salt-key
¶salt-key [ options ]
Salt-key 简单地管理Salt server上验证用的公匙。
On initial connection, a Salt minion sends its public key to the Salt
master. This key must be accepted using the salt-key
command on the
Salt master.
Salt minion keys can be in one of the following states:
salt-key
command. In
this state the minion does not receive any communication from the Salt
master.To change the state of a minion key, use -d
to delete the key and then
accept or reject the key.
--version
¶输出运行中的Salt版本
--versions-report
¶输出程序依赖者和版本号,然后退出
-h
,
--help
¶显示帮助信息然后退出
-c
CONFIG_DIR
,
--config-dir
=CONFIG_dir
¶Salt配置目录的位置。这个目录包含了Salt Master和Minion的配置文件。在大多数系统中,默认位置是``/etc/salt``。
-u
USER
,
--user
=USER
¶Specify user to run salt-key
--hard-crash
¶Raise any original exception rather than exiting gracefully. Default is False.
-q
,
--quiet
¶屏蔽输出
-y
,
--yes
¶对所有显示的问题回复'Yes',默认为Flase。
--rotate-aes-key
=ROTATE_AES_KEY
¶Setting this to False prevents the master from refreshing the key session when keys are deleted or rejected, this lowers the security of the key deletion/rejection operation. Default is True.
--out
¶Pass in an alternative outputter to display the return of data. This outputter can be any of the available outputters:
grains
,highstate
,json
,key
,overstatestage
,pprint
,raw
,txt
,yaml
Some outputters are formatted only for data returned from specific
functions; for instance, the grains
outputter will not work for non-grains
data.
If an outputter is used that does not support the data passed into it, then
Salt will fall back on the pprint
outputter and display the return data
using the Python pprint
standard library module.
注解
If using --out=json
, you will probably want --static
as well.
Without the static option, you will get a separate JSON string per minion
which makes JSON output invalid as a whole.
This is due to using an iterative outputter. So if you want to feed it
to a JSON parser, use --static
as well.
--out-indent
OUTPUT_INDENT
,
--output-indent
OUTPUT_INDENT
¶Print the output indented by the provided value in spaces. Negative values disable indentation. Only applicable in outputters that support indentation.
--out-file
=OUTPUT_FILE
,
--output-file
=OUTPUT_FILE
¶把输出写到指定的文件。
--no-color
¶禁用所有的彩色输出
--force-color
¶强制彩色输出
注解
When using colored output the color codes are as follows:
green
denotes success, red
denotes failure, blue
denotes
changes and success and yellow
denotes a expected future change in configuration.
-l
ARG
,
--list
=ARG
¶List the public keys. The args pre
, un
, and unaccepted
will
list unaccepted/unsigned keys. acc
or accepted
will list
accepted/signed keys. rej
or rejected
will list rejected keys.
Finally, all
will list all keys.
-L
,
--list-all
¶List all public keys. (Deprecated: use --list all
)
-a
ACCEPT
,
--accept
=ACCEPT
¶Accept the specified public key (use --include-all to match rejected keys in addition to pending keys). Globs are supported.
-A
,
--accept-all
¶Accepts all pending keys.
-r
REJECT
,
--reject
=REJECT
¶Reject the specified public key (use --include-all to match accepted keys in addition to pending keys). Globs are supported.
-R
,
--reject-all
¶Rejects all pending keys.
--include-all
¶Include non-pending keys when accepting/rejecting.
-p
PRINT
,
--print
=PRINT
¶Print the specified public key.
-P
,
--print-all
¶打印所有公匙
-d
DELETE
,
--delete
=DELETE
¶Delete the specified key. Globs are supported.
-D
,
--delete-all
¶删除所有公钥
-f
FINGER
,
--finger
=FINGER
¶Print the specified key's fingerprint.
-F
,
--finger-all
¶Print all keys' fingerprints.
--gen-keys
=GEN_KEYS
¶Set a name to generate a keypair for use with salt
--gen-keys-dir
=GEN_KEYS_DIR
¶Set the directory to save the generated keypair. Only works with 'gen_keys_dir' option; default is the current directory.
--keysize
=KEYSIZE
¶Set the keysize for the generated key, only works with the '--gen-keys' option, the key size must be 2048 or higher, otherwise it will be rounded up to 2048. The default is 2048.
--gen-signature
¶Create a signature file of the masters public-key named master_pubkey_signature. The signature can be send to a minion in the masters auth-reply and enables the minion to verify the masters public-key cryptographically. This requires a new signing-key- pair which can be auto-created with the --auto-create parameter.
--priv
=PRIV
¶The private-key file to create a signature with
--signature-path
=SIGNATURE_PATH
¶The path where the signature file should be written
--pub
=PUB
¶The public-key file to create a signature for
--auto-create
¶Auto-create a signing key-pair if it does not yet exist
salt(7) salt-master(1) salt-minion(1)