基础配置
添加安全组规则,允许 Ping 和 SSH 访问虚拟机:
openstack security group rule create --proto icmp defaultroot@allone:~# openstack security group rule create --proto icmp default
+-------------------+---------------------------+
| Field | Value |
+-------------------+-------------------------+
| created_at | 2023-06-28T06:26:10Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | fe9adfc3-dc42-4680-8ecd-ed5a667e1215 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='6396365541a74b6b8ea8812d1af05e70', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 6396365541a74b6b8ea8812d1af05e70 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | f10a3927-5e76-47b4-8691-4169348845ae |
| tags | [] |
| updated_at | 2023-06-28T06:26:10Z |
+-------------------+--------------------------------+openstack security group rule create --proto tcp --dst-port 22 defaultroot@allone:~# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------+
| created_at | 2023-06-28T06:26:15Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | af699cf9-5fc0-45e2-a009-0bb7828e2d1a |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='6396365541a74b6b8ea8812d1af05e70', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 6396365541a74b6b8ea8812d1af05e70 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | f10a3927-5e76-47b4-8691-4169348845ae |
| tags | [] |
| updated_at | 2023-06-28T06:26:15Z |
+-------------------+-----------------+命令行方式
生成秘钥
ssh-keygen -q -N “”
-q选项表示静默模式,即在生成密钥对的过程中不会输出任何提示信息或警告。-N选项后面可以跟一个密码作为参数。该密码将用于保护生成的私钥文件。如果不指定-N参数,则私钥文件将不受密码保护。
该命令会在~/.ssh/目录中自动生成一对公私钥。默认私钥名称:id_rsa,默认公钥名称:id_rsa.pub
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey向 OpenStack 添加公钥,用于创建实例时选择:
root@allone:~# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 11:36:75:e0:c3:98:4c:97:90:30:f5:69:e1:17:a9:4b |
| name | mykey |
| user_id | 9027da91a2134825a421d78db11011d0 |
+-------------+-------------------------------------------------+openstack keypair listroot@allone:~# openstack keypair list
+---------------------+-------------------------------------------------+
| Name | Fingerprint |
+---------------------+-------------------------------------------------+
| mykey | 11:36:75:e0:c3:98:4c:97:90:30:f5:69:e1:17:a9:4b |
| ubuntu cloud server | 67:b4:8a:64:83:4e:47:d0:7c:87:46:34:3b:03:e6:17 |
+---------------------+-------------------------------------------------+ssh ubuntu@10.0.2.111其中,ubuntun是实例的用户名,10.0.2.111是实例的 IP 地址。
WEB 界面方式
创建密钥对
Project-Key Pairs-Create Keypairs
为密钥对起个名字:sshkey,并选择一个类型:SSH Key
点击创建后会弹出下载私钥的窗口,这时候需要将私钥下载到本地。并将他移动到 ssh 目录下方便管理。
# 切换root用户,因为我们一直都是用root用户操作的OpenStack
sudo su
mv sshkey.pem ~/.ssh
使用公钥创建实例
Project-Instances-Launch Instance
在 Key Pair 中选择刚刚创建的 sshkey。这里实际就是将创建的密钥对中的公钥放到了我们的实例中,这样我们就可以拿着本地的私钥去访问实例。
登录实例
ssh -i ~/.ssh/sshkey.pem ubuntun@10.0.2.111其中~/.ssh/sshkey.pem是我们下载的私钥文件,ubuntun是实例的用户名,10.0.2.111是实例的 IP 地址。