如何在AWS RDS上的私人数据库上的连续集成管道中运行CLI迁移
我目前正在使用一种工具,该工具允许您仅使用CLI应用数据库迁移( prisma )。我的数据库位于AWS的一个专用网络中。
为了手动做到这一点,我目前要这样做:
ssh -i $SSH_PATH_TO__MY_IDENTITY_FILE ec2-user@${BASTION_HOSTNAME} \
-N -f -L $DB_PORT:${DB_HOSTNAME}:5432 &
AWS的堡垒只是一个具有公共访问权但也可以到达私人网络的VM。此ssh命令通过堡垒创建隧道,以便我可以在本地$ db_port中到达专用机器。然后,我在本地应用迁移,但是,由于数据库在本地端口上收听,因此我可以到达生产数据库。
这是一个问题:如何将其移至CI/CD管道?
我正在考虑这样做
使用
ssh和nodejs已安装的docker映像,将身份文件移动到CI/CD中的ENV变量。
在那里安装迁移工具。
像我上面一样创建隧道。
修改配置文件指向生产数据库。
然后,最后应用迁移。
我认为这可能会起作用,但似乎有很多麻烦,我想知道也许有一种更好的标准方法可以解决这个问题。也许触发在专用网络内运行的lambda功能?
I am currently using a tool that allows you to apply database migrations only using a CLI (Prisma). My database is in a private network in AWS.
To do it manually, I currently do this:
ssh -i $SSH_PATH_TO__MY_IDENTITY_FILE ec2-user@${BASTION_HOSTNAME} \
-N -f -L $DB_PORT:${DB_HOSTNAME}:5432 &
A bastion, in AWS parlance, is just a VM that has public access but also can reach private networks. This ssh command creates a tunnel through the bastion so that I can reach the private machine in my local $DB_PORT. Then, I apply the migrations locally but, since the database is listening on a local port, I can reach my production database.
Here is the question: how do I move this to a CI/CD pipeline?
I was thinking about doing this
Use a docker image that has
sshandnodejsinstalled,Move the identity file to a env variable in the CI/CD.
Install the migrations tool there.
Create a tunnel as I did above.
Modify the configuration file to point to the production database.
And then, finally, apply the migrations.
I think this could work, but it seems a lot of trouble and I was wondering that maybe there was a better, standard way to approach this. Maybe triggering a Lambda function that runs inside the private network?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论