Home Explore Help
Register Sign In
nee2c
/
salt
mirror of https://github.com/nee2c/salt.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
salt
/
doc
/
man
/
salt-key.1

salt-key.1 8.5 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335 
  1. .\" Man page generated from reStructuredText.
    2. 

  2. .
    3. 

  3. .TH "SALT-KEY" "1" "Nov 14, 2020" "3002.2" "Salt"
    4. 

  4. .SH NAME
    5. 

  5. salt-key \- salt-key Documentation
    6. 

  6. .
    7. 

  7. .nr rst2man-indent-level 0
    8. 

  8. .
    9. 

  9. .de1 rstReportMargin
    10. 

  10. \\$1 \\n[an-margin]
    11. 

  11. level \\n[rst2man-indent-level]
    12. 

  12. level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
    13. 

  13. -
    14. 

  14. \\n[rst2man-indent0]
    15. 

  15. \\n[rst2man-indent1]
    16. 

  16. \\n[rst2man-indent2]
    17. 

  17. ..
    18. 

  18. .de1 INDENT
    19. 

  19. .\" .rstReportMargin pre:
    20. 

  20. . RS \\$1
    21. 

  21. . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
    22. 

  22. . nr rst2man-indent-level +1
    23. 

  23. .\" .rstReportMargin post:
    24. 

  24. ..
    25. 

  25. .de UNINDENT
    26. 

  26. . RE
    27. 

  27. .\" indent \\n[an-margin]
    28. 

  28. .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
    29. 

  29. .nr rst2man-indent-level -1
    30. 

  30. .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
    31. 

  31. .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
    32. 

  32. ..
    33. 

  33. .SH SYNOPSIS
    34. 

  34. .INDENT 0.0
    35. 

  35. .INDENT 3.5
    36. 

  36. .sp
    37. 

  37. .nf
    38. 

  38. .ft C
    39. 

  39. salt\-key [ options ]
    40. 

  40. .ft P
    41. 

  41. .fi
    42. 

  42. .UNINDENT
    43. 

  43. .UNINDENT
    44. 

  44. .SH DESCRIPTION
    45. 

  45. .sp
    46. 

  46. Salt\-key executes simple management of Salt server public keys used for
    47. 

  47. authentication.
    48. 

  48. .sp
    49. 

  49. On initial connection, a Salt minion sends its public key to the Salt
    50. 

  50. master. This key must be accepted using the \fBsalt\-key\fP command on the
    51. 

  51. Salt master.
    52. 

  52. .sp
    53. 

  53. Salt minion keys can be in one of the following states:
    54. 

  54. .INDENT 0.0
    55. 

  55. .IP \(bu 2
    56. 

  56. \fBunaccepted\fP: key is waiting to be accepted.
    57. 

  57. .IP \(bu 2
    58. 

  58. \fBaccepted\fP: key was accepted and the minion can communicate with the Salt
    59. 

  59. master.
    60. 

  60. .IP \(bu 2
    61. 

  61. \fBrejected\fP: key was rejected using the \fBsalt\-key\fP command. In
    62. 

  62. this state the minion does not receive any communication from the Salt
    63. 

  63. master.
    64. 

  64. .IP \(bu 2
    65. 

  65. \fBdenied\fP: key was rejected automatically by the Salt master.
    66. 

  66. This occurs when a minion has a duplicate ID, or when a minion was rebuilt or
    67. 

  67. had new keys generated and the previous key was not deleted from the Salt
    68. 

  68. master. In this state the minion does not receive any communication from the
    69. 

  69. Salt master.
    70. 

  70. .UNINDENT
    71. 

  71. .sp
    72. 

  72. To change the state of a minion key, use \fB\-d\fP to delete the key and then
    73. 

  73. accept or reject the key.
    74. 

  74. .SH OPTIONS
    75. 

  75. .INDENT 0.0
    76. 

  76. .TP
    77. 

  77. .B \-\-version
    78. 

  78. Print the version of Salt that is running.
    79. 

  79. .UNINDENT
    80. 

  80. .INDENT 0.0
    81. 

  81. .TP
    82. 

  82. .B \-\-versions\-report
    83. 

  83. Show program\(aqs dependencies and version number, and then exit
    84. 

  84. .UNINDENT
    85. 

  85. .INDENT 0.0
    86. 

