Fluent OpenStack SDK for Java


Build Status License Maven Central javadoc Quality Gate Status

OpenStack4j is a fluent OpenStack client that allows provisioning and control of an OpenStack deployment. This includes support for Identity, Compute, Image, Network, Block Storage, Telemetry, Data Processing as well as many extensions (LBaaS, FWaaS, Quota-Sets, etc)

Documentation and Support

Bug Reports


  • OpenStack4j 3.2.X - Java 8+
  • OpenStack4j 3.0.X - Java 7 (JDK 8 preferred)
  • OpenStack4j 2.0.X - Java 7


Latest Release (Stable)

OpenStack4j version 2.0.0+ is now modular. One of the benefits to this is the ability to choose the connector that you would like to use in your environment.

Using OpenStack4j with the default Jersey2 Connector

    <groupId>com.github.openstack4j.core</<span class="pl-ent">groupId>
    <artifactId>openstack4j</<span class="pl-ent">artifactId>
    <version>...</<span class="pl-ent">version>
</<span class="pl-ent">dependency>

Using OpenStack4j with one of our connector modules

To configure OpenStack4j to use one of our supported connectors (Jersey 2, Resteasy, Apache HttpClient, OKHttp) see the usage guide

Current (Master Branch)

See notes above about connectors (same rules apply) to development branches.

    <groupId>com.github.openstack4j.core</<span class="pl-ent">groupId>
    <artifactId>openstack4j</<span class="pl-ent">artifactId>
    <version>...</<span class="pl-ent">version>
</<span class="pl-ent">dependency>

A note about referencing Snapshots without Source

Snapshots are deploys to sonatype. We automatically deploy snapshots on every merge into the master branch. Typically 5 - 10 snapshot releases before an official release.

You will need to add the repository to your POM or Settings file. Releases (above) are deployed to maven central and this step is not required.

Example POM based repository declaration to grab snapshots:

        <id>st-snapshots</<span class="pl-ent">id>
        <name>sonatype-snapshots</<span class="pl-ent">name>
        <url>https://oss.sonatype.org/content/repositories/snapshots</<span class="pl-ent">url>
    </<span class="pl-ent">repository>
</<span class="pl-ent">repositories>


If you would like to contribute please see our contributing guidelines

The OpenStack4j project is a work of Jeremy Unruh as the original project author and the community of contributors.

Quick Usage Guide

Below are some examples of the API usage. Please visit openstack4j.github.io for the full manual and getting started guides.


OpenStack4j 3.0.0+ supports Identity (Keystone) V3 and V2.

OpenStack4j 3.0.0 introduced some breaking changes. The legacy Identity V2 API now uses the class OSClientV2 in place of the class OSClient.

Using Identity V2 authentication:
// Identity V2 Authentication Example
OSClientV2 os = OSFactory.builderV2()
Using Identity V3 authentication

Creating and authenticating against OpenStack is extremely simple. Below is an example of authenticating which will result with the authorized OSClient. OSClient allows you to invoke Compute, Identity, Neutron operations fluently.

You can use either pass the users name or id and password in the following way

.credentials("username", "secret", Identifier.byId("domain id"))


.credentials("user id", "secret")

to provide credentials in each of the following cases.

Using Identity V3 authentication you basically have 4 options:

(1) authenticate with project-scope

OSClientV3 os = OSFactory.builderV3()
        .credentials("admin", "secret", Identifier.byId("user domain id"))
        .scopeToProject(Identifier.byId("project id"))

(2) authenticate with domain-scope

OSClientV3 os = OSFactory.builderV3()
        .credentials("admin", "secret", Identifier.byId("user domain id"))
        .scopeToDomain(Identifier.byId("domain id"))

(3) authenticate unscoped

OSClientV3 os = OSFactory.builderV3()
        .credentials("user id", "secret")

(4) authenticate with a token

OSClientV3 os = OSFactory.builderV3()
        .token("token id")
        .scopeToProject(Identifier.byId("project id"))

(5) authenticate using client certificate

openssl pkcs12 -export -out client-certificate-keystore.p12  -inkey key.pem -in cert.pem -certfile ca.pem
Enter Export Password:encrypt
Verifying - Enter Export Password:encrypt
String encrypt =  "encrypt";
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream(new File("client-certificate-keystore.p12")), encrypt.toCharArray());
SSLContext sslContext = SSLContexts.custom()
        //ignore server verify
        .loadTrustMaterial(new TrustStrategy() {
            public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                return true;
Config config = Config.newConfig();
OSClient.OSClientV3 osClient = OSFactory.builderV3()
        .scopeToProject(Identifier.byId("project id"))
        //.scopeToDomain(Identifier.byId("domain id"))

Identity Operations (Keystone) V3

After successful v3 - authentication you can invoke any Identity (Keystone) V3 directly from the OSClientV3.

