Openstack由镜像文件生成image来创建虚机(VM或Instance)时, 通常不支持用户名加密码ssh登录访问此方式VM,而是key file方式. 这里以Centos以镜像为例, 介绍用keypair生成和访问虚机的方法.
1: 在系统中查看keypair:
[root@control01 ~]# nova keypair-list ------ ------ ------------- | Name | Type | Fingerprint | ------ ------ ------------- ------ ------ ------------- 生成自己的keypair, 随意取名, 本例中是test-key:
该指令的输出为密钥: [root@control01 ~]# nova keypair-add test-key -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAq6QzoaNJDo/ang2XpF9l9TGCtmY5XWq0t0D59tr/jbJS3gD2 F4pBZf 2GtgLK6N7F3NAET0NMDeTl87rbwqT8/6zI//kIFHrvaiddax39kAH0foh s94v rZs1E5uQARvP/OX5S/pl8SsI5CLyrxAL2jncFFmJ6J/SD1JerxDp J2pOC2 AQvX6y6aWJ07FgGeLZCYlCK8 Ji7GJRRC 14S1u20yqATflBmBKijldsaK/gmL9p Tsq/rCgFjLhdh22uxKxuWLI1Z 2CCPy0ZsgT1fXHDlUjaZAfJmWYuiYJPFCkRp8G 4hmGRR6FSqJQl GWljTq r8OLD5AKd45sHRVoQIDAQABAoIBAA2tKcgJYLreT4ck gh7A0zj0Vvv9rTh6Vif7727yCEbcHKo/3VwG0is0cug0qr8xaY92yXYWLUTYSNRh 0nSonR1mABQwQZcpr UO2G0V7wEaHQVoLuNMIvqRKp7IGRTUxaCM4l Kr8w CZFT 5S kTGD6tOZINiGWWxoAeChlc aejXShmmEyiUyyLbfRn4hyJHNqrUZVUa79FOk9 i5c1/apKUarMduR352qTWo/0/0MnhCch9RsHeVIrP0zHB8WnHdY waaDx2yuGAwf h5VCw VyP8AB3u4f2KyGsohArMsgofDQIUngVjDIOUAxbAsiQJ8qqtmsCqnMZwmd nrJuY/kCgYEA2QeugzDX4KbTSPd0DHqlYLk86GwCLRH8PaSh/AO045EnH5JmY26G OT5xyxtXDOnda87ZpjpbbTNo/l JYmQ566PePt6w0mJc28T6URpXFjukJcfzB7O/ 0Sfp9dx14VgSP60Z8hUFtt/AtEK7zDh2zyi3s0q0T97F150XiLWrWeMCgYEAynYf ILvDrZLR1glw nQSI4n7OVtIsJ Gbk RxKJVBnNQG1F1/ R0y9uMZaEFoqMrk9u holgTchuKl/CapVI9x/LvUmyRB1Q4ilcgdm1qieY2e7xs2ODsOerPCoa bikHPRn 27zR62HqHqnXNc9fOLM8NjNIZfhpXcONUZPheasCgYAS7BqJEa8gxSrSx9B0bhUR M9Vdpl0iNNk7Pqlo4aHZ3YP9urP2o2JMh2dAgCe81n8ZsTVEyv3BraPP2eCOlZJ/ OxBbhur/zNevyaLRg2xoYdbT/HTyDPgCcmpxp0EX3qfoqV0DwFV5NlUE4nShP6MM OM6bcT37YL77J5UvtDc2ZQKBgCMBJ0KelCd3ggYynbFAbL2OroJ77FGdNPY3m/fn 0YyT5XPlMLU2v7y2r6OtNWs8SzR8EUz7hYYNSFbVNaT96J6pha1Vh5fVRb3EjvT4 cjtYG0pa0LlGVGeKtoVxdjaE4QMMksRgMh8zT6o7jTUFhJ4mBxwL49GVkIognFdl bQ9/AoGAfsFhJeWJ5WYzik5yXB9FqedZB39PzIAKC5u/W1slkq8RaE3bdHFNR3o9 M MMNtfVty12yRGYhRb5RM1/WExRo/PpuwgXXJCy2kINejo0VI8ECHFwjPo0Dh8 q1t17geH9ktCukTiaWOSxPYAReTT21kGtZmbnGomMhB0WsMrh1o= -----END RSA PRIVATE KEY----- 三、在文件中保持密钥, 也就是key file (随意选择名称, 为方便这里和keypair的名字一样):
[root@control01 ~]# vi test-key.pem 将上述所有内容(包括第一行和最后一行的标签和符号)复制到文件中,保存并退出。 再用more或cat指令再次检查文件:
[root@control01 ~]# more test-key.pem 4: 确认keypair:
[root@control01 ~]# nova keypair-list ---------- ------ ------------------------------------------------- | Name | Type | Fingerprint | ---------- ------ ------------------------------------------------- | test-key | ssh | a4:cf:ef:53:6c:ba:7d:3b:a3:8e:4a:4d:81:47:fe:66 | ---------- ------ ------------------------------------------------- 5:用nova boot创建VM,带关键参数–key-name,上面的价值keypair:
[root@control01 ~]# nova boot --flavor m1.small --image centos --key-name test-key --availability-zone nova --nic net-name=testnet test_vm_t 检查生成的VM,获取IP地址:
[root@control01 ~]# nova show test_vm_t -------------------------------------- ---------------------------------------------------------- | Property | Value | -------------------------------------- ---------------------------------------------------------- | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute-1 | | OS-EXT-SRV-ATTR:hostname | test-vm-t | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-1 | | OS-EXT-SRV-ATTR:instance_name | instance-00000407 | | OS-EXT-SRV-ATTR:kernel_id | | | OS-EXT-SRV-ATTR:launch_index | 0 | | OS-EXT-SRV-ATTR:ramdisk_id | | | OS-EXT-SRV-ATTR:ramdisk_id | | | OS-EXT-SRV-ATTR:reservation_id | r-mc44804o |
