OpenStack Command-Line Interface Cheat Sheet

Openstack, besides Horizon GUI Dashboard, can also be configured via command-line interface using commands in Bash. Below we present a list of common and useful commands for your reference.

Note: in OpenStack command-line interface you have to source appropriate keystonerc file in order to be able to invoke OpenStack commands within the specified Project Tenant. Sourcing of keystonerc file imports Tenant User/Admin credentials to environment variables during user session.

1. Keystone

1.1 Source admin keystonerc file (import admin credentials):

[root@controller ~]# source /root/keystonerc_admin 

1.2 List all users

[root@controller ~(keystone_admin)]# keystone user-list

1.3 List all user roles

[root@controller ~(keystone_admin)]# keystone role-list

1.4 List all Project Tenants

[root@controller ~(keystone_admin)]# keystone tenant-list

2. Glance

2.1 List images

[root@controller ~(keystone_admin)]# glance image-list

2.2 Create public qcow2 based image named cirros_image from cirros-0.3.4-x86_64-disk.img file

[root@controller ~(keystone_admin)]# glance image-create --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --name cirros_image

2.3 Delete image (specify image ID)

[root@controller ~(keystone_admin)]# glance image-delete aca1a00b-e5fc-4121-8c88-cef47b705a83

3. Nova

3.1 Display all nodes

[root@controller ~(keystone_admin)]# nova-manage host list

3.2 Display status of services running on nodes

[root@controller ~(keystone_admin)]# nova-manage service list

3.3 List instances within project tenant

[root@controller ~(tuxfixer@tuxfixer)]$ nova list

3.4 List images

[root@controller ~(keystone_admin)]# nova image-list

3.5 List flavors

[root@controller ~(keystone_admin)]# nova flavor-list

3.6 Launch instance named instance2 using m1.tiny flavor, cirros image with 2 network interfaces connected to 2 internal networks (specify network IDs)

[root@controller ~(tuxfixer@tuxfixer)]$ nova boot --flavor m1.tiny --image cirros --nic net-id=c471aa63-813b-4588-9822-d8961801dd30 --nic net-id=b521aa63-514c-4577-9622-b8961801cc31 instance2

3.7 Start instance instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova start instance1

3.8 Stop instance instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova stop instance1

3.9 Terminate instance (shut down immediately and delete) instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova delete instance1

3.10 Allocate IP to Project Tenant from public_net pool

[root@controller ~(tuxfixer@tuxfixer)]$ nova floating-ip-create public_net

3.11 Associate Floating IP with instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova floating-ip-associate instance1

3.12 Add allow-all security group to running instance cirros1

[root@controller ~(tuxfixer@tuxfixer)]$ nova add-secgroup cirros1 allow-all

3.13 Remove default security group from running instance cirros1

[root@controller ~(tuxfixer@tuxfixer)]$ nova remove-secgroup cirros1 default 

4. Neutron

4.1 List networks

[root@controller ~(keystone_admin)]# neutron net-list

4.2 Show network details for pub_net

[root@controller ~(keystone_admin)]# neutron net-show pub_net

4.3 List sub-networks

[root@controller ~(keystone_admin)]# neutron subnet-list

4.4 Show sub-network details for pub_subnet

[root@controller ~(keystone_admin)]# neutron subnet-show pub_subnet

4.5 Create router router1 in specified Project Tanant (specify ID)

[root@controller ~(tuxfixer@tuxfixer)]# neutron router-create --tenant-id 1bee77abc7744d918691a399e54f6b9f router1

4.6 List external (public) networks

[root@controller ~(keystone_admin)]# neutron net-external-list

4.7 Create security group named allow-all-traffic in specified Project Tenant

[root@controller ~(tuxfixer@tuxfixer)]# neutron security-group-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --description "Allow all traffic" allow-all-traffic

4.8 Create rule in allow-all-traffic security group that allows for incoming (ingress) ping

[root@controller ~(tuxfixer@tuxfixer)]# neutron security-group-rule-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --protocol icmp --direction ingress allow-all-traffic

