sat-key的帮助文件中文信息:
[root@localhost ~]# salt-key --helpUsage: salt-key [options]Salt key 用于管理认证keyOptions:--version 显示版本号后退出--versions-report 显示程序的所有依赖包版本号,并退出-h,--help 帮助信息-c CONFIG_DIR,--config-dir=CONFIG_DIR 指定配置目录,默认:/etc/salt/-q,--quiet 安静模式,不输出信息到控制台-y,--yes 对所有询问是否继续,回答yes,默认:falseLoggingOptions:设置loggin选项会覆盖掉配置文件中对日志的配置.--log-file=LOG_FILE 指定日志文件路径,默认:/var/log/salt/key.--log-file-level=LOG_LEVEL_LOGFILE 日志文件等级,可设置下面中的一个值'all','garbage','trace','debug','info','warning','error','quiet'.默认:'warning'.--key-logfile=KEY_LOGFILE 将所有的输出发送到指定的文件,默认:'/var/log/salt/key'OutputOptions:配置输出格式--out=OUTPUT,--output=OUTPUT 把salt-key命令的输出信息发送给指定的outputer.可设置为下面参数值'no_return','virt_query'.'grains','yaml','overstatestage','json','pprint','nested','raw','highstate','quiet','key','txt',--out-indent=OUTPUT_INDENT,--output-indent=OUTPUT_INDENT 设置输出行缩进的空格数.负数取消输出缩进编排.仅对使用的outputer有效.--out-file=OUTPUT_FILE,--output-file=OUTPUT_FILE 把显示输出到指定的文件--no-color,--no-colour 关闭字体颜色--force-color,--force-colour 强制开启输出颜色渲染Actions:-l ARG,--list=ARG 打印公钥key.可设置下面三个值"pre","un",and"unaccepted"会显示不许可/未签名 keys."acc"or"accepted"会显示许可/已签名 keys."rej"or"rejected"会显示拒绝的 keys."all"会显示所有 keys.-L,--list-all 会显示所有公钥,相当月:"--list all"-a ACCEPT,--accept=ACCEPT 许可指定的公钥(使用--include-all选项可以指定除了挂起的key外的所有reject状态的公钥)-A,--accept-all 许可所有pending的公钥-r REJECT,--reject=REJECT 拒绝指定的公钥(使用--include-all选项可以指定除了挂起的key外的所有accept状态的公钥)-R,--reject-all 拒接所有pending的公钥--include-all 配合 accepting/rejecting 选项使用,指定所有非pending状态的公钥-p PRINT,--print=PRINT 打印指定的公钥-P,--print-all Print all public keys -d DELETE,--delete=DELETE 根据公钥的名称删除公钥-D,--delete-all 删除所有 keys -f FINGER,--finger=FINGER 打印指定key的指纹信息-F,--finger-all 打印所有key的指纹信息Key常用选项:--gen-keys=GEN_KEYS 对生成的key配置设置一个salt使用的名称。--gen-keys-dir=GEN_KEYS_DIR 设置生成key对的放置目录,默认当前目录。default=.--keysize=KEYSIZE 为生成key设置位数,仅跟--gen-keys选项配合时有效,数值大小必须大于2048,否则会被提升至2048位,默认2048default=2048
salt-key的使用实例:
## 显示所有minion的认证信息salt-key -L# 接受192.168.0.100的认证信息salt-key -a 192.168.0.100# 接受192.168.0.100的认证信息,不需要手动验证salt-key -a 192.168.0.100-y# 接受192.168.0.100的认证信息,即使该minion是Rejected Keys状态salt-key -a 192.168.0.100--include-all# 接受所有 Unaccepted Keys 状态的minion的认证信息salt-key -A# 拒绝认证192.168.0.100salt-key -d 192.168.0.100# 拒绝所有 Unaccepted Keys 状态的minionsalt-key -D
salt-key 命令示例: 示例: 查看所有Key
salt-key -L删除所有Key
salt-key -D删除某个Key
salt-key -d pn.1.60The following keys are going to be deleted: Unaccepted Keys: pn.1.60 Proceed? [N/y] y Key for minion pn.1.60 deleted. 添加所有待验证的Key
salt-key -AThe following keys are going to be accepted: Unaccepted Keys: pn-app-0.21 pn-app-0.23 Proceed? [n/Y] y Key for minion pn-app-0.21 accepted. Key for minion pn-app-0.23 accepted.
Man
salt-key -hUsage: salt-key [options] Salt key is used to manage Salt authentication keys Options: --version show program's version number and exit --versions-report show program's dependencies version number and exit -h, --help show this help message and exit -c CONFIG_DIR, --config-dir=CONFIG_DIR Pass in an alternative configuration directory. Default: /etc/salt -q, --quiet Suppress output -y, --yes Answer Yes to all questions presented, defaults to False Logging Options: Logging options which override any settings defined on the configuration files. --log-file=LOG_FILE Log file path. Default: /var/log/salt/key. --log-file-level=LOG_LEVEL_LOGFILE Logfile logging log level. One of 'all', 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical', 'quiet'. Default: 'warning'. --key-logfile=KEY_LOGFILE Send all output to a file. Default is '/var/log/salt/key' Output Options: Configure your preferred output format --out=OUTPUT, --output=OUTPUT Print the output from the 'salt-key' command using the specified outputter. The builtins are 'no_return', 'grains', 'yaml', 'overstatestage', 'json', 'pprint', 'nested', 'raw', 'highstate', 'quiet', 'key', 'txt', 'virt_query'. --out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT Print the output indented by the provided value in spaces. Negative values disables indentation. Only applicable in outputters that support indentation. --out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE Write the output to the specified file --no-color, --no-colour Disable all colored output --force-color, --force-colour Force colored output Actions: -l ARG, --list=ARG List the public keys. The args "pre", "un", and "unaccepted" will list unaccepted/unsigned keys. "acc" or "accepted" will list accepted/signed keys. "rej" or "rejected" will list rejected keys. Finally, "all" will list all keys. -L, --list-all List all public keys. (Deprecated: use "--list all") -a ACCEPT, --accept=ACCEPT Accept the specified public key (use --include-all to match rejected keys in addition to pending keys). Globs are supported. -A, --accept-all Accept all pending keys -r REJECT, --reject=REJECT Reject the specified public key (use --include-all to match accepted keys in addition to pending keys). Globs are supported. -R, --reject-all Reject all pending keys --include-all Include non-pending keys when accepting/rejecting -p PRINT, --print=PRINT Print the specified public key -P, --print-all Print all public keys -d DELETE, --delete=DELETE Delete the specified key. Globs are supported. -D, --delete-all Delete all keys -f FINGER, --finger=FINGER Print the specified key's fingerprint -F, --finger-all Print all keys' fingerprints Key Generation Options: --gen-keys=GEN_KEYS Set a name to generate a keypair for use with salt --gen-keys-dir=GEN_KEYS_DIR Set the directory to save the generated keypair, only works with "gen_keys_dir" option; default=. --keysize=KEYSIZE Set the keysize for the generated key, only works with the "--gen-keys" option, the key size must be 2048 or higher, otherwise it will be rounded up to 2048; ; default=2048 You can find additional help about salt-key issuing "man salt-key" or on #END