Command Structure
The detailed command structure is described in OpenStackClient/HumanInterfaceGuidelines#Command_Structure.
Command Arguments
- Arguments that normally require an ID in the OS-API may also use the name or other short identifier where reasonable to support
- Optional machine-parsable format is available with list and show commands. List has an option for CSV-formatted output (see --format, --quote options for a list command) while show has an option for shell-assignment formatted output (see --format option for a show command).
Objects
Note: these need a review to sync up with the revised object names without dashes ('-') in them.
Actions
The actions used by OpenStackClient are defined below to provide a consistent meaning to each action. Many of them have logical opposite actions. Those actions with an opposite action are noted in parens if applicable.
-
authorize
- authorize a token (used in OAuth)
-
add
(remove
) - add some object to a container object; the command is built in the order of "container add object" (<container> <object>), the positional arguments appear in the same order
-
attach
(detach
) - deprecated; use add
/remove
-
create
(delete
) - create a new occurrance of the specified object
-
delete
(create
) - delete a specific occurrance of the specified object
-
detach
(attach
) - deprecated; use add
/remove
-
list
- display summary information about multiple objects
-
lock
(unlock
)
-
migrate
- move a server to a different host; --live
performs a live migration if possible
-
pause
(unpause
) - stop a server and leave it in memory
-
reboot
- forcibly reboot a server
-
rebuild
- rebuild a server using (most of) the same arguments as in the original create
-
remove
(add
) - remove an object from a group of objects
-
rescue
(unrescue
) - reboot a server in a special rescue mode allowing access to the original disks
-
resize
- change a server's flavor
-
resume
(suspend
) - return a suspended server to running state
-
save
- download an object locally
-
set
(unset
) - set a property on the object, formerly called metadata
-
show
- display detailed information about the specific object
-
ssh
-
suspend
(resume
) - stop a server and save to disk freeing memory
-
unlock
(lock
)
-
unpause
(pause
) - return a paused server to running state
-
unrescue
(rescue
) - return a server to normal boot mode
-
unset
(set
) - remove an attribute of the object
Global Options
The common global options from the default OpenStack clients have been mapped to the set of global options below.
OSC Option |
Environment Variable |
|
Option |
Environment Variable
|
--version |
|
|
--version |
|
--help |
|
|
--help |
|
--debug |
|
|
--debug |
|
--quiet |
|
|
|
|
--verbose |
|
|
|
|
--log-file <filename> |
|
|
|
|
--os-auth-url <url> |
OS_AUTH_URL |
|
--os-auth-url <url> |
OS_AUTH_URL
|
--os-tenant-name <name> |
OS_TENANT_NAME |
|
--os-tenant-name <name> |
OS_TENANT_NAME
|
--os-tenant-id <id> |
OS_TENANT_ID |
|
--os-tenant-id <id> |
OS_TENANT_ID
|
--os-username <name> |
OS_USERNAME |
|
--os-username <name> |
OS_USERNAME
|
--os-password <pw> |
OS_PASSWORD |
|
--os-password <pw> |
OS_PASSWORD
|
--os-region-name <region> |
OS_REGION_NAME |
|
--os-region-name <region> |
OS_REGION_NAME
|
--os-cacert <file> |
OS_CACERT |
|
--os-cacert <file> |
OS_CACERT
|
|
|
|
--insecure |
|
--os-use-keyring |
|
|
|
|
Common Options
A number of options will appear in many commands and should have the same form in all commands to the extent possible.
Option |
Description |
Usual Default
|
--description |
describes an object |
none
|
--enable |
Used for setting the enabled state for an object |
n/a
|
--disable |
Used for setting the enabled state for an object |
n/a
|
Command Mapping Summary
This is an example mapping of the existing commands from Keystone (Identity), Nova (Compute), Glance (Image) and Cinder (Volume) to the <verb> <object>
form for the OpenStackClient cli tool. It reduces both the number of verbs and objects by handling some of the smaller differences with command line options.
Further consolidation could be achieved by additional options or by introduction secondary objects to the syntax. For example, the credentials and x509-cert (and x509-root-cert) objects could be combined:
nova x509-create-cert [<pk-file>] [<x509-cert>] |
os create credentials --x509 [<pk-file>] [<x509-cert>]
|
nova credentials |
os show credentials
|
nova x509-get-root-cert |
os show credentials --x509 --root
|
Cross API
Object names that appear in multiple APIs, like quota, are handled by putting their command handler classes in openstackclient.common. If the number of these becomes large they should be moved into a subdirectory.
