Jump to: navigation, search

Difference between revisions of "OpenStackClient/Commands"

Line 954: Line 954:
  
  
==== Gateway ====
+
==== ip floating ====
 
 
Note: change from net-gateway to gateway
 
  
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
! OSC Command !! Implemented !! !! Neutron command
+
! OSC Command !! Implemented !! !! Nova command
 
|-
 
|-
|<source lang="bash">
+
|
os gateway create
+
<source lang="bash">
     [--project <project>]
+
os ip floating add
    [--device <device>]
+
     <ip-address>
     <name>
+
     <server>
 
</source>
 
</source>
NOTE(dtroyer): consider changing the --device syntax to remove the embedded device_id=,interface_name=
+
|| yes
|| no || ||
+
|| ||
 
<source lang="bash">
 
<source lang="bash">
neutron net-gateway-create
+
nova add-floating-ip
     <name>
+
     <server>
     [--tenant-id TENANT_ID]
+
     <address>
    [--device DEVICE]
 
 
</source>
 
</source>
 
|-
 
|-
|<source lang="bash">
+
|
os gateway delete
+
<source lang="bash">
     <gateway>
+
os ip floating create
 +
     [<pool>]
 
</source>
 
</source>
|| no || ||
+
|| yes
 +
|| ||
 
<source lang="bash">
 
<source lang="bash">
neutron net-gateway-delete
+
nova floating-ip-create
     <gateway>
+
     [<floating_ip_pool>]
 
</source>
 
</source>
 
|-
 
|-
|<source lang="bash">
+
|
os gateway list
+
<source lang="bash">
     [--long]
+
os ip floating delete
 +
     <ip-address>
 
</source>
 
</source>
|| no || ||
+
|| yes
 +
|| ||
 
<source lang="bash">
 
<source lang="bash">
neutron net-gateway-list
+
nova floating-ip-delete
 +
    <address>
 
</source>
 
</source>
 
|-
 
|-
|<source lang="bash">
+
|
os gateway set
+
<source lang="bash">
    <gateway>
+
os ip floating list
 
</source>
 
</source>
|| no || ||
+
|| yes
 +
|| ||
 
<source lang="bash">
 
<source lang="bash">
neutron net-gateway-update
+
nova floating-ip-list
    <gateway>
 
 
</source>
 
</source>
 
|-
 
|-
|<source lang="bash">
+
|
os gateway show
 
    <gateway>
 
</source>
 
|| no || ||
 
 
<source lang="bash">
 
<source lang="bash">
neutron net-gateway-show
+
os ip floating remove
     <gateway>
+
    <ip-address>
 +
    <server>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
nova remove-floating-ip
 +
    <server>
 +
     <address>
 
</source>
 
</source>
 
|}
 
|}
  
  
==== ip floating ====
+
==== ip floating pool ====
 +
 
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 1,026: Line 1,033:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ip floating add
+
os ip floating pool list
    <ip-address>
 
    <server>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova add-floating-ip
+
nova floating-ip-pool-list
    <server>
 
    <address>
 
 
</source>
 
</source>
 +
|}
 +
 +
 +
==== keypair ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Nova command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ip floating create
+
os keypair create
     [<pool>]
+
     [--public-key <file>]
 +
    <name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova floating-ip-create
+
nova keypair-add
     [<floating_ip_pool>]
+
     [--pub_key <pub_key>]
 +
    <name>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ip floating delete
+
os keypair delete
     <ip-address>
+
     <name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova floating-ip-delete
+
nova keypair-delete
     <address>
+
     <name>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ip floating list
+
os keypair list
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova floating-ip-list
+
nova keypair-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ip floating remove
+
os keypair show
     <ip-address>
+
     [--public-key]
     <server>
+
     <name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
<source lang="bash">
 
nova remove-floating-ip
 
    <server>
 
    <address>
 
</source>
 
 
|}
 
|}
  
  
==== ip floating pool ====
+
==== limits ====
 +
 
 +
See [[#limits|limits]] in the [[#Cross_API|cross API section]].
 +
 
 +
 
 +
==== quota ====
 +
 
 +
See [[#quota|quota]] in the [[#Cross_API|cross API section]].
 +
 
  
 +
==== secgroup ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 1,097: Line 1,114:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ip floating pool list
+
os secgroup add
 +
 
 +
(see server add secgroup)
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova floating-ip-pool-list
+
nova add-secgroup
 +
    <server>
 +
    <secgroup>
 
</source>
 
</source>
|}
 
 
 
==== keypair ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Nova command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os keypair create
+
os secgroup create
     [--public-key <file>]
+
     [--description <description>]
 
     <name>
 
     <name>
 
</source>
 
</source>
Line 1,122: Line 1,135:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova keypair-add
+
nova secgroup-create
    [--pub_key <pub_key>]
 
 
     <name>
 
     <name>
 +
    <description>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os keypair delete
+
os secgroup delete
     <name>
+
     <group>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova keypair-delete
+
nova secgroup-delete
     <name>
+
     <secgroup>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os keypair list
+
os secgroup list
 +
    [--all-projects]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova keypair-list
+
nova secgroup-list
 +
    [--all-tenants [<0|1>]]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os keypair show
+
os secgroup remove
    [--public-key]
 
    <name>
 
</source>
 
|| yes
 
|| ||
 
|}
 
  
 
+
(see server remove secgroup)
==== limits ====
 
 
 
See [[#limits|limits]] in the [[#Cross_API|cross API section]].
 
 
 
 
 
==== quota ====
 
 
 
See [[#quota|quota]] in the [[#Cross_API|cross API section]].
 
 
 
 
 
==== secgroup ====
 
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Nova command
 
|-
 
|
 
<source lang="bash">
 
os secgroup add
 
 
 
(see server add secgroup)
 
 
</source>
 
</source>
 
|| no
 
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova add-secgroup
+
nova remove-secgroup
 
     <server>
 
     <server>
 
     <secgroup>
 
     <secgroup>
Line 1,192: Line 1,180:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup create
+
os secgroup set
     [--description <description>]
+
    [--name <new-name>]
     <name>
+
     [--description [<new-description>]
 +
     <group>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-create
+
nova secgroup-update
 +
    <secgroup>
 
     <name>
 
     <name>
 
     <description>
 
     <description>
Line 1,206: Line 1,196:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup delete
+
os secgroup show
 
     <group>
 
     <group>
 
</source>
 
</source>
Line 1,212: Line 1,202:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-delete
+
n/a
    <secgroup>
 
 
</source>
 
</source>
 +
|}
 +
 +
==== secgroup-group-rule ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Nova command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup list
+
os secgroup group rule create
     [--all-projects]
+
     [--proto <protocol>]
 +
    [--port <port>:<port>]
 +
    <source-group>
 +
    <secgroup>
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-list
+
nova secgroup-add-group-rule
    [--all-tenants [<0|1>]]
+
    [--ip_proto <ip_proto>]
 +
    [--from_port <from_port>]
 +
    [--to_port <to_port>]
 +
    <secgroup>
 +
    <source_group>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup remove
+
os secgroup group rule delete
 
+
    [--proto <protocol>]
(see server remove secgroup)
+
    [--port <port>:<port>]
 +
    <source-group>
 +
    <secgroup>
 
</source>
 
</source>
 
|| no
 
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova remove-secgroup
+
nova secgroup-delete-group-rule
     <server>
+
    [--ip_proto <ip_proto>]
 +
    [--from_port <from_port>]
 +
     [--to_port <to_port>]
 
     <secgroup>
 
     <secgroup>
 +
    <source_group>
 
</source>
 
</source>
 +
|}
 +
 +
==== secgroup-rule ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Nova command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup set
+
os secgroup rule create
     [--name <new-name>]
+
     [--proto <proto>]
     [--description [<new-description>]
+
    [--src-ip <ip-address>]
 +
     [--dst-port <port-range>]
 
     <group>
 
     <group>
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-update
+
nova secgroup-add-rule
 
     <secgroup>
 
     <secgroup>
     <name>
+
     <ip_proto>
     <description>
+
     <from_port>
 +
    <to_port>
 +
    <cidr>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup show
+
os secgroup rule delete
 +
    [--proto <proto>]
 +
    [--src-ip <ip-address>]
 +
    [--dst-port <port-range>]
 +
    <group>
 +
</source>
 +
|| no
 +
|| ||
 +
<source lang="bash">
 +
nova secgroup-delete-rule
 +
    <secgroup>
 +
    <ip_proto>
 +
    <from_port>
 +
    <to_port>
 +
    <cidr>
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os secgroup rule list
 
     <group>
 
     <group>
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
n/a
+
nova secgroup-list-rules
 +
    <secgroup>
 
</source>
 
</source>
 
|}
 
|}
  
==== secgroup-group-rule ====
+
====server====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 1,278: Line 1,316:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup group rule create
+
os server add secgroup
    [--proto <protocol>]
+
     <server>
     [--port <port>:<port>]
+
     <group>
     <source-group>
 
    <secgroup>
 
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-add-group-rule
+
nova add-secgroup
    [--ip_proto <ip_proto>]
+
     <server>
     [--from_port <from_port>]
 
    [--to_port <to_port>]
 
 
     <secgroup>
 
     <secgroup>
    <source_group>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup group rule delete
+
os server add volume
     [--proto <protocol>]
+
     [--device <device>]
     [--port <port>:<port>]
+
     <server>
    <source-group>
+
     <volume>
     <secgroup>
 
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-delete-group-rule
+
nova volume-attach
    [--ip_proto <ip_proto>]
+
     <server>
    [--from_port <from_port>]
+
     <volume>
     [--to_port <to_port>]
+
     <device>
     <secgroup>
 
     <source_group>
 
 
</source>
 
</source>
|}
 
 
==== secgroup-rule ====
 
 
{| class="wikitable"
 
 
|-
 
|-
! OSC Command !! Implemented !! !! Nova command
+
|
|-
 
|
 
 
<source lang="bash">
 
<source lang="bash">
os secgroup rule create
+
os server create
     [--proto <proto>]
+
    --image <image>
     [--src-ip <ip-address>]
+
    --flavor <flavor>
     [--dst-port <port-range>]
+
    [--security-group <security-group-list> [...] ]
     <group>
+
    [--key-name <key-name>]
 +
    [--meta-data <key=value> [...] ]
 +
    [--file <dest-filename=source-filename>] [...] ]
 +
    [--user-data <user-data>]
 +
    [--availability-zone <zone-name>]
 +
     [--block-device-mapping <dev-name=mapping> [...] ]
 +
     [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr> [...] ]
 +
     [--hint <key=value> [...] ]
 +
    [--config-drive <value>|True ]
 +
    [--min <count>]
 +
     [--max <count>]
 +
    [--wait]
 +
    <server-name>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-add-rule
+
nova boot
     <secgroup>
+
    [--flavor <flavor>]
     <ip_proto>
+
    [--image <image>]
     <from_port>
+
    [--meta <key=value>]
     <to_port>
+
    [--file <dst-path=src-path>]
     <cidr>
+
    [--key_name <key_name>]
 +
    [--user_data <user-data>]
 +
     [--availability_zone <availability-zone>]
 +
    [--security_groups <security_groups>]
 +
    [--block_device_mapping <dev_name=mapping>]
 +
     [--hint <key=value>]
 +
     [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>]
 +
     [--config-drive <value>]
 +
    [--poll]
 +
     <name>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup rule delete
+
os server delete
     [--proto <proto>]
+
     <server>
    [--src-ip <ip-address>]
 
    [--dst-port <port-range>]
 
    <group>
 
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-delete-rule
+
nova delete
     <secgroup>
+
     <server>
    <ip_proto>
 
    <from_port>
 
    <to_port>
 
    <cidr>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os secgroup rule list
+
os server image create
     <group>
+
     [--name <image-name>]
 +
    [--wait]
 +
    <server>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova secgroup-list-rules
+
nova image-create
     <secgroup>
+
    [--poll]
 +
    <server>
 +
     <name>
 
</source>
 
</source>
|}
 
 
====server====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Nova command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server add secgroup
+
os server list
     <server>
+
     [--reservation-id <reservation-id>]
     <group>
+
     [--ip <ip-regex>]
 +
    [--ip6 <ip6-regex>]
 +
    [--name <name-regex>]
 +
    [--instance-name <instance-name-regex>]
 +
    [--status <status>]
 +
    [--flavor <flavor>]
 +
    [--image <image>]
 +
    [--host <hostname>]
 +
    [--all-tenants]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova add-secgroup
+
nova list
     <server>
+
    [--reservation_id <reservation_id>]
     <secgroup>
+
     [--ip <ip_regexp>]
</source>
+
     [--ip6 <ip6_regexp>]
|-
+
    [--name <name_regexp>]
 +
    [--instance_name <name_regexp>]
 +
    [--status <status>]
 +
    [--flavor <flavor>] [--image <image>]
 +
    [--host <hostname>]
 +
    [--all_tenants [<0|1>]]
 +
</source>
 +
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server add volume
+
os server lock
    [--device <device>]
 
 
     <server>
 
     <server>
    <volume>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova volume-attach
+
nova lock
 
     <server>
 
     <server>
    <volume>
 
    <device>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server create
+
os server migrate
    --image <image>
 
    --flavor <flavor>
 
    [--security-group <security-group-list> [...] ]
 
    [--key-name <key-name>]
 
    [--meta-data <key=value> [...] ]
 
    [--file <dest-filename=source-filename>] [...] ]
 
    [--user-data <user-data>]
 
    [--availability-zone <zone-name>]
 
    [--block-device-mapping <dev-name=mapping> [...] ]
 
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr> [...] ]
 
    [--hint <key=value> [...] ]
 
    [--config-drive <value>|True ]
 
    [--min <count>]
 
    [--max <count>]
 
 
     [--wait]
 
     [--wait]
     <server-name>
+
     <server>
</source>
+
 
|| yes
+
os server migrate
 +
    --live <host>
 +
    [--shared-migration | --block-migration]
 +
    [--disk-overcommit | --no-disk-overcommit]
 +
    [--wait]
 +
    <server>
 +
</source>
 +
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova boot
+
nova migrate
    [--flavor <flavor>]
 
    [--image <image>]
 
    [--meta <key=value>]
 
    [--file <dst-path=src-path>]
 
    [--key_name <key_name>]
 
    [--user_data <user-data>]
 
    [--availability_zone <availability-zone>]
 
    [--security_groups <security_groups>]
 
    [--block_device_mapping <dev_name=mapping>]
 
    [--hint <key=value>]
 
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>]
 
    [--config-drive <value>]
 
 
     [--poll]
 
     [--poll]
     <name>
+
     <server>
 +
 
 +
nova live-migration
 +
    [--block_migrate]
 +
    [--disk_over_commit]
 +
    <server>
 +
<host>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server delete
+
os server pause
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,456: Line 1,488:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova delete
+
nova pause
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,462: Line 1,494:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server image create
+
os server reboot
     [--name <image-name>]
+
     [--hard | --soft]
 
     [--wait]
 
     [--wait]
 
     <server>
 
     <server>
Line 1,470: Line 1,502:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova image-create
+
nova reboot
 +
    [--hard]
 
     [--poll]
 
     [--poll]
 
     <server>
 
     <server>
    <name>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server list
+
os server rebuild
     [--reservation-id <reservation-id>]
+
     --image <image>
    [--ip <ip-regex>]
+
     [--password <password>]  
    [--ip6 <ip6-regex>]
+
     [--wait]
     [--name <name-regex>]
+
     <server>
     [--instance-name <instance-name-regex>]  
 
     [--status <status>]
 
    [--flavor <flavor>]
 
    [--image <image>]
 
    [--host <hostname>]
 
    [--all-tenants]
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova list
+
nova rebuild
     [--reservation_id <reservation_id>]  
+
     [--rebuild_password <rebuild_password>]  
     [--ip <ip_regexp>]
+
     [--poll]
    [--ip6 <ip6_regexp>]
+
     <server>
    [--name <name_regexp>]
+
     <image>
     [--instance_name <name_regexp>]
 
     [--status <status>]
 
    [--flavor <flavor>] [--image <image>]
 
    [--host <hostname>]
 
    [--all_tenants [<0|1>]]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server lock
+
os server remove secgroup
 
     <server>
 
     <server>
 +
    <group>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova lock
+
nova remove-secgroup
 
     <server>
 
     <server>
 +
    <secgroup>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server migrate
+
os server remove volume
    [--wait]
 
    <server>
 
 
 
os server migrate
 
    --live <host>
 
    [--shared-migration | --block-migration]
 
    [--disk-overcommit | --no-disk-overcommit]
 
    [--wait]
 
 
     <server>
 
     <server>
 +
    <volume>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova migrate
+
nova volume-detach
    [--poll]
 
 
     <server>
 
     <server>
 
+
     <volume>
nova live-migration
 
     [--block_migrate]
 
    [--disk_over_commit]
 
    <server>
 
<host>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server pause
+
os server rescue
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,552: Line 1,562:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova pause
+
nova rescue
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,558: Line 1,568:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server reboot
+
os server resize
     [--hard | --soft]
+
     --flavor <flavor>
 
     [--wait]
 
     [--wait]
 
     <server>
 
     <server>
</source>
+
 
|| yes
+
os server resize
 +
    --confirm
 +
    <server>
 +
 
 +
os server resize
 +
    --revert
 +
    <server>
 +
</source>
 +
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova reboot
+
nova resize
    [--hard]
 
 
     [--poll]
 
     [--poll]
 +
    <server>
 +
    <flavor>
 +
 +
nova resize-confirm
 +
    <server>
 +
 +
nova resize-revert
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,574: Line 1,598:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server rebuild
+
os server resume
    --image <image>
 
    [--password <password>]
 
    [--wait]
 
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,583: Line 1,604:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova rebuild
+
nova resume
    [--rebuild_password <rebuild_password>]
 
    [--poll]
 
 
     <server>
 
     <server>
    <image>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server remove secgroup
+
os server set
 +
    --name <new-name>
 +
    --property <key=value>
 +
    [--property <key=value>] ...
 +
    --root-password
 
     <server>
 
     <server>
    <group>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova remove-secgroup
+
nova meta
 +
    <server>
 +
    <action>
 +
    <key=value>
 +
    [<key=value> ...]
 +
 
 +
nova rename
 +
    <server>
 +
    <name>
 +
 
 +
nova root-password
 
     <server>
 
     <server>
    <secgroup>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server remove volume
+
os server show
 
     <server>
 
     <server>
    <volume>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova volume-detach
+
nova show
 
     <server>
 
     <server>
    <volume>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server rescue
+
os server ssh
 +
    [--login <login-name>]
 +
    [--port <port>]
 +
    [--identity <keyfile>]
 +
    [--option <config-options>]
 +
    [-4 | -6]
 +
    [--private | --public | --address-type <address-type>]
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,626: Line 1,660:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova rescue
+
nova ssh
 +
    [--port PORT]
 +
    [--private]
 +
    [--ipv6]
 +
    [--login <login>]
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,632: Line 1,670:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server resize
+
os server suspend
    --flavor <flavor>
 
    [--wait]
 
 
     <server>
 
     <server>
 
+
</source>
os server resize
+
|| yes
    --confirm
+
|| ||
 +
<source lang="bash">
 +
nova suspend
 
     <server>
 
     <server>
 
+
</source>
os server resize
+
|-
    --revert
+
|
 +
<source lang="bash">
 +
os server unlock
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,648: Line 1,688:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova resize
+
nova unlock
    [--poll]
 
    <server>
 
    <flavor>
 
 
 
nova resize-confirm
 
    <server>
 
 
 
nova resize-revert
 
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,662: Line 1,694:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server resume
+
os server unpause
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,668: Line 1,700:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova resume
+
nova unpause
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,674: Line 1,706:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server set
+
os server unrescue
    --name <new-name>
 
    --property <key=value>
 
    [--property <key=value>] ...
 
    --root-password
 
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,684: Line 1,712:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova meta
+
nova unrescue
 
     <server>
 
     <server>
    <action>
+
</source>
    <key=value>
 
    [<key=value> ...]
 
 
 
nova rename
 
    <server>
 
    <name>
 
 
 
nova root-password
 
    <server>
 
</source>
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server show
+
os unset server
 +
    --property <key>
 +
    [--property <key>] ...
 
     <server>
 
     <server>
 
</source>
 
</source>
Line 1,706: Line 1,726:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova show
+
nova meta
 
     <server>
 
     <server>
 +
    <action>
 +
    <key=value>
 +
    [<key=value> ...]
 
