Chapter 16. OpenStack Command-line Client

The openstack client is a common OpenStack command-line interface (CLI). This chapter documents openstack version 3.11.0.

For help on a specific openstack command, enter: 

$ openstack help <command>

The following reference illustrates and explains the usage of the OpenStack command-line client.

16.1. command

Internal

Installed commands in the OSC process.

16.1.1. command list

List recognized commands by group 

openstack command list
    [--group <group-keyword>]
--group <group-keyword>
Show commands filtered by a command group, for example: identity, volume, compute, image, network and other keywords

16.2. access token

Identity v3

Requires: OS-OAUTH1 extension

16.2.1. access token create

Create an access token 

openstack access token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --request-key <request-key>
    --request-secret <request-secret>
    --verifier <verifier>
--consumer-key <consumer-key>
Consumer key (required)
--consumer-secret <consumer-secret>
Consumer secret (required)
--request-key <request-key>
Request token to exchange for access token (required)
--request-secret <request-secret>
Secret associated with <request-key> (required)
--verifier <verifier>
Verifier associated with <request-key> (required)

16.3. address scope

An address scope is a scope of IPv4 or IPv6 addresses that belongs to a given project and may be shared between projects.

Network v2

16.3.1. address scope create

Create new address scope 

openstack address scope create
    [--project <project> [--project-domain <project-domain>]]
    [--ip-version <ip-version>]
    [--share | --no-share]
    <name>
--project <project>
Owner’s project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--ip-version <ip-version>
IP version (4 or 6, default is 4)
--share
Share the address scope between projects
--no-share
Do not share the address scope between projects (default)
<name>
New address scope name

16.3.2. address scope delete

Delete address scope(s) 

openstack address scope delete
    <address-scope> [<address-scope> ...]
<address-scope>
Address scope(s) to delete (name or ID)

16.3.3. address scope list

List address scopes 

openstack address scope list
    [--name <name>]
    [--ip-version <ip-version>]
    [--project <project> [--project-domain <project-domain>]]
    [--share | --no-share]
--name <name>
List only address scopes of given name in output
--ip-version <ip-version>
List address scopes of given IP version networks (4 or 6)
--project <project>
List address scopes according to their project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--share
List address scopes shared between projects
--no-share
List address scopes not shared between projects

16.3.4. address scope set

Set address scope properties 

openstack address scope set
    [--name <name>]
    [--share | --no-share]
    <address-scope>
--name <name>
Set address scope name
--share
Share the address scope between projects
--no-share
Do not share the address scope between projects
<address-scope>
Address scope to modify (name or ID)

16.3.5. address scope show

Display address scope details 

openstack address scope show
    <address-scope>
<address-scope>
Address scope to display (name or ID)

16.4. aggregate

Host aggregates provide a mechanism to group hosts according to certain criteria.

Compute v2

16.4.1. aggregate add host

Add host to aggregate 

openstack aggregate add host
    <aggregate>
    <host>
<aggregate>
Aggregate (name or ID)
<host>
Host to add to <aggregate>

16.4.2. aggregate create

Create a new aggregate 

openstack aggregate create
    [--zone <availability-zone>]
    [--property <key=value> [...] ]
    <name>
--zone <availability-zone>
Availability zone name
--property <key=value>
Property to add to this aggregate (repeat option to set multiple properties)
<name>
New aggregate name

16.4.3. aggregate delete

Delete existing aggregate(s) 

openstack aggregate delete
    <aggregate> [<aggregate> ...]
<aggregate>
Aggregate(s) to delete (name or ID)

16.4.4. aggregate list

List all aggregates 

openstack aggregate list
    [--long]
--long
List additional fields in output

16.4.5. aggregate remove host

Remove host from aggregate 

openstack aggregate remove host
    <aggregate>
    <host>
<aggregate>
Aggregate (name or ID)
<host>
Host to remove from <aggregate>

16.4.6. aggregate set

Set aggregate properties 

openstack aggregate set
    [--name <new-name>]
    [--zone <availability-zone>]
    [--property <key=value> [...] ]
    [--no-property]
    <aggregate>
--name <name>
Set aggregate name
--zone <availability-zone>
Set availability zone name
--property <key=value>
Property to set on <aggregate> (repeat option to set multiple properties)
--no-property
Remove all properties from <aggregate> (specify both --property and --no-property to overwrite the current properties)
<aggregate>
Aggregate to modify (name or ID)

16.4.7. aggregate show

Display aggregate details 

openstack aggregate show
    <aggregate>
<aggregate>
Aggregate to display (name or ID)

16.4.8. aggregate unset

Unset aggregate properties 

openstack aggregate unset
    [--property <key> [...] ]
    <aggregate>
--property <key>
Property to remove from <aggregate> (repeat option to remove multiple properties)
<aggregate>
Aggregate to modify (name or ID)

16.5. availability zone

An availability zone is a logical partition of cloud block storage, compute and network services.

Block Storage v2, Compute v2, Network v2

16.5.1. availability zone list

List availability zones and their status 

openstack availability zone list
    [--compute]
    [--network]
    [--volume]
    [--long]
--compute
List compute availability zones
--network
List network availability zones
--volume
List volume availability zones
--long
List additional fields in output

16.6. backup

Block Storage v1, v2

16.6.1. backup create

Create new backup (Deprecated, please use volume backup create instead) 

openstack backup create
    [--container <container>]
    [--name <name>]
    [--description <description>]
    [--snapshot <snapshot>]
    [--force]
    [--incremental]
    <volume>
--container <container>
Optional backup container name
--name <name>
Name of the backup
--description <description>
Description of the backup
--snapshot <snapshot>
Snapshot to backup (name or ID) Volume version 2 only
--force
Allow to back up an in-use volume Volume version 2 only
--incremental
Perform an incremental backup Volume version 2 only
<volume>
Volume to backup (name or ID)

16.6.2. backup delete

Delete backup(s) (Deprecated, please use volume backup delete instead) 

openstack backup delete
    [--force]
    <backup> [<backup> ...]
--force
Allow delete in state other than error or available Volume version 2 only
<backup>
Backup(s) to delete (name or ID)

16.6.3. backup list

List backups (Deprecated, please use volume backup list instead) 

openstack backup list
--long
List additional fields in output

16.6.4. backup restore

Restore backup (Deprecated, please use volume backup restore instead) 

openstack backup restore
    <backup>
    <volume>
<backup>
Backup to restore (name or ID)
<volume>
Volume to restore to (name or ID)

16.6.5. backup show

Display backup details (Deprecated, please use volume backup show instead) 

openstack backup show
    <backup>
<backup>
Backup to display (name or ID)

16.7. catalog

Identity v2, v3

16.7.1. catalog list

List services in the service catalog 

openstack catalog list

16.7.2. catalog show

Display service catalog details 

openstack catalog show
    <service>
<service>
Service to display (type or name)

16.8. complete

The complete command is inherited from the python-cliff library, it can be used to generate a bash-completion script. Currently, the command will generate a script for bash versions 3 or 4. The bash-completion script is printed directly to standard out.

Typical usage for this command is: 

openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null

If installing python-openstackclient from a package with yum, then this command will likely be run for you.

16.8.1. complete

print bash completion command 

openstack complete

16.9. compute agent

Compute v2

16.9.1. compute agent create

Create compute agent 

openstack compute agent create
    <os> <architecture> <version> <url> <md5hash>
    <hypervisor>
<os>
Type of OS
<architecture>
Type of architecture
<version>
Version
<url>
URL
<md5hash>
MD5 hash
<hypervisor>
Type of hypervisor

16.9.2. compute agent delete

Delete compute agent(s) 

openstack compute agent delete <id> [<id> ...]
<id>
ID of agent(s) to delete

16.9.3. compute agent list

List compute agents 

openstack compute agent list [--hypervisor <hypervisor>]
--hypervisor <hypervisor>
Type of hypervisor

16.9.4. compute agent set

Set compute agent properties 

openstack compute agent set
    [--agent-version <version>]
    [--url <url]
    [--md5hash <md5hash>]
    <id>
--agent-version <version>
Version of the agent
--url <url>
URL of the agent
--md5hash <md5hash>
MD5 hash of the agent
<id>
Agent to modify (ID only)

16.10. compute service

Compute v2

16.10.1. compute service delete

Delete compute service(s) 

openstack compute service delete
    <service> [<service> ...]
<service>
Compute service(s) to delete (ID only)

16.10.2. compute service list

List compute services 

openstack compute service list
    [--host <host>]
    [--service <service>]
    [--long]
--host <host>
List services on specified host (name only)
--service <service>
List only specified service (name only)
--long
List additional fields in output

16.10.3. compute service set

Set compute service properties 

openstack compute service set
    [--enable | --disable]
    [--disable-reason <reason>]
    [--up | --down]
    <host> <service>
--enable
Enable service
--disable
Disable service
--disable-reason <reason>
Reason for disabling the service (in quotes). Should be used with --disable option.
--up
Force up service
--down
Force down service
<host>
Name of host
<service>
Name of service (Binary name)

16.11. configuration

Available for all services

16.11.1. configuration show

Show the current openstack client configuration. This command is a little different from other show commands because it does not take a resource name or id to show. The command line options, such as --os-cloud, can be used to show different configurations. 

openstack configuration show
    [--mask | --unmask]
--mask
Attempt to mask passwords (default)
--unmask
Show password in clear text

16.12. consistency group

Block Storage v2

16.12.1. consistency group add volume

Add volume(s) to consistency group. 

openstack consistency group add volume
    <consistency-group>
    <volume> [<volume> ...]
<consistency-group>
Consistency group to contain <volume> (name or ID)
<volume>
Volume(s) to add to <consistency-group> (name or ID) (repeat option to add multiple volumes)

16.12.2. consistency group create

Create new consistency group. 

openstack consistency group create
    --volume-type <volume-type> | --consistency-group-source <consistency-group> | --consistency-group-snapshot <consistency-group-snapshot>
    [--description <description>]
    [--availability-zone <availability-zone>]
    [<name>]
--volume-type <volume-type>
Volume type of this consistency group (name or ID)
--consistency-group-source <consistency-group>
Existing consistency group (name or ID)
--consistency-group-snapshot <consistency-group-snapshot>
Existing consistency group snapshot (name or ID)
--description <description>
Description of this consistency group
--availability-zone <availability-zone>
Availability zone for this consistency group (not available if creating consistency group from source)
<name>
Name of new consistency group (default to None)

16.12.3. consistency group delete

Delete consistency group(s). 

openstack consistency group delete
    [--force]
    <consistency-group> [<consistency-group> ...]
--force
Allow delete in state other than error or available
<consistency-group>
Consistency group(s) to delete (name or ID)

16.12.4. consistency group list

List consistency groups. 

openstack consistency group list
    [--all-projects]
    [--long]
--all-projects
Show detail for all projects. Admin only. (defaults to False)
--long
List additional fields in output

16.12.5. consistency group remove volume

Remove volume(s) from consistency group. 

openstack consistency group remove volume
    <consistency-group>
    <volume> [<volume> ...]
<consistency-group>
Consistency group containing <volume> (name or ID)
<volume>
Volume(s) to remove from <consistency-group> (name or ID) (repeat option to remove multiple volumes)

16.12.6. consistency group set

Set consistency group properties. 

openstack consistency group set
    [--name <name>]
    [--description <description>]
    <consistency-group>
--name <name>
New consistency group name
--description <description>
New consistency group description
<consistency-group>
Consistency group to modify (name or ID)

16.12.7. consistency group show

Display consistency group details. 

openstack consistency group show
    <consistency-group>
<consistency-group>
Consistency group to display (name or ID)

16.13. consistency group snapshot

Block Storage v2

16.13.1. consistency group snapshot create

Create new consistency group snapshot. 

openstack consistency group snapshot create
    [--consistency-group <consistency-group>]
    [--description <description>]
    [<snapshot-name>]
--consistency-group <consistency-group>
Consistency group to snapshot (name or ID) (default to be the same as <snapshot-name>)
--description <description>
Description of this consistency group snapshot
<snapshot-name>
Name of new consistency group snapshot (default to None)

16.13.2. consistency group snapshot delete

Delete consistency group snapshot(s) 

openstack consistency group snapshot delete
    <consistency-group-snapshot> [<consistency-group-snapshot> ...]
<consistency-group-snapshot>
Consistency group snapshot(s) to delete (name or ID)

16.13.3. consistency group snapshot list

List consistency group snapshots. 

openstack consistency group snapshot list
    [--all-projects]
    [--long]
    [--status <status>]
    [--consistency-group <consistency-group>]
--all-projects
Show detail for all projects. Admin only. (defaults to False)
--long
List additional fields in output
--status <status>
Filters results by a status ("available", "error", "creating", "deleting" or "error_deleting")
--consistency-group <consistency-group>
Filters results by a consistency group (name or ID)

16.13.4. consistency group snapshot show

Display consistency group snapshot details. 

openstack consistency group snapshot show
    <consistency-group-snapshot>
<consistency-group-snapshot>
Consistency group snapshot to display (name or ID)

16.14. console log

Server console text dump

Compute v2

16.14.1. console log show

Show server’s console output 

openstack console log show
    [--lines <num-lines>]
    <server>
--lines <num-lines>
Number of lines to display from the end of the log (default=all)
<server>
Server to show log console log (name or ID)

