OpenStack Command-Line Interface Cheat Sheet

Openstack, besides Horizon GUI Dashboard, can also be configured via command-line interface using commands in Bash. Below we present a list of common and useful commands for your reference.

Note: in OpenStack command-line interface you have to source appropriate keystonerc file in order to be able to invoke OpenStack commands within the specified Project Tenant. Sourcing of keystonerc file imports Tenant User/Admin credentials to environment variables during user session.

1. Keystone

1.1 Source admin keystonerc file (import admin credentials):

[root@controller ~]# source /root/keystonerc_admin 

1.2 List all users

[root@controller ~(keystone_admin)]# keystone user-list

1.3 List all user roles

[root@controller ~(keystone_admin)]# keystone role-list

1.4 List all Project Tenants

[root@controller ~(keystone_admin)]# keystone tenant-list

2. Glance

2.1 List images

[root@controller ~(keystone_admin)]# glance image-list

2.2 Create public qcow2 based image named cirros_image from cirros-0.3.4-x86_64-disk.img file

[root@controller ~(keystone_admin)]# glance image-create --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --name cirros_image

2.3 Delete image (specify image ID)

[root@controller ~(keystone_admin)]# glance image-delete aca1a00b-e5fc-4121-8c88-cef47b705a83

3. Nova

3.1 Display all nodes

[root@controller ~(keystone_admin)]# nova-manage host list

3.2 Display status of services running on nodes

[root@controller ~(keystone_admin)]# nova-manage service list

3.3 List instances within project tenant

[root@controller ~(tuxfixer@tuxfixer)]$ nova list

3.4 List images

[root@controller ~(keystone_admin)]# nova image-list

3.5 List flavors

[root@controller ~(keystone_admin)]# nova flavor-list

3.6 Launch instance named instance2 using m1.tiny flavor, cirros image with 2 network interfaces connected to 2 internal networks (specify network IDs)

[root@controller ~(tuxfixer@tuxfixer)]$ nova boot --flavor m1.tiny --image cirros --nic net-id=c471aa63-813b-4588-9822-d8961801dd30 --nic net-id=b521aa63-514c-4577-9622-b8961801cc31 instance2

3.7 Start instance instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova start instance1

3.8 Stop instance instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova stop instance1

3.9 Terminate instance (shut down immediately and delete) instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova delete instance1

3.10 Allocate IP to Project Tenant from public_net pool

[root@controller ~(tuxfixer@tuxfixer)]$ nova floating-ip-create public_net

3.11 Associate Floating IP with instance1

[root@controller ~(tuxfixer@tuxfixer)]$ nova floating-ip-associate instance1

3.12 Add allow-all security group to running instance cirros1

[root@controller ~(tuxfixer@tuxfixer)]$ nova add-secgroup cirros1 allow-all

3.13 Remove default security group from running instance cirros1

[root@controller ~(tuxfixer@tuxfixer)]$ nova remove-secgroup cirros1 default 

4. Neutron

4.1 List networks

[root@controller ~(keystone_admin)]# neutron net-list

4.2 Show network details for pub_net

[root@controller ~(keystone_admin)]# neutron net-show pub_net

4.3 List sub-networks

[root@controller ~(keystone_admin)]# neutron subnet-list

4.4 Show sub-network details for pub_subnet

[root@controller ~(keystone_admin)]# neutron subnet-show pub_subnet

4.5 Create router router1 in specified Project Tanant (specify ID)

[root@controller ~(tuxfixer@tuxfixer)]# neutron router-create --tenant-id 1bee77abc7744d918691a399e54f6b9f router1

4.6 List external (public) networks

[root@controller ~(keystone_admin)]# neutron net-external-list

4.7 Create security group named allow-all-traffic in specified Project Tenant

[root@controller ~(tuxfixer@tuxfixer)]# neutron security-group-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --description "Allow all traffic" allow-all-traffic

4.8 Create rule in allow-all-traffic security group that allows for incoming (ingress) ping

[root@controller ~(tuxfixer@tuxfixer)]# neutron security-group-rule-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --protocol icmp --direction ingress allow-all-traffic

