salt-key:这里应该怎么讲呢,授权可能更合适一些,授权节点percona-node3:
[root@mysql_haproxy ~]#salt-key -a percona-node3
The following keys are going to be accepted:
Unaccepted Keys:
percona-node3
Proceed? [n/Y] y
Key for minion percona-node3 accepted.
[root@mysql_haproxy ~]# salt-key -L
Accepted Keys:
percona-node3
Unaccepted Keys:
Rejected Keys:
同理添加其他节点:
[root@mysql_haproxy ~]# salt-key -L
Accepted Keys:
percona-node1
percona-node2
percona-node3
Unaccepted Keys:
Rejected Keys:
操作
-l ARG, –list=ARG
显示某种类型公钥。参数”pre”,”un”和”unaccecpted”将显示不接受的/无符号的keys.”acc”或”accepted”将显示同意/有符号的keys.”rej”或者”rejected”将显示拒绝列表,最后”all”将显示所有keys。
# salt-key -l ‘pre‘
Unaccepted Keys:
YQD_2014_12_06_57_93
# salt-key -l ‘un‘
Unaccepted Keys:
YQD_2014_12_06_57_93
# salt-key -l ‘unaccecpted‘
Unaccepted Keys:
YQD_2014_12_06_57_93
# salt-key -l ‘acc‘
Accepted Keys:
YQD_2014_12_06_57_67
YQD_2014_12_06_57_68
YQD_2014_12_06_57_69
# salt-key -l ‘accepted‘
Accepted Keys:
YQD_2014_12_06_57_67
YQD_2014_12_06_57_68
YQD_2014_12_06_57_69
# salt-key -l ‘rej‘
Rejected Keys:
# salt-key -l ‘rejected‘
Rejected Keys:
-L, –list-all
在master上显示所有公钥: accepted, pending, and rejected.
# salt-key -L
Accepted Keys:
YQD_2014_12_06_57_67
YQD_2014_12_06_57_68
YQD_2014_12_06_57_69
Unaccepted Keys:
YQD_2014_12_06_57_93
Rejected Keys:
-a ACCEPT, –accept=ACCEPT
命令行执行接受minion名称的key
-A, –accept-all
接受所有等待的Key
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
YQD_2014_12_06_57_93
Proceed? [n/Y] y
Key for minion YQD_2014_12_06_57_93 accepted.
-r REJECT, –reject=REJECT
拒绝某个key,这个只能绝unaccepted keys里面的key,并不能拒绝accepted keys里面的key,如果匹配accepted keys里面的key,需要加上–include-all参数,同理想同意Rejected Keys里面的key也要下加这个参数,如下所示:
[root@localhost ~]# salt-key --include-all -r YQD_WS_NO_2_11
The following keys are going to be rejected:
Accepted Keys:
YQD_WS_NO_2_11
Proceed? [n/Y] y
Key for minion YQD_WS_NO_2_11 rejected.
[root@localhost ~]# salt-key
Accepted Keys:
Unaccepted Keys:
Rejected Keys:
YQD_WS_NO_2_11
[root@localhost ~]# salt-key --include-all -a YQD_WS_NO_2_11
The following keys are going to be accepted:
Rejected Keys:
YQD_WS_NO_2_11
Proceed? [n/Y] y
Key for minion YQD_WS_NO_2_11 accepted.
[root@localhost ~]# salt-key
Accepted Keys:
YQD_WS_NO_2_11
Unaccepted Keys:
Rejected Keys:
-R, –reject-all
拒绝所有等待的公钥
-p PRINT, –print=PRINT
打印指定的公钥
-P, –print-all
打印所有公钥
-d DELETE, –delete=DELETE
删除某个key
-D, –delete-all
删除所有key
# salt-key -D
The following keys are going to be deleted:
Accepted Keys:
YQD_2014_12_06_57_67
YQD_2014_12_06_57_68
YQD_2014_12_06_57_69
YQD_2014_12_06_57_93
Proceed? [N/y] n
-f FINGER, –finger=FINGER
打印指定key的指纹
# salt-key -f YQD_2014_12_06_57_68
Accepted Keys:
YQD_2014_12_06_57_68: 20:a5:f9:85:0b:3d:d7:ba:8f:98:7b:1d:53:fa:a2:2e
–out=OUTPUT, –output=OUTPUT
[root@localhost ~]# salt-key --out=yaml
minions:
- YQD_WS_NO_2_11
minions_pre: []
minions_rejected: []
[root@localhost ~]# salt-key --out=jeson
minions:
- YQD_WS_NO_2_11
minions_pre:
minions_rejected:
-F, –finger-all 打印所有key指纹:
C#
[root@localhost ~]# salt-key -F
Local Keys:
master.pem: 93:90:ce:9d:ed:5d:d0:8b:d5:48:e5:43:99:92:93:f9
master.pub: 9c:ad:e5:8c:cc:ba:49:62:d8:55:83:ad:b9:68:08:ff
Accepted Keys:
YQD_WS_NO_2_11: 6c:ce:46:30:a5:59:c2:7e:71:ce:64:80:24:46:4a:87
本文出自 “我的运维时光” 博客,请务必保留此出处http://aaronsa.blog.51cto.com/5157083/1742456
原文:http://aaronsa.blog.51cto.com/5157083/1742456