diff --git a/README.rst b/README.rst
index 632d55542..57479777b 100644
--- a/README.rst
+++ b/README.rst
@@ -221,48 +221,13 @@ in Fedora <http://pkgs.fedoraproject.org/cgit/openstack-ironic-discoverd.git/pla
 Usage
 -----
 
-**ironic-inspector** has a simple client library for Python and a CLI tool
-bundled with it.
-
-Client library is in module ``ironic_inspector.client``, every call
-accepts additional optional arguments:
-
-* ``base_url`` **ironic-inspector** API endpoint, defaults to
-  ``127.0.0.1:5050``,
-* ``auth_token`` Keystone authentication token.
-
-CLI tool is based on OpenStackClient_ with prefix
-``openstack baremetal introspection``. Accepts optional argument
-``--inspector-url`` with the **ironic-inspector** API endpoint.
-
-* **Start introspection on a node**:
-
-  ``introspect(uuid, new_ipmi_username=None, new_ipmi_password=None)``
-
-  ::
-
-    $ openstack baremetal introspection start UUID [--new-ipmi-password=PWD [--new-ipmi-username=USER]]
-
-  * ``uuid`` - Ironic node UUID;
-  * ``new_ipmi_username`` and ``new_ipmi_password`` - if these are set,
-    **ironic-inspector** will switch to manual power on and assigning IPMI
-    credentials on introspection. See `Setting IPMI Credentials`_ for details.
-
-* **Query introspection status**:
-
-  ``get_status(uuid)``
-
-  ::
-
-    $ openstack baremetal introspection status UUID
-
-  * ``uuid`` - Ironic node UUID.
-
 Refer to HTTP-API.rst_ for information on the HTTP API.
+Refer to the `client page`_ for information on how to use CLI and Python
+library.
 
-.. _OpenStackClient: http://docs.openstack.org/developer/python-openstackclient/
 .. _HTTP-API.rst: https://github.com/openstack/ironic-inspector/blob/master/HTTP-API.rst
 .. _HTTP API: https://github.com/openstack/ironic-inspector/blob/master/HTTP-API.rst
+.. _client page: https://pypi.python.org/pypi/python-ironic-inspector-client
 
 Using from Ironic API
 ~~~~~~~~~~~~~~~~~~~~~
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 5c2b5a2dc..c13d7908d 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -22,6 +22,10 @@ IRONIC_INSPECTOR_INTERFACE=${IRONIC_INSPECTOR_INTERFACE:-br-inspector}
 IRONIC_INSPECTOR_INTERNAL_URI="http://$IRONIC_INSPECTOR_INTERNAL_IP:$IRONIC_INSPECTOR_PORT"
 IRONIC_INSPECTOR_INTERNAL_IP_WITH_NET=$IRONIC_INSPECTOR_INTERNAL_IP/$IRONIC_INSPECTOR_INTERNAL_SUBNET_SIZE
 
+GITDIR["python-ironic-inspector-client"]=$DEST/python-ironic-inspector-client
+GITREPO["python-ironic-inspector-client"]=${IRONIC_INSPECTOR_CLIENT_REPO:-${GIT_BASE}/openstack/python-ironic-inspector-client.git}
+GITBRANCH["python-ironic-inspector-client"]=${IRONIC_INSPECTOR_CLIENT_BRANCH:-master}
+
 ### Utilities
 
 function mkdir_chown_stack {
@@ -47,6 +51,16 @@ function install_inspector_dhcp {
     install_package dnsmasq
 }
 
+function install_inspector_client {
+    if use_library_from_git python-ironic-inspector-client; then
+        git_clone_by_name python-ironic-inspector-client
+        setup_dev_lib python-ironic-inspector-client
+    else
+        # TODO(dtantsur): switch to pip_install_gr
+        pip_install python-ironic-inspector-client
+    fi
+}
+
 function start_inspector {
     screen_it ironic-inspector \
         "cd $IRONIC_INSPECTOR_DIR && $IRONIC_INSPECTOR_CMD"
@@ -183,6 +197,7 @@ if [[ "$1" == "stack" && "$2" == "install" ]]; then
         install_inspector_dhcp
     fi
     install_inspector
+    install_inspector_client
 elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
     echo_summary "Configuring ironic-inspector"
     cleanup_inspector
diff --git a/functest/run.py b/functest/run.py
index e5561d957..48b5b6166 100644
--- a/functest/run.py
+++ b/functest/run.py
@@ -25,10 +25,10 @@ import sys
 import tempfile
 import unittest
 
+import ironic_inspector_client as client
 import mock
 import requests
 
-from ironic_inspector import client
 from ironic_inspector import main
 from ironic_inspector.test import base
 from ironic_inspector import utils
diff --git a/ironic_inspector/client.py b/ironic_inspector/client.py
deleted file mode 100644
index ded56d57a..000000000
--- a/ironic_inspector/client.py
+++ /dev/null
@@ -1,102 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import json
-import logging
-
-from oslo_utils import netutils
-import requests
-import six
-
-from ironic_inspector.common.i18n import _
-
-
-_DEFAULT_URL = 'http://' + netutils.get_my_ipv4() + ':5050/v1'
-_ERROR_ENCODING = 'utf-8'
-LOG = logging.getLogger('ironic_inspector_client')
-
-
-def _prepare(base_url, auth_token):
-    base_url = (base_url or _DEFAULT_URL).rstrip('/')
-    if not base_url.endswith('v1'):
-        base_url += '/v1'
-    headers = {'X-Auth-Token': auth_token} if auth_token else {}
-    return base_url, headers
-
-
-class ClientError(requests.HTTPError):
-    """Error returned from a server."""
