f3bc4fdb51
Use new tool to autogenerate cli pages. Pages are created using current client git versions. Note that swift output looks a bit different since swift does not support "swift help subcommand". Change-Id: I1b44e188ea460c9ece973cd52443f5533f93e8b4
610 lines
24 KiB
XML
610 lines
24 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="keystoneclient_commands">
|
|
|
|
<!-- This file is automatically generated, do not edit -->
|
|
|
|
<?dbhtml stop-chunking?>
|
|
|
|
<title>keystone commands</title>
|
|
<para>The keystone client is the command-line interface (CLI) for the
|
|
OpenStack Identity API and its extensions.</para>
|
|
<para>For help on a specific <command>keystone</command>
|
|
command, enter:
|
|
</para>
|
|
<screen><prompt>$</prompt> <userinput><command>keystone</command> <option>help</option> <replaceable>COMMAND</replaceable></userinput></screen>
|
|
|
|
<section xml:id="keystoneclient_command_usage">
|
|
<title>keystone usage</title>
|
|
<screen><computeroutput> [--os-username <auth-user-name>]
|
|
[--os-password <auth-password>]
|
|
[--os-tenant-name <auth-tenant-name>]
|
|
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
|
|
[--os-region-name <region-name>]
|
|
[--os-identity-api-version <identity-api-version>]
|
|
[--os-token <service-token>]
|
|
[--os-endpoint <service-endpoint>]
|
|
[--os-cacert <ca-certificate>] [--insecure]
|
|
[--os-cert <certificate>] [--os-key <key>] [--os-cache]
|
|
[--force-new-token] [--stale-duration <seconds>]
|
|
<subcommand> ...</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_command_pos">
|
|
<title>keystone positional arguments</title>
|
|
<screen><computeroutput> <subcommand>
|
|
catalog List service catalog, possibly filtered by service.
|
|
ec2-credentials-create
|
|
Create EC2-compatible credentials for user per tenant.
|
|
ec2-credentials-delete
|
|
Delete EC2-compatible credentials.
|
|
ec2-credentials-get
|
|
Display EC2-compatible credentials.
|
|
ec2-credentials-list
|
|
List EC2-compatible credentials for a user
|
|
endpoint-create Create a new endpoint associated with a service.
|
|
endpoint-delete Delete a service endpoint.
|
|
endpoint-get Find endpoint filtered by a specific attribute or
|
|
service type.
|
|
endpoint-list List configured service endpoints.
|
|
password-update Update own password.
|
|
role-create Create new role.
|
|
role-delete Delete role.
|
|
role-get Display role details.
|
|
role-list List all roles.
|
|
service-create Add service to Service Catalog.
|
|
service-delete Delete service from Service Catalog.
|
|
service-get Display service from Service Catalog.
|
|
service-list List all services in Service Catalog.
|
|
tenant-create Create new tenant.
|
|
tenant-delete Delete tenant.
|
|
tenant-get Display tenant details.
|
|
tenant-list List all tenants.
|
|
tenant-update Update tenant name, description, enabled status.
|
|
token-get Display the current user token.
|
|
user-create Create new user
|
|
user-delete Delete user
|
|
user-get Display user details.
|
|
user-list List users.
|
|
user-password-update
|
|
Update user password.
|
|
user-role-add Add role to user
|
|
user-role-list List roles granted to a user
|
|
user-role-remove Remove role from user
|
|
user-update Update user's name, email, and enabled status.
|
|
discover Discover Keystone servers, supported API versions and
|
|
extensions.
|
|
bootstrap Grants a new role to a new user on a new tenant, after
|
|
creating each.
|
|
bash-completion Prints all of the commands and options to stdout.
|
|
help Display help about this program or one of its
|
|
subcommands.