</source>
 
</source>
 +
|}
 +
 +
==== usage ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Nova command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server ssh
+
os usage list
     [--login <login-name>]
+
     [--start <start>]
    [--port <port>]
+
     [--end <end>]
    [--identity <keyfile>]
 
    [--option <config-options>]
 
     [-4 | -6]
 
    [--private | --public | --address-type <address-type>]
 
    <server>
 
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova ssh
+
nova usage-list
    [--port PORT]
+
     [--start <start>]
     [--private]
+
     [--end <end>]
     [--ipv6]
 
    [--login <login>]
 
    <server>
 
 
</source>
 
</source>
|-
+
|}
|
+
 
<source lang="bash">
+
 
os server suspend
+
==== x509-cert ====
    <server>
+
 
</source>
+
See [[#credentials|credentials]] in the [[#Cross_API|cross API section]].
|| yes
+
 
|| ||
+
==== x509-root-cert ====
<source lang="bash">
+
 
nova suspend
+
See [[#credentials|credentials]] in the [[#Cross_API|cross API section]].
    <server>
+
 
</source>
+
== Identity ==
|-
+
 
 +
{| class="wikitable"
 +
|-
 +
! OSC Option !!  Environment Variable !!  !!  Keystone Option !!  Environment Variable
 +
|-
 +
| --os-identity-api-version <ver> || OS_IDENTITY_API_VERSION ||  || --os-identity-api-version <ver> || OS_IDENTITY_API_VERSION
 +
|-
 +
| --os-token <token> || OS_TOKEN || || --os-token <token> || OS_SERVICE_TOKEN
 +
|-
 +
| --os-url <url> || OS_URL || || --os-endpoint <url> || OS_SERVICE_ENDPOINT
 +
|-
 +
|  ||  || || --os-cert <file> || OS_CERT
 +
|-
 +
|  ||  || || --os-key <key-file> || OS_KEY
 +
|-
 +
| ||  || || --os-cache || OS_CACHE
 +
|-
 +
|  ||  || || --force-new-token ||
 +
|-
 +
|  ||  || || --stale-duration <seconds> ||
 +
|-
 +
|}
 +
 
 +
=== API v2.0 ===
 +
 
 +
==== catalog ====
 +
 
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 +
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server unlock
+
os catalog show
     <server>
+
     [--service <service>]
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova unlock
+
keystone catalog
     <server>
+
     [--service <service-type>]
 
</source>
 
</source>
 +
|}
 +
 +
==== ec2 credentials ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server unpause
+
os ec2 credentials create
     <server>
+
     [--project <project>]
 +
    [--user <user>]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova unpause
+
keystone ec2-credentials-create
     <server>
+
     [--user <user-id>]
 +
    [--tenant_id <tenant-id>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os server unrescue
+
os ec2 credentials delete
     <server>
+
     [--user <user>]
 +
    <access-key>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova unrescue
+
keystone ec2-credentials-delete
     <server>
+
     [--user <user-id>]
 +
    --access <access-key>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os unset server
+
os ec2 credentials list
    --property <key>
+
     [--user <user>]
     [--property <key>] ...
 
    <server>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova meta
+
keystone ec2-credentials-list
     <server>
+
     [--user <user-id>]
     <action>
+
</source>
     <key=value>
+
|-
     [<key=value> ...]
+
|
 +
<source lang="bash">
 +
os ec2 credentials show
 +
     [--user <user>]
 +
     <access-key>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
keystone ec2-credentials-get
 +
     [--user <user-id>]
 +
    --access <access-key>
 
</source>
 
</source>
 
|}
 
|}
  
==== usage ====
+
==== endpoint ====
  
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
! OSC Command !! Implemented !! !! Nova command
+
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os usage list
+
os endpoint create
     [--start <start>]
+
    --publicurl <public-url>
     [--end <end>]
+
    [--adminurl <admin-url>]
 +
     [--internalurl <internal-url>]
 +
     [--region <endpoint-region>]
 +
    <service>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
nova usage-list
+
keystone endpoint-create
     [--start <start>]
+
    [--region <endpoint-region>]
     [--end <end>]
+
    [--service_id <service-id>]
 +
    [--publicurl <public-url>]
 +
     [--adminurl <admin-url>]
 +
     [--internalurl <internal-url>]
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os endpoint delete
 +
    <endpoint-id>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
keystone endpoint-delete
 +
    <endpoint-id>
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os endpoint list
 +
    [--long]
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
keystone endpoint-list
 
</source>
 
</source>
|}
 
 
 
==== x509-cert ====
 
 
See [[#credentials|credentials]] in the [[#Cross_API|cross API section]].
 
 
==== x509-root-cert ====
 
 
See [[#credentials|credentials]] in the [[#Cross_API|cross API section]].
 
 
== Identity ==
 
 
{| class="wikitable"
 
|-
 
! OSC Option !!  Environment Variable !!  !!  Keystone Option !!  Environment Variable
 
|-
 
| --os-identity-api-version <ver> || OS_IDENTITY_API_VERSION ||  || --os-identity-api-version <ver> || OS_IDENTITY_API_VERSION
 
|-
 
| --os-token <token> || OS_TOKEN || || --os-token <token> || OS_SERVICE_TOKEN
 
|-
 
| --os-url <url> || OS_URL || || --os-endpoint <url> || OS_SERVICE_ENDPOINT
 
|-
 
|  ||  || || --os-cert <file> || OS_CERT
 
|-
 
|  ||  || || --os-key <key-file> || OS_KEY
 
|-
 
|  ||  || || --os-cache || OS_CACHE
 
|-
 
|  ||  || || --force-new-token ||
 
|-
 
|  ||  || || --stale-duration <seconds> ||
 
|-
 
|}
 
 
=== API v2.0 ===
 
 
==== catalog ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os catalog show
+
os endpoint show
     [--service <service>]
+
     [--type <endpoint-type>]
 +
    [--attr <endpoint-attribute>]
 +
    [--value <endpoint-value>]
 +
    [--all]
 +
    <service-type>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone catalog
+
keystone endpoint-get
     [--service <service-type>]
+
     --service <service-type>
 +
    [--endpoint_type <endpoint-type>]
 +
    [--attr <service-attribute>]
 +
    [--value <value>]
 
</source>
 
</source>
 
|}
 
|}
  
==== ec2 credentials ====
+
==== project ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 1,881: Line 1,947:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ec2 credentials create
+
os project create
     [--project <project>]
+
     [--description <description>]
     [--user <user>]
+
     [--enable | --disable]
 +
    <project-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone ec2-credentials-create
+
keystone tenant-create
     [--user <user-id>]  
+
    --name <tenant-name>
     [--tenant_id <tenant-id>]
+
     [--description <tenant-description>]
 +
     [--enabled <true|false>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ec2 credentials delete
+
os project delete
     [--user <user>]
+
     <project>
    <access-key>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone ec2-credentials-delete
+
keystone tenant-delete
     [--user <user-id>]
+
     <tenant>
    --access <access-key>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ec2 credentials list
+
os project list
     [--user <user>]
+
     [--long]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone ec2-credentials-list
+
keystone tenant-list
    [--user <user-id>]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os ec2 credentials show
+
os project set
     [--user <user>]
+
     [--name <new-project-name>]
     <access-key>
+
     [--description <new-project-description>]
 +
    [--enable | --disable]
 +
    <project>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone ec2-credentials-get
+
keystone tenant-update
     [--user <user-id>]  
+
    [--name <tenant_name>]
     --access <access-key>
+
     [--description <tenant-description>]
 +
     [--enabled <true|false>]
 +
    <tenant-id>
 
</source>
 
</source>
|}
 
 
==== endpoint ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint create
+
os project show
     --publicurl <public-url>
+
     <project>
    [--adminurl <admin-url>]
 
    [--internalurl <internal-url>]
 
    [--region <endpoint-region>]
 
    <service>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone endpoint-create
+
keystone tenant-get
     [--region <endpoint-region>]
+
     <tenant-id>
    [--service_id <service-id>]
 
    [--publicurl <public-url>]
 
    [--adminurl <admin-url>]
 
    [--internalurl <internal-url>]
 
 
</source>
 
</source>
 +
|}
 +
 +
==== role ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint delete
+
os role create
     <endpoint-id>
+
     <role-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone endpoint-delete
+
keystone role-create --name
     <endpoint-id>
+
     <role-name>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint list
+
os role delete
     [--long]
+
     <role>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone endpoint-list
+
keystone role-delete
 +
    <role-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint show
+
os role list
    [--type <endpoint-type>]
+
</source>
    [--attr <endpoint-attribute>]
+
|| yes
    [--value <endpoint-value>]
+
|| ||
    [--all]
+
<source lang="bash">
     <service-type>
+
keystone role-list
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os role show
 +
     <role>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone endpoint-get
+
keystone role-get
     --service <service-type>
+
     <role-id>
    [--endpoint_type <endpoint-type>]
 
    [--attr <service-attribute>]
 
    [--value <value>]
 
 
</source>
 
</source>
 
|}
 
|}
  
==== project ====
+
==== service ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,011: Line 2,076:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project create
+
os service create
     [--description <description>]
+
     [--type <service-type>]
     [--enable | --disable]
+
     [--description <service-description>]
     <project-name>
+
     <service-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone tenant-create
+
keystone service-create
     --name <tenant-name>
+
     --name <name>  
     [--description <tenant-description>]
+
     --type <type>
     [--enabled <true|false>]
+
     [--description <service-description>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project delete
+
os service delete
     <project>
+
     <service>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone tenant-delete
+
keystone service-delete
     <tenant>
+
     <service-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project list
+
os service list
 
     [--long]
 
     [--long]
 
</source>
 
</source>
Line 2,045: Line 2,110:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone tenant-list
+
keystone service-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project set
+
os service show
     [--name <new-project-name>]
+
     [--catalog]
    [--description <new-project-description>]
+
     <service>
    [--enable | --disable]
 
     <project>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone tenant-update
+
keystone service-get
    [--name <tenant_name>]
+
     <service-id>
    [--description <tenant-description>]
 
    [--enabled <true|false>]
 
     <tenant-id>
 
 
</source>
 
</source>
 +
|}
 +
 +
==== token ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project show
+
os token show
     <project>
+
     [--width <token-display-width>]
 
</source>
 
</source>
|| yes
+
|| ??
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone tenant-get
+
keystone token-get [--wrap <integer>]
    <tenant-id>
 
 
</source>
 
</source>
 
|}
 
|}
  
==== role ====
+
==== user ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,087: Line 2,153:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role create
+
os user create
     <role-name>
+
     [--password <user-password>]
 +
    [--email <user-email>]
 +
    [--tenant <tenant>]
 +
    [--enable | --disable]
 +
    <user-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone role-create --name
+
keystone user-create
     <role-name>
+
    --name <user-name>
 +
     [--tenant_id <tenant-id>]
 +
    [--pass <pass>]
 +
    [--email <email>]
 +
    [--enabled <true|false>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role delete
+
os user delete
     <role>
+
     <user>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone role-delete
+
keystone user-delete
     <role-id>
+
     <user-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role list
+
os user list
 +
    [--tenant <tenant>]
 +
    [--long]
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
keystone user-list
 +
    [<tenant-id>]
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os user set
 +
    [--name <new-user-name>]
 +
    [--password <user-password>]
 +
    [--email <user-email>]
 +
    [--tenant <tenant>]
 +
    [--enable|--disable]
 +
    <user>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone role-list
+
keystone user-password-update
 +
    --pass <password>
 +
    <user-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role show
+
os user show
     <role>
+
     <user>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone role-get
+
keystone user-get
     <role-id>
+
     <user-id>
 
</source>
 
</source>
 
|}
 
|}
  
==== service ====
+
==== user role ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,140: Line 2,235:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os service create
+
os user role add
     [--type <service-type>]
+
     [--tenant <tenant>]
     [--description <service-description>]
+
     <user>
     <service-name>
+
     <role>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-create
+
keystone user-role-add
     --name <name>  
+
     --user <user-id>
     --type <type>
+
     --role <role-id>
     [--description <service-description>]
+
     [--tenant_id <tenant-id>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os service delete
+
os user role list
     <service>
+
     [--tenant <tenant>]
 +
    [<user>]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-delete
+
keystone user-role-list
     <service-id>
+
     [--user <user-id>]
 +
    [--tenant_id <tenant-id>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os service list
+
os user role remove
     [--long]
+
     [--tenant <tenant>]
 +
    <user>
 +
    <role>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-list
+
keystone user-role-remove
 +
    --user <user-id>
 +
    --role <role-id>
 +
    [--tenant_id <tenant-id>]
 
</source>
 
</source>
|-
+
|}
|
+
 
 +
==== <other> ====
 +
 
 +
These keystone commands are not planned for re-implementation in OpenStackClient
 +
 
 
<source lang="bash">
 
<source lang="bash">
os service show
+
keystone bootstrap
    [--catalog]
+
        --pass <password>
    <service>
+
        [--user-name <user-name>]
 +
        [--role-name <role-name>]
 +
        [--tenant-name <tenant-name>]
 
</source>
 
</source>
|| yes
+
 
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
keystone service-get
+
keystone discover
    <service-id>
 
 
</source>
 
</source>
|}
 
  
==== token ====
+
=== API v3 ===
 +
 
 +
==== credential ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,199: Line 2,306:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os token show
+
os credential create
     [--width <token-display-width>]
+
     [--project <project>]
 +
    [--type ec2|cert]
 +
    <user>
 +
    <data>
 
</source>
 
</source>
|| ??
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone token-get [--wrap <integer>]
+
keystone credential-create
</source>
+
    --user_id <user-id>
|}
+
    --type <credential-type>
 
+
    --data <credential-data>
==== user ====
+
    [--project_id <project-id>]
 
+
</source>
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user create
+
os credential delete
    [--password <user-password>]
+
     <credential-id>
    [--email <user-email>]
 
    [--tenant <tenant>]
 
    [--enable | --disable]
 
     <user-name>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-create
+
keystone credential-delete
     --name <user-name>
+
     <credential-id>
    [--tenant_id <tenant-id>]
 
    [--pass <pass>]
 
    [--email <email>]
 
    [--enabled <true|false>]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user delete
+
os credential list
    <user>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-delete
+
keystone credential-list
    <user-id>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user list
+
os credential set
     [--tenant <tenant>]
+
    [--user <user>]
     [--long]
+
    [--type ec2|cert]
 +
     [--data <data>]
 +
     [--project <project>]
 +
    <credential-id>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-list
+
keystone credential-update
     [<tenant-id>]
+
    [--user <user>]
 +
    [--type <type>]
 +
     [--data <data>]
 +
    [--project <project>]
 +
    <credential-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user set
+
os credential show
     [--name <new-user-name>]
+
     <credential-id>
    [--password <user-password>]
 
    [--email <user-email>]
 
    [--tenant <tenant>]
 
    [--enable|--disable]
 
    <user>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-password-update
+
keystone credential-get
    --pass <password>
+
     <credential-id>
     <user-id>
 
 
</source>
 
</source>
 +
|}
 +
 +
==== domain ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user show
+
os domain create
     <user>
+
     [--description <domain-description>]
 +
    [--enable | --disable]
 +
    <domain-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-get
+
keystone domain-create
     <user-id>
+
     --name <domain-name>
 +
    [--description <domain-description>]
 +
    [--enabled <true|false>]
 +
    [--private_project_names <true|false>]
 +
    [--private_user_names <true|false>]
 
</source>
 
</source>
|}
 
 
==== user role ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user role add
+
os domain delete
     [--tenant <tenant>]
+
     <domain>
    <user>
 
    <role>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-role-add
+
keystone domain-delete
    --user <user-id>
+
     <domain-id>
     --role <role-id>
 
    [--tenant_id <tenant-id>]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user role list
+
os domain list
    [--tenant <tenant>]
 
    [<user>]
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-role-list
+
keystone domain-list
     [--user <user-id>]
+
</source>
     [--tenant_id <tenant-id>]
+
|-
 +
|
 +
<source lang="bash">
 +
os domain set
 +
    [--name <new-domain-name>]
 +
    [--description <new-domain-description>]
 +
    [--enable | --disable]
 +
    <domain>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
keystone domain-update
 +
    [--name <domain_name>]
 +
    [--description <domain-description>]
 +
     [--enabled <true|false>]
 +
    [--private_project_names <true|false>]
 +
     [--private_user_names <true|false>]
 +
    <domain-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user role remove
+
os domain show
     [--tenant <tenant>]
+
     <domain>
    <user>
 
    <role>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-role-remove
+
keystone domain-get
    --user <user-id>
+
     <domain-id>
     --role <role-id>
 
    [--tenant_id <tenant-id>]
 
 
</source>
 
</source>
 
|}
 
|}
  
==== <other> ====
+
==== endpoint ====
  
These keystone commands are not planned for re-implementation in OpenStackClient
+
{| class="wikitable"
 
 
<source lang="bash">
 
keystone bootstrap
 
        --pass <password>
 
        [--user-name <user-name>]
 
        [--role-name <role-name>]
 
        [--tenant-name <tenant-name>]
 
</source>
 
 
 
<source lang="bash">
 
keystone discover
 
</source>
 
 
 
=== API v3 ===
 
 
 
==== credential ====
 
 
 
{| class="wikitable"
 
 
|-
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
! OSC Command !! Implemented !! !! Keystone command
Line 2,370: Line 2,464:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os credential create
+
os endpoint create
     [--project <project>]
+
     [--region <endpoint-region>
     [--type ec2|cert]
+
     [--enable | --disable]
     <user>
+
     <service>
     <data>
+
    <interface admin|public|internal>
 +
     <url>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone credential-create
+
keystone endpoint-create  
     --user_id <user-id>
+
     [--region <endpoint-region>
     --type <credential-type>
+
     [--enable | --disable]
     --data <credential-data>
+
    <service_id>
     [--project_id <project-id>]
+
     <interface admin|public|internal>
 +
     <url>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os credential delete
+
os endpoint delete
     <credential-id>
+
     <endpoint-id>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone credential-delete
 
    <credential-id>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os credential list
+
os endpoint list
 +
    [--long]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone credential-list
+
keystone endpoint-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os credential set
+
os endpoint set
     [--user <user>]
+
     [--interface <endpoint-interface>]
     [--type ec2|cert]
+
     [--url <endpoint-url>]
     [--data <data>]
+
     [--service <service-id>]
     [--project <project>]
+
     [--region <endpoint-region>]
     <credential-id>
+
    [--enable | --disable]
 +
     <endpoint>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone credential-update
+
keystone endpoint-set
     [--user <user>]
+
     [--interface <endpoint-interface>]
     [--type <type>]
+
     [--url <endpoint-url>]
     [--data <data>]
+
     [--service <service-id>]
     [--project <project>]
+
     [--region <endpoint-region>]
     <credential-id>
+
    [--enable | --disable]
 +
     <endpoint>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os credential show
+
os endpoint show
     <credential-id>
+
     <endpoint>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone credential-get
+
keystone endpoint-get  
     <credential-id>
+
     <endpoint>
 
</source>
 
</source>
 
|}
 
|}
  
==== domain ====
+
==== group ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,449: Line 2,546:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os domain create
+
os group create
     [--description <domain-description>]
+
     [--domain <domain>]
     [--enable | --disable]
+
     [--description <group-description>]
     <domain-name>
+
     <group-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone domain-create
+
keystone group-create
     --name <domain-name>
+
     --name <group-name>
     [--description <domain-description>]
+
     [--domain_id <domain-id>]
     [--enabled <true|false>]
+
     [--description <group-description>]
    [--private_project_names <true|false>]
 
    [--private_user_names <true|false>]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os domain delete
+
os group delete
     <domain>
+
     <group>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone domain-delete
+
keystone group-delete
     <domain-id>
+
     <group-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os domain list
+
os group list
 +
    [--long]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone domain-list
+
keystone group-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os domain set
+
os group set
     [--name <new-domain-name>]
+
     [--name <new-group-name>]
     [--description <new-domain-description>]
+
     [--domain <domain>]
     [--enable | --disable]
+
     [--description <new-group-description>]
     <domain>
+
     <group>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone domain-update
+
keystone group-update
     [--name <domain_name>]
+
     [--name <group_name>]
     [--description <domain-description>]
+
     [--domain_id <domain-id>]
     [--enabled <true|false>]
+
     [--description <group-description>]
    [--private_project_names <true|false>]
+
     <group-id>
    [--private_user_names <true|false>]
 
     <domain-id>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os domain show
+
os group show
     <domain>
+
     <group>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone domain-get
+
keystone group-get
     <domain-id>
+
     <group-id>
 
</source>
 
</source>
 
|}
 
|}
  
==== endpoint ====
+
==== oauth ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,528: Line 2,622:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint create
+
os oauth request token create
     [--region <endpoint-region>
+
     --consumer-key <consumer-key>
     [--enable | --disable]
+
     --consumer-secret <consumer-secret>
    <service>
+
     --roles <requested-roles>
     <interface admin|public|internal>
 
    <url>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 +
n /a
 +
|-
 +
|
 
<source lang="bash">
 
<source lang="bash">
keystone endpoint-create
+
os oauth request token authorize
     [--region <endpoint-region>
+
     --request-key <request-key>
     [--enable | --disable]
+
     --roles <requested-roles>
    <service_id>
 
    <interface admin|public|internal>
 
    <url>
 
 
</source>
 
</source>
 +
|| yes
 +
|| ||
 +
n /a
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint delete
+
os oauth access token create
     <endpoint-id>
+
     --consumer-key <consumer-key>
 +
    --consumer-secret <consumer-secret>
 +
    --request-key <request-key>
 +
    --request-secret <request-secret>
 +
    --verifier <pin>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
 +
n/a
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint list
+
os oauth access token authenticate
     [--long]
+
     --consumer-key <consumer-key>
 +
    --consumer-secret <consumer-secret>
 +
    --access-key <access-key>
 +
    --access-secret <access-secret>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
<source lang="bash">
+
n /a
keystone endpoint-list
 
</source>
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint set
+
os oauth authorization list
     [--interface <endpoint-interface>]
+
     user <user>
    [--url <endpoint-url>]
 
