Interpreting keystone command line tool (1) (updating)

This document introduces the keystone commands of the Icehouse release.
The keystone client command line provides a convenient tool for interacting with the keystone server, but the command line tool is gradually abandoned by the community:

"Pending deprecation: command-line interface to the openstack identity API. This CLI is pending deprecation in favor of Python-openstackclient. For a python library, continue using Python-keystoneclient ."

 

Usage
$ Keystone [-- version]
[-- Timeout <seconds>]
[-- OS-username <auth-user-Name>]
[-- OS-Password <Auth-Password>]
[-- OS-tenant-name <auth-tenant-Name>]
[-- OS-tenant-id <tenant-ID>]
[-- OS-auth-URL <auth-URL>]
[-- OS-region-name <region-Name>]
[-- OS-identity-API-version <identity-API-version>]
[-- OS-Token <service-Token>]
[-- OS-endpoint <service-endpoint>]
[-- OS-cacert <ca-certificate>]
[-- Insecure]
[-- OS-Cert <certificate>]
[-- OS-key <key>]
[-- OS-Cache]
[-- Force-New-Token]
[-- Stale-duration <seconds>]
　　

<Subcommand>...

 

Available sub-commands

Subcommands

 

Bash-completion // output all optional commands and options

Help [subcommand] // display the help of this program or sub-command

Discover // discover the address of the keystone server, supported APIs and extensions

Bootstrap // simple initialization. After creating a user, role, and tenant, assign the user to the tenant.

Catalog // display the available openstack service directory, possibly filtered by service.

 

Ec2-credentials-create // create EC2-compatible credentials for user per tenant.

Ec2-credentials-delete // Delete EC2-compatible credentials.

Ec2-credentials-get // display EC2-compatible credentials.

Ec2-credentials-list // list EC2-compatible credentials for a user.

 

Endpoint-create // create an endpoint

Endpoint-delete // delete a service endpoint.

Endpoint-Get // you can specify conditions to view an endpoint.

Endpoint-list // view all configured endpoints

 

Role-create // create a role

Role-delete // delete a role

Role-Get // display role details

Role-list // display all roles

 

Service-create // Add a service

Service-delete // delete a service

Service-Get // View Details of a service

Service-list // display all services

 

Tenant-create // create a project

Tenant-delete // delete a project

Tenant-Get // display details of a project

Tenant-list // list all projects

Tenant-update // update the project name, description, and activation status

 

User-create // create a user

User-delete // delete a user

User-Get // Display User details

User-list // display all users

User-role-add // Add a role for the user

User-role-list // display all roles owned by the user

User-role-Remove // delete a User Role

User-update // update the user name, email address, and activation status

User-password-update // update the password of any specified user

Password-update // update the password of the current user

 

Token-Get // display the current user token

 

 

Available options
-- Version

Display the current client version and exit

-- Timeout <seconds>

Set Request timeout (seconds)

-- OS-identity-API-version <identity-API-version>
Indicates that the default version of identity API to be used is the environment variable OS _identity_api_version or version 2.0.

-- OS-region-name <region-Name>

Indicates the region used. The default value is the environment variable OS _region_name.

 

User name + Password Logon Options

Environment variables can be set to each session using export, or a script can be written so that there is no need to repeatedly input a large number of duplicate content during each run.

-- OS-username <auth-user-Name>
The username used to log on to the openstack Identity Service. The default username is the environment variable OS _username.

-- OS-Password <Auth-Password>
Logon user password. The default value is the environment variable OS _password.

-- OS-tenant-name <auth-tenant-Name>
The name of the project to which the logon user belongs. The default value is the environment variable OS _tenant_name.

-- OS-tenant-id <tenant-ID>
The Project ID to which the logon user belongs. The default value is the environment variable OS _tenant_id.

-- OS-auth-URL <auth-URL>
The target keystone node for identity authentication. The default value is the environment variable OS _auth_url.

 

Token Logon Options

-- OS-Token <service-Token>
You have a token and select this token for identity authentication. You do not need to obtain the token again. The default value is the environment variable OS _service_token.

-- OS-endpoint <service-endpoint>
Specifies the object node for authentication. The default value is the environment variable OS _service_endpoint.

 

CA's own digital certificate + digital certificate issued by Ca + its own private key

-- OS-cacert <ca-certificate>

Specify a ca bundle file to use in verifying a TLS (https) server certificate. The default environment variable is OS _cacert.

-- OS-Cert <certificate>
The default value is the environment variable OS _cert.

-- OS-key <key>

The default value is the environment variable OS _key.

 

-- Insecure

Keystoneclient is explicitly allowed to perform "insecure" TLS (https) requests. keystoneclient does not verify the server certificate under this option and should be used with caution.

-- OS-Cache

Use auth token cache. The default environment variable is OS _cache.

-- Force-New-token

If the keyring is available and in use, token will always be stored and fetched from the keyring until the token has expired. Use this option to request
New token and replace the existing one in the keyring.

-- Stale-duration <seconds>
Stale duration (in seconds) used to determine whether a token has expired when retrieving it from keyring. This is useful in mitigating process or network delays. Default is 30 seconds.