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_command_optional">
|
|
<title>keystone optional arguments</title>
|
|
<screen><computeroutput> --version Shows the client version and exits
|
|
--timeout <seconds> Set request timeout (in seconds)
|
|
--os-username <auth-user-name>
|
|
Name used for authentication with the OpenStack
|
|
Identity service. Defaults to env[OS_USERNAME]
|
|
--os-password <auth-password>
|
|
Password used for authentication with the OpenStack
|
|
Identity service. Defaults to env[OS_PASSWORD]
|
|
--os-tenant-name <auth-tenant-name>
|
|
Tenant to request authorization on. Defaults to
|
|
env[OS_TENANT_NAME]
|
|
--os-tenant-id <tenant-id>
|
|
Tenant to request authorization on. Defaults to
|
|
env[OS_TENANT_ID]
|
|
--os-auth-url <auth-url>
|
|
Specify the Identity endpoint to use for
|
|
authentication. Defaults to env[OS_AUTH_URL]
|
|
--os-region-name <region-name>
|
|
Defaults to env[OS_REGION_NAME]
|
|
--os-identity-api-version <identity-api-version>
|
|
Defaults to env[OS_IDENTITY_API_VERSION] or 2.0
|
|
--os-token <service-token>
|
|
Specify an existing token to use instead of retrieving
|
|
one via authentication (e.g. with username &
|
|
password). Defaults to env[OS_SERVICE_TOKEN]
|
|
--os-endpoint <service-endpoint>
|
|
Specify an endpoint to use instead of retrieving one
|
|
from the service catalog (via authentication).
|
|
Defaults to env[OS_SERVICE_ENDPOINT]
|
|
--os-cacert <ca-certificate>
|
|
Specify a CA bundle file to use in verifying a TLS
|
|
(https) server certificate. Defaults to env[OS_CACERT]
|
|
--insecure Explicitly allow keystoneclient to perform "insecure"
|
|
TLS (https) requests. The server's certificate will
|
|
not be verified against any certificate authorities.
|
|
This option should be used with caution.
|
|
--os-cert <certificate>
|
|
Defaults to env[OS_CERT]
|
|
--os-key <key> Defaults to env[OS_KEY]
|
|
--os-cache Use the auth token cache. Defaults to env[OS_CACHE]
|
|
--force-new-token If the keyring is available and in use, token will
|
|
always be stored and fetched from the keyring until
|
|
the token has expired. Use this option to request a
|
|
new token and replace the existing one in the keyring.
|
|
--stale-duration <seconds>
|
|
Stale duration (in seconds) used to determine whether
|
|
a token has expired when retrieving it from keyring.
|
|
This is useful in mitigating process or network
|
|
delays. Default is 30 seconds.
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_bootstrap">
|
|
<title>keystone bootstrap command</title>
|
|
<screen><computeroutput>usage: keystone bootstrap [--user-name <user-name>] --pass <password>
|
|
[--role-name <role-name>]
|
|
[--tenant-name <tenant-name>]
|
|
|
|
Grants a new role to a new user on a new tenant, after creating each.
|
|
|
|
Arguments:
|
|
--user-name <user-name>
|
|
The name of the user to be created (default="admin").
|
|
--pass <password> The password for the new user.
|
|
--role-name <role-name>
|
|
The name of the role to be created and granted to the
|
|
user (default="admin").
|
|
--tenant-name <tenant-name>
|
|
The name of the tenant to be created
|
|
(default="admin").
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_catalog">
|
|
<title>keystone catalog command</title>
|
|
<screen><computeroutput>usage: keystone catalog [--service <service-type>]
|
|
|
|
List service catalog, possibly filtered by service.
|
|
|
|
Arguments:
|
|
--service <service-type>
|
|
Service type to return
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_discover">
|
|
<title>keystone discover command</title>
|
|
<screen><computeroutput>usage: keystone discover
|
|
|
|
Discover Keystone servers, supported API versions and extensions. Usage:: $
|
|
keystone discover Keystone found at http://localhost:35357 - supports version
|
|
v1.0 (DEPRECATED) here http://localhost:35357/v1.0 - supports version v1.1
|
|
(CURRENT) here http://localhost:35357/v1.1 - supports version v2.0 (CURRENT)
|
|
here http://localhost:35357/v2.0 - and RAX-KSKEY: Rackspace API Key
|
|
Authentication Admin Extension - and RAX-KSGRP: Rackspace Keystone Group
|
|
Extensions
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_ec2-credentials-create">
|
|
<title>keystone ec2-credentials-create command</title>
|
|
<screen><computeroutput>usage: keystone ec2-credentials-create [--user-id <user-id>]
|
|
[--tenant-id <tenant-id>]
|
|
|
|
Create EC2-compatible credentials for user per tenant.
