sat-key的幫助文件中文信息:
[root@localhost ~]# salt-key --help
Usage: salt-key [options]Salt key 用於管理認證key
Options:--version 顯示版本號后退出--versions-report 顯示程序的所有依賴包版本號,並退出-h,--help 幫助信息-c CONFIG_DIR,--config-dir=CONFIG_DIR
指定配置目錄,默認:/etc/salt/-q,--quiet 安靜模式,不輸出信息到控制台-y,--yes 對所有詢問是否繼續,回答yes,默認:falseLoggingOptions:設置loggin選項會覆蓋掉配置文件中對日志的配置.--log-file=LOG_FILE
指定日志文件路徑,默認:/var/log/salt/key.--log-file-level=LOG_LEVEL_LOGFILE
日志文件等級,可設置下面中的一個值'all','garbage','trace','debug','info','warning','error','quiet'.默認:'warning'.--key-logfile=KEY_LOGFILE
將所有的輸出發送到指定的文件,默認:'/var/log/salt/key'OutputOptions:配置輸出格式--out=OUTPUT,--output=OUTPUT
把salt-key命令的輸出信息發送給指定的outputer.可設置為下面參數值'no_return','virt_query'.'grains','yaml','overstatestage','json','pprint','nested','raw','highstate','quiet','key','txt',--out-indent=OUTPUT_INDENT,--output-indent=OUTPUT_INDENT
設置輸出行縮進的空格數.負數取消輸出縮進編排.僅對使用的outputer有效.--out-file=OUTPUT_FILE,--output-file=OUTPUT_FILE
把顯示輸出到指定的文件--no-color,--no-colour
關閉字體顏色--force-color,--force-colour
強制開啟輸出顏色渲染Actions:-l ARG,--list=ARG
打印公鑰key.可設置下面三個值"pre","un",and"unaccepted"會顯示不許可/未簽名 keys."acc"or"accepted"會顯示許可/已簽名 keys."rej"or"rejected"會顯示拒絕的 keys."all"會顯示所有 keys.-L,--list-all 會顯示所有公鑰,相當月:"--list all"-a ACCEPT,--accept=ACCEPT
許可指定的公鑰(使用--include-all選項可以指定除了掛起的key外的所有reject狀態的公鑰)-A,--accept-all 許可所有pending的公鑰-r REJECT,--reject=REJECT
拒絕指定的公鑰(使用--include-all選項可以指定除了掛起的key外的所有accept狀態的公鑰)-R,--reject-all 拒接所有pending的公鑰--include-all 配合 accepting/rejecting 選項使用,指定所有非pending狀態的公鑰-p PRINT,--print=PRINT
打印指定的公鑰-P,--print-all Print all public keys
-d DELETE,--delete=DELETE
根據公鑰的名稱刪除公鑰-D,--delete-all 刪除所有 keys
-f FINGER,--finger=FINGER
打印指定key的指紋信息-F,--finger-all 打印所有key的指紋信息Key常用選項:--gen-keys=GEN_KEYS
對生成的key配置設置一個salt使用的名稱。--gen-keys-dir=GEN_KEYS_DIR
設置生成key對的放置目錄,默認當前目錄。default=.--keysize=KEYSIZE
為生成key設置位數,僅跟--gen-keys選項配合時有效,數值大小必須大於2048,否則會被提升至2048位,默認2048default=2048
salt-key的使用實例:
## 顯示所有minion的認證信息
salt-key -L
# 接受192.168.0.100的認證信息
salt-key -a 192.168.0.100# 接受192.168.0.100的認證信息,不需要手動驗證
salt-key -a 192.168.0.100-y
# 接受192.168.0.100的認證信息,即使該minion是Rejected Keys狀態
salt-key -a 192.168.0.100--include-all
# 接受所有 Unaccepted Keys 狀態的minion的認證信息
salt-key -A
# 拒絕認證192.168.0.100
salt-key -d 192.168.0.100# 拒絕所有 Unaccepted Keys 狀態的minion
salt-key -D
salt-key 命令示例:
示例:
查看所有Key
Unaccepted Keys:
pn.1.60
Proceed? [N/y] y
Key for minion pn.1.60 deleted.
添加所有待驗證的Key
Unaccepted Keys:
pn-app-0.21
pn-app-0.23
Proceed? [n/Y] y
Key for minion pn-app-0.21 accepted.
Key for minion pn-app-0.23 accepted.
示例:
查看所有Key
salt-key -L
刪除所有Key
salt-key -D
刪除某個Key
salt-key -d pn.1.60
The following keys are going to be deleted:
Unaccepted Keys:
pn.1.60
Proceed? [N/y] y
Key for minion pn.1.60 deleted.
添加所有待驗證的Key
salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
pn-app-0.21
pn-app-0.23
Proceed? [n/Y] y
Key for minion pn-app-0.21 accepted.
Key for minion pn-app-0.23 accepted.
Man
salt-key -h
Usage: salt-key [options]
Salt key is used to manage Salt authentication keys
Options:
--version show program's version number and exit
--versions-report show program's dependencies version number and exit
-h, --help show this help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_DIR
Pass in an alternative configuration directory.
Default: /etc/salt
-q, --quiet Suppress output
-y, --yes Answer Yes to all questions presented, defaults to
False
Logging Options:
Logging options which override any settings defined on the
configuration files.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/key.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of 'all', 'garbage',
'trace', 'debug', 'info', 'warning', 'error',
'critical', 'quiet'. Default: 'warning'.
--key-logfile=KEY_LOGFILE
Send all output to a file. Default is
'/var/log/salt/key'
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt-key' command using the
specified outputter. The builtins are 'no_return',
'grains', 'yaml', 'overstatestage', 'json', 'pprint',
'nested', 'raw', 'highstate', 'quiet', 'key', 'txt',
'virt_query'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file
--no-color, --no-colour
Disable all colored output
--force-color, --force-colour
Force colored output
Actions:
-l ARG, --list=ARG List the public keys. The args "pre", "un", and
"unaccepted" will list unaccepted/unsigned keys. "acc"
or "accepted" will list accepted/signed keys. "rej" or
"rejected" will list rejected keys. Finally, "all"
will list all keys.
-L, --list-all List all public keys. (Deprecated: use "--list all")
-a ACCEPT, --accept=ACCEPT
Accept the specified public key (use --include-all to
match rejected keys in addition to pending keys).
Globs are supported.
-A, --accept-all Accept all pending keys
-r REJECT, --reject=REJECT
Reject the specified public key (use --include-all to
match accepted keys in addition to pending keys).
Globs are supported.
-R, --reject-all Reject all pending keys
--include-all Include non-pending keys when accepting/rejecting
-p PRINT, --print=PRINT
Print the specified public key
-P, --print-all Print all public keys
-d DELETE, --delete=DELETE
Delete the specified key. Globs are supported.
-D, --delete-all Delete all keys
-f FINGER, --finger=FINGER
Print the specified key's fingerprint
-F, --finger-all Print all keys' fingerprints
Key Generation Options:
--gen-keys=GEN_KEYS
Set a name to generate a keypair for use with salt
--gen-keys-dir=GEN_KEYS_DIR
Set the directory to save the generated keypair, only
works with "gen_keys_dir" option; default=.
--keysize=KEYSIZE Set the keysize for the generated key, only works with
the "--gen-keys" option, the key size must be 2048 or
higher, otherwise it will be rounded up to 2048; ;
default=2048
You can find additional help about salt-key issuing "man salt-key" or on
http://docs.saltstack.org
#END