credentials
[consider rolling the ec2 creds into this too]
OSC Command |
Implemented |
|
Keystone command
|
os credentials create
--x509
[<private-key-file>]
[<certificate-file>]
|
no
|
|
nova x509-create-cert
[<pk-file>]
[<x509-cert>]
|
os credentials show
[--token]
[--user]
[--x509 [--root]]
|
no
|
|
nova credentials
[--wrap <integer>]
nova x509-get-root-cert
[<filename>]
|
limits
OSC Command |
Implemented |
|
Keystone command
|
os limits show
--absolute [--reserved] | --rate
|
yes
|
|
nova absolute-limits
[--reserved]
nova rate-limits
cinder absolute-limits
cinder rate-limits
|
quota
OSC Command |
Implemented |
|
Keystone command
|
os quota set
# Compute settings
[--cores <num-cores>]
[--fixed-ips <num-fixed-ips>]
[--floating-ips <num-floating-ips>]
[--injected-file-size <injected-file-bytes>]
[--injected-files <num-injected-files>]
[--instances <num-instances>]
[--key-pairs <num-key-pairs>]
[--properties <num-properties>]
[--ram <ram-mb>]
# Volume settings
[--gigabytes <new-gigabytes>]
[--snapshots <new-snapshots>]
[--volumes <new-volumes>]
<project>
|
yes
|
|
nova quota-update
[--instances <instances>]
[--cores <cores>]
[--ram <ram>]
[--volumes <volumes>]
[--gigabytes <gigabytes>]
[--floating-ips <floating_ips>]
[--metadata-items <metadata_items>]
[--injected-files <injected_files>]
[--injected-file-content-bytes <injected_file_content_bytes>]
<tenant_id>
cinder quota-update
[--volumes <volumes>]
[--snapshots <snapshots>]
[--gigabytes <gigabytes>]
<tenant_id>
|
os quota set
--class
# Compute settings
[--cores <num-cores>]
[--fixed-ips <num-fixed-ips>]
[--floating-ips <num-floating-ips>]
[--injected-file-size <injected-file-bytes>]
[--injected-files <num-injected-files>]
[--instances <num-instances>]
[--key-pairs <num-key-pairs>]
[--properties <num-properties>]
[--ram <ram-mb>]
# Volume settings
[--gigabytes <new-gigabytes>]
[--snapshots <new-snapshots>]
[--volumes <new-volumes>]
<class>
|
yes
|
|
nova quota-class-update
[--instances <instances>]
[--cores <cores>]
[--ram <ram>]
[--volumes <volumes>]
[--gigabytes <gigabytes>]
[--floating-ips <floating_ips>]
[--metadata-items <metadata_items>]
[--injected-files <injected_files>]
[--injected-file-content-bytes <injected_file_content_bytes>]
<class>
cinder quota-class-update
[--volumes <volumes>]
[--snapshots <snapshots>]
[--gigabytes <gigabytes>]
<tenant_id>
|
os quota show
[--default]
<project>
|
yes
|
|
nova quota-show
[--tenant <tenant-id>]
cinder quota-show
<tenant_id>
nova quota-defaults
<tenant_id>
cinder quota-defaults
<tenant_id>
|
os quota show
--class
<class>
|
yes
|
|
nova quota-class-show
<class>
cinder quota-class-show
<class>
|
Compute
OSC Option |
Environment Variable |
|
Nova Option |
Environment Variable
|
|
|
|
--os-auth-system <auth-system> |
OS_AUTH_SYSTEM
|
|
|
|
--service-type <type> |
|
|
|
|
--service-name <name> |
NOVA_SERVICE_NAME
|
|
|
|
--volume-service-name <name> |
NOVA_VOLUME_SERVICE_NAME
|
|
|
|
--endpoint-type <type> |
NOVA_ENDPOINT_TYPE
|
--os-compute-api-version <ver> |
OS_COMPUTE_API_VERSION |
|
--os-compute-api-version <ver> |
OS_COMPUTE_API_VERSION
|
|
|
|
--bypass-url <bypass-url> |
|
API v2 (1.1)
agent
OSC Command |
Implemented |
|
Nova command
|
os agent create
<os>
<architecture>
<version>
<url>
<md5hash>
<hypervisor>
|
yes
|
|
|
|
yes
|
|
|
os agent list
[--hypervisor <hypervisor>]
|
yes
|
|
|
os agent set
<id>
<version>
<url>
<md5hash>
|
yes
|
|
|
aggregate
OSC Command |
Implemented |
|
Nova command
|
os aggregate add host
<aggregate>
<host>
|
yes
|
|
nova aggregate-add-host
<id>
<host>
|
os aggregate create
[--zone <availability-zone>]
[--property <key=value>]
<name>
|
yes
|
|
nova aggregate-create
<name>
[<availability_zone>]
|
os aggregate delete
<aggregate>
|
yes
|
|
nova aggregate-delete
<id>
|
os aggregate list
[--long]
|
yes
|
|
|
os aggregate remove host
<aggregate>
<host>
|
yes
|
|
nova aggregate-remove-host
<id>
<host>
|
os aggregate set
[--name <new-name>]
[--zone <availability-zone>]
[--property <key=value>]
<aggregate>
|
yes
|
|
nova aggregate-update
<id>
<name>
[<availability_zone>]
nova aggregate-set-metadata
<id>
<key=value>
[<key=value> ...]
|
os aggregate show
<aggregate>
|
yes
|
|
nova aggregate-details
<id>
|
bash-completion
OSC Command |
Implemented |
|
Nova command
|
TBD
|
no
|
|
|
cloudpipe
OSC Command |
Implemented |
|
Nova command
|
os create cloudpipe
<project>
|
no
|
|
nova cloudpipe-create
<project>
|
|
no
|
|
|
console
OSC Command |
Implemented |
|
Nova command
|
os console log show
[--lines <num-lines>]
<server>
|
yes
|
|
nova console-log
[--length <length>]
<server>
|
os console url show
[--novnc | --xvpvnc | --spice]
<server>
|
yes
|
|
nova get-vnc-console
<server>
<console_type>
|
credentials
See credentials in the cross API section.
diagnostics
OSC Command |
Implemented |
|
Nova command
|
os server show
--diagnostics
<server>
|
yes
|
|
nova diagnostics
<server>
|
dns
These commands need some attention...an IP shouldn't be required for all record types. They need to be more DNS-y. Zone anyone?
