Human Interface Guide

Note: This page covers the OpenStackClient CLI only but looks familiar because it was derived from the Horizon HIG.


What is a HIG? The Human Interface Guidelines document was created for OpenStack developers in order to direct the creation of new OpenStackClient command interfaces.


Personas are archetypal users of the system. Keep these types of users in mind when designing the interface.

Alice the admin

Alice is an administrator who is responsible for maintaining the OpenStack cloud installation. She has many years of experience with Linux systems administration.

Darren the deployer

Darren is responsible for doing the initial OpenStack deployment on the host machines.

Emile the end-user

Emile uses the cloud to do software development inside of the virtual machines. She uses the command-line tools because she finds it quicker than using the dashboard.


The principles established in this section define the high-level priorities to be used when designing and evaluating interactions for the OpenStack command line interface. Principles are broad in scope and can be considered the philosophical foundation for the OpenStack experience; while they may not describe the tactical implementation of design, they should be used when deciding between multiple courses of design.

A significant theme for designing for the OpenStack experience concerns focusing on common uses of the system rather than adding complexity to support functionality that is rarely used.


Consistency between OpenStack experiences will ensure that the command line interface feels like a single experience instead of a jumble of disparate products. Fractured experiences only serve to undermine user expectations about how they should interact with the system, creating an unreliable user experience. To avoid this, each interaction and visual representation within the system must be used uniformly and predictably. The architecture and elements detailed in this document will provide a strong foundation for establishing a consistent experience.

Example Review Criteria

  • Do the command actions adhere to a consistent application of actions?

  • Has a new type of command subject or output been introduced?

  • Does the design use command elements (options and arguments) as defined? (See Core Elements.)

  • Can any newly proposed command elements (actions or subjects) be accomplished with existing elements?

  • Does the design adhere to the structural model of the core experience? (See Core Architecture.)

  • Are any data objects displayed or manipulated in a way contradictory to how they are handled elsewhere in the core experience?


To best support new users and create straight forward interactions, designs should be as simple as possible. When crafting new commands, designs should minimize the amount of noise present in output: large amounts of nonessential data, overabundance of possible actions and so on. Designs should focus on the intent of the command, requiring only the necessary components and either removing superfluous elements or making them accessible through optional arguments. An example of this principle occurs in OpenStack’s use of tables: only the most often used columns are shown by default. Further data may be accessed through the output control options, allowing users to specify the types of data that they find useful in their day-to-day work.

Example Review Criteria

  • Can options be used to combine otherwise similar commands?

  • How many of the displayed elements are relevant to the majority of users?

  • If multiple actions are required for the user to complete a task, is each step required or can the process be more efficient?

User-Centered Design

Commands should be design based on how a user will interact with the system and not how the system’s backend is organized. While database structures and APIs may define what is possible, they often do not define good user experience; consider user goals and the way in which users will want to interact with their data, then design for these work flows and mold the interface to the user, not the user to the interface.

Commands should be discoverable via the interface itself.

To determine a list of available commands, use the -h or --help options:

$ openstack --help

For help with an individual command, use the help command:

$ openstack help server create

Example Review Criteria

  • How quickly can a user figure out how to accomplish a given task?

  • Has content been grouped and ordered according to usage relationships?

  • Do work flows support user goals or add complexity?


Make sure users understand the current state of their infrastructure and interactions. For example, users should be able to access information about the state of each machine/virtual machine easily, without having to actively seek out this information. Whenever the user initiates an action, make sure a confirmation is displayed[1] to show that an input has been received. Upon completion of a process, make sure the user is informed. Ensure that the user never questions the state of their environment.

[1] This goes against the common UNIX philosophy of only reporting error conditions and output that is specifically requested.

Example Review Criteria

  • Does the user receive feedback when initiating a process?

  • When a process is completed?

  • Does the user have quick access to the state of their infrastructure?


Command Structure

OpenStackClient has a consistent and predictable format for all of its commands.

  • The top level command name is openstack

  • Sub-commands take the form:

openstack [<global-options>] <object-1> <action> [<object-2>] [<command-arguments>]

Subcommands shall have three distinct parts to its commands (in order that they appear):

  • global options

  • command object(s) and action

  • command options and arguments

Output formats:

  • user-friendly tables with headers, etc

  • machine-parsable delimited


A note on terminology. An argument is a positional parameter to the command. As discussed later, these should be used sparingly in OpenStackClient. An option - also known as a flag - is a named parameter denoted with either a hyphen and a single-letter name (-r) or a double hyphen and a multiple-letter name (--recursive). They may or may not also include a user-specified value (--file foo.txt or --file=foo.txt).

