Jump to: navigation, search

Difference between revisions of "OpenStackClient/Commands"

(user role)
(API v3)
Line 2,366: Line 2,366:
  
 
=== API v3 ===
 
=== API v3 ===
 +
 +
==== consumer ====
 +
 +
{| class="wikitable"
 +
|-
 +
! OSC Command !! Implemented !! !! Keystone command
 +
|-
 +
|
 +
<source lang="bash">
 +
os consumer create
 +
    [--description <consumer-description>]
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os consumer delete
 +
    <consumer>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os consumer list
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os consumer set
 +
    [--description <consumer-description>]
 +
    <consumer>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os consumer show
 +
    <consumer>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 +
|}
  
 
==== credential ====
 
==== credential ====
Line 2,612: Line 2,669:
 
|-
 
|-
 
! OSC Command !! Implemented !! !! Keystone command
 
! OSC Command !! Implemented !! !! Keystone command
 +
|-
 +
|
 +
<source lang="bash">
 +
os group add user
 +
    <group>
 +
    <user>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os group contains user
 +
    <group>
 +
    <user>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 +
</source>
 
|-
 
|-
 
|
 
|
Line 2,644: Line 2,723:
 
<source lang="bash">
 
<source lang="bash">
 
os group list
 
os group list
 +
    [--domain <domain>]
 +
    [--user <user>]
 
     [--long]
 
     [--long]
 
</source>
 
</source>
Line 2,650: Line 2,731:
 
<source lang="bash">
 
<source lang="bash">
 
keystone group-list
 
keystone group-list
 +
</source>
 +
|-
 +
|
 +
<source lang="bash">
 +
os group remove user
 +
    <group>
 +
    <user>
 +
</source>
 +
|| yes
 +
|| ||
 +
<source lang="bash">
 
</source>
 
</source>
 
|-
 
|-
Line 2,696: Line 2,788:
 
     <identity_provider>
 
     <identity_provider>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
n/a
 
n/a
Line 2,705: Line 2,797:
 
     <identity_provider>
 
     <identity_provider>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
n/a
 
n/a
Line 2,713: Line 2,805:
 
os identity provider list
 
os identity provider list
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
n/a
 
n/a
Line 2,723: Line 2,815:
 
     <identity_provider>
 
     <identity_provider>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
n/a
 
n/a
Line 2,732: Line 2,824:
 
     <identity_provider>
 
     <identity_provider>
 
</source>
 
</source>
|| no
+
|| yes
 
|| ||
 
|| ||
 
n/a
 
n/a
 
|}
 
|}
 
  
 
==== mapping ====
 
==== mapping ====

Revision as of 15:05, 20 June 2014

Contents

Command Structure

The detailed command structure is described in OpenStackClient/HumanInterfaceGuidelines#Command_Structure.

Command Arguments

  • Arguments that normally require an ID in the OS-API may also use the name or other short identifier where reasonable to support
  • Optional machine-parsable format is available with list and show commands. List has an option for CSV-formatted output (see --format, --quote options for a list command) while show has an option for shell-assignment formatted output (see --format option for a show command).


Objects

Note: these need a review to sync up with the revised object names without dashes ('-') in them.

Actions

The actions used by OpenStackClient are defined below to provide a consistent meaning to each action. Many of them have logical opposite actions. Those actions with an opposite action are noted in parens if applicable.

  • authorize - authorize a token (used in OAuth)
  • add (remove) - add some object to a container object; the command is built in the order of "container add object" (<container> <object>), the positional arguments appear in the same order
  • attach (detach) - deprecated; use add/remove
  • create (delete) - create a new occurrence of the specified object
  • delete (create) - delete a specific occurrence of the specified object
  • detach (attach) - deprecated; use add/remove
  • issue (revoke) - issue a token
  • list - display summary information about multiple objects
  • lock (unlock)
  • migrate - move a server to a different host; --live performs a live migration if possible
  • pause (unpause) - stop a server and leave it in memory
  • reboot - forcibly reboot a server
  • rebuild - rebuild a server using (most of) the same arguments as in the original create
  • remove (add) - remove an object from a group of objects
  • rescue (unrescue) - reboot a server in a special rescue mode allowing access to the original disks
  • resize - change a server's flavor
  • resume (suspend) - return a suspended server to running state
  • revoke (issue) - revoke a token
  • save - download an object locally
  • set (unset) - set a property on the object, formerly called metadata
  • show - display detailed information about the specific object
  • ssh
  • suspend (resume) - stop a server and save to disk freeing memory
  • unlock (lock)
  • unpause (pause) - return a paused server to running state
  • unrescue (rescue) - return a server to normal boot mode
  • unset (set) - remove an attribute of the object

Global Options

The common global options from the default OpenStack clients have been mapped to the set of global options below.

OSC Option Environment Variable Option Environment Variable
--version --version
--help --help
--debug --debug
--quiet
--verbose
--log-file <filename>
--os-auth-url <url> OS_AUTH_URL --os-auth-url <url> OS_AUTH_URL
--os-tenant-name <name> OS_TENANT_NAME --os-tenant-name <name> OS_TENANT_NAME
--os-tenant-id <id> OS_TENANT_ID --os-tenant-id <id> OS_TENANT_ID
--os-username <name> OS_USERNAME --os-username <name> OS_USERNAME
--os-password <pw> OS_PASSWORD --os-password <pw> OS_PASSWORD
--os-region-name <region> OS_REGION_NAME --os-region-name <region> OS_REGION_NAME
--os-cacert <file> OS_CACERT --os-cacert <file> OS_CACERT
--insecure
--os-use-keyring


Common Options

A number of options will appear in many commands and should have the same form in all commands to the extent possible.

Option Description Usual Default
--description describes an object none
--enable Used for setting the enabled state for an object n/a
--disable Used for setting the enabled state for an object n/a

Command Mapping Summary

This is an example mapping of the existing commands from Keystone (Identity), Nova (Compute), Glance (Image) and Cinder (Volume) to the <verb> <object> form for the OpenStackClient cli tool. It reduces both the number of verbs and objects by handling some of the smaller differences with command line options.

Further consolidation could be achieved by additional options or by introduction secondary objects to the syntax. For example, the credentials and x509-cert (and x509-root-cert) objects could be combined:


nova x509-create-cert [<pk-file>] [<x509-cert>] os create credentials --x509 [<pk-file>] [<x509-cert>]
nova credentials os show credentials
nova x509-get-root-cert os show credentials --x509 --root


Cross API

Object names that appear in multiple APIs, like quota, are handled by putting their command handler classes in openstackclient.common. If the number of these becomes large they should be moved into a subdirectory.

complete

OSC Command Implemented Nova command

complete

yes

credentials

[consider rolling the ec2 creds into this too]

OSC Command Implemented Keystone command
os credentials create
    --x509
    [<private-key-file>]
    [<certificate-file>]
no
nova x509-create-cert
    [<pk-file>]
    [<x509-cert>]
os credentials show
    [--token]
    [--user]
    [--x509 [--root]]
no
nova credentials
    [--wrap <integer>]

nova x509-get-root-cert
    [<filename>]

Extension

Note: Perhaps this would be a nice general feature.

NOTE(dtroyer): yes it would. We don't have this for any of the other APIs yet so we can play with the structure a bit here

OSC Command Implemented Neutron command
os extension list
    [--long]
    [--service <service>]

Note: Do we want to provide service as an option for this command?

NOTE(dtroyer): maybe. what service exactly? in the Identity API, service means things like 'compute v2', 'identity v3', etc. we need at least the API, I'm not certain if we should expect a user to know that though...

no
neutron ext-list
    [--request-format {json,xml}] [-D] [-F FIELD]
os extension show
    <extension>
no
neutron ext-show <extension> [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]

limits

OSC Command Implemented Keystone command
os limits show
    --absolute [--reserved] | --rate
yes
nova absolute-limits
    [--reserved]

nova rate-limits

cinder absolute-limits

cinder rate-limits

quota

OSC Command Implemented Keystone command
os quota set
    # Compute settings
    [--cores <num-cores>]
    [--fixed-ips <num-fixed-ips>]
    [--floating-ips <num-floating-ips>]
    [--injected-file-size <injected-file-bytes>]
    [--injected-files <num-injected-files>]
    [--instances <num-instances>] 
    [--key-pairs <num-key-pairs>]
    [--properties <num-properties>]
    [--ram <ram-mb>] 

    # Volume settings
    [--gigabytes <new-gigabytes>]
    [--snapshots <new-snapshots>]
    [--volumes <new-volumes>]

    <project>
yes
nova quota-update
    [--instances <instances>] 
    [--cores <cores>]
    [--ram <ram>] 
    [--volumes <volumes>]
    [--gigabytes <gigabytes>]
    [--floating-ips <floating_ips>]
    [--metadata-items <metadata_items>]
    [--injected-files <injected_files>]
    [--injected-file-content-bytes <injected_file_content_bytes>]
    <tenant_id>

cinder quota-update
    [--volumes <volumes>]
    [--snapshots <snapshots>]
    [--gigabytes <gigabytes>]
    <tenant_id>
os quota set
    --class
    # Compute settings
    [--cores <num-cores>]
    [--fixed-ips <num-fixed-ips>]
    [--floating-ips <num-floating-ips>]
    [--injected-file-size <injected-file-bytes>]
    [--injected-files <num-injected-files>]
    [--instances <num-instances>] 
    [--key-pairs <num-key-pairs>]
    [--properties <num-properties>]
    [--ram <ram-mb>] 