-    def __init__(self, response):
-        # inspector returns error message in body
-        msg = response.content.decode(_ERROR_ENCODING)
-        try:
-            msg = json.loads(msg)['error']['message']
-        except ValueError:
-            LOG.debug('Old style error response returned, assuming '
-                      'ironic-discoverd')
-        except (KeyError, TypeError):
-            LOG.exception('Bad error response from ironic-inspector')
-        super(ClientError, self).__init__(msg, response=response)
-
-    @classmethod
-    def raise_if_needed(cls, response):
-        """Raise exception if response contains error."""
-        if response.status_code >= 400:
-            raise cls(response)
-
-
-def introspect(uuid, base_url=None, auth_token=None,
-               new_ipmi_password=None, new_ipmi_username=None):
-    """Start introspection for a node.
-
-    :param uuid: node uuid
-    :param base_url: *ironic-inspector* URL in form: http://host:port[/ver],
-                     defaults to ``http://<current host>:5050/v1``.
-    :param auth_token: Keystone authentication token.
-    :param new_ipmi_password: if set, *ironic-inspector* will update IPMI
-                              password to this value.
-    :param new_ipmi_username: if new_ipmi_password is set, this values sets
-                              new IPMI user name. Defaults to one in
-                              driver_info.
-    """
-    if not isinstance(uuid, six.string_types):
-        raise TypeError(_("Expected string for uuid argument, got %r") % uuid)
-    if new_ipmi_username and not new_ipmi_password:
-        raise ValueError(_("Setting IPMI user name requires a new password"))
-
-    base_url, headers = _prepare(base_url, auth_token)
-    params = {'new_ipmi_username': new_ipmi_username,
-              'new_ipmi_password': new_ipmi_password}
-    res = requests.post("%s/introspection/%s" % (base_url, uuid),
-                        headers=headers, params=params)
-    ClientError.raise_if_needed(res)
-
-
-def get_status(uuid, base_url=None, auth_token=None):
-    """Get introspection status for a node.
-
-    New in ironic-inspector version 1.0.0.
-    :param uuid: node uuid.
-    :param base_url: *ironic-inspector* URL in form: http://host:port[/ver],
-                     defaults to ``http://<current host>:5050/v1``.
-    :param auth_token: Keystone authentication token.
-    :raises: *requests* library HTTP errors.
-    """
-    if not isinstance(uuid, six.string_types):
-        raise TypeError(_("Expected string for uuid argument, got %r") % uuid)
-
-    base_url, headers = _prepare(base_url, auth_token)
-    res = requests.get("%s/introspection/%s" % (base_url, uuid),
-                       headers=headers)
-    ClientError.raise_if_needed(res)
-    return res.json()
diff --git a/ironic_inspector/shell.py b/ironic_inspector/shell.py
deleted file mode 100644
index f45bea3cd..000000000
--- a/ironic_inspector/shell.py
+++ /dev/null
@@ -1,96 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""OpenStackClient plugin for ironic-inspector."""
-
-from __future__ import print_function
-
-import logging
-
-from cliff import command
-from cliff import show
-from openstackclient.common import utils
-
-from ironic_inspector import client
-
-
-LOG = logging.getLogger('ironic_inspector.shell')
-API_NAME = 'baremetal-introspection'
-API_VERSION_OPTION = 'inspector_api_version'
-DEFAULT_VERSION = '1'
-API_VERSIONS = {
-    "1": "ironic_inspector.shell",
-}
-
-
-def build_option_parser(parser):
-    parser.add_argument('--inspector-api-version',
-                        default=utils.env('INSPECTOR_VERSION',
-                                          default=DEFAULT_VERSION),
-                        help='inspector API version, only 1 is supported now '
-                        '(env: INSPECTOR_VERSION).')
