sat-key的帮助文件中文信息:
[root@localhost ~]# salt-key --help
Usage: salt-key [options]Salt key 用于管理认证key
Options:--version 显示版本号后退出--versions-report 显示程序的所有依赖包版本号,并退出-h,--help 帮助信息-c CONFIG_DIR,--config-dir=CONFIG_DIR
指定配置目录,默认:/etc/salt/-q,--quiet 安静模式,不输出信息到控制台-y,--yes 对所有询问是否继续,回答yes,默认:falseLoggingOptions:设置loggin选项会覆盖掉配置文件中对日志的配置.--log-file=LOG_FILE
指定日志文件路径,默认:/var/log/salt/key.--log-file-level=LOG_LEVEL_LOGFILE
日志文件等级,可设置下面中的一个值'all','garbage','trace','debug','info','warning','error','quiet'.默认:'warning'.--key-logfile=KEY_LOGFILE
将所有的输出发送到指定的文件,默认:'/var/log/salt/key'OutputOptions:配置输出格式--out=OUTPUT,--output=OUTPUT
把salt-key命令的输出信息发送给指定的outputer.可设置为下面参数值'no_return','virt_query'.'grains','yaml','overstatestage','json','pprint','nested','raw','highstate','quiet','key','txt',--out-indent=OUTPUT_INDENT,--output-indent=OUTPUT_INDENT
设置输出行缩进的空格数.负数取消输出缩进编排.仅对使用的outputer有效.--out-file=OUTPUT_FILE,--output-file=OUTPUT_FILE
把显示输出到指定的文件--no-color,--no-colour
关闭字体颜色--force-color,--force-colour
强制开启输出颜色渲染Actions:-l ARG,--list=ARG
打印公钥key.可设置下面三个值"pre","un",and"unaccepted"会显示不许可/未签名 keys."acc"or"accepted"会显示许可/已签名 keys."rej"or"rejected"会显示拒绝的 keys."all"会显示所有 keys.-L,--list-all 会显示所有公钥,相当月:"--list all"-a ACCEPT,--accept=ACCEPT
许可指定的公钥(使用--include-all选项可以指定除了挂起的key外的所有reject状态的公钥)-A,--accept-all 许可所有pending的公钥-r REJECT,--reject=REJECT
拒绝指定的公钥(使用--include-all选项可以指定除了挂起的key外的所有accept状态的公钥)-R,--reject-all 拒接所有pending的公钥--include-all 配合 accepting/rejecting 选项使用,指定所有非pending状态的公钥-p PRINT,--print=PRINT
打印指定的公钥-P,--print-all Print all public keys
-d DELETE,--delete=DELETE
根据公钥的名称删除公钥-D,--delete-all 删除所有 keys
-f FINGER,--finger=FINGER
打印指定key的指纹信息-F,--finger-all 打印所有key的指纹信息Key常用选项:--gen-keys=GEN_KEYS
对生成的key配置设置一个salt使用的名称。--gen-keys-dir=GEN_KEYS_DIR
设置生成key对的放置目录,默认当前目录。default=.--keysize=KEYSIZE
为生成key设置位数,仅跟--gen-keys选项配合时有效,数值大小必须大于2048,否则会被提升至2048位,默认2048default=2048
salt-key的使用实例:
## 显示所有minion的认证信息
salt-key -L
# 接受192.168.0.100的认证信息
salt-key -a 192.168.0.100# 接受192.168.0.100的认证信息,不需要手动验证
salt-key -a 192.168.0.100-y
# 接受192.168.0.100的认证信息,即使该minion是Rejected Keys状态
salt-key -a 192.168.0.100--include-all
# 接受所有 Unaccepted Keys 状态的minion的认证信息
salt-key -A
# 拒绝认证192.168.0.100
salt-key -d 192.168.0.100# 拒绝所有 Unaccepted Keys 状态的minion
salt-key -D
salt-key 命令示例:
示例:
查看所有Key
Unaccepted Keys:
pn.1.60
Proceed? [N/y] y
Key for minion pn.1.60 deleted.
添加所有待验证的Key
Unaccepted Keys:
pn-app-0.21
pn-app-0.23
Proceed? [n/Y] y
Key for minion pn-app-0.21 accepted.
Key for minion pn-app-0.23 accepted.
示例:
查看所有Key
salt-key -L
删除所有Key
salt-key -D
删除某个Key
salt-key -d pn.1.60
The following keys are going to be deleted:
Unaccepted Keys:
pn.1.60
Proceed? [N/y] y
Key for minion pn.1.60 deleted.
添加所有待验证的Key
salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
pn-app-0.21
pn-app-0.23
Proceed? [n/Y] y
Key for minion pn-app-0.21 accepted.
Key for minion pn-app-0.23 accepted.
Man
salt-key -h
Usage: salt-key [options]
Salt key is used to manage Salt authentication keys
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-q, --quiet Suppress output
-y, --yes Answer Yes to all questions presented, defaults to
False
Logging Options:
Logging options which override any settings defined on the
configuration files.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/key.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
--key-logfile=KEY_LOGFILE
Send all output to a file. Default is
'/var/log/salt/key'
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt-key' command using the
specified outputter. The builtins are 'no_return',
'grains', 'yaml', 'overstatestage', 'json', 'pprint',
'nested', 'raw', 'highstate', 'quiet', 'key', 'txt',
'virt_query'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file
--no-color, --no-colour
Disable all colored output
--force-color, --force-colour
Force colored output
Actions:
-l ARG, --list=ARG List the public keys. The args "pre", "un", and
"unaccepted" will list unaccepted/unsigned keys. "acc"
or "accepted" will list accepted/signed keys. "rej" or
"rejected" will list rejected keys. Finally, "all"
will list all keys.
-L, --list-all List all public keys. (Deprecated: use "--list all")
-a ACCEPT, --accept=ACCEPT
Accept the specified public key (use --include-all to
match rejected keys in addition to pending keys).
Globs are supported.
-A, --accept-all Accept all pending keys
-r REJECT, --reject=REJECT
Reject the specified public key (use --include-all to
match accepted keys in addition to pending keys).
Globs are supported.
-R, --reject-all Reject all pending keys
--include-all Include non-pending keys when accepting/rejecting
-p PRINT, --print=PRINT
Print the specified public key
-P, --print-all Print all public keys
-d DELETE, --delete=DELETE
Delete the specified key. Globs are supported.
-D, --delete-all Delete all keys
-f FINGER, --finger=FINGER
Print the specified key's fingerprint
-F, --finger-all Print all keys' fingerprints
Key Generation Options:
--gen-keys=GEN_KEYS
Set a name to generate a keypair for use with salt
--gen-keys-dir=GEN_KEYS_DIR
Set the directory to save the generated keypair, only
works with "gen_keys_dir" option; default=.
--keysize=KEYSIZE Set the keysize for the generated key, only works with
the "--gen-keys" option, the key size must be 2048 or
higher, otherwise it will be rounded up to 2048; ;
default=2048
You can find additional help about salt-key issuing "man salt-key" or on
http://docs.saltstack.org
#END