    [--service <service-id>]
 
    [--region <endpoint-region>]
 
    [--enable | --disable]
 
    <endpoint>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
<source lang="bash">
+
n /a
keystone endpoint-set
 
    [--interface <endpoint-interface>]
 
    [--url <endpoint-url>]
 
    [--service <service-id>]
 
    [--region <endpoint-region>]
 
    [--enable | --disable]
 
    <endpoint>
 
</source>
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os endpoint show
+
os oauth authorization delete
     <endpoint>
+
     user <user>
 +
    access-id <access-id>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 +
n /a
 +
|-
 +
|
 
<source lang="bash">
 
<source lang="bash">
keystone endpoint-get
+
os oauth authorization show
     <endpoint>
+
     request-id <request-id>
 
</source>
 
</source>
|}
+
|| yes
 
+
|| ||
==== group ====
+
n /a
 
 
{| class="wikitable"
 
 
|-
 
|-
! OSC Command !! Implemented !! !! Keystone command
+
| look at some alternatives: || || ||
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os group create
+
os oauth token create
     [--domain <domain>]
+
     --consumer-key <consumer-key>
     [--description <group-description>]
+
    --consumer-secret <consumer-secret>
     <group-name>
+
     --request-key <request-key>
 +
     --request-secret <request-secret>
 +
    --verifier <pin>
 
</source>
 
</source>
|| yes
+
|| nyet
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone group-create
+
* makes the token specific to oauth
    --name <group-name>
+
* add [--oauth-ver X] if versioning for oauth2 is an issue?
    [--domain_id <domain-id>]
 
    [--description <group-description>]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os group delete
+
os oauth token create
     <group>
+
     --request
 +
    --consumer-key <consumer-key>
 +
    --roles <roles>
 
</source>
 
</source>
|| yes
+
|| nyet
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone group-delete
+
* collapse 'access token' and 'request token' into 'oauth token'?
    <group-id>
 
 
</source>
 
</source>
 +
|}
 +
 +
==== policy ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os group list
+
os policy create
     [--long]
+
     [--type <policy-type>]
 +
    --blob-file <blob-file>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone group-list
+
keystone policy-create
 +
    --type <policy-type>
 +
    --blob <policy-blob>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os group set
+
os policy delete
     [--name <new-group-name>]
+
     <policy-id>
    [--domain <domain>]
 
    [--description <new-group-description>]
 
    <group>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone group-update
+
keystone policy-delete
    [--name <group_name>]
+
     <policy-id>
    [--domain_id <domain-id>]
 
    [--description <group-description>]
 
     <group-id>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os group show
+
os policy list
     <group>
+
     [--include-blob]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone group-get
+
keystone policy-list
    <group-id>
 
 
</source>
 
</source>
|}
 
 
==== oauth ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth request token create
+
os policy set
     --consumer-key <consumer-key>
+
     [--type <policy-type>]
     --consumer-secret <consumer-secret>
+
     [--blob-file<blob-file>]
     --roles <requested-roles>
+
     <policy-id>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
n /a
+
<source lang="bash">
 +
keystone policy-update
 +
    [--type <policy-type>]
 +
    [--blob <policy-blob>]
 +
    <policy-id>
 +
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth request token authorize
+
os policy show
     --request-key <request-key>
+
     <policy-id>
    --roles <requested-roles>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
n /a
 
|-
 
|
 
 
<source lang="bash">
 
<source lang="bash">
os oauth access token create
+
keystone policy-get
     --consumer-key <consumer-key>
+
     <policy-id>
     --consumer-secret <consumer-secret>
+
</source>
     --request-key <request-key>
+
|}
     --request-secret <request-secret>
+
 
     --verifier <pin>
+
==== project ====
 +
 
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 +
|-
 +
|
 +
<source lang="bash">
 +
os project create
 +
     [--domain <project-domain>]
 +
     [--description <project-description>]
 +
     [--enable | --disable]
 +
     <project-name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
n/a
+
keystone project-create
 +
    [--domain_id <domain_id>]
 +
    [--description <description>]
 +
    [--enable | --disable]
 +
    <name>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth access token authenticate
+
os project delete
     --consumer-key <consumer-key>
+
     <project>
    --consumer-secret <consumer-secret>
 
    --access-key <access-key>
 
    --access-secret <access-secret>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
n /a
+
<source lang="bash">
 +
os project-delete
 +
    <project_id>
 +
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth authorization list
+
os project list
     user <user>
+
     [--long]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
n /a
+
<source lang="bash">
 +
keystone project-list
 +
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth authorization delete
+
os project set
     user <user>
+
     [--name <new-project-name>]
     access-id <access-id>
+
    [--domain <project-domain>]
 +
     [--description <new-project-description>]
 +
    [--enable | --disable]
 +
    <project>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
n /a
+
<source lang="bash">
 +
keystone project-set
 +
    [--name <new-project-name>]
 +
    [--domain <project-domain>]
 +
    [--description <new-project-description>]
 +
    [--enable | --disable]
 +
    <project_id>
 +
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth authorization show
+
os project show
     request-id <request-id>
+
     <project>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
n /a
+
<source lang="bash">
 +
keystone project-get
 +
    <project_id>
 +
</source>
 +
|}
 +
 
 +
==== role ====
 +
 
 +
{| class="wikitable"
 
|-
 
|-
| look at some alternatives: || || ||
+
! OSC Command !! Implemented !! !! Keystone command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth token create
+
os role add
     --consumer-key <consumer-key>
+
     [--user <user> | --group <group>]
    --consumer-secret <consumer-secret>
+
     [--domain <domain> | --project <project>]
     --request-key <request-key>
+
     <role>
    --request-secret <request-secret>
 
     --verifier <pin>
 
 
</source>
 
</source>
|| nyet
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
* makes the token specific to oauth
 
* add [--oauth-ver X] if versioning for oauth2 is an issue?
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os oauth token create
+
os role create
     --request
+
     <role-name>
    --consumer-key <consumer-key>
 
    --roles <roles>
 
 
</source>
 
</source>
|| nyet
+
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
* collapse 'access token' and 'request token' into 'oauth token'?
 
 
</source>
 
</source>
|}
 
 
==== policy ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os policy create
+
os role delete
     [--type <policy-type>]
+
     <role>
    --blob-file <blob-file>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone policy-create
 
    --type <policy-type>
 
    --blob <policy-blob>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os policy delete
+
os role list
    <policy-id>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone policy-delete
 
    <policy-id>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os policy list
+
os role remove
     [--include-blob]
+
     [--user <user> | --group <group>]
 +
    [--domain <domain> | --project <project>]
 +
    <role>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone policy-list
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os policy set
+
os role set
     [--type <policy-type>]
+
     [--name <new-role-name>]
    [--blob-file<blob-file>]
+
     <role>
     <policy-id>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone policy-update
 
    [--type <policy-type>]
 
    [--blob <policy-blob>]
 
    <policy-id>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os policy show
+
os role show
     <policy-id>
+
     <role>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone policy-get
 
    <policy-id>
 
 
</source>
 
</source>
 
|}
 
|}
  
==== project ====
+
==== service ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,872: Line 2,969:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project create
+
os service create
    [--domain <project-domain>]
+
[--name <name>]
    [--description <project-description>]
+
        [--enabled <true|false>]
    [--enable | --disable]
+
        <type>
    <project-name>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone project-create
+
keystone service-create
    [--domain_id <domain_id>]
+
[--name <name>]
    [--description <description>]
+
        [--enabled <true|false>]
    [--enable | --disable]
+
        <type>
    <name>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project delete
+
os service delete
     <project>
+
     <service>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
os project-delete
+
keystone service-delete
     <project_id>
+
     <service_id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project list
+
os list service
    [--long]
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone project-list
+
keystone service-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project set
+
os service set
     [--name <new-project-name>]
+
     [--type <service-type>]
     [--domain <project-domain>]
+
     [--name <new-name>]
    [--description <new-project-description>]
 
 
     [--enable | --disable]
 
     [--enable | --disable]
     <project>
+
     <service>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone project-set
+
keystone service-set
     [--name <new-project-name>]
+
     [--type <service-type>]
     [--domain <project-domain>]
+
     [--name <new-name>]
    [--description <new-project-description>]
 
 
     [--enable | --disable]
 
     [--enable | --disable]
     <project_id>
+
     <service>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os project show
+
os service show
     <project>
+
     <service>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone project-get
+
keystone service-get  
     <project_id>
+
     <service_id>
 
</source>
 
</source>
 
|}
 
|}
  
==== role ====
+
==== user ====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 2,952: Line 3,044:
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role add
+
os user create
     [--user <user> | --group <group>]
+
     [--password <password>]
     [--domain <domain> | --project <project>]
+
    [--project <project>]
     <role>
+
     [--email <user-email>]
 +
    [--enable | --disable]
 +
     <name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
 +
keystone user-create
 +
    --name <user-name>
 +
    [--domain_id <domain-id>]
 +
    [--default_project_id <project-id>]
 +
    [--description <description>]
 +
    [--enabled <true|false>]
 +
    [--password <password>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role create
+
os user delete
     <role-name>
+
     <user>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
 +
keystone user-delete
 +
    <user-id>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role delete
+
os user list
     <role>
+
     [--project <project>]
 +
    [--long]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
 +
keystone user-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role list
+
os user set
 +
    [--name <new-name>]
 +
    [--password <password>]
 +
    [--project <project>]
 +
    [--email <user-email>]
 +
    [--enable | --disable]
 +
    <user>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
 +
keystone user-update
 +
    --user_id <user-id>
 +
    [--name <user-name>]
 +
    [--domain_id <domain-id>]
 +
    [--default_project_id <project-id>]
 +
    [--description <description>]
 +
    [--enabled <true|false>]
 +
    [--password <password>]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os role remove
+
os user show
    [--user <user> | --group <group>]
+
     <user>
    [--domain <domain> | --project <project>]
 
    <role>
 
</source>
 
|| yes
 
|| ||
 
<source lang="bash">
 
</source>
 
|-
 
|
 
<source lang="bash">
 
os role set
 
    [--name <new-role-name>]
 
    <role>
 
</source>
 
|| yes
 
|| ||
 
<source lang="bash">
 
</source>
 
|-
 
|
 
<source lang="bash">
 
os role show
 
     <role>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
 +
keystone user-get
 +
    <user-id>
 
</source>
 
</source>
 
|}
 
|}
  
==== service ====
+
== Image ==
  
 
{| class="wikitable"
 
{| class="wikitable"
|-
+
|-
! OSC Command !! Implemented !! !! Keystone command
+
! OSC Option !!  Environment Variable !!  !!  Glance Option !!  Environment Variable
|-
+
|-
|
+
| --os-image-api-version <ver> || OS_IMAGE_API_VERSION ||  || --os-image-api-version <ver> || OS_IMAGE_API_VERSION
 +
|-
 +
|  ||  || || --os-service-type <type> || OS_SERVICE_TYPE
 +
|-
 +
|  ||  || || --os-endpoint-type <type> || OS_ENDPOINT_TYPE
 +
|-
 +
| --os-token <token> || OS_TOKEN || || --os-auth-token <token> || OS_AUTH_TOKEN
 +
|-
 +
| --os-url <url> || OS_URL || || --os-image-url <url> || OS_IMAGE_URL
 +
|-
 +
|  ||  || || --os-cacert <file> || OS_CACERT
 +
|-
 +
|  ||  || || --cert-file <file> || CERT_FILE
 +
|-
 +
|  ||  || || --key-file <key-file> || KEY_FILE
 +
|-
 +
|  ||  || || --no-ssl-compression ||
 +
|-
 +
|}
 +
 
 +
 
 +
=== API v1 ===
 +
 
 +
==== image ====
 +
 
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Glance command
 +
|-
 +
|
 
<source lang="bash">
 
<source lang="bash">
os service create
+
os image create
[--name <name>]
+
    [--id <id>]
        [--enabled <true|false>]
+
    [--store <store>]
        <type>
+
    [--container-format <format>]
 +
    [--disk-format <format>]
 +
    [--owner <tenant>]
 +
    [--size <size-bytes>]
 +
    [--min-disk <disk-gb>]
 +
    [--min-ram <ram-mg>]
 +
    [--location <image-url>]
 +
    [--copy-from <image-url>]
 +
    [--file <local-filename>]
 +
    [--checksum <checksum>]
 +
    [--protected | --unprotected]
 +
    [--public | --private]
 +
    [--property <key=value>]
 +
    <name>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-create
+
glance image-create
[--name <name>]
+
    [--id <IMAGE_ID>]
        [--enabled <true|false>]
+
    [--name <NAME>]
        <type>
+
    [--disk-format <DISK_FORMAT>]
 +
    [--container-format <CONTAINER_FORMAT>]
 +
    [--owner <TENANT_ID>]
 +
    [--size <SIZE>]
 +
    [--min-disk <DISK_GB>]
 +
    [--min-ram <DISK_RAM>]
 +
    [--location <IMAGE_URL>]
 +
    [--checksum <CHECKSUM>]
 +
    [--copy-from <IMAGE_URL>]
 +
    [--is-public [True|False]]
 +
    [--is-protected [True|False]]
 +
    [--property <key=value>]
 +
    [--human-readable]
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os service delete
+
os image delete
     <service>
+
     <image>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-delete
+
glance image-delete
     <service_id>
+
     <IMAGE_ID>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os list service
+
os image list
 +
    [--page-size <size>]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-list
+
glance image-list
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os service set
+
os image save
     [--type <service-type>]
+
     [--file <filename>]
    [--name <new-name>]
+
     <image>
    [--enable | --disable]
 
     <service>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-set
+
glance image-download
     [--type <service-type>]
+
     [--file <FILE>]
    [--name <new-name>]
+
     <IMAGE>
    [--enable | --disable]
 
     <service>
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os service show
+
os image set
     <service>
+
     [--name <name>]
 +
    [--owner <tenant>]
 +
    [--min-disk <disk-gb>]
 +
    [--min-ram <ram-mg>]
 +
    [--protected | --unprotected]
 +
    [--public | --private]
 +
    [--property <key=value>]
 +
    <image>
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone service-get
+
glance image-update
     <service_id>
+
    [--name <NAME>]
 +
    [--disk-format <DISK_FORMAT>]
 +
    [--container-format <CONTAINER_FORMAT>]
 +
    [--owner <TENANT_ID>]
 +
    [--size <SIZE>]
 +
    [--min-disk <DISK_GB>]
 +
    [--min-ram <DISK_RAM>]
 +
    [--location <IMAGE_URL>]
 +
    [--file <FILE>]
 +
    [--checksum <CHECKSUM>]
 +
    [--copy-from <IMAGE_URL>]
 +
    [--is-public [True|False]]
 +
    [--is-protected [True|False]]
 +
    [--property <key=value>]
 +
    [--purge-props]
 +
    [--human-readable]
 +
     <IMAGE>
 
</source>
 
</source>
|}
 
 
==== user ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user create
+
os image show
     [--password <password>]
+
     <image>
    [--project <project>]
 
    [--email <user-email>]
 
    [--enable | --disable]
 
    <name>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-create
+
glance image-show
    --name <user-name>
+
     [--human-readable]
    [--domain_id <domain-id>]
+
     <IMAGE>
    [--default_project_id <project-id>]
 
     [--description <description>]
 
    [--enabled <true|false>]
 
     [--password <password>]
 
 
</source>
 
</source>
 +
|}
 +
 +
=== API v2 ===
 +
 +
==== image ====
 +
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Glance command
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user delete
+
os image add project
     <user>
+
     <image>
 +
    <project>
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-delete
+
glance member-create
     <user-id>
+
    [--can-share]
 +
     <IMAGE_ID>
 +
    <TENANT_ID>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user list
+
os image create
     [--project <project>]
+
     [--id <id>]
     [--long]
+
     [--store <store>]
</source>
+
    [--container-format <format>]
|| yes
+
    [--disk-format <format>]
 +
    [--owner <tenant>]
 +
    [--size <size-bytes>]
 +
    [--min-disk <disk-gb>]
 +
    [--min-ram <ram-mg>]
 +
    [--location <image-url>]
 +
    [--copy-from <image-url>]
 +
    [--file <local-filename>]
 +
    [--checksum <checksum>]
 +
    [--protected | --unprotected]
 +
    [--public | --private]
 +
    [--property <key=value>]
 +
    <name>
 +
# verify v2 options
 +
</source>
 +
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-list
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user set
+
os image delete
     [--name <new-name>]
+
     <image>
    [--password <password>]
 
    [--project <project>]
 
    [--email <user-email>]
 
    [--enable | --disable]
 
    <user>
 
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-update
+
glance image-delete
     --user_id <user-id>
+
     <IMAGE_ID>
    [--name <user-name>]
 
    [--domain_id <domain-id>]
 
    [--default_project_id <project-id>]
 
    [--description <description>]
 
    [--enabled <true|false>]
 
    [--password <password>]
 
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os user show
+
os image list
     <user>
+
     [--page-size <size>]
 
</source>
 
</source>
 
|| yes
 
|| yes
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
keystone user-get
+
glance image-list
     <user-id>
+
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os image list
 +
    --shared
 +
    [--image <image>]
 +
    [--project <project>]
 +
</source>
 +
|| no
 +
|| ||
 +
<source lang="bash">
 +
glance member-list
 +
     [--image-id <IMAGE_ID>]
 +
    [--tenant-id <TENANT_ID>]
 
</source>
 
</source>
|}
 
 
== Image ==
 
 
{| class="wikitable"
 
|-
 
! OSC Option !!  Environment Variable !!  !!  Glance Option !!  Environment Variable
 
|-
 
| --os-image-api-version <ver> || OS_IMAGE_API_VERSION ||  || --os-image-api-version <ver> || OS_IMAGE_API_VERSION
 
|-
 
|  ||  || || --os-service-type <type> || OS_SERVICE_TYPE
 
|-
 
|  ||  || || --os-endpoint-type <type> || OS_ENDPOINT_TYPE
 
|-
 
| --os-token <token> || OS_TOKEN || || --os-auth-token <token> || OS_AUTH_TOKEN
 
|-
 
| --os-url <url> || OS_URL || || --os-image-url <url> || OS_IMAGE_URL
 
|-
 
|  ||  || || --os-cacert <file> || OS_CACERT
 
|-
 
|  ||  || || --cert-file <file> || CERT_FILE
 
|-
 
|  ||  || || --key-file <key-file> || KEY_FILE
 
|-
 
|  ||  || || --no-ssl-compression ||
 
|-
 
|}
 
 
 
=== API v1 ===
 
 
==== image ====
 
 
{| class="wikitable"
 
 
|-
 
|-
! OSC Command !! Implemented !! !! Glance command
+
|
 +
<source lang="bash">
 +
os image remove project
 +
    <image>
 +
    <project>
 +
</source>
 +
|| no
 +
|| ||
 +
<source lang="bash">
 +
glance member-delete
 +
    <IMAGE_ID>
 +
    <TENANT_ID>
 +
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os image create
+
os image save
     [--id <id>]
+
    [--file <filename>]
 +
    <image>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
glance image-download
 +
    [--file <FILE>]
 +
    <IMAGE>
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os image set
 +
     [--id <id>]
 
     [--store <store>]
 
     [--store <store>]
 
     [--container-format <format>]
 
     [--container-format <format>]
Line 3,242: Line 3,421:
 
     <name>
 
     <name>
 
</source>
 
</source>
|| yes
+
|| no
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
glance image-create
+
glance image-update
    [--id <IMAGE_ID>]
 
 
     [--name <NAME>]
 
     [--name <NAME>]
 
     [--disk-format <DISK_FORMAT>]
 
     [--disk-format <DISK_FORMAT>]
Line 3,255: Line 3,433:
 
     [--min-ram <DISK_RAM>]
 
     [--min-ram <DISK_RAM>]
 
     [--location <IMAGE_URL>]
 
     [--location <IMAGE_URL>]
 +
    [--file <FILE>]
 
     [--checksum <CHECKSUM>]
 
     [--checksum <CHECKSUM>]
 
     [--copy-from <IMAGE_URL>]
 
     [--copy-from <IMAGE_URL>]
Line 3,260: Line 3,439:
 
     [--is-protected [True|False]]
 
     [--is-protected [True|False]]
 
     [--property <key=value>]
 
     [--property <key=value>]
 +
    [--purge-props]
 
     [--human-readable]
 
     [--human-readable]
 +
    <IMAGE>
 
</source>
 
</source>
 
|-
 
|-
 
|
 
|
 
<source lang="bash">
 
<source lang="bash">
os image delete
+
os image show
 
     <image>
 
     <image>
 
</source>
 
</source>
Line 3,271: Line 3,452:
 
|| ||
 
|| ||
 
<source lang="bash">
 
<source lang="bash">
glance image-delete
+
glance image-show
    <IMAGE_ID>
+
     [--human-readable]
</source>
+
    <IMAGE>
|-
 
|
 
<source lang="bash">
 
os image list
 
     [--page-size <size>]
 