OSC Command |
Implemented |
|
Nova command
|
os create dns
[--type <type>]
<ip>
<name>
<domain>
|
no
|
|
nova dns-create
[--type <type>]
<ip>
<name>
<domain>
|
os delete dns
<domain>
<name>
|
no
|
|
nova dns-delete
<domain>
<name>
|
os list dns
[--ip <ip>]
[--name <name>]
<domain>
|
no
|
|
nova dns-list
[--ip <ip>]
[--name <name>]
<domain>
|
os create dns-domain
[--project <project>]
[--availability-zone <availability-zone>]
[--public | --private]
<domain>
|
no
|
|
nova dns-create-private-domain
[--availability_zone <availability_zone>]
<domain>
nova dns-create-public-domain
[--project <project>]
<domain>
|
os delete dns-domain
<domain>
|
no
|
|
nova dns-delete-domain
<domain>
|
|
no
|
|
|
endpoints
Totally duplicates Identity catalog command
OSC Command |
Implemented |
|
Nova command
|
|
no
|
|
|
fixed-ip
OSC Command |
Implemented |
|
Nova command
|
os ip fixed add
<network>
<server>
|
yes
|
|
nova add-fixed-ip
<server>
<network_id>
|
os ip fixed remove
<ip-address>
<server>
|
yes
|
|
nova remove-fixed-ip
<server>
<address>
|
flavor
OSC Command |
Implemented |
|
Nova command
|
os flavor create
[--id <id>]
[--ram <size-mb>]
[--disk <size-gb>]
[--ephemeral-disk <size-gb>]
[--swap <size-mb>]
[--vcpus <num-cpu>]
[--rxtx-factor <factor>]
[--public | --private]
<name>
|
(partial)
default: auto
default: 256M
default: 0G
default: 0G
default: 0G
default: 1
default: 1
default: public
|
|
nova flavor-create
[--ephemeral <ephemeral>]
[--swap <swap>]
[--rxtx-factor <factor>]
<name>
<id>
<ram>
<disk>
<vcpus>
|
os flavor delete
<flavor>
|
yes
|
|
|
|
yes
|
|
|
|
yes
|
|
|
floating-ip
OSC Command |
Implemented |
|
Nova command
|
os ip floating add
<ip-address>
<server>
|
yes
|
|
nova add-floating-ip
<server>
<address>
|
os ip floating create
[<pool>]
|
yes
|
|
nova floating-ip-create
[<floating_ip_pool>]
|
os ip floating delete
<ip-address>
|
yes
|
|
nova floating-ip-delete
<address>
|
|
yes
|
|
|
os ip floating remove
<ip-address>
<server>
|
yes
|
|
nova remove-floating-ip
<server>
<address>
|
floating-ip-pool
OSC Command |
Implemented |
|
Nova command
|
|
yes
|
|
nova floating-ip-pool-list
|
host
OSC Command |
Implemented |
|
Nova command
|
os host list
[--zone <availability-zone>]
|
yes
|
|
nova host-action
[--action <action>]
<hostname>
|
|
no
|
|
nova host-update
[--status <status>]
[--maintenance <maintenance_mode>]
<hostname>
|
|
yes
|
|
|
hypervisor
OSC Command |
Implemented |
|
Nova command
|
os hypervisor list
[--matching <hostname>]
|
yes
|
|
|
|
yes
|
|
|
keypair
OSC Command |
Implemented |
|
Nova command
|
os keypair create
[--public-key <file>]
<name>
|
yes
|
|
nova keypair-add
[--pub_key <pub_key>]
<name>
|
|
yes
|
|
nova keypair-delete
<name>
|
|
yes
|
|
|
os keypair show
[--public-key]
<name>
|
yes
|
|
|
limits
See limits in the cross API section.
quota
See quota in the cross API section.
secgroup
OSC Command |
Implemented |
|
Nova command
|
os secgroup add
(see server add secgroup)
|
no
|
|
nova add-secgroup
<server>
<secgroup>
|
os secgroup create
[--description <description>]
<name>
|
yes
|
|
nova secgroup-create
<name>
<description>
|
os secgroup delete
<group>
|
yes
|
|
nova secgroup-delete
<secgroup>
|
os secgroup list
[--all-projects]
|
yes
|
|
nova secgroup-list
[--all-tenants [<0|1>]]
|
os secgroup remove
(see server remove secgroup)
|
no
|
|
nova remove-secgroup
<server>
<secgroup>
|
os secgroup set
[--name <new-name>]
[--description [<new-description>]
<group>
|
yes
|
|
nova secgroup-update
<secgroup>
<name>
<description>
|
|
yes
|
|
|
secgroup-group-rule
OSC Command |
Implemented |
|
Nova command
|
os secgroup group rule create
[--proto <protocol>]
[--port <port>:<port>]
<source-group>
<secgroup>
|
no
|
|
nova secgroup-add-group-rule
[--ip_proto <ip_proto>]
[--from_port <from_port>]
[--to_port <to_port>]
<secgroup>
<source_group>
|
os secgroup group rule delete
[--proto <protocol>]
[--port <port>:<port>]
<source-group>
<secgroup>
|
no
|
|
nova secgroup-delete-group-rule
[--ip_proto <ip_proto>]
[--from_port <from_port>]
[--to_port <to_port>]
<secgroup>
<source_group>
|
secgroup-rule
OSC Command |
Implemented |
|
Nova command
|
os secgroup rule create
[--proto <proto>]
[--src-ip <ip-address>]
[--dst-port <port-range>]
<group>
|
no
|
|
nova secgroup-add-rule
<secgroup>
<ip_proto>
<from_port>
<to_port>
<cidr>
|
os secgroup rule delete
[--proto <proto>]
[--src-ip <ip-address>]
[--dst-port <port-range>]
<group>
|
no
|
|
nova secgroup-delete-rule
<secgroup>
<ip_proto>
<from_port>
<to_port>
<cidr>
|
os secgroup rule list
<group>
|
no
|
|
nova secgroup-list-rules
<secgroup>
|
server
OSC Command |
Implemented |
|
Nova command
|
os server add secgroup
<server>
<group>
|
yes
|
|
nova add-secgroup
<server>
<secgroup>
|
os server add volume
[--device <device>]
<server>
<volume>
|
yes
|
|
nova volume-attach
<server>
<volume>
<device>
|
os server create
--image <image>
--flavor <flavor>
[--security-group <security-group-list> [...] ]
[--key-name <key-name>]
[--meta-data <key=value> [...] ]
[--file <dest-filename=source-filename>] [...] ]
[--user-data <user-data>]
[--availability-zone <zone-name>]
[--block-device-mapping <dev-name=mapping> [...] ]
[--nic <net-id=net-uuid,v4-fixed-ip=ip-addr> [...] ]
[--hint <key=value> [...] ]
[--config-drive <value>|True ]
[--min <count>]
[--max <count>]
[--wait]
<server-name>
|
yes
|
|
nova boot
[--flavor <flavor>]
[--image <image>]
[--meta <key=value>]
[--file <dst-path=src-path>]
[--key_name <key_name>]
[--user_data <user-data>]
[--availability_zone <availability-zone>]
[--security_groups <security_groups>]
[--block_device_mapping <dev_name=mapping>]
[--hint <key=value>]
[--nic <net-id=net-uuid,v4-fixed-ip=ip-addr>]
[--config-drive <value>]
[--poll]
<name>
|
os server delete
<server>
|
yes
|
|
|
os server list
[--reservation-id <reservation-id>]
[--ip <ip-regex>]
[--ip6 <ip6-regex>]
[--name <name-regex>]
[--instance-name <instance-name-regex>]
[--status <status>]
[--flavor <flavor>]
[--image <image>]
[--host <hostname>]
[--all-tenants]
|
yes
|
|
nova list
[--reservation_id <reservation_id>]
[--ip <ip_regexp>]
[--ip6 <ip6_regexp>]
[--name <name_regexp>]
[--instance_name <name_regexp>]
[--status <status>]
[--flavor <flavor>] [--image <image>]
[--host <hostname>]
[--all_tenants [<0|1>]]
|
|
yes
|
|
|
os server migrate
[--wait]
<server>
os server migrate
--live <host>
[--shared-migration | --block-migration]
[--disk-overcommit | --no-disk-overcommit]
[--wait]
<server>
|
yes
|
|
nova migrate
[--poll]
<server>
nova live-migration
[--block_migrate]
[--disk_over_commit]
<server>
<host>
|
|
yes
|
|
|
os server reboot
[--hard | --soft]
[--wait]
<server>
|
yes
|
|
nova reboot
[--hard]
[--poll]
<server>
|
os server rebuild
--image <image>
[--password <password>]
[--wait]
<server>
|
yes
|
|
nova rebuild
[--rebuild_password <rebuild_password>]
[--poll]
<server>
<image>
|
os server remove secgroup
<server>
<group>
|
yes
|
|
nova remove-secgroup
<server>
<secgroup>
|
os server remove volume
<server>
<volume>
|
yes
|
|
nova volume-detach
<server>
<volume>
|
os server rescue
<server>
|
yes
|
|
|
os server resize
--flavor <flavor>
[--wait]
<server>
os server resize
--confirm
<server>
os server resize
--revert
<server>
|
yes
|
|
nova resize
[--poll]
<server>
<flavor>
nova resize-confirm
<server>
nova resize-revert
<server>
|
os server resume
<server>
|
yes
|
|
|
os server set
--name <new-name>
--property <key=value>
[--property <key=value>] ...
