salt-key指令簡要介紹

salt-key：這裡應該怎麼講呢，授權可能更合适一些，授權節點percona-node3：

[root@mysql_haproxy ~]#salt-key -a percona-node3      

The following keys are going to be accepted:

Unaccepted Keys:

percona-node3

Proceed? [n/Y] y

Key for minion percona-node3 accepted.

[root@mysql_haproxy ~]# salt-key -L

Accepted Keys:

Rejected Keys:

同理添加其他節點：

percona-node1

percona-node2

操作

-l ARG, –list=ARG

顯示某種類型公鑰。參數”pre”,”un”和”unaccecpted”将顯示不接受的/無符号的keys.”acc”或”accepted”将顯示同意/有符号的keys.”rej”或者”rejected”将顯示拒絕清單，最後”all”将顯示所有keys。

# salt-key -l 'pre'

YQD_2014_12_06_57_93

# salt-key -l 'un' 

# salt-key -l 'unaccecpted'

# salt-key -l 'acc'        

YQD_2014_12_06_57_67

YQD_2014_12_06_57_68

YQD_2014_12_06_57_69

# salt-key -l 'accepted'

# salt-key -l 'rej'     

# salt-key -l 'rejected'

-L, –list-all

在master上顯示所有公鑰: accepted, pending, and rejected.

# salt-key -L

-a ACCEPT, –accept=ACCEPT

指令行執行接受minion名稱的key

-A, –accept-all

接受所有等待的Key

# salt-key -A

Key for minion YQD_2014_12_06_57_93 accepted.

-r REJECT, –reject=REJECT

拒絕某個key，這個隻能絕unaccepted keys裡面的key，并不能拒絕accepted keys裡面的key，如果比對accepted keys裡面的key,需要加上–include-all參數，同理想同意Rejected Keys裡面的key也要下加這個參數，如下所示：

[root@localhost ~]# salt-key --include-all -r YQD_WS_NO_2_11

The following keys are going to be rejected:

YQD_WS_NO_2_11

Key for minion YQD_WS_NO_2_11 rejected.

[root@localhost ~]# salt-key

[root@localhost ~]# salt-key --include-all -a YQD_WS_NO_2_11

Key for minion YQD_WS_NO_2_11 accepted.

-R, –reject-all

拒絕所有等待的公鑰

-p PRINT, –print=PRINT

列印指定的公鑰

-P, –print-all

列印所有公鑰

-d DELETE, –delete=DELETE

删除某個key

-D, –delete-all

删除所有key

# salt-key -D

The following keys are going to be deleted:

Proceed? [N/y] n

-f FINGER, –finger=FINGER

列印指定key的指紋

# salt-key -f YQD_2014_12_06_57_68

YQD_2014_12_06_57_68:  20:a5:f9:85:0b:3d:d7:ba:8f:98:7b:1d:53:fa:a2:2e

–out=OUTPUT, –output=OUTPUT

[root@localhost ~]# salt-key --out=yaml

minions:

- YQD_WS_NO_2_11

minions_pre: []

minions_rejected: []

[root@localhost ~]# salt-key --out=jeson

    - YQD_WS_NO_2_11

minions_pre:

minions_rejected:

-F, –finger-all 列印所有key指紋：

C#

[root@localhost ~]# salt-key -F

Local Keys:

master.pem:  93:90:ce:9d:ed:5d:d0:8b:d5:48:e5:43:99:92:93:f9

master.pub:  9c:ad:e5:8c:cc:ba:49:62:d8:55:83:ad:b9:68:08:ff