设置用于客户端到主控端验证的指纹

在高度安全的网络配置中,您可能希望确保您的 Salt 客户端连接特定的主控端。要设置从客户端到主控端的验证,首先请在 Salt 受控端配置文件中输入主控端的指纹:

  • /etc/salt/minion.d/custom.conf in cases of using classic Salt minion in your client, or

  • /etc/venv-salt-minion/minion.d/custom.conf in case of using Salt Bundle in your client

然后按以下过程进行操作:

To access a shell inside the Server container run mgrctl term on the container host.

过程:将主控端的指纹添加到客户端
  1. On the master, at the command prompt, as root, use this command to find the master.pub fingerprint:

    salt-key -F master

    On your client, open the /etc/salt/minion.d/custom.conf or /etc/venv-salt-minion/minion.d/custom.conf configuration file. Add this line to enter the master’s fingerprint replacing the example fingerprint:

    master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
  2. 重启服务。对于 salt-minion,请运行:

    systemctl restart salt-minion
  3. 对于 venv-salt-minion,请运行:

    systemctl restart venv-salt-minion

有关 Salt 捆绑包的详细信息,请参见 Salt 捆绑包

有关从客户端配置安全性的信息,请参见 https://docs.saltproject.io/en/latest/ref/configuration/minion.html