--root-password
<server>
|
yes
|
|
nova meta
<server>
<action>
<key=value>
[<key=value> ...]
nova rename
<server>
<name>
nova root-password
<server>
|
|
yes
|
|
|
os server ssh
[--login <login-name>]
[--port <port>]
[--identity <keyfile>]
[--option <config-options>]
[-4 | -6]
[--private | --public | --address-type <address-type>]
<server>
|
yes
|
|
nova ssh
[--port PORT]
[--private]
[--ipv6]
[--login <login>]
<server>
|
os server suspend
<server>
|
yes
|
|
|
os server unlock
<server>
|
yes
|
|
|
os server unpause
<server>
|
yes
|
|
|
os server unrescue
<server>
|
yes
|
|
|
os unset server
--property <key>
[--property <key>] ...
<server>
|
yes
|
|
nova meta
<server>
<action>
<key=value>
[<key=value> ...]
|
usage
OSC Command |
Implemented |
|
Nova command
|
os usage list
[--start <start>]
[--end <end>]
|
no
|
|
nova usage-list
[--start <start>]
[--end <end>]
|
x509-cert
See credentials in the cross API section.
x509-root-cert
See credentials in the cross API section.
Identity
OSC Option |
Environment Variable |
|
Keystone Option |
Environment Variable
|
--os-identity-api-version <ver> |
OS_IDENTITY_API_VERSION |
|
--os-identity-api-version <ver> |
OS_IDENTITY_API_VERSION
|
--os-token <token> |
OS_TOKEN |
|
--os-token <token> |
OS_SERVICE_TOKEN
|
--os-url <url> |
OS_URL |
|
--os-endpoint <url> |
OS_SERVICE_ENDPOINT
|
|
|
|
--os-cert <file> |
OS_CERT
|
|
|
|
--os-key <key-file> |
OS_KEY
|
|
|
|
--os-cache |
OS_CACHE
|
|
|
|
--force-new-token |
|
|
|
|
--stale-duration <seconds> |
|
API v2.0
catalog
OSC Command |
Implemented |
|
Keystone command
|
os catalog show
[--service <service>]
|
no
|
|
keystone catalog
[--service <service-type>]
|
ec2 credentials
OSC Command |
Implemented |
|
Keystone command
|
os ec2 credentials create
[--project <project>]
[--user <user>]
|
yes
|
|
keystone ec2-credentials-create
[--user <user-id>]
[--tenant_id <tenant-id>]
|
os ec2 credentials delete
[--user <user>]
<access-key>
|
yes
|
|
keystone ec2-credentials-delete
[--user <user-id>]
--access <access-key>
|
os ec2 credentials list
[--user <user>]
|
yes
|
|
keystone ec2-credentials-list
[--user <user-id>]
|
os ec2 credentials show
[--user <user>]
<access-key>
|
yes
|
|
keystone ec2-credentials-get
[--user <user-id>]
--access <access-key>
|
endpoint
OSC Command |
Implemented |
|
Keystone command
|
os endpoint create
--publicurl <public-url>
[--adminurl <admin-url>]
[--internalurl <internal-url>]
[--region <endpoint-region>]
<service>
|
yes
|
|
keystone endpoint-create
[--region <endpoint-region>]
[--service_id <service-id>]
[--publicurl <public-url>]
[--adminurl <admin-url>]
[--internalurl <internal-url>]
|
os endpoint delete
<endpoint-id>
|
yes
|
|
keystone endpoint-delete
<endpoint-id>
|
os endpoint list
[--long]
|
yes
|
|
|
os endpoint show
[--type <endpoint-type>]
[--attr <endpoint-attribute>]
[--value <endpoint-value>]
[--all]
<service-type>
|
yes
|
|
keystone endpoint-get
--service <service-type>
[--endpoint_type <endpoint-type>]
[--attr <service-attribute>]
[--value <value>]
|
project
OSC Command |
Implemented |
|
Keystone command
|
os project create
[--description <description>]
[--enable | --disable]
<project-name>
|
yes
|
|
keystone tenant-create
--name <tenant-name>
[--description <tenant-description>]
[--enabled <true|false>]
|
os project delete
<project>
|
yes
|
|
keystone tenant-delete
<tenant>
|
|
yes
|
|
|
os project set
[--name <new-project-name>]
[--description <new-project-description>]
[--enable | --disable]
<project>
|
yes
|
|
keystone tenant-update
[--name <tenant_name>]
[--description <tenant-description>]
[--enabled <true|false>]
<tenant-id>
|
os project show
<project>
|
yes
|
|
keystone tenant-get
<tenant-id>
|
role
OSC Command |
Implemented |
|
Keystone command
|
os role create
<role-name>
|
yes
|
|
keystone role-create --name
<role-name>
|
|
yes
|
|
keystone role-delete
<role-id>
|
|
yes
|
|
|
|
yes
|
|
keystone role-get
<role-id>
|
service
OSC Command |
Implemented |
|
Keystone command
|
os service create
[--type <service-type>]
[--description <service-description>]
<service-name>
|
yes
|
|
keystone service-create
--name <name>
--type <type>
[--description <service-description>]
|
os service delete
<service>
|
yes
|
|
keystone service-delete
<service-id>
|
|
yes
|
|
|
os service show
[--catalog]
<service>
|
yes
|
|
keystone service-get
<service-id>
|
token
OSC Command |
Implemented |
|
Keystone command
|
os token show
[--width <token-display-width>]
|
??
