OpenStack-Notes

From S23Wiki
Jump to: navigation, search

These are some brief notes on how to administrate Openstack and its diffrent componants

I have made these notes while going through the Pluralsite course and using a simple Packstack. Packstack is an all-in-one openstack installer developed by the "Red Hat Deployment of Openstack" project you can find it here [1]


Contents

Getting packstack going

Get a CentOS VM built then run the below

systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network
systemctl start network
yum update
yum install epel-release
yum install vim bash-completion bash-completion-extras yum-utils
yum update
yum install -y centos-release-openstack-queens
yum install -y openstack-packstack


Client

user files

After a Packstack install you will be left with tow "user rc files" , thse are file which will set a number of environmantal var's needed to operate the openstack commands, these are thinmgs like the url for the API, your user name / password. One of the files is for the admin user / tenant the other for the Demo user / tenant

keystonerc_admin
keystonerc_demo

you can generate these files from the Horizon GUI in future, log in with the user you want the RC file for then go to "Projecti" -> "API Access" and then "Download Openstack RC File"


Copy / paste

[Ctrl] +Insert
[Sift] +insert

bash_completion

Centos and the bash_compleation package does not include completion for openstack client but luckally the openstack client will generate one for us (it will not complete componant names just the commands and options)

# openstack complete > /etc/bash_completion.d/openstack_client.bash_completion

Or add the compleation to your user script:

# openstack complete >> keystone_admin

Bugs

RabbtMQ Failing

RabbitMQ was having issues with connections timeing out this stopped the compute node starting, looks like it was a DNS issue possibly related to

https://bugzilla.redhat.com/show_bug.cgi?id=1098821


Services

Service are the componants that make up an Openstack, things like "compute", "network", "identity"

List Services

 # openstack service list
 +----------------------------------+------------+--------------+
 | ID                               | Name       | Type         |
 +----------------------------------+------------+--------------+
 | 055116cfd5bc4b22ae247785731bf79b | cinderv2   | volumev2     |
 | 4802fa7b90b64f48a307c2c3ce547a7a | aodh       | alarming     |
 | 7f11132e44c0407a836b43cbcbaebf1c | cinderv3   | volumev3     |
 | 80911a96f0404d4d850aed70fa0d52e7 | gnocchi    | metric       |
 | 9cf1cc9b7aff49cd80e8aeb484b9a7f6 | nova       | compute      |
 | a921c733a6a14c98991538228c68cb41 | cinder     | volume       |
 | b9dfc3940b1c4bf3b0cdd78a97b596d9 | keystone   | identity     |
 | bfafe90664ba4c93b29b7d28e82e892d | swift      | object-store |
 | cc52c062ed494df2bda1510427aa2900 | neutron    | network      |
 | cdc4413d3d82408c8edc21180bd19b39 | placement  | placement    |
 | f511a3a68b36418fb48358f61ada14b7 | ceilometer | metering     |
 | f89ded59740e496885c3c9d1ae8a34c5 | glance     | image        |
 +----------------------------------+------------+--------------+

Endpoints

The Actual network endpoints for Services, there will be mutiple endpoints per service as "admin", "internal", "public" can be set to have diffrent Endpoints

List Endpoints

 [root@centos-packstack-2 ~(keystone_admin)]# openstack endpoint list
 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------------+
 | ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                           |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------------+
 | 0395d8e140514517910b4caa13a6ddff | RegionOne | cinderv2     | volumev2     | True    | admin     | http://192.168.5.5:8776/v2/%(tenant_id)s      |
 | 08ff07935dfc4a548dd97d58e0cf0f8b | RegionOne | cinderv2     | volumev2     | True    | internal  | http://192.168.5.5:8776/v2/%(tenant_id)s      |
 | 1bca41d4526a48ffaaace44efc82550b | RegionOne | nova         | compute      | True    | admin     | http://192.168.5.5:8774/v2.1/%(tenant_id)s    |
 | 21502bbc8d494e20a5d7123c3413e83c | RegionOne | gnocchi      | metric       | True    | admin     | http://192.168.5.5:8041                       |
 | 253d9febf72e4baa91df628fbe0be344 | RegionOne | swift        | object-store | True    | internal  | http://192.168.5.5:8080/v1/AUTH_%(tenant_id)s |
 | 2667bc5e46c04c4f93c1df057e219990 | RegionOne | gnocchi      | metric       | True    | public    | http://192.168.5.5:8041                       |
 | 3c8e8a6731a040f29e2c4355fb0753fc | RegionOne | glance       | image        | True    | internal  | http://192.168.5.5:9292                       |
 | 4e5e82b421e04416b1d550503eba641b | RegionOne | keystone     | identity     | True    | public    | http://192.168.5.5:5000/v3                    |
 | 552f9950326c4e7e9ecd17ddfa37f55f | RegionOne | aodh         | alarming     | True    | internal  | http://192.168.5.5:8042                       |
 | 57578d446b5f4ebeb100ba55c07977df | RegionOne | cinder       | volume       | True    | internal  | http://192.168.5.5:8776/v1/%(tenant_id)s      |
 | 58691a63caf14ed8ab5e8942f1d9e431 | RegionOne | neutron      | network      | True    | admin     | http://192.168.5.5:9696                       |
 | 60f7774ca7a14dbaaa6b089c6b2dec74 | RegionOne | aodh         | alarming     | True    | admin     | http://192.168.5.5:8042                       |
 | 66129c3a33f64f98992e6f37575fc267 | RegionOne | placement    | placement    | True    | internal  | http://192.168.5.5:8778/placement             |
 | 6db2e27c7e8241f4ad4bcb4c6149e57b | RegionOne | ceilometer   | metering     | True    | public    | http://192.168.5.5:8777                       |
 | 7028787f383641988f392d7456090470 | RegionOne | glance       | image        | True    | public    | http://192.168.5.5:9292                       |
 | 73168fff55764d33a17f7b64bce29383 | RegionOne | neutron      | network      | True    | internal  | http://192.168.5.5:9696                       |
 | 7a2728f64db7402bad7cdf912e856042 | RegionOne | nova         | compute      | True    | internal  | http://192.168.5.5:8774/v2.1/%(tenant_id)s    |
 | 7d8aa0d28e294408a5006f3a1ce67db7 | RegionOne | ceilometer   | metering     | True    | internal  | http://192.168.5.5:8777                       |
 | 8b1e7f8618e446e685efecc5bb82cf82 | RegionOne | cinderv2     | volumev2     | True    | public    | http://192.168.5.5:8776/v2/%(tenant_id)s      |
 | 947c06c298954b82be0841ca42e0c619 | RegionOne | neutron      | network      | True    | public    | http://192.168.5.5:9696                       |
 | 9ad866b40de346738a0766a2edce01ce | RegionOne | swift        | object-store | True    | admin     | http://192.168.5.5:8080/v1/AUTH_%(tenant_id)s |
 | 9eaad79c002240b29d9be94b6af09c22 | RegionOne | cinderv3     | volumev3     | True    | internal  | http://192.168.5.5:8776/v3/%(tenant_id)s      |
 | a674b5760320441aa26cc7750a60ea56 | RegionOne | gnocchi      | metric       | True    | internal  | http://192.168.5.5:8041                       |
 | aced3f19bd19438890433cf5c05cfe8d | RegionOne | cinder       | volume       | True    | admin     | http://192.168.5.5:8776/v1/%(tenant_id)s      |
 | aced480eeaa647d7949f8a52972b4262 | RegionOne | nova         | compute      | True    | public    | http://192.168.5.5:8774/v2.1/%(tenant_id)s    |
 | b5f17cbe66a84ef09b56df4960c8c1b8 | RegionOne | aodh         | alarming     | True    | public    | http://192.168.5.5:8042                       |
 | b9451246c7904fa38878fbd0f77077e6 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.5.5:5000/v3                    |
 | c96bcc943f9c426fbd2d56869c1e71a9 | RegionOne | swift        | object-store | True    | public    | http://192.168.5.5:8080/v1/AUTH_%(tenant_id)s |
 | e07445939ac44a62818903dfa093a7c6 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.5.5:35357/v3                   |
 | e62018d6b4c54a55ba8e3b8de4db9ff3 | RegionOne | cinderv3     | volumev3     | True    | admin     | http://192.168.5.5:8776/v3/%(tenant_id)s      |
 | e705b9ad9c554f89a1d266fb850f369d | RegionOne | placement    | placement    | True    | admin     | http://192.168.5.5:8778/placement             |
 | e80a37dcd07049f6886d97babcfe0924 | RegionOne | glance       | image        | True    | admin     | http://192.168.5.5:9292                       |
 | ee434b39edde4c2d8f89ffcc0f6a3316 | RegionOne | placement    | placement    | True    | public    | http://192.168.5.5:8778/placement             |
 | f754f0bdbf2a4325916c5fc176a8848a | RegionOne | cinderv3     | volumev3     | True    | public    | http://192.168.5.5:8776/v3/%(tenant_id)s      |
 | fbc5c3b094684ad3a386f895aedbd8b4 | RegionOne | ceilometer   | metering     | True    | admin     | http://192.168.5.5:8777                       |
 | fc7d678009074460acc1d7dc086a22e6 | RegionOne | cinder       | volume       | True    | public    | http://192.168.5.5:8776/v1/%(tenant_id)s      |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------------+


Keystone

Keystone is our Idenitity service

Nova / Compute

nova is the compute stack there is a service on the controler node and on the compute nodes It will manage a Hyperviser It hosts a service to allow console access to VM's

Endpoint / port

Nova runs on port 8774

http://192.168.5.5:8774/v2.1/%(tenant_id)s
 # openstack endpoint list --service compute
 +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
 | ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                        |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
 | 1bca41d4526a48ffaaace44efc82550b | RegionOne | nova         | compute      | True    | admin     | http://192.168.5.5:8774/v2.1/%(tenant_id)s |
 | 7a2728f64db7402bad7cdf912e856042 | RegionOne | nova         | compute      | True    | internal  | http://192.168.5.5:8774/v2.1/%(tenant_id)s |
 | aced480eeaa647d7949f8a52972b4262 | RegionOne | nova         | compute      | True    | public    | http://192.168.5.5:8774/v2.1/%(tenant_id)s |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+


Restart the daemons

Each nova service runs as a process on the node

Controler node

 systemctl restart openstack-nova-api.service
 systemctl restart openstack-nova-conductor.service      # Managed access to the DB
 systemctl restart openstack-nova-consoleauth.service
 systemctl restart openstack-nova-novncproxy.service
 systemctl restart openstack-nova-scheduler.service

Compute node

 systemctl restart openstack-nova-compute.service      # Manages libvert/hyperviser (one of these process per compute node)

Logs

# tail -f /var/log/nova/*.log

List VM

#nova list
#openstack server list


Config files

The main Nova config file this has options for things such as "virt_type": "=qemu" or "=kms"

/etc/nova/nova.conf


A config file per Instance:

/etc/libvirt/qemu/instance-00000001.xml

Scheduler

Filter Scheduler and weighting is used to chose which Compute node a VM should be deployed to

[2]

flavor

A Flavor is a template for VM Hardware , consisting of "Ram, Disk, VCPU, ..."

