devstack - 允许从访客虚拟机到 devstack 的 ssh
[英]devstack - allow ssh from guest vm to devstack
问题描述
can a guest instance in devstack with the following interfaces and route (see below) access the devstack instance in this way: ssh ubuntu@10.0.0.1 (keys are set correctly)? 
devstack 中具有以下接口和路由(见下文)的访客实例能否以这种方式访问 devstack 实例:ssh ubuntu@10.0.0.1(密钥设置正确)?
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:68:3d:7c brd ff:ff:ff:ff:ff:ff
inet 10.0.0.4/26 brd 10.0.0.63 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe68:3d7c/64 scope link
valid_lft forever preferred_lft forever
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.192 U 0 0 0 eth0
169.254.169.254 10.0.0.1 255.255.255.255 UGH 0 0 0 eth0
this is the routing table of devstack instance Kernel IP routing table这是devstack实例内核IP路由表的路由表
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 192.168.1.228 255.255.252.0 UG 0 0 0 br-ex
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.224 0.0.0.0 255.255.255.224 U 0 0 0 br-ex
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
6: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether 12:14:51:c6:b2:49 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.225/27 scope global br-ex
valid_lft forever preferred_lft forever
inet6 fe80::1014:51ff:fec6:b249/64 scope link
valid_lft forever preferred_lft forever
What rule should I add to allow instances with ip 10.0.0.0/24 to ssh in the devstack machine?我应该添加什么规则来允许 ip 10.0.0.0/24 的实例在 devstack 机器中进行 ssh? Should I change some firewall rules (tried with no success) or change the routing rules?我应该更改一些防火墙规则(尝试没有成功)还是更改路由规则? this is the localrc这是localrc
[[local|localrc]]
FLOATING_RANGE=192.168.1.224/27
FIXED_RANGE=10.0.0.0/24
FIXED_NETWORK_SIZE=256
FLAT_INTERFACE=eth0
3 个解决方案
解决方案1
0 2017-04-06 18:03:02
Try to add the host IP on your local.conf .尝试在local.conf上添加主机 IP 。 For example:例如:
HOST_IP=10.0.0.1
解决方案2
0 2017-04-07 09:31:29
I even tried HOST_IP=10.0.0.1 in the devstack configuration file, but devstack was unable to start.我什至在 devstack 配置文件中尝试过 HOST_IP=10.0.0.1,但 devstack 无法启动。
Since my problem was that guest instances couldn't rsync with the devstack instance, I just changed the rsync script in the images to rsync on another ip of the devstack instance that was easily accessible.由于我的问题是来宾实例无法与 devstack 实例 rsync,我只是将图像中的 rsync 脚本更改为 rsync 在易于访问的 devstack 实例的另一个 ip 上。
I suspect if one need to do what I asked in the first place should look in the neutron namespaces.我怀疑是否需要做我一开始问的事情应该查看 neutron 命名空间。 But since i found the workardound I didn't tried.但是因为我找到了解决方法,所以我没有尝试。
解决方案3
0 2019-12-04 18:54:38
No, it can't.不,不能。 And 10.0.0.1 dont look your devstack instance IP.并且 10.0.0.1 不要看你的 devstack 实例 IP。 I think your local.conf (old localrc) is not good.我认为您的 local.conf(旧 localrc)不好。 Try to use just:尝试仅使用:
[[local|localrc]]
...
IP_VERSION=4
HOST_IP=192.168.1.104
FLOATING_RANGE="192.168.1.224/27"
Q_FLOATING_ALLOCATION_POOL=start=192.168.1.226,end=192.168.1.254
Devstack will set up the rest. Devstack 将设置其余部分。 Only with that your guest instance should access the Devstack host.只有这样,您的来宾实例才能访问 Devstack 主机。
But I think you'll want more than just that.但我认为你想要的不止这些。 Try this:尝试这个:
- In Security Groups add ingress rules to ICMP, SSH and also HTTP and HTTPS;在安全组中,向 ICMP、SSH 以及 HTTP 和 HTTPS 添加入口规则;
- In the private Network, edit private-subnet to add a DNS Name Servers (8.8.8.8, 1.1.1.1, etc);在私有网络中,编辑私有子网以添加 DNS 名称服务器(8.8.8.8、1.1.1.1 等);
- Allocated some Floating IP's;分配一些浮动IP;
- Launch some instances;启动一些实例;
- Associate a floating IP to each instance;为每个实例关联一个浮动IP;
- Set the proxy_arp and iptables (in the host Devstack).设置 proxy_arp 和 iptables(在主机 Devstack 中)。
How to expose the Devstack floating ip to the external world? 如何将 Devstack 浮动 ip 暴露给外界?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.