OpenStack ManualsOpenStack Compute Administration Guide  - Grizzly, 2013.1

  Atom feed of this document
 

 Adding Users, Tenants, and Roles with python-keystoneclient

Token Auth Method
Password Auth Method
Example usage
Tenants
Users
Roles
Services

User, tenants, and roles must be administered using admin credentials. There are two ways to configure python-keystoneclient to use admin credentials, using the token auth method, or password auth method.

 Token Auth Method

To use keystone client using token auth, set the following flags

  • --endpoint SERVICE_ENDPOINT : allows you to specify the keystone endpoint to communicate with. The default endpoint is http://localhost:35357/v2.0'

  • --token SERVICE_TOKEN : your administrator service token.

 Password Auth Method

  • --username OS_USERNAME : allows you to specify the administrator username

  • --password OS_PASSWORD : Your administrator password

  • --tenant_name OS_TENANT_NAME : Name of your tenant

  • --auth_url OS_AUTH_URL : url of your keystone auth server, for example http://localhost:5000/v2.0'

 Example usage

The keystone client is set up to expect commands in the general form of keystone command argument, followed by flag-like keyword arguments to provide additional (often optional) information. For example, the command user-list and tenant-create can be invoked as follows: 

# Using token auth env variables
export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
export SERVICE_TOKEN=secrete_token
keystone user-list
keystone tenant-create --name=demo

# Using token auth flags
keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ user-list
keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ tenant-create --name=demo

# Using user + password + tenant_name env variables
export OS_USERNAME=admin
export OS_PASSWORD=secrete
export OS_TENANT_NAME=admin
keystone user-list
keystone tenant-create --name=demo

# Using user + password + tenant_name flags
keystone --username=admin --password=secrete --tenant_name=admin user-list
keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo

 Tenants

tenant-create
tenant-delete
tenant-enable
tenant-disable

Tenants are the high level grouping within Keystone that represent groups of users. A tenant is the grouping that owns virtual machines within Nova, or containers within Swift. A tenant can have zero or more users, Users can be associated with more than one tenant, and each tenant - user pairing can have a role associated with it.

 tenant-create

keyword arguments

  • name

  • description (optional, defaults to None)

  • enabled (optional, defaults to True)

example: 

keystone tenant-create --name=demo

creates a tenant named "demo".

 tenant-delete

arguments

  • tenant_id

example: 

keystone tenant-delete f2b7b39c860840dfa47d9ee4adffa0b3

 tenant-enable

arguments

  • tenant_id

example: 

keystone tenant-enable f2b7b39c860840dfa47d9ee4adffa0b3

 tenant-disable

arguments

  • tenant_id

example: 

keystone tenant-disable f2b7b39c860840dfa47d9ee4adffa0b3

 Users

user-create
user-delete
user-list
user-update --email
user-enable
user-disable
user-update --password

 user-create

keyword arguments:

  • name

  • pass

  • email

  • default_tenant (optional, defaults to None)

  • enabled (optional, defaults to True)

example: 

keystone user-create
--name=admin \
--pass=secrete \
--email=admin@example.com

 user-delete

keyword arguments:

  • user

example: 

keystone user-delete f2b7b39c860840dfa47d9ee4adffa0b3

 user-list

list users in the system, optionally by a specific tenant (identified by tenant_id)

arguments

  • tenant_id (optional, defaults to None)

example: 

keystone user-list

 user-update --email

arguments

  • user_id

  • email

example: 

keystone user-update --email 03c84b51574841ba9a0d8db7882ac645 "someone@somewhere.com"

 user-enable

arguments

  • user_id

example: 

keystone user-enable 03c84b51574841ba9a0d8db7882ac645

 user-disable

arguments

  • user_id

example: 

keystone user-disable 03c84b51574841ba9a0d8db7882ac645

 user-update --password

arguments

  • user_id

  • password

example: 

keystone user-update --password 03c84b51574841ba9a0d8db7882ac645 foo

 Roles

role-create
role-delete
role-list
role-get
add-user-role
remove-user-role

 role-create

arguments

  • name

example: 

keystone role-create --name=demo

 role-delete

arguments

  • role_id

example: 

keystone role-delete 19d1d3344873464d819c45f521ff9890

 role-list

example: 

keystone role-list

 role-get

arguments

  • role_id

example: 

keystone role-get role=19d1d3344873464d819c45f521ff9890

 add-user-role

arguments

  • role_id

  • user_id

  • tenant_id

example: 

keystone add-user-role \
3a751f78ef4c412b827540b829e2d7dd \
03c84b51574841ba9a0d8db7882ac645 \
20601a7f1d94447daa4dff438cb1c209

 remove-user-role

arguments

  • role_id

  • user_id

  • tenant_id

example: 

keystone remove-user-role \
19d1d3344873464d819c45f521ff9890 \
08741d8ed88242ca88d1f61484a0fe3b \
20601a7f1d94447daa4dff438cb1c209

 Services

service-create
service-list
service-get
service-delete

 service-create

keyword arguments

  • name

  • type

  • description

example: 

keystone service create \
--name=nova \
--type=compute \
--description="Nova Compute Service"

 service-list

arguments

  • service_id

example: 

keystone service-list

 service-get

arguments

  • service_id

example: 

keystone service-get 08741d8ed88242ca88d1f61484a0fe3b

 service-delete

arguments

  • service_id

example: 

keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b
Legal notices
loading table of contents...