For more information on this topic and CLIs in general, refer to the excellent Command Line Interface Guidelines website.

Global Options

Global options are global in the sense that they apply to every command invocation regardless of action to be performed. They include authentication credentials and API version selection. Most global options have a corresponding environment variable that may also be used to set the value. If both are present, the command-line option takes priority. The environment variable names are derived from the option name by dropping the leading dashes (--), converting each embedded dash (-) to an underscore (_), and converting to upper case.

  • Global options shall always have a long option name, certain common options may also have short names. Short names should be reserved for global options to limit the potential for duplication and multiple meanings between commands given the limited set of available short names.

  • All long options names shall begin with two dashes (--) and use a single dash (-) internally between words (--like-this). Underscores (_) shall not be used in option names.

  • Authentication options conform to the common CLI authentication guidelines in Authentication.

For example, --os-username can be set from the environment via OS_USERNAME.


The standard --help global option displays the documentation for invoking the program and a list of the available commands on standard output. All other options and commands are ignored when this is present. The traditional short form help option (-h) is also available.


The standard --version option displays the name and version on standard output. All other options and commands are ignored when this is present.

Objects and Actions

Commands consist of an object, described by one or more words, followed by an action.

<object> <action>

For example:

  • group create

  • server set

  • volume type list

(note that volume type is a two-word single object)

Some commands require two objects. These commands have the primary object ahead of the action and the secondary object after the action. In badly formed English it is expressed as “(Take) object-1 (and perform) action (using) object-2 (to it).”

<object-1> <action> <object-2>

For example:

  • group add user

  • aggregate add host

  • image remove project

Object names are always specified in command in their singular form. This is contrary to natural language use.


The help command is unique as it appears in front of a normal command and displays the help text for that command rather than execute it.


Commands that interact with a specific instance of an object should accept a single argument. This argument should be a name or identifier for the object.

<object> <action> [<name-or-id>]

For example:

  • group create <group>

  • server set <server>

(note that volume type is a two-word single object)

For commands that require two objects, the commands should accept two arguments when interacting with specific instances of the two objects. These arguments should appear in the same order as the objects.

<object-1> <action> <object-2> [<object-1-name-or-id> <object-2-name-or-id>]

For example:

  • group add user <group> <user>

  • aggregate add host <aggregate> <host>

  • image remove project <image> <project>


Each command may have its own set of options distinct from the global options. They follow the same style as the global options and always appear between the command and any arguments the command requires.

Command options should only have long names. The small range of available short names makes it hard for a single short option name to have a consistent meaning across multiple commands.

Option Forms
  • datetime: Datetime options shall accept a value in ISO-8061 format. For example, you can list servers last modified before a given date using --changes-before.

    server list --changes-before 2020-01-01T12:30:00+00:00
  • list: List options shall be passed via multiple options rather than as a single delimited option. For example, you can set multiple properties on a compute flavor using multiple --property options.

    flavor set --property quota:read_bytes_sec=10240000 \
        --property quota:write_bytes_sec=10240000 \
  • boolean: Boolean options shall use a form of --<true>|--<false> (preferred) or --<option>|--no-<option>. These must be mutually exclusive and should be adjective rather than verbs. For example, the enabled state of a project is set with --enable|--disable.

    project set --enable <project>

Command Output

The default command output is pretty-printed using the Python prettytable module.

Machine-parsable output format may be specified with the --format option to list and show commands. list commands have an option (--format csv) for CSV output and show commands have an option (--format shell) for the shell variable assignment syntax of var="value". In both cases, all data fields are quoted with "

Help Commands

The help system is considered separately due to its special status among the commands. Rather than performing tasks against a system, it provides information about the commands available to perform those tasks. The format of the help command therefore varies from the form for other commands in that the help command appears in front of the first object in the command.

The options --help and -h display the global options and a list of the supported commands. Note that the commands shown depend on the API versions that are in effect; i.e. if --os-identity-api-version=3 is present Identity API v3 commands are shown.

Common Actions

There are a number of common actions or patterns in use across OpenStackClient. When adding new commands, they should aim to match one of these action formats.


create will create a new instance of <object>. Only a name should be accepted as an argument. All other required and optional information should be provided as options. If a name is not required, it can be marked as optional. If it is not possible to specify a name when creating a new instance, no arguments should be accepted.

