1ovn-sbctl(8)                  Open vSwitch Manual                 ovn-sbctl(8)
2
3
4

NAME

6       ovn-sbctl  -  utility for querying and configuring OVN_Southbound data‐
7       base
8

SYNOPSIS

10       ovn-sbctl [options] -- [options] command [args] [--  [options]  command
11       [args]]...
12

DESCRIPTION

14       The ovn-sbctl program configures the OVN_Southbound database by provid‐
15       ing  a  high-level  interface  to  its  configuration  database.    See
16       ovn-sb(5) for comprehensive documentation of the database schema.
17
18       ovn-sbctl  connects  to  an  ovsdb-server  process  that  maintains  an
19       OVN_Southbound  configuration  database.   Using  this  connection,  it
20       queries  and possibly applies changes to the database, depending on the
21       supplied commands.
22
23       ovn-sbctl can perform any number of commands in a  single  run,  imple‐
24       mented as a single atomic transaction against the database.
25
26       The  ovn-sbctl  command  line  begins  with global options (see OPTIONS
27       below for details).  The global options are followed  by  one  or  more
28       commands.   Each  command  should begin with -- by itself as a command-
29       line argument, to separate it from the  following  commands.   (The  --
30       before  the first command is optional.)  The command itself starts with
31       command-specific options, if any, followed by the command name and  any
32       arguments.
33

