keystone 命令简要说明

catalog：
keystone  catalog  可以显示所有已有的service
keystone  catalog --service service-type  显示某个service信息
endpoint：
 endpoint-create     Create a new endpoint associated with a service
endpoint-delete     Delete a service endpoint
 endpoint-get
 endpoint-list       List configured service endpoints

keystone  help endpoint-create
--region 
                        Endpoint region     region表示不同的范围，类似c++中命名空间，把服务“隔离“。
  --service-id , --service_id 
                        ID of service associated with Endpoint
  --publicurl 
                        Public URL endpoint
  --adminurl 
                        Admin URL endpoint
  --internalurl 
                        Internal URL endpoint
keystone help endpoint-get
 --service 
                        Service type to select
  --endpoint-type 
                        Endpoint type to select # adminurl，publicurl，internalurl
  --attr 
                        Service attribute to match for selection
  --value        Value of attribute to match


role：指定一个名字就ok，创建role后，根据policy文件去决定具有那些访问权限。由SA去分配和管理。
role-create         Create new role 
role-delete         Delete role
 role-get            Display role details
role-list           List all roles

service，即服务，给catalog添加service。
service-create      Add service to Service Catalog
service-delete      Delete service from Service Catalog
service-get         Display service from Service Catalog
service-list        List all services in Service Catalog

--name          Name of new service (must be unique)
--type          Service type (one of: identity, compute, network,
                        image, or object-store)
--description 
                        Description of service

tenant，即资源。
tenant-create       Create new tenant
tenant-delete       Delete tenant
tenant-get          Display tenant details
tenant-list         List all tenants
tenant-update       Update tenant name, description, enabled status
keystone help tenant-create
--name   New tenant name (must be unique)
--description 
                        Description of new tenant (default is none)
 --enabled 
                        Initial tenant enabled status (default true)
user，即用户，访问api或资源的抽象体。
 user-create         Create new user
user-delete         Delete user
 user-get            Display user details.
 user-list           List users
 user-password-update
                        Update user password

keystone help user-create
--name     New user name (must be unique)
  --tenant-id   # 可以不指定，推迟通过user-role-add关联到某个tenant
                        New user default tenant
  --pass          New user password
  --email        New user email address
  --enabled 
                        Initial user enabled status (default true)

keystone help user-list
--tenant-id 
                        Tenant ID; lists all users if not specified

keystone help user-role-add
--user-id , --user_id 
                        User ID
  --role-id , --role_id 
                        Role ID
  --tenant-id 
                        Tenant ID
keystone help user-role-list 查看推迟关联的user对应的tenant信息
--user-id    List roles granted to a user
  --tenant-id 
                        List roles granted on a tenant

keystone help user-role-remove
--user-id , --user_id 
                        User ID
  --role-id , --role_id 
                        Role ID
  --tenant-id 
                        Tenant ID
注意：update 是分开的。
user-password-update：  update password user-update ：Update user's name, email, and enabled status