keystone 命令简要说明

catalog：
keystone  catalog  可以显示所有已有的service
keystone  catalog --service service-type  显示某个service信息
endpoint：
 endpoint-create     Create a new endpoint associated with a service
endpoint-delete     Delete a service endpoint
 endpoint-get
 endpoint-list       List configured service endpoints

keystone  help endpoint-create
--region <endpoint-region>
                        Endpoint region     region表示不同的范围，类似c++中命名空间，把服务“隔离“。
  --service-id <service-id>, --service_id <service-id>
                        ID of service associated with Endpoint
  --publicurl <public-url>
                        Public URL endpoint
  --adminurl <admin-url>
                        Admin URL endpoint
  --internalurl <internal-url>
                        Internal URL endpoint
keystone help endpoint-get
 --service <service-type>
                        Service type to select
  --endpoint-type <endpoint-type>
                        Endpoint type to select # adminurl，publicurl，internalurl
  --attr <service-attribute>
                        Service attribute to match for selection
  --value <value>       Value of attribute to match


role：指定一个名字就ok，创建role后，根据policy文件去决定具有那些访问权限。由SA去分配和管理。
role-create         Create new role 
role-delete         Delete role
 role-get            Display role details
role-list           List all roles

service，即服务，给catalog添加service。
service-create      Add service to Service Catalog
service-delete      Delete service from Service Catalog
service-get         Display service from Service Catalog
service-list        List all services in Service Catalog

--name <name>         Name of new service (must be unique)
--type <type>         Service type (one of: identity, compute, network,
                        image, or object-store)
--description <service-description>
                        Description of service

tenant，即资源。
tenant-create       Create new tenant
tenant-delete       Delete tenant
tenant-get          Display tenant details
tenant-list         List all tenants
tenant-update       Update tenant name, description, enabled status
keystone help tenant-create
--name <tenant-name>  New tenant name (must be unique)
--description <tenant-description>
                        Description of new tenant (default is none)
 --enabled <true|false>
                        Initial tenant enabled status (default true)
user，即用户，访问api或资源的抽象体。
 user-create         Create new user
user-delete         Delete user
 user-get            Display user details.
 user-list           List users
 user-password-update
                        Update user password

keystone help user-create
--name <user-name>    New user name (must be unique)
  --tenant-id <tenant-id>  # 可以不指定，推迟通过user-role-add关联到某个tenant
                        New user default tenant
  --pass <pass>         New user password
  --email <email>       New user email address
  --enabled <true|false>
                        Initial user enabled status (default true)

keystone help user-list
--tenant-id <tenant-id>
                        Tenant ID; lists all users if not specified

keystone help user-role-add
--user-id <user-id>, --user_id <user-id>
                        User ID
  --role-id <role-id>, --role_id <role-id>
                        Role ID
  --tenant-id <tenant-id>
                        Tenant ID
keystone help user-role-list 查看推迟关联的user对应的tenant信息
--user-id <user-id>   List roles granted to a user
  --tenant-id <tenant-id>
                        List roles granted on a tenant

keystone help user-role-remove
--user-id <user-id>, --user_id <user-id>
                        User ID
  --role-id <role-id>, --role_id <role-id>
                        Role ID
  --tenant-id <tenant-id>
                        Tenant ID
注意：update 是分开的。
user-password-update：  update password user-update ：Update user's name, email, and enabled status