<object> create <name>

For example:

  • flavor create <name> (compute flavors require a name)

  • volume create [<name>] ... (block storage volumes don’t need names)

  • consumer create ... (identity consumers don’t have names)

  • container create --public <name> (additional information should be provided as options)


show will fetch a single instance of object. Only a name or identifier should be accepted as a argument. Any filters or additional information should be provided as options. Where names are not unique or an instance is not found, an error must be shown so the user can try again using a unique or valid ID, respectively.

<object> show <name-or-id>

For example:

  • server show <name-or-id> (compute servers have names or IDs and can be referenced by both)

  • consumer show <id> (identity consumers only have IDs, not names)

  • server show --topology <name-or-id> (additional information should be provided as options)


list will list multiple instances of object. No arguments should be accepted. Any filters or pagination requests should be requested via option arguments.

<object> list

For example:

  • image list (no arguments should be accepted)

  • server list --status ACTIVE (filters should be provided as option arguments)


delete will delete one or more instances of object. Where possible, this command should handle deleting instances of object by either name or ID. Where names are not unique or an instance is not found, the command should continue deleting any other instances requested before returning an error indicating the instances that failed to delete.

<object> delete <name-or-id> [<name-or-id> ...]

For example:

  • network delete <name-or-id>

  • region delete <name-or-id>

set, unset

set and unset will add or remove one or more attributes of an instance of object, respectively. Only a name or identifier should be accepted as a argument. All other information should be provided as option arguments. Where names are not unique or an instance is not found, an error must be shown so the user can try again using a unique or valid ID, respectively. This command may result in multiple API calls but it must not result in the creation or modification of child object.

<object> set <name-or-id>

For example:

  • network set <name-or-id>

  • floating ip unset --port <port> <name-or-id> (additional information should be provided as options)

add, remove

add and remove will associate or disassociate a child object with a parent object. Only a name or identifier for both parent and child objects should be accepted as arguments. All other information should be provided as options. Where names are not unique or an instance is not found, an error must be shown so the user can try again using a unique or valid ID, respectively.

<parent-object> add <child-object> <parent-name-or-id> <child-name-or-id>
<parent-object> remove <child-object> <parent-name-or-id> <child-name-or-id>

For example:

  • aggregate add host <aggregate-name-or-id> <host>

  • consistency group add volume <consistency-group-name-or-id> <volume-name-or-id>

Other actions

There are other actions that do not fit neatly into any of the above actions. Typically, these are used where an action would create a child object but that child object is only exposed as part of the parent object. They are also used where fitting the action into one of the above actions, particularly set, would be deemed to be confusing or otherwise inappropriate. These are permitted once this has been discussed among reviewers and context provided in either the commit message or via comments in the code.

For example:

  • server ssh (this would not naturally fit into any of the other actions)

  • server migrate (this results in the creation of a server migration record and could be implemented as server migration create but this feels unnatural)

  • server migration confirm (this could be implemented as server migration set --confirm but this feels unnatural)

  • volume backup record export (this could be implemented as volume backup record show --exportable but this feels unnatural)


The guidelines below are best practices but exceptions do exist in OpenStackClient and in various plugins. Where possible, these exceptions should be addressed over time.

API versioning

OpenStackClient will strive to behave sensibly for services that version their API. The API versioning schemes in use vary between services and have evolved since the early days of OpenStack. There are two types of API versioning to consider: the major version and the minor version. Today, most OpenStack services have settled on a single major API version and have chosen to evolve the API without bumping the major API version any further. There are three API “minor” versioning schemes in common use.

Per-release versions

This is used by the Image service (glance). All changes to the API during a given release cycle are gathered into a single new API version. As such, the API version will increase at most once per release. You can continue to request older versions.


Image (glance) API versions per release


Supported 2.x API versions


2.0 - 2.1


2.0 - 2.2


2.0 - 2.3


This is used by multiple services including the Compute service (nova), Block Storage service (cinder), and Shared Filesystem service (manila). Each change to the API will result in a new API version. As such, the API version can increase multiple times per release. You can continue to request older versions.


