All Products
Search
Document Center

:Perform O&M operations on database assets

更新時間:Aug 03, 2023

You can perform O&M and audit operations on ApsaraDB RDS instances and self-managed MySQL, SQL Server, PostgreSQL, and Oracle databases. You can use a database O&M tool or a CLI to enable SSH tunnels and use O&M tokens to perform O&M and audit operations. This topic describes how to perform O&M operations on databases.

Use a database O&M tool to perform O&M operations over an SSH tunnel

Prerequisites

A database O&M tool that supports SSH tunnels is installed on the local host. For example, you can install DBeaver, DbVisualizer, Navicat Premium, or Navicat for MySQL.

In this topic, DBeaver is used to describe how to use a client tool to perform O&M operations over an SSH tunnel.

Procedure

  1. Log on to the O&M portal. For more information, see Log on to the O&M portal.

  2. In the left-side navigation pane, choose Database.

  3. On the Database page, find the database on which you want to perform O&M operations and click O&M Token in the O&M Token column.

  4. In the O&M Token dialog box, select a database account and click Obtain O&M Token.

    Note
    • The O&M token is valid for 5 minutes. Make sure that you log on to the database within the validity period.

    • The O&M token is the unique identifier of the current O&M session and can be used only once. Keep the O&M token confidential. If you test the connection to the database on the connection configuration page of the client tool, the O&M token becomes invalid. In this case, you must obtain a new O&M token before you log on to the database to perform O&M operations.

    • If the account of the database is not hosted on the bastion host, you must configure the basic information about the O&M token in the O&M Token dialog box before you can obtain the O&M token. For more information about how to create a database account, see Manage database accounts.

    • The O&M administrator of the audit record refers to the user who applies for the O&M token, instead of the user of the bastion host.

  5. Launch DBeaver and establish a connection to the database on which you want to perform O&M operations.

    • On the Main tab, configure the following database information.

      Parameter

      Description

      Host

      The address of the database.

      Port

      The port of the database.

      Username

      The username that you use to log on the database.

      Password

      • MySQL, SQL Server, or PostgreSQL database: If the administrator hosts the account of the database in the bastion host, you can leave this parameter empty. Otherwise, you must configure this parameter.

      • Oracle database:

        • If the administrator hosts the username and password of the database in the bastion host, you can specify the password as 123456 and specify the logon attribute as instructed by the O&M token.

        • Otherwise, you can enter the logon password of the database and specify the logon attribute as instructed by the O&M token.

      Note We recommend that you save the password. If you do not save the password, the database O&M tool may require you to enter a password. In this case, you can enter the O&M token.
    • On the SSH tab, select Use SSH Tunnel and configure the following parameters.

      Parameter

      Description

      Use SSH Tunnel

      Select Use SSH Channel.

      Host/IP

      Enter the public O&M address of the bastion host.

      Port

      Enter the O&M port of the bastion host for SSH tunnels. Default value: 60022.

      User Name

      Enter the username that you use to log on to the bastion host.

      Password

      Enter the O&M token.

      Note We recommend that you save the password. If you do not save the password, the database O&M tool may require you to enter a password. In this case, you can enter the O&M token.
  6. Double-click the newly created connection to log on to the database and perform O&M operations.

Use a CLI to perform O&M operations over an SSH tunnel

This example shows how to log on to a database that runs MySQL and perform O&M operations over an SSH tunnel.

Note

This O&M method is not supported for Oracle databases.

  1. Log on to the O&M portal. For more information, see Log on to the O&M portal.

  2. In the left-side navigation pane, choose Database.

  3. On the Database page, find the database on which you want to perform O&M operations and click O&M Token in the O&M Token column.

  4. In the O&M Token dialog box, select a database account and click Obtain O&M Token.

    Note
    • The O&M token is valid for 5 minutes. Make sure that you log on to the database within the validity period.

    • The O&M token is the unique identifier of the current O&M session and can be used only once. Keep the O&M token confidential. If you test the connection to the database on the connection configuration page of the client tool, the O&M token becomes invalid. In this case, you must obtain a new O&M token before you log on to the database to perform O&M operations.

    • If the account of the database is not hosted on the bastion host, you must configure the basic information about the O&M token in the O&M Token dialog box before you can obtain the O&M token. For more information about how to create a database account, see Manage database accounts.

    • The O&M administrator of the audit record refers to the user who applies for the O&M token, instead of the user of the bastion host.

  5. Open the CLI and run the following commands:

    ssh -N -L <localport>:<databaseAddress>:<databasePort>
    <bastionusername>@<bastionAddress> -p <bastionPort>

    The following table describes the parameters.

    Parameter

    Description

    localport

    The custom local listening port that is used after the SSH tunnel is created. Make sure that the local listening port is not occupied.

    databaseAddress

    The address of the database on which you want to perform O&M operations.

    databasePort

    The port of the database on which you want to perform O&M operations.

    bastionusername

    The username of your bastion host.

    bastionAddress

    The public O&M address of your bastion host.

    bastionPort

    The O&M port of your bastion host for SSH. Default value: 60022.

  6. In the password authentication step, enter the O&M token and press Enter.

    密码认证
  7. Switch to a new line and check the status of the local listening port that you specify. If LISTEN is displayed, the port is in the listening state.

    监听状态
  8. Run the following command. accountname is the username that you use to log on to the database. localport is the local listening port that you specified in Step5. After the connection is established, run commands to perform O&M operations.

    mysql -h 127.0.0.1 -u accountname -P localport
    执行运维命令