|
|
keystone token-get [--wrap <integer>]
|
user
OSC Command |
Implemented |
|
Keystone command
|
os user create
[--password <user-password>]
[--email <user-email>]
[--tenant <tenant>]
[--enable | --disable]
<user-name>
|
yes
|
|
keystone user-create
--name <user-name>
[--tenant_id <tenant-id>]
[--pass <pass>]
[--email <email>]
[--enabled <true|false>]
|
|
yes
|
|
keystone user-delete
<user-id>
|
os user list
[--tenant <tenant>]
[--long]
|
yes
|
|
keystone user-list
[<tenant-id>]
|
os user set
[--name <new-user-name>]
[--password <user-password>]
[--email <user-email>]
[--tenant <tenant>]
[--enable|--disable]
<user>
|
yes
|
|
keystone user-password-update
--pass <password>
<user-id>
|
|
yes
|
|
keystone user-get
<user-id>
|
user role
OSC Command |
Implemented |
|
Keystone command
|
os user role add
[--tenant <tenant>]
<user>
<role>
|
yes
|
|
keystone user-role-add
--user <user-id>
--role <role-id>
[--tenant_id <tenant-id>]
|
os user role list
[--tenant <tenant>]
[<user>]
|
yes
|
|
keystone user-role-list
[--user <user-id>]
[--tenant_id <tenant-id>]
|
os user role remove
[--tenant <tenant>]
<user>
<role>
|
yes
|
|
keystone user-role-remove
--user <user-id>
--role <role-id>
[--tenant_id <tenant-id>]
|
<other>
These keystone commands are not planned for re-implementation in OpenStackClient
keystone bootstrap
--pass <password>
[--user-name <user-name>]
[--role-name <role-name>]
[--tenant-name <tenant-name>]
API v3
credential
OSC Command |
Implemented |
|
Keystone command
|
os credential create
[--project <project>]
[--type ec2|cert]
<user>
<data>
|
yes
|
|
keystone credential-create
--user_id <user-id>
--type <credential-type>
--data <credential-data>
[--project_id <project-id>]
|
os credential delete
<credential-id>
|
yes
|
|
keystone credential-delete
<credential-id>
|
|
yes
|
|
|
os credential set
[--user <user>]
[--type ec2|cert]
[--data <data>]
[--project <project>]
<credential-id>
|
yes
|
|
keystone credential-update
[--user <user>]
[--type <type>]
[--data <data>]
[--project <project>]
<credential-id>
|
os credential show
<credential-id>
|
yes
|
|
keystone credential-get
<credential-id>
|
domain
OSC Command |
Implemented |
|
Keystone command
|
os domain create
[--description <domain-description>]
[--enable | --disable]
<domain-name>
|
yes
|
|
keystone domain-create
--name <domain-name>
[--description <domain-description>]
[--enabled <true|false>]
[--private_project_names <true|false>]
[--private_user_names <true|false>]
|
os domain delete
<domain>
|
yes
|
|
keystone domain-delete
<domain-id>
|
|
yes
|
|
|
os domain set
[--name <new-domain-name>]
[--description <new-domain-description>]
[--enable | --disable]
<domain>
|
yes
|
|
keystone domain-update
[--name <domain_name>]
[--description <domain-description>]
[--enabled <true|false>]
[--private_project_names <true|false>]
[--private_user_names <true|false>]
<domain-id>
|
|
yes
|
|
keystone domain-get
<domain-id>
|
endpoint
OSC Command |
Implemented |
|
Keystone command
|
os endpoint create
[--region <endpoint-region>
[--enable | --disable]
<service>
<interface admin|public|internal>
<url>
|
yes
|
|
keystone endpoint-create
[--region <endpoint-region>
[--enable | --disable]
<service_id>
<interface admin|public|internal>
<url>
|
os endpoint delete
<endpoint-id>
|
yes
|
|
|
os endpoint list
[--long]
|
yes
|
|
|
os endpoint set
[--interface <endpoint-interface>]
[--url <endpoint-url>]
[--service <service-id>]
[--region <endpoint-region>]
[--enable | --disable]
<endpoint>
|
yes
|
|
keystone endpoint-set
[--interface <endpoint-interface>]
[--url <endpoint-url>]
[--service <service-id>]
[--region <endpoint-region>]
[--enable | --disable]
<endpoint>
|
os endpoint show
<endpoint>
|
yes
|
|
keystone endpoint-get
<endpoint>
|
group
OSC Command |
Implemented |
|
Keystone command
|
os group create
[--domain <domain>]
[--description <group-description>]
<group-name>
|
yes
|
|
keystone group-create
--name <group-name>
[--domain_id <domain-id>]
[--description <group-description>]
|
|
yes
|
|
keystone group-delete
<group-id>
|
|
yes
|
|
|
os group set
[--name <new-group-name>]
[--domain <domain>]
[--description <new-group-description>]
<group>
|
yes
|
|
keystone group-update
[--name <group_name>]
[--domain_id <domain-id>]
[--description <group-description>]
<group-id>
|
|
yes
|
|
keystone group-get
<group-id>
|
oauth
OSC Command |
Implemented |
|
Keystone command
|
os oauth request token create
--consumer-key <consumer-key>
--consumer-secret <consumer-secret>
--roles <requested-roles>
|
yes
|
|
n /a
|
os oauth request token authorize
--request-key <request-key>
--roles <requested-roles>
|
yes
|
|
n /a
|
os oauth access token create
--consumer-key <consumer-key>
--consumer-secret <consumer-secret>
--request-key <request-key>
--request-secret <request-secret>
--verifier <pin>
|
yes
|
|
|
os oauth access token authenticate
--consumer-key <consumer-key>
--consumer-secret <consumer-secret>
--access-key <access-key>
--access-secret <access-secret>
|
yes
|
|
n /a
|
os oauth authorization list
user <user>
|
yes
|
|
n /a
|
os oauth authorization delete
user <user>
access-id <access-id>
|
yes
|
|
n /a
|
os oauth authorization show
request-id <request-id>
|
yes
|
|
n /a
|
look at some alternatives: |
|
|
|
os oauth token create
--consumer-key <consumer-key>
--consumer-secret <consumer-secret>
--request-key <request-key>
--request-secret <request-secret>
--verifier <pin>
|
nyet
|
|
* makes the token specific to oauth
* add [--oauth-ver X] if versioning for oauth2 is an issue?