    # Volume settings
    [--gigabytes <new-gigabytes>]
    [--snapshots <new-snapshots>]
    [--volumes <new-volumes>]

    <class>
yes
nova quota-class-update 
    [--instances <instances>] 
    [--cores <cores>]
    [--ram <ram>] 
    [--volumes <volumes>]
    [--gigabytes <gigabytes>]
    [--floating-ips <floating_ips>]
    [--metadata-items <metadata_items>]
    [--injected-files <injected_files>]
    [--injected-file-content-bytes <injected_file_content_bytes>]
    <class>

cinder quota-class-update
    [--volumes <volumes>]
    [--snapshots <snapshots>]
    [--gigabytes <gigabytes>]
    <tenant_id>
os quota show
    [--default]
    <project>
yes
nova quota-show
    [--tenant <tenant-id>]

cinder quota-show
    <tenant_id>

nova quota-defaults
    <tenant_id>

cinder quota-defaults
    <tenant_id>
os quota show
    --class
    <class>
yes
nova quota-class-show
    <class>

cinder quota-class-show
    <class>


Compute

OSC Option Environment Variable Nova Option Environment Variable
--os-auth-system <auth-system> OS_AUTH_SYSTEM
--service-type <type>
--service-name <name> NOVA_SERVICE_NAME
--volume-service-name <name> NOVA_VOLUME_SERVICE_NAME
--endpoint-type <type> NOVA_ENDPOINT_TYPE
--os-compute-api-version <ver> OS_COMPUTE_API_VERSION --os-compute-api-version <ver> OS_COMPUTE_API_VERSION
--bypass-url <bypass-url>


API v2 (1.1)

aggregate

OSC Command Implemented Nova command
os aggregate add host
    <aggregate>
    <host>
yes
nova aggregate-add-host
    <id>
    <host>
os aggregate create
    [--zone <availability-zone>]
    [--property <key=value>]
    <name>
yes
nova aggregate-create
    <name>
    [<availability_zone>]
os aggregate delete
    <aggregate>
yes
nova aggregate-delete
    <id>
os aggregate list
    [--long]
yes
nova aggregate-list
os aggregate remove host
    <aggregate>
    <host>
yes
nova aggregate-remove-host
    <id>
    <host>
os aggregate set
    [--name <new-name>]
    [--zone <availability-zone>]
    [--property <key=value>]
    <aggregate>
yes
nova aggregate-update
    <id>
    <name>
    [<availability_zone>]

nova aggregate-set-metadata
    <id>
    <key=value>
    [<key=value> ...]
os aggregate show
    <aggregate>
yes
nova aggregate-details
    <id>

cloudpipe

OSC Command Implemented Nova command
os create cloudpipe
    <project>
no
nova cloudpipe-create
    <project>
os list cloudpipe
no
nova cloudpipe-list

compute agent

OSC Command Implemented Nova command
os compute agent create
    <os>
    <architecture>
    <version>
    <url>
    <md5hash>
    <hypervisor>
yes
os compute agent delete
    <id>
yes
os compute agent list 
    [--hypervisor <hypervisor>]
yes
os compute agent set
    <id>
    <version>
    <url>
    <md5hash>
yes

console

OSC Command Implemented Nova command
os console log show
    [--lines <num-lines>]
    <server>
yes
nova console-log
    [--length <length>]
    <server>
os console url show
    [--novnc | --xvpvnc | --spice]
    <server>
yes
nova get-vnc-console
    <server>
    <console_type>

credentials

See credentials in the cross API section.

diagnostics

OSC Command Implemented Nova command
os server show
    --diagnostics
    <server>
yes
nova diagnostics
    <server>

dns

These commands need some attention...an IP shouldn't be required for all record types. They need to be more DNS-y. Zone anyone?

OSC Command Implemented Nova command
os create dns
    [--type <type>]
    <ip>
    <name>
    <domain>
no
nova dns-create
    [--type <type>]
    <ip>
    <name>
    <domain>
os delete dns
    <domain>
    <name>
no
nova dns-delete
    <domain>
    <name>
os list dns
    [--ip <ip>]
    [--name <name>]
    <domain>
no
nova dns-list
    [--ip <ip>]
    [--name <name>]
    <domain>
os create dns-domain
    [--project <project>]
    [--availability-zone <availability-zone>]
    [--public | --private]
    <domain>
no
nova dns-create-private-domain
    [--availability_zone <availability_zone>]
    <domain>

nova dns-create-public-domain
    [--project <project>]
    <domain>
os delete dns-domain
    <domain>
no
nova dns-delete-domain
    <domain>
os list dns-domains
no
nova dns-domains

endpoints

Totally duplicates Identity catalog command

OSC Command Implemented Nova command
os endpoint list
no
nova endpoints


flavor

OSC Command Implemented Nova command
os flavor create
    [--id <id>]
    [--ram <size-mb>]
    [--disk <size-gb>]
    [--ephemeral-disk <size-gb>]
    [--swap <size-mb>]
    [--vcpus <num-cpu>]
    [--rxtx-factor <factor>]
    [--public | --private]
    <name>
(partial)
default: auto
default: 256M
default: 0G
default: 0G
default: 0G
default: 1
default: 1
default: public
nova flavor-create
    [--ephemeral <ephemeral>] 
    [--swap <swap>]
    [--rxtx-factor <factor>]
    <name>
    <id>
    <ram>
    <disk>
    <vcpus>
os flavor delete
    <flavor>
yes
nova flavor-delete 
    <id>
os flavor list
yes
nova flavor-list
os flavor show
    <flavor>
yes


host

OSC Command Implemented Nova command
os host list
    [--zone <availability-zone>]
yes
nova host-action
    [--action <action>]
    <hostname>
os host set
    ...
no
nova host-update
    [--status <status>] 
    [--maintenance <maintenance_mode>]
    <hostname>
os host show
    <host>
yes


hypervisor

OSC Command Implemented Nova command
os hypervisor list
    [--matching <hostname>]
yes
os hypervisor show
    <id>
yes



ip fixed

OSC Command Implemented Nova command
os ip fixed add
    <network>
    <server>
yes
nova add-fixed-ip
    <server>
    <network_id>
os ip fixed remove
    <ip-address>
    <server>
yes
nova remove-fixed-ip
    <server>
    <address>


ip floating

OSC Command Implemented Nova command
os ip floating add
    <ip-address>
    <server>
yes
nova add-floating-ip
    <server>
    <address>
os ip floating create
    [<pool>]
yes
nova floating-ip-create
    [<floating_ip_pool>]
os ip floating delete
    <ip-address>
yes
nova floating-ip-delete
    <address>
os ip floating list
yes
nova floating-ip-list
os ip floating remove
    <ip-address>
    <server>
yes
nova remove-floating-ip
    <server>
    <address>


ip floating pool

OSC Command Implemented Nova command
os ip floating pool list
yes
nova floating-ip-pool-list


keypair

OSC Command Implemented Nova command
os keypair create
    [--public-key <file>]
    <name>
yes
nova keypair-add
    [--pub_key <pub_key>]
    <name>
os keypair delete
    <name>
yes
nova keypair-delete
    <name>
os keypair list
yes
nova keypair-list
os keypair show
    [--public-key]
    <name>
yes


limits

See limits in the cross API section.




quota

See quota in the cross API section.


secgroup

OSC Command Implemented Nova command
os secgroup add

(see server add secgroup)
no
nova add-secgroup
    <server>
    <secgroup>
os secgroup create
    [--description <description>]
    <name>
yes
nova secgroup-create
    <name>
    <description>
os secgroup delete
    <group>
yes
nova secgroup-delete
    <secgroup>
os secgroup list
    [--all-projects]
yes
nova secgroup-list
     [--all-tenants [<0|1>]]
os secgroup remove

(see server remove secgroup)
no
nova remove-secgroup
    <server>
    <secgroup>
os secgroup set
    [--name <new-name>]
    [--description [<new-description>]
    <group>
yes
nova secgroup-update
    <secgroup>
    <name>
    <description>
os secgroup show
    <group>
yes
n/a

secgroup-group-rule

OSC Command Implemented Nova command
os secgroup group rule create
    [--proto <protocol>]
    [--port <port>:<port>]
    <source-group>
    <secgroup>
no
nova secgroup-add-group-rule
    [--ip_proto <ip_proto>]
    [--from_port <from_port>]
    [--to_port <to_port>]
    <secgroup>
    <source_group>
os secgroup group rule delete
    [--proto <protocol>]
    [--port <port>:<port>]
    <source-group>
    <secgroup>
no
nova secgroup-delete-group-rule
    [--ip_proto <ip_proto>]
    [--from_port <from_port>]
    [--to_port <to_port>]
    <secgroup>
    <source_group>

secgroup-rule

OSC Command Implemented Nova command
os secgroup rule create
    [--proto <proto>]
    [--src-ip <ip-address>]
    [--dst-port <port-range>]
    <group>
no
nova secgroup-add-rule
    <secgroup>
    <ip_proto>
    <from_port>
    <to_port>
    <cidr>
os secgroup rule delete
    [--proto <proto>]
    [--src-ip <ip-address>]
    [--dst-port <port-range>]
    <group>
no
nova secgroup-delete-rule
    <secgroup>
    <ip_proto>
    <from_port>
    <to_port>
    <cidr>
os secgroup rule list
    <group>
no
nova secgroup-list-rules
    <secgroup>

