openstack
/
openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/cli-reference/source/keystone.rst

956 lines
19 KiB
ReStructuredText
Raw Blame History

.. ## WARNING ######################################
.. This file is automatically generated, do not edit
.. #################################################
====================================
Identity service command-line client
====================================
.. warning::
The keystone CLI is deprecated
in favor of python-openstackclient.
For more information, see :doc:`openstack`.
For a Python library, continue using
python-keystoneclient.
The keystone client is the command-line interface (CLI) for
the Identity service API and its extensions.
This chapter documents :command:`keystone` version ``2.0.0``.
For help on a specific :command:`keystone` command, enter:
.. code-block:: console
$ keystone help COMMAND
.. _keystone_command_usage:
keystone usage
~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone [--version] [--debug] [--os-username <auth-user-name>]
[--os-password <auth-password>]
[--os-tenant-name <auth-tenant-name>]
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
[--os-region-name <region-name>]
[--os-identity-api-version <identity-api-version>]
[--os-token <service-token>]
[--os-endpoint <service-endpoint>] [--os-cache]
[--force-new-token] [--stale-duration <seconds>] [--insecure]
[--os-cacert <ca-certificate>] [--os-cert <certificate>]
[--os-key <key>] [--timeout <seconds>]
<subcommand> ...
Subcommands
-----------
``catalog``
List service catalog, possibly filtered by
service.
``ec2-credentials-create``
Create EC2-compatible credentials for user per
tenant.
``ec2-credentials-delete``
Delete EC2-compatible credentials.
``ec2-credentials-get``
Display EC2-compatible credentials.
``ec2-credentials-list``
List EC2-compatible credentials for a user.
``endpoint-create``
Create a new endpoint associated with a service.
``endpoint-delete``
Delete a service endpoint.
``endpoint-get``
Find endpoint filtered by a specific attribute or
service type.
``endpoint-list``
List configured service endpoints.
``password-update``
Update own password.
``role-create``
Create new role.
``role-delete``
Delete role.
``role-get``
Display role details.
``role-list``
List all roles.
``service-create``
Add service to Service Catalog.
``service-delete``
Delete service from Service Catalog.
``service-get``
Display service from Service Catalog.
``service-list``
List all services in Service Catalog.
``tenant-create``
Create new tenant.
``tenant-delete``
Delete tenant.
``tenant-get``
Display tenant details.
``tenant-list``
List all tenants.
``tenant-update``
Update tenant name, description, enabled status.
``token-get``
Display the current user token.
``user-create``
Create new user.
``user-delete``
Delete user.
``user-get``
Display user details.
``user-list``
List users.
``user-password-update``
Update user password.
``user-role-add``
Add role to user.
``user-role-list``
List roles granted to a user.
``user-role-remove``
Remove role from user.
``user-update``
Update user's name, email, and enabled status.
``discover``
Discover Keystone servers, supported API versions
and extensions.
``bootstrap``
Grants a new role to a new user on a new tenant,
after creating each.
``bash-completion``
Prints all of the commands and options to stdout.
``help``
Display help about this program or one of its
subcommands.
.. _keystone_command_options:
keystone optional arguments
~~~~~~~~~~~~~~~~~~~~~~~~~~~
``--version``
Shows the client version and exits.
``--debug``
Prints debugging output onto the console, this
includes the curl request and response calls.
Helpful for debugging and understanding the API
calls.
``--os-username <auth-user-name>``
Name used for authentication with the OpenStack
Identity service. Defaults to ``env[OS_USERNAME]``.
``--os-password <auth-password>``
Password used for authentication with the
OpenStack Identity service. Defaults to
``env[OS_PASSWORD]``.
``--os-tenant-name <auth-tenant-name>``
Tenant to request authorization on. Defaults to
``env[OS_TENANT_NAME]``.
``--os-tenant-id <tenant-id>``
Tenant to request authorization on. Defaults to
``env[OS_TENANT_ID]``.