|
os oauth token create
--request
--consumer-key <consumer-key>
--roles <roles>
|
nyet
|
|
* collapse 'access token' and 'request token' into 'oauth token'?
|
policy
OSC Command |
Implemented |
|
Keystone command
|
os policy create
[--type <policy-type>]
--blob-file <blob-file>
|
yes
|
|
keystone policy-create
--type <policy-type>
--blob <policy-blob>
|
os policy delete
<policy-id>
|
yes
|
|
keystone policy-delete
<policy-id>
|
os policy list
[--include-blob]
|
yes
|
|
|
os policy set
[--type <policy-type>]
[--blob-file<blob-file>]
<policy-id>
|
yes
|
|
keystone policy-update
[--type <policy-type>]
[--blob <policy-blob>]
<policy-id>
|
os policy show
<policy-id>
|
yes
|
|
keystone policy-get
<policy-id>
|
project
OSC Command |
Implemented |
|
Keystone command
|
os project create
[--domain <project-domain>]
[--description <project-description>]
[--enable | --disable]
<project-name>
|
yes
|
|
keystone project-create
[--domain_id <domain_id>]
[--description <description>]
[--enable | --disable]
<name>
|
os project delete
<project>
|
yes
|
|
os project-delete
<project_id>
|
|
yes
|
|
|
os project set
[--name <new-project-name>]
[--domain <project-domain>]
[--description <new-project-description>]
[--enable | --disable]
<project>
|
yes
|
|
keystone project-set
[--name <new-project-name>]
[--domain <project-domain>]
[--description <new-project-description>]
[--enable | --disable]
<project_id>
|
os project show
<project>
|
yes
|
|
keystone project-get
<project_id>
|
role
OSC Command |
Implemented |
|
Keystone command
|
os role add
[--user <user> | --group <group>]
[--domain <domain> | --project <project>]
<role>
|
yes
|
|
|
os role create
<role-name>
|
yes
|
|
|
|
yes
|
|
|
|
yes
|
|
|
os role remove
[--user <user> | --group <group>]
[--domain <domain> | --project <project>]
<role>
|
yes
|
|
|
os role set
[--name <new-role-name>]
<role>
|
yes
|
|
|
|
yes
|
|
|
service
OSC Command |
Implemented |
|
Keystone command
|
os service create
[--name <name>]
[--enabled <true|false>]
<type>
|
yes
|
|
keystone service-create
[--name <name>]
[--enabled <true|false>]
<type>
|
os service delete
<service>
|
yes
|
|
keystone service-delete
<service_id>
|
|
yes
|
|
|
os service set
[--type <service-type>]
[--name <new-name>]
[--enable | --disable]
<service>
|
yes
|
|
keystone service-set
[--type <service-type>]
[--name <new-name>]
[--enable | --disable]
<service>
|
os service show
<service>
|
yes
|
|
keystone service-get
<service_id>
|
user
OSC Command |
Implemented |
|
Keystone command
|
os user create
[--password <password>]
[--project <project>]
[--email <user-email>]
[--enable | --disable]
<name>
|
yes
|
|
keystone user-create
--name <user-name>
[--domain_id <domain-id>]
[--default_project_id <project-id>]
[--description <description>]
[--enabled <true|false>]
[--password <password>]
|
|
yes
|
|
keystone user-delete
<user-id>
|
os user list
[--project <project>]
[--long]
|
yes
|
|
|
os user set
[--name <new-name>]
[--password <password>]
[--project <project>]
[--email <user-email>]
[--enable | --disable]
<user>
|
yes
|
|
keystone user-update
--user_id <user-id>
[--name <user-name>]
[--domain_id <domain-id>]
[--default_project_id <project-id>]
[--description <description>]
[--enabled <true|false>]
[--password <password>]
|
|
yes
|
|
keystone user-get
<user-id>
|
Image
OSC Option |
Environment Variable |
|
Glance Option |
Environment Variable
|
--os-image-api-version <ver> |
OS_IMAGE_API_VERSION |
|
--os-image-api-version <ver> |
OS_IMAGE_API_VERSION
|
|
|
|
--os-service-type <type> |
OS_SERVICE_TYPE
|
|
|
|
--os-endpoint-type <type> |
OS_ENDPOINT_TYPE
|
--os-token <token> |
OS_TOKEN |
|
--os-auth-token <token> |
OS_AUTH_TOKEN
|
--os-url <url> |
OS_URL |
|
--os-image-url <url> |
OS_IMAGE_URL
|
|
|
|
--os-cacert <file> |
OS_CACERT
|
|
|
|
--cert-file <file> |
CERT_FILE
|
|
|
|
--key-file <key-file> |
KEY_FILE
|
|
|
|
--no-ssl-compression |
|
API v1
image
OSC Command |
Implemented |
|
Glance command
|
os image create
[--id <id>]
[--store <store>]
[--container-format <format>]
[--disk-format <format>]
[--owner <tenant>]
[--size <size-bytes>]
[--min-disk <disk-gb>]
[--min-ram <ram-mg>]
[--location <image-url>]
[--copy-from <image-url>]
[--file <local-filename>]
[--checksum <checksum>]
[--protected | --unprotected]
[--public | --private]
[--property <key=value>]
<name>
|
yes
|
|
glance image-create
[--id <IMAGE_ID>]
[--name <NAME>]
[--disk-format <DISK_FORMAT>]
[--container-format <CONTAINER_FORMAT>]
[--owner <TENANT_ID>]
[--size <SIZE>]
[--min-disk <DISK_GB>]
[--min-ram <DISK_RAM>]
[--location <IMAGE_URL>]
[--checksum <CHECKSUM>]