server

OSC Command Implemented Nova command
os server add secgroup
    <server>
    <group>
yes
nova add-secgroup
    <server>
    <secgroup>
os server add volume
    [--device <device>]
    <server>
    <volume>
yes
nova volume-attach
    <server>
    <volume>
    <device>
os server create
    --image <image>
    --flavor <flavor>
    [--security-group <security-group-list> [...] ]
    [--key-name <key-name>]
    [--meta-data <key=value> [...] ]
    [--file <dest-filename=source-filename>] [...] ]
    [--user-data <user-data>]
    [--availability-zone <zone-name>]
    [--block-device-mapping <dev-name=mapping> [...] ]
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr> [...] ]
    [--hint <key=value> [...] ]
    [--config-drive <value>|True ]
    [--min <count>]
    [--max <count>]
    [--wait]
    <server-name>
yes
nova boot
    [--flavor <flavor>]
    [--image <image>]
    [--meta <key=value>]
    [--file <dst-path=src-path>]
    [--key_name <key_name>]
    [--user_data <user-data>]
    [--availability_zone <availability-zone>]
    [--security_groups <security_groups>]
    [--block_device_mapping <dev_name=mapping>]
    [--hint <key=value>]
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>]
    [--config-drive <value>]
    [--poll]
    <name>
os server delete
    <server>
yes
nova delete
    <server>
os server image create
    [--name <image-name>]
    [--wait]
    <server>
yes
nova image-create
    [--poll]
    <server>
    <name>
os server list
    [--reservation-id <reservation-id>] 
    [--ip <ip-regex>]
    [--ip6 <ip6-regex>] 
    [--name <name-regex>]
    [--instance-name <instance-name-regex>] 
    [--status <status>]
    [--flavor <flavor>]
    [--image <image>] 
    [--host <hostname>]
    [--all-tenants]
yes
nova list
    [--reservation_id <reservation_id>] 
    [--ip <ip_regexp>]
    [--ip6 <ip6_regexp>] 
    [--name <name_regexp>]
    [--instance_name <name_regexp>] 
    [--status <status>]
    [--flavor <flavor>] [--image <image>] 
    [--host <hostname>]
    [--all_tenants [<0|1>]]
os server lock
    <server>
yes
nova lock
    <server>
os server migrate
    [--wait]
    <server>

os server migrate
    --live <host>
    [--shared-migration | --block-migration]
    [--disk-overcommit | --no-disk-overcommit]
    [--wait]
    <server>
yes
nova migrate
    [--poll]
    <server>

nova live-migration
    [--block_migrate] 
    [--disk_over_commit]
    <server>
<host>
os server pause
    <server>
yes
nova pause
    <server>
os server reboot
    [--hard | --soft]
    [--wait]
    <server>
yes
nova reboot
    [--hard]
    [--poll]
    <server>
os server rebuild
    --image <image>
    [--password <password>] 
    [--wait]
    <server>
yes
nova rebuild
    [--rebuild_password <rebuild_password>] 
    [--poll]
    <server>
    <image>
os server remove secgroup
    <server>
    <group>
yes
nova remove-secgroup
    <server>
    <secgroup>
os server remove volume
    <server>
    <volume>
yes
nova volume-detach
    <server>
    <volume>
os server rescue
    <server>
yes
nova rescue
    <server>
os server resize
    --flavor <flavor>
    [--wait]
    <server>

os server resize
    --confirm
    <server>

os server resize
    --revert
    <server>
yes
nova resize
    [--poll]
    <server>
    <flavor>

nova resize-confirm
    <server>

nova resize-revert
    <server>
os server resume
    <server>
yes
nova resume
    <server>
os server set
    --name <new-name>
    --property <key=value>
    [--property <key=value>] ...
    --root-password
    <server>
yes
nova meta
    <server>
    <action>
    <key=value>
    [<key=value> ...]

nova rename
    <server>
    <name>

nova root-password
    <server>
os server show
    <server>
yes
nova show
    <server>
os server ssh
    [--login <login-name>]
    [--port <port>]
    [--identity <keyfile>]
    [--option <config-options>]
    [-4 | -6]
    [--private | --public | --address-type <address-type>]
    <server>
yes
nova ssh
    [--port PORT]
    [--private]
    [--ipv6]
    [--login <login>]
    <server>
os server suspend
    <server>
yes
nova suspend
    <server>
os server unlock
    <server>
yes
nova unlock
    <server>
os server unpause
    <server>
yes
nova unpause
    <server>
os server unrescue
    <server>
yes
nova unrescue
    <server>
os unset server
    --property <key>
    [--property <key>] ...
    <server>
yes
nova meta
    <server>
    <action>
    <key=value>
    [<key=value> ...]

usage

OSC Command Implemented Nova command
os usage list
    [--start <start>]
    [--end <end>]
no
nova usage-list
    [--start <start>]
    [--end <end>]


x509-cert

See credentials in the cross API section.

x509-root-cert

See credentials in the cross API section.

Identity

OSC Option Environment Variable Keystone Option Environment Variable
--os-identity-api-version <ver> OS_IDENTITY_API_VERSION --os-identity-api-version <ver> OS_IDENTITY_API_VERSION
--os-token <token> OS_TOKEN --os-token <token> OS_SERVICE_TOKEN
--os-url <url> OS_URL --os-endpoint <url> OS_SERVICE_ENDPOINT
--os-cert <file> OS_CERT
--os-key <key-file> OS_KEY
--os-cache OS_CACHE
--force-new-token
--stale-duration <seconds>

API v2.0

catalog

OSC Command Implemented Keystone command
os catalog show
    [--service <service>]
no
keystone catalog
    [--service <service-type>]

ec2 credentials

OSC Command Implemented Keystone command
os ec2 credentials create
    [--project <project>]
    [--user <user>]
yes
keystone ec2-credentials-create
    [--user <user-id>] 
    [--tenant_id <tenant-id>]
os ec2 credentials delete
    [--user <user>]
    <access-key>
yes
keystone ec2-credentials-delete
    [--user <user-id>] 
    --access <access-key>
os ec2 credentials list
    [--user <user>]
yes
keystone ec2-credentials-list
    [--user <user-id>]
os ec2 credentials show
    [--user <user>]
    <access-key>
yes
keystone ec2-credentials-get
    [--user <user-id>] 
    --access <access-key>

endpoint

OSC Command Implemented Keystone command
os endpoint create
    --publicurl <public-url>
    [--adminurl <admin-url>]
    [--internalurl <internal-url>]
    [--region <endpoint-region>]
    <service>
yes
keystone endpoint-create
    [--region <endpoint-region>]
    [--service_id <service-id>]
    [--publicurl <public-url>]
    [--adminurl <admin-url>]
    [--internalurl <internal-url>]
os endpoint delete
    <endpoint-id>
yes
keystone endpoint-delete
    <endpoint-id>
os endpoint list
    [--long]
yes
keystone endpoint-list
os endpoint show
    <endpoint_or_service-type>
yes
keystone endpoint-get
    --service <service-type>
    [--endpoint_type <endpoint-type>]
    [--attr <service-attribute>] 
    [--value <value>]

project

OSC Command Implemented Keystone command
os project create
    [--description <description>]
    [--enable | --disable]
    [--property <key=value>]
    <project-name>
yes
keystone tenant-create
    --name <tenant-name>
    [--description <tenant-description>]
    [--enabled <true|false>]
os project delete
    <project>
yes
keystone tenant-delete
    <tenant>
os project list
    [--long]
yes
keystone tenant-list
os project set
    [--name <new-project-name>]
    [--description <new-project-description>]
    [--enable | --disable]
    [--property <key=value>]
    <project>
yes
keystone tenant-update
    [--name <tenant_name>]
    [--description <tenant-description>]
    [--enabled <true|false>]
    <tenant-id>
os project show
    <project>
yes
keystone tenant-get
    <tenant-id>

role

OSC Command Implemented Keystone command
os role add
    --project <project>
    --user <user>
    <role>
yes
keystone user-role-add
    --user <user>
    --role <role>
    [--tenant <tenant>]
os role create
    <role-name>
yes
keystone role-create --name
    <role-name>
os role delete
    <role>
yes
keystone role-delete
    <role-id>
os role list
yes
keystone role-list
os role remove
    --project <project>
    --user <user>
    <role>
yes
keystone user-role-add
    --user <user>
    --role <role>
    [--tenant <tenant>]
os role show
    <role>
yes
keystone role-get
    <role-id>

service

OSC Command Implemented Keystone command
os service create
    [--type <service-type>]
    [--description <service-description>]
    <service-name>
yes
keystone service-create
    --name <name> 
    --type <type>
    [--description <service-description>]
os service delete
    <service>
yes
keystone service-delete
    <service-id>
os service list
    [--long]
yes
keystone service-list
os service show
    [--catalog]
    <service>
yes
keystone service-get
    <service-id>

token

OSC Command Implemented Keystone command
os token issue
yes
keystone token-get [--wrap <integer>]
os token revoke
    <token>
yes

user

OSC Command Implemented Keystone command
os user create
    [--password <user-password>]
    [--email <user-email>]
    [--tenant <tenant>]
    [--enable | --disable]
    <user-name>
yes
keystone user-create
    --name <user-name> 
    [--tenant_id <tenant-id>]
    [--pass <pass>] 
    [--email <email>]
    [--enabled <true|false>]
os user delete
    <user>
yes
keystone user-delete
    <user-id>
os user list
    [--tenant <tenant>]
    [--long]
yes
keystone user-list
    [<tenant-id>]
os user set
    [--name <new-user-name>]
    [--password <user-password>]
    [--email <user-email>]
    [--tenant <tenant>]
    [--enable|--disable]
    <user>
yes
keystone user-password-update
    --pass <password>
    <user-id>
os user show
    <user>
yes
keystone user-get
    <user-id>

user role

OSC Command Implemented Keystone command
os user role list
    [--project <project>]
    [<user>]
yes
keystone user-role-list
    [--user <user-id>]
    [--tenant_id <tenant-id>]

<other>

These keystone commands are not planned for re-implementation in OpenStackClient

keystone bootstrap
        --pass <password>
        [--user-name <user-name>]
        [--role-name <role-name>]
        [--tenant-name <tenant-name>]
keystone discover