List Flavor

# openstack flavor list
#
+----+----------------+-------+------+-----------+-------+-----------+
| ID | Name           |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------------+-------+------+-----------+-------+-----------+
| 1  | m1.nano        |   128 |    0 |         0 |     1 | True      |
| 2  | m1.small       |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium      |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large       |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge      | 16384 |  160 |         0 |     8 | True      |
| 6  | m1.tiny        |   128 |    0 |         0 |     1 | True      |
| 7  | m1.award.tiny1 |   256 |    0 |         0 |     1 | True      |
| 8  | m1.award.tiny2 |   512 |    0 |         0 |     1 | True      |
+----+----------------+-------+------+-----------+-------+-----------+

Show Flavor

 # openstack flavor show m1.nano
 +----------------------------+---------+
 | Field                      | Value   |
 +----------------------------+---------+
 | OS-FLV-DISABLED:disabled   | False   |
 | OS-FLV-EXT-DATA:ephemeral  | 0       |
 | access_project_ids         | None    |
 | disk                       | 0       |
 | id                         | 1       |
 | name                       | m1.nano |
 | os-flavor-access:is_public | True    |
 | properties                 |         |
 | ram                        | 128     |
 | rxtx_factor                | 1.0     |
 | swap                       |         |
 | vcpus                      | 1       |
 +----------------------------+---------+


Filtering

Filters are used to chose which host a VM is depoyed to

DC Seggeration

Regions

Avaliability Zones

HA Host Aggregates

Neutron / Networking

Neutron is comonaly used as the networking stack

It manages things such as Networking, DHCP, LBaaS, FWaaS, VM Firewall rules

Security Groups are the VM level Firewall Firewall As a Service (FWaaS) lives on the tenant Router LoadBalancer As a Service (LBaaS)

Endpoint / ports

neutron runs on port 9696

 # openstack endpoint list --service network
 +----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------+
 | ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                     |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------+
 | 58691a63caf14ed8ab5e8942f1d9e431 | RegionOne | neutron      | network      | True    | admin     | http://192.168.5.5:9696 |
 | 73168fff55764d33a17f7b64bce29383 | RegionOne | neutron      | network      | True    | internal  | http://192.168.5.5:9696 |
 | 947c06c298954b82be0841ca42e0c619 | RegionOne | neutron      | network      | True    | public    | http://192.168.5.5:9696 |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------+

Packages

Controler

 openstack-neutron-ml2
 python-neutron
 openstack-neutron-openvswitch
 python2-neutronclient
 puppet-neutron
 python2-neutron-lib
 openstack-neutron
 openstack-neutron-metering-agent
 openstack-neutron-common
 conntrack

Processes

Controler

 /bin/neutron-ns-metadata-proxy
 neutron-rootwrap
 neutron-rootwrap-daemon
 /usr/bin/neutron-dhcp-agent
 /usr/bin/neutron-l3-agent
 /usr/bin/neutron-lbaasv2-agent
 /usr/bin/neutron-metadata-agent
 /usr/bin/neutron-metering-agent
 /usr/bin/neutron-openvswitch-agent
 /usr/bin/neutron-rootwrap
 /usr/bin/neutron-rootwrap-daemon
 /usr/bin/neutron-server

logs

# tail -fn0 /var/log/nova/nova-compute.log

Config

Controler Files

/etc/neutron/neutron.comf
/etc/neutron/plugins/ml2/ml2_conf.ini
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/neutron/dhcp_agent.ini
/etc/neutron/metadata_agent.ini
/etc/nava/nova.conf

Compute Files

/etc/neutron/neutron.comf
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/nava/nova.conf

Links

https://wiki.openstack.org/wiki/OpsGuide-Network-Troubleshooting

Networks

Networks are the building blocks Also known as a "Logical Network" (maybe like a vxlan)

List Networks

# openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 536ae278-2ebd-4cb5-a8c2-3ff8f7e2e1c8 | public  | c3548279-4b1a-42b1-813e-b68349644872 |
| bc364599-1e66-4977-9108-58f6ff984578 | private | a2ccdc69-8740-437f-9dea-c327c4e776db |
+--------------------------------------+---------+--------------------------------------+

Show networks

# openstack network show bc364599-1e66-4977-9108-58f6ff984578
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2018-05-24T16:53:53Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | bc364599-1e66-4977-9108-58f6ff984578 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1450                                 |
| name                      | private                              |
| port_security_enabled     | True                                 |
| project_id                | f2c27d60c1d2415389f47d5fe57ab295     |
| provider:network_type     | vxlan                                |
| provider:physical_network | None                                 |
| provider:segmentation_id  | 13                                   |
| qos_policy_id             | None                                 |
| revision_number           | 3                                    |
| router:external           | Internal                             |
| segments                  | None                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | a2ccdc69-8740-437f-9dea-c327c4e776db |
| tags                      |                                      |
| updated_at                | 2018-05-24T16:53:55Z                 |
+---------------------------+--------------------------------------+


Subnets

The Actual ip networks they live in a "network"

List subnets

# openstack subnet list
+--------------------------------------+----------------+--------------------------------------+---------------+
| ID                                   | Name           | Network                              | Subnet        |
+--------------------------------------+----------------+--------------------------------------+---------------+
| a2ccdc69-8740-437f-9dea-c327c4e776db | private_subnet | bc364599-1e66-4977-9108-58f6ff984578 | 10.0.0.0/24   |
| c3548279-4b1a-42b1-813e-b68349644872 | public_subnet  | 536ae278-2ebd-4cb5-a8c2-3ff8f7e2e1c8 | 172.24.4.0/24 |
+--------------------------------------+----------------+--------------------------------------+---------------+

show subnet

# openstack subnet show a2ccdc69-8740-437f-9dea-c327c4e776db
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 10.0.0.2-10.0.0.254                  |
| cidr              | 10.0.0.0/24                          |
| created_at        | 2018-05-24T16:53:55Z                 |
| description       |                                      |
| dns_nameservers   |                                      |
| enable_dhcp       | True                                 |
| gateway_ip        | 10.0.0.1                             |
| host_routes       |                                      |
| id                | a2ccdc69-8740-437f-9dea-c327c4e776db |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | private_subnet                       |
| network_id        | bc364599-1e66-4977-9108-58f6ff984578 |
| project_id        | f2c27d60c1d2415389f47d5fe57ab295     |
| revision_number   | 0                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2018-05-24T16:53:55Z                 |
+-------------------+--------------------------------------+

Create sunbet

Create a new subnet

# openstack subnet create --network public --allocation-pool start=192.168.5.100,end=192.168.5.150 --dns-nameserver 10.144.248.101 --gateway 192.168.5.1 --subnet-range 192.168.5.1/24 public_subnet_2

List name spaces

# ip nets
qrouter-a2fdc6a4-dc6d-437c-9828-7ee428e30654 (id: 2)
qdhcp-9c081890-46c7-4a83-b4f3-182b8a06b50d (id: 0)
qdhcp-5c81ac1f-a6e4-4553-89d0-09fac6a1ed3d (id: 1)


# ip netns exec qdhcp-5c81ac1f-a6e4-4553-89d0-09fac6a1ed3d ip a
11: tap613453a6-27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
   link/ether fa:16:3e:1a:9a:cf brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.2/24 brd 10.0.0.255 scope global tap613453a6-27
      valid_lft forever preferred_lft forever
   inet6 fe80::f816:3eff:fe1a:9acf/64 scope link 
      valid_lft forever preferred_lft forever


Router

routers route between subnets


Create a router

# openstack router create vnfrouter
 +-------------------------+--------------------------------------+
 | Field                   | Value                                |
 +-------------------------+--------------------------------------+
 | admin_state_up          | UP                                   |
 | availability_zone_hints |                                      |
 | availability_zones      |                                      |
 | created_at              | 2019-01-22T10:57:48Z                 |
 | description             |                                      |
 | distributed             | False                                |
 | external_gateway_info   | null                                 |
 | flavor_id               | None                                 |
 | ha                      | False                                |
 | headers                 |                                      |
 | id                      | 507bf0a0-a155-432b-85b6-b65cf4d2abc1 |
 | name                    | vnfrouter                            |
 | project_id              | 5aae0d0b07ba437f85c0e80a7d26cce2     |
 | project_id              | 5aae0d0b07ba437f85c0e80a7d26cce2     |
 | revision_number         | 3                                    |
 | routes                  |                                      |
 | status                  | ACTIVE                               |
 | updated_at              | 2019-01-22T10:57:48Z                 |
 +-------------------------+--------------------------------------+

Add subnets to router

 # openstack router add subnet vnfrouter managment_subnet
 # openstack router add subnet vnfrouter traffic_subnet

Set / unset external gateway on a router

# openstack router unset --external-gateway  router1
# openstack router set --external-gateway public router1
# neutron router-gateway-set vnfrouter public
Set gateway for router vnfrouter


list routers

#openstack router list
 +--------------------------------------+---------+--------+-------+-------------+-------+----------------------------------+
 | ID                                   | Name    | Status | State | Distributed | HA    | Project                          |
 +--------------------------------------+---------+--------+-------+-------------+-------+----------------------------------+
 | a2fdc6a4-dc6d-437c-9828-7ee428e30654 | router1 | ACTIVE | UP    | False       | False | 5bee792c019d4e95978e1633a8fb0466 |
 +--------------------------------------+---------+--------+-------+-------------+-------+----------------------------------+

Show router

# openstack router show router1
 # openstack router show vnfrouter
 +-------------------------+----------------------------------------------------------------------------------------------------------+
 | Field                   | Value                                                                                                    |
 +-------------------------+----------------------------------------------------------------------------------------------------------+
 | admin_state_up          | UP                                                                                                       |
 | availability_zone_hints |                                                                                                          |
 | availability_zones      | nova                                                                                                     |
 | created_at              | 2019-01-22T10:57:48Z                                                                                     |
 | description             |                                                                                                          |
 | distributed             | False                                                                                                    |
 | external_gateway_info   | {"network_id": "7ba11796-e8b5-41a4-9439-c0091b9a43f7", "enable_snat": true, "external_fixed_ips":        |
 |                         | [{"subnet_id": "a03d97e6-341c-489a-b479-fe61fd85faa1", "ip_address": "172.24.4.230"}]}                   |
 | flavor_id               | None                                                                                                     |
 | ha                      | False                                                                                                    |
 | id                      | 507bf0a0-a155-432b-85b6-b65cf4d2abc1                                                                     |
 | name                    | vnfrouter                                                                                                |
 | project_id              | 5aae0d0b07ba437f85c0e80a7d26cce2                                                                         |
 | project_id              | 5aae0d0b07ba437f85c0e80a7d26cce2                                                                         |
 | revision_number         | 8                                                                                                        |
 | routes                  |                                                                                                          |
 | status                  | ACTIVE                                                                                                   |
 | updated_at              | 2019-01-22T11:00:55Z                                                                                     |
 +-------------------------+----------------------------------------------------------------------------------------------------------+

