2014-06-30 21:04:53 +00:00
|
|
|
.\" Man page generated from reStructuredText.
|
|
|
|
.
|
|
|
|
.TH "SALT-KEY" "1" "January 02, 2014" "2014.1.0" "Salt"
|
2011-04-02 03:58:45 +00:00
|
|
|
.SH NAME
|
2011-05-30 22:24:23 +00:00
|
|
|
salt-key \- salt-key Documentation
|
|
|
|
.
|
|
|
|
.nr rst2man-indent-level 0
|
|
|
|
.
|
|
|
|
.de1 rstReportMargin
|
|
|
|
\\$1 \\n[an-margin]
|
|
|
|
level \\n[rst2man-indent-level]
|
|
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
|
-
|
|
|
|
\\n[rst2man-indent0]
|
|
|
|
\\n[rst2man-indent1]
|
|
|
|
\\n[rst2man-indent2]
|
|
|
|
..
|
|
|
|
.de1 INDENT
|
|
|
|
.\" .rstReportMargin pre:
|
|
|
|
. RS \\$1
|
|
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
|
|
. nr rst2man-indent-level +1
|
|
|
|
.\" .rstReportMargin post:
|
|
|
|
..
|
|
|
|
.de UNINDENT
|
|
|
|
. RE
|
|
|
|
.\" indent \\n[an-margin]
|
|
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
|
.nr rst2man-indent-level -1
|
|
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
|
|
..
|
2011-04-02 03:58:45 +00:00
|
|
|
.SH SYNOPSIS
|
2011-05-30 22:24:23 +00:00
|
|
|
.sp
|
|
|
|
salt\-key [ options ]
|
2011-04-02 03:58:45 +00:00
|
|
|
.SH DESCRIPTION
|
2011-05-30 22:24:23 +00:00
|
|
|
.sp
|
2012-05-23 04:43:12 +00:00
|
|
|
Salt\-key executes simple management of Salt server public keys used for
|
2011-05-30 22:24:23 +00:00
|
|
|
authentication.
|
2011-04-02 03:58:45 +00:00
|
|
|
.SH OPTIONS
|
2011-05-30 22:24:23 +00:00
|
|
|
.INDENT 0.0
|
2011-04-02 03:58:45 +00:00
|
|
|
.TP
|
2013-09-17 23:58:01 +00:00
|
|
|
.B \-\-version
|
|
|
|
Print the version of Salt that is running.
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-versions\-report
|
|
|
|
Show program\(aqs dependencies and version number, and then exit
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
2011-05-30 22:24:23 +00:00
|
|
|
.B \-h, \-\-help
|
2013-09-17 23:58:01 +00:00
|
|
|
Show the help message and exit
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
|
|
|
|
The location of the Salt configuration directory. This directory contains
|
|
|
|
the configuration files for Salt master and minions. The default location
|
2014-06-30 21:04:53 +00:00
|
|
|
on most systems is \fB/etc/salt\fP\&.
|
2011-05-30 22:24:23 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
2011-04-02 03:58:45 +00:00
|
|
|
.TP
|
2013-09-17 23:58:01 +00:00
|
|
|
.B \-q, \-\-quiet
|
|
|
|
Suppress output
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-y, \-\-yes
|
|
|
|
Answer \(aqYes\(aq to all questions presented, defaults to False
|
|
|
|
.UNINDENT
|
|
|
|
.SS Logging Options
|
|
|
|
.sp
|
|
|
|
Logging options which override any settings defined on the configuration files.
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-log\-file=LOG_FILE
|
2014-06-30 21:04:53 +00:00
|
|
|
Log file path. Default: /var/log/salt/minion\&.
|
2013-09-17 23:58:01 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-log\-file\-level=LOG_LEVEL_LOGFILE
|
|
|
|
Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
|
2014-06-30 21:04:53 +00:00
|
|
|
\fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default:
|
|
|
|
\fBwarning\fP\&.
|
2013-09-17 23:58:01 +00:00
|
|
|
.UNINDENT
|
|
|
|
.SS Output Options
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-out
|
|
|
|
Pass in an alternative outputter to display the return of data. This
|
|
|
|
outputter can be any of the available outputters:
|
|
|
|
.INDENT 7.0
|
|
|
|
.INDENT 3.5
|
|
|
|
\fBgrains\fP, \fBhighstate\fP, \fBjson\fP, \fBkey\fP, \fBoverstatestage\fP, \fBpprint\fP, \fBraw\fP, \fBtxt\fP, \fByaml\fP
|
|
|
|
.UNINDENT
|
|
|
|
.UNINDENT
|
|
|
|
.sp
|
|
|
|
Some outputters are formatted only for data returned from specific
|
|
|
|
functions; for instance, the \fBgrains\fP outputter will not work for non\-grains
|
|
|
|
data.
|
|
|
|
.sp
|
|
|
|
If an outputter is used that does not support the data passed into it, then
|
|
|
|
Salt will fall back on the \fBpprint\fP outputter and display the return data
|
|
|
|
using the Python \fBpprint\fP standard library module.