16.15. console url

Server remote console URL

Compute v2

16.15.1. console url show

Show server’s remote console URL 

openstack console url show
    [--novnc | --xvpvnc | --spice]
    [--rdp | --serial | --mks]
    <server>
--novnc
Show noVNC console URL (default)
--xvpvnc
Show xvpvnc console URL
--spice
Show SPICE console URL
--rdp
Show RDP console URL
--serial
Show serial console URL
--mks
Show WebMKS console URL
<server>
Server to show URL (name or ID)

16.16. consumer

Identity v3

Requires: OS-OAUTH1 extension

16.16.1. consumer create

Create new consumer 

openstack consumer create
    [--description <description>]
--description <description>
New consumer description

16.16.2. consumer delete

Delete consumer(s) 

openstack consumer delete
    <consumer> [<consumer> ...]
<consumer>
Consumer(s) to delete

16.16.3. consumer list

List consumers 

openstack consumer list

16.16.4. consumer set

Set consumer properties 

openstack consumer set
    [--description <description>]
    <consumer>
--description <description>
New consumer description
<consumer>
Consumer to modify

16.16.5. consumer show

Display consumer details 

openstack consumer show
    <consumer>
<consumer>
Consumer to display

16.17. container

Object Storage v1

16.17.1. container create

Create new container 

openstack container create
    <container-name> [<container-name> ...]
<container-name>
New container name(s)

16.17.2. container delete

Delete container 

openstack container delete
    [-r] | [--recursive]
    <container> [<container> ...]
--recursive , -r
Recursively delete objects in container before container delete
<container>
Container(s) to delete

16.17.3. container list

List containers 

openstack container list
    [--prefix <prefix>]
    [--marker <marker>]
    [--end-marker <end-marker>]
    [--limit <num-containers>]
    [--long]
    [--all]
--prefix <prefix>
Filter list using <prefix>
--marker <marker>
Anchor for paging
--end-marker <end-marker>
End anchor for paging
--limit <num-containers>
Limit the number of containers returned
--long
List additional fields in output
--all
List all containers (default is 10000)

16.17.4. container save

Save container contents locally 

openstack container save
    <container>
<container>
Container to save

16.17.5. container set

Set container properties 

openstack container set
    [--property <key=value> [...] ]
    <container>
--property <key=value>
Set a property on this container (repeat option to set multiple properties)
<container>
Container to modify

16.17.6. container show

Display container details 

openstack container show
    <container>
<container>
Container to display

16.17.7. container unset

Unset container properties 

openstack container unset
    [--property <key>]
    <container>
--property <key>
Property to remove from container (repeat option to remove multiple properties)
<container>
Container to modify

16.18. credential

Identity v3

16.18.1. credential create

Create new credential 

openstack credential create
    [--type <type>]
    [--project <project>]
    <user> <data>
--type <type>
New credential type
--project <project>
Project which limits the scope of the credential (name or ID)
<user>
User that owns the credential (name or ID)
<data>
New credential data

16.18.2. credential delete

Delete credential(s) 

openstack credential delete
    <credential-id> [<credential-id> ...]
<credential-id>
ID(s) of credential to delete

16.18.3. credential list

List credentials 

openstack credential list

16.18.4. credential set

Set credential properties 

openstack credential set
    [--user <user>]
    [--type <type>]
    [--data <data>]
    [--project <project>]
    <credential-id>
--user <user>
User that owns the credential (name or ID)
--type <type>
New credential type
--data <data>
New credential data
--project <project>
Project which limits the scope of the credential (name or ID)
<credential-id>
ID of credential to change

16.18.5. credential show

Display credential details 

openstack credential show
    <credential-id>
<credential-id>
ID of credential to display

16.19. domain

Identity v3

16.19.1. domain create

Create new domain 

openstack domain create
    [--description <description>]
    [--enable | --disable]
    [--or-show]
    <domain-name>
--description <description>
New domain description
--enable
Enable domain (default)
--disable
Disable domain
--or-show
Return existing domain If the domain already exists, return the existing domain data and do not fail.
<domain-name>
New domain name

16.19.2. domain delete

Delete domain(s) 

openstack domain delete
    <domain> [<domain> ...]
<domain>
Domain(s) to delete (name or ID)

16.19.3. domain list

List domains 

openstack domain list

16.19.4. domain set

Set domain properties 

openstack domain set
    [--name <name>]
    [--description <description>]
    [--enable | --disable]
    <domain>
--name <name>
New domain name
--description <description>
New domain description
--enable
Enable domain
--disable
Disable domain
<domain>
Domain to modify (name or ID)

16.19.5. domain show

Display domain details 

openstack domain show
    <domain>
<domain>
Domain to display (name or ID)

16.20. ec2 credentials

Identity v2

16.20.1. ec2 credentials create

Create EC2 credentials 

openstack ec2 credentials create
    [--project <project>]
    [--user <user>]
    [--user-domain <user-domain>]
    [--project-domain <project-domain>]
--project <project>
Create credentials in project (name or ID; default: current authenticated project)
--user <user>
Create credentials for user (name or ID; default: current authenticated user)
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.

The --project and --user options are typically only useful for admin users, but may be allowed for other users depending on the policy of the cloud and the roles granted to the user.

16.20.2. ec2 credentials delete

Delete EC2 credentials 

openstack ec2 credentials delete
    [--user <user>]
    [--user-domain <user-domain>]
    <access-key> [<access-key> ...]
--user <user>
Delete credentials for user (name or ID)
--user-domain <user-domain>
Select user from a specific domain (name or ID) This can be used in case collisions between user names exist. New in version 3.
access-key
Credentials access key(s)

The --user option is typically only useful for admin users, but may be allowed for other users depending on the policy of the cloud and the roles granted to the user.

16.20.3. ec2 credentials list

List EC2 credentials 

openstack ec2 credentials list
    [--user <user>]
    [--user-domain <user-domain>]
--user <user>
Filter list by <user> (name or ID)
--user-domain <user-domain>
Select user from a specific domain (name or ID) This can be used in case collisions between user names exist. New in version 3.

The --user option is typically only useful for admin users, but may be allowed for other users depending on the policy of the cloud and the roles granted to the user.

16.20.4. ec2 credentials show

Display EC2 credentials details 

openstack ec2 credentials show
    [--user <user>]
    [--user-domain <user-domain>]
    <access-key>
--user <user>
Show credentials for user (name or ID)
--user-domain <user-domain>
Select user from a specific domain (name or ID) This can be used in case collisions between user names exist. New in version 3.
access-key
Credentials access key

The --user option is typically only useful for admin users, but may be allowed for other users depending on the policy of the cloud and the roles granted to the user.

16.21. endpoint

Identity v2, v3

16.21.1. endpoint create

Create new endpoint 

_Identity version 2 only_
openstack endpoint create
    --publicurl <url>
    [--adminurl <url>]
    [--internalurl <url>]
    [--region <region-id>]
    <service>
--publicurl <url>
New endpoint public URL (required)
--adminurl <url>
New endpoint admin URL
--internalurl <url>
New endpoint internal URL
--region <region-id>
New endpoint region ID
<service>

Service to be associated with new endpoint (name or ID) 

_Identity version 3 only_
openstack endpoint create
    [--region <region-id>]
    [--enable | --disable]
    <service>
    <interface>
    <url>
--region <region-id>
New endpoint region ID
--enable
Enable endpoint (default)
--disable
Disable endpoint
<service>
Service to be associated with new endpoint(name or ID)
<interface>
New endpoint interface type (admin, public or internal)
<url>
New endpoint URL

16.21.2. endpoint delete

Delete endpoint(s) 

openstack endpoint delete
    <endpoint-id> [<endpoint-id> ...]
<endpoint-id>
Endpoint(s) to delete (ID only)

16.21.3. endpoint list

List endpoints 

openstack endpoint list
    [--service <service>]
    [--interface <interface>]
    [--region <region-id>]
    [--long]
--service <service>
Filter by service (type, name or ID) Identity version 3 only
--interface <interface>
Filter by interface type (admin, public or internal) Identity version 3 only
--region <region-id>
Filter by region ID Identity version 3 only
--long
List additional fields in output Identity version 2 only

16.21.4. endpoint set

Set endpoint properties 

_Identity version 3 only_
openstack endpoint set
    [--region <region-id>]
    [--interface <interface>]
    [--url <url>]
    [--service <service>]
    [--enable | --disable]
    <endpoint-id>
--region <region-id>
New endpoint region ID
--interface <interface>
New endpoint interface type (admin, public or internal)
--url <url>
New endpoint URL
--service <service>
New endpoint service (name or ID)
--enable
Enable endpoint
--disable
Disable endpoint
<endpoint-id>
Endpoint to modify (ID only)

16.21.5. endpoint show

Display endpoint details 

openstack endpoint show
    <endpoint>
<endpoint>
Endpoint to display (endpoint ID, service ID, service name, service type)

16.22. extension

Many OpenStack server APIs include API extensions that enable additional functionality.

16.22.1. extension list

List API extensions 

openstack extension list
    [--compute]
    [--identity]
    [--network]
    [--volume]
    [--long]
--compute
List extensions for the Compute API
--identity
List extensions for the Identity API
--network
List extensions for the Network API
--volume
List extensions for the Block Storage API
--long
List additional fields in output

16.22.2. extension show

Show API extension 

openstack extension show
    <extension>
<extension>
Extension to display. Currently, only network extensions are supported. (Name or Alias)

16.23. federation protocol

Identity v3

Requires: OS-FEDERATION extension

16.23.1. federation protocol create

Create new federation protocol 

openstack federation protocol create
    --identity-provider <identity-provider>
    --mapping <mapping>
    <name>
--identity-provider <identity-provider>
Identity provider that will support the new federation protocol (name or ID) (required)
--mapping <mapping>
Mapping that is to be used (name or ID) (required)
<name>
New federation protocol name (must be unique per identity provider)

16.23.2. federation protocol delete

Delete federation protocol(s) 

openstack federation protocol delete
    --identity-provider <identity-provider>
    <federation-protocol> [<federation-protocol> ...]
--identity-provider <identity-provider>
Identity provider that supports <federation-protocol> (name or ID) (required)
<federation-protocol>
Federation protocol(s) to delete (name or ID)

16.23.3. federation protocol list

List federation protocols 

openstack federation protocol list
    --identity-provider <identity-provider>
--identity-provider <identity-provider>
Identity provider to list (name or ID) (required)

16.23.4. federation protocol set

Set federation protocol properties 

openstack federation protocol set
    --identity-provider <identity-provider>
    [--mapping <mapping>]
    <federation-protocol>
--identity-provider <identity-provider>
Identity provider that supports <federation-protocol> (name or ID) (required)
--mapping <mapping>
Mapping that is to be used (name or ID)
<federation-protocol>
Federation protocol to modify (name or ID)

16.23.5. federation protocol show

Display federation protocol details 

openstack federation protocol show
    --identity-provider <identity-provider>
    <federation-protocol>
--identity-provider <identity-provider>
Identity provider that supports <federation-protocol> (name or ID) (required)
<federation-protocol>
Federation protocol to display (name or ID)

16.24. flavor

Compute v2

16.24.1. flavor create

Create new flavor 

openstack flavor create
    [--id <id>]
    [--ram <size-mb>]
    [--disk <size-gb>]
    [--ephemeral-disk <size-gb>]
    [--swap <size-mb>]
    [--vcpus <num-cpu>]
    [--rxtx-factor <factor>]
    [--public | --private]
    [--property <key=value> [...] ]
    [--project <project>]
    [--project-domain <project-domain>]
    <flavor-name>
--id <id>
Unique flavor ID; 'auto' creates a UUID (default: auto)
--ram <size-mb>
Memory size in MB (default 256M)
--disk <size-gb>
Disk size in GB (default 0G)
--ephemeral-disk <size-gb>
Ephemeral disk size in GB (default 0G)
--swap <size-mb>
Swap space size in MB (default 0M)
--vcpus <num-cpu>
Number of vcpus (default 1)
--rxtx-factor <factor>
RX/TX factor (default 1.0)
--public
Flavor is available to other projects (default)
--private
Flavor is not available to other projects
--property <key=value>
Property to add for this flavor (repeat option to set multiple properties)
--project <project>
Allow <project> to access private flavor (name or ID) (Must be used with --private option)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<flavor-name>
New flavor name

16.24.2. flavor delete

Delete flavor(s) 

openstack flavor delete
    <flavor> [<flavor> ...]
<flavor>
Flavor(s) to delete (name or ID)

16.24.3. flavor list

List flavors 

openstack flavor list
    [--public | --private | --all]
    [--long]
    [--marker <flavor-id>]
    [--limit <num-flavors>]
--public
List only public flavors (default)
--private
List only private flavors
--all
List all flavors, whether public or private
--long
List additional fields in output
--marker <flavor-id>
The last flavor ID of the previous page
--limit <num-flavors>
Maximum number of flavors to display

16.24.4. flavor set

Set flavor properties 

openstack flavor set
    [--no-property]
    [--property <key=value> [...] ]
    [--project <project>]
    [--project-domain <project-domain>]
    <flavor>
--property <key=value>
Property to add or modify for this flavor (repeat option to set multiple properties)
--project <project>
Set flavor access to project (name or ID) (admin only)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--no-property
Remove all properties from this flavor (specify both --no-property and --property to remove the current properties before setting new properties.)
<flavor>
Flavor to modify (name or ID)