|
|
|
|
Arguments:
|
|
--user-id <user-id> User ID
|
|
--tenant-id <tenant-id>
|
|
Tenant ID
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_ec2-credentials-delete">
|
|
<title>keystone ec2-credentials-delete command</title>
|
|
<screen><computeroutput>usage: keystone ec2-credentials-delete [--user-id <user-id>] --access
|
|
<access-key>
|
|
|
|
Delete EC2-compatible credentials.
|
|
|
|
Arguments:
|
|
--user-id <user-id> User ID
|
|
--access <access-key>
|
|
Access Key
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_ec2-credentials-get">
|
|
<title>keystone ec2-credentials-get command</title>
|
|
<screen><computeroutput>usage: keystone ec2-credentials-get [--user-id <user-id>] --access
|
|
<access-key>
|
|
|
|
Display EC2-compatible credentials.
|
|
|
|
Arguments:
|
|
--user-id <user-id> User ID
|
|
--access <access-key>
|
|
Access Key
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_ec2-credentials-list">
|
|
<title>keystone ec2-credentials-list command</title>
|
|
<screen><computeroutput>usage: keystone ec2-credentials-list [--user-id <user-id>]
|
|
|
|
List EC2-compatible credentials for a user
|
|
|
|
Arguments:
|
|
--user-id <user-id> User ID
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_endpoint-create">
|
|
<title>keystone endpoint-create command</title>
|
|
<screen><computeroutput>usage: keystone endpoint-create [--region <endpoint-region>] --service
|
|
<service> --publicurl <public-url>
|
|
[--adminurl <admin-url>]
|
|
[--internalurl <internal-url>]
|
|
|
|
Create a new endpoint associated with a service.
|
|
|
|
Arguments:
|
|
--region <endpoint-region>
|
|
Endpoint region
|
|
--service <service>, --service-id <service>, --service_id <service>
|
|
Name or ID of service associated with Endpoint
|
|
--publicurl <public-url>
|
|
Public URL endpoint
|
|
--adminurl <admin-url>
|
|
Admin URL endpoint
|
|
--internalurl <internal-url>
|
|
Internal URL endpoint
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_endpoint-delete">
|
|
<title>keystone endpoint-delete command</title>
|
|
<screen><computeroutput>usage: keystone endpoint-delete <endpoint-id>
|
|
|
|
Delete a service endpoint.
|
|
|
|
Arguments:
|
|
<endpoint-id> ID of endpoint to delete
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_endpoint-get">
|
|
<title>keystone endpoint-get command</title>
|
|
<screen><computeroutput>usage: keystone endpoint-get --service <service-type>
|
|
[--endpoint-type <endpoint-type>]
|
|
[--attr <service-attribute>] [--value <value>]
|
|
|
|
Find endpoint filtered by a specific attribute or service type.
|
|
|
|
Arguments:
|
|
--service <service-type>
|
|
Service type to select
|
|
--endpoint-type <endpoint-type>
|
|
Endpoint type to select
|
|
--attr <service-attribute>
|
|
Service attribute to match for selection
|
|
--value <value> Value of attribute to match
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_endpoint-list">
|
|
<title>keystone endpoint-list command</title>
|
|
<screen><computeroutput>usage: keystone endpoint-list
|
|
|
|
List configured service endpoints.