|
2014-06-30 21:04:53 +00:00
|
|
|
.sp
|
|
|
|
\fBNOTE:\fP
|
|
|
|
.INDENT 7.0
|
|
|
|
.INDENT 3.5
|
2013-09-17 23:58:01 +00:00
|
|
|
If using \fB\-\-out=json\fP, you will probably want \fB\-\-static\fP as well.
|
|
|
|
Without the static option, you will get a JSON string for each minion.
|
|
|
|
This is due to using an iterative outputter. So if you want to feed it
|
|
|
|
to a JSON parser, use \fB\-\-static\fP as well.
|
2014-06-30 21:04:53 +00:00
|
|
|
.UNINDENT
|
|
|
|
.UNINDENT
|
2013-09-17 23:58:01 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-out\-indent OUTPUT_INDENT, \-\-output\-indent OUTPUT_INDENT
|
|
|
|
Print the output indented by the provided value in spaces. Negative values
|
|
|
|
disable indentation. Only applicable in outputters that support
|
|
|
|
indentation.
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-out\-file=OUTPUT_FILE, \-\-output\-file=OUTPUT_FILE
|
|
|
|
Write the output to the specified file.
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-no\-color
|
|
|
|
Disable all colored output
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-force\-color
|
|
|
|
Force colored output
|
|
|
|
.UNINDENT
|
|
|
|
.SS Actions
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
2013-06-21 21:18:17 +00:00
|
|
|
.B \-l ARG, \-\-list=ARG
|
2014-01-02 19:54:34 +00:00
|
|
|
List the public keys. The args \fBpre\fP, \fBun\fP, and \fBunaccepted\fP will
|
|
|
|
list unaccepted/unsigned keys. \fBacc\fP or \fBaccepted\fP will list
|
|
|
|
accepted/signed keys. \fBrej\fP or \fBrejected\fP will list rejected keys.
|
|
|
|
Finally, \fBall\fP will list all keys.
|
2011-05-30 22:24:23 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
2011-04-02 03:58:45 +00:00
|
|
|
.TP
|
2011-05-30 22:24:23 +00:00
|
|
|
.B \-L, \-\-list\-all
|
2014-01-02 19:54:34 +00:00
|
|
|
List all public keys. (Deprecated: use \fB\-\-list all\fP)
|
2011-05-30 22:24:23 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
2011-04-02 03:58:45 +00:00
|
|
|
.TP
|
2011-05-30 22:24:23 +00:00
|
|
|
.B \-a ACCEPT, \-\-accept=ACCEPT
|
2014-01-02 19:54:34 +00:00
|
|
|
Accept the specified public key (use \-\-include\-all to match rejected keys
|
|
|
|
in addition to pending keys). Globs are supported.
|
2011-05-30 22:24:23 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
2011-04-02 03:58:45 +00:00
|
|
|
.TP
|
2011-05-30 22:24:23 +00:00
|
|
|
.B \-A, \-\-accept\-all
|
2014-01-02 19:54:34 +00:00
|
|
|
Accepts all pending keys.
|
2011-05-30 22:24:23 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
2011-04-02 03:58:45 +00:00
|
|
|
.TP
|
2012-02-15 16:54:37 +00:00
|
|
|
.B \-r REJECT, \-\-reject=REJECT
|
2014-01-02 19:54:34 +00:00
|
|
|
Reject the specified public key (use \-\-include\-all to match accepted keys
|
|
|
|
in addition to pending keys). Globs are supported.
|
2012-02-15 16:54:37 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-R, \-\-reject\-all
|
2014-01-02 19:54:34 +00:00
|
|
|
Rejects all pending keys.
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-include\-all
|
|
|
|
Include non\-pending keys when accepting/rejecting.
|
2012-03-19 19:02:36 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
2012-09-25 19:31:16 +00:00
|
|
|
.B \-p PRINT, \-\-print=PRINT
|
2014-01-02 19:54:34 +00:00
|
|
|
Print the specified public key.
|
2012-09-25 19:31:16 +00:00
|
|
|
.UNINDENT
|
2012-09-30 21:58:27 +00:00
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-P, \-\-print\-all
|
|
|
|
Print all public keys
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
2013-09-17 23:58:01 +00:00
|
|
|
.B \-d DELETE, \-\-delete=DELETE
|
2014-01-02 19:54:34 +00:00
|
|
|
Delete the specified key. Globs are supported.
|
2012-09-30 21:58:27 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
2013-09-17 23:58:01 +00:00
|
|
|
.B \-D, \-\-delete\-all
|
2014-01-02 19:54:34 +00:00
|
|
|
Delete all keys.
|
2013-09-17 23:58:01 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-f FINGER, \-\-finger=FINGER
|
2014-01-02 19:54:34 +00:00
|
|
|
Print the specified key\(aqs fingerprint.
|
2012-09-30 21:58:27 +00:00
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
2013-09-17 23:58:01 +00:00
|
|
|
.B \-F, \-\-finger\-all
|
2014-01-02 19:54:34 +00:00
|
|
|
Print all keys\(aq fingerprints.