16.24.5. flavor show

Display flavor details 

openstack flavor show
    <flavor>
<flavor>
Flavor to display (name or ID)

16.24.6. flavor unset

Unset flavor properties 

openstack flavor unset
    [--property <key> [...] ]
    [--project <project>]
    [--project-domain <project-domain>]
    <flavor>
--property <key>
Property to remove from flavor (repeat option to remove multiple properties)
--project <project>
Remove flavor access from project (name or ID) (admin only)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<flavor>
Flavor to modify (name or ID)

16.25. floating ip

Compute v2, Network v2

16.25.1. floating ip create

Create floating IP 

openstack floating ip create
    [--subnet <subnet>]
    [--port <port>]
    [--floating-ip-address <ip-address>]
    [--fixed-ip-address <ip-address>]
    [--description <description>]
    [--project <project> [--project-domain <project-domain>]]
    <network>
--subnet <subnet>
Subnet on which you want to create the floating IP (name or ID) Network version 2 only
--port <port>
Port to be associated with the floating IP (name or ID) Network version 2 only
--floating-ip-address <ip-address>
Floating IP address Network version 2 only
--fixed-ip-address <ip-address>
Fixed IP address mapped to the floating IP Network version 2 only
--description <description>
Set floating IP description Network version 2 only
--project <project>
Owner’s project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only
<network>
Network to allocate floating IP from (name or ID)

16.25.2. floating ip delete

Delete floating IP(s) 

openstack floating ip delete <floating-ip> [<floating-ip> ...]
<floating-ip>
Floating IP(s) to delete (IP address or ID)

16.25.3. floating ip list

List floating IP(s) 

openstack floating ip list
    [--network <network>]
    [--port <port>]
    [--fixed-ip-address <ip-address>]
    [--long]
    [--status <status>]
    [--project <project> [--project-domain <project-domain>]]
    [--router <router>]
--network <network>
List floating IP(s) according to given network (name or ID) Network version 2 only
--port <port>
List floating IP(s) according to given port (name or ID) Network version 2 only
--fixed-ip-address <ip-address>
List floating IP(s) according to given fixed IP address Network version 2 only
--long
List additional fields in output Network version 2 only
--status <status>
List floating IP(s) according to given status ('ACTIVE', 'DOWN') Network version 2 only
--project <project>
List floating IP(s) according to given project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only
--router <router>
List floating IP(s) according to given router (name or ID) Network version 2 only

16.25.4. floating ip set

Set floating IP properties 

openstack floating ip set
    --port <port>
    [--fixed-ip-address <ip-address>]
    <floating-ip>
--port <port>
Assocaite the floating IP with port (name or ID)
--fixed-ip-address <ip-address>
Fixed IP of the port (required only if port has multiple IPs)
<floating-ip>
Floating IP to associate (IP address or ID)

16.25.5. floating ip show

Display floating IP details 

openstack floating ip show <floating-ip>
<floating-ip>
Floating IP to display (IP address or ID)

16.25.6. floating ip unset

Unset floating IP Properties 

openstack floating ip unset
    --port
    <floating-ip>
--port
Disassociate any port associated with the floating IP
<floating-ip>
Floating IP to disassociate (IP address or ID)

16.26. floating ip pool

Compute v2, Network v2

16.26.1. floating ip pool list

List pools of floating IP addresses 

openstack floating ip pool list

16.27. group

Identity v3

16.27.1. group add user

Add user to group 

openstack group add user
    [--group-domain <group-domain>]
    [--user-domain <user-domain>]
    <group>
    <user> [<user> ...]
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. New in version 3.
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
<group>
Group to contain <user> (name or ID)
<user>
User(s) to add to <group> (name or ID) (repeat option to add multiple users)

16.27.2. group contains user

Check user membership in group 

openstack group contains user
    [--group-domain <group-domain>]
    [--user-domain <user-domain>]
    <group>
    <user>
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. New in version 3.
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
<group>
Group to check (name or ID)
<user>
User to check (name or ID)

16.27.3. group create

Create new group 

openstack group create
    [--domain <domain>]
    [--description <description>]
    [--or-show]
    <group-name>
--domain <domain>
Domain to contain new group (name or ID)
--description <description>
New group description
--or-show
Return existing group If the group already exists, return the existing group data and do not fail.
<group-name>
New group name

16.27.4. group delete

Delete group 

openstack group delete
    [--domain <domain>]
    <group> [<group> ...]
--domain <domain>
Domain containing group(s) (name or ID)
<group>
Group(s) to delete (name or ID)

16.27.5. group list

List groups 

openstack group list
    [--domain <domain>]
    [--user <user> [--user-domain <user-domain>]]
    [--long]
--domain <domain>
Filter group list by <domain> (name or ID)
--user <user>
Filter group list by <user> (name or ID)
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
--long
List additional fields in output

16.27.6. group remove user

Remove user from group 

openstack group remove user
    [--group-domain <group-domain>]
    [--user-domain <user-domain>]
    <group>
    <user> [<user> ...]
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. New in version 3.
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
<group>
Group containing <user> (name or ID)
<user>
User(s) to remove from <group> (name or ID) (repeat option to remove multiple users)

16.27.7. group set

Set group properties 

openstack group set
    [--domain <domain>]
    [--name <name>]
    [--description <description>]
    <group>
--domain <domain>
Domain containing <group> (name or ID)
--name <name>
New group name
--description <description>
New group description
<group>
Group to modify (name or ID)

16.27.8. group show

Display group details 

openstack group show
    [--domain <domain>]
    <group>
--domain <domain>
Domain containing <group> (name or ID)
<group>
Group to display (name or ID)

16.28. host

Compute v2

The physical computer running a hypervisor.

16.28.1. host list

List hosts 

openstack host list
    [--zone <availability-zone>]
--zone <availability-zone>
Only return hosts in the availability zone

16.28.2. host set

Set host properties 

openstack host set
    [--enable | --disable]
    [--enable-maintenance | --disable-maintenance]
    <host>
--enable
Enable the host
--disable
Disable the host
--enable-maintenance
Enable maintenance mode for the host
--disable-maintenance
Disable maintenance mode for the host
<host>
Host to modify (name only)

16.28.3. host show

Display host details 

openstack host show
    <host>
<host>
Name of host

16.29. hypervisor

Compute v2

16.29.1. hypervisor list

List hypervisors 

openstack hypervisor list
    [--matching <hostname>]
    [--long]
--matching <hostname>
Filter hypervisors using <hostname> substring
--long
List additional fields in output

16.29.2. hypervisor show

Display hypervisor details 

openstack hypervisor show
    <hypervisor>
<hypervisor>
Hypervisor to display (name or ID)

16.30. hypervisor stats

Compute v2

16.30.1. hypervisor stats show

Display hypervisor stats details 

openstack hypervisor stats show

16.31. identity provider

Identity v3

Requires: OS-FEDERATION extension

16.31.1. identity provider create

Create new identity provider 

openstack identity provider create
    [--remote-id <remote-id> [...] | --remote-id-file <file-name>]
    [--description <description>]
    [--enable | --disable]
    <name>
--remote-id <remote-id>
Remote IDs to associate with the Identity Provider (repeat option to provide multiple values)
--remote-id-file <file-name>
Name of a file that contains many remote IDs to associate with the identity provider, one per line
--description
New identity provider description
--enable
Enable the identity provider (default)
--disable
Disable the identity provider
<name>
New identity provider name (must be unique)

16.31.2. identity provider delete

Delete identity provider(s) 

openstack identity provider delete
    <identity-provider> [<identity-provider> ...]
<identity-provider>
Identity provider(s) to delete

16.31.3. identity provider list

List identity providers 

openstack identity provider list

16.31.4. identity provider set

Set identity provider properties 

openstack identity provider set
    [--remote-id <remote-id> [...] | --remote-id-file <file-name>]
    [--description <description>]
    [--enable | --disable]
    <identity-provider>
--remote-id <remote-id>
Remote IDs to associate with the Identity Provider (repeat option to provide multiple values)
--remote-id-file <file-name>
Name of a file that contains many remote IDs to associate with the identity provider, one per line
--description
Set identity provider description
--enable
Enable the identity provider
--disable
Disable the identity provider
<identity-provider>
Identity provider to modify

16.31.5. identity provider show

Display identity provider details 

openstack identity provider show
    <identity-provider>
<identity-provider>
Identity provider to display

16.32. image

Image v1, v2

16.32.1. image add project

_Only supported for Image v2_

Associate project with image 

openstack image add project
    [--project-domain <project-domain>]
    <image> <project>
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<image>
Image to share (name or ID).
<project>
Project to associate with image (name or ID)

16.32.2. image create

_Image v1, v2_

Create/upload an image 

openstack image create
    [--id <id>]
    [--store <store>]
    [--container-format <container-format>]
    [--disk-format <disk-format>]
    [--size <size>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mb>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <file> | --volume <volume>]
    [--force]
    [--checksum <checksum>]
    [--protected | --unprotected]
    [--public | --private]
    [--property <key=value> [...] ]
    [--tag <tag> [...] ]
    [--project <project> [--project-domain <project-domain>]]
    <image-name>
--id <id>
Image ID to reserve
--store <store>
Upload image to this store Image version 1 only.
--container-format <container-format>
Image container format. The supported options are: ami, ari, aki, bare, docker, ova, ovf. The default format is: bare
--disk-format <disk-format>
Image disk format. The supported options are: ami, ari, aki, vhd, vmdk, raw, qcow2, vhdx, vdi, iso, and ploop. The default format is: raw
--size <size>
Image size, in bytes (only used with --location and --copy-from) Image version 1 only.
--min-disk <disk-gb>
Minimum disk size needed to boot image, in gigabytes
--min-ram <ram-mb>
Minimum RAM size needed to boot image, in megabytes
--location <image-url>
Download image from an existing URL Image version 1 only.
--copy-from <image-url>
Copy image from the data store (similar to --location) Image version 1 only.
--file <file>
Upload image from local file
--volume <volume>
Create image from a volume
--force
Force image creation if volume is in use (only meaningful with --volume)
--checksum <checksum>
Image hash used for verification Image version 1 only.
--protected
Prevent image from being deleted
--unprotected
Allow image to be deleted (default)
--public
Image is accessible to the public
--private
Image is inaccessible to the public (default)
--property <key=value>
Set a property on this image (repeat for multiple values)
--tag <tag>
Set a tag on this image (repeat for multiple values) New in version 2.
--project <project>
Set an alternate project on this image (name or ID). Previously known as --owner.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. New in version 2.
<image-name>
New image name

16.32.3. image delete

Delete image(s) 

openstack image delete
    <image>
<image>
Image(s) to delete (name or ID)

16.32.4. image list

List available images 

openstack image list
    [--public | --private | --shared]
    [--property <key=value>]
    [--long]
    [--sort <key>[:<direction>]]
    [--limit <num-images>]
    [--marker <image>]
--public
List only public images
--private
List only private images
--shared
List only shared images Image version 2 only.
--property <key=value>
Filter output based on property
--long
List additional fields in output
--sort <key>[:<direction>]
Sort output by selected keys and directions(asc or desc) (default: name:asc), multiple keys and directions can be specified separated by comma
--limit <num-images>
Maximum number of images to display. Image version 2 only
--marker <image>
The last image of the previous page. Display list of images after marker. Display all images if not specified. (name or ID) Image version 2 only

16.32.5. image remove project

_Only supported for Image v2_

Disassociate project with image 

openstack image remove remove
    [--project-domain <project-domain>]
    <image>
    <project>
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<image>
Image to unshare (name or ID).
<project>
Project to disassociate with image (name or ID)

16.32.6. image save

Save an image locally 

openstack image save
    --file <filename>
    <image>
--file <filename>
Downloaded image save filename (default: stdout)
<image>
Image to save (name or ID)