[--copy-from <IMAGE_URL>]
[--is-public [True|False]]
[--is-protected [True|False]]
[--property <key=value>]
[--human-readable]
|
|
yes
|
|
glance image-delete
<IMAGE_ID>
|
os image list
[--page-size <size>]
|
yes
|
|
|
os image save
[--file <filename>]
<image>
|
yes
|
|
glance image-download
[--file <FILE>]
<IMAGE>
|
os image set
[--name <name>]
[--owner <tenant>]
[--min-disk <disk-gb>]
[--min-ram <ram-mg>]
[--protected | --unprotected]
[--public | --private]
[--property <key=value>]
<image>
|
yes
|
|
glance image-update
[--name <NAME>]
[--disk-format <DISK_FORMAT>]
[--container-format <CONTAINER_FORMAT>]
[--owner <TENANT_ID>]
[--size <SIZE>]
[--min-disk <DISK_GB>]
[--min-ram <DISK_RAM>]
[--location <IMAGE_URL>]
[--file <FILE>]
[--checksum <CHECKSUM>]
[--copy-from <IMAGE_URL>]
[--is-public [True|False]]
[--is-protected [True|False]]
[--property <key=value>]
[--purge-props]
[--human-readable]
<IMAGE>
|
|
yes
|
|
glance image-show
[--human-readable]
<IMAGE>
|
API v2
image
OSC Command |
Implemented |
|
Glance command
|
os image add project
<image>
<project>
|
no
|
|
glance member-create
[--can-share]
<IMAGE_ID>
<TENANT_ID>
|
os image create
[--id <id>]
[--store <store>]
[--container-format <format>]
[--disk-format <format>]
[--owner <tenant>]
[--size <size-bytes>]
[--min-disk <disk-gb>]
[--min-ram <ram-mg>]
[--location <image-url>]
[--copy-from <image-url>]
[--file <local-filename>]
[--checksum <checksum>]
[--protected | --unprotected]
[--public | --private]
[--property <key=value>]
<name>
# verify v2 options
|
no
|
|
|
|
yes
|
|
glance image-delete
<IMAGE_ID>
|
os image list
[--page-size <size>]
|
yes
|
|
|
os image list
--shared
[--image <image>]
[--project <project>]
|
no
|
|
glance member-list
[--image-id <IMAGE_ID>]
[--tenant-id <TENANT_ID>]
|
os image remove project
<image>
<project>
|
no
|
|
glance member-delete
<IMAGE_ID>
<TENANT_ID>
|
os image save
[--file <filename>]
<image>
|
yes
|
|
glance image-download
[--file <FILE>]
<IMAGE>
|
os image set
[--id <id>]
[--store <store>]
[--container-format <format>]
[--disk-format <format>]
[--owner <tenant>]
[--size <size-bytes>]
[--min-disk <disk-gb>]
[--min-ram <ram-mg>]
[--location <image-url>]
[--copy-from <image-url>]
[--file <local-filename>]
[--checksum <checksum>]
[--protected | --unprotected]
[--public | --private]
[--property <key=value>]
<name>
|
no
|
|
glance image-update
[--name <NAME>]
[--disk-format <DISK_FORMAT>]
[--container-format <CONTAINER_FORMAT>]
[--owner <TENANT_ID>]
[--size <SIZE>]
[--min-disk <DISK_GB>]
[--min-ram <DISK_RAM>]
[--location <IMAGE_URL>]
[--file <FILE>]
[--checksum <CHECKSUM>]
[--copy-from <IMAGE_URL>]
[--is-public [True|False]]
[--is-protected [True|False]]
[--property <key=value>]
[--purge-props]
[--human-readable]
<IMAGE>
|
|
yes
|
|
glance image-show
[--human-readable]
<IMAGE>
|
image-member
The image member commands have been rolled in to the regualr image commands.
Object
API v1
Commands:
- upload [options] container file_or_directory [file_or_directory] [...]
- post [options] [container] [object]
container
OSC Command |
Implemented |
|
Swift command
|
os container list
[--prefix <prefix>]
[--delimiter <delimiter>]
[--long]
[--all]
|
yes
|
|
swift list
[--prefix|-p]
[-l|-lh]
[-t]
[--delimiter|-d]
[options]
[container]
|
os container show
[<container-name>]
|
yes
|
|
swift stat
[--lh]
[<container>]
[<object>]
|
object
OSC Command |
Implemented |
|
Swift command
|
os object delete
<object>
|
no
|
|
swift delete
[--leave-segments]
[options]
--all
swift delete container
[--leave-segments]
[options]
[object]
[object] ...
|
os object list
[--prefix <prefix>]
[--delimiter <delimiter>]
[--long]
[--all]
<container-name>]
|
yes
|
|
swift list
[--prefix|-p]
[-l|-lh]
[-t]
[--delimiter|-d]
[options]
[container]
|
os object show
<container-name>
<object-name>
|
yes
|
|
swift stat
[--lh]
[<container>]
[<object>]
|
os object save
[<container>]
[<object>]
|
no
|
|
swift download
--all
[--prefix|-p]
[options]
swift download
container
[--prefix|-p]
[--output|-o <filename>]
[options]
[object]
[object] ...
|
Volume
Cinder Option |
Environment Variable |
|
OSC Option |
Environment Variable
|
--os-volume-api-version <ver> |
OS_VOLUME_API_VERSION |
|
--os-volume-api-version <ver> |
OS_VOLUME_API_VERSION
|
--service-type <type> |
|
|
|
|
--service-name <name> |
CINDER_SERVICE_NAME |
|
|
|
--volume-service-name <name> |
CINDER_VOLUME_SERVICE_NAME |
|
|
|
--endpoint-type <type> |
CINDER_ENDPOINT_TYPE |
|
|
|
--retries <int> |
|
|
|
|
API v1.0
limits
See limits in the cross API section.
quota
See quota in the cross API section.