OPTIONS

35       The  following  options  affect  the  behavior of ovn-sbctl as a whole.
36       Some individual commands also accept their own options, which are given
37       just before the command name.  If the first command on the command line
38       has options, then those options  must  be  separated  from  the  global
39       options by --.
40
41       --db=server
42              The OVSDB database remote to contact.  If the OVN_SB_DB environ‐
43              ment variable is set, its value is used as the default.   Other‐
44              wise,  the  default  is unix:/var/run/openvswitch/ovnsb_db.sock,
45              but this default is unlikely to be  useful  outside  of  single-
46              machine OVN test environments.
47
48              server may be an OVSDB active or passive connection method, e.g.
49              ssl:192.168.10.5:6640, as described in ovsdb(7).
50
51       --leader-only
52       --no-leader-only
53              By default, or with --leader-only, when the database server is a
54              clustered  database, ovn-sbctl will avoid servers other than the
55              cluster leader.  This ensures that any data that ovn-sbctl reads
56              and  reports  is  up-to-date.   With --no-leader-only, ovn-sbctl
57              will use any server in the cluster, which means that  for  read-
58              only  transactions it can report and act on stale data (transac‐
59              tions that modify the database are always serialized  even  with
60              --no-leader-only).   Refer  to Understanding Cluster Consistency
61              in ovsdb(7) for more information.
62
63       --no-syslog
64              By default, ovn-sbctl logs its arguments and the details of  any
65              changes  that  it makes to the system log.  This option disables
66              this logging.
67
68              This option is equivalent to --verbose=sbctl:syslog:warn.
69
70       --oneline
71              Modifies the output format so that the output for  each  command
72              is  printed  on  a  single line.  New-line characters that would
73              otherwise separate lines are printed as \n, and any instances of
74              \ that would otherwise appear in the output are doubled.  Prints
75              a blank line for each command that has no output.   This  option
76              does  not  affect the formatting of output from the list or find
77              commands; see Table Formatting Options below.
78
79       --dry-run
80              Prevents ovn-sbctl from actually modifying the database.
81
82       -t secs
83       --timeout=secs
84              By default, or with a secs of 0, ovn-sbctl waits forever  for  a
85              response  from  the  database.   This  option  limits runtime to
86              approximately secs seconds.  If the timeout  expires,  ovn-sbctl
87              will exit with a SIGALRM signal.  (A timeout would normally hap‐
88              pen only if the database cannot be contacted, or if  the  system
89              is overloaded.)
90
91       -v[spec]
92       --verbose=[spec]
93              Sets  logging  levels.  Without any spec, sets the log level for
94              every module and destination to dbg.  Otherwise, spec is a  list
95              of words separated by spaces or commas or colons, up to one from
96              each category below:
97
98              ·      A valid module name, as displayed by the  vlog/list  com‐
99                     mand on ovs-appctl(8), limits the log level change to the
100                     specified module.
101
102              ·      syslog, console, or file, to limit the log  level  change
103                     to  only to the system log, to the console, or to a file,
104                     respectively.   (If  --detach  is  specified,   ovn-sbctl
105                     closes  its  standard file descriptors, so logging to the
106                     console will have no effect.)
107
108                     On Windows platform, syslog is accepted as a word and  is
109                     only  useful  along  with the --syslog-target option (the
110                     word has no effect otherwise).
111
112              ·      off, emer, err, warn, info, or dbg, to  control  the  log
113                     level.   Messages of the given severity or higher will be
114                     logged, and messages of lower severity will  be  filtered
115                     out.   off  filters  out all messages.  See ovs-appctl(8)
116                     for a definition of each log level.
117
118              Case is not significant within spec.
119
120              Regardless of the log levels set for file,  logging  to  a  file
121              will  not  take  place  unless --log-file is also specified (see
122              below).
123
124              For compatibility with older versions of OVS, any is accepted as
125              a word but has no effect.
126
127       -v
128       --verbose
129              Sets  the  maximum logging verbosity level, equivalent to --ver‐
130              bose=dbg.
131
132       -vPATTERN:destination:pattern
133       --verbose=PATTERN:destination:pattern
134              Sets the log pattern  for  destination  to  pattern.   Refer  to
135              ovs-appctl(8) for a description of the valid syntax for pattern.
136
137       -vFACILITY:facility
138       --verbose=FACILITY:facility
139              Sets  the  RFC5424  facility of the log message. facility can be
140              one of kern, user, mail, daemon, auth, syslog, lpr, news,  uucp,
141              clock,  ftp,  ntp, audit, alert, clock2, local0, local1, local2,
142              local3, local4, local5, local6 or local7. If this option is  not
143              specified,  daemon  is  used as the default for the local system
144              syslog and local0 is used while sending a message to the  target
145              provided via the --syslog-target option.
146
147       --log-file[=file]
148              Enables  logging  to  a  file.  If file is specified, then it is
149              used as the exact name for the log file.  The default  log  file
150              name    used    if    file    is   omitted   is   /var/log/open‐
151              vswitch/ovn-sbctl.log.
152
153       --syslog-target=host:port
154              Send syslog messages to UDP port on host,  in  addition  to  the
155              system  syslog.   The host must be a numerical IP address, not a
156              hostname.
157
158       --syslog-method=method
159              Specify method how syslog messages should be sent to syslog dae‐
160              mon.  Following forms are supported:
161
162              ·      libc,  use  libc  syslog() function.  This is the default
