You need admin creds to use the keystone commands.

Create a tenant

keystone tenant-create --name tenant2

Note:

tenant2 - tenant name

user2 - user name

pwd - password

Member - role

Create a user for the tenant:

keystone user-create --name  user2 --pass pwd --tenant tenant2 --enabled true

Adding a role to the user

keystone user-role-add --user user2 --role Member --tenant tenant2