List ports on a router

 # openstack port list --router vnfrouter
 +--------------------------------------+------+-------------------+----------------------------------------------------+
 | ID                                   | Name | MAC Address       | Fixed IP Addresses                                 |
 +--------------------------------------+------+-------------------+----------------------------------------------------+
 | 56ee394a-23a0-413e-bb54-1e296bd85eaf |      | fa:16:3e:75:9a:3f | ip_address='172.24.4.230', subnet_id='a03d97e6     |
 |                                      |      |                   | -341c-489a-b479-fe61fd85faa1'                      |
 | 86dadfba-02e1-4ed9-9bbe-d998e1372e80 |      | fa:16:3e:f4:ad:ed | ip_address='192.168.200.1', subnet_id='2c5224ba-   |
 |                                      |      |                   | 7a95-4380-a0f2-dcdb1eeecdfe'                       |
 | bb5c1b9d-fbf1-491a-89b2-2f082d8c9ad5 |      | fa:16:3e:d8:5a:e0 | ip_address='192.168.100.1',                        |
 |                                      |      |                   | subnet_id='0f1a9a0b-0765-42f9-8aa7-3bc20360d4b6'   |
 +--------------------------------------+------+-------------------+----------------------------------------------------+


list routers logicaly

Opensack routers are virtual networking devices, you can list them nativle in linux

# ip netns
 qrouter-a2fdc6a4-dc6d-437c-9828-7ee428e30654 (id: 2)
 qdhcp-5c81ac1f-a6e4-4553-89d0-09fac6a1ed3d (id: 1)
 qdhcp-9c081890-46c7-4a83-b4f3-182b8a06b50d (id: 0)

here you can see the virtual network device ID matched up with the ID we got from the openstack router list command

Ping device on logical network

Like with listing routers we can use native Linux commands to get more info or ping devices on a locical router

 # ip netns exec qrouter-a2fdc6a4-dc6d-437c-9828-7ee428e30654 ping 10.0.0.7
 PING 10.0.0.7 (10.0.0.7) 56(84) bytes of data.

you can run other native linux network commands this way too

 # ip netns exec qrouter-a2fdc6a4-dc6d-437c-9828-7ee428e30654 arp -an
 ? (10.0.0.7) at fa:16:3e:56:90:0b [ether] on qr-5c201cde-c8
 ip netns exec qrouter-a2fdc6a4-dc6d-437c-9828-7ee428e30654 ip -o addr
 1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
 1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
 16: qr-5c201cde-c8    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-5c201cde-c8\       valid_lft forever preferred_lft forever

ssh to a VM via localcal network

 # ip netns exec qrouter-a2fdc6a4-dc6d-437c-9828-7ee428e30654 ssh cirros@10.0.0.7

bridges

Controler node

neutron-L3

br-ex

Tenant Router DNAT to Public IP's

Computer node

neutron-L2 agent

br-int

Glange / Images

The image service used most often is "Glance", Images being an OS

Endpoint / Ports

The glance endpoint runs on port 9292

http://localhost:9292

Config files

/etc/glance/glance-api.conf
/etc/glance/glance-registry.conf
grep -Ev "^\#|^$" /etc/glance/glance-api.conf

Service

# service glance-registry restart
# service glance-api restart

Add Image to store

# openstack image create --...
# openstack image create --file cirros-0.4.0-x86_64-disk.img --public --disk-format qcow2 --container-format bare cirros4

List Images

# openstack image list
 +--------------------------------------+---------+--------+
 | ID                                   | Name    | Status |
 +--------------------------------------+---------+--------+
 | f13c681f-7705-4e1c-a766-a7d2b71253ac | cirros  | active |
 | c111b80c-4556-4bbd-866f-61a8160ab786 | cirros4 | active |
 +--------------------------------------+---------+--------+

Show detales about an image

 # openstack image show c111b80c-4556-4bbd-866f-61a8160ab786
 +------------------+------------------------------------------------------+
 | Field            | Value                                                |
 +------------------+------------------------------------------------------+
 | checksum         | 443b7623e27ecf03dc9e01ee93f67afe                     |
 | container_format | bare                                                 |
 | created_at       | 2018-06-15T10:59:43Z                                 |
 | disk_format      | qcow2                                                |
 | file             | /v2/images/c111b80c-4556-4bbd-866f-61a8160ab786/file |
 | id               | c111b80c-4556-4bbd-866f-61a8160ab786                 |
 | min_disk         | 0                                                    |
 | min_ram          | 0                                                    |
 | name             | cirros4                                              |
 | owner            | f12dc93872584e7c8539a04251b35b82                     |
 | protected        | False                                                |
 | schema           | /v2/schemas/image                                    |
 | size             | 12716032                                             |
 | status           | active                                               |
 | tags             |                                                      |
 | updated_at       | 2018-06-15T10:59:43Z                                 |
 | virtual_size     | None                                                 |
 | visibility       | public                                               |
 +------------------+------------------------------------------------------+


Image location

As in the glance-api.conf file value "filesystem_store_datadir" a standard location for imported image files is:

/var/lib/glance/images/

Images can also be stored in Swift

Cirros Image

an example image is Cirros (a minamal OS )

http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

Horizon

The dashboard

Packages

openstack-dashboard

System Service

service apache2 reload
# systemctl restart httpd.service


Configuration

/etc/openstack-dashboard/local_setting

URL

http://server/dashboard
http://centos-packstack-2.keddienet:5280/dashboard/

Cinder

Volume storage system (e.g. managing extra disks on VM's)

Endpoint / ports

 # openstack endpoint list --service cinder
 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
 | ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                      |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
 | 57578d446b5f4ebeb100ba55c07977df | RegionOne | cinder       | volume       | True    | internal  | http://192.168.5.5:8776/v1/%(tenant_id)s |
 | aced3f19bd19438890433cf5c05cfe8d | RegionOne | cinder       | volume       | True    | admin     | http://192.168.5.5:8776/v1/%(tenant_id)s |
 | fc7d678009074460acc1d7dc086a22e6 | RegionOne | cinder       | volume       | True    | public    | http://192.168.5.5:8776/v1/%(tenant_id)s |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+


Packages

Controler

cinder-api
cinder-scheduler

Server

lvm2
cinder-volumes
tgt (iscsi)


Configuration

Controler

/etc/cinder/cinder.conf
/etc/nova/nova.conf
[cinder]\nos_region_name = RegionOne

Server

/etc/cinder/cinder.conf
/etc/lvm/lvm.conf
filter [ "a/sda/", "a/sdb/", "r/.*" ] # allow sda, sdb: Reject others
On Compute node we need to do this filter too

Openstack Services

 # cinder service-list
 +------------------+----------------------------------+------+---------+-------+----------------------------+-----------------+
 | Binary           | Host                             | Zone | Status  | State | Updated_at                 | Disabled Reason |
 +------------------+----------------------------------+------+---------+-------+----------------------------+-----------------+
 | cinder-backup    | centos-packstack-2.keddienet     | nova | enabled | up    | 2018-06-20T14:42:51.000000 | -               |
 | cinder-scheduler | centos-packstack-2.keddienet     | nova | enabled | up    | 2018-06-20T14:42:53.000000 | -               |
 | cinder-volume    | centos-packstack-2.keddienet@lvm | nova | enabled | up    | 2018-06-20T14:42:51.000000 | -               |
 +------------------+----------------------------------+------+---------+-------+----------------------------+-----------------+

List Volumes

 # openstack volume list
 +--------------------------------------+----------+-----------+------+-------------+
 | ID                                   | Name     | Status    | Size | Attached to |
 +--------------------------------------+----------+-----------+------+-------------+
 | a45cb5d8-4b80-4651-9dca-d97ab246d108 | testVol1 | available |    1 |             |
 +--------------------------------------+----------+-----------+------+-------------+
 # lsblk
 NAME                                                                   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                                                                      8:0    0 23.6G  0 disk
 ├─sda1                                                                   8:1    0    1G  0 part /boot
 └─sda2                                                                   8:2    0 22.6G  0 part
   ├─centos-root                                                        253:0    0 20.3G  0 lvm  /
   └─centos-swap                                                        253:1    0  2.4G  0 lvm  [SWAP]
 sr0                                                                     11:0    1 1024M  0 rom
 loop0                                                                    7:0    0    2G  0 loop /srv/node/swiftloopback
 loop1                                                                    7:1    0 20.6G  0 loop
 ├─cinder--volumes-cinder--volumes--pool_tmeta                          253:2    0   20M  0 lvm
 │ └─cinder--volumes-cinder--volumes--pool-tpool                        253:4    0 19.6G  0 lvm
 │   ├─cinder--volumes-cinder--volumes--pool                            253:5    0 19.6G  0 lvm
 │   └─cinder--volumes-volume--a45cb5d8--4b80--4651--9dca--d97ab246d108 253:9    0    1G  0 lvm
 └─cinder--volumes-cinder--volumes--pool_tdata                          253:3    0 19.6G  0 lvm
   └─cinder--volumes-cinder--volumes--pool-tpool                        253:4    0 19.6G  0 lvm
     ├─cinder--volumes-cinder--volumes--pool                            253:5    0 19.6G  0 lvm
     └─cinder--volumes-volume--a45cb5d8--4b80--4651--9dca--d97ab246d108 253:9    0    1G  0 lvm