``--os-auth-url <auth-url>``
Specify the Identity endpoint to use for
authentication. Defaults to ``env[OS_AUTH_URL]``.
``--os-region-name <region-name>``
Specify the region to use. Defaults to
``env[OS_REGION_NAME]``.
``--os-identity-api-version <identity-api-version>``
Specify Identity API version to use. Defaults to
``env[OS_IDENTITY_API_VERSION]`` or 2.0.
``--os-token <service-token>``
Specify an existing token to use instead of
retrieving one via authentication (e.g. with
username & password). Defaults to
``env[OS_SERVICE_TOKEN]``.
``--os-endpoint <service-endpoint>``
Specify an endpoint to use instead of retrieving
one from the service catalog (via authentication).
Defaults to ``env[OS_SERVICE_ENDPOINT]``.
``--os-cache``
Use the auth token cache. Defaults to
``env[OS_CACHE]``.
``--force-new-token``
If the keyring is available and in use, token will
always be stored and fetched from the keyring
until the token has expired. Use this option to
request a new token and replace the existing one
in the keyring.
``--stale-duration <seconds>``
Stale duration (in seconds) used to determine
whether a token has expired when retrieving it
from keyring. This is useful in mitigating process
or network delays. Default is 30 seconds.
``--insecure``
Explicitly allow client to perform "insecure" TLS
(https) requests. The server's certificate will
not be verified against any certificate
authorities. This option should be used with
caution.
``--os-cacert <ca-certificate>``
Specify a CA bundle file to use in verifying a TLS
(https) server certificate. Defaults to
``env[OS_CACERT]``.
``--os-cert <certificate>``
Defaults to ``env[OS_CERT]``.
``--os-key <key>``
Defaults to ``env[OS_KEY]``.
``--timeout <seconds>``
Set request timeout (in seconds).
.. _keystone_bootstrap:
keystone bootstrap
~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone bootstrap [--user-name <user-name>] --pass <password>
[--role-name <role-name>]
[--tenant-name <tenant-name>]
Grants a new role to a new user on a new tenant, after creating each.
Arguments
---------
``--user-name <user-name>``
The name of the user to be created (default="admin").
``--pass <password>``
The password for the new user.
``--role-name <role-name>``
The name of the role to be created and granted to the
user (default="admin").
``--tenant-name <tenant-name>``
The name of the tenant to be created
(default="admin").
.. _keystone_catalog:
keystone catalog
~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone catalog [--service <service-type>]
List service catalog, possibly filtered by service.
Arguments
---------
``--service <service-type>``
Service type to return.
.. _keystone_discover:
keystone discover
~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone discover
Discover Keystone servers, supported API versions and extensions.
.. _keystone_ec2-credentials-create:
keystone ec2-credentials-create
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone ec2-credentials-create [--user-id <user-id>]
[--tenant-id <tenant-id>]
Create EC2-compatible credentials for user per tenant.
Arguments
---------
``--user-id <user-id>``
User ID for which to create credentials. If not
specified, the authenticated user will be used.
``--tenant-id <tenant-id>``
Tenant ID for which to create credentials. If not
specified, the authenticated tenant ID will be used.
.. _keystone_ec2-credentials-delete:
keystone ec2-credentials-delete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone ec2-credentials-delete [--user-id <user-id>] --access
<access-key>
Delete EC2-compatible credentials.
Arguments
---------
``--user-id <user-id>``
User ID.
``--access <access-key>``
Access Key.
.. _keystone_ec2-credentials-get:
keystone ec2-credentials-get
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone ec2-credentials-get [--user-id <user-id>] --access
<access-key>
Display EC2-compatible credentials.
Arguments
---------
``--user-id <user-id>``
User ID.
``--access <access-key>``
Access Key.
