The keystone client is the command-line interface (CLI) for the OpenStack Identity API and its extensions.
For help on a specific keystone command, enter:
$ keystone help COMMAND
[--os-username <auth-user-name>]
[--os-password <auth-password>]
[--os-tenant-name <auth-tenant-name>]
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
[--os-region-name <region-name>]
[--os-identity-api-version <identity-api-version>]
[--os-token <service-token>]
[--os-endpoint <service-endpoint>]
[--os-cacert <ca-certificate>] [--insecure]
[--os-cert <certificate>] [--os-key <key>] [--os-cache]
[--force-new-token] [--stale-duration <seconds>]
<subcommand> ...
Command | Description |
catalog | List service catalog, possibly filtered by service. |
ec2-credentials-create | Create EC2-compatible credentials for user per tenant. |
ec2-credentials-delete | Delete EC2-compatible credentials. |
ec2-credentials-get | Display EC2-compatible credentials. |
ec2-credentials-list | List EC2-compatible credentials for a user |
password-update | Update own password. |
role-list | List all roles. |
token-get | Display the current user token. |
user-password-update | Update user password. |
user-update | Update user's name, email, and enabled status. |
discover | Discover Keystone servers, supported API versions and extensions. |
bash-completion | Prints all of the commands and options to stdout. |
help | Display help about this program or one of its subcommands. |
Command | Description |
--version | Shows the client version and exits |
--timeout <seconds> | Set request timeout (in seconds) |
--os-username <auth-user-name> | Name used for authentication with the OpenStack
Identity service. Defaults to env[OS_USERNAME] |
--os-password <auth-password> | Password used for authentication with the OpenStack
Identity service. Defaults to env[OS_PASSWORD] |
--os-tenant-name <auth-tenant-name> | Tenant to request authorization on. Defaults to env[OS_TENANT_NAME] |
--os-tenant-id <tenant-id> | Tenant to request authorization on. Defaults to env[OS_TENANT_ID] |
--os-auth-url <auth-url> | Specify the Identity endpoint to use for
authentication. Defaults to env[OS_AUTH_URL] |
--os-region-name <region-name> | Defaults to env[OS_REGION_NAME] |
--os-identity-api-version <identity-api-version> | Defaults to env[OS_IDENTITY_API_VERSION] or 2.0 |
--os-token <service-token> | Specify an existing token to use instead of retrieving
one via authentication (e.g. with username &
password). Defaults to env[OS_SERVICE_TOKEN] |
--os-endpoint <service-endpoint> | Specify an endpoint to use instead of retrieving one
from the service catalog (via authentication).
Defaults to env[OS_SERVICE_ENDPOINT] |
--os-cacert <ca-certificate> | Specify a CA bundle file to use in verifying a TLS
(https) server certificate. Defaults to env[OS_CACERT] |
--insecure | Explicitly allow keystoneclient to perform "insecure" TLS (https) requests. The server's certificate will not be verified against any certificate authorities. This option should be used with caution. |
--os-cert <certificate> | Defaults to env[OS_CERT] |
--os-key <key> | Defaults to env[OS_KEY] |
--os-cache | Use the auth token cache. Defaults to env[OS_CACHE] |
--force-new-token | If the keyring is available and in use, token will always be stored and fetched from the keyring until the token has expired. Use this option to request a new token and replace the existing one in the keyring. |
--stale-duration <seconds> | Stale duration (in seconds) used to determine whether a token has expired when retrieving it from keyring. This is useful in mitigating process or network delays. Default is 30 seconds. |
usage: keystone catalog [--service <service-type>]
List service catalog, possibly filtered by service.
Command | Description |
--service <service-type> | Service type to return |
usage: keystone discover
Discover Keystone servers, supported API versions and extensions. Usage:: $ keystone discover Keystone found at http://localhost:35357 - supports version v1.0 (DEPRECATED) here http://localhost:35357/v1.0 - supports version v1.1 (CURRENT) here http://localhost:35357/v1.1 - supports version v2.0 (CURRENT) here http://localhost:35357/v2.0 - and RAX-KSKEY: Rackspace API Key Authentication Admin Extension - and RAX-KSGRP: Rackspace Keystone Group Extensions
usage: keystone ec2-credentials-create [--user-id <user-id>]
[--tenant-id <tenant-id>]
Create EC2-compatible credentials for user per tenant.
Command | Description |
--user-id <user-id> | User ID |
--tenant-id <tenant-id> | Tenant ID |
usage: keystone ec2-credentials-delete [--user-id <user-id>] --access
<access-key>
Delete EC2-compatible credentials.
Command | Description |
--user-id <user-id> | User ID |
--access <access-key> | Access Key |
usage: keystone ec2-credentials-get [--user-id <user-id>] --access
<access-key>
Display EC2-compatible credentials.
Command | Description |
--user-id <user-id> | User ID |
--access <access-key> | Access Key |
usage: keystone ec2-credentials-list [--user-id <user-id>]
List EC2-compatible credentials for a user
Command | Description |
--user-id <user-id> | User ID |
usage: keystone password-update [--current-password <current-password>]
[--new-password <new-password>]
Update own password.
Command | Description |
--current-password <current-password> | Current password, Defaults to the password as set by --os-password or OS_PASSWORD |
--new-password <new-password> | Desired new password |
usage: keystone token-get [--wrap <integer>]
Display the current user token.
Command | Description |
--wrap <integer> | wrap PKI tokens to a specified length, or 0 to disable |
usage: keystone user-password-update [--pass <password>] <user>
Update user password.
Command | Description |
--pass <password> | Desired new password |
<user> | Name or ID of user to update password |
usage: keystone user-update [--name <user-name>] [--email <email>]
[--enabled <true|false>]
<user>
Update user's name, email, and enabled status.
Command | Description |
--name <user-name> | Desired new user name |
--email <email> | Desired new email address |
--enabled <true|false> | Enable or disable user |
<user> | Name or ID of user to update |
©2016 Idigital Internet Inc. All rights reserved, AURO is a registered trademark. Sitemap