  86. .TP
    87. 

  87. .B \-h, \-\-help
    88. 

  88. Show the help message and exit
    89. 

  89. .UNINDENT
    90. 

  90. .INDENT 0.0
    91. 

  91. .TP
    92. 

  92. .B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
    93. 

  93. The location of the Salt configuration directory. This directory contains
    94. 

  94. the configuration files for Salt master and minions. The default location
    95. 

  95. on most systems is \fB/etc/salt\fP\&.
    96. 

  96. .UNINDENT
    97. 

  97. .INDENT 0.0
    98. 

  98. .TP
    99. 

  99. .B \-u USER, \-\-user=USER
    100. 

  100. Specify user to run salt\-key
    101. 

  101. .UNINDENT
    102. 

  102. .INDENT 0.0
    103. 

  103. .TP
    104. 

  104. .B \-\-hard\-crash
    105. 

  105. Raise any original exception rather than exiting gracefully. Default is
    106. 

  106. False.
    107. 

  107. .UNINDENT
    108. 

  108. .INDENT 0.0
    109. 

  109. .TP
    110. 

  110. .B \-q, \-\-quiet
    111. 

  111. Suppress output
    112. 

  112. .UNINDENT
    113. 

  113. .INDENT 0.0
    114. 

  114. .TP
    115. 

  115. .B \-y, \-\-yes
    116. 

  116. Answer \(aqYes\(aq to all questions presented, defaults to False
    117. 

  117. .UNINDENT
    118. 

  118. .INDENT 0.0
    119. 

  119. .TP
    120. 

  120. .B \-\-rotate\-aes\-key=ROTATE_AES_KEY
    121. 

  121. Setting this to False prevents the master from refreshing the key session
    122. 

  122. when keys are deleted or rejected, this lowers the security of the key
    123. 

  123. deletion/rejection operation. Default is True.
    124. 

  124. .UNINDENT
    125. 

  125. .SS Logging Options
    126. 

  126. .sp
    127. 

  127. Logging options which override any settings defined on the configuration files.
    128. 

  128. .INDENT 0.0
    129. 

  129. .TP
    130. 

  130. .B \-\-log\-file=LOG_FILE
    131. 

  131. Log file path. Default: /var/log/salt/minion\&.
    132. 

  132. .UNINDENT
    133. 

  133. .INDENT 0.0
    134. 

  134. .TP
    135. 

  135. .B \-\-log\-file\-level=LOG_LEVEL_LOGFILE
    136. 

  136. Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
    137. 

  137. \fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default:
    138. 

  138. \fBwarning\fP\&.
    139. 

  139. .UNINDENT
    140. 

  140. .SS Output Options
    141. 

  141. .INDENT 0.0
    142. 

  142. .TP
    143. 

  143. .B \-\-out
    144. 

  144. Pass in an alternative outputter to display the return of data. This
    145. 

  145. outputter can be any of the available outputters:
    146. 

  146. .INDENT 7.0
    147. 

  147. .INDENT 3.5
    148. 

  148. \fBhighstate\fP, \fBjson\fP, \fBkey\fP, \fBoverstatestage\fP, \fBpprint\fP, \fBraw\fP, \fBtxt\fP, \fByaml\fP, and many others\&.
    149. 

  149. .UNINDENT
    150. 

  150. .UNINDENT
    151. 

  151. .sp
    152. 

  152. Some outputters are formatted only for data returned from specific functions.
    153. 

  153. If an outputter is used that does not support the data passed into it, then
    154. 

  154. Salt will fall back on the \fBpprint\fP outputter and display the return data
    155. 

  155. using the Python \fBpprint\fP standard library module.
    156. 

  156. .UNINDENT
    157. 

  157. .INDENT 0.0
    158. 

  158. .TP
    159. 

  159. .B \-\-out\-indent OUTPUT_INDENT, \-\-output\-indent OUTPUT_INDENT
    160. 

  160. Print the output indented by the provided value in spaces. Negative values
    161. 

  161. disable indentation. Only applicable in outputters that support
    162. 

  162. indentation.
    163. 

  163. .UNINDENT
    164. 

  164. .INDENT 0.0
    165. 

  165. .TP
    166. 

  166. .B \-\-out\-file=OUTPUT_FILE, \-\-output\-file=OUTPUT_FILE
    167. 