.. _keystone_ec2-credentials-list:
keystone ec2-credentials-list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone ec2-credentials-list [--user-id <user-id>]
List EC2-compatible credentials for a user.
Arguments
---------
``--user-id <user-id>``
User ID.
.. _keystone_endpoint-create:
keystone endpoint-create
~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone endpoint-create [--region <endpoint-region>] --service
<service> --publicurl <public-url>
[--adminurl <admin-url>]
[--internalurl <internal-url>]
Create a new endpoint associated with a service.
Arguments
---------
``--region <endpoint-region>``
Endpoint region.
``--service <service>, --service-id <service>, --service_id <service>``
Name or ID of service associated with endpoint.
``--publicurl <public-url>``
Public URL endpoint.
``--adminurl <admin-url>``
Admin URL endpoint.
``--internalurl <internal-url>``
Internal URL endpoint.
.. _keystone_endpoint-delete:
keystone endpoint-delete
~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone endpoint-delete <endpoint-id>
Delete a service endpoint.
Arguments
---------
``<endpoint-id>``
ID of endpoint to delete.
.. _keystone_endpoint-get:
keystone endpoint-get
~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone endpoint-get --service <service-type>
[--endpoint-type <endpoint-type>]
[--attr <service-attribute>] [--value <value>]
Find endpoint filtered by a specific attribute or service type.
Arguments
---------
``--service <service-type>``
Service type to select.
``--endpoint-type <endpoint-type>``
Endpoint type to select.
``--attr <service-attribute>``
Service attribute to match for selection.
``--value <value>``
Value of attribute to match.
.. _keystone_endpoint-list:
keystone endpoint-list
~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone endpoint-list
List configured service endpoints.
.. _keystone_password-update:
keystone password-update
~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone password-update [--current-password <current-password>]
[--new-password <new-password>]
Update own password.
Arguments
---------
``--current-password <current-password>``
Current password, Defaults to the password as set by
:option:`--os-password` or ``env[OS_PASSWORD]``.
``--new-password <new-password>``
Desired new password.
.. _keystone_role-create:
keystone role-create
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone role-create --name <role-name>
Create new role.
Arguments
---------
``--name <role-name>``
Name of new role.
.. _keystone_role-delete:
keystone role-delete
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone role-delete <role>
Delete role.
Arguments
---------
``<role>``
Name or ID of role to delete.
.. _keystone_role-get:
keystone role-get
~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone role-get <role>
Display role details.
Arguments
---------
``<role>``
Name or ID of role to display.
.. _keystone_role-list:
keystone role-list
~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone role-list
List all roles.
.. _keystone_service-create:
keystone service-create
~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone service-create --type <type> [--name <name>]
[--description <service-description>]
Add service to Service Catalog.
Arguments
---------
``--type <type>``
Service type (one of: identity, compute, network,
image, object-store, or other service identifier
string).
``--name <name>``
Name of new service (must be unique).
``--description <service-description>``
Description of service.
.. _keystone_service-delete:
keystone service-delete
~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone service-delete <service>
Delete service from Service Catalog.
Arguments
---------
``<service>``
Name or ID of service to delete.
.. _keystone_service-get:
keystone service-get
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone service-get <service>
Display service from Service Catalog.
Arguments
---------
``<service>``
Name or ID of service to display.
.. _keystone_service-list:
keystone service-list
~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone service-list
List all services in Service Catalog.
.. _keystone_tenant-create:
keystone tenant-create
~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone tenant-create --name <tenant-name>
[--description <tenant-description>]
[--enabled <true|false>]
Create new tenant.
Arguments
---------
``--name <tenant-name>``
New tenant name (must be unique).
``--description <tenant-description>``
Description of new tenant. Default is none.
``--enabled <true|false>``
Initial tenant enabled status. Default is true.
.. _keystone_tenant-delete:
keystone tenant-delete
~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone tenant-delete <tenant>
Delete tenant.
Arguments
---------
``<tenant>``
Name or ID of tenant to delete.
