh2/lib/client.js:802:21)
    at tryNextAuth (/project/node_modules/ssh2/lib/client.js:992:7)
    at tryNextAgentKey (/project/node_modules/ssh2/lib/client.js:1001:11)
    at /project/node_modules/ssh2/lib/client.js:967:15
    at /project/node_modules/ssh2/lib/agent.js:1042:15
    at processTicksAndRejections (node:internal/process/task_queues:78:11) {
  level: 'client-authentication'
}
npm ERR! Lifecycle script `db:migrate` failed with error: 
npm ERR! Error: command failed 
npm ERR!   in workspace: @project/pipes@1.0.0 
npm ERR!   at location: /project/pipes 

Process finished with exit code 1
4

0 回答 0