SaltStack salt-key

salt-key

ɾ³ýδÈÏÖ¤µÄkey:

salt-key -d  www.rscpass.com

[root@node110 master]# salt-key

Accepted Keys:

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

Rejected Keys:

 

²é¿´ÒÑ´æÔÚµÄkey:

[root@node110 master]# salt-key -L

Accepted Keys:

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

Rejected Keys:

 

Ìí¼ÓδÈÏÖ¤µÄclient:

[root@node110 ~]# salt-key -a'minion.node2.saltstack.com'

The following keys are going to be accepted:

Unaccepted Keys:

minion.node2.saltstack.com

Proceed? [n/Y] y

Key for minion minion.node2.saltstack.com accepted.

[root@node110 ~]# salt-key -L

Accepted Keys:

minion.node2.saltstack.com

minion.saltstack.com

Denied Keys:

Unaccepted Keys:

Rejected Keys:

 

 

[root@node110 master]# salt-key --help

Usage: salt-key [options]

 

Salt key is used to manage Salt authentication keys

 

Options:

  --version             show program's version number andexit

 --versions-report     showprogram's dependencies version number and exit

  -h, --help            show this help message and exit

 --saltfile=SALTFILE   Specify thepath to a Saltfile. If not passed, one

                       will be searched for in the current working directory

  -c CONFIG_DIR,--config-dir=CONFIG_DIR

                       Pass in an alternative configuration directory.

                       Default: /etc/salt

  -u USER,--user=USER  Specify user to run salt-key

  --hard-crash          Raise any original exception ratherthan exiting

                       gracefullyDefault: False

  -q,--quiet           Suppress output

  -y, --yes             Answer Yes to all questionspresented, defaults to

                       False

 --rotate-aes-key=ROTATE_AES_KEY

                       Setting this to False prevents the master from

                       refreshing the key session when keys are deleted or

                        rejected, this lowers thesecurity of the key

                       deletion/rejection operation. Default is True.

 

  LoggingOptions:

    Loggingoptions which override any settings defined on the

   configuration files.

 

   --log-file=LOG_FILE

                       Log file path. Default: /var/log/salt/key.

   --log-file-level=LOG_LEVEL_LOGFILE

                       Logfile logging log level. One of 'all', 'garbage',

                       'trace', 'debug', 'info', 'warning', 'error',

                       'critical', 'quiet'. Default: 'warning'.

 

  Output Options:

    Configure yourpreferred output format

 

    --out=OUTPUT,--output=OUTPUT

                       Print the output from the 'salt-key' command using the

                       specified outputter. The builtins are 'key', 'yaml',

                       'overstatestage', 'txt', 'newline_values_only',

                       'no_return', 'raw', 'virt_query', 'compact', 'json',

                       'highstate', 'nested', 'quiet', 'pprint'.

   --out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT

                       Print the output indented by the provided value in

                       spaces. Negative values disables indentation. Only

                       applicable in outputters that support indentation.

   --out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE

                       Write the output to the specified file

   --out-file-append, --output-file-append

                       Append the output to thespecified file

    --no-color,--no-colour

                       Disable all colored output

    --force-color,--force-colour

                       Force colored output

   --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT

                       Override the configured state_output value for minion

                       output. One of full, terse, mixed, changes or filter.

                       Default: full.

 

  Actions:

    -l ARG,--list=ARG  List the public keys. Theargs "pre", "un", and

                       "unaccepted" will list unaccepted/unsigned keys."acc"

                       or "accepted" will list accepted/signed keys. "rej"or

                       "rejected" will list rejected keys. "den" or"denied"

                       will list denied keys. Finally, "all" will list all

                       keys.

    -L,--list-all      List all public keys. (Deprecated: use "--listall")

    -a ACCEPT,--accept=ACCEPT           #½ÓÊÕ¿Í»§¶ËÇëÇó,µ¥¸öÓû§

                       Accept the specified public key (use --include-all to

                       match rejected keys in addition to pending keys).

                       Globs aresupported.

    -A,--accept-all    Accept all pending keys        #Ò»´Î½ÓÊÕËùÓÐÓû§µÄÇëÇó

    -r REJECT,--reject=REJECT

                       Reject the specified public key (use --include-all to

                       match accepted keys in addition topending keys).

                       Globs are supported.

    -R,--reject-all    Reject all pending keys

   --include-all       Includenon-pending keys when accepting/rejecting

    -p PRINT,--print=PRINT

                       Print the specified public key

    -P,--print-all     Print all public keys           

    -d DELETE,--delete=DELETE                                   #ɾ³ýÖ¸¶¨µÄkey

                       Delete the specified key. Globs are supported.

    -D,--delete-all    Delete all keys               #ɾ³ýËùÓÐÒÑ×¢²áµÄkey

    -f FINGER,--finger=FINGER

                       Print the specified key's fingerprint

    -F, --finger-all    Print all keys' fingerprints

 

  Key GenerationOptions:

   --gen-keys=GEN_KEYS

                       Set a name to generate a keypair for use with salt

   --gen-keys-dir=GEN_KEYS_DIR

                       Set the directory to save the generated keypair, only

                       works with "gen_keys_dir" option; default=.

   --keysize=KEYSIZE   Set thekeysize for the generated key, only works with

                       the "--gen-keys" option, the key size must be 2048 or

                       higher, otherwise it will be rounded up to 2048; ;

                       default=2048

   --gen-signature     Create asignature file of the masters public-key

                       named master_pubkey_signature.The signature can be

                       send to a minion in the masters auth-reply and enables

                       the minion to verify the masters public-key

                       cryptographically. This requires a new signing-key-

                       pair which can be auto-created with the --auto-create

                       parameter

   --priv=PRIV         Theprivate-key file to create a signature with

   --signature-path=SIGNATURE_PATH

                        The path where the signature fileshould be written

    --pub=PUB           The public-key file to create asignature for

   --auto-create       Auto-create asigning key-pair if it does not yet

                       exist

 

You can find additional help about salt-key issuing"man salt-key" or on

http://docs.saltstack.org

 

 

·Ö¸îÏß
¸Ðл´òÉÍ
½­Î÷Êý¿âÐÅÏ¢¼¼ÊõÓÐÏÞ¹«Ë¾
YWSOS.COM ƽ̨´úÔËά½â¾ö·½°¸
 ÆÀÂÛ
 ·¢±íÆÀÂÛ
ÐÕ   Ãû£º

Powered by AKCMS