.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "KEYSTONE-MANAGE" "1" "Apr 04, 2024" "25.0.0" "keystone" .SH NAME keystone-manage \- Keystone Management Utility .SH KEYSTONE MANAGEMENT UTILITY .INDENT 0.0 .TP .B Author \fI\%openstack@lists.openstack.org\fP .TP .B Date 2017\-02\-23 .TP .B Copyright OpenStack Foundation .TP .B Version 11.0.0 .TP .B Manual section 1 .TP .B Manual group cloud computing .UNINDENT .SS SYNOPSIS .INDENT 0.0 .INDENT 3.5 keystone\-manage [options] .UNINDENT .UNINDENT .SS DESCRIPTION .sp \fBkeystone\-manage\fP is the command line tool which interacts with the Keystone service to initialize and update data within Keystone. Generally, \fBkeystone\-manage\fP is only used for operations that cannot be accomplished with the HTTP API, such data import/export and database migrations. .SS USAGE .INDENT 0.0 .INDENT 3.5 \fBkeystone\-manage [options] action [additional args]\fP .UNINDENT .UNINDENT .SS General keystone\-manage options: .INDENT 0.0 .IP \(bu 2 \fB\-\-help\fP : display verbose help output. .UNINDENT .sp Invoking \fBkeystone\-manage\fP by itself will give you some usage information. .sp Available commands: .INDENT 0.0 .IP \(bu 2 \fBbootstrap\fP: Perform the basic bootstrap process. .IP \(bu 2 \fBcreate_jws_keypair\fP: Create an ECDSA key pair for JWS token signing. .IP \(bu 2 \fBcredential_migrate\fP: Encrypt credentials using a new primary key. .IP \(bu 2 \fBcredential_rotate\fP: Rotate Fernet keys for credential encryption. .IP \(bu 2 \fBcredential_setup\fP: Setup a Fernet key repository for credential encryption. .IP \(bu 2 \fBdb_sync\fP: Sync the database. .IP \(bu 2 \fBdb_version\fP: Print the current migration version of the database. .IP \(bu 2 \fBdoctor\fP: Diagnose common problems with keystone deployments. .IP \(bu 2 \fBdomain_config_upload\fP: Upload domain configuration file. .IP \(bu 2 \fBfernet_rotate\fP: Rotate keys in the Fernet key repository. .IP \(bu 2 \fBfernet_setup\fP: Setup a Fernet key repository for token encryption. .IP \(bu 2 \fBmapping_populate\fP: Prepare domain\-specific LDAP backend. .IP \(bu 2 \fBmapping_purge\fP: Purge the identity mapping table. .IP \(bu 2 \fBmapping_engine\fP: Test your federation mapping rules. .IP \(bu 2 \fBreceipt_rotate\fP: Rotate auth receipts encryption keys. .IP \(bu 2 \fBreceipt_setup\fP: Setup a key repository for auth receipts. .IP \(bu 2 \fBsaml_idp_metadata\fP: Generate identity provider metadata. .IP \(bu 2 \fBtoken_rotate\fP: Rotate token keys in the key repository. .IP \(bu 2 \fBtoken_setup\fP: Setup a token key repository for token encryption. .IP \(bu 2 \fBtrust_flush\fP: Purge expired trusts. .UNINDENT .SS OPTIONS .INDENT 0.0 .INDENT 3.5 .INDENT 0.0 .TP .B \-h\fP,\fB \-\-help show this help message and exit .TP .BI \-\-config\-dir \ DIR Path to a config directory to pull *.conf files from. This file set is sorted, so as to provide a predictable parse order if individual options are over\-ridden. The set is parsed after the file(s) specified via previous \-\-config\-file, arguments hence over\-ridden options in the directory take precedence. .TP .BI \-\-config\-file \ PATH Path to a config file to use. Multiple config files can be specified, with values in later files taking precedence. Defaults to None. .TP .B \-\-debug\fP,\fB \-d If set to true, the logging level will be set to DEBUG instead of the default INFO level. .TP .BI \-\-log\-config\-append \ PATH\fR,\fB \ \-\-log_config \ PATH The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string). .TP .BI \-\-log\-date\-format \ DATE_FORMAT Defines the format string for %(asctime)s in log records. Default: None . This option is ignored if log_config_append is set. .TP .BI \-\-log\-dir \ LOG_DIR\fR,\fB \ \-\-logdir \ LOG_DIR (Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set. .TP .BI \-\-log\-file \ PATH\fR,\fB \ \-\-logfile \ PATH (Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set. .TP .B \-\-nodebug The inverse of \-\-debug .TP .B \-\-nostandard\-threads The inverse of \-\-standard\-threads .TP .B \-\-nouse\-syslog The inverse of \-\-use\-syslog .TP .B \-\-noverbose The inverse of \-\-verbose .TP .B \-\-nowatch\-log\-file The inverse of \-\-watch\-log\-file .TP .BI \-\-pydev\-debug\-host \ PYDEV_DEBUG_HOST Host to connect to for remote debugger. .TP .BI \-\-pydev\-debug\-port \ PYDEV_DEBUG_PORT Port to connect to for remote debugger. .TP .B \-\-standard\-threads Do not monkey\-patch threading system modules. .TP .BI \-\-syslog\-log\-facility \ SYSLOG_LOG_FACILITY Syslog facility to receive log lines. This option is ignored if log_config_append is set. .TP .B \-\-use\-syslog Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set. .TP .B \-\-verbose\fP,\fB \-v If set to false, the logging level will be set to WARNING instead of the default INFO level. .TP .B \-\-version show program\(aqs version number and exit .TP .B \-\-watch\-log\-file Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set. .UNINDENT .UNINDENT .UNINDENT .SS FILES .sp None .SS SEE ALSO .INDENT 0.0 .IP \(bu 2 \fI\%OpenStack Keystone\fP .UNINDENT .SS SOURCE .INDENT 0.0 .IP \(bu 2 Keystone is sourced in Gerrit git \fI\%Keystone\fP .IP \(bu 2 Keystone bugs are managed at Launchpad \fI\%Keystone\fP .UNINDENT .SH AUTHOR OpenStack .SH COPYRIGHT 2012-Present, OpenInfra Foundation .\" Generated by docutils manpage writer. .