16.32.7. image set

_Image v1, v2_

Set image properties 

openstack image set
    [--name <name>]
    [--min-disk <disk-gb>]
    [--min-ram <ram-mb>]
    [--container-format <container-format>]
    [--disk-format <disk-format>]
    [--size <size>]
    [--protected | --unprotected]
    [--public | --private]
    [--store <store>]
    [--location <image-url>]
    [--copy-from <image-url>]
    [--file <file>]
    [--volume <volume>]
    [--force]
    [--checksum <checksum>]
    [--stdin]
    [--property <key=value> [...] ]
    [--tag <tag> [...] ]
    [--architecture <architecture>]
    [--instance-id <instance-id>]
    [--kernel-id <kernel-id>]
    [--os-distro <os-distro>]
    [--os-version <os-version>]
    [--ramdisk-id <ramdisk-id>]
    [--activate|--deactivate]
    [--project <project> [--project-domain <project-domain>]]
    [--accept | --reject | --pending]
    <image>
--name <name>
New image name
--min-disk <disk-gb>
Minimum disk size needed to boot image, in gigabytes
--min-ram <ram-mb>
Minimum RAM size needed to boot image, in megabytes
--container-format <container-format>
Image container format. The supported options are: ami, ari, aki, bare, docker, ova, ovf.
--disk-format <disk-format>
Image disk format. The supported options are: ami, ari, aki, vhd, vmdk, raw, qcow2, vhdx, vdi, iso, and ploop.
--size <size>
Size of image data (in bytes) Image version 1 only.
--protected
Prevent image from being deleted
--unprotected
Allow image to be deleted (default)
--public
Image is accessible to the public
--private
Image is inaccessible to the public (default)
--store <store>
Upload image to this store Image version 1 only.
--location <image-url>
Download image from an existing URL Image version 1 only.
--copy-from <image-url>
Copy image from the data store (similar to --location) Image version 1 only.
--file <file>
Upload image from local file Image version 1 only.
--volume <volume>
Update image with a volume Image version 1 only.
--force
Force image update if volume is in use (only meaningful with --volume) Image version 1 only.
--checksum <checksum>
Image hash used for verification Image version 1 only.
--stdin
Allow to read image data from standard input Image version 1 only.
--property <key=value>
Set a property on this image (repeat option to set multiple properties) New in version 2.
--tag <tag>
Set a tag on this image (repeat for multiple values) New in version 2.
--architecture <architecture>
Operating system architecture New in version 2.
--instance-id <instance-id>
ID of server instance used to create this image New in version 2.
--kernel-id <kernel-id>
ID of kernel image used to boot this disk image New in version 2.
--os-distro <os-distro>
Operating system distribution name New in version 2.
--os-version <os-version>
Operating system distribution version New in version 2.
--ramdisk-id <ramdisk-id>
ID of ramdisk image used to boot this disk image New in version 2.
--activate
Activate the image. New in version 2.
--deactivate
Deactivate the image. New in version 2.
--project <project>
Set an alternate project on this image (name or ID). Previously known as --owner.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. New in version 2.
--accept
Accept the image membership. If --project is passed, this will update the membership status for the given project, otherwise --project will default to the project the user is authenticated to. New in version 2.
--reject
Reject the image membership. If --project is passed, this will update the membership status for the given project, otherwise --project will default to the project the user is authenticated to. New in version 2.
--pending
Reset the image membership to 'pending'. If --project is passed, this will update the membership status for the given project, otherwise --project will default to the project the user is authenticated to. New in version 2.
<image>
Image to modify (name or ID)

16.32.8. image show

Display image details 

openstack image show
    <image>
<image>
Image to display (name or ID)

16.32.9. image unset

_Only supported for Image v2_

Unset image tags or properties 

openstack image set
    [--tag <tag>]
    [--property <property>]
    <image>
--tag <tag>
Unset a tag on this image (repeat option to unset multiple tags)
--property <property>
Unset a property on this image (repeat option to unset multiple properties)
<image>
Image to modify (name or ID)

16.33. ip availability

Network v2

16.33.1. ip availability list

List IP availability for network

This command retrieves information about IP availability. Useful for admins who need a quick way to check the IP availability for all associated networks. List specifically returns total IP capacity and the number of allocated IP addresses from that pool. 

openstack ip availability list
    [--ip-version {4,6}]
    [--project <project>]
--ip-version {4,6}
List IP availability of given IP version networks (default is 4)
--project <project>
List IP availability of given project (name or ID)

16.33.2. ip availability show

Show network IP availability details

This command retrieves information about IP availability. Useful for admins who need a quick way to check the IP availability and details for a specific network.

This command will return information about IP availability for the network as a whole, and return availability information for each individual subnet within the network as well. 

openstack ip availability show
    <network>
<network>
Show IP availability for a specific network (name or ID)

16.34. ip fixed

Compute v2

16.34.1. ip fixed add

Add fixed IP address to server (Deprecated, please use server add fixed ip instead) 

openstack ip fixed add
    <network>
    <server>
<network>
Network to fetch an IP address from (name or ID)
<server>
Server to receive the IP address (name or ID)

16.34.2. ip fixed remove

Remove fixed IP address from server (Deprecated, please use server remove fixed ip instead) 

openstack ip fixed remove
    <ip-address>
    <server>
<ip-address>
IP address to remove from server (name only)
<server>
Server to remove the IP address from (name or ID)

16.35. ip floating

Compute v2, Network v2

16.35.1. ip floating add

Add floating IP address to server (Deprecated, please use server add floating ip instead) 

openstack ip floating add
    <ip-address>
    <server>
<ip-address>
IP address to add to server (name only)
<server>
Server to receive the IP address (name or ID)

16.35.2. ip floating create

Create new floating IP address (Deprecated, please use floating ip create instead) 

openstack ip floating create
    [--subnet <subnet>]
    [--port <port>]
    [--floating-ip-address <floating-ip-address>]
    [--fixed-ip-address <fixed-ip-address>]
    <network>
--subnet <subnet>
Subnet on which you want to create the floating IP (name or ID) (Network v2 only)
--port <port>
Port to be associated with the floating IP (name or ID) (Network v2 only)
--floating-ip-address <floating-ip-address>
Floating IP address (Network v2 only)
--fixed-ip-address <fixed-ip-address>
Fixed IP address mapped to the floating IP (Network v2 only)
<network>
Network to allocate floating IP from (name or ID)

16.35.3. ip floating delete

Delete floating IP(s) (Deprecated, please use floating ip delete instead) 

openstack ip floating delete
    <floating-ip> [<floating-ip> ...]
<floating-ip>
Floating IP(s) to delete (IP address or ID)

16.35.4. ip floating list

List floating IP addresses (Deprecated, please use floating ip list instead) 

openstack ip floating list

16.35.5. ip floating remove

Remove floating IP address from server (Deprecated, please use server remove floating ip instead) 

openstack ip floating remove
    <ip-address>
    <server>
<ip-address>
IP address to remove from server (name only)
<server>
Server to remove the IP address from (name or ID)

16.35.6. ip floating show

Display floating IP details (Deprecated, please use floating ip show instead) 

openstack ip floating show <floating-ip>
<floating-ip>
Floating IP to display (IP address or ID)

16.36. ip floating pool

Compute v2

16.36.1. ip floating pool list

List pools of floating IP addresses (Deprecated, please use floating ip pool list instead) 

openstack ip floating pool list

16.37. keypair

The badly named keypair is really the public key of an OpenSSH key pair to be used for access to created servers. You can also create a private key for access to a created server by not passing any argument to the keypair create command.

Compute v2

16.37.1. keypair create

Create new public or private key for server ssh access 

openstack keypair create
    [--public-key <file> | --private-key <file>]
    <name>
--public-key <file>
Filename for public key to add. If not used, creates a private key.
--private-key <file>
Filename for private key to save. If not used, print private key in console.
<name>
New public or private key name

16.37.2. keypair delete

Delete public or private key(s) 

openstack keypair delete
    <key> [<key> ...]
<key>
Name of key(s) to delete (name only)

16.37.3. keypair list

List key fingerprints 

openstack keypair list

16.37.4. keypair show

Display key details 

openstack keypair show
    [--public-key]
    <key>
--public-key
Show only bare public key paired with the generated key
<key>
Public or private key to display (name only)

16.38. limits

The Compute and Block Storage APIs have resource usage limits.

Compute v2, Block Storage v1

16.38.1. limits show

Show compute and block storage limits 

openstack limits show
    --absolute | --rate
    [--reserved]
    [--project <project>]
    [--domain <domain>]
--absolute
Show absolute limits
--rate
Show rate limits
--reserved
Include reservations count [only valid with --absolute]
--project <project>
Show limits for a specific project (name or ID) [only valid with --absolute]
--domain <domain>
Domain the project belongs to (name or ID) [only valid with --absolute]

16.39. mapping

Identity v3

Requires: OS-FEDERATION extension

16.39.1. mapping create

Create new mapping 

openstack mapping create
    --rules <filename>
    <name>
--rules <filename>
Filename that contains a set of mapping rules (required)
<name>
New mapping name (must be unique)

16.39.2. mapping delete

Delete mapping(s) 

openstack mapping delete
    <mapping> [<mapping> ...]
<mapping>
Mapping(s) to delete

16.39.3. mapping list

List mappings 

openstack mapping list

16.39.4. mapping set

Set mapping properties 

openstack mapping set
    [--rules <filename>]
    <mapping>
--rules <filename>
Filename that contains a new set of mapping rules
<mapping>
Mapping to modify

16.39.5. mapping show

Display mapping details 

openstack mapping show
    <mapping>
<mapping>
Mapping to display

16.40. module

Internal

Installed Python modules in the OSC process.

16.40.1. module list

List module versions 

openstack module list
    [--all]
--all
Show all modules that have version information

16.41. network

A network is an isolated Layer 2 networking segment. There are two types of networks, project and provider networks. Project networks are fully isolated and are not shared with other projects. Provider networks map to existing physical networks in the data center and provide external network access for servers and other resources. Only an OpenStack administrator can create provider networks. Networks can be connected via routers.

Compute v2, Network v2

16.41.1. network create

Create new network 

openstack network create
    [--project <project> [--project-domain <project-domain>]]
    [--enable | --disable]
    [--share | --no-share]
    [--description <description>]
    [--availability-zone-hint <availability-zone>]
    [--enable-port-security | --disable-port-security]
    [--external [--default | --no-default] | --internal]
    [--provider-network-type <provider-network-type>]
    [--provider-physical-network <provider-physical-network>]
    [--provider-segment <provider-segment>]
    [--qos-policy <qos-policy>]
    [--transparent-vlan | --no-transparent-vlan]
    <name>
--project <project>
Owner’s project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only
--enable
Enable network (default) Network version 2 only
--disable
Disable network Network version 2 only
--share
Share the network between projects
--no-share
Do not share the network between projects
--description <description>
Set network description Network version 2 only
--availability-zone-hint <availability-zone>
Availability Zone in which to create this network (Network Availability Zone extension required, repeat option to set multiple availability zones) Network version 2 only
--enable-port-security
Enable port security by default for ports created on this network (default) Network version 2 only
--disable-port-security
Disable port security by default for ports created on this network Network version 2 only
--subnet <subnet>
IPv4 subnet for fixed IPs (in CIDR notation) Compute version 2 only
--external
Set this network as an external network (external-net extension required) Network version 2 only
--internal
Set this network as an internal network (default) Network version 2 only
--default
Specify if this network should be used as the default external network Network version 2 only
--no-default
Do not use the network as the default external network (default) Network version 2 only
--provider-network-type <provider-network-type>
The physical mechanism by which the virtual network is implemented. The supported options are: flat, geneve, gre, local, vlan, vxlan. Network version 2 only
--provider-physical-network <provider-physical-network>
Name of the physical network over which the virtual network is implemented Network version 2 only
--provider-segment <provider-segment>
VLAN ID for VLAN networks or Tunnel ID for GENEVE/GRE/VXLAN networks Network version 2 only
--qos-policy <qos-policy>
QoS policy to attach to this network (name or ID) Network version 2 only
--transparent-vlan
Make the network VLAN transparent Network version 2 only
--no-transparent-vlan
Do not make the network VLAN transparent Network version 2 only
<name>
New network name

16.41.2. network delete

Delete network(s) 

openstack network delete
    <network> [<network> ...]
<network>
Network(s) to delete (name or ID)

16.41.3. network list

List networks 

openstack network list
    [--external | --internal]
    [--long]
    [--name <name>]
    [--enable | --disable]
    [--project <project> [--project-domain <project-domain>]]
    [--share | --no-share]
    [--status <status>]
    [--provider-network-type <provider-network-type>]
    [--provider-physical-network <provider-physical-network>]
    [--provider-segment <provider-segment>]
    [--agent <agent-id>]
--external
List external networks Network version 2 only
--internal
List internal networks Network version 2 only
--long
List additional fields in output Network version 2 only
--name <name>
List networks according to their name Network version 2 only
--enable
List enabled networks Network version 2 only
--disable
List disabled networks Network version 2 only
--project <project>
List networks according to their project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only
--share
List networks shared between projects Network version 2 only
--no-share
List networks not shared between projects Network version 2 only
--status <status>
List networks according to their status ('ACTIVE', 'BUILD', 'DOWN', 'ERROR')
--provider-network-type <provider-network-type>
List networks according to their physical mechanisms. The supported options are: flat, geneve, gre, local, vlan, vxlan. Network version 2 only
--provider-physical-network <provider-physical-network>
List networks according to name of the physical network Network version 2 only
--provider-segment <provider-segment>
List networks according to VLAN ID for VLAN networks or Tunnel ID for GENEVE/GRE/VXLAN networks Network version 2 only
--agent <agent-id>
List networks hosted by agent (ID only)

16.41.4. network set

Set network properties 

_Network version 2 only_
openstack network set
    [--name <name>]
    [--enable | --disable]
    [--share | --no-share]
    [--description <description>]
    [--enable-port-security | --disable-port-security]
    [--external [--default | --no-default] | --internal]
    [--provider-network-type <provider-network-type>]
    [--provider-physical-network <provider-physical-network>]
    [--provider-segment <provider-segment>]
    [--qos-policy <qos-policy> | --no-qos-policy]
    [--transparent-vlan | --no-transparent-vlan]
    <network>
--name <name>
Set network name
--enable
Enable network
--disable
Disable network
--share
Share the network between projects
--no-share
Do not share the network between projects
--description <description>
Set network description
--enable-port-security
Enable port security by default for ports created on this network
--disable-port-security
Disable port security by default for ports created on this network
--external
Set this network as an external network. (external-net extension required)
--internal
Set this network as an internal network
--default
Set the network as the default external network
--no-default
Do not use the network as the default external network.
--provider-network-type <provider-network-type>
The physical mechanism by which the virtual network is implemented. The supported options are: flat, gre, local, vlan, vxlan.
--provider-physical-network <provider-physical-network>
Name of the physical network over which the virtual network is implemented
--provider-segment <provider-segment>
VLAN ID for VLAN networks or Tunnel ID for GRE/VXLAN networks
--qos-policy <qos-policy>
QoS policy to attach to this network (name or ID)
--no-qos-policy
Remove the QoS policy attached to this network
--transparent-vlan
Make the network VLAN transparent
--no-transparent-vlan
Do not make the network VLAN transparent
<network>
Network to modify (name or ID)

16.41.5. network show

Display network details 

openstack network show
    <network>
<network>
Network to display (name or ID)

16.42. network agent

A network agent is an agent that handles various tasks used to implement virtual networks. These agents include neutron-dhcp-agent, neutron-l3-agent, neutron-metering-agent, and neutron-lbaas-agent, among others. The agent is available when the alive status of the agent is "True".

