File: keystone.rst

package info (click to toggle)
python-keystoneclient 1%3A2.3.1-2~bpo8%2B1
  • links: PTS, VCS
  • area: main
  • in suites: jessie-backports
  • size: 2,360 kB
  • sloc: python: 21,933; sh: 233; xml: 149; makefile: 123
file content (158 lines) | stat: -rw-r--r-- 4,058 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
==============================================================
:program:`keystone` command line utility (pending deprecation)
==============================================================

.. program:: keystone
.. highlight:: bash

SYNOPSIS
========

:program:`keystone` [options] <command> [command-options]

:program:`keystone help`

:program:`keystone help` <command>


DESCRIPTION
===========

.. WARNING::

    The :program:`keystone` command line utility is pending deprecation. The
    `OpenStackClient unified command line utility
    <http://docs.openstack.org/developer/python-openstackclient/>`_ should be
    used instead. The :program:`keystone` command line utility only supports V2
    of the Identity API whereas the OSC program supports both V2 and V3.

The :program:`keystone` command line utility interacts with services providing
OpenStack Identity API (e.g. Keystone).

To communicate with the API, you will need to be authenticated - and the
:program:`keystone` provides multiple options for this.

While bootstrapping Keystone the authentication is accomplished with a
shared secret token and the location of the Identity API endpoint. The
shared secret token is configured in keystone.conf as "admin_token".

You can specify those values on the command line with :option:`--os-token`
and :option:`--os-endpoint`, or set them in environment variables:

.. envvar:: OS_SERVICE_TOKEN

    Your Keystone administrative token

.. envvar:: OS_SERVICE_ENDPOINT

    Your Identity API endpoint

The command line options will override any environment variables set.

If you already have accounts, you can use your OpenStack username and
password. You can do this with the :option:`--os-username`,
:option:`--os-password`.

Keystone allows a user to be associated with one or more projects which are
historically called tenants.  To specify the project for which you want to
authorize against, you may optionally specify a :option:`--os-tenant-id` or
:option:`--os-tenant-name`.

Instead of using options, it is easier to just set them as environment
variables:

.. envvar:: OS_USERNAME

    Your Keystone username.

.. envvar:: OS_PASSWORD

    Your Keystone password.

.. envvar:: OS_TENANT_NAME

    Name of Keystone project.

.. envvar:: OS_TENANT_ID

    ID of Keystone Tenant.

.. envvar:: OS_AUTH_URL

    The OpenStack API server URL.

.. envvar:: OS_IDENTITY_API_VERSION

    The OpenStack Identity API version.

.. envvar:: OS_CACERT

    The location for the CA truststore (PEM formatted) for this client.

.. envvar:: OS_CERT

    The location for the keystore (PEM formatted) containing the public
    key of this client.  This keystore can also optionally contain the
    private key of this client.

.. envvar:: OS_KEY

    The location for the keystore (PEM formatted) containing the private
    key of this client.  This value can be empty if the private key is
    included in the OS_CERT file.

For example, in Bash you'd use::

    export OS_USERNAME=yourname
    export OS_PASSWORD=yadayadayada
    export OS_TENANT_NAME=myproject
    export OS_AUTH_URL=http(s)://example.com:5000/v2.0/
    export OS_IDENTITY_API_VERSION=2.0
    export OS_CACERT=/etc/keystone/yourca.pem
    export OS_CERT=/etc/keystone/yourpublickey.pem
    export OS_KEY=/etc/keystone/yourprivatekey.pem


OPTIONS
=======

To get a list of available commands and options run::

    keystone help

To get usage and options of a command::

    keystone help <command>


EXAMPLES
========

Get information about endpoint-create command::

    keystone help endpoint-create

View endpoints of OpenStack services::

    keystone catalog

Create a 'service' project::

    keystone tenant-create --name=service

Create service user for nova::

    keystone user-create --name=nova \
                         --tenant_id=<project ID> \
                         --email=nova@nothing.com

View roles::

    keystone role-list


BUGS
====

Keystone client is hosted in Launchpad so you can view current bugs at
https://bugs.launchpad.net/python-keystoneclient/.