Questions

What is the diffrence between Volumes and the disk built into a VM 

General

openstack command help

 [root@centos-packstack-1 ~(keystone_admin)]# openstack --help
 usage: openstack [--version] [-v | -q] [--log-file LOG_FILE] [-h] [--debug]
                  [--os-cloud <cloud-config-name>]
                  [--os-region-name <auth-region-name>]
                  [--os-cacert <ca-bundle-file>] [--os-cert <certificate-file>]
                  [--os-key <key-file>] [--verify | --insecure]
                  [--os-default-domain <auth-domain>]
                  [--os-interface <interface>]
                  [--os-service-provider <service_provider>]
                  [--os-remote-project-name <remote_project_name> | --os-remote-project-id <remote_project_id>]
                  [--os-remote-project-domain-name <remote_project_domain_name> | --os-remote-project-domain-id <remote_project_domain_id>]
                  [--timing] [--os-beta-command] [--os-profile hmac-key]
                  [--os-compute-api-version <compute-api-version>]
                  [--os-network-api-version <network-api-version>]
                  [--os-image-api-version <image-api-version>]
                  [--os-volume-api-version <volume-api-version>]
                  [--os-identity-api-version <identity-api-version>]
                  [--os-object-api-version <object-api-version>]
                  [--os-key-manager-api-version <key-manager-api-version>]
                  [--os-dns-api-version <dns-api-version>]
                  [--os-metrics-api-version <metrics-api-version>]
                  [--os-alarming-api-version <alarming-api-version>]
                  [--os-auth-type <auth-type>]
                  [--os-project-domain-id <auth-project-domain-id>]
                  [--os-protocol <auth-protocol>]
                  [--os-project-name <auth-project-name>]
                  [--os-trust-id <auth-trust-id>]
                  [--os-consumer-key <auth-consumer-key>]
                  [--os-domain-name <auth-domain-name>]
                  [--os-access-secret <auth-access-secret>]
                  [--os-user-domain-id <auth-user-domain-id>]
                  [--os-access-token-type <auth-access-token-type>]
                  [--os-code <auth-code>]
                  [--os-application-credential-name <auth-application-credential-name>]
                  [--os-identity-provider-url <auth-identity-provider-url>]
                  [--os-aodh-endpoint <auth-aodh-endpoint>]
                  [--os-service-provider-endpoint <auth-service-provider-endpoint>]
                  [--os-access-token <auth-access-token>]
                  [--os-domain-id <auth-domain-id>]
                  [--os-user-domain-name <auth-user-domain-name>]
                  [--os-openid-scope <auth-openid-scope>]
                  [--os-user-id <auth-user-id>]
                  [--os-application-credential-secret <auth-application-credential-secret>]
                  [--os-identity-provider <auth-identity-provider>]
                  [--os-username <auth-username>]
                  [--os-auth-url <auth-auth-url>]
                  [--os-client-secret <auth-client-secret>]
                  [--os-access-token-endpoint <auth-access-token-endpoint>]
                  [--os-default-domain-id <auth-default-domain-id>]
                  [--os-discovery-endpoint <auth-discovery-endpoint>]
                  [--os-client-id <auth-client-id>]
                  [--os-default-domain-name <auth-default-domain-name>]
                  [--os-project-domain-name <auth-project-domain-name>]
                  [--os-service-provider-entity-id <auth-service-provider-entity-id>]
                  [--os-access-key <auth-access-key>]
                  [--os-password <auth-password>]
                  [--os-redirect-uri <auth-redirect-uri>]
                  [--os-endpoint <auth-endpoint>] [--os-roles <auth-roles>]
                  [--os-url <auth-url>]
                  [--os-consumer-secret <auth-consumer-secret>]
                  [--os-token <auth-token>]
                  [--os-application-credential-id <auth-application-credential-id>]
                  [--os-passcode <auth-passcode>]
                  [--os-system-scope <auth-system-scope>]
                  [--os-project-id <auth-project-id>] [--os-user <auth-user>]
 Command-line interface to the OpenStack APIs
 optional arguments:
   --version             show program's version number and exit
   -v, --verbose         Increase verbosity of output. Can be repeated.
   -q, --quiet           Suppress output except warnings and errors.
   --log-file LOG_FILE   Specify a file to log output. Disabled by default.
   -h, --help            Show help message and exit.
   --debug               Show tracebacks on errors.
   --os-cloud <cloud-config-name>
                         Cloud name in clouds.yaml (Env: OS_CLOUD)
   --os-region-name <auth-region-name>
                         Authentication region name (Env: OS_REGION_NAME)
   --os-cacert <ca-bundle-file>
                         CA certificate bundle file (Env: OS_CACERT)
   --os-cert <certificate-file>
                         Client certificate bundle file (Env: OS_CERT)
   --os-key <key-file>   Client certificate key file (Env: OS_KEY)
   --verify              Verify server certificate (default)
   --insecure            Disable server certificate verification
   --os-default-domain <auth-domain>
                         Default domain ID, default=default. (Env:
                         OS_DEFAULT_DOMAIN)
   --os-interface <interface>
                         Select an interface type. Valid interface types:
                         [admin, public, internal]. (Env: OS_INTERFACE)
   --os-service-provider <service_provider>
                         Authenticate with and perform the command on a service
                         provider using Keystone-to-keystone federation. Must
                         also specify the remote project option.
   --os-remote-project-name <remote_project_name>
                         Project name when authenticating to a service provider
                         if using Keystone-to-Keystone federation.
   --os-remote-project-id <remote_project_id>
                         Project ID when authenticating to a service provider
                         if using Keystone-to-Keystone federation.
   --os-remote-project-domain-name <remote_project_domain_name>
                         Domain name of the project when authenticating to a
                         service provider if using Keystone-to-Keystone
                         federation.
   --os-remote-project-domain-id <remote_project_domain_id>
                         Domain ID of the project when authenticating to a
                         service provider if using Keystone-to-Keystone
                         federation.
   --timing              Print API call timing info
   --os-beta-command     Enable beta commands which are subject to change
   --os-profile hmac-key
                         HMAC key for encrypting profiling context data
   --os-compute-api-version <compute-api-version>
                         Compute API version, default=2.1 (Env:
                         OS_COMPUTE_API_VERSION)
   --os-network-api-version <network-api-version>
                         Network API version, default=2.0 (Env:
                         OS_NETWORK_API_VERSION)
   --os-image-api-version <image-api-version>
                         Image API version, default=2 (Env:
                         OS_IMAGE_API_VERSION)
   --os-volume-api-version <volume-api-version>
                         Volume API version, default=2 (Env:
                         OS_VOLUME_API_VERSION)
   --os-identity-api-version <identity-api-version>
                         Identity API version, default=3 (Env:
                         OS_IDENTITY_API_VERSION)
   --os-object-api-version <object-api-version>
                         Object API version, default=1 (Env:
                         OS_OBJECT_API_VERSION)
   --os-key-manager-api-version <key-manager-api-version>
                         Barbican API version, default=1 (Env:
                         OS_KEY_MANAGER_API_VERSION)
   --os-dns-api-version <dns-api-version>
                         DNS API version, default=2 (Env: OS_DNS_API_VERSION)
   --os-metrics-api-version <metrics-api-version>
                         Metrics API version, default=1 (Env:
                         OS_METRICS_API_VERSION)
   --os-alarming-api-version <alarming-api-version>
                         Queues API version, default=2 (Env:
                         OS_ALARMING_API_VERSION)
   --os-auth-type <auth-type>
                         Select an authentication type. Available types:
                         v2token, v3adfspassword, admin_token, v2password,
                         v3password, v3tokenlessauth, v3token, v3oauth1,
                         v3oidcauthcode, v3samlpassword, token_endpoint,
                         v1password, v3totp, aodh-noauth,
                         v3oidcclientcredentials, gnocchi-basic, gnocchi-
                         noauth, password, none, v3oidcaccesstoken,
                         v3oidcpassword, token, v3applicationcredential,
                         noauth. Default: selected based on --os-username/--os-
                         token (Env: OS_AUTH_TYPE)
   --os-project-domain-id <auth-project-domain-id>
                         With v3adfspassword: Domain ID containing project With
                         v3password: Domain ID containing project With
                         v3tokenlessauth: Domain ID containing project With
                         v3token: Domain ID containing project With
                         v3oidcauthcode: Domain ID containing project With
                         v3samlpassword: Domain ID containing project With
                         v3totp: Domain ID containing project With
                         v3oidcclientcredentials: Domain ID containing project
                         With password: Domain ID containing project With
                         v3oidcaccesstoken: Domain ID containing project With
                         v3oidcpassword: Domain ID containing project With
                         token: Domain ID containing project With
                         v3applicationcredential: Domain ID containing project
                         (Env: OS_PROJECT_DOMAIN_ID)
   --os-protocol <auth-protocol>
                         With v3adfspassword: Protocol for federated plugin
                         With v3oidcauthcode: Protocol for federated plugin
                         With v3samlpassword: Protocol for federated plugin
                         With v3oidcclientcredentials: Protocol for federated
                         plugin With v3oidcaccesstoken: Protocol for federated
                         plugin With v3oidcpassword: Protocol for federated
                         plugin (Env: OS_PROTOCOL)
   --os-project-name <auth-project-name>
                         With v3adfspassword: Project name to scope to With
                         v3password: Project name to scope to With
                         v3tokenlessauth: Project name to scope to With
                         v3token: Project name to scope to With v3oidcauthcode:
                         Project name to scope to With v3samlpassword: Project
                         name to scope to With v1password: Swift account to use
                         With v3totp: Project name to scope to With
                         v3oidcclientcredentials: Project name to scope to With
                         password: Project name to scope to With
                         v3oidcaccesstoken: Project name to scope to With
                         v3oidcpassword: Project name to scope to With token:
                         Project name to scope to With v3applicationcredential:
                         Project name to scope to (Env: OS_PROJECT_NAME)
   --os-trust-id <auth-trust-id>
                         With v2token: Trust ID With v3adfspassword: Trust ID
                         With v2password: Trust ID With v3password: Trust ID
                         With v3token: Trust ID With v3oidcauthcode: Trust ID
                         With v3samlpassword: Trust ID With v3totp: Trust ID
                         With v3oidcclientcredentials: Trust ID With password:
                         Trust ID With v3oidcaccesstoken: Trust ID With
                         v3oidcpassword: Trust ID With token: Trust ID With
                         v3applicationcredential: Trust ID (Env: OS_TRUST_ID)
   --os-consumer-key <auth-consumer-key>
                         With v3oauth1: OAuth Consumer ID/Key (Env:
                         OS_CONSUMER_KEY)
   --os-domain-name <auth-domain-name>
                         With v3adfspassword: Domain name to scope to With
                         v3password: Domain name to scope to With
                         v3tokenlessauth: Domain name to scope to With v3token:
                         Domain name to scope to With v3oidcauthcode: Domain
                         name to scope to With v3samlpassword: Domain name to
                         scope to With v3totp: Domain name to scope to With
                         v3oidcclientcredentials: Domain name to scope to With
                         password: Domain name to scope to With
                         v3oidcaccesstoken: Domain name to scope to With
                         v3oidcpassword: Domain name to scope to With token:
                         Domain name to scope to With v3applicationcredential:
                         Domain name to scope to (Env: OS_DOMAIN_NAME)
   --os-access-secret <auth-access-secret>