API v3

consumer

OSC Command Implemented Keystone command
os consumer create
    [--description <consumer-description>]
yes
os consumer delete
    <consumer>
yes
os consumer list
yes
os consumer set
    [--description <consumer-description>]
    <consumer>
yes
os consumer show
    <consumer>
yes

credential

OSC Command Implemented Keystone command
os credential create
    [--project <project>]
    [--type ec2|cert]
    <user>
    <data>
yes
keystone credential-create
    --user_id <user-id>
    --type <credential-type>
    --data <credential-data>
    [--project_id <project-id>]
os credential delete
    <credential-id>
yes
keystone credential-delete
    <credential-id>
os credential list
yes
keystone credential-list
os credential set
    [--user <user>]
    [--type ec2|cert]
    [--data <data>]
    [--project <project>]
    <credential-id>
yes
keystone credential-update
    [--user <user>]
    [--type <type>]
    [--data <data>]
    [--project <project>]
    <credential-id>
os credential show
    <credential-id>
yes
keystone credential-get
    <credential-id>

domain

OSC Command Implemented Keystone command
os domain create
    [--description <domain-description>]
    [--enable | --disable]
    <domain-name>
yes
keystone domain-create
    --name <domain-name>
    [--description <domain-description>]
    [--enabled <true|false>]
    [--private_project_names <true|false>]
    [--private_user_names <true|false>]
os domain delete
    <domain>
yes
keystone domain-delete
    <domain-id>
os domain list
yes
keystone domain-list
os domain set
    [--name <new-domain-name>]
    [--description <new-domain-description>]
    [--enable | --disable]
    <domain>
yes
keystone domain-update
    [--name <domain_name>]
    [--description <domain-description>]
    [--enabled <true|false>]
    [--private_project_names <true|false>]
    [--private_user_names <true|false>]
    <domain-id>
os domain show
    <domain>
yes
keystone domain-get
    <domain-id>

endpoint

OSC Command Implemented Keystone command
os endpoint create
    [--region <endpoint-region>
    [--enable | --disable]
    <service>
    <interface admin|public|internal>
    <url>
yes
keystone endpoint-create 
    [--region <endpoint-region>
    [--enable | --disable]
    <service_id>
    <interface admin|public|internal>
    <url>
os endpoint delete
    <endpoint-id>
yes
os endpoint list
    [--long]
yes
keystone endpoint-list
os endpoint set
    [--interface <endpoint-interface>]
    [--url <endpoint-url>]
    [--service <service-id>]
    [--region <endpoint-region>]
    [--enable | --disable]
    <endpoint>
yes
keystone endpoint-set
    [--interface <endpoint-interface>]
    [--url <endpoint-url>]
    [--service <service-id>]
    [--region <endpoint-region>]
    [--enable | --disable]
    <endpoint>
os endpoint show
    <endpoint>
yes
keystone endpoint-get 
    <endpoint>

group

OSC Command Implemented Keystone command
os group add user
    <group>
    <user>
yes
os group contains user
    <group>
    <user>
yes
os group create
    [--domain <domain>]
    [--description <group-description>]
    <group-name>
yes
keystone group-create
    --name <group-name>
    [--domain_id <domain-id>]
    [--description <group-description>]
os group delete
    <group>
yes
keystone group-delete
    <group-id>
os group list
    [--domain <domain>]
    [--user <user>]
    [--long]
yes
keystone group-list
os group remove user
    <group>
    <user>
yes
os group set
    [--name <new-group-name>]
    [--domain <domain>]
    [--description <new-group-description>]
    <group>
yes
keystone group-update
    [--name <group_name>]
    [--domain_id <domain-id>]
    [--description <group-description>]
    <group-id>
os group show
    <group>
yes
keystone group-get
    <group-id>

identity provider

OSC Command Implemented Keystone command
os identity provider create
    [--description <description>]
    [--enable | --disable]
    <identity_provider>
yes

n/a

os identity provider delete
    <identity_provider>
yes

n/a

os identity provider list
yes

n/a

os identity provider set
    [--enable | --disable]
    <identity_provider>
yes

n/a

os identity provider show
    <identity_provider>
yes

n/a

mapping

OSC Command Implemented Keystone command
os mapping create
    [--rules <rules file>]
    <name>
no

n/a

os mapping delete
    <name>
no

n/a

os mapping list
no

n/a

os mapping set
    [--rules <rules file>]
    <name>
no

n/a

os mapping show
    <name>
no

n/a


oauth

OSC Command Implemented Keystone command
os oauth request token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --roles <requested-roles>
yes

n /a

os oauth request token authorize
    --request-key <request-key>
    --roles <requested-roles>
yes

n /a

os oauth access token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --request-key <request-key>
    --request-secret <request-secret>
    --verifier <pin>
yes
n/a
os oauth access token authenticate
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --access-key <access-key>
    --access-secret <access-secret>
yes

n /a

os oauth authorization list
    user <user>
yes

n /a

os oauth authorization delete
    user <user>
    access-id <access-id>
yes

n /a

os oauth authorization show
    request-id <request-id>
yes

n /a

look at some alternatives:
os oauth token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --request-key <request-key>
    --request-secret <request-secret>
    --verifier <pin>
nyet
* makes the token specific to oauth
* add [--oauth-ver X] if versioning for oauth2 is an issue?
os oauth token create
    --request
    --consumer-key <consumer-key>
    --roles <roles>
nyet
* collapse 'access token' and 'request token' into 'oauth token'?

policy

OSC Command Implemented Keystone command
os policy create
    [--type <policy-type>]
    --blob-file <blob-file>
yes
keystone policy-create
    --type <policy-type>
    --blob <policy-blob>
os policy delete
    <policy-id>
yes
keystone policy-delete
    <policy-id>
os policy list
    [--include-blob]
yes
keystone policy-list
os policy set
    [--type <policy-type>]
    [--blob-file<blob-file>]
    <policy-id>
yes
keystone policy-update
    [--type <policy-type>]
    [--blob <policy-blob>]
    <policy-id>
os policy show
    <policy-id>
yes
keystone policy-get
    <policy-id>

project

OSC Command Implemented Keystone command
os project create
    [--domain <project-domain>]
    [--description <project-description>]
    [--enable | --disable]
    [--property <key=value>]
    <project-name>
yes
keystone project-create
    [--domain_id <domain_id>]
    [--description <description>]
    [--enable | --disable]
    <name>
os project delete
    <project>
yes
os project-delete
    <project_id>
os project list
    [--long]
yes
keystone project-list
os project set
    [--name <new-project-name>]
    [--domain <project-domain>]
    [--description <new-project-description>]
    [--enable | --disable]
    [--property <key=value>]
    <project>
yes
keystone project-set
    [--name <new-project-name>]
    [--domain <project-domain>]
    [--description <new-project-description>]
    [--enable | --disable]
    <project_id>
os project show
    <project>
yes
keystone project-get
    <project_id>

role

OSC Command Implemented Keystone command
os role add
    [--user <user> | --group <group>]
    [--domain <domain> | --project <project>]
    <role>
yes
os role create
    <role-name>
yes
os role delete
    <role>
yes
os role list
yes
os role remove
    [--user <user> | --group <group>]
    [--domain <domain> | --project <project>]
    <role>
yes
os role set
    [--name <new-role-name>]
    <role>
yes
os role show
    <role>
yes

service

OSC Command Implemented Keystone command
os service create
	[--name <name>]
        [--enabled <true|false>]
        <type>
yes
keystone service-create
	[--name <name>]
        [--enabled <true|false>]
        <type>
os service delete
    <service>
yes
keystone service-delete
    <service_id>
os list service
yes
keystone service-list
os service set
    [--type <service-type>]
    [--name <new-name>]
    [--enable | --disable]
    <service>
yes
keystone service-set
    [--type <service-type>]
    [--name <new-name>]
    [--enable | --disable]
    <service>
os service show
    <service>
yes
keystone service-get 
    <service_id>

user

OSC Command Implemented Keystone command
os user create
    [--password <password>] 
    [--project <project>]
    [--email <user-email>]
    [--enable | --disable]
    <name>
yes
keystone user-create
    --name <user-name> 
    [--domain_id <domain-id>]
    [--default_project_id <project-id>]
    [--description <description>]
    [--enabled <true|false>]
    [--password <password>]
os user delete
    <user>
yes
keystone user-delete
    <user-id>
os user list
    [--project <project>]
    [--long]
yes
keystone user-list
os user set
    [--name <new-name>]
    [--password <password>] 
    [--project <project>]
    [--email <user-email>]
    [--enable | --disable]
    <user>
yes
keystone user-update
    --user_id <user-id>
    [--name <user-name>]
    [--domain_id <domain-id>]
    [--default_project_id <project-id>]
    [--description <description>]
    [--enabled <true|false>]
    [--password <password>]
os user show
    <user>
yes
keystone user-get
    <user-id>

Image

OSC Option Environment Variable Glance Option Environment Variable
--os-image-api-version <ver> OS_IMAGE_API_VERSION --os-image-api-version <ver> OS_IMAGE_API_VERSION
--os-service-type <type> OS_SERVICE_TYPE
--os-endpoint-type <type> OS_ENDPOINT_TYPE
--os-token <token> OS_TOKEN --os-auth-token <token> OS_AUTH_TOKEN
--os-url <url> OS_URL --os-image-url <url> OS_IMAGE_URL
--os-cacert <file> OS_CACERT
--cert-file <file> CERT_FILE
--key-file <key-file> KEY_FILE
--no-ssl-compression