snapshot
OSC Command |
Implemented |
|
Cinder command
|
os snapshot create
--name <name>
[--description <description>]
[--force]
<volume>
|
yes
|
|
cinder snapshot-create
--force <True|False>
--display-name <display-name>
--display-description <display-description>
<volume-id>
|
os snapshot delete
<snapshot>
|
yes
|
|
cinder snapshot-delete
<snapshot-id>
|
|
yes (no opts yet)
|
|
cinder snapshot-list
--all-tenants [<0|1>]
--display-name <display-name>
--status <status>
--volume-id <volume-id>
|
os snapshot set
[--name <new-name>]
[--description <new-description>]
<snapshot>
|
yes
|
|
cinder snapshot-rename
--display-description <display-description>
--display-name <display-name>
<snapshot-id>
|
os snapshot show
<snapshot>
|
yes
|
|
cinder snapshot-show
<snapshot-id>
|
volume
OSC Command |
Implemented |
|
Cinder command
|
os volume create
--size <size>
[--description <description>]
[--volume-type <volume-type>]
[--snapshot-id <snapshot-id>]
[--source <volid>]
[--image <image-id>]
[--availability-zone <availability-zone>]
[--property <key=value>]
[--user <user>] # admin only
[--project <project>] # admin only
<name>
|
yes
|
|
cinder create
[--snapshot-id <snapshot-id>]
[--source-volid <source-volid>]
[--image-id <image-id>]
[--display-name <display-name>]
[--display-description <display-description>]
[--volume-type <volume-type>]
[--availability-zone <availability-zone>]
[--metadata <key=value>]
<size>
|
os volume delete
[--force]
<volume>
|
yes
|
|
cinder delete
<volume-id>
cinder force-delete
<volume-id>
|
os volume list
[--name <name>]
[--status <status>]
[--long]
[--all-tenants] # admin only
|
yes
|
|
cinder list
--all-tenants [<0|1>]
--display-name <display-name>
--status <status>
|
os volume set
[--name <new-name>]
[--description <new-description>]
[--property <key=value>]
<volume>
|
yes
|
|
cinder metadata
<volume-id>
<action>
<key=value>
cinder rename
--display-description <display-description>
<volume-id>
<display-name>
|
|
yes
|
|
|
os volume unset
[--property <key>]
<volume>
|
yes
|
|
|
volume type
OSC Command |
Implemented |
|
Cinder command
|
os volume type create
[--property <key=value>]
<name>
|
yes
|
|
cinder type-create
<type-name>
|
os volume type delete
<volume-type>
|
yes
|
|
cinder type-delete
<type-id>
|
os volume type list
[--long]
|
yes
|
|
cinder type-list
cinder extra-specs-list
|
os volume type set
[--property <key=value>]
<volume-type>
|
yes
|
|
cinder type-key
<type-id>
<set>
<key=value>
|
os volume type unset
[--property <key>]
<volume-type>
|
yes
|
|
cinder type-key
<type-id>
<unset>
<key>
|
Network
The Network commands in quantum
have been in a bit of flux and are currently out of scope for OpenStackClient.
Command-line Option |
Environment Variable
|
--host=HOST
|
--port=PORT
|
--ssl
|
--verbose
|
--logfile=LOGFILE
|
--token=TOKEN
|
--version=VERSION |
QUANTUM_VERSION
|
API v2.0
Agent
Cisco
DHCP
Extensions
Firewall
Floating IP
IPSec
L3
Load Balancer
Network
Network Gateway
Port
OSC Command |
Implemented |
|
Neutron command
|
os port create <network>
[--tenant-id TENANT_ID]
[--name NAME]
[--admin-state-down]
[--mac-address MAC_ADDRESS]
[--device-id DEVICE_ID]
[--fixed-ip ip_address=IP_ADDR]
[--security-group SECURITY_GROUP]
[--no-security-groups]
[--extra-dhcp-opt EXTRA_DHCP_OPTS]
|
no |
|
neutron port-create <network>
[--tenant-id TENANT_ID]
[--name NAME]
[--admin-state-down]
[--mac-address MAC_ADDRESS]
[--device-id DEVICE_ID]
[--fixed-ip ip_address=IP_ADDR]
[--security-group SECURITY_GROUP]
[--no-security-groups]
[--extra-dhcp-opt EXTRA_DHCP_OPTS]
|
|
no |
|
neutron port delete <port>
|
os port list
[-D, --show-details]
[-F FIELD, --field FIELD]
[-P SIZE, --page-size SIZE]
[--sort-key FIELD]
[--sort-dir {asc,desc}]
[-f {csv,table}, --format {csv,table}]
[-c COLUMN, --column COLUMN]
[--quote {all,minimal,none,nonnumeric}]
|
no |
|
neutron port-list
[-D, --show-details]
[-F FIELD, --field FIELD]
[-P SIZE, --page-size SIZE]
[--sort-key FIELD]
[--sort-dir {asc,desc}]
[-f {csv,table}, --format {csv,table}]
[-c COLUMN, --column COLUMN]
[--quote {all,minimal,none,nonnumeric}]
|
os port show <port>
[-D, --show-details]
[-F FIELD, --field FIELD]
[-f {shell,table}, --format {shell,table}]
[-c COLUMN, --column COLUMN]
[-variable VARIABLE]
[--prefix PREFIX]
|
no |
|
neutron port-show <port>
[-D, --show-details]
[-F FIELD, --field FIELD]
[-f {shell,table}, --format {shell,table}]
[-c COLUMN, --column COLUMN]
[-variable VARIABLE]
[--prefix PREFIX]
|
os port update <port>
[--security-group SECURITY_GROUP]
[--no-security-groups]
[--extra-dhcp-opt EXTRA_DHCP_OPTS]
|
no |
|
neutron port-update <port>
[--security-group SECURITY_GROUP]
[--no-security-groups]
[--extra-dhcp-opt EXTRA_DHCP_OPTS]
|
Queue
Quota
Router
Security Group
Security Group Rules
Service Provider
Subnet
VPN
Options
In general, options will be transformed into more UNIX-like usage
-
--enable true|false
becomes --enable|--disable
(dhellmann) Not all boolean options have natural antonyms like enable/disable. It may be more consistent to use a --flag --no-flag style naming convention to indicate the opposites of flags.
"(dtroyer) Yup, except i really don't like --no-enable. I'm going to work through the switch mapping to see how many others we really have to deal with."