                         With v3oauth1: OAuth Access Secret (Env:
                         OS_ACCESS_SECRET)
   --os-user-domain-id <auth-user-domain-id>
                         With v3password: User's domain id With v3totp: User's
                         domain id With password: User's domain id With
                         v3applicationcredential: User's domain id (Env:
                         OS_USER_DOMAIN_ID)
   --os-access-token-type <auth-access-token-type>
                         With v3oidcauthcode: OAuth 2.0 Authorization Server
                         Introspection token type, it is used to decide which
                         type of token will be used when processing token
                         introspection. Valid values are: "access_token" or
                         "id_token" With v3oidcclientcredentials: OAuth 2.0
                         Authorization Server Introspection token type, it is
                         used to decide which type of token will be used when
                         processing token introspection. Valid values are:
                         "access_token" or "id_token" With v3oidcpassword:
                         OAuth 2.0 Authorization Server Introspection token
                         type, it is used to decide which type of token will be
                         used when processing token introspection. Valid values
                         are: "access_token" or "id_token" (Env:
                         OS_ACCESS_TOKEN_TYPE)
   --os-code <auth-code>
                         With v3oidcauthcode: OAuth 2.0 Authorization Code
                         (Env: OS_CODE)
   --os-application-credential-name <auth-application-credential-name>
                         With v3applicationcredential: Application credential
                         name (Env: OS_APPLICATION_CREDENTIAL_NAME)
   --os-identity-provider-url <auth-identity-provider-url>
                         With v3adfspassword: An Identity Provider URL, where
                         the SAML authentication request will be sent. With
                         v3samlpassword: An Identity Provider URL, where the
                         SAML2 authentication request will be sent. (Env:
                         OS_IDENTITY_PROVIDER_URL)
   --os-aodh-endpoint <auth-aodh-endpoint>
                         With aodh-noauth: Aodh endpoint (Env:
                         OS_AODH_ENDPOINT)
   --os-service-provider-endpoint <auth-service-provider-endpoint>
                         With v3adfspassword: Service Provider's Endpoint (Env:
                         OS_SERVICE_PROVIDER_ENDPOINT)
   --os-access-token <auth-access-token>
                         With v3oidcaccesstoken: OAuth 2.0 Access Token (Env:
                         OS_ACCESS_TOKEN)
   --os-domain-id <auth-domain-id>
                         With v3adfspassword: Domain ID to scope to With
                         v3password: Domain ID to scope to With
                         v3tokenlessauth: Domain ID to scope to With v3token:
                         Domain ID to scope to With v3oidcauthcode: Domain ID
                         to scope to With v3samlpassword: Domain ID to scope to
                         With v3totp: Domain ID to scope to With
                         v3oidcclientcredentials: Domain ID to scope to With
                         password: Domain ID to scope to With
                         v3oidcaccesstoken: Domain ID to scope to With
                         v3oidcpassword: Domain ID to scope to With token:
                         Domain ID to scope to With v3applicationcredential:
                         Domain ID to scope to (Env: OS_DOMAIN_ID)
   --os-user-domain-name <auth-user-domain-name>
                         With v3password: User's domain name With v3totp:
                         User's domain name With password: User's domain name
                         With v3applicationcredential: User's domain name (Env:
                         OS_USER_DOMAIN_NAME)
   --os-openid-scope <auth-openid-scope>
                         With v3oidcauthcode: OpenID Connect scope that is
                         requested from authorization server. Note that the
                         OpenID Connect specification states that "openid" must
                         be always specified. With v3oidcclientcredentials:
                         OpenID Connect scope that is requested from
                         authorization server. Note that the OpenID Connect
                         specification states that "openid" must be always
                         specified. With v3oidcpassword: OpenID Connect scope
                         that is requested from authorization server. Note that
                         the OpenID Connect specification states that "openid"
                         must be always specified. (Env: OS_OPENID_SCOPE)
   --os-user-id <auth-user-id>
                         With v2password: User ID to login with With
                         v3password: User ID With v3totp: User ID With aodh-
                         noauth: User ID With gnocchi-noauth: User ID With
                         password: User id With v3applicationcredential: User
                         ID With noauth: User ID (Env: OS_USER_ID)
   --os-application-credential-secret <auth-application-credential-secret>
                         With v3applicationcredential: Application credential
                         auth secret (Env: OS_APPLICATION_CREDENTIAL_SECRET)
   --os-identity-provider <auth-identity-provider>
                         With v3adfspassword: Identity Provider's name With
                         v3oidcauthcode: Identity Provider's name With
                         v3samlpassword: Identity Provider's name With
                         v3oidcclientcredentials: Identity Provider's name With
                         v3oidcaccesstoken: Identity Provider's name With
                         v3oidcpassword: Identity Provider's name (Env:
                         OS_IDENTITY_PROVIDER)
   --os-username <auth-username>
                         With v3adfspassword: Username With v2password:
                         Username to login with With v3password: Username With
                         v3samlpassword: Username With v1password: Username to
                         login with With v3totp: Username With password:
                         Username With v3oidcpassword: Username With
                         v3applicationcredential: Username (Env: OS_USERNAME)
   --os-auth-url <auth-auth-url>
                         With v2token: Authentication URL With v3adfspassword:
                         Authentication URL With v2password: Authentication URL
                         With v3password: Authentication URL With
                         v3tokenlessauth: Authentication URL With v3token:
                         Authentication URL With v3oauth1: Authentication URL
                         With v3oidcauthcode: Authentication URL With
                         v3samlpassword: Authentication URL With v1password:
                         Authentication URL With v3totp: Authentication URL
                         With v3oidcclientcredentials: Authentication URL With
                         password: Authentication URL With v3oidcaccesstoken:
                         Authentication URL With v3oidcpassword: Authentication
                         URL With token: Authentication URL With
                         v3applicationcredential: Authentication URL (Env:
                         OS_AUTH_URL)
   --os-client-secret <auth-client-secret>
                         With v3oidcauthcode: OAuth 2.0 Client Secret With
                         v3oidcclientcredentials: OAuth 2.0 Client Secret With
                         v3oidcpassword: OAuth 2.0 Client Secret (Env:
                         OS_CLIENT_SECRET)
   --os-access-token-endpoint <auth-access-token-endpoint>
                         With v3oidcauthcode: OpenID Connect Provider Token
                         Endpoint. Note that if a discovery document is being
                         passed this option will override the endpoint provided
                         by the server in the discovery document. With
                         v3oidcclientcredentials: OpenID Connect Provider Token
                         Endpoint. Note that if a discovery document is being
                         passed this option will override the endpoint provided
                         by the server in the discovery document. With
                         v3oidcpassword: OpenID Connect Provider Token
                         Endpoint. Note that if a discovery document is being
                         passed this option will override the endpoint provided
                         by the server in the discovery document. (Env:
                         OS_ACCESS_TOKEN_ENDPOINT)
   --os-default-domain-id <auth-default-domain-id>
                         With password: Optional domain ID to use with v3 and
                         v2 parameters. It will be used for both the user and
                         project domain in v3 and ignored in v2 authentication.
                         With token: Optional domain ID to use with v3 and v2
                         parameters. It will be used for both the user and
                         project domain in v3 and ignored in v2 authentication.
                         (Env: OS_DEFAULT_DOMAIN_ID)
   --os-discovery-endpoint <auth-discovery-endpoint>
                         With v3oidcauthcode: OpenID Connect Discovery Document
                         URL. The discovery document will be used to obtain the
                         values of the access token endpoint and the
                         authentication endpoint. This URL should look like
                         https://idp.example.org/.well-known/openid-
                         configuration With v3oidcclientcredentials: OpenID
                         Connect Discovery Document URL. The discovery document
                         will be used to obtain the values of the access token
                         endpoint and the authentication endpoint. This URL
                         should look like https://idp.example.org/.well-known
                         /openid-configuration With v3oidcpassword: OpenID
                         Connect Discovery Document URL. The discovery document
                         will be used to obtain the values of the access token
                         endpoint and the authentication endpoint. This URL
                         should look like https://idp.example.org/.well-known
                         /openid-configuration (Env: OS_DISCOVERY_ENDPOINT)
   --os-client-id <auth-client-id>
                         With v3oidcauthcode: OAuth 2.0 Client ID With
                         v3oidcclientcredentials: OAuth 2.0 Client ID With
                         v3oidcpassword: OAuth 2.0 Client ID (Env:
                         OS_CLIENT_ID)
   --os-default-domain-name <auth-default-domain-name>
                         With password: Optional domain name to use with v3 API
                         and v2 parameters. It will be used for both the user
                         and project domain in v3 and ignored in v2
                         authentication. With token: Optional domain name to
                         use with v3 API and v2 parameters. It will be used for
                         both the user and project domain in v3 and ignored in
                         v2 authentication. (Env: OS_DEFAULT_DOMAIN_NAME)
   --os-project-domain-name <auth-project-domain-name>
                         With v3adfspassword: Domain name containing project
                         With v3password: Domain name containing project With
                         v3tokenlessauth: Domain name containing project With
                         v3token: Domain name containing project With
                         v3oidcauthcode: Domain name containing project With
                         v3samlpassword: Domain name containing project With
                         v3totp: Domain name containing project With
                         v3oidcclientcredentials: Domain name containing
                         project With password: Domain name containing project
                         With v3oidcaccesstoken: Domain name containing project
                         With v3oidcpassword: Domain name containing project
                         With token: Domain name containing project With
                         v3applicationcredential: Domain name containing
                         project (Env: OS_PROJECT_DOMAIN_NAME)
   --os-service-provider-entity-id <auth-service-provider-entity-id>
                         With v3adfspassword: Service Provider's SAML Entity ID
                         (Env: OS_SERVICE_PROVIDER_ENTITY_ID)
   --os-access-key <auth-access-key>
                         With v3oauth1: OAuth Access Key (Env: OS_ACCESS_KEY)
   --os-password <auth-password>
                         With v3adfspassword: Password With v2password:
                         Password to use With v3password: User's password With
                         v3samlpassword: Password With v1password: Password to
                         use With password: User's password With
                         v3oidcpassword: Password (Env: OS_PASSWORD)
   --os-redirect-uri <auth-redirect-uri>
                         With v3oidcauthcode: OpenID Connect Redirect URL (Env:
                         OS_REDIRECT_URI)
   --os-endpoint <auth-endpoint>
                         With admin_token: The endpoint that will always be
                         used With gnocchi-basic: Gnocchi endpoint With