4.9 Create rule in allow-all-traffic security group that allows for outgoing (egress) TCP traffic in the whole port range (ports: 1 – 65535)

[root@controller ~(tuxfixer@tuxfixer)]# neutron security-group-rule-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --protocol tcp --port-range-min 1 --port-range-max 65535 --direction egress allow-all-traffic

4.10 Create network named priv_net1 in specified Tenant

[root@controller ~(tuxfixer@tuxfixer)]# neutron net-create --tenant-id 1bee77abc7744d918691a399e54f6b9f priv_net1

4.11 Create sub-network named priv_subnet1 within priv_net1 network in specified Tenant

[root@controller ~(tuxfixer@tuxfixer)]# neutron subnet-create --tenant-id 1bee77abc7744d918691a399e54f6b9f --name priv_subnet1 priv_net1

4.12 Set gateway on router main_router from public network pub_net (attach router to public network)

[root@controller ~(tuxfixer@tuxfixer)]# neutron router-gateway-set main_router pub_net

4.13 Add internal interface on main_router router for priv_net1 network (attach internal/private network to router)

[root@controller ~(tuxfixer@tuxfixer)]# neutron router-interface-add main_router priv_net1

4.14 Create port in priv_net1 network with fixed v4 IP

[root@controller ~(tuxfixer@tuxfixer)]# neutron port-create priv_net1 --fixed-ip ip_address=

4.15 List provider / public networks (those with External flag)

[root@controller ~(keystone_admin)]# neutron net-external-list

5. OVS (OpenVSwitch)

5.1 Display OVS based bridges with attached ports

[root@controller ~]# ovs-vsctl show

5.2 Connect eth0 interface to br-ex bridge

[root@controller ~]# ovs-vsctl add-port br-ex eth0

5.3 Connect eth1 interface to br-eth1 bridge

[root@controller ~]# ovs-vsctl add-port br-eth1 eth1

6. Cinder

6.1 List Volumes

[root@controller ~(tuxfixer@tuxfixer)]$ cinder list

6.2 Create 2GB sized volume named test_volume in specified Tenant

[root@controller ~(tuxfixer@tuxfixer)]$ cinder create 2 --display-name test_volume

6.3 Delete volume named test_volume from Tenant

[root@controller ~(tuxfixer@tuxfixer)]$ cinder delete test_volume

Note: remember to detach volume from instance (if mounted) before deleting to avoid any problems with instance

6.4 Attach volume to existing instance (specify instance and volume ID)

[root@controller ~(tuxfixer@tuxfixer)]$ nova volume-attach b7b8c407-aa6a-4743-9cf4-7cba9c51ba2e b9e9f224-5625-48cc-b86f-41e26bc580ae auto

6.5 Detach volume from instance (specify instance and volume ID)

[root@controller ~(tuxfixer@tuxfixer)]$ nova volume-detach b7b8c407-aa6a-4743-9cf4-7cba9c51ba2e b9e9f224-5625-48cc-b86f-41e26bc580ae

6.6 Extend volume quota for tenant ID 7f3463da73a048b48054cd52541be970 up to 32 volumes

[root@controller ~(keystone_admin)]$ cinder quota-update --volumes 32 7f3463da73a048b48054cd52541be970

Note: do not use tenant name in above command, it won’t work!

7. Swift

7.1 List containers

[root@controller ~(keystone_admin)]# swift list
Liked it? Take a second to support on Patreon!

Share on: Share on FacebookShare on Google+Tweet about this on TwitterShare on StumbleUponShare on LinkedInPin on PinterestBuffer this pageShare on TumblrDigg thisFlattr the authorShare on RedditShare on VKShare on Yummly
Waterprook 4K action Camera

One thought on “OpenStack Command-Line Interface Cheat Sheet

  1. Jan December 8, 2015 at 11:41

    This post is really good. It helped me a lot to set up my own cloud. Thanks !

Leave a Reply

Name *
Email *