</source>
 
|| yes
 
|| ||
 
<source lang="bash">
 
glance image-list
 
 
</source>
 
</source>
 +
|}
 +
 +
==== image-member ====
 +
 +
The image member commands have been rolled in to the regualr [[#image_3|image]] commands.
 +
 +
== Network ==
 +
 +
The Network commands in <code>neutron</code> are actually in pretty good shape.  It appears most update commands have not be
 +
en implemented, but looks pretty solid other than that.  Note some questions:
 +
 +
* Note: Should the --request-format option be a global option.  Nice from a developers perspective if you want to test XML for ins
 +
tance, but why would users really care.
 +
 +
* Note: Should we have --os-network-api-version <ver> argument since neutron currently only supports one version?
 +
 +
NOTE(dtroyer): yes for consistency
 +
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Option !! Environment Variable !! !! Nova Option !! Environment Variable
 +
|-
 +
| || || || --os-auth-strategy || OS_AUTH_STRATEGY
 +
|-
 +
| --os-auth-url || OS_AUTH_URL || || --os-auth-url || OS_AUTH_URL
 +
|-
 +
| --os-project-name || OS_PROJECT_NAME || || --os-tenant-name || OS_TENANT_NAME
 
|-
 
|-
|
+
| --os-project-id || OS_PROJECT_ID || || --os-tenant-id || OS_TENANT_ID
<source lang="bash">
+
|-
os image save
+
| --os-username || OS_USERNAME || || --os-username || OS_USERNAME
    [--file <filename>]
+
|-
    <image>
+
| --os-password || OS_PASSWORD || || --os-password || OS_PASSWORD
</source>
+
|-
|| yes
+
| --os-region-name || OS_REGION_NAME || || --os-region-name || OS_REGION_NAME
|| ||
+
|-
<source lang="bash">
+
| --os-token || OS_TOKEN || || --os-token || OS_TOKEN
glance image-download
+
|-
    [--file <FILE>]
+
| --os-url || OS_URL || || --os-url || OS_URL
    <IMAGE>
+
|-
</source>
+
| --os-cacert || OS_CACERT || || --os-cacert || OS_CACERT
 
|-
 
|-
|
+
| --os-network-api-version <ver> || OS_NETWORK_API_VERSION || || ||  
<source lang="bash">
+
|}
os image set
+
 
    [--name <name>]
 
    [--owner <tenant>]
 
    [--min-disk <disk-gb>]
 
    [--min-ram <ram-mg>]
 
    [--protected | --unprotected]
 
    [--public | --private]
 
    [--property <key=value>]
 
    <image>
 
</source>
 
|| yes
 
|| ||
 
<source lang="bash">
 
glance image-update
 
    [--name <NAME>]
 
    [--disk-format <DISK_FORMAT>]
 
    [--container-format <CONTAINER_FORMAT>]
 
    [--owner <TENANT_ID>]
 
    [--size <SIZE>]
 
    [--min-disk <DISK_GB>]
 
    [--min-ram <DISK_RAM>]
 
    [--location <IMAGE_URL>]
 
    [--file <FILE>]
 
    [--checksum <CHECKSUM>]
 
    [--copy-from <IMAGE_URL>]
 
    [--is-public [True|False]]
 
    [--is-protected [True|False]]
 
    [--property <key=value>]
 
    [--purge-props]
 
    [--human-readable]
 
    <IMAGE>
 
</source>
 
|-
 
|
 
<source lang="bash">
 
os image show
 
    <image>
 
</source>
 
|| yes
 
|| ||
 
<source lang="bash">
 
glance image-show
 
    [--human-readable]
 
    <IMAGE>
 
</source>
 
|}
 
  
=== API v2 ===
+
=== API v2.0 ===
  
==== image ====
+
NOTE(dtroyer): I am removing all of the default cliff options for clarity.  Also, apparently neutronclient has a different idea of how these are used than OSC.
 +
 
 +
 
 +
==== Agent ====
 +
 
 +
NOTE: There is no agent create in neutron at the moment.  I assume these should replace the compute commands.
  
 +
NOTE(dtroyer): The compute agent refers to the bits of code that run inside a VM.  A Neutron agent is code that runs on a host system; there are at least 4 different types: plugin, dhcp, l3 and metadata.
  
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
! OSC Command !! Implemented !! !! Glance command
+
! OSC Command !! Implemented !! !! Neutron command
 
|-
 
|-
|
+
|<source lang="bash">
<source lang="bash">
+
os agent delete
os image add project
+
     <agent>
    <image>
 
     <project>
 
 
</source>
 
</source>
|| no
+
|| no || ||
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
glance member-create
+
neutron agent-delete <agent>
    [--can-share]
 
    <IMAGE_ID>
 
    <TENANT_ID>
 
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
<source lang="bash">
+
os agent list
os image create
+
     [--long]
     [--id <id>]
+
</source>
    [--store <store>]
+
NOTE(dtroyer): list commands always use --long for their 'show me more stuff' option
    [--container-format <format>]
+
|| no || ||
    [--disk-format <format>]
 
    [--owner <tenant>]
 
    [--size <size-bytes>]
 
    [--min-disk <disk-gb>]
 
    [--min-ram <ram-mg>]
 
    [--location <image-url>]
 
    [--copy-from <image-url>]
 
    [--file <local-filename>]
 
    [--checksum <checksum>]
 
    [--protected | --unprotected]
 
    [--public | --private]
 
    [--property <key=value>]
 
    <name>
 
# verify v2 options
 
</source>
 
|| no
 
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
 +
neutron agent-list
 +
  [-D, --show-details]
 +
  [-F FIELD, --field FIELD]
 +
  [--quote {all,minimal,none,nonnumeric}]
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
<source lang="bash">
+
os agent update
os image delete
+
     <agent>
     <image>
 
 
</source>
 
</source>
|| yes
+
NOTE(dtroyer): update commands often map to the OSC verb 'set'.  but with no value to set???
|| ||
+
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
glance image-delete
+
neutron agent-update <agent>
    <IMAGE_ID>
+
# NOTE: no args, what does this update?
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
<source lang="bash">
+
os agent show
os image list
+
     <agent>
     [--page-size <size>]
 
 
</source>
 
</source>
|| yes
+
|| no || ||
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
glance image-list
+
neutron agent-show <agent>
 +
  [-D, --show-details]
 +
  [-F FIELD, --field FIELD]
 
</source>
 
</source>
 +
|}
 +
 +
==== Cisco ====
 +
 +
NOTE(dtroyer): We need to think about how to handle vendor-plugin-specific bits.  I don't want these in the default set...
 +
 +
Note all of these "network pofile" and "policy profile", why not just network and policy, profile is useless.
 +
 +
{| class="wikitable"
 
|-
 
|-
|
+
! OSC Command !! Implemented !! !! Neutron command
 +
|-
 +
|<source lang="bash">
 +
os cisco credential create <credential_name> <credential_type>
 +
    [--tenant-id TENANT_ID]
 +
    [--username USERNAME]
 +
    [--password PASSWORD]
 +
</source>
 +
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
os image list
+
neutron cisco-credential-create <credential_name> <credential_type>
     --shared
+
     [--tenant-id TENANT_ID]
     [--image <image>]
+
     [--username USERNAME]
     [--project <project>]
+
     [--password PASSWORD]
 +
</source>
 +
|-
 +
|<source lang="bash">
 +
os cisco credential delete <credential>
 
</source>
 
</source>
|| no
+
|| no || ||
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
glance member-list
+
neutron cisco-credential-delete <credential>
    [--image-id <IMAGE_ID>]
 
    [--tenant-id <TENANT_ID>]
 
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
<source lang="bash">
+
os cisco credential list
os image remove project
+
     [-F FIELD]
     <image>
 
    <project>
 
 
</source>
 
</source>
|| no
+
|| no || ||
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
glance member-delete
+
neutron cisco-credential-list
     <IMAGE_ID>
+
     [-F FIELD]
    <TENANT_ID>
 
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
 +
os cisco credential show <credential>
 +
    [-F FIELD]
 +
</source>
 +
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
os image save
+
neutron cisco-credential-show <credential>
     [--file <filename>]
+
     [-F FIELD]
     <image>
+
</source>
 +
|-
 +
|<source lang="bash">
 +
os cisco network profile create <name> <vlan|overlay|multi-segment|trunk>
 +
    [--tenant-id TENANT_ID]                
 +
     [--sub_type SUB_TYPE]                 
 +
    [--segment_range SEGMENT_RANGE]       
 +
    [--physical_network PHYSICAL_NETWORK] 
 +
    [--multicast_ip_range MULTICAST_IP_RANGE]
 +
    [--add-tenant ADD_TENANT]
 
</source>
 
</source>
|| yes
+
|| no || ||
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
glance image-download
+
neutron cisco-network-profile-create <name> <vlan|overlay|multi-segment|trunk>
     [--file <FILE>]
+
     [--tenant-id TENANT_ID]               
     <IMAGE>
+
    [--sub_type SUB_TYPE]                 
 +
    [--segment_range SEGMENT_RANGE]       
 +
    [--physical_network PHYSICAL_NETWORK] 
 +
    [--multicast_ip_range MULTICAST_IP_RANGE]
 +
     [--add-tenant ADD_TENANT]
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
 +
os cisco network profile delete <profile>
 +
    [--request-format {json,xml}]
 +
</source>
 +
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
os image set
+
neutron cisco-network-profile-delete <profile>
    [--id <id>]
+
     [--request-format {json,xml}]
    [--store <store>]
+
</source>
     [--container-format <format>]
+
|-
    [--disk-format <format>]
+
|<source lang="bash">
    [--owner <tenant>]
+
os cisco network profile list
    [--size <size-bytes>]
+
     [-F FIELD]
    [--min-disk <disk-gb>]
 
    [--min-ram <ram-mg>]
 
    [--location <image-url>]
 
    [--copy-from <image-url>]
 
    [--file <local-filename>]
 
    [--checksum <checksum>]
 
    [--protected | --unprotected]
 
    [--public | --private]
 
     [--property <key=value>]
 
    <name>
 
 
</source>
 
</source>
|| no
+
|| no || ||
|| ||
 
 
<source lang="bash">
 
<source lang="bash">
glance image-update
+
neutron cisco-network-profile-list
    [--name <NAME>]
+
     [-F FIELD]
     [--disk-format <DISK_FORMAT>]
+
</source>
    [--container-format <CONTAINER_FORMAT>]
+
|-
    [--owner <TENANT_ID>]
+
|<source lang="bash">
    [--size <SIZE>]
+
os cisco network profile show <profile>
    [--min-disk <DISK_GB>]
+
     [-F FIELD]
     [--min-ram <DISK_RAM>]
+
</source>
    [--location <IMAGE_URL>]
+
|| no || ||
    [--file <FILE>]
+
<source lang="bash">
    [--checksum <CHECKSUM>]
+
neutron cisco-network-profile-show <profile>
    [--copy-from <IMAGE_URL>]
+
     [-F FIELD]
    [--is-public [True|False]]
 
    [--is-protected [True|False]]
 
    [--property <key=value>]
 
    [--purge-props]
 
     [--human-readable]
 
    <IMAGE>
 
 
</source>
 
</source>
 
|-
 
|-
|
+
|<source lang="bash">
 +
os cisco network profile update <profile>
 +
    [--request-format {json,xml}]
 +
</source>
 +
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
os image show
+
neutron cisco-network-profile-update <profile>
     <image>
+
     [--request-format {json,xml}]
 
</source>
 
</source>
|| yes
+
|-
|| ||
+
|<source lang="bash">
<source lang="bash">
+
os cisco policy profile list
glance image-show
+
     [-F FIELD]
     [--human-readable]
 
    <IMAGE>
 
 
</source>
 
</source>
|}
+
|| no || ||
 +
<source lang="bash">
 +
neutron cisco-policy-profile-list
 +
    [-F FIELD]
 +
</source>
 +
|-
 +
|<source lang="bash">
 +
os cisco policy profile show <profile>
 +
    [--request-format {json,xml}] [-D]   
 +
    [-F FIELD]
 +
</source>
 +
|| no || ||
 +
<source lang="bash">
 +
neutron cisco-policy-profile-show <profile>
 +
    [--request-format {json,xml}] [-D]   
 +
    [-F FIELD]
 +
</source>
 +
|-
 +
|<source lang="bash">
 +
os cisco policy profile update <profile>
 +
    [--request-format {json,xml}]
 +
</source>
 +
|| no || ||
 +
<source lang="bash">
 +
neutron cisco-policy-profile-update <profile>
 +
    [--request-format {json,xml}]
 +
</source>
 +
|}
  
==== image-member ====
 
  
The image member commands have been rolled in to the regualr [[#image_3|image]] commands.
+
==== DHCP Agent ====
  
== Network ==
+
* NOTE(dtroyer): here, 'dhcp agent' will be a two-word object (for now, suggest something shorter?  'dhcp' seems ambiguous)
  
The Network commands in <code>neutron</code> are actually in pretty good shape.  It appears most update commands have not be
 
en implemented, but looks pretty solid other than that.  Note some questions:
 
  
* Note: Should the --request-format option be a global optionNice from a developers perspective if you want to test XML for ins
+
* Note: In general, should we support these generic -h and --request-format options from neutroni think not.
tance, but why would users really care.
 
 
 
* Note: Should we have --os-network-api-version <ver> argument since neutron currently only supports one version?
 
 
 
NOTE(dtroyer): yes for consistency
 
  
 +
NOTE(dtroyer): the --request-format option seems to want to support structured input data.  While interesting that is not something we have addressed with OSC yet.  So for now, lets leave them TDB.
  
 
{| class="wikitable"
 
{| class="wikitable"
|-
 
! OSC Option !! Environment Variable !! !! Nova Option !! Environment Variable
 
 
|-
 
|-
| || || || --os-auth-strategy || OS_AUTH_STRATEGY
+
! OSC Command !! Implemented !! !! Neutron command
 
|-
 
|-
| --os-auth-url || OS_AUTH_URL || || --os-auth-url || OS_AUTH_URL
+
|<source lang="bash">
 +
os dhcp agent add network
 +
    <dhcp_agent>
 +
    <network>
 +
</source>
 +
|| no || ||
 +
<source lang="bash">
 +
neutron dhcp-agent-network-add <dhcp_agent> <network>
 +
  [--request-format {json,xml}]
 +
</source>
 
|-
 
|-
| --os-project-name || OS_PROJECT_NAME || || --os-tenant-name || OS_TENANT_NAME
+
|<source lang="bash">
 +
os dhcp agent delete network
 +
    <dhcp_agent>
 +
    <network>
 +
</source>
 +
# Note: delete instead of remove; Maybe just "dhcp delete"
 +
 
 +
NOTE(dtroyer): this removes a network from an agent (see [[/OpenStackClient/HumanInterfaceGuidelines#Command_Object.28s.29_and_Action|command structure]])
 +
|| no || ||
 +
<source lang="bash">
 +
neutron dhcp-agent-network-remove <dhcp_agent> <network>
 +
  [--request-format {json,xml}]
 +
</source>
 
|-
 
|-
| --os-project-id || OS_PROJECT_ID || || --os-tenant-id || OS_TENANT_ID
+
|<source lang="bash">
|-
+
os dhcp agent list
| --os-username || OS_USERNAME || || --os-username || OS_USERNAME
+
    [--long]
|-
+
    [--networks <dhcp-agent>]
| --os-password || OS_PASSWORD || || --os-password || OS_PASSWORD
+
</source>
|-
+
Note why isn't this "dhcp list"?
| --os-region-name || OS_REGION_NAME || || --os-region-name || OS_REGION_NAME
 
|-
 
| --os-token || OS_TOKEN || || --os-token || OS_TOKEN
 
|-
 
| --os-url || OS_URL || || --os-url || OS_URL
 
|-
 
| --os-cacert || OS_CACERT || || --os-cacert || OS_CACERT
 
|-
 
| --os-network-api-version <ver> || OS_NETWORK_API_VERSION || || ||
 
|}
 
  
 +
NOTE(dtroyer): see above, we need to decide if 'dhcp' is a clear enough object name for the dhcp agent
 +
|| no || ||
 +
<source lang="bash">
 +
neutron dhcp-agent-list-hosting-net <network>
  
=== API v2.0 ===
+
neutron net-list-on-dhcp-agent <dhcp_agent>
 +
</source>
 +
|}
  
NOTE(dtroyer): I am removing all of the default cliff options for clarity.  Also, apparently neutronclient has a different idea of how these are used than OSC.
+
==== Extension ====
  
 +
Note: Perhaps this would be a nice general feature.
  
==== Agent ====
+
NOTE(dtroyer): yes it wouldWe don't have this for any of the other APIs yet so we can play with the structure a bit here
 
 
NOTE: There is no agent create in neutron at the moment.  I assume these should replace the compute commands.
 
 
 
NOTE(dtroyer): The compute agent refers to the bits of code that run inside a VMA Neutron agent is code that runs on a host system; there are at least 4 different types: plugin, dhcp, l3 and metadata.
 
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 3,583: Line 3,774:
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os agent delete
+
os extension list
     <agent>
+
     [--long]
 +
    [--service <service>]
 
</source>
 
</source>
 +
Note: Do we want to provide service as an option for this command?
 +
 +
NOTE(dtroyer): maybe.  what service exactly?  in the Identity API, service means things like 'compute v2', 'identity v3', etc.
 +
we need at least the API, I'm not certain if we should expect a user to know that though...
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron agent-delete <agent>
+
neutron ext-list
 +
    [--request-format {json,xml}] [-D] [-F FIELD]
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os agent list
+
os extension show
     [--long]
+
     <extension>
 
</source>
 
</source>
NOTE(dtroyer): list commands always use --long for their 'show me more stuff' option
 
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron agent-list
+
neutron ext-show <extension> [-f {shell,table}] [-c COLUMN]
  [-D, --show-details]
+
    [--variable VARIABLE] [--prefix PREFIX]
  [-F FIELD, --field FIELD]
+
    [--request-format {json,xml}] [-D] [-F FIELD]
  [--quote {all,minimal,none,nonnumeric}]
 
 
</source>
 
</source>
 +
|}
 +
 +
 +
==== Firewall ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Neutron command
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os agent update
+
os firewall create
     <agent>
+
     [--description <description>]
 +
    [--project <project>]
 +
    [--enable | --disable]
 +
    [--share | --no-share]
 +
    <name>
 
</source>
 
</source>
NOTE(dtroyer): update commands often map to the OSC verb 'set'.  but with no value to set???
+
NOTE(dtroyer): need a better name for --not-shared?
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron agent-update <agent>
+
neutron firewall-create
# NOTE: no args, what does this update?
+
    <policy>
 +
    [--tenant-id TENANT_ID]
 +
    [--name NAME]
 +
    [--description DESCRIPTION]
 +
    [--shared]
 +
    [--admin-state-down]
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os agent show
+
os firewall delete
     <agent>
+
     <firewall>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron agent-show <agent>
+
neutron firewall-delete
  [-D, --show-details]
+
    <firewall>
  [-F FIELD, --field FIELD]
 
 
</source>
 
</source>
|}
 
 
==== Cisco ====
 
 
NOTE(dtroyer): We need to think about how to handle vendor-plugin-specific bits.  I don't want these in the default set...
 