-    return parser
-
-
-class StartCommand(command.Command):
-    """Start the introspection."""
-
-    def get_parser(self, prog_name):
-        parser = super(StartCommand, self).get_parser(prog_name)
-        _add_common_arguments(parser)
-        parser.add_argument('--new-ipmi-username',
-                            default=None,
-                            help='if set, *ironic-inspector* will update IPMI '
-                            'user name to this value')
-        parser.add_argument('--new-ipmi-password',
-                            default=None,
-                            help='if set, *ironic-inspector* will update IPMI '
-                            'password to this value')
-        return parser
-
-    def take_action(self, parsed_args):
-        auth_token = self.app.client_manager.auth_ref.auth_token
-        client.introspect(parsed_args.uuid, base_url=parsed_args.inspector_url,
-                          auth_token=auth_token,
-                          new_ipmi_username=parsed_args.new_ipmi_username,
-                          new_ipmi_password=parsed_args.new_ipmi_password)
-        if parsed_args.new_ipmi_password:
-            print('Setting IPMI credentials requested, please power on '
-                  'the machine manually')
-
-
-class StatusCommand(show.ShowOne):
-    """Get introspection status."""
-
-    def get_parser(self, prog_name):
-        parser = super(StatusCommand, self).get_parser(prog_name)
-        _add_common_arguments(parser)
-        return parser
-
-    def take_action(self, parsed_args):
-        auth_token = self.app.client_manager.auth_ref.auth_token
-        status = client.get_status(parsed_args.uuid,
-                                   base_url=parsed_args.inspector_url,
-                                   auth_token=auth_token)
-        return zip(*sorted(status.items()))
-
-
-def _add_common_arguments(parser):
-    """Add commonly used arguments to a parser."""
-    parser.add_argument('uuid', help='baremetal node UUID')
-    # FIXME(dtantsur): this should be in build_option_parser, but then it won't
-    # be available in commands
-    parser.add_argument('--inspector-url',
-                        default=utils.env('INSPECTOR_URL', default=None),
-                        help='inspector URL, defaults to localhost '
-                        '(env: INSPECTOR_URL).')
diff --git a/ironic_inspector/test/test_client.py b/ironic_inspector/test/test_client.py
deleted file mode 100644
index aa64d9021..000000000
--- a/ironic_inspector/test/test_client.py
+++ /dev/null
@@ -1,139 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import unittest
-
-import mock
-from oslo_utils import netutils
-from oslo_utils import uuidutils
-
-from ironic_inspector import client
-
-
-@mock.patch.object(client.requests, 'post', autospec=True,
-                   **{'return_value.status_code': 200})
-class TestIntrospect(unittest.TestCase):
-    def setUp(self):
-        super(TestIntrospect, self).setUp()
-        self.uuid = uuidutils.generate_uuid()
-        self.my_ip = 'http://' + netutils.get_my_ipv4() + ':5050/v1'
-
-    def test(self, mock_post):
-        client.introspect(self.uuid, base_url="http://host:port",
-                          auth_token="token")
-        mock_post.assert_called_once_with(
-            "http://host:port/v1/introspection/%s" % self.uuid,
-            headers={'X-Auth-Token': 'token'},
-            params={'new_ipmi_username': None, 'new_ipmi_password': None}
-        )
-
-    def test_invalid_input(self, _):
-        self.assertRaises(TypeError, client.introspect, 42)
-        self.assertRaises(ValueError, client.introspect, 'uuid',
-                          new_ipmi_username='user')
-
-    def test_full_url(self, mock_post):
-        client.introspect(self.uuid, base_url="http://host:port/v1/",
-                          auth_token="token")
-        mock_post.assert_called_once_with(
-            "http://host:port/v1/introspection/%s" % self.uuid,
-            headers={'X-Auth-Token': 'token'},
-            params={'new_ipmi_username': None, 'new_ipmi_password': None}
-        )
-
-    def test_default_url(self, mock_post):
-        client.introspect(self.uuid, auth_token="token")
-        mock_post.assert_called_once_with(
-            "%(my_ip)s/introspection/%(uuid)s" %
-            {'my_ip': self.my_ip, 'uuid': self.uuid},
-            headers={'X-Auth-Token': 'token'},
-            params={'new_ipmi_username': None, 'new_ipmi_password': None}