Identity Services fully cover User, Role, Project, Domain, Group,.. service operations (in progess). The examples below are only a small fraction of the existing API so please refer to the API documentation for more details.

NOTE: The os used here is an instance of org.openstack4j.api.OSClient.OSClientV3.

User operations

// Create a User associated to the new Project
User user = os.identity().users().create(Builders.user()
	      .domainId("domain id")
	      .email("[email protected]")
User user = os.identity().users().create("domain id", "foobar", "secret", "[email protected]", true);

// Get detailed info on a user by id
User user = os.identity().users.get("user id");
//or by name and domain identifier
User user = os.identity().users.getByName("username", "domain id");

// Add a project based role to the user
os.identity().roles().grantProjectUserRole("project id","user id", "role id");

// Add a domain based role to the user
os.identity().roles().grantDomainUserRole("domain id","user id", "role id");

// Add a user to a group
os.identity().users().addUserToGroup("user id", "group id");

Role operations

// Get a list of all roles

// Get a role by name
os.identity().roles().getByName("role name");

Project operations

// Create a project

Identity Operations (Keystone) V2

After successful v2 - authentication you can invoke any Identity (Keystone) V2 directly from the OSClientV2.

Identity V2 Services fully cover Tenants, Users, Roles, Services, Endpoints and Identity Extension listings. The examples below are only a small fraction of the existing API so please refer to the API documentation for more details.

NOTE: The os used here is an instance of org.openstack4j.api.OSClient.OSClientV2.

Create a Tenant, User and associate a Role

// Create a Tenant (could also be created fluent within user create)
Tenant tenant = os.identity().tenants().create(

// Create a User associated to the new Tenant
User user = os.identity().users().create(

// Add a Tenant based Role to the User

Compute Operations (Nova)

OpenStack4j covers most the major common compute based operations. With the simplistic API approach you can fully manage Servers, Flavors, Images, Quota-Sets, Diagnostics, Tenant Usage and more. As the API evolves additional providers and extensions will be covered and documented within the API.

Create a Flavor and Boot a Server/VM

// Create a Flavor for a special customer base
Flavor flavor = os.compute().flavors().create(

// Create and Boot a new Server (minimal builder options shown in example)
Server server = os.compute().servers().boot(
    Builders.server().name("Ubuntu 2").flavor(flavor.getId()).image("imageId").build()

Create a new Server Snapshot

String imageId = os.compute().servers().createSnapshot(server.getId(), "Clean State Snapshot");

Server Diagnostics

Diagnostics are usage information about the server. Usage includes CPU, Memory and IO. Information is dependant on the hypervisor used by the OpenStack installation. As of right now there is no concrete diagnostic specification which is why the information is variable and in map form (key and value)

Map<String, ? extends Number> diagnostics = os.compute().servers().diagnostics("serverId");

Networks (Neutron)

Network Operations

// List the networks which the current authorized tenant has access to
ListNetwork> networks = os.networking().network().list();

// Create a Network
Network network = os.networking().network().create(

Subnet Operations

// List all subnets which the current authorized tenant has access to
ListSubnet> subnets = os.networking().subnet().list();

// Create a Subnet
Subnet subnet = os.networking().subnet().create(Builders.subnet()
        .addPool("", "")

Router Operations

// List all Routers
ListRouter> = os.networking().router().list();

// Create a Router
Router router = os.networking().router().create(

Image Operations (Glance)

Basic Operations

// List all Images
ListImage> images = os.images().list();

// Get an Image by ID
Image image = os.images().get("imageId");

// Delete a Image

// Update a Image
Image image = os.images().get("imageId");

   image.toBuilder().name("VM Image Name").minDisk(1024).property("personal-distro", "true")

Download the Image Data

InputStream is = os.images().getAsStream("imageId");

Create a Image

// (URL Payload in this example, File, InputStream are other payloads available)
Payload<URL> create = Payloads.create(new URL("https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img"))
Image req = Builders.image().name("Cirros 0.3.0 x64").isPublic(true).containerFormat(ContainerFormat.BARE).diskFormat(DiskFormat.QCOW2).build()
Image image = c.images().create(req, create)


This software is licensed under the Apache 2 license, quoted below.

Copyright 2019 ContainX and OpenStack4j

Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of
the License at


Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
the License.

更多同类问题请参考: 微信小程序问题合集