salt-key命令简要介绍

salt-key：这里应该怎么讲呢，授权可能更合适一些，授权节点percona-node3：

[root@mysql_haproxy ~]#salt-key -a percona-node3      

The following keys are going to be accepted:

Unaccepted Keys:

percona-node3

Proceed? [n/Y] y

Key for minion percona-node3 accepted.

[root@mysql_haproxy ~]# salt-key -L

Accepted Keys:

Rejected Keys:

同理添加其他节点：

percona-node1

percona-node2

操作

-l ARG, –list=ARG

显示某种类型公钥。参数”pre”,”un”和”unaccecpted”将显示不接受的/无符号的keys.”acc”或”accepted”将显示同意/有符号的keys.”rej”或者”rejected”将显示拒绝列表，最后”all”将显示所有keys。

# salt-key -l 'pre'

YQD_2014_12_06_57_93

# salt-key -l 'un' 

# salt-key -l 'unaccecpted'

# salt-key -l 'acc'        

YQD_2014_12_06_57_67

YQD_2014_12_06_57_68

YQD_2014_12_06_57_69

# salt-key -l 'accepted'

# salt-key -l 'rej'     

# salt-key -l 'rejected'

-L, –list-all

在master上显示所有公钥: accepted, pending, and rejected.

# salt-key -L

-a ACCEPT, –accept=ACCEPT

命令行执行接受minion名称的key

-A, –accept-all

接受所有等待的Key

# salt-key -A

Key for minion YQD_2014_12_06_57_93 accepted.

-r REJECT, –reject=REJECT

拒绝某个key，这个只能绝unaccepted keys里面的key，并不能拒绝accepted keys里面的key，如果匹配accepted keys里面的key,需要加上–include-all参数，同理想同意Rejected Keys里面的key也要下加这个参数，如下所示：

[root@localhost ~]# salt-key --include-all -r YQD_WS_NO_2_11

The following keys are going to be rejected:

YQD_WS_NO_2_11

Key for minion YQD_WS_NO_2_11 rejected.

[root@localhost ~]# salt-key

[root@localhost ~]# salt-key --include-all -a YQD_WS_NO_2_11

Key for minion YQD_WS_NO_2_11 accepted.

-R, –reject-all

拒绝所有等待的公钥

-p PRINT, –print=PRINT

打印指定的公钥

-P, –print-all

打印所有公钥

-d DELETE, –delete=DELETE

删除某个key

-D, –delete-all

删除所有key

# salt-key -D

The following keys are going to be deleted:

Proceed? [N/y] n

-f FINGER, –finger=FINGER

打印指定key的指纹

# salt-key -f YQD_2014_12_06_57_68

YQD_2014_12_06_57_68:  20:a5:f9:85:0b:3d:d7:ba:8f:98:7b:1d:53:fa:a2:2e

–out=OUTPUT, –output=OUTPUT

[root@localhost ~]# salt-key --out=yaml

minions:

- YQD_WS_NO_2_11

minions_pre: []

minions_rejected: []

[root@localhost ~]# salt-key --out=jeson

    - YQD_WS_NO_2_11

minions_pre:

minions_rejected:

-F, –finger-all 打印所有key指纹：

C#

[root@localhost ~]# salt-key -F

Local Keys:

master.pem:  93:90:ce:9d:ed:5d:d0:8b:d5:48:e5:43:99:92:93:f9

master.pub:  9c:ad:e5:8c:cc:ba:49:62:d8:55:83:ad:b9:68:08:ff