SaltStack salt-keysalt-key
ɾ³ýδÈÏÖ¤µÄkey:
salt-key -d www.rscpass.com
[root@node110 master]# salt-key
Accepted Keys:
minion.saltstack.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
²é¿´ÒÑ´æÔÚµÄkey:
[root@node110 master]# salt-key -L
Accepted Keys:
minion.saltstack.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Ìí¼ÓδÈÏÖ¤µÄclient:
[root@node110 ~]# salt-key -a'minion.node2.saltstack.com'
The following keys are going to be accepted:
Unaccepted Keys:
minion.node2.saltstack.com
Proceed? [n/Y] y
Key for minion minion.node2.saltstack.com accepted.
[root@node110 ~]# salt-key -L
Accepted Keys:
minion.node2.saltstack.com
minion.saltstack.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@node110 master]# salt-key --help
Usage: salt-key [options]
Salt key is used to manage Salt authentication keys
Options:
--version show program's version number andexit
--versions-report showprogram's dependencies version number and exit
-h, --help show this help message and exit
--saltfile=SALTFILE Specify thepath to a Saltfile. If not passed, one
will be searched for in the current working directory
-c CONFIG_DIR,--config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-u USER,--user=USER Specify user to run salt-key
--hard-crash Raise any original exception ratherthan exiting
gracefullyDefault: False
-q,--quiet Suppress output
-y, --yes Answer Yes to all questionspresented, defaults to
False
--rotate-aes-key=ROTATE_AES_KEY
Setting this to False prevents the master from
refreshing the key session when keys are deleted or
rejected, this lowers thesecurity of the key
deletion/rejection operation. Default is True.
LoggingOptions:
Loggingoptions which override any settings defined on the
configuration files.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/key.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
Output Options:
Configure yourpreferred output format
--out=OUTPUT,--output=OUTPUT
Print the output from the 'salt-key' command using the
specified outputter. The builtins are 'key', 'yaml',
'overstatestage', 'txt', 'newline_values_only',
'no_return', 'raw', 'virt_query', 'compact', 'json',
'highstate', 'nested', 'quiet', 'pprint'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file
--out-file-append, --output-file-append
Append the output to thespecified file
--no-color,--no-colour
Disable all colored output
--force-color,--force-colour
Force colored output
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of full, terse, mixed, changes or filter.
Default: full.
Actions:
-l ARG,--list=ARG List the public keys. Theargs "pre", "un", and
"unaccepted" will list unaccepted/unsigned keys."acc"
or "accepted" will list accepted/signed keys. "rej"or
"rejected" will list rejected keys. "den" or"denied"
will list denied keys. Finally, "all" will list all
keys.
-L,--list-all List all public keys. (Deprecated: use "--listall")
-a ACCEPT,--accept=ACCEPT #½ÓÊÕ¿Í»§¶ËÇëÇó,µ¥¸öÓû§
Accept the specified public key (use --include-all to
match rejected keys in addition to pending keys).
Globs aresupported.
-A,--accept-all Accept all pending keys #Ò»´Î½ÓÊÕËùÓÐÓû§µÄÇëÇó
-r REJECT,--reject=REJECT
Reject the specified public key (use --include-all to
match accepted keys in addition topending keys).
Globs are supported.
-R,--reject-all Reject all pending keys
--include-all Includenon-pending keys when accepting/rejecting
-p PRINT,--print=PRINT
Print the specified public key
-P,--print-all Print all public keys
-d DELETE,--delete=DELETE #ɾ³ýÖ¸¶¨µÄkey
Delete the specified key. Globs are supported.
-D,--delete-all Delete all keys #ɾ³ýËùÓÐÒÑ×¢²áµÄkey
-f FINGER,--finger=FINGER
Print the specified key's fingerprint
-F, --finger-all Print all keys' fingerprints
Key GenerationOptions:
--gen-keys=GEN_KEYS
Set a name to generate a keypair for use with salt
--gen-keys-dir=GEN_KEYS_DIR
Set the directory to save the generated keypair, only
works with "gen_keys_dir" option; default=.
--keysize=KEYSIZE Set thekeysize for the generated key, only works with
the "--gen-keys" option, the key size must be 2048 or
higher, otherwise it will be rounded up to 2048; ;
default=2048
--gen-signature Create asignature file of the masters public-key
named master_pubkey_signature.The signature can be
send to a minion in the masters auth-reply and enables
the minion to verify the masters public-key
cryptographically. This requires a new signing-key-
pair which can be auto-created with the --auto-create
parameter
--priv=PRIV Theprivate-key file to create a signature with
--signature-path=SIGNATURE_PATH
The path where the signature fileshould be written
--pub=PUB The public-key file to create asignature for
--auto-create Auto-create asigning key-pair if it does not yet
exist
You can find additional help about salt-key issuing"man salt-key" or on
http://docs.saltstack.org