Network v2

16.42.1. network agent add network

Add network to an agent 

openstack network agent add network
    [--dhcp]
    <agent-id>
    <network>
--dhcp
Add a network to DHCP agent
<agent-id>
Agent to which a network is added (ID only)
<network>
Network to be added to an agent (ID or name)

16.42.2. network agent delete

Delete network agent(s) 

openstack network agent delete
    <network-agent> [<network-agent> ...]
<network-agent>
Network agent(s) to delete (ID only)

16.42.3. network agent list

List network agents 

openstack network agent list
    [--agent-type <agent-type>]
    [--host <host>]
    [--network <network>]
--agent-type <agent-type>
List only agents with the specified agent type. The supported agent types are: dhcp, open-vswitch, linux-bridge, ofa, l3, loadbalancer, metering, metadata, macvtap, nic.
--host <host>
List only agents running on the specified host
--network <network>
List agents hosting a network (ID or name)

16.42.4. network agent set

Set network agent properties 

openstack network agent set
    [--description <description>]
    [--enable | --disable]
    <network-agent>
--description <description>
Set network agent description
--enable
Enable network agent
--disable
Disable network agent
<network-agent>
Network agent to modify (ID only)

16.42.5. network agent show

Display network agent details 

openstack network agent show
    <network-agent>
<network-agent>
Network agent to display (ID only)

16.42.6. network agent remove network

Remove network from an agent 

openstack network agent remove network
    [--dhcp]
    <agent-id>
    <network>
--dhcp
Remove network from DHCP agent.
<agent-id>
Agent to which a network is removed (ID only)
<network>
Network to be removed from an agent (ID or name)

16.43. network auto allocated topology

An auto allocated topology allows admins to quickly set up external connectivity for end-users. Only one auto allocated topology is allowed per project.

Network v2

16.43.1. network auto allocated topology create

Create the auto allocated topology for project 

openstack network auto allocated topology create
    [--or-show]
    [--check-resources]
    [--project <project> [--project-domain <project-domain>]]
--or-show
If topology exists returns the topologies information (Default).
--check-resources
Validate the requirements for auto allocated topology. Does not return a topology.
--project <project>
Return the auto allocated topology for a given project. Default is current project.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

16.43.2. network auto allocated topology delete

Delete auto allocated topology for project 

openstack network auto allocated topology delete
    [--project <project> [--project-domain <project-domain>]]
--project <project>
Delete auto allocated topology for a given project. Default is the current project.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

16.44. network flavor

A network flavor extension allows the user selection of operator-curated flavors during resource creations. It allows administrators to create network service flavors.

Network v2

16.44.1. network flavor add profile

Add network flavor to service profile 

openstack network flavor add profile
    <flavor>
    <service-profile-id>
<flavor>
Flavor to which service profile is added. (Name or ID)
<service-profile-id>
Service profile to be added to flavor. (ID only)

16.44.2. network flavor create

Create network flavor 

openstack network flavor create
    --service-type <service-type>
    [--description <description>]
    [--enable | --disable]
    [--project <project> [--project-domain <project-domain>]]
    <name>
--service-type <service-type>
Service type to which the flavor applies to: e.g. VPN (required)
--description <description>
Description for the flavor
--enable
Enable the flavor (default)
--disable
Disable the flavor
--project <project>
Owner’s project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<name>
Name for the flavor

16.44.3. network flavor delete

Delete network flavor(s) 

openstack network flavor delete
    <flavor> [<flavor> ...]
<flavor>
Flavor(s) to delete (name or ID)

16.44.4. network flavor list

List network flavors 

openstack network flavor list

16.44.5. network flavor remove profile

Remove network flavor from service profile 

openstack network flavor remove profile
    <flavor>
    <service-profile-id>
<flavor>
Flavor from which service profile is removed. (Name or ID)
<service-profile-id>
Service profile to be removed from flavor. (ID only)

16.44.6. network flavor set

Set network flavor properties 

openstack network flavor set
    [--name <name>]
    [--description <description>]
    [--enable | --disable]
    <flavor>
--name <name>
Set flavor name
--description <description>
Set network flavor description
--enable
Enable network flavor
--disable
Disable network flavor
<flavor>
Flavor to update (name or ID)

16.44.7. network flavor show

Show network flavor 

openstack network flavor show
    <flavor>
<flavor>
Flavor to display (name or ID)

16.45. network flavor profile

A network flavor profile allows administrators to create, delete, list, show and update network service profile, which details a framework to enable operators to configure and users to select from different abstract representations of a service implementation in the Networking service. It decouples the logical configuration from its instantiation enabling operators to create user options according to deployment needs.

Network v2

16.45.1. network flavor profile create

Create a new network flavor profile 

openstack network flavor profile create
    [--project <project> [--project-domain <project-domain>]]
    [--description <description>]
    [--enable | --disable]
    (--driver <driver> | --metainfo <metainfo> | --driver <driver> --metainfo <metainfo>)
--project <project>
Owner’s project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist
--description <description>
Description for the flavor profile Network version 2 only
--enable
Enable the flavor profile (default)
--disable
Disable the flavor profile
--driver <driver>
Python module path to driver Network version 2 only
--metainfo <metainfo>
Metainfo for the flavor profile Network version 2 only

16.45.2. network flavor profile delete

Delete network flavor profile 

openstack network flavor profile delete
    <flavor-profile-id> [<flavor-profile-id> ...]
<flavor-profile-id>
Flavor profile(s) to delete (ID only)

16.45.3. network flavor profile list

List network flavor profiles 

openstack network flavor profile list

16.45.4. network flavor profile set

Set network flavor profile properties 

openstack network flavor profile set
    [--description <description>]
    [--driver <driver>]
    [--enable | --disable]
    [--metainfo <metainfo>]
    <flavor-profile-id>
--description <description>
Description of the flavor profile
--driver <driver>
Python module path to driver
--enable (Default)
Enable the flavor profile
--disable
Disable the flavor profile
--metainfo <metainfo>
Metainfo for the flavor profile
<flavor-profile-id>
Flavor profile to update (ID only)

16.45.5. network flavor profile show

Show network flavor profile 

openstack network flavor profile show
    <flavor-profile-id>
<flavor-profile-id>
Flavor profile to display (ID only)

16.46. network meter

A network meter allows operators to measure traffic for a specific IP range. The following commands are specific to the L3 metering extension.

Network v2

16.46.1. network meter create

Create network meter 

openstack network meter create
    [--project <project> [--project-domain <project-domain>]]
    [--description <description>]
    [--share | --no-share]
    <name>
--project <project>
Owner’s project (name of ID) Network version 2 only
--description <description>
Description of meter Network version 2 only
--share
Share the meter between projects
--no-share
Do not share the meter between projects (Default)
<name>
New meter name

16.46.2. network meter delete

Delete network meter(s) 

openstack network meter delete
    <meter> [<meter> ...]
<meter>
Meter(s) to delete (name or ID)

16.46.3. network meter list

List network meters 

openstack network meter list

16.46.4. network meter show

Show network meter 

openstack network meter show
    <meter>
<meter>
Meter to display (name or ID)

16.47. network meter rule

A meter rule sets the rule for a meter to measure traffic for a specific IP range. The following uses meter and requires the L3 metering extension.

Network v2

16.47.1. network meter rule create

Create meter rule 

openstack network meter rule create
    --remote-ip-prefix <remote-ip-prefix>
    [--ingress | --egress]
    [--exclude | --include]
    [--project <project> [--project-domain <project-domain>]]
    <meter>
--project <project>
Owner’s project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name of ID). This can be used in case collisions between project names exist.
--ingress
Rule is applied to incoming traffic (default)
--egress
Rule is applied to outgoing traffic
--exclude
Exclude remote_ip_prefix from count of the traffic of IP addresses
--include
Include remote_ip_prefix into count of the traffic of IP addresses (default)
--remote-ip-prefix <remote-ip-prefix>
The remote IP prefix to associate with this metering rule packet
<meter>
Meter to associate with this meter rule (name or ID)

16.47.2. network meter rule delete

Delete meter rule(s) 

openstack network meter rule delete <id> [<id> ...]
<meter-rule-id>
ID of meter rule(s) to delete

16.47.3. network meter rule list

List meter rules 

openstack network meter rule list

16.47.4. network meter rule show

Show meter rule 

openstack network meter rule show <meter-rule-id>
<meter-rule-id>
Meter rule to display (ID only)

16.48. network qos policy

A Network QoS policy groups a number of Network QoS rules, applied to a network or a port.

Network v2

16.48.1. network qos policy create

Create new Network QoS policy 

openstack network qos policy create
    [--description <description>]
    [--share | --no-share]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>
Description of the QoS policy
--share
Make the QoS policy accessible by other projects
--no-share
Make the QoS policy not accessible by other projects (default)
--project <project>
Owner’s project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<name>
New QoS policy specification name

16.48.2. network qos policy delete

Delete Network QoS policy 

openstack network qos policy delete
     <qos-policy> [<qos-policy> ...]
<qos-policy>
Network QoS policy(s) to delete (name or ID)

16.48.3. network qos policy list

List Network QoS policies 

openstack network qos policy list
    [--project <project> [--project-domain <project-domain>]]
    [--share | --no-share]
--project <project>
List qos policies according to their project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--share
List qos policies shared between projects
--no-share
List qos policies not shared between projects

16.48.4. network qos policy set

Set Network QoS policy properties 

openstack network qos policy set
    [--name <name>]
    [--description <description>]
    [--share | --no-share]
    <qos-policy>
--name <name>
Name of the QoS policy
--description <description>
Description of the QoS policy
--share
Make the QoS policy accessible by other projects
--no-share
Make the QoS policy not accessible by other projects
<qos-policy>
Network QoS policy to modify (name or ID)

16.48.5. network qos policy show

Display Network QoS policy details 

openstack network qos policy show
    <qos-policy>
<qos-policy>
Network QoS policy to display (name or ID)

16.49. network qos rule

A Network QoS rule specifies a rule defined in a Network QoS policy; its type is defined by the parameter 'type'. Can be assigned, within a Network QoS policy, to a port or a network. Each Network QoS policy can contain several rules, each of them

Network v2

16.49.1. network qos rule create

Create new Network QoS rule 

openstack network qos rule create
    --type <type>
    [--max-kbps <max-kbps>]
    [--max-burst-kbits <max-burst-kbits>]
    [--dscp-marks <dscp-marks>]
    [--min-kbps <min-kbps>]
    [--ingress | --egress]
    <qos-policy>
--type <type>
QoS rule type (minimum-bandwidth, dscp-marking, bandwidth-limit)
--max-kbps <min-kbps>
Maximum bandwidth in kbps
--max-burst-kbits <max-burst-kbits>
Maximum burst in kilobits, 0 means automatic
--dscp-mark <dscp-mark>
DSCP mark: value can be 0, even numbers from 8-56, excluding 42, 44, 50, 52, and 54
--min-kbps <min-kbps>
Minimum guaranteed bandwidth in kbps
--ingress
Ingress traffic direction from the project point of view
--egress
Egress traffic direction from the project point of view
<qos-policy>
QoS policy that contains the rule (name or ID)

16.49.2. network qos rule delete

Delete Network QoS rule 

openstack network qos rule delete
     <qos-policy>
     <rule-id>
<qos-policy>
QoS policy that contains the rule (name or ID)
<rule-id>
Network QoS rule to delete (ID)

16.49.3. network qos rule list

List Network QoS rules 

openstack network qos rule list
     <qos-policy>
<qos-policy>
QoS policy that contains the rule (name or ID)

16.49.4. network qos rule set

Set Network QoS rule properties 

openstack network qos rule set
    [--max-kbps <max-kbps>]
    [--max-burst-kbits <max-burst-kbits>]
    [--dscp-marks <dscp-marks>]
    [--min-kbps <min-kbps>]
    [--ingress | --egress]
    <qos-policy>
    <rule-id>
--max-kbps <min-kbps>
Maximum bandwidth in kbps
--max-burst-kbits <max-burst-kbits>
Maximum burst in kilobits, 0 means automatic
--dscp-mark <dscp-mark>
DSCP mark: value can be 0, even numbers from 8-56, excluding 42, 44, 50, 52, and 54
--min-kbps <min-kbps>
Minimum guaranteed bandwidth in kbps
--ingress
Ingress traffic direction from the project point of view
--egress
Egress traffic direction from the project point of view
<qos-policy>
QoS policy that contains the rule (name or ID)
<rule-id>
Network QoS rule to delete (ID)

16.49.5. network qos rule show

Display Network QoS rule details 

openstack network qos rule show
    <qos-policy>
    <rule-id>
<qos-policy>
QoS policy that contains the rule (name or ID)
<rule-id>
Network QoS rule to delete (ID)

16.50. network qos rule type

A Network QoS rule type is a specific Network QoS rule type available to be used.