 
Note all of these "network pofile" and "policy profile", why not just network and policy, profile is useless.
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Neutron command
 
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco credential create <credential_name> <credential_type>
+
os firewall list
     [--tenant-id TENANT_ID]
+
     [--long]
     [--username USERNAME]
+
     [--sort-key FIELD]
     [--password PASSWORD]
+
     [--sort-dir {asc,desc}]
 
</source>
 
</source>
 +
NOTE(dtroyer): need to think about the sort stuff
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-credential-create <credential_name> <credential_type>
+
neutron firewall-list
     [--tenant-id TENANT_ID]
+
     [-P SIZE] [--sort-key FIELD]  
    [--username USERNAME]
+
     [--sort-dir {asc,desc}]
     [--password PASSWORD]
 
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco credential delete <credential>
+
os firewall set
 +
    <firewall>
 
</source>
 
</source>
 +
NOTE(dtroyer): what is being changed?
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-credential-delete <credential>
+
neutron firewall-update
 +
    <firewall>
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco credential list
+
os firewall show
     [-F FIELD]
+
     <firewall>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-credential-list
+
neutron firewall-show
     [-F FIELD]
+
     <firewall>
 
</source>
 
</source>
 +
|}
 +
 +
 +
==== Firewall Policy ====
 +
 +
NOTE(dtroyer): need to work out the format of FIREWALL_RULE
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Neutron command
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco credential show <credential>
+
os firewall policy create
     [-F FIELD]
+
    [--description <description>]
 +
    [--project <project>]
 +
    [--firewall-rules <rules>]
 +
    [--share | --no-share]
 +
     [--audit | --no-audit]
 +
    <name>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-credential-show <credential>
+
neutron firewall-policy-create
     [-F FIELD]
+
    <name>
 +
     [--tenant-id TENANT_ID]         
 +
    [--description DESCRIPTION]
 +
    [--shared]
 +
    [--firewall-rules FIREWALL_RULES]
 +
    [--audited]
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco network profile create <name> <vlan|overlay|multi-segment|trunk>
+
os firewall policy delete
    [--tenant-id TENANT_ID]               
+
    <policy>
    [--sub_type SUB_TYPE]                 
 
    [--segment_range SEGMENT_RANGE]       
 
    [--physical_network PHYSICAL_NETWORK] 
 
    [--multicast_ip_range MULTICAST_IP_RANGE]
 
    [--add-tenant ADD_TENANT]
 
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-network-profile-create <name> <vlan|overlay|multi-segment|trunk>
+
neutron firewall-policy-delete
    [--tenant-id TENANT_ID]               
+
    <policy>
    [--sub_type SUB_TYPE]                 
 
    [--segment_range SEGMENT_RANGE]       
 
    [--physical_network PHYSICAL_NETWORK] 
 
    [--multicast_ip_range MULTICAST_IP_RANGE]
 
    [--add-tenant ADD_TENANT]
 
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco network profile delete <profile>
+
os firewall policy add rule
     [--request-format {json,xml}]
+
    [--insert-before FIREWALL_RULE]
 +
     [--insert-after FIREWALL_RULE]
 +
    <policy>
 +
    <rule>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-network-profile-delete <profile>
+
neutron firewall-policy-insert-rule
     [--request-format {json,xml}]
+
    <policy>
 +
    <rule>
 +
     [--insert-before FIREWALL_RULE]       
 +
    [--insert-after FIREWALL_RULE]
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco network profile list
+
os firewall policy list
     [-F FIELD]
+
     [--long]
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-network-profile-list
+
neutron firewall-policy-list
     [-F FIELD]
+
     [-F FIELD] [-P SIZE] [--sort-key FIELD]
 +
    [--sort-dir {asc,desc}]
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco network profile show <profile>
+
os firewall policy remove rule
     [-F FIELD]
+
    <policy>
 +
     <rule>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-network-profile-show <profile>
+
neutron firewall-policy-remove-rule
     [-F FIELD]
+
    <policy>
 +
     <rule>
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco network profile update <profile>
+
os firewall policy set
    [--request-format {json,xml}]
+
    <policy>
 
</source>
 
</source>
 +
NOTE(dtroyer): what is being changed?
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-network-profile-update <profile>
+
neutron firewall-policy-update
    [--request-format {json,xml}]
+
    <policy>
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os cisco policy profile list
+
os firewall policy show
     [-F FIELD]
+
     <policy>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron cisco-policy-profile-list
+
neutron firewall-policy-show
    [-F FIELD]
+
     <policy>
</source>
 
|-
 
|<source lang="bash">
 
os cisco policy profile show <profile>
 
    [--request-format {json,xml}] [-D]   
 
    [-F FIELD]
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron cisco-policy-profile-show <profile>
 
    [--request-format {json,xml}] [-D]   
 
    [-F FIELD]
 
</source>
 
|-
 
|<source lang="bash">
 
os cisco policy profile update <profile>
 
     [--request-format {json,xml}]
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron cisco-policy-profile-update <profile>
 
    [--request-format {json,xml}]
 
 
</source>
 
</source>
 
|}
 
|}
  
  
==== DHCP Agent ====
+
==== Firewall Rule ====
 
 
* NOTE(dtroyer): here, 'dhcp agent' will be a two-word object (for now, suggest something shorter?  'dhcp' seems ambiguous)
 
 
 
 
 
* Note: In general, should we support these generic -h and --request-format options from neutron.  i think not.
 
 
 
NOTE(dtroyer): the --request-format option seems to want to support structured input data.  While interesting that is not something we have addressed with OSC yet.  So for now, lets leave them TDB.
 
  
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
 
! OSC Command !! Implemented !! !! Neutron command
 
! OSC Command !! Implemented !! !! Neutron command
 +
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os dhcp agent add network
+
os firewall rule create
     <dhcp_agent>
+
     [--project <project>]
     <network>
+
     [--description <description>]
 +
    [--source-ip-address SOURCE_IP_ADDRESS]
 +
    [--destination-ip-address DESTINATION_IP_ADDRESS]
 +
    [--source-port SOURCE_PORT]
 +
    [--destination-port DESTINATION_PORT]
 +
    [--enable | --disable]
 +
    [--share | --no-share]
 +
    --protocol tcp|udp|icmp|any
 +
    --action allow|deny
 +
    <name>
 
</source>
 
</source>
 +
NOTE(dtroyer): it might be more consistent to change --protocol and --action to direct options; ex: '--tcp | --udp | --icmp | --any'
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron dhcp-agent-network-add <dhcp_agent> <network>
+
neutron firewall-rule-create
  [--request-format {json,xml}]
+
    [--tenant-id TENANT_ID]
</source>
+
    [--name NAME]
|-
+
    [--description DESCRIPTION]
|<source lang="bash">
+
    [--shared]
os dhcp agent delete network
+
    [--source-ip-address SOURCE_IP_ADDRESS]
    <dhcp_agent>
+
    [--destination-ip-address DESTINATION_IP_ADDRESS]
     <network>
+
    [--source-port SOURCE_PORT]
 +
    [--destination-port DESTINATION_PORT]
 +
    [--disabled]
 +
    --protocol {tcp,udp,icmp,any}
 +
    --action {allow,deny}
 +
</source>
 +
|-
 +
|<source lang="bash">
 +
os firewall rule delete
 +
     <rule>
 
</source>
 
</source>
# Note: delete instead of remove; Maybe just "dhcp delete"
 
 
NOTE(dtroyer): this removes a network from an agent (see [[/OpenStackClient/HumanInterfaceGuidelines#Command_Object.28s.29_and_Action|command structure]])
 
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron dhcp-agent-network-remove <dhcp_agent> <network>
+
neutron firewall-rule-delete
  [--request-format {json,xml}]
+
    <rule>
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os dhcp agent list
+
os firewall rule list
 
     [--long]
 
     [--long]
    [--networks <dhcp-agent>]
 
 
</source>
 
</source>
Note why isn't this "dhcp list"?
 
 
NOTE(dtroyer): see above, we need to decide if 'dhcp' is a clear enough object name for the dhcp agent
 
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron dhcp-agent-list-hosting-net <network>
+
neutron firewall-rule-list
 
+
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
neutron net-list-on-dhcp-agent <dhcp_agent>
+
    [--sort-dir {asc,desc}]
 
</source>
 
</source>
|}
+
|-
 
+
|<source lang="bash">
==== Extension ====
+
os firewall rule show
 
+
     <rule>
Note: Perhaps this would be a nice general feature.
 
 
 
NOTE(dtroyer): yes it would.  We don't have this for any of the other APIs yet so we can play with the structure a bit here
 
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Neutron command
 
|-
 
|<source lang="bash">
 
os extension list
 
    [--long]
 
     [--service <service>]
 
 
</source>
 
</source>
Note: Do we want to provide service as an option for this command?
 
 
NOTE(dtroyer): maybe.  what service exactly?  in the Identity API, service means things like 'compute v2', 'identity v3', etc.
 
we need at least the API, I'm not certain if we should expect a user to know that though...
 
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron ext-list
+
neutron firewall-rule-show
     [--request-format {json,xml}] [-D] [-F FIELD]
+
    <rule>
 +
     [-F FIELD]
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os extension show
+
os firewall rule
     <extension>
+
    [--protocol tcp|udp|icmp|any]
 +
     <rule>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron ext-show <extension> [-f {shell,table}] [-c COLUMN]
+
neutron firewall-rule-update
     [--variable VARIABLE] [--prefix PREFIX]
+
     <rule>
     [--request-format {json,xml}] [-D] [-F FIELD]
+
     [--protocol {tcp,udp,icmp,any}]
 
</source>
 
</source>
 
|}
 
|}
  
  
==== Firewall ====
+
==== Gateway ====
 +
 
 +
Note: change from net-gateway to gateway
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 3,872: Line 4,067:
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os firewall create
+
os gateway create
    [--description <description>]
 
 
     [--project <project>]
 
     [--project <project>]
     [--enable | --disable]
+
     [--device <device>]
    [--share | --no-share]
 
 
     <name>
 
     <name>
 
</source>
 
</source>
NOTE(dtroyer): need a better name for --not-shared?
+
NOTE(dtroyer): consider changing the --device syntax to remove the embedded device_id=,interface_name=
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron firewall-create  
+
neutron net-gateway-create
     <policy>
+
     <name>
 
     [--tenant-id TENANT_ID]
 
     [--tenant-id TENANT_ID]
     [--name NAME]
+
     [--device DEVICE]
    [--description DESCRIPTION]
 
    [--shared]
 
    [--admin-state-down]
 
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os firewall delete
+
os gateway delete
     <firewall>
+
     <gateway>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron firewall-delete
+
neutron net-gateway-delete
     <firewall>
+
     <gateway>
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os firewall list
+
os gateway list
 
     [--long]
 
     [--long]
    [--sort-key FIELD]
 
    [--sort-dir {asc,desc}]
 
 
</source>
 
</source>
NOTE(dtroyer): need to think about the sort stuff
 
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron firewall-list
+
neutron net-gateway-list
    [-P SIZE] [--sort-key FIELD]
 
    [--sort-dir {asc,desc}]
 
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os firewall set
+
os gateway set
     <firewall>
+
     <gateway>
 
</source>
 
</source>
NOTE(dtroyer): what is being changed?
 
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron firewall-update
+
neutron net-gateway-update
     <firewall>
+
     <gateway>
 
</source>
 
</source>
 
|-
 
|-
 
|<source lang="bash">
 
|<source lang="bash">
os firewall show
+
os gateway show
     <firewall>
+
     <gateway>
 
</source>
 
</source>
 
|| no || ||
 
|| no || ||
 
<source lang="bash">
 
<source lang="bash">
neutron firewall-show
+
neutron net-gateway-show
     <firewall>
+
     <gateway>
 
</source>
 
</source>
 
|}
 
|}
  
 
==== Firewall Policy ====
 
 
NOTE(dtroyer): need to work out the format of FIREWALL_RULE
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Neutron command
 
|-
 
|<source lang="bash">
 
os firewall policy create
 
    [--description <description>]
 
    [--project <project>]
 
    [--firewall-rules <rules>]
 
    [--share | --no-share]
 
    [--audit | --no-audit]
 
    <name>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-create
 
    <name>
 
    [--tenant-id TENANT_ID]         
 
    [--description DESCRIPTION]
 
    [--shared]
 
    [--firewall-rules FIREWALL_RULES]
 
    [--audited]
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall policy delete
 
    <policy>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-delete
 
    <policy>
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall policy add rule
 
    [--insert-before FIREWALL_RULE]
 
    [--insert-after FIREWALL_RULE]
 
    <policy>
 
    <rule>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-insert-rule
 
    <policy>
 
    <rule>
 
    [--insert-before FIREWALL_RULE]       
 
    [--insert-after FIREWALL_RULE]
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall policy list
 
    [--long]
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-list
 
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
 
    [--sort-dir {asc,desc}]
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall policy remove rule
 
    <policy>
 
    <rule>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-remove-rule
 
    <policy>
 
    <rule>
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall policy set
 
    <policy>
 
</source>
 
NOTE(dtroyer): what is being changed?
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-update
 
    <policy>
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall policy show
 
    <policy>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-policy-show
 
    <policy>
 
</source>
 
|}
 
 
 
==== Firewall Rule ====
 
 
{| class="wikitable"
 
|-
 
! OSC Command !! Implemented !! !! Neutron command
 
 
|-
 
|<source lang="bash">
 
os firewall rule create
 
    [--project <project>]
 
    [--description <description>]
 
    [--source-ip-address SOURCE_IP_ADDRESS]
 
    [--destination-ip-address DESTINATION_IP_ADDRESS]
 
    [--source-port SOURCE_PORT]
 
    [--destination-port DESTINATION_PORT]
 
    [--enable | --disable]
 
    [--share | --no-share]
 
    --protocol tcp|udp|icmp|any
 
    --action allow|deny
 
    <name>
 
</source>
 
NOTE(dtroyer): it might be more consistent to change --protocol and --action to direct options; ex: '--tcp | --udp | --icmp | --any'
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-rule-create
 
    [--tenant-id TENANT_ID]
 
    [--name NAME]
 
    [--description DESCRIPTION]
 
    [--shared]
 
    [--source-ip-address SOURCE_IP_ADDRESS]
 
    [--destination-ip-address DESTINATION_IP_ADDRESS]
 
    [--source-port SOURCE_PORT]
 
    [--destination-port DESTINATION_PORT]
 
    [--disabled]
 
    --protocol {tcp,udp,icmp,any}
 
    --action {allow,deny}
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall rule delete
 
    <rule>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-rule-delete
 
    <rule>
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall rule list
 
    [--long]
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-rule-list
 
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
 
    [--sort-dir {asc,desc}]
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall rule show
 
    <rule>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-rule-show
 
    <rule>
 
    [-F FIELD]
 
</source>
 
|-
 
|<source lang="bash">
 
os firewall rule
 
    [--protocol tcp|udp|icmp|any]
 
    <rule>
 
</source>
 
|| no || ||
 
<source lang="bash">
 
neutron firewall-rule-update
 
    <rule>
 
    [--protocol {tcp,udp,icmp,any}]
 
</source>
 
|}
 
  
 
==== IP Floating ====
 
==== IP Floating ====

Revision as of 16:13, 12 December 2013

Contents

Command Structure

The detailed command structure is described in OpenStackClient/HumanInterfaceGuidelines#Command_Structure.

Command Arguments

  • Arguments that normally require an ID in the OS-API may also use the name or other short identifier where reasonable to support
  • Optional machine-parsable format is available with list and show commands. List has an option for CSV-formatted output (see --format, --quote options for a list command) while show has an option for shell-assignment formatted output (see --format option for a show command).


Objects

Note: these need a review to sync up with the revised object names without dashes ('-') in them.

Actions

The actions used by OpenStackClient are defined below to provide a consistent meaning to each action. Many of them have logical opposite actions. Those actions with an opposite action are noted in parens if applicable.

  • authorize - authorize a token (used in OAuth)
  • add (remove) - add some object to a container object; the command is built in the order of "container add object" (<container> <object>), the positional arguments appear in the same order
  • attach (detach) - deprecated; use add/remove
  • create (delete) - create a new occurrance of the specified object
  • delete (create) - delete a specific occurrance of the specified object
  • detach (attach) - deprecated; use add/remove
  • list - display summary information about multiple objects
  • lock (unlock)
  • migrate - move a server to a different host; --live performs a live migration if possible
  • pause (unpause) - stop a server and leave it in memory
  • reboot - forcibly reboot a server
  • rebuild - rebuild a server using (most of) the same arguments as in the original create
  • remove (add) - remove an object from a group of objects
  • rescue (unrescue) - reboot a server in a special rescue mode allowing access to the original disks
  • resize - change a server's flavor
  • resume (suspend) - return a suspended server to running state
  • save - download an object locally
  • set (unset) - set a property on the object, formerly called metadata
  • show - display detailed information about the specific object
  • ssh
  • suspend (resume) - stop a server and save to disk freeing memory
  • unlock (lock)
  • unpause (pause) - return a paused server to running state
  • unrescue (rescue) - return a server to normal boot mode
  • unset (set) - remove an attribute of the object

Global Options

The common global options from the default OpenStack clients have been mapped to the set of global options below.

OSC Option Environment Variable Option Environment Variable
--version --version
--help --help
--debug --debug
--quiet
--verbose
--log-file <filename>
--os-auth-url <url> OS_AUTH_URL --os-auth-url <url> OS_AUTH_URL
--os-tenant-name <name> OS_TENANT_NAME --os-tenant-name <name> OS_TENANT_NAME
--os-tenant-id <id> OS_TENANT_ID --os-tenant-id <id> OS_TENANT_ID
--os-username <name> OS_USERNAME --os-username <name> OS_USERNAME
--os-password <pw> OS_PASSWORD --os-password <pw> OS_PASSWORD
--os-region-name <region> OS_REGION_NAME --os-region-name <region> OS_REGION_NAME
--os-cacert <file> OS_CACERT --os-cacert <file> OS_CACERT
--insecure
--os-use-keyring


Common Options

A number of options will appear in many commands and should have the same form in all commands to the extent possible.

Option Description Usual Default
--description describes an object none
--enable Used for setting the enabled state for an object n/a
--disable Used for setting the enabled state for an object n/a

Command Mapping Summary

This is an example mapping of the existing commands from Keystone (Identity), Nova (Compute), Glance (Image) and Cinder (Volume) to the <verb> <object> form for the OpenStackClient cli tool. It reduces both the number of verbs and objects by handling some of the smaller differences with command line options.

Further consolidation could be achieved by additional options or by introduction secondary objects to the syntax. For example, the credentials and x509-cert (and x509-root-cert) objects could be combined:


nova x509-create-cert [<pk-file>] [<x509-cert>] os create credentials --x509 [<pk-file>] [<x509-cert>]
nova credentials os show credentials
nova x509-get-root-cert os show credentials --x509 --root


Cross API

Object names that appear in multiple APIs, like quota, are handled by putting their command handler classes in openstackclient.common. If the number of these becomes large they should be moved into a subdirectory.

credentials

[consider rolling the ec2 creds into this too]

OSC Command Implemented Keystone command
os credentials create
    --x509
    [<private-key-file>]
    [<certificate-file>]
no
nova x509-create-cert
    [<pk-file>]
    [<x509-cert>]
os credentials show
    [--token]
    [--user]
    [--x509 [--root]]
no
nova credentials
    [--wrap <integer>]

nova x509-get-root-cert
    [<filename>]

limits

OSC Command Implemented Keystone command
os limits show
    --absolute [--reserved] | --rate
yes
nova absolute-limits
    [--reserved]

nova rate-limits

cinder absolute-limits

cinder rate-limits

quota

OSC Command Implemented Keystone command
os quota set
    # Compute settings
    [--cores <num-cores>]
    [--fixed-ips <num-fixed-ips>]
    [--floating-ips <num-floating-ips>]
    [--injected-file-size <injected-file-bytes>]
    [--injected-files <num-injected-files>]
    [--instances <num-instances>] 
    [--key-pairs <num-key-pairs>]
    [--properties <num-properties>]
    [--ram <ram-mb>] 

    # Volume settings
    [--gigabytes <new-gigabytes>]
    [--snapshots <new-snapshots>]
    [--volumes <new-volumes>]

    <project>
yes
nova quota-update
    [--instances <instances>] 
    [--cores <cores>]
    [--ram <ram>] 
    [--volumes <volumes>]
    [--gigabytes <gigabytes>]
    [--floating-ips <floating_ips>]
    [--metadata-items <metadata_items>]
    [--injected-files <injected_files>]
    [--injected-file-content-bytes <injected_file_content_bytes>]
    <tenant_id>

cinder quota-update
    [--volumes <volumes>]
    [--snapshots <snapshots>]
    [--gigabytes <gigabytes>]
    <tenant_id>
os quota set
    --class
    # Compute settings
    [--cores <num-cores>]
    [--fixed-ips <num-fixed-ips>]
    [--floating-ips <num-floating-ips>]
    [--injected-file-size <injected-file-bytes>]
    [--injected-files <num-injected-files>]
    [--instances <num-instances>] 
    [--key-pairs <num-key-pairs>]
    [--properties <num-properties>]
    [--ram <ram-mb>] 

    # Volume settings
    [--gigabytes <new-gigabytes>]
    [--snapshots <new-snapshots>]
    [--volumes <new-volumes>]

    <class>
yes
nova quota-class-update 
    [--instances <instances>] 
    [--cores <cores>]
    [--ram <ram>] 
    [--volumes <volumes>]
    [--gigabytes <gigabytes>]
    [--floating-ips <floating_ips>]
    [--metadata-items <metadata_items>]
    [--injected-files <injected_files>]
    [--injected-file-content-bytes <injected_file_content_bytes>]
    <class>

cinder quota-class-update
    [--volumes <volumes>]
    [--snapshots <snapshots>]
    [--gigabytes <gigabytes>]
    <tenant_id>
os quota show
    [--default]
    <project>
yes
nova quota-show
    [--tenant <tenant-id>]

cinder quota-show
    <tenant_id>

nova quota-defaults
    <tenant_id>

cinder quota-defaults
    <tenant_id>
os quota show
    --class
    <class>
yes
nova quota-class-show
    <class>

cinder quota-class-show
    <class>


Compute

OSC Option Environment Variable Nova Option Environment Variable
--os-auth-system <auth-system> OS_AUTH_SYSTEM
--service-type <type>
--service-name <name> NOVA_SERVICE_NAME
--volume-service-name <name> NOVA_VOLUME_SERVICE_NAME
--endpoint-type <type> NOVA_ENDPOINT_TYPE
--os-compute-api-version <ver> OS_COMPUTE_API_VERSION --os-compute-api-version <ver> OS_COMPUTE_API_VERSION
--bypass-url <bypass-url>


API v2 (1.1)

agent

OSC Command Implemented Nova command
os agent create
    <os>
    <architecture>
    <version>
    <url>
    <md5hash>
    <hypervisor>
yes
os agent delete
    <id>
yes
os agent list 
    [--hypervisor <hypervisor>]
yes
os agent set
    <id>
    <version>
    <url>
    <md5hash>
yes


aggregate

OSC Command Implemented Nova command
os aggregate add host
    <aggregate>
    <host>
yes
nova aggregate-add-host
    <id>
    <host>
os aggregate create
    [--zone <availability-zone>]
    [--property <key=value>]
    <name>
yes
nova aggregate-create
    <name>
    [<availability_zone>]
os aggregate delete
    <aggregate>
yes
nova aggregate-delete
    <id>
os aggregate list
    [--long]
yes
nova aggregate-list
os aggregate remove host
    <aggregate>
    <host>
yes
nova aggregate-remove-host
    <id>
    <host>
os aggregate set
    [--name <new-name>]
    [--zone <availability-zone>]
    [--property <key=value>]
    <aggregate>
yes
nova aggregate-update
    <id>
    <name>
    [<availability_zone>]

nova aggregate-set-metadata
    <id>
    <key=value>
    [<key=value> ...]
os aggregate show
    <aggregate>
yes
nova aggregate-details
    <id>

bash-completion

OSC Command Implemented Nova command

TBD

no
nova bash-completion

cloudpipe

OSC Command Implemented Nova command
os create cloudpipe
    <project>
no
nova cloudpipe-create
    <project>
os list cloudpipe
no
nova cloudpipe-list

console

OSC Command Implemented Nova command
os console log show
    [--lines <num-lines>]
    <server>
yes
nova console-log
    [--length <length>]
    <server>
os console url show
    [--novnc | --xvpvnc | --spice]
    <server>
yes
nova get-vnc-console
    <server>
    <console_type>

credentials

See credentials in the cross API section.

diagnostics

OSC Command Implemented Nova command
os server show
    --diagnostics
    <server>
yes
nova diagnostics
    <server>

dns

These commands need some attention...an IP shouldn't be required for all record types. They need to be more DNS-y. Zone anyone?