| OS-EXT-SRV-ATTR:root_device_name | /dev/vda |
| OS-EXT-SRV-ATTR:user_data | - |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2018-05-10T02:49:20.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | True |
| created | 2018-05-10T02:49:14Z |
| description | - |
| description | - |
| flavor | m1.small (2) |
| hostId | 9743f1e7873f1fbc8d1a5da39df25f4a8374605f523d17a0eed53c8b |
| host_status | UP |
| id | 804053fe-d5e5-4349-8b8c-33e2e8f8e8ff |
| image | centos (ad9e09fe-7359-4ce6-9b39-75b33fff0374) |
| key_name | test-key |
| locked | False |
| metadata | {} |
| name | test_vm_t |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| scheduler_hints | {} |
| security_groups | default |
| status | ACTIVE |
| tenant_id | bfb1b84d2d994b36985cfd306e4f8860 |
| testnet network | 10.10.10.246 |
| updated | 2018-05-10T02:49:21Z |
| user_id | c099eaacab0f452e806b59d8b89f0c74 |
+--------------------------------------+----------------------------------------------------------+
6:很重要的一步: 修改key file的读写属性为只读(这里已经是root用户,如果不是就加sudo):
[root@control01 ~]# chmod 600 test-key.pem
7:用ssh -i的方式登录VM,-i所带的参数就是key file的名字:
[root@control01 ~]# ssh -i test-key.pem centos@10.10.10.246
The authenticity of host ‘10.10.10.246 (10.10.10.246)‘ can‘t be established.
ECDSA key fingerprint is 59:f9:c9:c1:4b:69:8b:3d:53:31:98:24:73:17:c6:e1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘10.10.10.246‘ (ECDSA) to the list of known hosts.
[centos@test-vm-t ~]$ ls
查看系统私钥和keypair中show出来的一致,如下:
[root@control01 ~]# nova keypair-show test-key
+-------------+-------------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------------+
| created_at | 2021-05-08T01:54:24.000000 |
| deleted | False |
| deleted_at | - |
| fingerprint | a4:cf:ef:53:6c:ba:7d:3b:a3:8e:4a:4d:81:47:fe:66 |
| id | 57 |
| name | test-key |
| type | ssh |
| updated_at | - |
| user_id | f60939dee75e42fa863c2840d8ad6709 |
+-------------+-------------------------------------------------+
Public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrpDOho0kOj9qeDZekX2X1MYK2ZjldarS3QPn22v+NslLeAPYXikFl/7Ya2Asro3sXc0ARPQ0wN5OXzutvCpPz/rMj/+QgUeu9qJ11rHf2QAfR+iGz3i/6tmzUTm5ABG8/85flL+mXxKwjkIvKvEAvaOdwUWYnon9IPUl6vEOn4nak4LYBC9frLppYnTsWAZ4tkJiUIrz4mLsYlFEL7XhLW7bTKoBN+UGYEqKOV2xor+CYv2lOyr+sKAWMuF2Hba7ErG5YsjVn7YII/LRmyBPV9ccOVSNpkB8mZZi6Jgk8UKRGnwbiGYZFHoVKolCX4ZaWNOr6vw4sPkAp3jmwdFWh Generated-by-Nova
############################
[root@test-key ~]# cat ./.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrpDOho0kOj9qeDZekX2X1MYK2ZjldarS3QPn22v+NslLeAPYXikFl/7Ya2Asro3sXc0ARPQ0wN5OXzutvCpPz/rMj/+QgUeu9qJ11rHf2QAfR+iGz3i/6tmzUTm5ABG8/85flL+mXxKwjkIvKvEAvaOdwUWYnon9IPUl6vEOn4nak4LYBC9frLppYnTsWAZ4tkJiUIrz4mLsYlFEL7XhLW7bTKoBN+UGYEqKOV2xor+CYv2lOyr+sKAWMuF2Hba7ErG5YsjVn7YII/LRmyBPV9ccOVSNpkB8mZZi6Jgk8UKRGnwbiGYZFHoVKolCX4ZaWNOr6vw4sPkAp3jmwdFWh Generated-by-Nova