Network v2

16.50.1. network qos rule type list

List Network QoS rule types 

openstack network qos rule type list

16.51. network rbac

A network rbac is a Role-Based Access Control (RBAC) policy for network resources. It enables both operators and users to grant access to network resources for specific projects.

Network v2

16.51.1. network rbac create

Create network RBAC policy 

openstack network rbac create
    --type <type>
    --action <action>
    --target-project <target-project> [--target-project-domain <target-project-domain>]
    [--project <project> [--project-domain <project-domain>]]
    <rbac-policy>
--type <type>
Type of the object that RBAC policy affects ("qos_policy" or "network") (required)
--action <action>
Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)
--target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID) (required)
--target-project-domain <target-project-domain>
Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.
--project <project>
The owner project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
<rbac-object>
The object to which this RBAC policy affects (name or ID)

16.51.2. network rbac delete

Delete network RBAC policy(s) 

openstack network rbac delete
    <rbac-policy> [<rbac-policy> ...]
<rbac-policy>
RBAC policy(s) to delete (ID only)

16.51.3. network rbac list

List network RBAC policies 

openstack network rbac list
    [--type <type>]
    [--action <action>]
    [--long]
--type <type>
List network RBAC policies according to given object type ("qos_policy" or "network")
--action <action>
List network RBAC policies according to given action ("access_as_external" or "access_as_shared")
--long
List additional fields in output

16.51.4. network rbac set

Set network RBAC policy properties 

openstack network rbac set
    [--target-project <target-project> [--target-project-domain <target-project-domain>]]
    <rbac-policy>
--target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID)
--target-project-domain <target-project-domain>
Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.
<rbac-policy>
RBAC policy to be modified (ID only)

16.51.5. network rbac show

Display network RBAC policy details 

openstack network rbac show
    <rbac-policy>
<rbac-policy>
RBAC policy (ID only)

16.52. network segment

A network segment is an isolated Layer 2 segment within a network. A network may contain multiple network segments. Depending on the network configuration, Layer 2 connectivity between network segments within a network may not be guaranteed.

Network v2

16.52.1. network segment create

Create new network segment 

openstack network segment create
    [--description <description>]
    [--physical-network <physical-network>]
    [--segment <segment>]
    --network <network>
    --network-type <network-type>
    <name>
--description <description>
Network segment description
--physical-network <physical-network>
Physical network name of this network segment
--segment <segment>
Segment identifier for this network segment which is based on the network type, VLAN ID for vlan network type and tunnel ID for geneve, gre and vxlan network types
--network <network>
Network this network segment belongs to (name or ID)
--network-type <network-type>
Network type of this network segment (flat, geneve, gre, local, vlan or vxlan)
<name>
New network segment name

16.52.2. network segment delete

Delete network segment(s) 

openstack network segment delete
    <network-segment> [<network-segment> ...]
<network-segment>
Network segment(s) to delete (name or ID)

16.52.3. network segment list

List network segments 

openstack network segment list
    [--long]
    [--network <network>]
--long
List additional fields in output
--network <network>
List network segments that belong to this network (name or ID)

16.52.4. network segment set

Set network segment properties 

openstack network segment set
    [--description <description>]
    [--name <name>]
    <network-segment>
--description <description>
Set network segment description
--name <name>
Set network segment name
<network-segment>
Network segment to modify (name or ID)

16.52.5. network segment show

Display network segment details 

openstack network segment show
    <network-segment>
<network-segment>
Network segment to display (name or ID)

16.53. network service provider

A network service provider is a particular driver that implements a networking service

Network v2

16.53.1. network service provider list

List service providers 

openstack network service provider list

16.54. object

Object Storage v1

16.54.1. object create

Upload object to container 

openstack object create
    [--name <name>]
    <container>
    <filename> [<filename> ...]
--name <name>
Upload a file and rename it. Can only be used when uploading a single object
<container>
Container for new object
<filename>
Local filename(s) to upload

16.54.2. object delete

Delete object from container 

openstack object delete
    <container>
    <object> [<object> ...]
<container>
Delete object(s) from <container>
<object>
Object(s) to delete

16.54.3. object list

List objects 

openstack object list
    [--prefix <prefix>]
    [--delimiter <delimiter>]
    [--marker <marker>]
    [--end-marker <end-marker>]
    [--limit <num-objects>]
    [--long]
    [--all]
    <container>
--prefix <prefix>
Filter list using <prefix>
--delimiter <delimiter>
Roll up items with <delimiter>
--marker <marker>
Anchor for paging
--end-marker <end-marker>
End anchor for paging
--limit <num-objects>
Limit number of objects returned
--long
List additional fields in output
--all
List all objects in <container> (default is 10000)
<container>
Container to list

16.54.4. object save

Save object locally 

openstack object save
    [--file <filename>]
    <container>
    <object>
--file <filename>
Destination filename (defaults to object name)
<container>
Download <object> from <container>
<object>
Object to save

16.54.5. object set

Set object properties 

openstack object set
    [--property <key=value> [...] ]
    <container>
    <object>
--property <key=value>
Set a property on this object (repeat option to set multiple properties)
<container>
Modify <object> from <container>
<object>
Object to modify

16.54.6. object show

Display object details 

openstack object show
    <container>
    <object>
<container>
Display <object> from <container>
<object>
Object to display

16.54.7. object unset

Unset object properties 

openstack object unset
    [--property <key>]
    <container>
    <object>
--property <key>
Property to remove from object (repeat option to remove multiple properties)
<container>
Modify <object> from <container>
<object>
Object to modify

16.55. object store account

Object Storage v1

16.55.1. object store account set

Set account properties 

openstack object store account set
    [--property <key=value> [...] ]
--property <key=value>
Set a property on this account (repeat option to set multiple properties)

16.55.2. object store account show

Display account details 

openstack object store account show

16.55.3. object store account unset

Unset account properties 

openstack object store account unset
    [--property <key>]
--property <key>
Property to remove from account (repeat option to remove multiple properties)

16.56. policy

Identity v3

16.56.1. policy create

Create new policy 

openstack policy create
    [--type <type>]
    <filename>
--type <type>
New MIME type of the policy rules file (defaults to application/json)
<filename>
New serialized policy rules file

16.56.2. policy delete

Delete policy(s) 

openstack policy delete
    <policy> [<policy> ...]
<policy>
Policy(s) to delete

16.56.3. policy list

List policies 

openstack policy list
    [--long]
--long
List additional fields in output

16.56.4. policy set

Set policy properties 

openstack policy set
    [--type <type>]
    [--rules <filename>]
    <policy>
--type <type>
New MIME type of the policy rules file
--rules <filename>
New serialized policy rules file
<policy>
Policy to modify

16.56.5. policy show

Display policy details 

openstack policy show
    <policy>
<policy>
Policy to display

16.57. port

A port is a connection point for attaching a single device, such as the NIC of a server, to a network. The port also describes the associated network configuration, such as the MAC and IP addresses to be used on that port.

Network v2

16.57.1. port create

Create new port 

openstack port create
    --network <network>
    [--description <description>]
    [--fixed-ip subnet=<subnet>,ip-address=<ip-address>]
    [--device <device-id>]
    [--device-owner <device-owner>]
    [--vnic-type <vnic-type>]
    [--binding-profile <binding-profile>]
    [--host <host-id>]
    [--enable | --disable]
    [--mac-address <mac-address>]
    [--security-group <security-group> | --no-security-group]
    [--dns-name <dns-name>]
    [--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>]]
    [--qos-policy <qos-policy>]
    [--project <project> [--project-domain <project-domain>]]
    [--enable-port-security | --disable-port-security]
    <name>
--network <network>
Network this port belongs to (name or ID)
--description <description>
Description of this port
--fixed-ip subnet=<subnet>,ip-address=<ip-address>
Desired IP and/or subnet for this port (name or ID): subnet=<subnet>,ip-address=<ip-address> (repeat option to set multiple fixed IP addresses)
--device <device-id>
Port device ID
--device-owner <device-owner>
Device owner of this port. This is the entity that uses the port (for example, network:dhcp).
--vnic-type <vnic-type>
VNIC type for this port (direct | direct-physical | macvtap | normal | baremetal, default: normal)
--binding-profile <binding-profile>
Custom data to be passed as binding:profile. Data may be passed as <key>=<value> or JSON. (repeat option to set multiple binding:profile data)
--host <host-id>
Allocate port on host <host-id> (ID only)
--enable
Enable port (default)
--disable
Disable port
--mac-address <mac-address>
MAC address of this port
--security-group <security-group>
Security group to associate with this port (name or ID) (repeat option to set multiple security groups)
--no-security-group
Associate no security groups with this port
--dns-name <dns-name>
Set DNS name to this port (requires DNS integration extension)
--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>]
Add allowed-address pair associated with this port: ip-address=<ip-address>[,mac-address=<mac-address>] (repeat option to set multiple allowed-address pairs)
--qos-policy <qos-policy>
Attach QoS policy to this port (name or ID)
--project <project>
Owner’s project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--enable-port-security
Enable port security for this port (Default)
--disable-port-security
Disable port security for this port
<name>
Name of this port

16.57.2. port delete

Delete port(s) 

openstack port delete
    <port> [<port> ...]
<port>
Port(s) to delete (name or ID)

16.57.3. port list

List ports 

openstack port list
    [--device-owner <device-owner>]
    [--router <router> | --server <server>]
    [--network <network>]
    [--mac-address <mac-address>]
    [--fixed-ip subnet=<subnet>,ip-address=<ip-address>]
    [--long]
    [--project <project> [--project-domain <project-domain>]]
--device-owner <device-owner>
List only ports with the specified device owner. This is the entity that uses the port (for example, network:dhcp).
--router <router>
List only ports attached to this router (name or ID)
--server <server>
List only ports attached to this server (name or ID)
--network <network>
List only ports attached to this network (name or ID)
--mac-address <mac-address>
List only ports with this MAC address
--fixed-ip subnet=<subnet>,ip-address=<ip-address>
Desired IP and/or subnet for filtering ports (name or ID): subnet=<subnet>,ip-address=<ip-address> (repeat option to set multiple fixed IP addresses)
--long
List additional fields in output
--project <project>
List ports according to their project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

16.57.4. port set

Set port properties 

openstack port set
    [--description <description>]
    [--fixed-ip subnet=<subnet>,ip-address=<ip-address>]
    [--no-fixed-ip]
    [--device <device-id>]
    [--device-owner <device-owner>]
    [--vnic-type <vnic-type>]
    [--binding-profile <binding-profile>]
    [--no-binding-profile]
    [--host <host-id>]
    [--qos-policy <qos-policy>]
    [--enable | --disable]
    [--name <name>]
    [--mac-address <mac-address>]
    [--security-group <security-group>]
    [--no-security-group]
    [--enable-port-security | --disable-port-security]
    [--dns-name <dns-name>]
    [--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>]]
    [--no-allowed-address]
    <port>
--description <description>
Description of this port
--fixed-ip subnet=<subnet>,ip-address=<ip-address>
Desired IP and/or subnet for this port (name or ID): subnet=<subnet>,ip-address=<ip-address> (repeat option to set multiple fixed IP addresses)
--no-fixed-ip
Clear existing information of fixed IP addresses. Specify both --fixed-ip and --no-fixed-ip to overwrite the current fixed IP addresses.
--device <device-id>
Port device ID
--device-owner <device-owner>
Device owner of this port. This is the entity that uses the port (for example, network:dhcp).
--vnic-type <vnic-type>
VNIC type for this port (direct | direct-physical | macvtap | normal | baremetal, default: normal)
--binding-profile <binding-profile>
Custom data to be passed as binding:profile. Data may be passed as <key>=<value> or JSON. (repeat option to set multiple binding:profile data)
--no-binding-profile
Clear existing information of binding:profile. Specify both --binding-profile and --no-binding-profile to overwrite the current binding:profile information.
--host <host-id>
Allocate port on host <host-id> (ID only)
--qos-policy <qos-policy>
Attach QoS policy to this port (name or ID)
--enable
Enable port
--disable
Disable port
--name
Set port name
--mac-address
Set port’s MAC address (admin only)
--security-group <security-group>
Security group to associate with this port (name or ID) (repeat option to set multiple security groups)
--no-security-group
Clear existing security groups associated with this port
--enable-port-security
Enable port security for this port
--disable-port-security
Disable port security for this port
--dns-name <dns-name>
Set DNS name to this port (requires DNS integration extension)
--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>]
Add allowed-address pair associated with this port: ip-address=<ip-address>[,mac-address=<mac-address>] (repeat option to set multiple allowed-address pairs)
--no-allowed-address
Clear existing allowed-address pairs associated with this port. (Specify both --allowed-address and --no-allowed-address to overwrite the current allowed-address pairs)
<port>
Port to modify (name or ID)