                         gnocchi-noauth: Gnocchi endpoint With none: The
                         endpoint that will always be used With noauth: Cinder
                         endpoint (Env: OS_ENDPOINT)
   --os-roles <auth-roles>
                         With aodh-noauth: Roles With gnocchi-noauth: Roles
                         (Env: OS_ROLES)
   --os-url <auth-url>   With token_endpoint: Specific service endpoint to use
                         (Env: OS_URL)
   --os-consumer-secret <auth-consumer-secret>
                         With v3oauth1: OAuth Consumer Secret (Env:
                         OS_CONSUMER_SECRET)
   --os-token <auth-token>
                         With v2token: Token With admin_token: The token that
                         will always be used With v3token: Token to
                         authenticate with With token_endpoint: Authentication
                         token to use With token: Token to authenticate with
                         (Env: OS_TOKEN)
   --os-application-credential-id <auth-application-credential-id>
                         With v3applicationcredential: Application credential
                         ID (Env: OS_APPLICATION_CREDENTIAL_ID)
   --os-passcode <auth-passcode>
                         With v3totp: User's TOTP passcode (Env: OS_PASSCODE)
   --os-system-scope <auth-system-scope>
                         With v3adfspassword: Scope for system operations With
                         v3password: Scope for system operations With v3token:
                         Scope for system operations With v3oidcauthcode: Scope
                         for system operations With v3samlpassword: Scope for
                         system operations With v3totp: Scope for system
                         operations With v3oidcclientcredentials: Scope for
                         system operations With password: Scope for system
                         operations With v3oidcaccesstoken: Scope for system
                         operations With v3oidcpassword: Scope for system
                         operations With token: Scope for system operations
                         With v3applicationcredential: Scope for system
                         operations (Env: OS_SYSTEM_SCOPE)
   --os-project-id <auth-project-id>
                         With v3adfspassword: Project ID to scope to With
                         v3password: Project ID to scope to With
                         v3tokenlessauth: Project ID to scope to With v3token:
                         Project ID to scope to With v3oidcauthcode: Project ID
                         to scope to With v3samlpassword: Project ID to scope
                         to With v3totp: Project ID to scope to With aodh-
                         noauth: Project ID With v3oidcclientcredentials:
                         Project ID to scope to With gnocchi-noauth: Project ID
                         With password: Project ID to scope to With
                         v3oidcaccesstoken: Project ID to scope to With
                         v3oidcpassword: Project ID to scope to With token:
                         Project ID to scope to With v3applicationcredential:
                         Project ID to scope to With noauth: Project ID (Env:
                         OS_PROJECT_ID)
   --os-user <auth-user>
                         With gnocchi-basic: User (Env: OS_USER)
 Commands:
   access token create  Create an access token
   acl delete     Delete ACLs for a secret or container as identified by its href. (python-barbicanclient)
   acl get        Retrieve ACLs for a secret or container by providing its href. (python-barbicanclient)
   acl submit     Submit ACL on a secret or container as identified by its href. (python-barbicanclient)
   acl user add   Add ACL users to a secret or container as identified by its href. (python-barbicanclient)
   acl user remove  Remove ACL users from a secret or container as identified by its href. (python-barbicanclient)
   address scope create  Create a new Address Scope
   address scope delete  Delete address scope(s)
   address scope list  List address scopes
   address scope set  Set address scope properties
   address scope show  Display address scope details
   aggregate add host  Add host to aggregate
   aggregate create  Create a new aggregate
   aggregate delete  Delete existing aggregate(s)
   aggregate list  List all aggregates
   aggregate remove host  Remove host from aggregate
   aggregate set  Set aggregate properties
   aggregate show  Display aggregate details
   aggregate unset  Unset aggregate properties
   alarm create   Create an alarm (aodhclient)
   alarm delete   Delete an alarm (aodhclient)
   alarm list     List alarms (aodhclient)
   alarm show     Show an alarm (aodhclient)
   alarm state get  Get state of an alarm (aodhclient)
   alarm state set  Set state of an alarm (aodhclient)
   alarm update   Update an alarm (aodhclient)
   alarm-history search  Show history for all alarms based on query (aodhclient)
   alarm-history show  Show history for an alarm (aodhclient)
   alarming capabilities list  List capabilities of alarming service (aodhclient)
   availability zone list  List availability zones and their status
   bgp dragent add speaker  Add a BGP speaker to a dynamic routing agent (python-neutronclient)
   bgp dragent remove speaker  Removes a BGP speaker from a dynamic routing agent (python-neutronclient)
   bgp peer create  Create a BGP peer (python-neutronclient)
   bgp peer delete  Delete a BGP peer (python-neutronclient)
   bgp peer list  List BGP peers (python-neutronclient)
   bgp peer set   Update a BGP peer (python-neutronclient)
   bgp peer show  Show information for a BGP peer (python-neutronclient)
   bgp speaker add network  Add a network to a BGP speaker (python-neutronclient)
   bgp speaker add peer  Add a peer to a BGP speaker (python-neutronclient)
   bgp speaker create  Create a BGP speaker (python-neutronclient)
   bgp speaker delete  Delete a BGP speaker (python-neutronclient)
   bgp speaker list  List BGP speakers (python-neutronclient)
   bgp speaker list advertised routes  List routes advertised (python-neutronclient)
   bgp speaker remove network  Remove a network from a BGP speaker (python-neutronclient)
   bgp speaker remove peer  Remove a peer from a BGP speaker (python-neutronclient)
   bgp speaker set  Set BGP speaker properties (python-neutronclient)
   bgp speaker show  Show a BGP speaker (python-neutronclient)
   bgp speaker show dragents  List dynamic routing agents hosting a BGP speaker (python-neutronclient)
   bgpvpn create  Create BGP VPN resource (python-neutronclient)
   bgpvpn delete  Delete BGP VPN resource(s) (python-neutronclient)
   bgpvpn list    List BGP VPN resources (python-neutronclient)
   bgpvpn network association create  Create a BGP VPN network association (python-neutronclient)
   bgpvpn network association delete  Delete a BGP VPN network association(s) for a given BGP VPN (python-neutronclient)
   bgpvpn network association list  List BGP VPN network associations for a given BGP VPN (python-neutronclient)
   bgpvpn network association show  Show information of a given BGP VPN network association (python-neutronclient)
   bgpvpn port association create  Create a BGP VPN port association (python-neutronclient)
   bgpvpn port association delete  Delete a BGP VPN port association(s) for a given BGP VPN (python-neutronclient)
   bgpvpn port association list  List BGP VPN port associations for a given BGP VPN (python-neutronclient)
   bgpvpn port association set  Set BGP VPN port association properties (python-neutronclient)
   bgpvpn port association show  Show information of a given BGP VPN port association (python-neutronclient)
   bgpvpn port association unset  Unset BGP VPN port association properties (python-neutronclient)
   bgpvpn router association create  Create a BGP VPN router association (python-neutronclient)
   bgpvpn router association delete  Delete a BGP VPN router association(s) for a given BGP VPN (python-neutronclient)
   bgpvpn router association list  List BGP VPN router associations for a given BGP VPN (python-neutronclient)
   bgpvpn router association show  Show information of a given BGP VPN router association (python-neutronclient)
   bgpvpn set     Set BGP VPN properties (python-neutronclient)
   bgpvpn show    Show information of a given BGP VPN (python-neutronclient)
   bgpvpn unset   Unset BGP VPN properties (python-neutronclient)
   ca get         Retrieve a CA by providing its URI. (python-barbicanclient)
   ca list        List CAs. (python-barbicanclient)
   catalog list   List services in the service catalog
   catalog show   Display service catalog details
   command list   List recognized commands by group
   complete       print bash completion command (cliff)
   compute agent create  Create compute agent
   compute agent delete  Delete compute agent(s)
   compute agent list  List compute agents
   compute agent set  Set compute agent properties
   compute service delete  Delete compute service(s)
   compute service list  List compute services
   compute service set  Set compute service properties
   configuration show  Display configuration details
   consistency group add volume  Add volume(s) to consistency group
   consistency group create  Create new consistency group.
   consistency group delete  Delete consistency group(s).
   consistency group list  List consistency groups.
   consistency group remove volume  Remove volume(s) from consistency group
   consistency group set  Set consistency group properties
   consistency group show  Display consistency group details.
   consistency group snapshot create  Create new consistency group snapshot.
   consistency group snapshot delete  Delete consistency group snapshot(s).
   consistency group snapshot list  List consistency group snapshots.
   consistency group snapshot show  Display consistency group snapshot details
   console log show  Show server's console output
   console url show  Show server's remote console URL
   consumer create  Create new consumer
   consumer delete  Delete consumer(s)
   consumer list  List consumers
   consumer set   Set consumer properties
   consumer show  Display consumer details
   container create  Create new container
   container delete  Delete container
   container list  List containers
   container save  Save container contents locally
   container set  Set container properties
   container show  Display container details
   container unset  Unset container properties
   credential create  Create new credential
   credential delete  Delete credential(s)
   credential list  List credentials
   credential set  Set credential properties
   credential show  Display credential details
   dns quota list  List quotas (python-designateclient)
   dns quota reset  Delete blacklist (python-designateclient)
   dns quota set  Set blacklist properties (python-designateclient)
   dns service list  List service statuses (python-designateclient)
   dns service show  Show service status details (python-designateclient)
   domain create  Create new domain
   domain delete  Delete domain(s)
   domain list    List domains
   domain set     Set domain properties
   domain show    Display domain details
   ec2 credentials create  Create EC2 credentials
   ec2 credentials delete  Delete EC2 credentials
   ec2 credentials list  List EC2 credentials
   ec2 credentials show  Display EC2 credentials details
   endpoint add project  Associate a project to an endpoint
   endpoint create  Create new endpoint
   endpoint delete  Delete endpoint(s)
   endpoint list  List endpoints
   endpoint remove project  Dissociate a project from an endpoint
   endpoint set   Set endpoint properties
   endpoint show  Display endpoint details
   extension list  List API extensions
   extension show  Show API extension
   federation domain list  List accessible domains
   federation project list  List accessible projects
   federation protocol create  Create new federation protocol
   federation protocol delete  Delete federation protocol(s)
   federation protocol list  List federation protocols
   federation protocol set  Set federation protocol properties
   federation protocol show  Display federation protocol details
   firewall group create  Create a new firewall group (python-neutronclient)
   firewall group delete  Delete firewall group(s) (python-neutronclient)
   firewall group list  List firewall groups (python-neutronclient)
   firewall group policy add rule  Insert a rule into a given firewall policy (python-neutronclient)
   firewall group policy create  Create a new firewall policy (python-neutronclient)
   firewall group policy delete  Delete firewall policy(s) (python-neutronclient)
   firewall group policy list  List firewall policies (python-neutronclient)
   firewall group policy remove rule  Remove a rule from a given firewall policy (python-neutronclient)
   firewall group policy set  Set firewall policy properties (python-neutronclient)
   firewall group policy show  Display firewall policy details (python-neutronclient)
   firewall group policy unset  Unset firewall policy properties (python-neutronclient)
   firewall group rule create  Create a new firewall rule (python-neutronclient)
   firewall group rule delete  Delete firewall rule(s) (python-neutronclient)
   firewall group rule list  List firewall rules that belong to a given tenant (python-neutronclient)
   firewall group rule set  Set firewall rule properties (python-neutronclient)
   firewall group rule show  Display firewall rule details (python-neutronclient)
   firewall group rule unset  Unset firewall rule properties (python-neutronclient)