  167. Write the output to the specified file.
    168. 

  168. .UNINDENT
    169. 

  169. .INDENT 0.0
    170. 

  170. .TP
    171. 

  171. .B \-\-out\-file\-append, \-\-output\-file\-append
    172. 

  172. Append the output to the specified file.
    173. 

  173. .UNINDENT
    174. 

  174. .INDENT 0.0
    175. 

  175. .TP
    176. 

  176. .B \-\-no\-color
    177. 

  177. Disable all colored output
    178. 

  178. .UNINDENT
    179. 

  179. .INDENT 0.0
    180. 

  180. .TP
    181. 

  181. .B \-\-force\-color
    182. 

  182. Force colored output
    183. 

  183. .sp
    184. 

  184. \fBNOTE:\fP
    185. 

  185. .INDENT 7.0
    186. 

  186. .INDENT 3.5
    187. 

  187. When using colored output the color codes are as follows:
    188. 

  188. .sp
    189. 

  189. \fBgreen\fP denotes success, \fBred\fP denotes failure, \fBblue\fP denotes
    190. 

  190. changes and success and \fByellow\fP denotes a expected future change in configuration.
    191. 

  191. .UNINDENT
    192. 

  192. .UNINDENT
    193. 

  193. .UNINDENT
    194. 

  194. .INDENT 0.0
    195. 

  195. .TP
    196. 

  196. .B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
    197. 

  197. Override the configured state_output value for minion
    198. 

  198. output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
    199. 

  199. \(aqfilter\(aq. Default: \(aqnone\(aq.
    200. 

  200. .UNINDENT
    201. 

  201. .INDENT 0.0
    202. 

  202. .TP
    203. 

  203. .B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
    204. 

  204. Override the configured state_verbose value for minion
    205. 

  205. output. Set to True or False. Default: none.
    206. 

  206. .UNINDENT
    207. 

  207. .SS Actions
    208. 

  208. .INDENT 0.0
    209. 

  209. .TP
    210. 

  210. .B \-l ARG, \-\-list=ARG
    211. 

  211. List the public keys. The args \fBpre\fP, \fBun\fP, and \fBunaccepted\fP will
    212. 

  212. list unaccepted/unsigned keys. \fBacc\fP or \fBaccepted\fP will list
    213. 

  213. accepted/signed keys. \fBrej\fP or \fBrejected\fP will list rejected keys.
    214. 

  214. Finally, \fBall\fP will list all keys.
    215. 

  215. .UNINDENT
    216. 

  216. .INDENT 0.0
    217. 

  217. .TP
    218. 

  218. .B \-L, \-\-list\-all
    219. 

  219. List all public keys. (Deprecated: use \fB\-\-list all\fP)
    220. 

  220. .UNINDENT
    221. 

  221. .INDENT 0.0
    222. 

  222. .TP
    223. 

  223. .B \-a ACCEPT, \-\-accept=ACCEPT
    224. 

  224. Accept the specified public key (use \-\-include\-all to match rejected keys
    225. 

  225. in addition to pending keys). Globs are supported.
    226. 

  226. .UNINDENT
    227. 

  227. .INDENT 0.0
    228. 

  228. .TP
    229. 

  229. .B \-A, \-\-accept\-all
    230. 

  230. Accepts all pending keys.
    231. 

  231. .UNINDENT
    232. 

  232. .INDENT 0.0
    233. 

  233. .TP
    234. 

  234. .B \-r REJECT, \-\-reject=REJECT
    235. 

  235. Reject the specified public key (use \-\-include\-all to match accepted keys
    236. 

  236. in addition to pending keys). Globs are supported.
    237. 

  237. .UNINDENT
    238. 

  238. .INDENT 0.0
    239. 

  239. .TP
    240. 

  240. .B \-R, \-\-reject\-all
    241. 

  241. Rejects all pending keys.
    242. 

  242. .UNINDENT
    243. 

  243. .INDENT 0.0
    244. 

  244. .TP
    245. 

  245. .B \-\-include\-all
    246. 

  246. Include non\-pending keys when accepting/rejecting.
    247. 

  247. .UNINDENT
    248. 

  248. .INDENT 0.0
    249. 

  249. .TP
    250. 

  250. .B \-p PRINT, \-\-print=PRINT
    251. 