API v1

image

OSC Command Implemented Glance command
os image create
    [--id <id>]
    [--store <store>]
    [--container-format <format>]
    [--disk-format <format>]
    [--owner <tenant>]
    [--size <size-bytes>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <local-filename>]
    [--volume <volume>]
    [--force]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <name>
yes
glance image-create
    [--id <IMAGE_ID>]
    [--name <NAME>]
    [--disk-format <DISK_FORMAT>]
    [--container-format <CONTAINER_FORMAT>]
    [--owner <TENANT_ID>]
    [--size <SIZE>]
    [--min-disk <DISK_GB>]
    [--min-ram <DISK_RAM>]
    [--location <IMAGE_URL>]
    [--checksum <CHECKSUM>]
    [--copy-from <IMAGE_URL>]
    [--is-public [True|False]]
    [--is-protected [True|False]]
    [--property <key=value>]
    [--human-readable]
os image delete
    <image>
yes
glance image-delete
    <IMAGE_ID>
os image list
    [--page-size <size>]
yes
glance image-list
os image save
    [--file <filename>]
    <image>
yes
glance image-download
    [--file <FILE>]
    <IMAGE>
os image set
    [--name <name>]
    [--owner <tenant>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <image>
yes
glance image-update
    [--name <NAME>]
    [--disk-format <DISK_FORMAT>]
    [--container-format <CONTAINER_FORMAT>]
    [--owner <TENANT_ID>]
    [--size <SIZE>]
    [--min-disk <DISK_GB>]
    [--min-ram <DISK_RAM>]
    [--location <IMAGE_URL>]
    [--file <FILE>]
    [--checksum <CHECKSUM>]
    [--copy-from <IMAGE_URL>]
    [--is-public [True|False]]
    [--is-protected [True|False]]
    [--property <key=value>]
    [--purge-props]
    [--human-readable]
    <IMAGE>
os image show
    <image>
yes
glance image-show
    [--human-readable]
    <IMAGE>

API v2

image

OSC Command Implemented Glance command
os image add project
    <image>
    <project>
no
glance member-create
    [--can-share]
    <IMAGE_ID>
    <TENANT_ID>
os image create
    [--id <id>]
    [--store <store>]
    [--container-format <format>]
    [--disk-format <format>]
    [--owner <tenant>]
    [--size <size-bytes>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <local-filename>]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <name>
# verify v2 options
no
os image delete
    <image>
yes
glance image-delete
    <IMAGE_ID>
os image list
    [--page-size <size>]
yes
glance image-list
os image list
    --shared
    [--image <image>]
    [--project <project>]
no
glance member-list
    [--image-id <IMAGE_ID>]
    [--tenant-id <TENANT_ID>]
os image remove project
    <image>
    <project>
no
glance member-delete
    <IMAGE_ID>
    <TENANT_ID>
os image save
    [--file <filename>]
    <image>
yes
glance image-download
    [--file <FILE>]
    <IMAGE>
os image set
    [--id <id>]
    [--store <store>]
    [--container-format <format>]
    [--disk-format <format>]
    [--owner <tenant>]
    [--size <size-bytes>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mg>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <local-filename>]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value>]
    <name>
no
glance image-update
    [--name <NAME>]
    [--disk-format <DISK_FORMAT>]
    [--container-format <CONTAINER_FORMAT>]
    [--owner <TENANT_ID>]
    [--size <SIZE>]
    [--min-disk <DISK_GB>]
    [--min-ram <DISK_RAM>]
    [--location <IMAGE_URL>]
    [--file <FILE>]
    [--checksum <CHECKSUM>]
    [--copy-from <IMAGE_URL>]
    [--is-public [True|False]]
    [--is-protected [True|False]]
    [--property <key=value>]
    [--purge-props]
    [--human-readable]
    <IMAGE>
os image show
    <image>
yes
glance image-show
    [--human-readable]
    <IMAGE>

image-member

The image member commands have been rolled in to the regualr image commands.

Network

The Network commands in neutron are actually in pretty good shape. It appears most update commands have not be en implemented, but looks pretty solid other than that. Note some questions:

  • Note: Should the --request-format option be a global option. Nice from a developers perspective if you want to test XML for ins

tance, but why would users really care.

  • Note: Should we have --os-network-api-version <ver> argument since neutron currently only supports one version?

NOTE(dtroyer): yes for consistency


OSC Option Environment Variable Nova Option Environment Variable
--os-auth-strategy OS_AUTH_STRATEGY
--os-auth-url OS_AUTH_URL --os-auth-url OS_AUTH_URL
--os-project-name OS_PROJECT_NAME --os-tenant-name OS_TENANT_NAME
--os-project-id OS_PROJECT_ID --os-tenant-id OS_TENANT_ID
--os-username OS_USERNAME --os-username OS_USERNAME
--os-password OS_PASSWORD --os-password OS_PASSWORD
--os-region-name OS_REGION_NAME --os-region-name OS_REGION_NAME
--os-token OS_TOKEN --os-token OS_TOKEN
--os-url OS_URL --os-url OS_URL
--os-cacert OS_CACERT --os-cacert OS_CACERT
--os-network-api-version <ver> OS_NETWORK_API_VERSION


API v2.0

NOTE(dtroyer): I am removing all of the default cliff options for clarity. Also, apparently neutronclient has a different idea of how these are used than OSC.

Cisco

NOTE(dtroyer): We need to think about how to handle vendor-plugin-specific bits. I don't want these in the default set...

Note all of these "network pofile" and "policy profile", why not just network and policy, profile is useless.

OSC Command Implemented Neutron command
os cisco credential create <credential_name> <credential_type>
    [--tenant-id TENANT_ID]
    [--username USERNAME]
    [--password PASSWORD]
no
neutron cisco-credential-create <credential_name> <credential_type>
    [--tenant-id TENANT_ID]
    [--username USERNAME]
    [--password PASSWORD]
os cisco credential delete <credential>
no
neutron cisco-credential-delete <credential>
os cisco credential list
    [-F FIELD]
no
neutron cisco-credential-list
    [-F FIELD]
os cisco credential show <credential>
    [-F FIELD]
no
neutron cisco-credential-show <credential>
    [-F FIELD]
os cisco network profile create <name> <vlan|overlay|multi-segment|trunk>
    [--tenant-id TENANT_ID]                 
    [--sub_type SUB_TYPE]                   
    [--segment_range SEGMENT_RANGE]         
    [--physical_network PHYSICAL_NETWORK]   
    [--multicast_ip_range MULTICAST_IP_RANGE]
    [--add-tenant ADD_TENANT]
no
neutron cisco-network-profile-create <name> <vlan|overlay|multi-segment|trunk>
    [--tenant-id TENANT_ID]                 
    [--sub_type SUB_TYPE]                   
    [--segment_range SEGMENT_RANGE]         
    [--physical_network PHYSICAL_NETWORK]   
    [--multicast_ip_range MULTICAST_IP_RANGE]
    [--add-tenant ADD_TENANT]
os cisco network profile delete <profile>
    [--request-format {json,xml}]
no
neutron cisco-network-profile-delete <profile>
    [--request-format {json,xml}]
os cisco network profile list
    [-F FIELD]
no
neutron cisco-network-profile-list
    [-F FIELD]
os cisco network profile show <profile>
    [-F FIELD]
no
neutron cisco-network-profile-show <profile>
    [-F FIELD]
os cisco network profile update <profile>
    [--request-format {json,xml}]
no
neutron cisco-network-profile-update <profile>
    [--request-format {json,xml}]
os cisco policy profile list
    [-F FIELD]
no
neutron cisco-policy-profile-list
    [-F FIELD]
os cisco policy profile show <profile>
    [--request-format {json,xml}] [-D]    
    [-F FIELD]
no
neutron cisco-policy-profile-show <profile>
    [--request-format {json,xml}] [-D]    
    [-F FIELD]
os cisco policy profile update <profile>
    [--request-format {json,xml}]
no
neutron cisco-policy-profile-update <profile>
    [--request-format {json,xml}]


DHCP Agent

OSC Command Implemented Neutron command
os dhcp agent add network
    <network>
    <dhcp_agent>
no
neutron dhcp-agent-network-add <dhcp_agent> <network>
   [--request-format {json,xml}]
os dhcp agent remove network
    <network>
    <dhcp_agent>
no
neutron dhcp-agent-network-remove <dhcp_agent> <network>
   [--request-format {json,xml}]
os dhcp agent list <network>
    [--long]
no
neutron dhcp-agent-list-hosting-net <network>
os network list --dhcp <dhcp_agent>
    [--long]
no
neutron net-list-on-dhcp-agent <dhcp_agent>

Firewall

OSC Command Implemented Neutron command
os firewall create
    [--description <description>]
    [--project <project>]
    [--enable | --disable]
    [--share | --no-share]
    <policy> <name>

NOTE(dtroyer): need a better name for --not-shared?

no
neutron firewall-create 
    <policy>
    [--tenant-id TENANT_ID]
    [--name NAME]
    [--description DESCRIPTION]
    [--shared]
    [--admin-state-down]
os firewall delete
    <firewall>
no
neutron firewall-delete
    <firewall>
os firewall list
    [--long]
    [--sort-key FIELD]
    [--sort-dir {asc,desc}]

NOTE(dtroyer): need to think about the sort stuff

no
neutron firewall-list
    [-P SIZE] [--sort-key FIELD] 
    [--sort-dir {asc,desc}]
os firewall set
    <firewall>

NOTE(dtroyer): what is being changed?

no
neutron firewall-update
    <firewall>
os firewall show
    <firewall>
no
neutron firewall-show
    <firewall>