   firewall group set  Set firewall group properties (python-neutronclient)
   firewall group show  Display firewall group details (python-neutronclient)
   firewall group unset  Unset firewall group properties (python-neutronclient)
   flavor create  Create new flavor
   flavor delete  Delete flavor(s)
   flavor list    List flavors
   flavor set     Set flavor properties
   flavor show    Display flavor details
   flavor unset   Unset flavor properties
   floating ip create  Create floating IP
   floating ip delete  Delete floating IP(s)
   floating ip list  List floating IP(s)
   floating ip pool list  List pools of floating IP addresses
   floating ip set  Set floating IP Properties
   floating ip show  Display floating IP details
   floating ip unset  Unset floating IP Properties
   group add user  Add user to group
   group contains user  Check user membership in group
   group create   Create new group
   group delete   Delete group(s)
   group list     List groups
   group remove user  Remove user from group
   group set      Set group properties
   group show     Display group details
   help           print detailed help for another command (cliff)
   host list      List hosts
   host set       Set host properties
   host show      Display host details
   hypervisor list  List hypervisors
   hypervisor show  Display hypervisor details
   hypervisor stats show  Display hypervisor stats details
   identity provider create  Create new identity provider
   identity provider delete  Delete identity provider(s)
   identity provider list  List identity providers
   identity provider set  Set identity provider properties
   identity provider show  Display identity provider details
   image add project  Associate project with image
   image create   Create/upload an image
   image delete   Delete image(s)
   image list     List available images
   image remove project  Disassociate project with image
   image save     Save an image locally
   image set      Set image properties
   image show     Display image details
   image unset    Unset image tags and properties
   implied role create  Creates an association between prior and implied roles
   implied role delete  Deletes an association between prior and implied roles
   implied role list  List implied roles
   ip availability list  List IP availability for network
   ip availability show  Show network IP availability details
   keypair create  Create new public or private key for server ssh access
   keypair delete  Delete public or private key(s)
   keypair list   List key fingerprints
   keypair show   Display key details
   limits show    Show compute and block storage limits
   mapping create  Create new mapping
   mapping delete  Delete mapping(s)
   mapping list   List mappings
   mapping set    Set mapping properties
   mapping show   Display mapping details
   metric aggregates  Get measurements of aggregated metrics (gnocchiclient)
   metric archive-policy create  Create an archive policy (gnocchiclient)
   metric archive-policy delete  Delete an archive policy (gnocchiclient)
   metric archive-policy list  List archive policies (gnocchiclient)
   metric archive-policy show  Show an archive policy (gnocchiclient)
   metric archive-policy update  Update an archive policy (gnocchiclient)
   metric archive-policy-rule create  Create an archive policy rule (gnocchiclient)
   metric archive-policy-rule delete  Delete an archive policy rule (gnocchiclient)
   metric archive-policy-rule list  List archive policy rules (gnocchiclient)
   metric archive-policy-rule show  Show an archive policy rule (gnocchiclient)
   metric benchmark measures add  Do benchmark testing of adding measurements (gnocchiclient)
   metric benchmark measures show  Do benchmark testing of measurements show (gnocchiclient)
   metric benchmark metric create  Do benchmark testing of metric creation (gnocchiclient)
   metric benchmark metric show  Do benchmark testing of metric show (gnocchiclient)
   metric capabilities list  List capabilities (gnocchiclient)
   metric create  Create a metric (gnocchiclient)
   metric delete  Delete a metric (gnocchiclient)
   metric list    List metrics (gnocchiclient)
   metric measures add  Add measurements to a metric (gnocchiclient)
   metric measures aggregation  Get measurements of aggregated metrics (gnocchiclient)
   metric measures batch-metrics   (gnocchiclient)
   metric measures batch-resources-metrics   (gnocchiclient)
   metric measures show  Get measurements of a metric (gnocchiclient)
   metric metric create  Deprecated: Create a metric (gnocchiclient)
   metric metric delete  Deprecated: Delete a metric (gnocchiclient)
   metric metric list  Deprecated: List metrics (gnocchiclient)
   metric metric show  Deprecated: Show a metric (gnocchiclient)
   metric resource batch delete  Delete a batch of resources based on attribute values (gnocchiclient)
   metric resource create  Create a resource (gnocchiclient)
   metric resource delete  Delete a resource (gnocchiclient)
   metric resource history  Show the history of a resource (gnocchiclient)
   metric resource list  List resources (gnocchiclient)
   metric resource search  Search resources with specified query rules (gnocchiclient)
   metric resource show  Show a resource (gnocchiclient)
   metric resource update  Update a resource (gnocchiclient)
   metric resource-type create  Create a resource type (gnocchiclient)
   metric resource-type delete  Delete a resource type (gnocchiclient)
   metric resource-type list  List resource types (gnocchiclient)
   metric resource-type show  Show a resource type (gnocchiclient)
   metric resource-type update   (gnocchiclient)
   metric server version  Show the version of Gnocchi server (gnocchiclient)
   metric show    Show a metric (gnocchiclient)
   metric status  Show the status of measurements processing (gnocchiclient)
   module list    List module versions
   network agent add network  Add network to an agent
   network agent add router  Add router to an agent
   network agent delete  Delete network agent(s)
   network agent list  List network agents
   network agent remove network  Remove network from an agent.
   network agent remove router  Remove router from an agent
   network agent set  Set network agent properties
   network agent show  Display network agent details
   network auto allocated topology create  Create the  auto allocated topology for project
   network auto allocated topology delete  Delete auto allocated topology for project
   network create  Create new network
   network delete  Delete network(s)
   network flavor add profile  Add a service profile to a network flavor
   network flavor create  Create new network flavor
   network flavor delete  Delete network flavors
   network flavor list  List network flavors
   network flavor profile create  Create new network flavor profile
   network flavor profile delete  Delete network flavor profile
   network flavor profile list  List network flavor profile(s)
   network flavor profile set  Set network flavor profile properties
   network flavor profile show  Display network flavor profile details
   network flavor remove profile  Remove service profile from network flavor
   network flavor set  Set network flavor properties
   network flavor show  Display network flavor details
   network list   List networks
   network log create  Create a new network log (python-neutronclient)
   network log delete  Delete network log(s) (python-neutronclient)
   network log list  List network logs (python-neutronclient)
   network log set  Set network log properties (python-neutronclient)
   network log show  Display network log details (python-neutronclient)
   network loggable resources list  List supported loggable resources (python-neutronclient)
   network meter create  Create network meter
   network meter delete  Delete network meter
   network meter list  List network meters
   network meter rule create  Create a new meter rule
   network meter rule delete  Delete meter rule(s)
   network meter rule list  List meter rules
   network meter rule show  Display meter rules details
   network meter show  Show network meter
   network qos policy create  Create a QoS policy
   network qos policy delete  Delete Qos Policy(s)
   network qos policy list  List QoS policies
   network qos policy set  Set QoS policy properties
   network qos policy show  Display QoS policy details
   network qos rule create  Create new Network QoS rule
   network qos rule delete  Delete Network QoS rule
   network qos rule list  List Network QoS rules
   network qos rule set  Set Network QoS rule properties
   network qos rule show  Display Network QoS rule details
   network qos rule type list  List QoS rule types
   network qos rule type show  Show details about supported QoS rule type
   network rbac create  Create network RBAC policy
   network rbac delete  Delete network RBAC policy(s)
   network rbac list  List network RBAC policies
   network rbac set  Set network RBAC policy properties
   network rbac show  Display network RBAC policy details
   network segment create  Create new network segment
   network segment delete  Delete network segment(s)
   network segment list  List network segments
   network segment set  Set network segment properties
   network segment show  Display network segment details
   network service provider list  List Service Providers
   network set    Set network properties
   network show   Show network details
   network subport list  List all subports for a given network trunk (python-neutronclient)
   network trunk create  Create a network trunk for a given project (python-neutronclient)
   network trunk delete  Delete a given network trunk (python-neutronclient)
   network trunk list  List all network trunks (python-neutronclient)
   network trunk set  Set network trunk properties (python-neutronclient)
   network trunk show  Show information of a given network trunk (python-neutronclient)
   network trunk unset  Unset subports from a given network trunk (python-neutronclient)
   network unset  Unset network properties
   object create  Upload object to container
   object delete  Delete object from container
   object list    List objects
   object save    Save object locally
   object set     Set object properties
   object show    Display object details
   object store account set  Set account properties
   object store account show  Display account details
   object store account unset  Unset account properties
   object unset   Unset object properties
   policy create  Create new policy
   policy delete  Delete policy(s)
   policy list    List policies
   policy set     Set policy properties
   policy show    Display policy details
   port create    Create a new port
   port delete    Delete port(s)
   port list      List ports
   port set       Set port properties
   port show      Display port details
   port unset     Unset port properties
   project create  Create new project
   project delete  Delete project(s)
   project list   List projects
   project purge  Clean resources associated with a project
   project set    Set project properties
   project show   Display project details
   ptr record list  List floatingip ptr records (python-designateclient)
   ptr record set  Set floatingip ptr record (python-designateclient)
   ptr record show  Show floatingip ptr record details (python-designateclient)
   ptr record unset  Unset floatingip ptr record (python-designateclient)
   quota list     List quotas for all projects with non-default quota values
   quota set      Set quotas for project or class
   quota show     Show quotas for project or class
   recordset create  Create new recordset (python-designateclient)
   recordset delete  Delete recordset (python-designateclient)
   recordset list  List recordsets (python-designateclient)
   recordset set  Set recordset properties (python-designateclient)
   recordset show  Show recordset details (python-designateclient)
   region create  Create new region
   region delete  Delete region(s)
   region list    List regions
   region set     Set region properties
   region show    Display region details
   request token authorize  Authorize a request token
   request token create  Create a request token
   role add       Adds a role assignment to a user or group on a domain or project
   role assignment list  List role assignments
   role create    Create new role
   role delete    Delete role(s)
   role list      List roles
   role remove    Removes a role assignment from domain/project : user/group
   role set       Set role properties
   role show      Display role details
   router add port  Add a port to a router
   router add subnet  Add a subnet to a router
   router create  Create a new router
   router delete  Delete router(s)
   router list    List routers
   router remove port  Remove a port from a router
   router remove subnet  Remove a subnet from a router
   router set     Set router properties
   router show    Display router details
   router unset   Unset router properties
   secret container create  Store a container in Barbican. (python-barbicanclient)
   secret container delete  Delete a container by providing its href. (python-barbicanclient)
   secret container get  Retrieve a container by providing its URI. (python-barbicanclient)
   secret container list  List containers. (python-barbicanclient)
   secret delete  Delete a secret by providing its URI. (python-barbicanclient)
   secret get     Retrieve a secret by providing its URI. (python-barbicanclient)
   secret list    List secrets. (python-barbicanclient)
   secret order create  Create a new order. (python-barbicanclient)
   secret order delete  Delete an order by providing its href. (python-barbicanclient)