  251. Print the specified public key.
    252. 

  252. .UNINDENT
    253. 

  253. .INDENT 0.0
    254. 

  254. .TP
    255. 

  255. .B \-P, \-\-print\-all
    256. 

  256. Print all public keys
    257. 

  257. .UNINDENT
    258. 

  258. .INDENT 0.0
    259. 

  259. .TP
    260. 

  260. .B \-d DELETE, \-\-delete=DELETE
    261. 

  261. Delete the specified key. Globs are supported.
    262. 

  262. .UNINDENT
    263. 

  263. .INDENT 0.0
    264. 

  264. .TP
    265. 

  265. .B \-D, \-\-delete\-all
    266. 

  266. Delete all keys.
    267. 

  267. .UNINDENT
    268. 

  268. .INDENT 0.0
    269. 

  269. .TP
    270. 

  270. .B \-f FINGER, \-\-finger=FINGER
    271. 

  271. Print the specified key\(aqs fingerprint.
    272. 

  272. .UNINDENT
    273. 

  273. .INDENT 0.0
    274. 

  274. .TP
    275. 

  275. .B \-F, \-\-finger\-all
    276. 

  276. Print all keys\(aq fingerprints.
    277. 

  277. .UNINDENT
    278. 

  278. .SS Key Generation Options
    279. 

  279. .INDENT 0.0
    280. 

  280. .TP
    281. 

  281. .B \-\-gen\-keys=GEN_KEYS
    282. 

  282. Set a name to generate a keypair for use with salt
    283. 

  283. .UNINDENT
    284. 

  284. .INDENT 0.0
    285. 

  285. .TP
    286. 

  286. .B \-\-gen\-keys\-dir=GEN_KEYS_DIR
    287. 

  287. Set the directory to save the generated keypair.  Only works
    288. 

  288. with \(aqgen_keys_dir\(aq option; default is the current directory.
    289. 

  289. .UNINDENT
    290. 

  290. .INDENT 0.0
    291. 

  291. .TP
    292. 

  292. .B \-\-keysize=KEYSIZE
    293. 

  293. Set the keysize for the generated key, only works with
    294. 

  294. the \(aq\-\-gen\-keys\(aq option, the key size must be 2048 or
    295. 

  295. higher, otherwise it will be rounded up to 2048. The
    296. 

  296. default is 2048.
    297. 

  297. .UNINDENT
    298. 

  298. .INDENT 0.0
    299. 

  299. .TP
    300. 

  300. .B \-\-gen\-signature
    301. 

  301. Create a signature file of the master\(aqs public\-key named
    302. 

  302. master_pubkey_signature. The signature can be sent to a minion in the
    303. 

  303. master\(aqs auth\-reply and enables the minion to verify the master\(aqs public\-key
    304. 

  304. cryptographically. This requires a new signing\-key\-pair which can be
    305. 

  305. auto\-created with the \-\-auto\-create parameter.
    306. 

  306. .UNINDENT
    307. 

  307. .INDENT 0.0
    308. 

  308. .TP
    309. 

  309. .B \-\-priv=PRIV
    310. 

  310. The private\-key file to create a signature with
    311. 

  311. .UNINDENT
    312. 

  312. .INDENT 0.0
    313. 

  313. .TP
    314. 

  314. .B \-\-signature\-path=SIGNATURE_PATH
    315. 

  315. The path where the signature file should be written
    316. 

  316. .UNINDENT
    317. 

  317. .INDENT 0.0
    318. 

  318. .TP
    319. 

  319. .B \-\-pub=PUB
    320. 

  320. The public\-key file to create a signature for
    321. 

  321. .UNINDENT
    322. 

  322. .INDENT 0.0
    323. 

  323. .TP
    324. 

  324. .B \-\-auto\-create
    325. 

  325. Auto\-create a signing key\-pair if it does not yet exist
    326. 

  326. .UNINDENT
    327. 

  327. .SH SEE ALSO
    328. 

  328. .sp
    329. 

  329. \fBsalt(7)\fP
    330. 

  330. \fBsalt\-master(1)\fP
    331. 

  331. \fBsalt\-minion(1)\fP
    332. 

  332. .SH AUTHOR
    333. 

  333. Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
    334. 

  334. .\" Generated by docutils manpage writer.
    335. 

  335. .
    336.