OSC Command Implemented Nova command
os create dns
    [--type <type>]
    <ip>
    <name>
    <domain>
no
nova dns-create
    [--type <type>]
    <ip>
    <name>
    <domain>
os delete dns
    <domain>
    <name>
no
nova dns-delete
    <domain>
    <name>
os list dns
    [--ip <ip>]
    [--name <name>]
    <domain>
no
nova dns-list
    [--ip <ip>]
    [--name <name>]
    <domain>
os create dns-domain
    [--project <project>]
    [--availability-zone <availability-zone>]
    [--public | --private]
    <domain>
no
nova dns-create-private-domain
    [--availability_zone <availability_zone>]
    <domain>

nova dns-create-public-domain
    [--project <project>]
    <domain>
os delete dns-domain
    <domain>
no
nova dns-delete-domain
    <domain>
os list dns-domains
no
nova dns-domains

endpoints

Totally duplicates Identity catalog command

OSC Command Implemented Nova command
os endpoint list
no
nova endpoints


flavor

OSC Command Implemented Nova command
os flavor create
    [--id <id>]
    [--ram <size-mb>]
    [--disk <size-gb>]
    [--ephemeral-disk <size-gb>]
    [--swap <size-mb>]
    [--vcpus <num-cpu>]
    [--rxtx-factor <factor>]
    [--public | --private]
    <name>
(partial)
default: auto
default: 256M
default: 0G
default: 0G
default: 0G
default: 1
default: 1
default: public
nova flavor-create
    [--ephemeral <ephemeral>] 
    [--swap <swap>]
    [--rxtx-factor <factor>]
    <name>
    <id>
    <ram>
    <disk>
    <vcpus>
os flavor delete
    <flavor>
yes
nova flavor-delete 
    <id>
os flavor list
yes
nova flavor-list
os flavor show
    <flavor>
yes


host

OSC Command Implemented Nova command
os host list
    [--zone <availability-zone>]
yes
nova host-action
    [--action <action>]
    <hostname>
os host set
    ...
no
nova host-update
    [--status <status>] 
    [--maintenance <maintenance_mode>]
    <hostname>
os host show
    <host>
yes


hypervisor

OSC Command Implemented Nova command
os hypervisor list
    [--matching <hostname>]
yes
os hypervisor show
    <id>
yes


ip fixed

OSC Command Implemented Nova command
os ip fixed add
    <network>
    <server>
yes
nova add-fixed-ip
    <server>
    <network_id>
os ip fixed remove
    <ip-address>
    <server>
yes
nova remove-fixed-ip
    <server>
    <address>


ip floating

OSC Command Implemented Nova command
os ip floating add
    <ip-address>
    <server>
yes
nova add-floating-ip
    <server>
    <address>
os ip floating create
    [<pool>]
yes
nova floating-ip-create
    [<floating_ip_pool>]
os ip floating delete
    <ip-address>
yes
nova floating-ip-delete
    <address>
os ip floating list
yes
nova floating-ip-list
os ip floating remove
    <ip-address>
    <server>
yes
nova remove-floating-ip
    <server>
    <address>


ip floating pool

OSC Command Implemented Nova command
os ip floating pool list
yes
nova floating-ip-pool-list


keypair

OSC Command Implemented Nova command
os keypair create
    [--public-key <file>]
    <name>
yes
nova keypair-add
    [--pub_key <pub_key>]
    <name>
os keypair delete
    <name>
yes
nova keypair-delete
    <name>
os keypair list
yes
nova keypair-list
os keypair show
    [--public-key]
    <name>
yes


limits

See limits in the cross API section.


quota

See quota in the cross API section.


secgroup

OSC Command Implemented Nova command
os secgroup add

(see server add secgroup)
no
nova add-secgroup
    <server>
    <secgroup>
os secgroup create
    [--description <description>]
    <name>
yes
nova secgroup-create
    <name>
    <description>
os secgroup delete
    <group>
yes
nova secgroup-delete
    <secgroup>
os secgroup list
    [--all-projects]
yes
nova secgroup-list
     [--all-tenants [<0|1>]]
os secgroup remove

(see server remove secgroup)
no
nova remove-secgroup
    <server>
    <secgroup>
os secgroup set
    [--name <new-name>]
    [--description [<new-description>]
    <group>
yes
nova secgroup-update
    <secgroup>
    <name>
    <description>
os secgroup show
    <group>
yes
n/a

secgroup-group-rule

OSC Command Implemented Nova command
os secgroup group rule create
    [--proto <protocol>]
    [--port <port>:<port>]
    <source-group>
    <secgroup>
no
nova secgroup-add-group-rule
    [--ip_proto <ip_proto>]
    [--from_port <from_port>]
    [--to_port <to_port>]
    <secgroup>
    <source_group>
os secgroup group rule delete
    [--proto <protocol>]
    [--port <port>:<port>]
    <source-group>
    <secgroup>
no
nova secgroup-delete-group-rule
    [--ip_proto <ip_proto>]
    [--from_port <from_port>]
    [--to_port <to_port>]
    <secgroup>
    <source_group>

secgroup-rule

OSC Command Implemented Nova command
os secgroup rule create
    [--proto <proto>]
    [--src-ip <ip-address>]
    [--dst-port <port-range>]
    <group>
no
nova secgroup-add-rule
    <secgroup>
    <ip_proto>
    <from_port>
    <to_port>
    <cidr>
os secgroup rule delete
    [--proto <proto>]
    [--src-ip <ip-address>]
    [--dst-port <port-range>]
    <group>
no
nova secgroup-delete-rule
    <secgroup>
    <ip_proto>
    <from_port>
    <to_port>
    <cidr>
os secgroup rule list
    <group>
no
nova secgroup-list-rules
    <secgroup>

server

OSC Command Implemented Nova command
os server add secgroup
    <server>
    <group>
yes
nova add-secgroup
    <server>
    <secgroup>
os server add volume
    [--device <device>]
    <server>
    <volume>
yes
nova volume-attach
    <server>
    <volume>
    <device>
os server create
    --image <image>
    --flavor <flavor>
    [--security-group <security-group-list> [...] ]
    [--key-name <key-name>]
    [--meta-data <key=value> [...] ]
    [--file <dest-filename=source-filename>] [...] ]
    [--user-data <user-data>]
    [--availability-zone <zone-name>]
    [--block-device-mapping <dev-name=mapping> [...] ]
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr> [...] ]
    [--hint <key=value> [...] ]
    [--config-drive <value>|True ]
    [--min <count>]
    [--max <count>]
    [--wait]
    <server-name>
yes
nova boot
    [--flavor <flavor>]
    [--image <image>]
    [--meta <key=value>]
    [--file <dst-path=src-path>]
    [--key_name <key_name>]
    [--user_data <user-data>]
    [--availability_zone <availability-zone>]
    [--security_groups <security_groups>]
    [--block_device_mapping <dev_name=mapping>]
    [--hint <key=value>]
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>]
    [--config-drive <value>]
    [--poll]
    <name>
os server delete
    <server>
yes
nova delete
    <server>
os server image create
    [--name <image-name>]
    [--wait]
    <server>
yes
nova image-create
    [--poll]
    <server>
    <name>
os server list
    [--reservation-id <reservation-id>] 
    [--ip <ip-regex>]
    [--ip6 <ip6-regex>] 
    [--name <name-regex>]
    [--instance-name <instance-name-regex>] 
    [--status <status>]
    [--flavor <flavor>]
    [--image <image>] 
    [--host <hostname>]
    [--all-tenants]
yes
nova list
    [--reservation_id <reservation_id>] 
    [--ip <ip_regexp>]
    [--ip6 <ip6_regexp>] 
    [--name <name_regexp>]
    [--instance_name <name_regexp>] 
    [--status <status>]
    [--flavor <flavor>] [--image <image>] 
    [--host <hostname>]
    [--all_tenants [<0|1>]]
os server lock
    <server>
yes
nova lock
    <server>
os server migrate
    [--wait]
    <server>

os server migrate
    --live <host>
    [--shared-migration | --block-migration]
    [--disk-overcommit | --no-disk-overcommit]
    [--wait]
    <server>
yes
nova migrate
    [--poll]
    <server>

nova live-migration
    [--block_migrate] 
    [--disk_over_commit]
    <server>
<host>
os server pause
    <server>
yes
nova pause
    <server>
os server reboot
    [--hard | --soft]
    [--wait]
    <server>
yes
nova reboot
    [--hard]
    [--poll]
    <server>
os server rebuild
    --image <image>
    [--password <password>] 
    [--wait]
    <server>
yes
nova rebuild
    [--rebuild_password <rebuild_password>] 
    [--poll]
    <server>
    <image>
os server remove secgroup
    <server>
    <group>
yes
nova remove-secgroup
    <server>
    <secgroup>
os server remove volume
    <server>
    <volume>
yes
nova volume-detach
    <server>
    <volume>
os server rescue
    <server>
yes
nova rescue
    <server>
os server resize
    --flavor <flavor>
    [--wait]
    <server>

os server resize
    --confirm
    <server>

os server resize
    --revert
    <server>
yes
nova resize
    [--poll]
    <server>
    <flavor>

nova resize-confirm
    <server>

nova resize-revert
    <server>
os server resume
    <server>
yes
nova resume
    <server>
os server set
    --name <new-name>
    --property <key=value>
    [--property <key=value>] ...
    --root-password
    <server>
yes
nova meta
    <server>
    <action>
    <key=value>
    [<key=value> ...]

nova rename
    <server>
    <name>

nova root-password
    <server>
os server show
    <server>
yes
nova show
    <server>
os server ssh
    [--login <login-name>]
    [--port <port>]
    [--identity <keyfile>]
    [--option <config-options>]
    [-4 | -6]
    [--private | --public | --address-type <address-type>]
    <server>
yes
nova ssh
    [--port PORT]
    [--private]
    [--ipv6]
    [--login <login>]
    <server>
os server suspend
    <server>
yes
nova suspend
    <server>
os server unlock
    <server>
yes
nova unlock
    <server>
os server unpause
    <server>
yes
nova unpause
    <server>
os server unrescue
    <server>
yes
nova unrescue
    <server>
os unset server
    --property <key>
    [--property <key>] ...
    <server>
yes
nova meta
    <server>
    <action>
    <key=value>
    [<key=value> ...]

usage

OSC Command Implemented Nova command
os usage list
    [--start <start>]
    [--end <end>]
no
nova usage-list
    [--start <start>]
    [--end <end>]


x509-cert

See credentials in the cross API section.

x509-root-cert

See credentials in the cross API section.

Identity

OSC Option Environment Variable Keystone Option Environment Variable
--os-identity-api-version <ver> OS_IDENTITY_API_VERSION --os-identity-api-version <ver> OS_IDENTITY_API_VERSION
--os-token <token> OS_TOKEN --os-token <token> OS_SERVICE_TOKEN
--os-url <url> OS_URL --os-endpoint <url> OS_SERVICE_ENDPOINT
--os-cert <file> OS_CERT
--os-key <key-file> OS_KEY
--os-cache OS_CACHE
--force-new-token
--stale-duration <seconds>

API v2.0

catalog

OSC Command Implemented Keystone command
os catalog show
    [--service <service>]
no
keystone catalog
    [--service <service-type>]

ec2 credentials

OSC Command Implemented Keystone command
os ec2 credentials create
    [--project <project>]
    [--user <user>]
yes
keystone ec2-credentials-create
    [--user <user-id>] 
    [--tenant_id <tenant-id>]
os ec2 credentials delete
    [--user <user>]
    <access-key>
yes
keystone ec2-credentials-delete
    [--user <user-id>] 
    --access <access-key>
os ec2 credentials list
    [--user <user>]
yes
keystone ec2-credentials-list
    [--user <user-id>]
os ec2 credentials show
    [--user <user>]
    <access-key>
yes
keystone ec2-credentials-get
    [--user <user-id>] 
    --access <access-key>

endpoint

OSC Command Implemented Keystone command
os endpoint create
    --publicurl <public-url>
    [--adminurl <admin-url>]
    [--internalurl <internal-url>]
    [--region <endpoint-region>]
    <service>
yes
keystone endpoint-create
    [--region <endpoint-region>]
    [--service_id <service-id>]
    [--publicurl <public-url>]
    [--adminurl <admin-url>]
    [--internalurl <internal-url>]
os endpoint delete
    <endpoint-id>
yes
keystone endpoint-delete
    <endpoint-id>
os endpoint list
    [--long]
yes
keystone endpoint-list
os endpoint show
    [--type <endpoint-type>]
    [--attr <endpoint-attribute>] 
    [--value <endpoint-value>]
    [--all]
    <service-type>
yes
keystone endpoint-get
    --service <service-type>
    [--endpoint_type <endpoint-type>]
    [--attr <service-attribute>] 
    [--value <value>]

project

OSC Command Implemented Keystone command
os project create
    [--description <description>]
    [--enable | --disable]
    <project-name>
yes
keystone tenant-create
    --name <tenant-name>
    [--description <tenant-description>]
    [--enabled <true|false>]
os project delete
    <project>
yes
keystone tenant-delete
    <tenant>
os project list
    [--long]
yes
keystone tenant-list
os project set
    [--name <new-project-name>]
    [--description <new-project-description>]
    [--enable | --disable]
    <project>
yes
keystone tenant-update
    [--name <tenant_name>]
    [--description <tenant-description>]
    [--enabled <true|false>]
    <tenant-id>
os project show
    <project>
yes
keystone tenant-get
    <tenant-id>

role

OSC Command Implemented Keystone command
os role create
    <role-name>
yes
keystone role-create --name
    <role-name>
os role delete
    <role>
yes
keystone role-delete
    <role-id>
os role list
yes
keystone role-list
os role show
    <role>
yes
keystone role-get
    <role-id>

service

OSC Command Implemented Keystone command
os service create
    [--type <service-type>]
    [--description <service-description>]
    <service-name>
yes
keystone service-create
    --name <name> 
    --type <type>
    [--description <service-description>]
os service delete
    <service>
yes
keystone service-delete
    <service-id>
os service list
    [--long]
yes
keystone service-list
os service show
    [--catalog]
    <service>
yes
keystone service-get
    <service-id>

token

OSC Command Implemented Keystone command
os token show
    [--width <token-display-width>]
 ??
keystone token-get [--wrap <integer>]

user

OSC Command Implemented Keystone command
os user create
    [--password <user-password>]
    [--email <user-email>]
    [--tenant <tenant>]
    [--enable | --disable]
    <user-name>
yes
keystone user-create
    --name <user-name> 
    [--tenant_id <tenant-id>]
    [--pass <pass>] 
    [--email <email>]
    [--enabled <true|false>]
os user delete
    <user>
yes
keystone user-delete
    <user-id>
os user list
    [--tenant <tenant>]
    [--long]
yes
keystone user-list
    [<tenant-id>]
os user set
    [--name <new-user-name>]
    [--password <user-password>]
    [--email <user-email>]
    [--tenant <tenant>]
    [--enable|--disable]
    <user>
yes
keystone user-password-update
    --pass <password>
    <user-id>
os user show
    <user>
yes
keystone user-get
    <user-id>

user role

OSC Command Implemented Keystone command
os user role add
    [--tenant <tenant>]
    <user>
    <role>
yes
keystone user-role-add
    --user <user-id>
    --role <role-id>
    [--tenant_id <tenant-id>]
os user role list
    [--tenant <tenant>]
    [<user>]
yes
keystone user-role-list
    [--user <user-id>]
    [--tenant_id <tenant-id>]
os user role remove
    [--tenant <tenant>]
    <user>
    <role>
yes
keystone user-role-remove
    --user <user-id>
    --role <role-id>
    [--tenant_id <tenant-id>]

<other>

These keystone commands are not planned for re-implementation in OpenStackClient

keystone bootstrap
        --pass <password>
        [--user-name <user-name>]
        [--role-name <role-name>]
        [--tenant-name <tenant-name>]
keystone discover

API v3

credential

OSC Command Implemented Keystone command
os credential create
    [--project <project>]
    [--type ec2|cert]
    <user>
    <data>
yes
keystone credential-create
    --user_id <user-id>
    --type <credential-type>
    --data <credential-data>
    [--project_id <project-id>]
os credential delete
    <credential-id>
yes
keystone credential-delete
    <credential-id>
os credential list
yes
keystone credential-list
os credential set
    [--user <user>]
    [--type ec2|cert]
    [--data <data>]
    [--project <project>]
    <credential-id>
yes
keystone credential-update
    [--user <user>]
    [--type <type>]
    [--data <data>]
    [--project <project>]
    <credential-id>
os credential show
    <credential-id>
yes
keystone credential-get
    <credential-id>

domain

OSC Command Implemented Keystone command
os domain create
    [--description <domain-description>]
    [--enable | --disable]
    <domain-name>
yes
keystone domain-create
    --name <domain-name>
    [--description <domain-description>]
    [--enabled <true|false>]
    [--private_project_names <true|false>]
    [--private_user_names <true|false>]
os domain delete
    <domain>
yes
keystone domain-delete
    <domain-id>
os domain list
yes
keystone domain-list
os domain set
    [--name <new-domain-name>]
    [--description <new-domain-description>]
    [--enable | --disable]
    <domain>
yes
keystone domain-update
    [--name <domain_name>]
    [--description <domain-description>]
    [--enabled <true|false>]
    [--private_project_names <true|false>]
    [--private_user_names <true|false>]
    <domain-id>
os domain show
    <domain>
yes
keystone domain-get
    <domain-id>

endpoint

OSC Command Implemented Keystone command
os endpoint create
    [--region <endpoint-region>
    [--enable | --disable]
    <service>
    <interface admin|public|internal>
    <url>
yes
keystone endpoint-create 
    [--region <endpoint-region>
    [--enable | --disable]
    <service_id>
    <interface admin|public|internal>
    <url>
os endpoint delete
    <endpoint-id>
yes
os endpoint list
    [--long]
yes
keystone endpoint-list
os endpoint set
    [--interface <endpoint-interface>]
    [--url <endpoint-url>]
    [--service <service-id>]
    [--region <endpoint-region>]
    [--enable | --disable]
    <endpoint>
yes
keystone endpoint-set
    [--interface <endpoint-interface>]
    [--url <endpoint-url>]
    [--service <service-id>]
    [--region <endpoint-region>]
    [--enable | --disable]
    <endpoint>
os endpoint show
    <endpoint>
yes
keystone endpoint-get 
    <endpoint>

group

OSC Command Implemented Keystone command
os group create
    [--domain <domain>]
    [--description <group-description>]
    <group-name>
yes
keystone group-create
    --name <group-name>
    [--domain_id <domain-id>]
    [--description <group-description>]
os group delete
    <group>
yes
keystone group-delete
    <group-id>
os group list
    [--long]
yes
keystone group-list
os group set
    [--name <new-group-name>]
    [--domain <domain>]
    [--description <new-group-description>]
    <group>
yes
keystone group-update
    [--name <group_name>]
    [--domain_id <domain-id>]
    [--description <group-description>]
    <group-id>
os group show
    <group>
yes
keystone group-get
    <group-id>

oauth

OSC Command Implemented Keystone command
os oauth request token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --roles <requested-roles>
yes

n /a

os oauth request token authorize
    --request-key <request-key>
    --roles <requested-roles>
yes

n /a

os oauth access token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --request-key <request-key>
    --request-secret <request-secret>
    --verifier <pin>
yes
n/a
os oauth access token authenticate
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --access-key <access-key>
    --access-secret <access-secret>
yes

n /a

os oauth authorization list
    user <user>
yes

n /a

os oauth authorization delete
    user <user>
    access-id <access-id>
yes

n /a

os oauth authorization show
    request-id <request-id>
yes

n /a

look at some alternatives:
os oauth token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --request-key <request-key>
    --request-secret <request-secret>
    --verifier <pin>
nyet
* makes the token specific to oauth
* add [--oauth-ver X] if versioning for oauth2 is an issue?
os oauth token create
    --request
    --consumer-key <consumer-key>
    --roles <roles>
nyet
* collapse 'access token' and 'request token' into 'oauth token'?

