基础配置

添加安全组规则,允许 Ping 和 SSH 访问虚拟机:

openstack security group rule create --proto icmp default
root@allone:~# openstack security group rule create --proto icmp default
+-------------------+---------------------------+
| Field             | Value                                                                                                                                                   |
+-------------------+-------------------------+
| created_at        | 2023-06-28T06:26:10Z                                                                                                                                    |
| description       |                                                                                                                                                         |
| direction         | ingress                                                                                                                                                 |
| ether_type        | IPv4                                                                                                                                                    |
| id                | fe9adfc3-dc42-4680-8ecd-ed5a667e1215                                                                                                                    |
| location          | cloud='', project.domain_id=, project.domain_name='Default', project.id='6396365541a74b6b8ea8812d1af05e70', project.name='admin', region_name='', zone= |
| name              | None                                                                                                                                                    |
| port_range_max    | None                                                                                                                                                    |
| port_range_min    | None                                                                                                                                                    |
| project_id        | 6396365541a74b6b8ea8812d1af05e70                                                                                                                        |
| protocol          | icmp                                                                                                                                                    |
| remote_group_id   | None                                                                                                                                                    |
| remote_ip_prefix  | 0.0.0.0/0                                                                                                                                               |
| revision_number   | 0                                                                                                                                                       |
| security_group_id | f10a3927-5e76-47b4-8691-4169348845ae                                                                                                                    |
| tags              | []                                                                                                                                                      |
| updated_at        | 2023-06-28T06:26:10Z                                                                                                                                    |
+-------------------+--------------------------------+
openstack security group rule create --proto tcp --dst-port 22 default
root@allone:~# openstack security group rule  create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field             | Value                                                                                                                                                   |
+-------------------+--------------------------------------------+
| created_at        | 2023-06-28T06:26:15Z                                                                                                                                    |
| description       |                                                                                                                                                         |
| direction         | ingress                                                                                                                                                 |
| ether_type        | IPv4                                                                                                                                                    |
| id                | af699cf9-5fc0-45e2-a009-0bb7828e2d1a                                                                                                                    |
| location          | cloud='', project.domain_id=, project.domain_name='Default', project.id='6396365541a74b6b8ea8812d1af05e70', project.name='admin', region_name='', zone= |
| name              | None                                                                                                                                                    |
| port_range_max    | 22                                                                                                                                                      |
| port_range_min    | 22                                                                                                                                                      |
| project_id        | 6396365541a74b6b8ea8812d1af05e70                                                                                                                        |
| protocol          | tcp                                                                                                                                                     |
| remote_group_id   | None                                                                                                                                                    |
| remote_ip_prefix  | 0.0.0.0/0                                                                                                                                               |
| revision_number   | 0                                                                                                                                                       |
| security_group_id | f10a3927-5e76-47b4-8691-4169348845ae                                                                                                                    |
| tags              | []                                                                                                                                                      |
| updated_at        | 2023-06-28T06:26:15Z                                                                                                                                    |
+-------------------+-----------------+

命令行方式

生成秘钥

ssh-keygen -q -N “”
  • -q 选项表示静默模式,即在生成密钥对的过程中不会输出任何提示信息或警告。
  • -N 选项后面可以跟一个密码作为参数。该密码将用于保护生成的私钥文件。如果不指定 -N 参数,则私钥文件将不受密码保护。

该命令会在~/.ssh/目录中自动生成一对公私钥。默认私钥名称:id_rsa,默认公钥名称:id_rsa.pub

openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

向 OpenStack 添加公钥,用于创建实例时选择:

root@allone:~# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | 11:36:75:e0:c3:98:4c:97:90:30:f5:69:e1:17:a9:4b |
| name        | mykey                                           |
| user_id     | 9027da91a2134825a421d78db11011d0                |
+-------------+-------------------------------------------------+
openstack keypair list
root@allone:~# openstack keypair list
+---------------------+-------------------------------------------------+
| Name                | Fingerprint                                     |
+---------------------+-------------------------------------------------+
| mykey               | 11:36:75:e0:c3:98:4c:97:90:30:f5:69:e1:17:a9:4b |
| ubuntu cloud server | 67:b4:8a:64:83:4e:47:d0:7c:87:46:34:3b:03:e6:17 |
+---------------------+-------------------------------------------------+
ssh ubuntu@10.0.2.111

其中,ubuntun是实例的用户名,10.0.2.111是实例的 IP 地址。

WEB 界面方式

创建密钥对

Project-Key Pairs-Create Keypairs

Responsive Image

为密钥对起个名字:sshkey,并选择一个类型:SSH Key

Responsive Image

点击创建后会弹出下载私钥的窗口,这时候需要将私钥下载到本地。并将他移动到 ssh 目录下方便管理。

# 切换root用户,因为我们一直都是用root用户操作的OpenStack
sudo su
mv sshkey.pem ~/.ssh

Responsive Image

使用公钥创建实例

Project-Instances-Launch Instance

Responsive Image

在 Key Pair 中选择刚刚创建的 sshkey。这里实际就是将创建的密钥对中的公钥放到了我们的实例中,这样我们就可以拿着本地的私钥去访问实例。

Responsive Image

登录实例

ssh -i ~/.ssh/sshkey.pem  ubuntun@10.0.2.111

其中~/.ssh/sshkey.pem是我们下载的私钥文件,ubuntun是实例的用户名,10.0.2.111是实例的 IP 地址。