Firewall Policy

NOTE(dtroyer): need to work out the format of FIREWALL_RULE

OSC Command Implemented Neutron command
os firewall policy create
    [--description <description>]
    [--project <project>]
    [--firewall-rules <rules>]
    [--share | --no-share]
    [--audit | --no-audit]
    <name>
no
neutron firewall-policy-create
    <name>
    [--tenant-id TENANT_ID]           
    [--description DESCRIPTION]
    [--shared]
    [--firewall-rules FIREWALL_RULES] 
    [--audited]
os firewall policy delete
    <policy>
no
neutron firewall-policy-delete
    <policy>
os firewall policy add rule
    [--insert-before FIREWALL_RULE]
    [--insert-after FIREWALL_RULE]
    <policy>
    <rule>
no
neutron firewall-policy-insert-rule
    <policy>
    <rule>
    [--insert-before FIREWALL_RULE]        
    [--insert-after FIREWALL_RULE]
os firewall policy list
    [--long]
no
neutron firewall-policy-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os firewall policy remove rule
    <policy>
    <rule>
no
neutron firewall-policy-remove-rule
    <policy>
    <rule>
os firewall policy set
    <policy>

NOTE(dtroyer): what is being changed?

no
neutron firewall-policy-update
    <policy>
os firewall policy show
    <policy>
no
neutron firewall-policy-show
    <policy>


Firewall Rule

OSC Command Implemented Neutron command
os firewall rule create
    [--project <project>]
    [--description <description>]
    [--source-ip-address SOURCE_IP_ADDRESS]
    [--destination-ip-address DESTINATION_IP_ADDRESS]
    [--source-port SOURCE_PORT]
    [--destination-port DESTINATION_PORT]
    [--enable | --disable]
    [--share | --no-share]
    --protocol tcp|udp|icmp|any
    --action allow|deny
    <name>

NOTE(dtroyer): it might be more consistent to change --protocol and --action to direct options; ex: '--tcp | --udp | --icmp | --any'

no
neutron firewall-rule-create
    [--tenant-id TENANT_ID]
    [--name NAME]
    [--description DESCRIPTION]
    [--shared]
    [--source-ip-address SOURCE_IP_ADDRESS]
    [--destination-ip-address DESTINATION_IP_ADDRESS]
    [--source-port SOURCE_PORT]
    [--destination-port DESTINATION_PORT]
    [--disabled]
    --protocol {tcp,udp,icmp,any}
    --action {allow,deny}
os firewall rule delete
    <rule>
no
neutron firewall-rule-delete
    <rule>
os firewall rule list
    [--long]
no
neutron firewall-rule-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os firewall rule show
    <rule>
no
neutron firewall-rule-show
    <rule>
    [-F FIELD]
os firewall rule
    [--protocol tcp|udp|icmp|any]
    <rule>
no
neutron firewall-rule-update
    <rule>
    [--protocol {tcp,udp,icmp,any}]


Gateway

Note: change from net-gateway to gateway

OSC Command Implemented Neutron command
os gateway create
    [--project <project>]
    [--device <device>]
    <name>

NOTE(dtroyer): consider changing the --device syntax to remove the embedded device_id=,interface_name=

no
neutron net-gateway-create
    <name>
    [--tenant-id TENANT_ID]
    [--device DEVICE]
os gateway delete
    <gateway>
no
neutron net-gateway-delete
    <gateway>
os gateway list
    [--long]
no
neutron net-gateway-list
os gateway set
    <gateway>
no
neutron net-gateway-update
    <gateway>
os gateway show
    <gateway>
no
neutron net-gateway-show
    <gateway>


IP Floating

Note: Do we need to have backward compatibility for older releases where compute controlled floating IPs? I think the latest compute still supports the old interface, but it would be best to discontinue use of that. Should the command be floating-ip or floatingip?

NOTE(dtroyer): The existing commands under Compute are for nova-network; it is a pass-through to Neutron but at some point OSc needs to get smart about when to call nova-network and when to call Neutron directly. The commands need to be the same as much as possible.

OSC Command Implemented Neutron command
os ip floating add
    [--fixed-ip <fixed-ip-address>]
    <floating-ip-address>
    <port>

NOTE(dtroyer): maybe this should be 'port add floating ip'?

no
neutron floatingip-associate
    <ip>
    <port>
    [--fixed-ip-address FIXED_IP_ADDRESS]
os ip floating create
    [--project <project>]
    [--port <port>]
    [--fixed-ip <fixed-ip-address>]
    <network>
no
neutron floatingip-create
    <network>
    [--tenant-id TENANT_ID] [--port-id PORT_ID]
    [--fixed-ip-address FIXED_IP_ADDRESS]
os ip floating delete
    <floating-ip-address>
no
neutron floatingip-delete
    <ip>
os ip floating list
    [--long]
no
neutron floatingip-list
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os ip floating remove
    <floating-ip-address>
no
neutron floatingip-disassociate
    <ip>
os ip floating show
    <floating-ip-address>
no
neutron floatingip-show
    <ip>

IPSEC

  1. Note Why are we doing "ipsec site connection <verb>" instead of "ipsec <verb>"? Is there going to be something other than site connections for ipsec?

NOTE(dtroyer): good question. I wonder if Neutron will ever support any other kind of tunnel? If so, 'tunnel' should be the object anme and --ipsec is a type option...until then let's just use 'ipsec' as the object name.

NOTE(dtroyer): one thing I know is we generally totally abuse the term 'cidr' and use it where we mean network addresses in CIDR notation. We will not perpetuate that in OSC no matter what the rest of the project does. I need to brush up on IPSEC configuration to be able to fix these option names.

OSC Command Implemented Neutron command
os ipsec create
    [--project <project>]
    [--description <description>]
    [--enable | --disable]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    # use --bi-directional | --response-only ?
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    # rethink --dpd
    --vpnservice-id VPNSERVICE
    --ikepolicy-id IKEPOLICY
    --ipsecpolicy-id IPSECPOLICY
    --peer-address PEER_ADDRESS
    --peer-id PEER_ID
    --peer-cidr PEER_CIDRS
    --psk PSK
    <name>
no
neutron ipsec-site-connection-create
    [--tenant-id TENANT_ID]
    [--admin-state-down]
    [--name NAME]
    [--description DESCRIPTION]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    --vpnservice-id VPNSERVICE
    --ikepolicy-id IKEPOLICY
    --ipsecpolicy-id IPSECPOLICY
    --peer-address PEER_ADDRESS
    --peer-id PEER_ID
    --peer-cidr PEER_CIDRS
    --psk PSK
os ipsec delete
    <ipsec-site>
no
neutron ipsec-site-connection-delete
    <ipsecsite>
os ipsec list
    [--long]
no
neutron ipsec-site-connection-list
    [--sort-key FIELD]                    
    [--sort-dir {asc,desc}]
os ipsec set
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    <ipsec-site>
no
neutron ipsec-site-connection-update
    <ipsecsite>
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
os ipsec site connection show
    <ipsec-site>
no
neutron ipsec-site-connection-show
    <ipsecsite>

L3 Agent

NOTE(dtroyer): the list command may make more sense as options to 'router list'

OSC Command Implemented Neutron command
os l3 agent list
    [--router <router>]
no
neutron l3-agent-list-hosting-router <router>
os l3 agent add router
    <l3_agent>
    <router>
no
neutron l3-agent-router-add
    <l3_agent>
    <router>
os l3 agent remove router
    <l3_agent>
    <router>
no
neutron l3-agent-router-remove
    <l3_agent>
    <router>

Load Balancer

OSC Command Implemented Neutron command
os lb healthmonitor add <healthmonitor> <pool>
    # Note command change
no
neutron lb-healthmonitor-associate <healthmonitor> <pool>
    [--request-format {json,xml}]
os lb healthmonitor create
    [--tenant-id TENANT_ID]
    [--admin-state-down]
    [--expected-codes EXPECTED_CODES]
    [--http-method HTTP_METHOD]
    [--url-path URL_PATH] --delay DELAY
    --max-retries MAX_RETRIES --timeout
    TIMEOUT --type {PING,TCP,HTTP,HTTPS}
no
neutron lb-healthmonitor-create
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID]
    [--admin-state-down]
    [--expected-codes EXPECTED_CODES]
    [--http-method HTTP_METHOD]
    [--url-path URL_PATH] --delay DELAY
    --max-retries MAX_RETRIES --timeout
    TIMEOUT --type {PING,TCP,HTTP,HTTPS}
os lb healthmonitor delete <healthmonitor>
no
neutron lb-healthmonitor-delete <healthmonitor>
    [--request-format {json,xml}]
os lb healthmonitor remove <healthmonitor> <pool>
    # Note command change
no
neutron lb-healthmonitor-disassociate <healthmonitor> <pool>
    [--request-format {json,xml}]
os lb healthmonitor list
no
neutron lb-healthmonitor-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb healthmonitor show <healthmonitor>
no
neutron lb-healthmonitor-show <healthmonitor>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
os lb healthmonitor update <healthmonitor>
no
neutron lb-healthmonitor-update <healthmonitor>
    [--request-format {json,xml}]
os lb member create <pool>
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--weight WEIGHT] --address ADDRESS
    --protocol-port PROTOCOL_PORT
no
neutron lb-member-create <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX] 
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--weight WEIGHT] --address ADDRESS
    --protocol-port PROTOCOL_PORT
os lb member delete <member>
no
neutron lb-member-delete <member>
    [--request-format {json,xml}]
os lb member list
no
neutron lb-member-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb member show <member>
no
neutron lb-member-show <member>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb member update <member>
no
neutron lb-member-update <member>
    [--request-format {json,xml}]
os lb pool create
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--description DESCRIPTION] --lb-method
    {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} --name
    NAME --protocol {HTTP,HTTPS,TCP} --subnet-id
    SUBNET [--provider PROVIDER]
no
neutron lb-pool-create
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--description DESCRIPTION] --lb-method
    {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} --name
    NAME --protocol {HTTP,HTTPS,TCP} --subnet-id
    SUBNET [--provider PROVIDER]
os lb pool delete <pool>
no
neutron lb-pool-delete <pool>
    [--request-format {json,xml}]
os lb pool list
    [--lbaas-agent AGENT]
no
neutron lb-pool-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
neutron lb-pool-list-on-agent <lbaas_agent>
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
# Note another one of those oddball commands
os lb pool show <pool>
    [--agent] [--stats]
no
neutron lb-pool-show <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
neutron lb-agent-hosting-pool <pool>
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
neutron lb-pool-stats <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb pool update <pool>
no
neutron lb-pool-update <pool>
    [--request-format {json,xml}]
os lb vip create <pool>
    [--tenant-id TENANT_ID] [--address ADDRESS]
    [--admin-state-down]
    [--connection-limit CONNECTION_LIMIT]
    [--description DESCRIPTION] --name NAME
    --protocol-port PROTOCOL_PORT --protocol
    {TCP,HTTP,HTTPS} --subnet-id SUBNET
no
neutron lb-vip-create <pool>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--address ADDRESS]
    [--admin-state-down]     
    [--connection-limit CONNECTION_LIMIT]
    [--description DESCRIPTION] --name NAME 
    --protocol-port PROTOCOL_PORT --protocol 
    {TCP,HTTP,HTTPS} --subnet-id SUBNET
os lb vip delete <vip>
no
neutron lb-vip-delete <vip>
    [--request-format {json,xml}]
os lb vip list
no
neutron lb-vip-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os lb vip show <vip>
no
neutron lb-vip-show <vip>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os lb vip update <vip>
no
neutron lb-vip-update <vip>
    [--request-format {json,xml}]

