Command-line Interface Cheat Sheet

Prerequisites—You must prepare your environment to access the command-line interface:


  • An asterisk (*) indicates that a command requires admin-level credentials.
  • Angle brackets (<>) indicate a variable name.

Identity (keystone)

Used to manage users and groups.

Action Command
List all users* $ openstack user list --domain <DOMAIN_NAME>
List Identity service catalog $ openstack catalog list
List endpoints* $ openstack endpoint list
List projects* $ openstack project list
List existing roles* $ openstack role list

Images (glance)

Used to manage VM images.

Action Command
List images you can access $ openstack image list
Delete specified image $ openstack image delete <IMAGE>
Describe a specific image $ openstack image show <IMAGE>
Update image $ openstack image set <IMAGE>
Upload kernel image $ openstack image create <IMAGE> \
--disk-format aki \
--container-format aki \
--private --file <FILEPATH>
Upload RAM image $ openstack image create "cirros-threepart-ramdisk" \
--disk-format ari \
--container-format ari \
--private \
--file <FILEPATH>
Upload three-part image $ openstack image create <IMAGE> \
--disk-format ami \
--container-format ami \
--property kernel_id=$KID-property ramdisk_id=$RID \
--private \
--file <FILEPATH>
Register raw image $ openstack image create <IMAGE> \
--disk-format raw \
--container-format bare \
--private \
--file <FILEPATH>

Compute (nova)

Used to manage compute resources, like instances and snapshots.

Action Command
List instances, check status of instance $ openstack server list
List images $ openstack image list
List flavors $ openstack flavor list
Log in to instance (Linux) # ip netns
# ip netns exec <NETNS_NAME> ssh <USER@SERVER>
Log in to instance (SSH) $ ssh -i <KEY_FILE> <USER@SERVER>
Show details of instance $ openstack server show <INSTANCE>
View console log of instance $ openstack console log show <INSTANCE>
Set metadata on an instance $ openstack server set <INSTANCE> \
--property newmeta='new meta data'
Create an instance snapshot $ openstack server image create <INSTANCE>\
--name <SNAPSHOT>
Verify instance snapshot $ openstack image show <SNAPSHOT>

Boot an instance using unique flavor and image names:

$ openstack server create <INSTANCE> \
   --image <IMAGE> 
   --flavor <FLAVOR>

Managing an Instance

Action Command
Pause* $ openstack server pause <INSTANCE>
Unpause $ openstack server unpause <INSTANCE>
Suspend* $ openstack server suspend <INSTANCE>
Unsuspend $ openstack server resume <INSTANCE>
Stop* $ openstack server stop <INSTANCE>
Start $ openstack server start <INSTANCE>
Rescue $ openstack server rescue <INSTANCE>
NoteRescue is not supported for volume-backed instances.
Resize $ openstack server resize <INSTANCE> -- flavor <FLAVOR>
Rebuild $ openstack server rebuild <INSTANCE> --image <IMAGE>
Reboot $ openstack server reboot <INSTANCE>

Inject user data and files into an instance:

$ openstack server create --user-data <FILE> <INSTANCE>
$ openstack server create MyUserdataInstance2 \
   --user-data userdata.txt \
   --image cirros-qcow2 \
   --flavor m1.tiny 

To verify that the file was injected, use ssh to connect to the instance and look in /var/lib/cloud for the file.

Inject a keypair into an instance and access the instance with that keypair:

  • Create a keypair.
$ openstack keypair create <KEY> > test.pem
$ chmod 600 test.pem
  • Start an instance (boot).
$ openstack server create <INSTANCE> \
   --image <IMAGE> \
   --flavor <FLAVOR> \
   --key-name <KEY> 
  • Use ssh to connect to the instance.
$ ssh -i test.pem <USER@SERVER>

Manage Security Groups

Action Command
List security groups $ openstack security group list
List rules for the security group $ openstack security group rule list
Create rule for the default security group $ openstack security group rule create default \
--protocol <PROTOCOL> \
--remote-group default \

Networking (neutron)

Used to manage networks and networking components.

Action Command
Create network $ openstack network create <NETWORK_NAME>
Create a subnet $ openstack subnet create <SUBNET_NAME> --network <NETWORK_NAME> --subnet-pool <CIDR>

Block Storage (cinder)

Used to manage volumes and volume snapshots that attach to instances.

Action Command
Create a new volume $ openstack volume create <VOLUME> -- size <SIZE_IN_GB>
List volumes, notice status of volume $ openstack volume list
List volume types $ openstack volume type list

If you have Ceph or NFS storage available, you can boot an instance and attach a volume. Attach a volume to an instance after the instance becomes active and a volume is available.

$ openstack server add volume <SERVER_NAME> <VOLUME>

Manage Volumes after Logging in to the Instance

Action Command
List storage devices # fdisk -l
Make filesystem on volume # mkfs.ext3 /dev/vdb
Create a mountpoint # mkdir /myspace
Mount the volume at the mountpoint # mount /dev/vdb /myspace
Create a file on the volume # touch /myspace/helloworld.txt
# ls /myspace
Unmount the volume # umount /myspace