Openstack CLI

There are many options and tools for using the OpenStack API from the command line. Follow the instructions in the table below to set up a security policy and network, launch and manage a VM and then remove the entire structure.

Note: There is also an API tutorial that the Jetstream team uses here: Jetstream API Tutorial - this tutorial goes into greater detail on some topics and may be of value to those learning the Openstack CLI.


  • You should be running the latest version of the clients. We recommend using python-openstack >= 4.0 as it uses Python3 and removes the dependencies on the now deprecated Python2.
  • It is possible to create entities with the same name; e.g. you could create two networks with the same name; however, they will have different UUIDs. When this occurs you may get a cryptic error message about that entity may not exist or some other baffling error. In this case, you must address the entity by its UUID.
  • In the examples below we often use ${OS_USERNAME}-api-whatnot to name an entity. We do this so that a first time user could more or less cut and paste the example and create a working instance that is unique to you and to distinguish from other users in your project.
  • It is important to understand that everything is owned by the project. Other users in your project can see and manipulate entities that you have created. Be careful in your naming and pay attention to the things you are manipulating.

The first thing you’ll need to do before being able to do any CLI commands is source the openrc file you created. {Add Link here}

source openrc-file-name

You can also make the output look nicer in your terminal with the –fit-width option:

openstack image show JS-API-Featured-Centos7-Latest --fit-width

You can make that permanent by adding the following to your environment.


Create a security group
(Do this once at IU and/or TACC
before launching instances)
Command line
Create a security group that will enable
inbound ping & SSH.

For more info see, SecurityGroups

Note: On OpenStack, the default is that
NO ports are open versus the traditional all
ports are open unless specifically closed. For this
reason,a security group must be established
and the SSH port opened in order to allow login.
openstack security group create --description "ssh & icmp enabled" ${OS_USERNAME}-global-ssh

openstack security group rule create --protocol tcp --dst-port 22:22 --remote-ip ${OS_USERNAME}-global-ssh

openstack security group rule create --protocol icmp ${OS_USERNAME}-global-ssh
Upload SSH key - do this once
If you have an SSH key upload id_rsa & to nova

Note: Key filenames may vary
cd ~/.ssh

openstack keypair create --public-key ${OS_USERNAME}-api-key
If you don’t have an SSH key then create a new
key and upload to nova.
ssh-keygen -b 2048 -t rsa -f ${OS_USERNAME}-api-key -P ""

openstack keypair create --public-key ${OS_USERNAME} ${OS_USERNAME}-api-key
Setup the network - do this once
Create a private network openstack network create ${OS_USERNAME}-api-net
Verify that the private network was created openstack network list
Create a subnet within the private network
openstack subnet create --network ${OS_USERNAME}-api-net --subnet-range ${OS_USERNAME}-api-subnet1
Verify that subnet was created openstack subnet list
Create a router openstack router create ${OS_USERNAME}-api-router
Connect the newly created subnet to the router openstack router add subnet ${OS_USERNAME}-api-router ${OS_USERNAME}-api-subnet1
Connect the router to the gateway named
openstack router set --external-gateway public ${OS_USERNAME}-api-router
Verify that the router has been connected to the
openstack router show ${OS_USERNAME}-api-router
Create and launch a VM OpenStack Command
See what flavors (sizes) are available openstack flavor list
See what Images are available for API use
The Jetstream team makes JS-API-Featured *
images available from which to build.
openstack image list --limit 1000
Create and boot an instance

1. Make sure your SSH keyname matches.
2. ${OS_USERNAME}-api-u-1 is the name of the
instance; make it something meaningful for you.
openstack server create ${OS_USERNAME}-api-U-1 \
--flavor m1.tiny \
--image IMAGE-NAME \
--key-name ${OS_USERNAME}-api-key \
--security-group ${OS_USERNAME}-global-ssh \
--nic net-id=${OS_USERNAME}-api-net
Create a public IP address for an instance openstack floating ip create public
Add that public IP address with that instance openstack server add floating ip ${OS_USERNAME}-api-U-1
Things to do once the instance is running
You’re ready to log in to the running instance
via ssh’ing into public IP
ssh -i ${OS_USERNAME}-api-key


ssh -i ${OS_USERNAME}-api-key
Reboot, suspend, stop, or shelve an instance openstack server reboot ${OS_USERNAME}-api-U-1
openstack server suspend ${OS_USERNAME}-api-U-1
openstack server stop ${OS_USERNAME}-api-U-1
openstack server shelve ${OS_USERNAME}-api-U-1
Commands to clean up what was created above
Remove the public IP address from the instance openstack server remove floating ip ${OS_USERNAME}-api-U-1
Delete an instance openstack server delete ${OS_USERNAME}-api-U-1
Return the public IP address to the pool of IP numbers openstack floating ip delete
Clean up commands for other entities. Note: You often want to create infrastructure such as networks, subnets, routers, etc.
only once and not delete them. These entities are reusable by all members of your project.
Disconnect the router from the gateway openstack router unset --external-gateway ${OS_USERNAME}-api-router
Delete the subnet from the router openstack router remove subnet ${OS_USERNAME}-api-router ${OS_USERNAME}-api-subnet1
Delete the router openstack router delete ${OS_USERNAME}-api-router