Network

  1. Note name changes from net to netowork
OSC Command Implemented Neutron command
os network add gateway
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
    <network>
    <gateway>
no
neutron net-gateway-connect
    <gateway>
    <network>
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
os network create
    [--admin-state-up | --admin-state-down]
    [--share | --no-share]
    <name>
no
neutron net-create
    <name>
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--shared]
os network delete
    <network>
no
neutron net-delete
    <network>
os network list
    [--long]
    [--external]
    [--dhcp dhcpid]
no
neutron net-list

neutron net-external-list
os network set
    [--admin-state-up | --admin-state-down]
    [--share | --no-share]
    [--name newname]
    <network>
no
neutron net-update
    <network>
os network remove gateway
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
    <network>
    <gateway>
# Note technicall wrong verb here, but add/remove
# seems a little odd

NOTE(dtroyer): the help in neutronclient actually uses add/remove...but these may be 'network' commands not 'network gateway'

no
neutron net-gateway-disconnect
    <gateway>
    <network>
    [--segmentation-type SEGMENTATION_TYPE]
    [--segmentation-id SEGMENTATION_ID]
os network show
    <network>
no
neutron net-show
    <network>

Network Agent

NOTE: There is no agent create in neutron at the moment. I assume these should replace the compute commands.

NOTE(dtroyer): The compute agent refers to the bits of code that run inside a VM. A Neutron agent is code that runs on a host system; there are at least 4 different types: plugin, dhcp, l3 and metadata.

OSC Command Implemented Neutron command
os network agent delete
    <agent>
no
neutron agent-delete <agent>
os network agent list
    [--long]

NOTE(dtroyer): list commands always use --long for their 'show me more stuff' option

no
neutron agent-list
  [-D, --show-details]
  [-F FIELD, --field FIELD]
  [--quote {all,minimal,none,nonnumeric}]
os network agent update
    <agent>

NOTE(dtroyer): update commands often map to the OSC verb 'set'. but with no value to set???

no
neutron agent-update <agent>
# NOTE: no args, what does this update?
os network agent show
    <agent>
no
neutron agent-show <agent>
  [-D, --show-details]
  [-F FIELD, --field FIELD]

Port

OSC Command Implemented Neutron command
os port create
    --network <network>
    [--project <project>]
    [--mac-address <mac-address>]
    [--device-id <device-id>]
    [--fixed-ip <ip-address>]
    [--security-group <security-group>]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
    # gotta rename extra-dhcp-opts
    [--enable | --disable]
    <name>

NOTE(dtroyer): how is --no-security-groups different from not specifying any security groups on create?

no
neutron port-create
    <network>
    [--tenant-id TENANT_ID]
    [--name NAME]
    [--admin-state-down]
    [--mac-address MAC_ADDRESS]
    [--device-id DEVICE_ID]
    [--fixed-ip ip_address=IP_ADDR]
    [--security-group SECURITY_GROUP]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
os port delete
    <port>
no
neutron port-delete
    <port>
os port list
    [--router <router>]
no
neutron port-list

neutron router-port-list
    <router>
os port update 
    [--security-group <security-group>]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
    <port>
no
neutron port-update
    <port>
    [--security-group SECURITY_GROUP]
    [--no-security-groups]
    [--extra-dhcp-opt EXTRA_DHCP_OPTS]
os port show
    <port>
no
neutron port-show
    <port>

Queue

Note: Should this be something less generic than "queue". I would think this was a message queue first.

OSC Command Implemented Neutron command
os queue create <name>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--min MIN] [--max MAX]
    [--qos-marking QOS_MARKING] [--default DEFAULT]
    [--dscp DSCP]
no
neutron queue-create <name>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--min MIN] [--max MAX]
    [--qos-marking QOS_MARKING] [--default DEFAULT]
    [--dscp DSCP]
os queue delete <queue>
    [--request-format {json,xml}]
no
neutron queue-delete <queue>
    [--request-format {json,xml}]
os queue list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron queue-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
os queue show <queue>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
no
neutron queue-show <queue>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]

Quota

Note: See quota in the cross API section.

OSC Command Implemented Neutron command
no
neutron quota-delete
    [--request-format {json,xml}]
    [--tenant-id tenant-id]
no
neutron quota-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}]
no
neutron quota-show
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id tenant-id]
no
neutron quota-update
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id tenant-id] [--network networks]
    [--subnet subnets] [--port ports] 
    [--router routers] [--floatingip floatingips]
    [--security-group security_groups]
    [--security-group-rule security_group_rules]


Router

Note: I've removed router gateway unset and added a --no-gateway option to router set <-dtoyer

OSC Command Implemented Neutron command
os router create
    [--project <project>]
    [--enable | --disable]
    <name>
no
neutron router-create
    <name>
    [--tenant-id TENANT_ID]
    [--admin-state-down]
os router delete
    <router>
no
neutron router-delete
    <router>
os router list
    [--l3-agent <l3-agent>]
    [--long]
no
neutron router-list

neutron router-list-on-l3-agent <l3_agent>
os router set
    [--gateway <network>]
    [--enable-snat | --disable-snat]
    [--no-gateway]
    <router>
no
neutron router-update
    <router>

neutron router-gateway-set
    <router>
    <network>
    [--disable-snat]

neutron router-gateway-clear
    <router>
os router show
    <router>
no
neutron router-show
    <router>

Router Interface

OSC Command Implemented Neutron command
os router add port
    <router>
    <port>
no
neutron router-interface-add
    <router>
    <interface>
os router remove port
    <router>
    <port>
no
neutron router-interface-delete
    <router>
    <interface>
os router add subnet
    <router>
    <subnet>
no
neutron router-interface-add
    <router>
    <interface>
os router remove subnet
    <router>
    <subnet>
no
neutron router-interface-delete
    <router>
    <interface>

Security Group

Note: should we use "secgroup" or replace it with "security group" Supporting both would be confusing, but for now it would probably work.

NOTE(dtroyer): I think 'security group' is what we need to use; this is one of the last commands to have the short form removed...

OSC Command Implemented Neutron command
os security group create <name>
    [--project TENANT_ID]
    [--description DESCRIPTION]
no
neutron security-group-create <name>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]    
    [--tenant-id TENANT_ID]          
    [--description DESCRIPTION]
os security group delete <security_group>
no
neutron security-group-delete <security_group>
    [--request-format {json,xml}]
os security group list
no
neutron security-group-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}] 
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os security group show <security_group>
no
neutron security-group-show <security_group>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D]
    [-F FIELD]
os security group update <security_group>
    [--name NAME] [--description DESCRIPTION]
no
neutron security-group-update <security_group>
    [--request-format {json,xml}]
    [--name NAME] [--description DESCRIPTION]

Security Group Rule

Note: Again, we have duplicate commands with Nova.

OSC Command Implemented Neutron command
os security group rule create <security_group>
    [--project TENANT_ID]
    [--direction {ingress,egress}]
    [--ethertype ETHERTYPE]
    [--protocol PROTOCOL]
    [--port-range-min PORT_RANGE_MIN]
    [--port-range-max PORT_RANGE_MAX]
    [--remote-ip-prefix REMOTE_IP_PREFIX]
    [--remote-group-id REMOTE_GROUP]
no
neutron security-group-rule-create <security_group>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE]                 
    [--prefix PREFIX]                     
    [--request-format {json,xml}]         
    [--tenant-id TENANT_ID]               
    [--direction {ingress,egress}]        
    [--ethertype ETHERTYPE]               
    [--protocol PROTOCOL]                 
    [--port-range-min PORT_RANGE_MIN]     
    [--port-range-max PORT_RANGE_MAX]     
    [--remote-ip-prefix REMOTE_IP_PREFIX]
    [--remote-group-id REMOTE_GROUP]
os security group rule delete <rule>
no
neutron security-group-rule-delete <rule>
    [--request-format {json,xml}]
os security group rule list
no
neutron security-group-rule-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]  
    [-F FIELD] [-P SIZE]                
    [--sort-key FIELD]                  
    [--sort-dir {asc,desc}]             
    [--no-nameconv]
os security group rule show <rule>
no
neutron security-group-rule-show <rule>

Service Provider

Note: Is this related to the Keystone service? Not sure. The Neutron help is very light.