|
2012-09-30 21:58:27 +00:00
|
|
|
.UNINDENT
|
2013-09-17 23:58:01 +00:00
|
|
|
.SS Key Generation Options
|
2012-09-30 21:58:27 +00:00
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-gen\-keys=GEN_KEYS
|
|
|
|
Set a name to generate a keypair for use with salt
|
|
|
|
.UNINDENT
|
2014-07-09 16:36:51 +00:00
|
|
|
|
2012-09-30 21:58:27 +00:00
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-gen\-keys\-dir=GEN_KEYS_DIR
|
|
|
|
Set the directory to save the generated keypair. Only works
|
|
|
|
with \(aqgen_keys_dir\(aq option; default is the current directory.
|
|
|
|
.UNINDENT
|
2014-07-09 16:36:51 +00:00
|
|
|
|
2012-09-30 21:58:27 +00:00
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-keysize=KEYSIZE
|
|
|
|
Set the keysize for the generated key, only works with
|
|
|
|
the \(aq\-\-gen\-keys\(aq option, the key size must be 2048 or
|
|
|
|
higher, otherwise it will be rounded up to 2048. The
|
|
|
|
default is 2048.
|
|
|
|
.UNINDENT
|
2014-07-09 16:36:51 +00:00
|
|
|
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-gen-signature
|
2014-07-10 09:33:39 +00:00
|
|
|
Generate the signature file named master_pubkey_signature for the
|
|
|
|
salt-masters public key. The signatur itself can be send to the
|
2014-07-09 16:36:51 +00:00
|
|
|
minions in auth-replies and enables the minions to verify
|
|
|
|
the salt-masters public-key cryptographically. This requires a new
|
|
|
|
signing-key-pair which can be auto-created with the --auto-create
|
|
|
|
parameter.
|
|
|
|
.UNINDENT
|
2014-07-10 09:33:39 +00:00
|
|
|
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-signature-path
|
|
|
|
Target path for the signature file (must already exist)
|
|
|
|
.UNINDENT
|
2014-07-09 16:36:51 +00:00
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-auto-create
|
|
|
|
Auto-Create a signing key-pair if it does not yet exist
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-pub=PUB
|
|
|
|
The path to the public-key file to generate a signature for
|
|
|
|
.UNINDENT
|
|
|
|
.INDENT 0.0
|
|
|
|
.TP
|
|
|
|
.B \-\-priv=PRIV
|
|
|
|
The path to the private-key file to generate a signature with
|
|
|
|
.UNINDENT
|
|
|
|
|
2014-07-10 09:33:39 +00:00
|
|
|
Example which will auto-create a default master_sign.* key-pair and
|
|
|
|
a signature file named master_pubkey_signature for an already
|
2014-07-09 16:36:51 +00:00
|
|
|
existing master.pub key
|
|
|
|
.INDENT 0.0
|
|
|
|
.INDENT 3.5
|
|
|
|
.sp
|
|
|
|
.nf
|
|
|
|
.ft C
|
|
|
|
salt-key --gen-signature --auto-create
|
|
|
|
.ft P
|
|
|
|
.fi
|
|
|
|
.UNINDENT
|
|
|
|
.UNINDENT
|
|
|
|
|
2014-07-10 09:33:39 +00:00
|
|
|
Example which will auto-create a new key-pair called signature.* and the
|
2014-07-09 16:36:51 +00:00
|
|
|
signature itself for an already existing master.pub
|
|
|
|
.INDENT 0.0
|
|
|
|
.INDENT 3.5
|
|
|
|
.sp
|
|
|
|
.nf
|
|
|
|
.ft C
|
|
|
|
salt-key --gen-signature --auto-create --key-pair signature
|
|
|
|
.UNINDENT
|
|
|
|
.UNINDENT
|
|
|
|
.ft P
|
|
|
|
.fi
|
|
|
|
|
|
|
|
Example with specific pub- and private key-files which creates the signature for
|
|
|
|
the given public key
|
|
|
|
.INDENT 0.0
|
|
|
|
.INDENT 3.5
|
|
|
|
.sp
|
|
|
|
.nf
|
|
|
|
.ft C
|
|
|
|
salt-key --gen-signature --pub /etc/salt/pki/master/master.pub --priv /root/signature.pem
|
|
|
|
.ft P
|
|
|
|
.fi
|
|
|
|
.UNINDENT
|
|
|
|
.UNINDENT
|
2012-12-14 13:50:47 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.sp
|
|
|
|
\fIsalt(7)\fP
|
|
|
|
\fIsalt\-master(1)\fP
|
|
|
|
\fIsalt\-minion(1)\fP
|
2011-05-30 22:24:23 +00:00
|
|
|
.SH AUTHOR
|
2012-07-28 00:04:56 +00:00
|
|
|
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
|
2011-05-30 22:24:23 +00:00
|
|
|
.SH COPYRIGHT
|
2014-06-30 21:04:53 +00:00
|
|
|
2013 SaltStack, Inc.
|
2011-05-30 22:24:23 +00:00
|
|
|
.\" Generated by docutils manpage writer.
|
|
|
|
.
|