.. _keystone_tenant-get:
keystone tenant-get
~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone tenant-get <tenant>
Display tenant details.
Arguments
---------
``<tenant>``
Name or ID of tenant to display.
.. _keystone_tenant-list:
keystone tenant-list
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone tenant-list
List all tenants.
.. _keystone_tenant-update:
keystone tenant-update
~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone tenant-update [--name <tenant_name>]
[--description <tenant-description>]
[--enabled <true|false>]
<tenant>
Update tenant name, description, enabled status.
Arguments
---------
``--name <tenant_name>``
Desired new name of tenant.
``--description <tenant-description>``
Desired new description of tenant.
``--enabled <true|false>``
Enable or disable tenant.
``<tenant>``
Name or ID of tenant to update.
.. _keystone_token-get:
keystone token-get
~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone token-get [--wrap <integer>]
Display the current user token.
Arguments
---------
``--wrap <integer>``
Wrap PKI tokens to a specified length, or 0 to disable.
.. _keystone_user-create:
keystone user-create
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-create --name <user-name> [--tenant <tenant>]
[--pass [<pass>]] [--email <email>]
[--enabled <true|false>]
Create new user.
Arguments
---------
``--name <user-name>``
New user name (must be unique).
``--tenant <tenant>, --tenant-id <tenant>``
New user default tenant.
``--pass [<pass>]``
New user password; required for some auth backends.
``--email <email>``
New user email address.
``--enabled <true|false>``
Initial user enabled status. Default is true.
.. _keystone_user-delete:
keystone user-delete
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-delete <user>
Delete user.
Arguments
---------
``<user>``
Name or ID of user to delete.
.. _keystone_user-get:
keystone user-get
~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-get <user>
Display user details.
Arguments
---------
``<user>``
Name or ID of user to display.
.. _keystone_user-list:
keystone user-list
~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-list [--tenant <tenant>]
List users.
Arguments
---------
``--tenant <tenant>, --tenant-id <tenant>``
Tenant; lists all users if not specified.
.. _keystone_user-password-update:
keystone user-password-update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-password-update [--pass <password>] <user>
Update user password.
Arguments
---------
``--pass <password>``
Desired new password.
``<user>``
Name or ID of user to update password.
.. _keystone_user-role-add:
keystone user-role-add
~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-role-add --user <user> --role <role> [--tenant <tenant>]
Add role to user.
Arguments
---------
``--user <user>, --user-id <user>, --user_id <user>``
Name or ID of user.
``--role <role>, --role-id <role>, --role_id <role>``
Name or ID of role.
``--tenant <tenant>, --tenant-id <tenant>``
Name or ID of tenant.
.. _keystone_user-role-list:
keystone user-role-list
~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-role-list [--user <user>] [--tenant <tenant>]
List roles granted to a user.
Arguments
---------
``--user <user>, --user-id <user>``
List roles granted to specified user.
``--tenant <tenant>, --tenant-id <tenant>``
List only roles granted on specified tenant.
.. _keystone_user-role-remove:
keystone user-role-remove
~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-role-remove --user <user> --role <role>
[--tenant <tenant>]
Remove role from user.
Arguments
---------
``--user <user>, --user-id <user>, --user_id <user>``
Name or ID of user.
``--role <role>, --role-id <role>, --role_id <role>``
Name or ID of role.
``--tenant <tenant>, --tenant-id <tenant>``
Name or ID of tenant.
.. _keystone_user-update:
keystone user-update
~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
usage: keystone user-update [--name <user-name>] [--email <email>]
[--enabled <true|false>]
<user>
Update user's name, email, and enabled status.
Arguments
---------
``--name <user-name>``
Desired new user name.
``--email <email>``
Desired new email address.
``--enabled <true|false>``
Enable or disable user.
``<user>``
Name or ID of user to update.
View Git Blame Copy Permalink