policy

OSC Command Implemented Keystone command
os policy create
    [--type <policy-type>]
    --blob-file <blob-file>
yes
keystone policy-create
    --type <policy-type>
    --blob <policy-blob>
os policy delete
    <policy-id>
yes
keystone policy-delete
    <policy-id>
os policy list
    [--include-blob]
yes
keystone policy-list
os policy set
    [--type <policy-type>]
    [--blob-file<blob-file>]
    <policy-id>
yes
keystone policy-update
    [--type <policy-type>]
    [--blob <policy-blob>]
    <policy-id>
os policy show
    <policy-id>
yes
keystone policy-get
    <policy-id>

project

OSC Command Implemented Keystone command
os project create
    [--domain <project-domain>]
    [--description <project-description>]
    [--enable | --disable]
    <project-name>
yes
keystone project-create
    [--domain_id <domain_id>]
    [--description <description>]
    [--enable | --disable]
    <name>
os project delete
    <project>
yes
os project-delete
    <project_id>
os project list
    [--long]
yes
keystone project-list
os project set
    [--name <new-project-name>]
    [--domain <project-domain>]
    [--description <new-project-description>]
    [--enable | --disable]
    <project>
yes
keystone project-set
    [--name <new-project-name>]
    [--domain <project-domain>]
    [--description <new-project-description>]
    [--enable | --disable]
    <project_id>
os project show
    <project>
yes
keystone project-get
    <project_id>

role

OSC Command Implemented Keystone command
os role add
    [--user <user> | --group <group>]
    [--domain <domain> | --project <project>]
    <role>
yes
os role create
    <role-name>
yes
os role delete
    <role>
yes
os role list
yes
os role remove
    [--user <user> | --group <group>]
    [--domain <domain> | --project <project>]
    <role>
yes
os role set
    [--name <new-role-name>]
    <role>
yes
os role show
    <role>
yes

service

OSC Command Implemented Keystone command
os service create
	[--name <name>]
        [--enabled <true|false>]
        <type>
yes
keystone service-create
	[--name <name>]
        [--enabled <true|false>]
        <type>
os service delete
    <service>
yes
keystone service-delete
    <service_id>
os list service
yes
keystone service-list
os service set
    [--type <service-type>]
    [--name <new-name>]
    [--enable | --disable]
    <service>
yes
keystone service-set
    [--type <service-type>]
    [--name <new-name>]
    [--enable | --disable]
    <service>
os service show
    <service>
yes
keystone service-get 
    <service_id>

user

OSC Command Implemented Keystone command
os user create
    [--password <password>] 
    [--project <project>]
    [--email <user-email>]
    [--enable | --disable]
    <name>
yes
keystone user-create
    --name <user-name> 
    [--domain_id <domain-id>]
    [--default_project_id <project-id>]
    [--description <description>]
    [--enabled <true|false>]
    [--password <password>]
os user delete
    <user>
yes
keystone user-delete
    <user-id>
os user list
    [--project <project>]
    [--long]
yes
keystone user-list
os user set
    [--name <new-name>]
    [--password <password>] 
    [--project <project>]
    [--email <user-email>]
    [--enable | --disable]
    <user>
yes
keystone user-update
    --user_id <user-id>
    [--name <user-name>]
    [--domain_id <domain-id>]
    [--default_project_id <project-id>]
    [--description <description>]
    [--enabled <true|false>]
    [--password <password>]
os user show
    <user>
yes
keystone user-get
    <user-id>

Image

OSC Option Environment Variable Glance Option Environment Variable
--os-image-api-version <ver> OS_IMAGE_API_VERSION --os-image-api-version <ver> OS_IMAGE_API_VERSION
--os-service-type <type> OS_SERVICE_TYPE
--os-endpoint-type <type> OS_ENDPOINT_TYPE
--os-token <token> OS_TOKEN --os-auth-token <token> OS_AUTH_TOKEN
--os-url <url> OS_URL --os-image-url <url> OS_IMAGE_URL
--os-cacert <file> OS_CACERT
--cert-file <file> CERT_FILE
--key-file <key-file> KEY_FILE
--no-ssl-compression


API v1

image

OSC Command Implemented Glance command
os image create
    [--id <id>]
    [--store <store>]
    [--container-format <format>]
    [--disk-format <format>]
    [--owner <tenant>]
    [--size <size-bytes>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <local-filename>]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <name>
yes
glance image-create
    [--id <IMAGE_ID>]
    [--name <NAME>]
    [--disk-format <DISK_FORMAT>]
    [--container-format <CONTAINER_FORMAT>]
    [--owner <TENANT_ID>]
    [--size <SIZE>]
    [--min-disk <DISK_GB>]
    [--min-ram <DISK_RAM>]
    [--location <IMAGE_URL>]
    [--checksum <CHECKSUM>]
    [--copy-from <IMAGE_URL>]
    [--is-public [True|False]]
    [--is-protected [True|False]]
    [--property <key=value>]
    [--human-readable]
os image delete
    <image>
yes
glance image-delete
    <IMAGE_ID>
os image list
    [--page-size <size>]
yes
glance image-list
os image save
    [--file <filename>]
    <image>
yes
glance image-download
    [--file <FILE>]
    <IMAGE>
os image set
    [--name <name>]
    [--owner <tenant>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <image>
yes
glance image-update
    [--name <NAME>]
    [--disk-format <DISK_FORMAT>]
    [--container-format <CONTAINER_FORMAT>]
    [--owner <TENANT_ID>]
    [--size <SIZE>]
    [--min-disk <DISK_GB>]
    [--min-ram <DISK_RAM>]
    [--location <IMAGE_URL>]
    [--file <FILE>]
    [--checksum <CHECKSUM>]
    [--copy-from <IMAGE_URL>]
    [--is-public [True|False]]
    [--is-protected [True|False]]
    [--property <key=value>]
    [--purge-props]
    [--human-readable]
    <IMAGE>
os image show
    <image>
yes
glance image-show
    [--human-readable]
    <IMAGE>

API v2

image

OSC Command Implemented Glance command
os image add project
    <image>
    <project>
no
glance member-create
    [--can-share]
    <IMAGE_ID>
    <TENANT_ID>
os image create
    [--id <id>]
    [--store <store>]
    [--container-format <format>]
    [--disk-format <format>]
    [--owner <tenant>]
    [--size <size-bytes>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <local-filename>]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <name>
# verify v2 options
no
os image delete
    <image>
yes
glance image-delete
    <IMAGE_ID>
os image list
    [--page-size <size>]
yes
glance image-list
os image list
    --shared
    [--image <image>]
    [--project <project>]
no
glance member-list
    [--image-id <IMAGE_ID>]
    [--tenant-id <TENANT_ID>]
os image remove project
    <image>
    <project>
no
glance member-delete
    <IMAGE_ID>
    <TENANT_ID>
os image save
    [--file <filename>]
    <image>
yes
glance image-download
    [--file <FILE>]
    <IMAGE>
os image set
    [--id <id>]
    [--store <store>]
    [--container-format <format>]
    [--disk-format <format>]
    [--owner <tenant>]
    [--size <size-bytes>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <local-filename>]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <name>
no
glance image-update
    [--name <NAME>]
    [--disk-format <DISK_FORMAT>]
    [--container-format <CONTAINER_FORMAT>]
    [--owner <TENANT_ID>]
    [--size <SIZE>]
    [--min-disk <DISK_GB>]
    [--min-ram <DISK_RAM>]
    [--location <IMAGE_URL>]
    [--file <FILE>]
    [--checksum <CHECKSUM>]
    [--copy-from <IMAGE_URL>]
    [--is-public [True|False]]
    [--is-protected [True|False]]
    [--property <key=value>]
    [--purge-props]
    [--human-readable]
    <IMAGE>
os image show
    <image>
yes
glance image-show
    [--human-readable]
    <IMAGE>

image-member

The image member commands have been rolled in to the regualr image commands.

Network

The Network commands in neutron are actually in pretty good shape. It appears most update commands have not be en implemented, but looks pretty solid other than that. Note some questions:

  • Note: Should the --request-format option be a global option. Nice from a developers perspective if you want to test XML for ins

tance, but why would users really care.

  • Note: Should we have --os-network-api-version <ver> argument since neutron currently only supports one version?

NOTE(dtroyer): yes for consistency


OSC Option Environment Variable Nova Option Environment Variable
--os-auth-strategy OS_AUTH_STRATEGY
--os-auth-url OS_AUTH_URL --os-auth-url OS_AUTH_URL
--os-project-name OS_PROJECT_NAME --os-tenant-name OS_TENANT_NAME
--os-project-id OS_PROJECT_ID --os-tenant-id OS_TENANT_ID
--os-username OS_USERNAME --os-username OS_USERNAME
--os-password OS_PASSWORD --os-password OS_PASSWORD
--os-region-name OS_REGION_NAME --os-region-name OS_REGION_NAME
--os-token OS_TOKEN --os-token OS_TOKEN
--os-url OS_URL --os-url OS_URL
--os-cacert OS_CACERT --os-cacert OS_CACERT
--os-network-api-version <ver> OS_NETWORK_API_VERSION


API v2.0

NOTE(dtroyer): I am removing all of the default cliff options for clarity. Also, apparently neutronclient has a different idea of how these are used than OSC.


Agent

NOTE: There is no agent create in neutron at the moment. I assume these should replace the compute commands.

NOTE(dtroyer): The compute agent refers to the bits of code that run inside a VM. A Neutron agent is code that runs on a host system; there are at least 4 different types: plugin, dhcp, l3 and metadata.

OSC Command Implemented Neutron command
os agent delete
    <agent>
no
neutron agent-delete <agent>
os agent list
    [--long]

NOTE(dtroyer): list commands always use --long for their 'show me more stuff' option

no
neutron agent-list
  [-D, --show-details]
  [-F FIELD, --field FIELD]
  [--quote {all,minimal,none,nonnumeric}]
os agent update
    <agent>

NOTE(dtroyer): update commands often map to the OSC verb 'set'. but with no value to set???

no
neutron agent-update <agent>
# NOTE: no args, what does this update?
os agent show
    <agent>
no
neutron agent-show <agent>
  [-D, --show-details]
  [-F FIELD, --field FIELD]

Cisco

NOTE(dtroyer): We need to think about how to handle vendor-plugin-specific bits. I don't want these in the default set...

Note all of these "network pofile" and "policy profile", why not just network and policy, profile is useless.

OSC Command Implemented Neutron command
os cisco credential create <credential_name> <credential_type>
    [--tenant-id TENANT_ID]
    [--username USERNAME]
    [--password PASSWORD]
no
neutron cisco-credential-create <credential_name> <credential_type>
    [--tenant-id TENANT_ID]
    [--username USERNAME]
    [--password PASSWORD]
os cisco credential delete <credential>
no
neutron cisco-credential-delete <credential>
os cisco credential list
    [-F FIELD]
no
neutron cisco-credential-list
    [-F FIELD]
os cisco credential show <credential>
    [-F FIELD]
no
neutron cisco-credential-show <credential>
    [-F FIELD]
os cisco network profile create <name> <vlan|overlay|multi-segment|trunk>
    [--tenant-id TENANT_ID]                 
    [--sub_type SUB_TYPE]                   
    [--segment_range SEGMENT_RANGE]         
    [--physical_network PHYSICAL_NETWORK]   
    [--multicast_ip_range MULTICAST_IP_RANGE]
    [--add-tenant ADD_TENANT]
no
neutron cisco-network-profile-create <name> <vlan|overlay|multi-segment|trunk>
    [--tenant-id TENANT_ID]                 
    [--sub_type SUB_TYPE]                   
    [--segment_range SEGMENT_RANGE]         
    [--physical_network PHYSICAL_NETWORK]   
    [--multicast_ip_range MULTICAST_IP_RANGE]
    [--add-tenant ADD_TENANT]
os cisco network profile delete <profile>
    [--request-format {json,xml}]
no
neutron cisco-network-profile-delete <profile>
    [--request-format {json,xml}]
os cisco network profile list
    [-F FIELD]
no
neutron cisco-network-profile-list
    [-F FIELD]
os cisco network profile show <profile>
    [-F FIELD]
no
neutron cisco-network-profile-show <profile>
    [-F FIELD]
os cisco network profile update <profile>
    [--request-format {json,xml}]
no
neutron cisco-network-profile-update <profile>
    [--request-format {json,xml}]
os cisco policy profile list
    [-F FIELD]
no
neutron cisco-policy-profile-list
    [-F FIELD]
os cisco policy profile show <profile>
    [--request-format {json,xml}] [-D]    
    [-F FIELD]
no
neutron cisco-policy-profile-show <profile>
    [--request-format {json,xml}] [-D]    
    [-F FIELD]
os cisco policy profile update <profile>
    [--request-format {json,xml}]
no
neutron cisco-policy-profile-update <profile>
    [--request-format {json,xml}]


DHCP Agent

  • NOTE(dtroyer): here, 'dhcp agent' will be a two-word object (for now, suggest something shorter? 'dhcp' seems ambiguous)


  • Note: In general, should we support these generic -h and --request-format options from neutron. i think not.

NOTE(dtroyer): the --request-format option seems to want to support structured input data. While interesting that is not something we have addressed with OSC yet. So for now, lets leave them TDB.

OSC Command Implemented Neutron command
os dhcp agent add network
    <dhcp_agent>
    <network>
no
neutron dhcp-agent-network-add <dhcp_agent> <network>
   [--request-format {json,xml}]
os dhcp agent delete network
    <dhcp_agent>
    <network>
  1. Note: delete instead of remove; Maybe just "dhcp delete"

NOTE(dtroyer): this removes a network from an agent (see command structure)

no
neutron dhcp-agent-network-remove <dhcp_agent> <network>
   [--request-format {json,xml}]
os dhcp agent list
    [--long]
    [--networks <dhcp-agent>]

Note why isn't this "dhcp list"?

NOTE(dtroyer): see above, we need to decide if 'dhcp' is a clear enough object name for the dhcp agent

no
neutron dhcp-agent-list-hosting-net <network>

neutron net-list-on-dhcp-agent <dhcp_agent>

Extension

Note: Perhaps this would be a nice general feature.

NOTE(dtroyer): yes it would. We don't have this for any of the other APIs yet so we can play with the structure a bit here

OSC Command Implemented Neutron command
os extension list
    [--long]
    [--service <service>]

Note: Do we want to provide service as an option for this command?

NOTE(dtroyer): maybe. what service exactly? in the Identity API, service means things like 'compute v2', 'identity v3', etc. we need at least the API, I'm not certain if we should expect a user to know that though...

no
neutron ext-list
    [--request-format {json,xml}] [-D] [-F FIELD]
os extension show
    <extension>
no
neutron ext-show <extension> [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]


Firewall

OSC Command Implemented Neutron command
os firewall create
    [--description <description>]
    [--project <project>]
    [--enable | --disable]
    [--share | --no-share]
    <name>

NOTE(dtroyer): need a better name for --not-shared?

no
neutron firewall-create 
    <policy>
    [--tenant-id TENANT_ID]
    [--name NAME]
    [--description DESCRIPTION]
    [--shared]
    [--admin-state-down]
os firewall delete
    <firewall>
no
neutron firewall-delete
    <firewall>
os firewall list
    [--long]
    [--sort-key FIELD]
    [--sort-dir {asc,desc}]

NOTE(dtroyer): need to think about the sort stuff

no
neutron firewall-list
    [-P SIZE] [--sort-key FIELD] 
    [--sort-dir {asc,desc}]
os firewall set
    <firewall>

NOTE(dtroyer): what is being changed?

no
neutron firewall-update
    <firewall>
os firewall show
    <firewall>
no
neutron firewall-show
    <firewall>


Firewall Policy

NOTE(dtroyer): need to work out the format of FIREWALL_RULE

OSC Command Implemented Neutron command
os firewall policy create
    [--description <description>]
    [--project <project>]
    [--firewall-rules <rules>]
    [--share | --no-share]
    [--audit | --no-audit]
    <name>
no
neutron firewall-policy-create
    <name>
    [--tenant-id TENANT_ID]           
    [--description DESCRIPTION]
    [--shared]
    [--firewall-rules FIREWALL_RULES] 
    [--audited]
os firewall policy delete
    <policy>
no
neutron firewall-policy-delete
    <policy>
os firewall policy add rule
    [--insert-before FIREWALL_RULE]
    [--insert-after FIREWALL_RULE]
    <policy>
    <rule>
no
neutron firewall-policy-insert-rule
    <policy>
    <rule>
    [--insert-before FIREWALL_RULE]        
    [--insert-after FIREWALL_RULE]
os firewall policy list
    [--long]
no
neutron firewall-policy-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os firewall policy remove rule
    <policy>
    <rule>
no
neutron firewall-policy-remove-rule
    <policy>
    <rule>
os firewall policy set
    <policy>

NOTE(dtroyer): what is being changed?

no
neutron firewall-policy-update
    <policy>
os firewall policy show
    <policy>
no
neutron firewall-policy-show
    <policy>


Firewall Rule

OSC Command Implemented Neutron command
os firewall rule create
    [--project <project>]
    [--description <description>]
    [--source-ip-address SOURCE_IP_ADDRESS]
    [--destination-ip-address DESTINATION_IP_ADDRESS]
    [--source-port SOURCE_PORT]
    [--destination-port DESTINATION_PORT]
    [--enable | --disable]
    [--share | --no-share]
    --protocol tcp|udp|icmp|any
    --action allow|deny
    <name>

NOTE(dtroyer): it might be more consistent to change --protocol and --action to direct options; ex: '--tcp | --udp | --icmp | --any'

no
neutron firewall-rule-create
    [--tenant-id TENANT_ID]
    [--name NAME]
    [--description DESCRIPTION]
    [--shared]
    [--source-ip-address SOURCE_IP_ADDRESS]
    [--destination-ip-address DESTINATION_IP_ADDRESS]
    [--source-port SOURCE_PORT]
    [--destination-port DESTINATION_PORT]
    [--disabled]
    --protocol {tcp,udp,icmp,any}
    --action {allow,deny}
os firewall rule delete
    <rule>
no
neutron firewall-rule-delete
    <rule>
os firewall rule list
    [--long]
no
neutron firewall-rule-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os firewall rule show
    <rule>
no
neutron firewall-rule-show
    <rule>
    [-F FIELD]
os firewall rule
    [--protocol tcp|udp|icmp|any]
    <rule>
no
neutron firewall-rule-update
    <rule>
    [--protocol {tcp,udp,icmp,any}]


Gateway

Note: change from net-gateway to gateway

OSC Command Implemented Neutron command
os gateway create
    [--project <project>]
    [--device <device>]
    <name>

NOTE(dtroyer): consider changing the --device syntax to remove the embedded device_id=,interface_name=

no
neutron net-gateway-create
    <name>
    [--tenant-id TENANT_ID]
    [--device DEVICE]
os gateway delete
    <gateway>
no
neutron net-gateway-delete
    <gateway>
os gateway list
    [--long]
no
neutron net-gateway-list
os gateway set
    <gateway>
no
neutron net-gateway-update
    <gateway>
os gateway show
    <gateway>
no
neutron net-gateway-show
    <gateway>


IP Floating

Note: Do we need to have backward compatibility for older releases where compute controlled floating IPs? I think the latest compute still supports the old interface, but it would be best to discontinue use of that. Should the command be floating-ip or floatingip?

NOTE(dtroyer): The existing commands under Compute are for nova-network; it is a pass-through to Neutron but at some point OSc needs to get smart about when to call nova-network and when to call Neutron directly. The commands need to be the same as much as possible.

OSC Command Implemented Neutron command
os ip floating add
    [--fixed-ip <fixed-ip-address>]
    <floating-ip-address>
    <port>

NOTE(dtroyer): maybe this should be 'port add floating ip'?

no
neutron floatingip-associate
    <ip>
    <port>
    [--fixed-ip-address FIXED_IP_ADDRESS]
os ip floating create
    [--project <project>]
    [--port <port>]
    [--fixed-ip <fixed-ip-address>]
    <network>
no
neutron floatingip-create
    <network>
    [--tenant-id TENANT_ID] [--port-id PORT_ID]
    [--fixed-ip-address FIXED_IP_ADDRESS]
os ip floating delete
    <floating-ip-address>
no
neutron floatingip-delete
    <ip>
os ip floating list
    [--long]
no
neutron floatingip-list
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os ip floating remove
    <floating-ip-address>
no
neutron floatingip-disassociate
    <ip>
os ip floating show
    <floating-ip-address>
no
neutron floatingip-show
    <ip>

IPSEC

  1. Note Why are we doing "ipsec site connection <verb>" instead of "ipsec <verb>"? Is there going to be something other than site connections for ipsec?

NOTE(dtroyer): good question. I wonder if Neutron will ever support any other kind of tunnel? If so, 'tunnel' should be the object anme and --ipsec is a type option...until then let's just use 'ipsec' as the object name.

NOTE(dtroyer): one thing I know is we generally totally abuse the term 'cidr' and use it where we mean network addresses in CIDR notation. We will not perpetuate that in OSC no matter what the rest of the project does. I need to brush up on IPSEC configuration to be able to fix these option names.

