catalog：

keystone  catalog  可以显示所有已有的service

keystone  catalog --service service-type  显示某个service信息

endpoint：

 endpoint-create     Create a new endpoint associated with a service

endpoint-delete     Delete a service endpoint

 endpoint-get

 endpoint-list       List configured service endpoints

keystone  help endpoint-create

--region <endpoint-region>

                        Endpoint region     region表示不同的范围，类似c++中命名空间，把服务“隔离“。

  --service-id <service-id>, --service_id <service-id>

                        ID of service associated with Endpoint

  --publicurl <public-url>

                        Public URL endpoint

  --adminurl <admin-url>

                        Admin URL endpoint

  --internalurl <internal-url>

                        Internal URL endpoint

keystone help endpoint-get

 --service <service-type>

                        Service type to select

  --endpoint-type <endpoint-type>

                        Endpoint type to select # adminurl，publicurl，internalurl

  --attr <service-attribute>

                        Service attribute to match for selection

  --value <value>       Value of attribute to match

role：指定一个名字就ok，创建role后，根据policy文件去决定具有那些访问权限。由SA去分配和管理。

role-create         Create new role

role-delete         Delete role

 role-get            Display role details

role-list           List all roles

service，即服务，给catalog添加service。

service-create      Add service to Service Catalog

service-delete      Delete service from Service Catalog

service-get         Display service from Service Catalog

service-list        List all services in Service Catalog

--name <name>         Name of new service (must be unique)

--type <type>         Service type (one of: identity, compute, network,

                        image, or object-store)

--description <service-description>

                        Description of service

tenant，即资源。

tenant-create       Create new tenant

tenant-delete       Delete tenant

tenant-get          Display tenant details

tenant-list         List all tenants

tenant-update       Update tenant name, description, enabled status

keystone help tenant-create

--name <tenant-name>  New tenant name (must be unique)

--description <tenant-description>

                        Description of new tenant (default is none)

 --enabled <true|false>

                        Initial tenant enabled status (default true)

user，即用户，访问api或资源的抽象体。

 user-create         Create new user

user-delete         Delete user

 user-get            Display user details.

 user-list           List users

 user-password-update

                        Update user password

keystone help user-create

--name <user-name>    New user name (must be unique)

  --tenant-id <tenant-id>  # 可以不指定，推迟通过user-role-add关联到某个tenant

                        New user default tenant

  --pass <pass>         New user password

  --email <email>       New user email address

  --enabled <true|false>

                        Initial user enabled status (default true)

keystone help user-list

--tenant-id <tenant-id>

                        Tenant ID; lists all users if not specified

keystone help user-role-add

--user-id <user-id>, --user_id <user-id>

                        User ID

  --role-id <role-id>, --role_id <role-id>

                        Role ID

  --tenant-id <tenant-id>

                        Tenant ID

keystone help user-role-list 查看推迟关联的user对应的tenant信息

--user-id <user-id>   List roles granted to a user

  --tenant-id <tenant-id>

                        List roles granted on a tenant

keystone help user-role-remove

--user-id <user-id>, --user_id <user-id>

                        User ID

  --role-id <role-id>, --role_id <role-id>

                        Role ID

  --tenant-id <tenant-id>

                        Tenant ID

注意：update 是分开的。

user-password-update：  update password user-update ：Update user's name, email, and enabled status