OSC Command Implemented Neutron command
no
neutron service-provider-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D]
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]

Subnet

OSC Command Implemented Neutron command
os subnet create <network> <cidr>
    [--project TENANT_ID] [--name NAME]
    [--ip-version {4,6}] [--gateway GATEWAY_IP]
    [--no-gateway]
    [--allocation-pool start=IP_ADDR,end=IP_ADDR]
    [--host-route destination=CIDR,nexthop=IP_ADDR]
    [--dns-nameserver DNS_NAMESERVER]
    [--disable-dhcp]
no
neutron subnet-create <network> <cidr>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}]
    [--tenant-id TENANT_ID] [--name NAME] 
    [--ip-version {4,6}] [--gateway GATEWAY_IP]
    [--no-gateway]           
    [--allocation-pool start=IP_ADDR,end=IP_ADDR]
    [--host-route destination=CIDR,nexthop=IP_ADDR]
    [--dns-nameserver DNS_NAMESERVER]
    [--disable-dhcp]
os subnet delete <subnet>
no
neutron subnet-delete <subnet>
    [--request-format {json,xml}]
os subnet list
no
neutron subnet-list
    [-f {csv,table}] [-c COLUMN]
    [--quote {all,minimal,none,nonnumeric}]
    [--request-format {json,xml}] [-D] [-F FIELD]
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os subnet show <subnet>
no
neutron subnet-show <subnet>
    [-f {shell,table}] [-c COLUMN]
    [--variable VARIABLE] [--prefix PREFIX]
    [--request-format {json,xml}] [-D] [-F FIELD]
os subnet update <subnet>
no
neutron subnet-update <subnet>
    [--request-format {json,xml}]

VPN

OSC Command Implemented Neutron command
os vpn ikepolicy create <name>
    [--project TENANT_ID]
    [--description DESCRIPTION]
    [--auth-algorithm {sha1}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--phase1-negotiation-mode {main}]
    [--ike-version {v1,v2}]
    [--pfs {group2,group5,group14}]
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ikepolicy-create <name>
    [--tenant-id TENANT_ID]
    [--description DESCRIPTION]
    [--auth-algorithm {sha1}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--phase1-negotiation-mode {main}]
    [--ike-version {v1,v2}]
    [--pfs {group2,group5,group14}]
    [--lifetime units=UNITS,value=VALUE]
os vpn ikepolicy delete <policy>
no
neutron vpn-ikepolicy-delete <policy>
os vpn ikepolicy list
no
neutron vpn-ikepolicy-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os vpn ikepolicy show <policy>
no
neutron vpn-ikepolicy-show <policy>
os vpn ikepolicy set <policy>
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ikepolicy-update <policy>
    [--lifetime units=UNITS,value=VALUE]
os vpn ipsecpolicy create <name>
    [--project TENANT_ID]
    [--description DESCRIPTION]
    [--transform-protocol {esp,ah,ah-esp}]
    [--auth-algorithm {sha1}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--encapsulation-mode {tunnel,transport}]
    [--pfs {group2,group5,group14}]
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ipsecpolicy-create <name>
    [--tenant-id TENANT_ID]           
    [--description DESCRIPTION]       
    [--transform-protocol {esp,ah,ah-esp}]
    [--auth-algorithm {sha1}]         
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--encapsulation-mode {tunnel,transport}]
    [--pfs {group2,group5,group14}]   
    [--lifetime units=UNITS,value=VALUE]
os vpn ipsecpolicy delete <policy>
no
neutron vpn-ipsecpolicy-delete <policy>
os vpn ipsecpolicy list
no
neutron vpn-ipsecpolicy-list
    [-F FIELD] [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os vpn ipsecpolicy show <policy>
no
neutron vpn-ipsecpolicy-show <policy>
os vpn ipsecpolicy set <policy>
    [--lifetime units=UNITS,value=VALUE]
no
neutron vpn-ipsecpolicy-update <policy>
    [--lifetime units=UNITS,value=VALUE]
os vpn service create <router> <subnet>
    [--project TENANT_ID] [--admin-state-down]
    [--name NAME] [--description DESCRIPTION]
no
neutron vpn-service-create <router> <subnet>
    [--tenant-id TENANT_ID] [--admin-state-down]
    [--name NAME] [--description DESCRIPTION]
os vpn service delete <service>
no
neutron vpn-service-delete <service>
    [--request-format {json,xml}]
os vpn service list
no
neutron vpn-service-list
    [-P SIZE] [--sort-key FIELD]
    [--sort-dir {asc,desc}]
os vpn service show <service>
no
neutron vpn-service-show <service>
os vpn service set <service>
no
neutron vpn-service-update <service>

Object

API v1

Commands:

  • upload [options] container file_or_directory [file_or_directory] [...]
  • post [options] [container] [object]

container

OSC Command Implemented Swift command
os container list
    [--prefix <prefix>]
    [--delimiter <delimiter>]
    [--long]
    [--all]
yes
swift list
    [--prefix|-p]
    [-l|-lh]
    [-t]
    [--delimiter|-d]
    [options]
    [container]
os container show
    [<container-name>]
yes
swift stat
    [--lh]
    [<container>]
    [<object>]

object

OSC Command Implemented Swift command
os object delete
    <object>
no
swift delete
    [--leave-segments]
    [options]
    --all

swift delete container
    [--leave-segments]
    [options] 
    [object]
    [object] ...
os object list
    [--prefix <prefix>]
    [--delimiter <delimiter>]
    [--long]
    [--all]
    <container-name>]
yes
swift list
    [--prefix|-p]
    [-l|-lh]
    [-t]
    [--delimiter|-d]
    [options]
    [container]
os object show
    <container-name>
    <object-name>
yes
swift stat
    [--lh]
    [<container>]
    [<object>]
os object save
    [<container>]
    [<object>]
no
swift download
    --all 
    [--prefix|-p]
    [options]

swift download
    container
    [--prefix|-p]
    [--output|-o <filename>]
    [options]
    [object]
    [object] ...


Volume

Cinder Option Environment Variable OSC Option Environment Variable
--os-volume-api-version <ver> OS_VOLUME_API_VERSION --os-volume-api-version <ver> OS_VOLUME_API_VERSION
--service-type <type>
--service-name <name> CINDER_SERVICE_NAME
--volume-service-name <name> CINDER_VOLUME_SERVICE_NAME
--endpoint-type <type> CINDER_ENDPOINT_TYPE
--retries <int>


API v1.0

limits

See limits in the cross API section.

quota

See quota in the cross API section.

snapshot

OSC Command Implemented Cinder command
os snapshot create
    --name <name>
    [--description <description>]
    [--force]
    <volume>
yes
cinder snapshot-create
    --force <True|False>
    --display-name <display-name>
    --display-description <display-description>
    <volume-id>
os snapshot delete
    <snapshot>
yes
cinder snapshot-delete
    <snapshot-id>
os snapshot list
yes (no opts yet)
cinder snapshot-list 
    --all-tenants [<0|1>]
    --display-name <display-name>
    --status <status>
    --volume-id <volume-id>
os snapshot set
    [--name <new-name>]
    [--description <new-description>]
    <snapshot>
yes
cinder snapshot-rename
    --display-description <display-description>
    --display-name <display-name>
    <snapshot-id>
os snapshot show
    <snapshot>
yes
cinder snapshot-show
    <snapshot-id>

volume

OSC Command Implemented Cinder command
os volume create
    --size <size>
    [--description <description>]
    [--volume-type <volume-type>]
    [--snapshot-id <snapshot-id>]
    [--source <volid>]
    [--image <image-id>]
    [--availability-zone <availability-zone>]
    [--property <key=value>]
    [--user <user>]           # admin only
    [--project <project>]     # admin only
    <name>
yes
cinder create
    [--snapshot-id <snapshot-id>]
    [--source-volid <source-volid>]
    [--image-id <image-id>]
    [--display-name <display-name>]
    [--display-description <display-description>]
    [--volume-type <volume-type>]
    [--availability-zone <availability-zone>]
    [--metadata <key=value>]
    <size>
os volume delete
    [--force]
    <volume>
yes
cinder delete
    <volume-id>

cinder force-delete
    <volume-id>
os volume list
    [--name <name>]
    [--status <status>]
    [--long]
    [--all-tenants]           # admin only
yes
cinder list 
    --all-tenants [<0|1>]
    --display-name <display-name>
    --status <status>
os volume set
    [--name <new-name>]
    [--description <new-description>]
    [--property <key=value>]
    <volume>
yes
cinder metadata
    <volume-id>
    <action>
    <key=value>

cinder rename
    --display-description <display-description>
    <volume-id>
    <display-name>
os volume show
    <volume>
yes
cinder show
    <volume-id>
os volume unset
    [--property <key>]
    <volume>
yes

volume type

OSC Command Implemented Cinder command
os volume type create
    [--property <key=value>]
    <name>
yes
cinder type-create
    <type-name>
os volume type delete
    <volume-type>
yes
cinder type-delete
    <type-id>
os volume type list
    [--long]
yes
cinder type-list 

cinder extra-specs-list
os volume type set
    [--property <key=value>]
    <volume-type>
yes
cinder type-key
    <type-id>
    <set>
    <key=value>
os volume type unset
    [--property <key>]
    <volume-type>
yes
cinder type-key
    <type-id>
    <unset>
    <key>


Options

In general, options will be transformed into more UNIX-like usage

  • --enable true|false becomes --enable|--disable

(dhellmann) Not all boolean options have natural antonyms like enable/disable. It may be more consistent to use a --flag --no-flag style naming convention to indicate the opposites of flags.

"(dtroyer) Yup, except i really don't like --no-enable. I'm going to work through the switch mapping to see how many others we really have to deal with."