:Perform O&M operations on database assets

Use a database O&M tool to perform O&M operations over an SSH tunnel

Prerequisites

A database O&M tool that supports SSH tunnels is installed on the local host. For example, you can install DBeaver, DbVisualizer, Navicat Premium, or Navicat for MySQL.

In this topic, DBeaver is used to describe how to use a client tool to perform O&M operations over an SSH tunnel.

Procedure

1. Log on to the O&M portal. For more information, see Log on to the O&M portal.

2. In the left-side navigation pane, choose Database.

3. On the Database page, find the database on which you want to perform O&M operations and click O&M Token in the O&M Token column.

4. In the O&M Token dialog box, select a database account and click Obtain O&M Token.

   Note

   • The O&M token is valid for 5 minutes. Make sure that you log on to the database within the validity period.

   • The O&M token is the unique identifier of the current O&M session and can be used only once. Keep the O&M token confidential. If you test the connection to the database on the connection configuration page of the client tool, the O&M token becomes invalid. In this case, you must obtain a new O&M token before you log on to the database to perform O&M operations.

   • If the account of the database is not hosted on the bastion host, you must configure the basic information about the O&M token in the O&M Token dialog box before you can obtain the O&M token. For more information about how to create a database account, see Manage database accounts.

   • The O&M administrator of the audit record refers to the user who applies for the O&M token, instead of the user of the bastion host.

5. Launch DBeaver and establish a connection to the database on which you want to perform O&M operations.

   • On the Main tab, configure the following database information.

     Parameter	Description
     Host	The address of the database.
     Port	The port of the database.
     Username	The username that you use to log on the database.
     Password	MySQL, SQL Server, or PostgreSQL database: If the administrator hosts the account of the database in the bastion host, you can leave this parameter empty. Otherwise, you must configure this parameter. Oracle database: If the administrator hosts the username and password of the database in the bastion host, you can specify the password as 123456 and specify the logon attribute as instructed by the O&M token. Otherwise, you can enter the logon password of the database and specify the logon attribute as instructed by the O&M token. Note We recommend that you save the password. If you do not save the password, the database O&M tool may require you to enter a password. In this case, you can enter the O&M token.

   • On the SSH tab, select Use SSH Tunnel and configure the following parameters.

     Parameter	Description
     Use SSH Tunnel	Select Use SSH Channel.
     Host/IP	Enter the public O&M address of the bastion host.
     Port	Enter the O&M port of the bastion host for SSH tunnels. Default value: 60022.
     User Name	Enter the username that you use to log on to the bastion host.
     Password	Enter the O&M token. Note We recommend that you save the password. If you do not save the password, the database O&M tool may require you to enter a password. In this case, you can enter the O&M token.

6. Double-click the newly created connection to log on to the database and perform O&M operations.

Use a CLI to perform O&M operations over an SSH tunnel

1. Log on to the O&M portal. For more information, see Log on to the O&M portal.

2. In the left-side navigation pane, choose Database.

3. On the Database page, find the database on which you want to perform O&M operations and click O&M Token in the O&M Token column.

4. In the O&M Token dialog box, select a database account and click Obtain O&M Token.

   Note

   • The O&M token is valid for 5 minutes. Make sure that you log on to the database within the validity period.

   • The O&M token is the unique identifier of the current O&M session and can be used only once. Keep the O&M token confidential. If you test the connection to the database on the connection configuration page of the client tool, the O&M token becomes invalid. In this case, you must obtain a new O&M token before you log on to the database to perform O&M operations.

   • If the account of the database is not hosted on the bastion host, you must configure the basic information about the O&M token in the O&M Token dialog box before you can obtain the O&M token. For more information about how to create a database account, see Manage database accounts.

   • The O&M administrator of the audit record refers to the user who applies for the O&M token, instead of the user of the bastion host.

5. Open the CLI and run the following commands:

   ssh -N -L <localport>:<databaseAddress>:<databasePort>
   <bastionusername>@<bastionAddress> -p <bastionPort>

   The following table describes the parameters.

   Parameter	Description
   localport	The custom local listening port that is used after the SSH tunnel is created. Make sure that the local listening port is not occupied.
   databaseAddress	The address of the database on which you want to perform O&M operations.
   databasePort	The port of the database on which you want to perform O&M operations.
   bastionusername	The username of your bastion host.
   bastionAddress	The public O&M address of your bastion host.
   bastionPort	The O&M port of your bastion host for SSH. Default value: 60022.

6. In the password authentication step, enter the O&M token and press Enter.

   

7. Switch to a new line and check the status of the local listening port that you specify. If LISTEN is displayed, the port is in the listening state.

   

8. Run the following command. accountname is the username that you use to log on to the database. localport is the local listening port that you specified in Step5. After the connection is established, run commands to perform O&M operations.

   mysql -h 127.0.0.1 -u accountname -P localport