e827a0d412
Move CLI sections to common as they are shared between user guide, admin user guide, and config reference guide. Update the appendix (which was already in common) to refer to the new location. Change-Id: Id51aacea15ce70a90e1a49203665b2797d374e48
129 lines
6.8 KiB
XML
129 lines
6.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="keystone_client_commands">
|
|
<title>keystone commands</title>
|
|
<para>The keystone client is the command-line interface (CLI) for
|
|
the OpenStack Identity API.</para>
|
|
<para>For help on a specific keystone command, enter:</para>
|
|
<screen><prompt>$</prompt> <userinput><command>keystone</command> <option>help</option> <replaceable>COMMAND</replaceable></userinput></screen>
|
|
<example>
|
|
<title>Usage</title>
|
|
<screen><computeroutput>
|
|
keystone [--version] [--timeout <seconds>]
|
|
[--os-username <auth-user-name>]
|
|
[--os-password <auth-password>]
|
|
[--os-tenant-name <auth-tenant-name>]
|
|
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
|
|
[--os-region-name <region-name>]
|
|
[--os-identity-api-version <identity-api-version>]
|
|
[--os-token <service-token>]
|
|
[--os-endpoint <service-endpoint>]
|
|
[--os-cacert <ca-certificate>] [--insecure]
|
|
[--os-cert <certificate>] [--os-key <key>] [--os-cache]
|
|
[--force-new-token] [--stale-duration <seconds>]
|
|
<subcommand> ...</computeroutput></screen>
|
|
</example>
|
|
<example>
|
|
<title>Positional arguments</title>
|
|
<screen><computeroutput><subcommand>
|
|
catalog List service catalog, possibly filtered by service.
|
|
ec2-credentials-create
|
|
Create EC2-compatible credentials for user per tenant
|
|
ec2-credentials-delete
|
|
Delete EC2-compatible credentials
|
|
ec2-credentials-get
|
|
Display EC2-compatible credentials
|
|
ec2-credentials-list
|
|
List EC2-compatible credentials for a user
|
|
endpoint-create Create a new endpoint associated with a service
|
|
endpoint-delete Delete a service endpoint
|
|
endpoint-get Find endpoint filtered by a specific attribute or
|
|
service type
|
|
endpoint-list List configured service endpoints
|
|
password-update Update own password
|
|
role-create Create new role
|
|
role-delete Delete role
|
|
role-get Display role details
|
|
role-list List all roles
|
|
service-create Add service to Service Catalog
|
|
service-delete Delete service from Service Catalog
|
|
service-get Display service from Service Catalog
|
|
service-list List all services in Service Catalog<?sbr?> tenant-create Create new tenant
|
|
tenant-delete Delete tenant
|
|
tenant-get Display tenant details
|
|
tenant-list List all tenants
|
|
tenant-update Update tenant name, description, enabled status
|
|
token-get Display the current user token
|
|
user-create Create new user
|
|
user-delete Delete user
|
|
user-get Display user details.
|
|
user-list List users
|
|
user-password-update
|
|
Update user password
|
|
user-role-add Add role to user
|
|
user-role-list List roles granted to a user
|
|
user-role-remove Remove role from user
|
|
user-update Update user's name, email, and enabled status
|
|
discover Discover Keystone servers, supported API versions and
|
|
extensions.
|
|
bootstrap Grants a new role to a new user on a new tenant, after
|
|
creating each.
|
|
bash-completion Prints all of the commands and options to stdout.
|
|
help Display help about this program or one of its
|
|
subcommands.</computeroutput></screen>
|
|
</example>
|
|
<example>
|
|
<title>Optional arguments</title>
|
|
<screen><computeroutput> --version Shows the client version and exits
|
|
--timeout <seconds> Set request timeout (in seconds)
|
|
--os-username <auth-user-name>
|
|
Name used for authentication with the OpenStack
|
|
Identity service. Defaults to env[OS_USERNAME]
|
|
--os-password <auth-password>
|
|
Password used for authentication with the OpenStack
|
|
Identity service. Defaults to env[OS_PASSWORD]
|
|
--os-tenant-name <auth-tenant-name>
|
|
Tenant to request authorization on. Defaults to
|
|
env[OS_TENANT_NAME]
|
|
--os-tenant-id <tenant-id>
|
|
Tenant to request authorization on. Defaults to
|
|
env[OS_TENANT_ID]
|
|
--os-auth-url <auth-url>
|
|
Specify the Identity endpoint to use for
|
|
authentication. Defaults to env[OS_AUTH_URL]
|
|
--os-region-name <region-name>
|
|
Defaults to env[OS_REGION_NAME]
|
|
--os-identity-api-version <identity-api-version>
|
|
Defaults to env[OS_IDENTITY_API_VERSION] or 2.0<?sbr?> --os-token <service-token>
|
|
Specify an existing token to use instead of retrieving
|
|
one via authentication (e.g. with username &
|
|
password). Defaults to env[OS_SERVICE_TOKEN]
|
|
--os-endpoint <service-endpoint>
|
|
Specify an endpoint to use instead of retrieving one
|
|
from the service catalog (via authentication).
|
|
Defaults to env[OS_SERVICE_ENDPOINT]
|
|
--os-cacert <ca-certificate>
|
|
Specify a CA bundle file to use in verifying a TLS
|
|
(https) server certificate. Defaults to env[OS_CACERT]
|
|
--insecure Explicitly allow keystoneclient to perform "insecure"
|
|
TLS (https) requests. The server's certificate will
|
|
not be verified against any certificate authorities.
|
|
This option should be used with caution.
|
|
--os-cert <certificate>
|
|
Defaults to env[OS_CERT]
|
|
--os-key <key> Defaults to env[OS_KEY]
|
|
--os-cache Use the auth token cache. Defaults to env[OS_CACHE]
|
|
--force-new-token If the keyring is available and in use, token will
|
|
always be stored and fetched from the keyring until
|
|
the token has expired. Use this option to request a
|
|
new token and replace the existing one in the keyring.
|
|
--stale-duration <seconds>
|
|
Stale duration (in seconds) used to determine whether
|
|
a token has expired when retrieving it from keyring.
|
|
This is useful in mitigating process or network
|
|
delays. Default is 30 seconds.</computeroutput></screen>
|
|
</example>
|
|
</section>
|