-        )
-
-    def test_set_ipmi_credentials(self, mock_post):
-        client.introspect(self.uuid, base_url="http://host:port",
-                          auth_token="token", new_ipmi_password='p',
-                          new_ipmi_username='u')
-        mock_post.assert_called_once_with(
-            "http://host:port/v1/introspection/%s" % self.uuid,
-            headers={'X-Auth-Token': 'token'},
-            params={'new_ipmi_username': 'u', 'new_ipmi_password': 'p'}
-        )
-
-    def test_none_ok(self, mock_post):
-        client.introspect(self.uuid)
-        mock_post.assert_called_once_with(
-            "%(my_ip)s/introspection/%(uuid)s" %
-            {'my_ip': self.my_ip, 'uuid': self.uuid},
-            headers={},
-            params={'new_ipmi_username': None, 'new_ipmi_password': None}
-        )
-
-    def test_failed(self, mock_post):
-        mock_post.return_value.status_code = 404
-        mock_post.return_value.content = b'{"error":{"message":"boom"}}'
-        self.assertRaisesRegexp(client.ClientError, "boom",
-                                client.introspect, self.uuid)
-
-    def test_failed_discoverd_style(self, mock_post):
-        mock_post.return_value.status_code = 404
-        mock_post.return_value.content = b"boom"
-        self.assertRaisesRegexp(client.ClientError, "boom",
-                                client.introspect, self.uuid)
-
-    def test_failed_bad_json(self, mock_post):
-        mock_post.return_value.status_code = 404
-        mock_post.return_value.content = b'42'
-        self.assertRaisesRegexp(client.ClientError, "42",
-                                client.introspect, self.uuid)
-
-
-@mock.patch.object(client.requests, 'get', autospec=True,
-                   **{'return_value.status_code': 200})
-class TestGetStatus(unittest.TestCase):
-    def setUp(self):
-        super(TestGetStatus, self).setUp()
-        self.uuid = uuidutils.generate_uuid()
-        self.my_ip = 'http://' + netutils.get_my_ipv4() + ':5050/v1'
-
-    def test(self, mock_get):
-        mock_get.return_value.json.return_value = 'json'
-
-        client.get_status(self.uuid, auth_token='token')
-
-        mock_get.assert_called_once_with(
-            "%(my_ip)s/introspection/%(uuid)s" %
-            {'my_ip': self.my_ip, 'uuid': self.uuid},
-            headers={'X-Auth-Token': 'token'}
-        )
-
-    def test_invalid_input(self, _):
-        self.assertRaises(TypeError, client.get_status, 42)
-
-    def test_failed(self, mock_post):
-        mock_post.return_value.status_code = 404
-        mock_post.return_value.content = b'{"error":{"message":"boom"}}'
-        self.assertRaisesRegexp(client.ClientError, "boom",
-                                client.get_status, self.uuid)
-
-    def test_failed_discoverd_style(self, mock_post):
-        mock_post.return_value.status_code = 404
-        mock_post.return_value.content = b"boom"
-        self.assertRaisesRegexp(client.ClientError, "boom",
-                                client.get_status, self.uuid)
-
-    def test_failed_bad_json(self, mock_post):
-        mock_post.return_value.status_code = 404
-        mock_post.return_value.content = b'42'
-        self.assertRaisesRegexp(client.ClientError, "42",
-                                client.get_status, self.uuid)
diff --git a/setup.cfg b/setup.cfg
index 4369de04c..303325678 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -34,11 +34,6 @@ ironic_inspector.hooks.processing =
     root_device_hint = ironic_inspector.plugins.root_device_hint:RootDeviceHintHook
 ironic_inspector.hooks.node_not_found =
     example = ironic_inspector.plugins.example:example_not_found_hook
-openstack.cli.extension =
-    baremetal-introspection = ironic_inspector.shell
-openstack.baremetal_introspection.v1 =
-    baremetal_introspection_start = ironic_inspector.shell:StartCommand
-    baremetal_introspection_status = ironic_inspector.shell:StatusCommand
 oslo.config.opts =
     ironic_inspector = ironic_inspector.conf:list_opts
     ironic_inspector.common.swift = ironic_inspector.common.swift:list_opts
diff --git a/tox.ini b/tox.ini
index 24e0ad694..c0c974fb8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -39,6 +39,8 @@ deps =
     -r{toxinidir}/requirements.txt
     -r{toxinidir}/test-requirements.txt
     -r{toxinidir}/plugin-requirements.txt
+    # TODO(dtantsur): move to test-reqs once it's in global-requirements
+    python-ironic-inspector-client
 commands =
     python functest/run.py