   secret order get  Retrieve an order by providing its URI. (python-barbicanclient)
   secret order list  List orders. (python-barbicanclient)
   secret store   Store a secret in Barbican. (python-barbicanclient)
   secret update  Update a secret with no payload in Barbican. (python-barbicanclient)
   security group create  Create a new security group
   security group delete  Delete security group(s)
   security group list  List security groups
   security group rule create  Create a new security group rule
   security group rule delete  Delete security group rule(s)
   security group rule list  List security group rules
   security group rule show  Display security group rule details
   security group set  Set security group properties
   security group show  Display security group details
   server add fixed ip  Add fixed IP address to server
   server add floating ip  Add floating IP address to server
   server add network  Add network to server
   server add port  Add port to server
   server add security group  Add security group to server
   server add volume  Add volume to server
   server backup create  Create a server backup image
   server create  Create a new server
   server delete  Delete server(s)
   server dump create  Create a dump file in server(s)
   server event list  List recent events of a server
   server event show  Show server event details
   server group create  Create a new server group.
   server group delete  Delete existing server group(s).
   server group list  List all server groups.
   server group show  Display server group details.
   server image create  Create a new server disk image from an existing server
   server list    List servers
   server lock    Lock server(s). A non-admin user will not be able to execute actions
   server migrate  Migrate server to different host
   server pause   Pause server(s)
   server reboot  Perform a hard or soft server reboot
   server rebuild  Rebuild server
   server remove fixed ip  Remove fixed IP address from server
   server remove floating ip  Remove floating IP address from server
   server remove network  Remove all ports of a network from server
   server remove port  Remove port from server
   server remove security group  Remove security group from server
   server remove volume  Remove volume from server
   server rescue  Put server in rescue mode
   server resize  Scale server to a new flavor.
   server restore  Restore server(s)
   server resume  Resume server(s)
   server set     Set server properties
   server shelve  Shelve server(s)
   server show    Show server details
   server ssh     SSH to server
   server start   Start server(s).
   server stop    Stop server(s).
   server suspend  Suspend server(s)
   server unlock  Unlock server(s)
   server unpause  Unpause server(s)
   server unrescue  Restore server from rescue mode
   server unset   Unset server properties
   server unshelve  Unshelve server(s)
   service create  Create new service
   service delete  Delete service(s)
   service list   List services
   service provider create  Create new service provider
   service provider delete  Delete service provider(s)
   service provider list  List service providers
   service provider set  Set service provider properties
   service provider show  Display service provider details
   service set    Set service properties
   service show   Display service details
   sfc flow classifier create  Create a flow classifier (python-neutronclient)
   sfc flow classifier delete  Delete a given flow classifier (python-neutronclient)
   sfc flow classifier list  List flow classifiers (python-neutronclient)
   sfc flow classifier set  Set flow classifier properties (python-neutronclient)
   sfc flow classifier show  Display flow classifier details (python-neutronclient)
   sfc port chain create  Create a port chain (python-neutronclient)
   sfc port chain delete  Delete a given port chain (python-neutronclient)
   sfc port chain list  List port chains (python-neutronclient)
   sfc port chain set  Set port chain properties (python-neutronclient)
   sfc port chain show  Display port chain details (python-neutronclient)
   sfc port chain unset  Unset port chain properties (python-neutronclient)
   sfc port pair create  Create a port pair (python-neutronclient)
   sfc port pair delete  Delete a given port pair (python-neutronclient)
   sfc port pair group create  Create a port pair group (python-neutronclient)
   sfc port pair group delete  Delete a given port pair group (python-neutronclient)
   sfc port pair group list  List port pair group (python-neutronclient)
   sfc port pair group set  Set port pair group properties (python-neutronclient)
   sfc port pair group show  Display port pair group details (python-neutronclient)
   sfc port pair group unset  Unset port pairs from port pair group (python-neutronclient)
   sfc port pair list  List port pairs (python-neutronclient)
   sfc port pair set  Set port pair properties (python-neutronclient)
   sfc port pair show  Display port pair details (python-neutronclient)
   sfc service graph create  Create a service graph. (python-neutronclient)
   sfc service graph delete  Delete a given service graph. (python-neutronclient)
   sfc service graph list  List service graphs (python-neutronclient)
   sfc service graph set  Set service graph properties (python-neutronclient)
   sfc service graph show  Show information of a given service graph. (python-neutronclient)
   snapshot create  Create new snapshot
   snapshot delete  Delete volume snapshot(s)
   snapshot list  List snapshots
   snapshot set   Set snapshot properties
   snapshot show  Display snapshot details
   snapshot unset  Unset snapshot properties
   subnet create  Create a subnet
   subnet delete  Delete subnet(s)
   subnet list    List subnets
   subnet pool create  Create subnet pool
   subnet pool delete  Delete subnet pool(s)
   subnet pool list  List subnet pools
   subnet pool set  Set subnet pool properties
   subnet pool show  Display subnet pool details
   subnet pool unset  Unset subnet pool properties
   subnet set     Set subnet properties
   subnet show    Display subnet details
   subnet unset   Unset subnet properties
   tld create     Create new tld (python-designateclient)
   tld delete     Delete tld (python-designateclient)
   tld list       List tlds (python-designateclient)
   tld set        Set tld properties (python-designateclient)
   tld show       Show tld details (python-designateclient)
   token issue    Issue new token
   token revoke   Revoke existing token
   trust create   Create new trust
   trust delete   Delete trust(s)
   trust list     List trusts
   trust show     Display trust details
   tsigkey create  Create new tsigkey (python-designateclient)
   tsigkey delete  Delete tsigkey (python-designateclient)
   tsigkey list   List tsigkeys (python-designateclient)
   tsigkey set    Set tsigkey properties (python-designateclient)
   tsigkey show   Show tsigkey details (python-designateclient)
   usage list     List resource usage per project
   usage show     Show resource usage for a single project
   user create    Create new user
   user delete    Delete user(s)
   user list      List users
   user password set  Change current user password
   user set       Set user properties
   user show      Display user details
   volume backup create  Create new volume backup
   volume backup delete  Delete volume backup(s)
   volume backup list  List volume backups
   volume backup restore  Restore volume backup
   volume backup set  Set volume backup properties
   volume backup show  Display volume backup details
   volume create  Create new volume
   volume delete  Delete volume(s)
   volume host failover  Failover volume host to different backend
   volume host set  Set volume host properties
   volume list    List volumes
   volume migrate  Migrate volume to a new host
   volume qos associate  Associate a QoS specification to a volume type
   volume qos create  Create new QoS specification
   volume qos delete  Delete QoS specification
   volume qos disassociate  Disassociate a QoS specification from a volume type
   volume qos list  List QoS specifications
   volume qos set  Set QoS specification properties
   volume qos show  Display QoS specification details
   volume qos unset  Unset QoS specification properties
   volume service list  List service command
   volume service set  Set volume service properties
   volume set     Set volume properties
   volume show    Display volume details
   volume snapshot create  Create new volume snapshot
   volume snapshot delete  Delete volume snapshot(s)
   volume snapshot list  List volume snapshots
   volume snapshot set  Set volume snapshot properties
   volume snapshot show  Display volume snapshot details
   volume snapshot unset  Unset volume snapshot properties
   volume transfer request accept  Accept volume transfer request.
   volume transfer request create  Create volume transfer request.
   volume transfer request delete  Delete volume transfer request(s).
   volume transfer request list  Lists all volume transfer requests.
   volume transfer request show  Show volume transfer request details.
   volume type create  Create new volume type
   volume type delete  Delete volume type(s)
   volume type list  List volume types
   volume type set  Set volume type properties
   volume type show  Display volume type details
   volume type unset  Unset volume type properties
   volume unset   Unset volume properties
   vpn endpoint group create  Create an endpoint group (python-neutronclient)
   vpn endpoint group delete  Delete endpoint group(s) (python-neutronclient)
   vpn endpoint group list  List endpoint groups that belong to a given project (python-neutronclient)
   vpn endpoint group set  Set endpoint group properties (python-neutronclient)
   vpn endpoint group show  Display endpoint group details (python-neutronclient)
   vpn ike policy create  Create an IKE policy (python-neutronclient)
   vpn ike policy delete  Delete IKE policy (policies) (python-neutronclient)
   vpn ike policy list  List IKE policies that belong to a given project (python-neutronclient)
   vpn ike policy set  Set IKE policy properties (python-neutronclient)
   vpn ike policy show  Display IKE policy details (python-neutronclient)
   vpn ipsec policy create  Create an IPsec policy (python-neutronclient)
   vpn ipsec policy delete  Delete IPsec policy(policies) (python-neutronclient)
   vpn ipsec policy list  List IPsec policies that belong to a given project (python-neutronclient)
   vpn ipsec policy set  Set IPsec policy properties (python-neutronclient)
   vpn ipsec policy show  Display IPsec policy details (python-neutronclient)
   vpn ipsec site connection create  Create an IPsec site connection (python-neutronclient)
   vpn ipsec site connection delete  Delete IPsec site connection(s) (python-neutronclient)
   vpn ipsec site connection list  List IPsec site connections that belong to a given project (python-neutronclient)
   vpn ipsec site connection set  Set IPsec site connection properties (python-neutronclient)
   vpn ipsec site connection show  Show information of a given IPsec site connection (python-neutronclient)
   vpn service create  Create an VPN service (python-neutronclient)
   vpn service delete  Delete VPN service(s) (python-neutronclient)
   vpn service list  List VPN services that belong to a given project (python-neutronclient)
   vpn service set  Set VPN service properties (python-neutronclient)
   vpn service show  Display VPN service details (python-neutronclient)
   zone abandon   Abandon a zone (python-designateclient)
   zone axfr      AXFR a zone (python-designateclient)
   zone blacklist create  Create new blacklist (python-designateclient)
   zone blacklist delete  Delete blacklist (python-designateclient)
   zone blacklist list  List blacklists (python-designateclient)
   zone blacklist set  Set blacklist properties (python-designateclient)
   zone blacklist show  Show blacklist details (python-designateclient)
   zone create    Create new zone (python-designateclient)
   zone delete    Delete zone (python-designateclient)
   zone export create  Export a Zone (python-designateclient)
   zone export delete  Delete a Zone Export (python-designateclient)
   zone export list  List Zone Exports (python-designateclient)
   zone export show  Show a Zone Export (python-designateclient)
   zone export showfile  Show the zone file for the Zone Export (python-designateclient)
   zone import create  Import a Zone from a file on the filesystem (python-designateclient)
   zone import delete  Delete a Zone Import (python-designateclient)
   zone import list  List Zone Imports (python-designateclient)
   zone import show  Show a Zone Import (python-designateclient)
   zone list      List zones (python-designateclient)
   zone set       Set zone properties (python-designateclient)
   zone show      Show zone details (python-designateclient)
   zone transfer accept list  List Zone Transfer Accepts (python-designateclient)
   zone transfer accept request  Accept a Zone Transfer Request (python-designateclient)
   zone transfer accept show  Show Zone Transfer Accept (python-designateclient)
   zone transfer request create  Create new zone transfer request (python-designateclient)
   zone transfer request delete  Delete a Zone Transfer Request (python-designateclient)
   zone transfer request list  List Zone Transfer Requests (python-designateclient)
   zone transfer request set  Set a Zone Transfer Request (python-designateclient)
   zone transfer request show  Show Zone Transfer Request Details (python-designateclient)
 [root@centos-packstack-1 ~(keystone_admin)]#