OSC Command Implemented Neutron command
os ipsec create
    [--project <project>]
    [--description <description>]
    [--enable | --disable]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    # use --bi-directional | --response-only ?
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    # rethink --dpd
    --vpnservice-id VPNSERVICE
    --ikepolicy-id IKEPOLICY
    --ipsecpolicy-id IPSECPOLICY
    --peer-address PEER_ADDRESS
    --peer-id PEER_ID
    --peer-cidr PEER_CIDRS
    --psk PSK
    <name>
no
neutron ipsec-site-connection-create
    [--tenant-id TENANT_ID]
    [--admin-state-down]
    [--name NAME]
    [--description DESCRIPTION]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    --vpnservice-id VPNSERVICE
    --ikepolicy-id IKEPOLICY
    --ipsecpolicy-id IPSECPOLICY
    --peer-address PEER_ADDRESS
    --peer-id PEER_ID
    --peer-cidr PEER_CIDRS
    --psk PSK
os ipsec delete
    <ipsec-site>
no
neutron ipsec-site-connection-delete
    <ipsecsite>
os ipsec list
    [--long]
no
neutron ipsec-site-connection-list
    [--sort-key FIELD]                    
    [--sort-dir {asc,desc}]
os ipsec set
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    <ipsec-site>
no
neutron ipsec-site-connection-update
    <ipsecsite>
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
os ipsec site connection show
    <ipsec-site>
no
neutron ipsec-site-connection-show
    <ipsecsite>

L3 Agent

NOTE(dtroyer): the list command may make more sense as options to 'router list'

OSC Command Implemented Neutron command
os l3 agent list
    [--router <router>]
no
neutron l3-agent-list-hosting-router <router>
os l3 agent add router
    <l3_agent>
    <router>
no
neutron l3-agent-router-add
    <l3_agent>
    <router>
os l3 agent remove router
    <l3_agent>
    <router>
no
neutron l3-agent-router-remove
    <l3_agent>
    <router>

Load Balancer

OSC Command Implemented Neutron command
os lb healthmonitor add <healthmonitor> <pool>
    [--request-format {json,xml}]
    # Note command change
no
neutron lb-healthmonitor-associate <healthmonitor> <pool>
    [--request-format {json,xml}]
os lb healthmonitor create
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID]
    [--admin-state-down]
    [--expected-codes EXPECTED_CODES]
    [--http-method HTTP_METHOD]
    [--url-path URL_PATH] --delay DELAY
    --max-retries MAX_RETRIES --timeout
    TIMEOUT --type {PING,TCP,HTTP,HTTPS}
no
neutron lb-healthmonitor-create
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID]
    [--admin-state-down]
    [--expected-codes EXPECTED_CODES]
    [--http-method HTTP_METHOD]
    [--url-path URL_PATH] --delay DELAY
    --max-retries MAX_RETRIES --timeout
    TIMEOUT --type {PING,TCP,HTTP,HTTPS}
os lb healthmonitor delete <healthmonitor>
    [--request-format {json,xml}]
no
neutron lb-healthmonitor-delete <healthmonitor>
    [--request-format {json,xml}]
os lb healthmonitor remove <healthmonitor> <pool>
    [--request-format {json,xml}]
    # Note command change
no
neutron lb-healthmonitor-disassociate <healthmonitor> <pool>
    [--request-format {json,xml}]
os lb healthmonitor list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron lb-healthmonitor-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb healthmonitor show <healthmonitor>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
no
neutron lb-healthmonitor-show <healthmonitor>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
os lb healthmonitor update <healthmonitor>
    [--request-format {json,xml}]
no
neutron lb-healthmonitor-update <healthmonitor>
    [--request-format {json,xml}]
os lb member create <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--weight WEIGHT] --address ADDRESS
    --protocol-port PROTOCOL_PORT
no
neutron lb-member-create <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX] 
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--weight WEIGHT] --address ADDRESS
    --protocol-port PROTOCOL_PORT
os lb member delete <member>
    [--request-format {json,xml}]
no
neutron lb-member-delete <member>
    [--request-format {json,xml}]
os lb member list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron lb-member-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb member show <member>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron lb-member-show <member>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb member update <member>
    [--request-format {json,xml}]
no
neutron lb-member-update <member>
    [--request-format {json,xml}]
os lb pool create
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--description DESCRIPTION] --lb-method
    {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} --name
    NAME --protocol {HTTP,HTTPS,TCP} --subnet-id
    SUBNET [--provider PROVIDER]
no
neutron lb-pool-create
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--description DESCRIPTION] --lb-method
    {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} --name
    NAME --protocol {HTTP,HTTPS,TCP} --subnet-id
    SUBNET [--provider PROVIDER]
os lb pool delete <pool>
    [--request-format {json,xml}]
no
neutron lb-pool-delete <pool>
    [--request-format {json,xml}]
os lb pool list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron lb-pool-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb pool list on agent <lbaas_agent>
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
    # Note another oddball command
no
neutron lb-pool-list-on-agent <lbaas_agent>
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
# Note another one of those oddball commands
os lb pool show <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron lb-pool-show <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb pool stats <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron lb-pool-stats <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb pool update <pool>
    [--request-format {json,xml}]
no
neutron lb-pool-update <pool>
    [--request-format {json,xml}]
os lb vip create <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--address ADDRESS]
    [--admin-state-down]
    [--connection-limit CONNECTION_LIMIT]
    [--description DESCRIPTION] --name NAME
    --protocol-port PROTOCOL_PORT --protocol
    {TCP,HTTP,HTTPS} --subnet-id SUBNET
no
neutron lb-vip-create <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--address ADDRESS]
    [--admin-state-down]     
    [--connection-limit CONNECTION_LIMIT]
    [--description DESCRIPTION] --name NAME 
    --protocol-port PROTOCOL_PORT --protocol 
    {TCP,HTTP,HTTPS} --subnet-id SUBNET
os lb vip delete <vip>
    [--request-format {json,xml}]
no
neutron lb-vip-delete <vip>
    [--request-format {json,xml}]
os lb vip list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron lb-vip-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb vip show <vip>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron lb-vip-show <vip>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb vip update <vip>
    [--request-format {json,xml}]
no
neutron lb-vip-update <vip>
    [--request-format {json,xml}]
os lb agent hosting pool <pool>
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
    # Note: oddball command name
no
neutron lb-agent-hosting-pool <pool>
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD]


Network

  1. Note name changes from net to netowork
OSC Command Implemented Neutron command
os network add gateway
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
    <network>
    <gateway>
no
neutron net-gateway-connect
    <gateway>
    <network>
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
os network create
    [--project <project>]
    [--share | --no-share]
    <name>
no
neutron net-create
    <name>
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--shared]
os network delete
    <network>
no
neutron net-delete
    <network>
os network list
    [--long]
    [--external]
no
neutron net-list

neutron net-external-list
os network set
    <network>
no
neutron net-update
    <network>
os network remove gateway
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
    <network>
    <gateway>
# Note technicall wrong verb here, but add/remove
# seems a little odd

NOTE(dtroyer): the help in neutronclient actually uses add/remove...but these may be 'network' commands not 'network gateway'

no
neutron net-gateway-disconnect
    <gateway>
    <network>
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
os network show
    <network>
no
neutron net-show
    <network>

Port

OSC Command Implemented Neutron command
os port create
    --network <network>
    [--project <project>]
    [--mac-address <mac-address>]
    [--device-id <device-id>]
    [--fixed-ip <ip-address>]
    [--security-group <security-group>]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
    # gotta rename extra-dhcp-opts
    [--enable | --disable]
    <name>

NOTE(dtroyer): how is --no-security-groups different from not specifying any security groups on create?

no
neutron port-create
    <network>
    [--tenant-id TENANT_ID]
    [--name NAME]
    [--admin-state-down]
    [--mac-address MAC_ADDRESS]
    [--device-id DEVICE_ID]
    [--fixed-ip ip_address=IP_ADDR]
    [--security-group SECURITY_GROUP]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
os port delete
    <port>
no
neutron port-delete
    <port>
os port list
    [--router <router>]
no
neutron port-list

neutron router-port-list
    <router>
os port update 
    [--security-group <security-group>]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
    <port>
no
neutron port-update
    <port>
    [--security-group SECURITY_GROUP]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
os port show
    <port>
no
neutron port-show
    <port>

Queue

Note: Should this be something less generic than "queue". I would think this was a message queue first.

OSC Command Implemented Neutron command
os queue create <name>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--min MIN] [--max MAX]
    [--qos-marking QOS_MARKING] [--default DEFAULT]
    [--dscp DSCP]
no
neutron queue-create <name>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--min MIN] [--max MAX]
    [--qos-marking QOS_MARKING] [--default DEFAULT]
    [--dscp DSCP]
os queue delete <queue>
    [--request-format {json,xml}]
no
neutron queue-delete <queue>
    [--request-format {json,xml}]
os queue list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron queue-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
os queue show <queue>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron queue-show <queue>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]

Quota

Note: See quota in the cross API section.

OSC Command Implemented Neutron command
no
neutron quota-delete
    [--request-format {json,xml}]
    [--tenant-id tenant-id]
no
neutron quota-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}]
no
neutron quota-show
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id tenant-id]
no
neutron quota-update
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id tenant-id] [--network networks]
    [--subnet subnets] [--port ports] 
    [--router routers] [--floatingip floatingips]
    [--security-group security_groups]
    [--security-group-rule security_group_rules]


Router

Note: I've removed router gateway unset and added a --no-gateway option to router set <-dtoyer

OSC Command Implemented Neutron command
os router create
    [--project <project>]
    [--enable | --disable]
    <name>
no
neutron router-create
    <name>
    [--tenant-id TENANT_ID]
    [--admin-state-down]
os router delete
    <router>
no
neutron router-delete
    <router>
os router list
    [--l3-agent <l3-agent>]
    [--long]
no
neutron router-list

neutron router-list-on-l3-agent <l3_agent>
os router set
    [--gateway <network>]
    [--enable-snat | --disable-snat]
    [--no-gateway]
    <router>
no
neutron router-update
    <router>

neutron router-gateway-set
    <router>
    <network>
    [--disable-snat]

neutron router-gateway-clear
    <router>
os router show
    <router>
no
neutron router-show
    <router>

Router Interface

OSC Command Implemented Neutron command
os router add interface
    <router>
    <interface>
no
neutron router-interface-add
    <router>
    <interface>
os router remove interface
    <router>
    <interface>
no
neutron router-interface-delete
    <router>
    <interface>

Security Group

Note: should we use "secgroup" or replace it with "security group" Supporting both would be confusing, but for now it would probably work.

NOTE(dtroyer): I think 'security group' is what we need to use; this is one of the last commands to have the short form removed...

OSC Command Implemented Neutron command
os security group create <name>
    [--project TENANT_ID]
    [--description DESCRIPTION]
no
neutron security-group-create <name>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]    
    [--tenant-id TENANT_ID]          
    [--description DESCRIPTION]
os security group delete <security_group>
no
neutron security-group-delete <security_group>
    [--request-format {json,xml}]
os security group list
no
neutron security-group-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}] 
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os security group show <security_group>
no
neutron security-group-show <security_group>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
os security group update <security_group>
    [--name NAME] [--description DESCRIPTION]
no
neutron security-group-update <security_group>
    [--request-format {json,xml}]
    [--name NAME] [--description DESCRIPTION]

Security Group Rule

Note: Again, we have duplicate commands with Nova.

OSC Command Implemented Neutron command
os security group rule create <security_group>
    [--project TENANT_ID]
    [--direction {ingress,egress}]
    [--ethertype ETHERTYPE]
    [--protocol PROTOCOL]
    [--port-range-min PORT_RANGE_MIN]
    [--port-range-max PORT_RANGE_MAX]
    [--remote-ip-prefix REMOTE_IP_PREFIX]
    [--remote-group-id REMOTE_GROUP]
no
neutron security-group-rule-create <security_group>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE]                 
    [--prefix PREFIX]                     
    [--request-format {json,xml}]         
    [--tenant-id TENANT_ID]               
    [--direction {ingress,egress}]        
    [--ethertype ETHERTYPE]               
    [--protocol PROTOCOL]                 
    [--port-range-min PORT_RANGE_MIN]     
    [--port-range-max PORT_RANGE_MAX]     
    [--remote-ip-prefix REMOTE_IP_PREFIX]
    [--remote-group-id REMOTE_GROUP]
os security group rule delete <rule>
no
neutron security-group-rule-delete <rule>
    [--request-format {json,xml}]
os security group rule list
no
neutron security-group-rule-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]  
    [-F FIELD] [-P SIZE]                
    [--sort-key FIELD]                  
    [--sort-dir {asc,desc}]             
    [--no-nameconv]
os security group rule show <rule>
no
neutron security-group-rule-show <rule>

Service Provider

Note: Is this related to the Keystone service? Not sure. The Neutron help is very light.

OSC Command Implemented Neutron command
no
neutron service-provider-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]

Subnet

OSC Command Implemented Neutron command
os subnet create <network> <cidr>
    [--project TENANT_ID] [--name NAME]
    [--ip-version {4,6}] [--gateway GATEWAY_IP]
    [--no-gateway]
    [--allocation-pool start=IP_ADDR,end=IP_ADDR]
    [--host-route destination=CIDR,nexthop=IP_ADDR]
    [--dns-nameserver DNS_NAMESERVER]
    [--disable-dhcp]
no
neutron subnet-create <network> <cidr>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--name NAME] 
    [--ip-version {4,6}] [--gateway GATEWAY_IP]
    [--no-gateway]           
    [--allocation-pool start=IP_ADDR,end=IP_ADDR]
    [--host-route destination=CIDR,nexthop=IP_ADDR]
    [--dns-nameserver DNS_NAMESERVER]
    [--disable-dhcp]
os subnet delete <subnet>
no
neutron subnet-delete <subnet>
    [--request-format {json,xml}]
os subnet list
no
neutron subnet-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os subnet show <subnet>
no
neutron subnet-show <subnet>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os subnet update <subnet>
no
neutron subnet-update <subnet>
    [--request-format {json,xml}]

VPN

OSC Command Implemented Neutron command
os vpn ikepolicy create <name>
    [--tenant-id TENANT_ID]
    [--description DESCRIPTION]
    [--auth-algorithm {sha1}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--phase1-negotiation-mode {main}]
    [--ike-version {v1,v2}]
    [--pfs {group2,group5,group14}]
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ikepolicy-create <name>
    [--tenant-id TENANT_ID]
    [--description DESCRIPTION]
    [--auth-algorithm {sha1}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--phase1-negotiation-mode {main}]
    [--ike-version {v1,v2}]
    [--pfs {group2,group5,group14}]
    [--lifetime units=UNITS,value=VALUE]
os vpn ikepolicy delete <policy>
no
neutron vpn-ikepolicy-delete <policy>
os vpn ikepolicy list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron vpn-ikepolicy-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os vpn ikepolicy show <policy>
no
neutron vpn-ikepolicy-show <policy>
os vpn ikepolicy update <policy>
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ikepolicy-update <policy>
    [--lifetime units=UNITS,value=VALUE]
os vpn ipsecpolicy create <name>
    [--tenant-id TENANT_ID]
    [--description DESCRIPTION]
    [--transform-protocol {esp,ah,ah-esp}]
    [--auth-algorithm {sha1}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--encapsulation-mode {tunnel,transport}]
    [--pfs {group2,group5,group14}]
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ipsecpolicy-create <name>
    [--tenant-id TENANT_ID]           
    [--description DESCRIPTION]       
    [--transform-protocol {esp,ah,ah-esp}]
    [--auth-algorithm {sha1}]         
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--encapsulation-mode {tunnel,transport}]
    [--pfs {group2,group5,group14}]   
    [--lifetime units=UNITS,value=VALUE]
os vpn ipsecpolicy delete <policy>
no
neutron vpn-ipsecpolicy-delete <policy>
os vpn ipsecpolicy list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron vpn-ipsecpolicy-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os vpn ipsecpolicy show <policy>
no
neutron vpn-ipsecpolicy-show <policy>
os vpn ipsecpolicy update <policy>
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ipsecpolicy-update <policy>
    [--lifetime units=UNITS,value=VALUE]
os vpn service create <router> <subnet>
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--name NAME] [--description DESCRIPTION]
no
neutron vpn-service-create <router> <subnet>
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--name NAME] [--description DESCRIPTION]
os vpn service delete <service>
no
neutron vpn-service-delete <service>
    [--request-format {json,xml}]
os vpn service list
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
no
neutron vpn-service-list
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os vpn service show <service>
no
neutron vpn-service-show <service>
os vpn service update <service>
no
neutron vpn-service-update <service>


Object

API v1

Commands:

  • upload [options] container file_or_directory [file_or_directory] [...]
  • post [options] [container] [object]

container

OSC Command Implemented Swift command
os container list
    [--prefix <prefix>]
    [--delimiter <delimiter>]
    [--long]
    [--all]
yes
swift list
    [--prefix|-p]
    [-l|-lh]
    [-t]
    [--delimiter|-d]
    [options]
    [container]
os container show
    [<container-name>]
yes
swift stat
    [--lh]
    [<container>]
    [<object>]

object

OSC Command Implemented Swift command
os object delete
    <object>
no
swift delete
    [--leave-segments]
    [options]
    --all

swift delete container
    [--leave-segments]
    [options] 
    [object]
    [object] ...
os object list
    [--prefix <prefix>]
    [--delimiter <delimiter>]
    [--long]
    [--all]
    <container-name>]
yes
swift list
    [--prefix|-p]
    [-l|-lh]
    [-t]
    [--delimiter|-d]
    [options]
    [container]
os object show
    <container-name>
    <object-name>
yes
swift stat
    [--lh]
    [<container>]
    [<object>]
os object save
    [<container>]
    [<object>]
no
swift download
    --all 
    [--prefix|-p]
    [options]

swift download
    container
    [--prefix|-p]
    [--output|-o <filename>]
    [options]
    [object]
    [object] ...


Volume

Cinder Option Environment Variable OSC Option Environment Variable
--os-volume-api-version <ver> OS_VOLUME_API_VERSION --os-volume-api-version <ver> OS_VOLUME_API_VERSION
--service-type <type>
--service-name <name> CINDER_SERVICE_NAME
--volume-service-name <name> CINDER_VOLUME_SERVICE_NAME
--endpoint-type <type> CINDER_ENDPOINT_TYPE
--retries <int>


API v1.0

limits

See limits in the cross API section.

quota

See quota in the cross API section.

snapshot

OSC Command Implemented Cinder command
os snapshot create
    --name <name>
    [--description <description>]
    [--force]
    <volume>
yes
cinder snapshot-create
    --force <True|False>
    --display-name <display-name>
    --display-description <display-description>
    <volume-id>
os snapshot delete
    <snapshot>
yes
cinder snapshot-delete
    <snapshot-id>
os snapshot list
yes (no opts yet)
cinder snapshot-list 
    --all-tenants [<0|1>]
    --display-name <display-name>
    --status <status>
    --volume-id <volume-id>
os snapshot set
    [--name <new-name>]
    [--description <new-description>]
    <snapshot>
yes
cinder snapshot-rename
    --display-description <display-description>
    --display-name <display-name>
    <snapshot-id>
os snapshot show
    <snapshot>
yes
cinder snapshot-show
    <snapshot-id>

volume

OSC Command Implemented Cinder command
os volume create
    --size <size>
    [--description <description>]
    [--volume-type <volume-type>]
    [--snapshot-id <snapshot-id>]
    [--source <volid>]
    [--image <image-id>]
    [--availability-zone <availability-zone>]
    [--property <key=value>]
    [--user <user>]           # admin only
    [--project <project>]     # admin only
    <name>
yes
cinder create
    [--snapshot-id <snapshot-id>]
    [--source-volid <source-volid>]
    [--image-id <image-id>]
    [--display-name <display-name>]
    [--display-description <display-description>]
    [--volume-type <volume-type>]
    [--availability-zone <availability-zone>]
    [--metadata <key=value>]
    <size>
os volume delete
    [--force]
    <volume>
yes
cinder delete
    <volume-id>

cinder force-delete
    <volume-id>
os volume list
    [--name <name>]
    [--status <status>]
    [--long]
    [--all-tenants]           # admin only
yes
cinder list 
    --all-tenants [<0|1>]
    --display-name <display-name>
    --status <status>
os volume set
    [--name <new-name>]
    [--description <new-description>]
    [--property <key=value>]
    <volume>
yes
cinder metadata
    <volume-id>
    <action>
    <key=value>

cinder rename
    --display-description <display-description>
    <volume-id>
    <display-name>
os volume show
    <volume>
yes
cinder show
    <volume-id>
os volume unset
    [--property <key>]
    <volume>
yes

volume type

OSC Command Implemented Cinder command
os volume type create
    [--property <key=value>]
    <name>
yes
cinder type-create
    <type-name>
os volume type delete
    <volume-type>
yes
cinder type-delete
    <type-id>
os volume type list
    [--long]
yes
cinder type-list 

cinder extra-specs-list
os volume type set
    [--property <key=value>]
    <volume-type>
yes
cinder type-key
    <type-id>
    <set>
    <key=value>
os volume type unset
    [--property <key>]
    <volume-type>
yes
cinder type-key
    <type-id>
    <unset>
    <key>


Options

In general, options will be transformed into more UNIX-like usage

  • --enable true|false becomes --enable|--disable

(dhellmann) Not all boolean options have natural antonyms like enable/disable. It may be more consistent to use a --flag --no-flag style naming convention to indicate the opposites of flags.

"(dtroyer) Yup, except i really don't like --no-enable. I'm going to work through the switch mapping to see how many others we really have to deal with."