16.57.5. port show

Display port details 

openstack port show
    <port>
<port>
Port to display (name or ID)

16.57.6. port unset

Unset port properties 

openstack port unset
    [--fixed-ip subnet=<subnet>,ip-address=<ip-address> [...]]
    [--binding-profile <binding-profile-key> [...]]
    [--security-group <security-group> [...]]
    [--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>] [...]]
    [--qos-policy]
    <port>
--fixed-ip subnet=<subnet>,ip-address=<ip-address>
Desired IP and/or subnet which should be removed from this port (name or ID): subnet=<subnet>,ip-address=<ip-address> (repeat option to unset multiple fixed IP addresses)
--binding-profile <binding-profile-key>
Desired key which should be removed from binding-profile (repeat option to unset multiple binding:profile data)
--security-group <security-group>
Security group which should be removed from this port (name or ID) (repeat option to unset multiple security groups)
--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>]
Desired allowed-address pair which should be removed from this port: ip-address=<ip-address>[,mac-address=<mac-address>] (repeat option to unset multiple allowed-address pairs)
--qos-policy
Remove the QoS policy attached to the port
<port>
Port to modify (name or ID)

16.58. project

Identity v2, v3

16.58.1. project create

Create new project 

openstack project create
    [--domain <domain>]
    [--parent <project>]
    [--description <description>]
    [--enable | --disable]
    [--property <key=value>]
    [--or-show]
    <name>
--domain <domain>
Domain owning the project (name or ID) New in version 3.
--parent <project>
Parent of the project (name or ID) New in version 3.
--description <description>
Project description
--enable
Enable project (default)
--disable
Disable project
--property <key=value>
Add a property to <name> (repeat option to set multiple properties)
--or-show
Return existing project If the project already exists return the existing project data and do not fail.
<name>
New project name

16.58.2. project delete

Delete project(s) 

openstack project delete
    [--domain <domain>]
    <project> [<project> ...]
--domain <domain>
Domain owning <project> (name or ID) New in version 3.
<project>
Project to delete (name or ID)

16.58.3. project list

List projects 

openstack project list
    [--domain <domain>]
    [--user <user>]
    [--my-projects]
    [--long]
    [--sort <key>[:<direction>,<key>:<direction>,..]]
--domain <domain>
Filter projects by <domain> (name or ID) New in version 3.
--user <user>
Filter projects by <user> (name or ID) New in version 3.
--my-projects
List projects for the authenticated user. Supersedes other filters. New in version 3.
--long
List additional fields in output
--sort <key>[:<direction>,<key>:<direction>,..]
Sort output by selected keys and directions (asc or desc) (default: asc), multiple keys and directions can be specified --sort <key>[:<direction>,<key>:<direction>,..]

16.58.4. project set

Set project properties 

openstack project set
    [--name <name>]
    [--domain <domain>]
    [--description <description>]
    [--enable | --disable]
    [--property <key=value>]
    <project>
--name <name>
Set project name
--domain <domain>
Domain owning <project> (name or ID) New in version 3.
--description <description>
Set project description
--enable
Enable project (default)
--disable
Disable project
--property <key=value>
Set a property on <project> (repeat option to set multiple properties) Identity version 2 only
<project>
Project to modify (name or ID)

16.58.5. project show

Display project details 

openstack project show
    [--domain <domain>]
    <project>
--domain <domain>
Domain owning <project> (name or ID) New in version 3.
--parents
Show the project’s parents as a list New in version 3.
--children
Show project’s subtree (children) as a list New in version 3.
<project>
Project to display (name or ID)

16.58.6. project unset

Unset project properties 

_Identity version 2 only_
openstack project unset
    --property <key> [--property <key> ...]
    <project>
--property <key>
Property key to remove from project (repeat option to remove multiple properties)
<project>
Project to modify (name or ID)

16.59. quota

Resource quotas appear in multiple APIs, OpenStackClient presents them as a single object with multiple properties.

Block Storage v1, v2, Compute v2, Network v2

16.59.1. quota list

List quotas for all projects with non-default quota values 

openstack quota list
    --compute | --network | --volume
--network
List network quotas
--compute
List compute quotas
--volume
List volume quotas

16.59.2. quota set

Set quotas for project 

openstack quota set
    # Compute settings
    [--cores <num-cores>]
    [--fixed-ips <num-fixed-ips>]
    [--floating-ips <num-floating-ips>]
    [--injected-file-size <injected-file-bytes>]
    [--injected-files <num-injected-files>]
    [--instances <num-instances>]
    [--key-pairs <num-key-pairs>]
    [--properties <num-properties>]
    [--ram <ram-mb>]
    [--server-groups <num-server-groups>]
    [--server-group-members <num-server-group-members>]

    # Block Storage settings
    [--backups <new-backups>]
    [--backup-gigabytes <new-backup-gigabytes>]
    [--gigabytes <new-gigabytes>]
    [--per-volume-gigabytes <new-per-volume-gigabytes>]
    [--snapshots <new-snapshots>]
    [--volumes <new-volumes>]
    [--volume-type <volume-type>]

    # Network settings
    [--floating-ips <num-floatingips>]
    [--secgroup-rules <num-security-group-rules>]
    [--secgroups <num-security-groups>]
    [--networks <num-networks>]
    [--subnets <num-subnets>]
    [--ports <num-ports>]
    [--routers <num-routers>]
    [--rbac-policies <num-rbac-policies>]
    [--vips <num-vips>]
    [--subnetpools <num-subnetpools>]
    [--members <num-members>]
    [--health-monitors <num-health-monitors>]

    <project>

Set quotas for class 

openstack quota set
    --class
    # Compute settings
    [--cores <num-cores>]
    [--fixed-ips <num-fixed-ips>]
    [--floating-ips <num-floating-ips>]
    [--injected-file-size <injected-file-bytes>]
    [--injected-files <num-injected-files>]
    [--instances <num-instances>]
    [--key-pairs <num-key-pairs>]
    [--properties <num-properties>]
    [--ram <ram-mb>]
    [--server-groups <num-server-groups>]
    [--server-group-members <num-server-group-members>]

    # Block Storage settings
    [--backups <new-backups>]
    [--backup-gigabytes <new-backup-gigabytes>]
    [--gigabytes <new-gigabytes>]
    [--per-volume-gigabytes <new-per-volume-gigabytes>]
    [--snapshots <new-snapshots>]
    [--volumes <new-volumes>]

    <class>
--class
Set quotas for <class>
--properties <new-properties>
New value for the properties quota
--ram <new-ram>
New value for the ram quota
--secgroup-rules <new-secgroup-rules>
New value for the secgroup-rules quota
--instances <new-instances>
New value for the instances quota
--key-pairs <new-key-pairs>
New value for the key-pairs quota
--fixed-ips <new-fixed-ips>
New value for the fixed-ips quota
--secgroups <new-secgroups>
New value for the secgroups quota
--injected-file-size <new-injected-file-size>
New value for the injected-file-size quota
--server-groups <new-server-groups>
New value for the server-groups quota
--server-group-members <new-server-group-members>
New value for the server-group-members quota
--floating-ips <new-floating-ips>
New value for the floating-ips quota
--injected-files <new-injected-files>
New value for the injected-files quota
--cores <new-cores>
New value for the cores quota
--injected-path-size <new-injected-path-size>
New value for the injected-path-size quota
--backups <new-backups>
New value for the backups quota
--backup-gigabytes <new-backup-gigabytes>
New value for the backup gigabytes quota
--gigabytes <new-gigabytes>
New value for the gigabytes quota
--per-volume-gigabytes <new-per-volume-gigabytes>
New value for the gigabytes quota of per volume
--volumes <new-volumes>
New value for the volumes quota
--snapshots <new-snapshots>
New value for the snapshots quota
--volume-type <volume-type>
Set quotas for a specific <volume-type>. The supported quotas are: gigabytes, snapshots, volumes.
--networks <num-networks>
New value for the networks quota
--subnets <num-subnets>
New value for the subnets quota
--ports <num-ports>
New value for the ports quota
--routers <num-routers>
New value for the routers quota
--rbac-policies <num-rbac-policies>
New value for the rbac-policies quota
--vips <num-vips>
New value for the vips quota
--subnetpools <num-subnetpools>
New value for the subnetpools quota
--members <num-members>
New value for the members quota
--health-monitors <num-health-monitors>
New value for the health-monitors quota

16.59.3. quota show

Show quotas for project or class 

openstack quota show
    [--default]
    [<project>]
--default
Show default quotas for <project>
<project>
Show quotas for this project (name or ID) 
openstack quota show
    --class
    [<class>]
--class
Show quotas for <class>
<class>
Show quotas for this class (name or ID)

16.60. region

Identity v3

16.60.1. region create

Create new region 

openstack region create
    [--parent-region <region-id>]
    [--description <description>]
    <region-id>
--parent-region <region-id>
Parent region ID
--description <description>
New region description
<region-id>
New region ID

16.60.2. region delete

Delete region(s) 

openstack region delete
    <region-id> [<region-id> ...]
<region-id>
Region ID(s) to delete

16.60.3. region list

List regions 

openstack region list
    [--parent-region <region-id>]
--parent-region <region-id>
Filter by parent region ID

16.60.4. region set

Set region properties 

openstack region set
    [--parent-region <region-id>]
    [--description <description>]
    <region-id>
--parent-region <region-id>
New parent region ID
--description <description>
New region description
<region-id>
Region to modify

16.60.5. region show

Display region details 

openstack region show
    <region-id>
<region-id>
Region to display

16.61. request token

Identity v3

Requires: OS-OAUTH1 extension

16.61.1. request token authorize

Authorize a request token 

openstack request token authorize
    --request-key <consumer-key>
    --role <role>
--request-key <request-key>
Request token to authorize (ID only) (required)
--role <role>
Roles to authorize (name or ID) (repeat option to set multiple values) (required)

16.61.2. request token create

Create a request token 

openstack request token create
    --consumer-key <consumer-key>
    --consumer-secret <consumer-secret>
    --project <project>
    [--domain <domain>]
--consumer-key <consumer-key>
Consumer key (required)
--description <description>
Consumer secret (required)
--project <project>
Project that consumer wants to access (name or ID) (required)
--domain <domain>
Domain owning <project> (name or ID)

16.62. role

Identity v2, v3

16.62.1. role add

Add role assignment to a user or group in a project or domain 

openstack role add
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>
--domain <domain>
Include <domain> (name or ID) New in version 3.
--project <project>
Include <project> (name or ID)
--user <user>
Include <user> (name or ID)
--group <group>
Include <group> (name or ID) New in version 3.
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. New in version 3.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. New in version 3.
--inherited
Specifies if the role grant is inheritable to the sub projects. New in version 3.
--role-domain <role-domain>
Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used. New in version 3.
<role>
Role to add to <project>:<user> (name or ID)

16.62.2. role create

Create new role 

openstack role create
    [--or-show]
    [--domain <domain>]
    <name>
--domain <domain>
Domain the role belongs to (name or ID). New in version 3.
--or-show
Return existing role If the role already exists return the existing role data and do not fail.
<name>
New role name

16.62.3. role delete

Delete role(s) 

openstack role delete
    <role> [<role> ...]
    [--domain <domain>]
<role>
Role to delete (name or ID)
--domain <domain>
Domain the role belongs to (name or ID). New in version 3.

16.62.4. role list

List roles 

openstack role list
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --inherited
--domain <domain>
Filter roles by <domain> (name or ID) (Deprecated if being used to list assignments in conjunction with the --user <user>, option, please use role assignment list instead)
--project <project>
Filter roles by <project> (name or ID) (Deprecated, please use role assignment list instead)
--user <user>
Filter roles by <user> (name or ID) (Deprecated, please use role assignment list instead)
--group <group>
Filter roles by <group> (name or ID) (Deprecated, please use role assignment list instead)
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. (Deprecated, please use role assignment list instead) New in version 3.
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. (Deprecated, please use role assignment list instead) New in version 3.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. (Deprecated, please use role assignment list instead) New in version 3.
--inherited
Specifies if the role grant is inheritable to the sub projects. (Deprecated, please use role assignment list instead) New in version 3.

16.62.5. role remove

Remove role assignment from domain/project : user/group 

openstack role remove
    --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>
--domain <domain>
Include <domain> (name or ID) New in version 3.
--project <project>
Include <project> (name or ID)
--user <user>
Include <user> (name or ID)
--group <group>
Include <group> (name or ID) New in version 3.
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. New in version 3.
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. New in version 3.
--inherited
Specifies if the role grant is inheritable to the sub projects. New in version 3.
--role-domain <role-domain>
Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used. New in version 3.
<role>
Role to remove (name or ID)

16.62.6. role set

Set role properties

New in version 3. 

openstack role set
    [--name <name>]
    [--domain <domain>]
    <role>
--name <name>
Set role name
--domain <domain>
Domain the role belongs to (name or ID). New in version 3.
<role>
Role to modify (name or ID)

16.62.7. role show

Display role details 

openstack role show
    [--domain <domain>]
    <role>
--domain <domain>
Domain the role belongs to (name or ID). New in version 3.
<role>
Role to display (name or ID)

16.63. role assignment

Identity v2, v3

16.63.1. role assignment list

List role assignments 

openstack role assignment list
    [--role <role>]
    [--role-domain <role-domain>]
    [--user <user>]
    [--user-domain <user-domain>]
    [--group <group>]
    [--group-domain <group-domain>]
    [--domain <domain>]
    [--project <project>]
    [--project-domain <project-domain>]
    [--effective]
    [--inherited]
    [--names]
--role <role>
Role to filter (name or ID) New in version 3.
--role-domain <role-domain>
Domain the role belongs to (name or ID). This can be used in case collisions between role names exist. New in version 3.
--user <user>
User to filter (name or ID)
--user-domain <user-domain>
Domain the user belongs to (name or ID). This can be used in case collisions between user names exist. New in version 3.
--group <group>
Group to filter (name or ID) New in version 3.
--group-domain <group-domain>
Domain the group belongs to (name or ID). This can be used in case collisions between group names exist. New in version 3.
--domain <domain>
Domain to filter (name or ID) New in version 3.
--project <project>
Project to filter (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. New in version 3.
--effective
Returns only effective role assignments (defaults to False) New in version 3.
--inherited
Specifies if the role grant is inheritable to the sub projects New in version 3.
--names
Returns role assignments with names instead of IDs
--auth-user
Returns role assignments for the authenticated user.
--auth-project
Returns role assignments for the project to which the authenticated user is scoped.