Compute (nova) API versions per release


Supported 2.x API versions


2.1 - 2.3


2.1 - 2.12


2.1 - 2.25


This is used by the Networking service (neutron). It’s a versioning scheme that doesn’t use API versions. Instead, it exposes a list of available extensions. An extension can add, remove or modify features and vendor-specific functionality to the API. This can include API resources/routes as well as new fields in API requests and responses. If you want to depend on a feature added by an extension, you should check if the extension is present.

Major API version support

Major API version support has become less important over time as the various OpenStack services have chosen to focus on the “minor” versioning mechanisms described above. However, OpenStackClient aims to support all OpenStack clouds, not just those running the most recent OpenStack release. This means it must aim to support older major API versions that have since been removed from the services in question. For example, the Volume service’s (cinder) v2 API was deprecated in cinder 11.0.0 (Pike) and was removed in cinder 19.0.0 (Xena), however, OpenStackClient continues to support this API since not all OpenStack deployments have updated or will update to Xena or later. This should remain the case for as long as this support is technically feasible.


While OpenStackClient will continue to support existing command implementations for older APIs, there is no requirement to add new commands that implement support for deprecated or removed APIs.

OpenStackClient provides different command implementations depending on the API version used. On startup, OpenStackClient will attempt to identify the API version using the service catalog. Where a service provides multiple API major versions, OpenStackClient defaults to the latest one. This can be configured by the user using options (--os-{service}-api-version), environment variables (OS_{service}_API_VERSION) or configuration in the clouds.yaml file.

Minor API version and extension support

As most services implement some form of versioning and use this to both add new functionality and to modify or remove existing functionality, it is imperative that OpenStackClient provides a mechanism to configure the API version used. Unlike major API versions, support for API microversions or API extensions is implemented via logic in the command itself. OpenStackClient commands should indicate the minimum or maximum API microversion or the API extension required for given actions and options in the help string for same. Where a user attempts to use a feature that requires a particular microversion or extension that the service does not support, OpenStackClient should fail with an error message describing these requirements. Like API versions, the requested can be configured by the user using options (--os-{service}-api-version), environment variables (OS_{service}_API_VERSION) or configuration in clouds.yaml file.


Historically, OpenStackClient has defaulted to the lowest supported microversion for each service. This was not by design but rather a side effect of relying on legacy clients who implement this behavior. openstacksdk does not implement this behavior and instead auto-negotiates a version based on the versions that SDK knows about. For now, this means we have some commands that require explicit microversion configuration to get the latest and greatest behavior, while others will handle this transparently. For humans, this should not matter. For scripts, which are more fragile, it is recommended that an explicit microversion is always requested.


The following examples depict common command and output formats expected to be produces by the OpenStackClient.


Using global options:

$ openstack --os-tenant-name ExampleCo --os-username demo --os-password secret --os-auth-url http://localhost:5000:/v2.0 server show appweb01
|        Property        |                Value                                |
| OS-DCF:diskConfig      | MANUAL                                              |
| OS-EXT-STS:power_state | 1                                                   |
| flavor                 | m1.small                                            |
| id                     | dcbc2185-ba17-4f81-95a9-c3fae9b2b042                |
| image                  | Ubuntu 12.04 (754c231e-ade2-458c-9f91-c8df107ff7ef) |
| keyname                | demo-key                                            |
| name                   | appweb01                                            |
| private_address        |                                         |
| status                 | ACTIVE                                              |
| user                   | demo                                                |

Using environment variables:

$ export OS_TENANT_NAME=ExampleCo
$ export OS_USERNAME=demo
$ export OS_PASSWORD=secret
$ export OS_AUTH_URL=http://localhost:5000:/v2.0
$ openstack server show appweb01
|        Property        |                Value                                |
| OS-DCF:diskConfig      | MANUAL                                              |
| OS-EXT-STS:power_state | 1                                                   |
| flavor                 | m1.small                                            |
| id                     | dcbc2185-ba17-4f81-95a9-c3fae9b2b042                |
| image                  | Ubuntu 12.04 (754c231e-ade2-458c-9f91-c8df107ff7ef) |
| keyname                | demo-key                                            |
| name                   | appweb01                                            |
| private_address        |                                         |
| status                 | ACTIVE                                              |
| user                   | demo                                                |

Machine Output Format

Using the CSV output format with a list command:

$ openstack server list --format csv

Using the show command options of shell output format and adding a prefix of my_ to avoid collisions with existing environment variables:

$ openstack server show --format shell --prefix my_ appweb01
my_image="Ubuntu 12.04 (754c231e-ade2-458c-9f91-c8df107ff7ef)"