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_password-update">
|
|
<title>keystone password-update command</title>
|
|
<screen><computeroutput>usage: keystone password-update [--current-password <current-password>]
|
|
[--new-password <new-password>]
|
|
|
|
Update own password.
|
|
|
|
Arguments:
|
|
--current-password <current-password>
|
|
Current password, Defaults to the password as set by
|
|
--os-password or OS_PASSWORD
|
|
--new-password <new-password>
|
|
Desired new password
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_role-create">
|
|
<title>keystone role-create command</title>
|
|
<screen><computeroutput>usage: keystone role-create --name <role-name>
|
|
|
|
Create new role.
|
|
|
|
Arguments:
|
|
--name <role-name> Name of new role
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_role-delete">
|
|
<title>keystone role-delete command</title>
|
|
<screen><computeroutput>usage: keystone role-delete <role>
|
|
|
|
Delete role.
|
|
|
|
Arguments:
|
|
<role> Name or ID of role to delete
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_role-get">
|
|
<title>keystone role-get command</title>
|
|
<screen><computeroutput>usage: keystone role-get <role>
|
|
|
|
Display role details.
|
|
|
|
Arguments:
|
|
<role> Name or ID of role to display
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_role-list">
|
|
<title>keystone role-list command</title>
|
|
<screen><computeroutput>usage: keystone role-list
|
|
|
|
List all roles.
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_service-create">
|
|
<title>keystone service-create command</title>
|
|
<screen><computeroutput>usage: keystone service-create --name <name> --type <type>
|
|
[--description <service-description>]
|
|
|
|
Add service to Service Catalog.
|
|
|
|
Arguments:
|
|
--name <name> Name of new service (must be unique)
|
|
--type <type> Service type (one of: identity, compute, network,
|
|
image, object-store, or other service identifier
|
|
string)
|
|
--description <service-description>
|
|
Description of service
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_service-delete">
|
|
<title>keystone service-delete command</title>
|
|
<screen><computeroutput>usage: keystone service-delete <service>
|
|
|
|
Delete service from Service Catalog.
|
|
|
|
Arguments:
|
|
<service> Name or ID of service to delete
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_service-get">
|
|
<title>keystone service-get command</title>
|
|
<screen><computeroutput>usage: keystone service-get <service>
|
|
|
|
Display service from Service Catalog.
|
|
|
|
Arguments:
|
|
<service> Name or ID of service to display
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_service-list">
|
|
<title>keystone service-list command</title>
|
|
<screen><computeroutput>usage: keystone service-list
|
|
|
|
List all services in Service Catalog.
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_tenant-create">
|
|
<title>keystone tenant-create command</title>
|
|
<screen><computeroutput>usage: keystone tenant-create --name <tenant-name>
|
|
[--description <tenant-description>]
|
|
[--enabled <true|false>]
|
|
|
|
Create new tenant.
|
|
|
|
Arguments:
|
|
--name <tenant-name> New tenant name (must be unique)
|
|
--description <tenant-description>
|
|
Description of new tenant (default is none)
|
|
--enabled <true|false>
|
|
Initial tenant enabled status (default true)
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_tenant-delete">
|
|
<title>keystone tenant-delete command</title>
|
|
<screen><computeroutput>usage: keystone tenant-delete <tenant>
|
|
|
|
Delete tenant.
|
|
|
|
Arguments:
|
|
<tenant> Name or ID of tenant to delete
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_tenant-get">
|
|
<title>keystone tenant-get command</title>
|
|
<screen><computeroutput>usage: keystone tenant-get <tenant>
|
|
|
|
Display tenant details.
|
|
|
|
Arguments:
|
|
<tenant> Name or ID of tenant to display
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_tenant-list">
|
|
<title>keystone tenant-list command</title>
|
|
<screen><computeroutput>usage: keystone tenant-list
|
|
|
|
List all tenants.
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_tenant-update">
|
|
<title>keystone tenant-update command</title>
|
|
<screen><computeroutput>usage: keystone tenant-update [--name <tenant_name>]
|
|
[--description <tenant-description>]
|
|
[--enabled <true|false>]
|
|
<tenant>
|
|
|
|
Update tenant name, description, enabled status.
|
|
|
|
Arguments:
|
|
--name <tenant_name> Desired new name of tenant
|
|
--description <tenant-description>
|
|
Desired new description of tenant
|
|
--enabled <true|false>
|
|
Enable or disable tenant
|
|
<tenant> Name or ID of tenant to update
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_token-get">
|
|
<title>keystone token-get command</title>
|
|
<screen><computeroutput>usage: keystone token-get [--wrap <integer>]
|
|
|
|
Display the current user token.