16.64. router

A router is a logical component that forwards data packets between networks. It also provides Layer 3 and NAT forwarding to provide external network access for servers on project networks.

Network v2

16.64.1. router add port

Add a port to a router 

openstack router add port
    <router>
    <port>
<router>
Router to which port will be added (name or ID)
<port>
Port to be added (name or ID)

16.64.2. router add subnet

Add a subnet to a router 

openstack router add subnet
    <router>
    <subnet>
<router>
Router to which subnet will be added (name or ID)
<subnet>
Subnet to be added (name or ID)

16.64.3. router create

Create new router 

openstack router create
    [--project <project> [--project-domain <project-domain>]]
    [--enable | --disable]
    [--distributed | --centralized]
    [--ha | --no-ha]
    [--description <description>]
    [--availability-zone-hint <availability-zone>]
    <name>
--project <project>
Owner’s project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--enable
Enable router (default)
--disable
Disable router
--distributed
Create a distributed router The default router type (distributed vs centralized) is determined by a configuration setting in the OpenStack deployment. Since we are unable to know that default wihtout attempting to actually create a router it is suggested to use either --distributed or --centralized in situations where multiple cloud deployments may be used.
--centralized
Create a centralized router See the note in --distributed regarding the default used when creating a new router.
--ha
Create a highly available router
--no-ha
Create a legacy router
--description <description>
Set router description
--availability-zone-hint <availability-zone>
Availability Zone in which to create this router (Router Availability Zone extension required, repeat option to set multiple availability zones)
<name>
New router name

16.64.4. router delete

Delete router(s) 

openstack router delete
    <router> [<router> ...]
<router>
Router(s) to delete (name or ID)

16.64.5. router list

List routers 

openstack router list
    [--name <name>]
    [--enable | --disable]
    [--long]
    [--project <project> [--project-domain <project-domain>]]
--long
List additional fields in output
--name <name>
List routers according to their name
--enable
List enabled routers
--disable
List disabled routers
--project <project>
List routers according to their project (name or ID)
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

16.64.6. router remove port

Remove a port from a router 

openstack router remove port
    <router>
    <port>
<router>
Router from which port will be removed (name or ID)
<port>
Port to be removed and deleted (name or ID)

16.64.7. router remove subnet

Remove a subnet from a router 

openstack router remove subnet
    <router>
    <subnet>
<router>
Router from which subnet will be removed (name or ID)
<subnet>
Subnet to be removed (name or ID)

16.64.8. router set

Set router properties 

openstack router set
    [--name <name>]
    [--enable | --disable]
    [--distributed | --centralized]
    [--description <description>]
    [--route destination=<subnet>,gateway=<ip-address> | --no-route]
    [--ha | --no-ha]
    [--external-gateway <network> [--enable-snat|--disable-snat] [--fixed-ip subnet=<subnet>,ip-address=<ip-address>]]
    <router>
--name <name>
Set router name
--enable
Enable router
--disable
Disable router
--distributed
Set router to distributed mode (disabled router only)
--centralized
Set router to centralized mode (disabled router only)
--description <description>
Set router description
--route destination=<subnet>,gateway=<ip-address>
Routes associated with the router destination: destination subnet (in CIDR notation) gateway: nexthop IP address (repeat option to set multiple routes)
--no-route
Clear routes associated with the router. Specify both --route and --no-route to overwrite current value of route.
--ha
Set the router as highly available (disabled router only)
--no-ha
Clear high availablability attribute of the router (disabled router only)
--external-gateway <network>
External Network used as router’s gateway (name or ID)
--enable-snat
Enable Source NAT on external gateway
--disable-snat
Disable Source NAT on external gateway
--fixed-ip subnet=<subnet>,ip-address=<ip-address>
Desired IP and/or subnet (name or ID) on external gateway: subnet=<subnet>,ip-address=<ip-address> (repeat option to set multiple fixed IP addresses)
<router>
Router to modify (name or ID)

16.64.9. router show

Display router details 

openstack router show
    <router>
<router>
Router to display (name or ID)

16.64.10. router unset

Unset router properties 

openstack router unset
    [--route destination=<subnet>,gateway=<ip-address>]
    [--external-gateway]
    <router>
--route destination=<subnet>,gateway=<ip-address>
Routes to be removed from the router destination: destination subnet (in CIDR notation) gateway: nexthop IP address (repeat option to unset multiple routes)
--external-gateway
Remove external gateway information from the router
<router>
Router to modify (name or ID)

16.65. security group

A security group acts as a virtual firewall for servers and other resources on a network. It is a container for security group rules which specify the network access rules.

Compute v2, Network v2

16.65.1. security group create

Create a new security group 

openstack security group create
    [--description <description>]
    [--project <project> [--project-domain <project-domain>]]
    <name>
--description <description>
Security group description
--project <project>
Owner’s project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only
<name>
New security group name

16.65.2. security group delete

Delete security group(s) 

openstack security group delete
    <group> [<group> ...]
<group>
Security group(s) to delete (name or ID)

16.65.3. security group list

List security groups 

openstack security group list
    [--all-projects]
    [--project <project> [--project-domain <project-domain>]]
--all-projects
Display information from all projects (admin only) Network version 2 ignores this option and will always display informationfor all projects (admin only).
--project <project>
List security groups according to the project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only

16.65.4. security group set

Set security group properties 

openstack security group set
    [--name <new-name>]
    [--description <description>]
    <group>
--name <new-name>
New security group name
--description <description>
New security group description
<group>
Security group to modify (name or ID)

16.65.5. security group show

Display security group details 

openstack security group show
    <group>
<group>
Security group to display (name or ID)

16.66. security group rule

A security group rule specifies the network access rules for servers and other resources on the network.

Compute v2, Network v2

16.66.1. security group rule create

Create a new security group rule 

openstack security group rule create
    [--remote-ip <ip-address> | --remote-group <group>]
    [--dst-port <port-range> | [--icmp-type <icmp-type> [--icmp-code <icmp-code>]]]
    [--protocol <protocol>]
    [--ingress | --egress]
    [--ethertype <ethertype>]
    [--project <project> [--project-domain <project-domain>]]
    [--description <description>]
    <group>
--remote-ip <ip-address>
Remote IP address block (may use CIDR notation; default for IPv4 rule: 0.0.0.0/0)
--remote-group <group>
Remote security group (name or ID)
--dst-port <port-range>
Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.
--icmp-type <icmp-type>
ICMP type for ICMP IP protocols Network version 2 only
--icmp-code <icmp-code>
ICMP code for ICMP IP protocols Network version 2 only
--protocol <protocol>
IP protocol (icmp, tcp, udp; default: tcp) Compute version 2 IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255]; default: tcp) Network version 2
--ingress
Rule applies to incoming network traffic (default) Network version 2 only
--egress
Rule applies to outgoing network traffic Network version 2 only
--ethertype <ethertype>
Ethertype of network traffic (IPv4, IPv6; default: based on IP protocol) Network version 2 only
--project <project>
Owner’s project (name or ID) Network version 2 only
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. Network version 2 only
--description <description>
Set security group rule description Network version 2 only
<group>
Create rule in this security group (name or ID)

16.66.2. security group rule delete

Delete security group rule(s) 

openstack security group rule delete
    <rule> [<rule> ...]
<rule>
Security group rule(s) to delete (ID only)

16.66.3. security group rule list

List security group rules 

openstack security group rule list
    [--all-projects]
    [--protocol <protocol>]
    [--ingress | --egress]
    [--long]
    [<group>]
--all-projects
Display information from all projects (admin only) Network version 2 ignores this option and will always display informationfor all projects (admin only).
--long
List additional fields in output Compute version 2 does not have additional fields to display.
--protocol
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255]) Network version 2
--ingress
List rules applied to incoming network traffic Network version 2 only
--egress
List rules applied to outgoing network traffic Network version 2 only
<group>
List all rules in this security group (name or ID)

16.66.4. security group rule show

Display security group rule details 

openstack security group rule show
    <rule>
<rule>
Security group rule to display (ID only)

16.67. server

Compute v2

16.67.1. server add fixed ip

Add fixed IP address to server 

openstack server add fixed ip
    [--fixed-ip-address <ip-address>]
    <server>
    <network>
--fixed-ip-address <ip-address>
Requested fixed IP address
<server>
Server to receive the fixed IP address (name or ID)
<network>
Network to allocate the fixed IP address from (name or ID)

16.67.2. server add floating ip

Add floating IP address to server 

openstack server add floating ip
    [--fixed-ip-address <ip-address>]
    <server>
    <ip-address>
--fixed-ip-address <ip-address>
Fixed IP address to associate with this floating IP address
<server>
Server to receive the floating IP address (name or ID)
<ip-address>
Floating IP address to assign to server (IP only)

16.67.3. server add port

Add port to server 

openstack server add port
    <server>
    <port>
<server>
Server to add the port to (name or ID)
<port>
Port to add to the server (name or ID)

16.67.4. server add security group

Add security group to server 

openstack server add security group
    <server>
    <group>
<server>
Server (name or ID)
<group>
Security group to add (name or ID)

16.67.5. server add volume

Add volume to server 

openstack server add volume
    [--device <device>]
    <server>
    <volume>
--device <device>
Server internal device name for volume
<server>
Server (name or ID)
<volume>
Volume to add (name or ID)

16.67.6. server create

Create a new server 

openstack server create
    --image <image> | --volume <volume>
    --flavor <flavor>
    [--security-group <security-group-name> [...] ]
    [--key-name <key-name>]
    [--property <key=value> [...] ]
    [--file <dest-filename=source-filename>] [...] ]
    [--user-data <user-data>]
    [--availability-zone <zone-name>]
    [--block-device-mapping <dev-name=mapping> [...] ]
    [--nic <net-id=net-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr,port-id=port-uuid,auto,none> [...] ]
    [--network <network>]
    [--port <port>]
    [--hint <key=value> [...] ]
    [--config-drive <value>|True ]
    [--min <count>]
    [--max <count>]
    [--wait]
    <server-name>
--image <image>
Create server boot disk from this image (name or ID)
--volume <volume>
Create server using this volume as the boot disk (name or ID) This option automatically creates a block device mapping with a boot index of 0. On many hypervisors (libvirt/kvm for example) this will be device vda. Do not create a duplicate mapping using --block-device-mapping for this volume.
--flavor <flavor>
Create server with this flavor (name or ID)
--security-group <security-group-name>
Security group to assign to this server (name or ID) (repeat option to set multiple groups)
--key-name <key-name>
Keypair to inject into this server (optional extension)
--property <key=value>
Set a property on this server (repeat option to set multiple values)
--file <dest-filename=source-filename>
File to inject into image before boot (repeat option to set multiple files)
--user-data <user-data>
User data file to serve from the metadata server
--availability-zone <zone-name>
Select an availability zone for the server
--block-device-mapping <dev-name=mapping>
Map block devices; map is <id>:<type>:<size(GB)>:<delete_on_terminate> (optional extension)
--nic <net-id=net-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr,port-id=port-uuid,auto,none>
Create a NIC on the server. Specify option multiple times to create multiple NICs. Either net-id or port-id must be provided, but not both. net-id: attach NIC to network with this UUID, port-id: attach NIC to port with this UUID, v4-fixed-ip: IPv4 fixed address for NIC (optional), v6-fixed-ip: IPv6 fixed address for NIC (optional). none: (v2.37+) no network is attached. auto: (v2.37+) the compute service will automatically allocate a network. Specifying a --nic of auto or none cannot be used with any other --nic value.
--network <network>
Create a NIC on the server and connect it to network. Specify option multiple times to create multiple NICs. For more options on NICs see --nic parameter. network: attach NIC to this network
--port <port>
Create a NIC on the server and connect it to port. Specify option multiple times to create multiple NICs. For more options on NICs see --nic parameter. port: attach NIC to this port
--hint <key=value>
Hints for the scheduler (optional extension)
--config-drive <config-drive-volume>|True
Use specified volume as the config drive, or 'True' to use an ephemeral drive
--min <count>
Minimum number of servers to launch (default=1)
--max <count>
Maximum number of servers to launch (default=1)
--wait
Wait for build to complete
<server-name>
New server name