4.9 Create rule in allow-all-traffic security group that allows for outgoing (egress) TCP traffic in the whole port range (ports: 1 – 65535)

[root@controller ~(tuxfixer@tuxfixer)]# neutron security-group-rule-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --protocol tcp --port-range-min 1 --port-range-max 65535 --direction egress allow-all-traffic

4.10 Create network named priv_net1 in specified Tenant

[root@controller ~(tuxfixer@tuxfixer)]# neutron net-create --tenant-id 1bee77abc7744d918691a399e54f6b9f priv_net1

4.11 Create sub-network named priv_subnet1 within priv_net1 network in specified Tenant

[root@controller ~(tuxfixer@tuxfixer)]# neutron subnet-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --name priv_subnet1 priv_net1

4.12 Set gateway on router main_router from public network pub_net (attach router to public network)

[root@controller ~(tuxfixer@tuxfixer)]# neutron router-gateway-set main_router pub_net

4.13 Add internal interface on main_router router for priv_net1 network (attach internal/private network to router)

[root@controller ~(tuxfixer@tuxfixer)]# neutron router-interface-add main_router priv_net1

4.14 Create port in priv_net1 network with fixed v4 IP

[root@controller ~(tuxfixer@tuxfixer)]# neutron port-create priv_net1 --fixed-ip ip_address=

4.15 List provider / public networks (those with External flag)

[root@controller ~(keystone_admin)]# neutron net-external-list

5. OVS (OpenVSwitch)

5.1 Display OVS based bridges with attached ports

[root@controller ~]# ovs-vsctl show

5.2 Connect eth0 interface to br-ex bridge

[root@controller ~]# ovs-vsctl add-port br-ex eth0

5.3 Connect eth1 interface to br-eth1 bridge

[root@controller ~]# ovs-vsctl add-port br-eth1 eth1

6. Cinder

6.1 List Volumes

[root@controller ~(tuxfixer@tuxfixer)]$ cinder list

6.2 Create 2GB sized volume named test_volume in specified Tenant

[root@controller ~(tuxfixer@tuxfixer)]$ cinder create 2 --display-name test_volume

6.3 Delete volume named test_volume from Tenant

[root@controller ~(tuxfixer@tuxfixer)]$ cinder delete test_volume

Note: remember to detach volume from instance (if mounted) before deleting to avoid any problems with instance

6.4 Attach volume to existing instance (specify instance and volume ID)

[root@controller ~(tuxfixer@tuxfixer)]$ nova volume-attach b7b8c407-aa6a-4743-9cf4-7cba9c51ba2e b9e9f224-5625-48cc-b86f-41e26bc580ae auto

6.5 Detach volume from instance (specify instance and volume ID)

[root@controller ~(tuxfixer@tuxfixer)]$ nova volume-detach b7b8c407-aa6a-4743-9cf4-7cba9c51ba2e b9e9f224-5625-48cc-b86f-41e26bc580ae

6.6 Extend volume quota for tenant ID 7f3463da73a048b48054cd52541be970 up to 32 volumes

[root@controller ~(keystone_admin)]$ cinder quota-update --volumes 32 7f3463da73a048b48054cd52541be970

Note: do not use tenant name in above command, it won’t work!

7. Swift

7.1 List containers

[root@controller ~(keystone_admin)]# swift list

Share on: Share on FacebookShare on Google+Tweet about this on TwitterShare on StumbleUponShare on LinkedInPin on PinterestBuffer this pageShare on TumblrDigg thisFlattr the authorShare on RedditShare on VKShare on Yummly
Liked it? Take a second to support on Patreon!
Hadoop Developer Training

One thought on “OpenStack Command-Line Interface Cheat Sheet

  1. Jan December 8, 2015 at 11:41

    This post is really good. It helped me a lot to set up my own cloud. Thanks !

Leave a Reply

Name *
Email *