|
|
|
|
Arguments:
|
|
--wrap <integer> wrap PKI tokens to a specified length, or 0 to disable
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-create">
|
|
<title>keystone user-create command</title>
|
|
<screen><computeroutput>usage: keystone user-create --name <user-name> [--tenant <tenant>]
|
|
[--pass <pass>] [--email <email>]
|
|
[--enabled <true|false>]
|
|
|
|
Create new user
|
|
|
|
Arguments:
|
|
--name <user-name> New user name (must be unique)
|
|
--tenant <tenant>, --tenant-id <tenant>
|
|
New user default tenant
|
|
--pass <pass> New user password
|
|
--email <email> New user email address
|
|
--enabled <true|false>
|
|
Initial user enabled status (default true)
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-delete">
|
|
<title>keystone user-delete command</title>
|
|
<screen><computeroutput>usage: keystone user-delete <user>
|
|
|
|
Delete user
|
|
|
|
Arguments:
|
|
<user> Name or ID of user to delete
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-get">
|
|
<title>keystone user-get command</title>
|
|
<screen><computeroutput>usage: keystone user-get <user>
|
|
|
|
Display user details.
|
|
|
|
Arguments:
|
|
<user> Name or ID of user to display
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-list">
|
|
<title>keystone user-list command</title>
|
|
<screen><computeroutput>usage: keystone user-list [--tenant <tenant>]
|
|
|
|
List users.
|
|
|
|
Arguments:
|
|
--tenant <tenant>, --tenant-id <tenant>
|
|
Tenant; lists all users if not specified
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-password-update">
|
|
<title>keystone user-password-update command</title>
|
|
<screen><computeroutput>usage: keystone user-password-update [--pass <password>] <user>
|
|
|
|
Update user password.
|
|
|
|
Arguments:
|
|
--pass <password> Desired new password
|
|
<user> Name or ID of user to update password
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-role-add">
|
|
<title>keystone user-role-add command</title>
|
|
<screen><computeroutput>usage: keystone user-role-add --user <user> --role <role> [--tenant <tenant>]
|
|
|
|
Add role to user
|
|
|
|
Arguments:
|
|
--user <user>, --user-id <user>, --user_id <user>
|
|
Name or ID of user
|
|
--role <role>, --role-id <role>, --role_id <role>
|
|
Name or ID of role
|
|
--tenant <tenant>, --tenant-id <tenant>
|
|
Name or ID of tenant
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-role-list">
|
|
<title>keystone user-role-list command</title>
|
|
<screen><computeroutput>usage: keystone user-role-list [--user <user>] [--tenant <tenant>]
|
|
|
|
List roles granted to a user
|
|
|
|
Arguments:
|
|
--user <user>, --user-id <user>
|
|
List roles granted to a user
|
|
--tenant <tenant>, --tenant-id <tenant>
|
|
List roles granted on a tenant
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-role-remove">
|
|
<title>keystone user-role-remove command</title>
|
|
<screen><computeroutput>usage: keystone user-role-remove --user <user> --role <role>
|
|
[--tenant <tenant>]
|
|
|
|
Remove role from user
|
|
|
|
Arguments:
|
|
--user <user>, --user-id <user>, --user_id <user>
|
|
Name or ID of user
|
|
--role <role>, --role-id <role>, --role_id <role>
|
|
Name or ID of role
|
|
--tenant <tenant>, --tenant-id <tenant>
|
|
Name or ID of tenant
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
<section xml:id="keystoneclient_subcommand_user-update">
|
|
<title>keystone user-update command</title>
|
|
<screen><computeroutput>usage: keystone user-update [--name <user-name>] [--email <email>]
|
|
[--enabled <true|false>]
|
|
<user>
|
|
|
|
Update user's name, email, and enabled status.
|
|
|
|
Arguments:
|
|
--name <user-name> Desired new user name
|
|
--email <email> Desired new email address
|
|
--enabled <true|false>
|
|
Enable or disable user
|
|
<user> Name or ID of user to update
|
|
|
|
</computeroutput></screen>
|
|
</section>
|
|
</section>
|