8 Questions about OpenStack Identity Service (Keystone)

I'm studying for the Mirantis OpenStack Cloud Certification exam.  There's no official training material for Keystone yet (that I can find), so I'm writing my own questions based on what I've read.

OpenStack Identity Services (Keystone) - image from allthingsopen.com

1. How do you create a tenant?

• keystone tenant-create --name <tenant-name>

2. Where is the primary Keystone configuration file and what is it called?

• /etc/keystone.conf

3. Where is the PasteDeploy config file for Keystone and what is it's name?

• /etc/keystone-paste.ini

4. What port does Keystone start a service on, by default?

• 35357

5. How do you start Keystone services under Eventlet?

• keystone-all

6. How do you initialize a new, empty Keystone database?

• keystone-manage db_sync

7. With a SQL backend, how do you remove expired Keystone tokens?

• keystone-manage token_flush

8. With a memcache backend, how do you remove expired Keystone tokens?

• You don't.  The memcache backend automatically discards expired tokens and so flushing is unnecessary and if attempted will fail with a NotImplemented error.

Ref: http://docs.openstack.org/developer/keystone/configuration.html