163                     behavior.  Downside of using this options  is  that  libc
164                     adds  fixed prefix to every message before it is actually
165                     sent to the  syslog  daemon  over  /dev/log  UNIX  domain
166                     socket.
167
168              ·      unix:file, use UNIX domain socket directly.  It is possi‐
169                     ble to specify arbitrary message format with this option.
170                     However,  rsyslogd  8.9 and older versions use hard coded
171                     parser function anyway that  limits  UNIX  domain  socket
172                     use.   If  you  want to use arbitrary message format with
173                     older rsyslogd versions, then use UDP socket to localhost
174                     IP address instead.
175
176              ·      udp:ip:port, use UDP socket.  With this method it is pos‐
177                     sible to use arbitrary message  format  also  with  older
178                     rsyslogd.   When  sending syslog messages over UDP socket
179                     extra precaution needs to  be  taken  into  account,  for
180                     example,  syslog  daemon needs to be configured to listen
181                     on the specified  UDP  port,  accidental  iptables  rules
182                     could  be interfering with local syslog traffic and there
183                     are some security considerations that apply to UDP  sock‐
184                     ets, but do not apply to UNIX domain sockets.
185
186       -h
187       --help Prints a brief help message to the console.
188
189       -V
190       --version
191              Prints version information to the console.
192
193   Table Formatting Options
194       These  options control the format of output from the list and find com‐
195       mands.
196
197       -f format
198       --format=format
199              Sets the type of table formatting.  The following types of  for‐
200              mat are available:
201
202              table  2-D text tables with aligned columns.
203
204              list (default)
205                     A  list  with one column per line and rows separated by a
206                     blank line.
207
208              html   HTML tables.
209
210              csv    Comma-separated values as defined in RFC 4180.
211
212              json   JSON format as defined in RFC  4627.   The  output  is  a
213                     sequence  of  JSON  objects, each of which corresponds to
214                     one table.  Each JSON object has  the  following  members
215                     with the noted values:
216
217                     caption
218                            The  table's  caption.   This member is omitted if
219                            the table has no caption.
220
221                     headings
222                            An array with one element per table column.   Each
223                            array element is a string giving the corresponding
224                            column's heading.
225
226                     data   An array with one element  per  table  row.   Each
227                            element  is also an array with one element per ta‐
228                            ble column.  The  elements  of  this  second-level
229                            array  are  the  cells  that constitute the table.
230                            Cells that represent OVSDB data or data types  are
231                            expressed  in  the  format  described in the OVSDB
232                            specification; other cells are simply expressed as
233                            text strings.
234
235       -d format
236       --data=format
237              Sets  the  formatting  for cells within output tables unless the
238              table format is set to json, in which case  json  formatting  is
239              always  used when formatting cells.  The following types of for‐
240              mat are available:
241
242              string (default)
243                     The simple format described in the Database  Values  sec‐
244                     tion of ovs-vsctl(8).
245
246              bare   The  simple  format with punctuation stripped off: [] and
247                     {} are omitted around  sets,  maps,  and  empty  columns,
248                     items  within  sets  and  maps  are  space-separated, and
249                     strings are never quoted.  This format may be easier  for
250                     scripts to parse.
251
252              json   The RFC 4627 JSON format as described above.
253
254       --no-headings
255              This option suppresses the heading row that otherwise appears in
256              the first row of table output.
257
258       --pretty
259              By default, JSON in output is printed as compactly as  possible.
260              This  option causes JSON in output to be printed in a more read‐
261              able fashion.  Members of objects and  elements  of  arrays  are
262              printed one per line, with indentation.
263
264              This  option  does  not  affect  JSON in tables, which is always
265              printed compactly.
266
267       --bare Equivalent to --format=list --data=bare --no-headings.
268
269       --max-column-width=n
270              For table output only, limits the width of  any  column  in  the
271              output  to  n columns.  Longer cell data is truncated to fit, as
272              necessary.  Columns are always wide enough to display the column
273              names, if the heading row is printed.
274
275   Public Key Infrastructure Options
276       --bootstrap-ca-cert=cacert.pem
277              When cacert.pem exists, this option has the same effect as -C or
278              --ca-cert.  If it does not exist, then ovn-sbctl will attempt to
279              obtain  the  CA  certificate  from the SSL peer on its first SSL
280              connection and save it to the named PEM file.  If it is success‐
281              ful,  it will immediately drop the connection and reconnect, and
282              from then on all SSL connections must be authenticated by a cer‐
283              tificate signed by the CA certificate thus obtained.
284
285              This  option  exposes  the SSL connection to a man-in-the-middle
286              attack obtaining the initial CA certificate, but it may be  use‐
287              ful for bootstrapping.
288
289              This option is only useful if the SSL peer sends its CA certifi‐
290              cate as part of the SSL certificate  chain.   The  SSL  protocol
291              does not require the server to send the CA certificate.
292
293              This option is mutually exclusive with -C and --ca-cert.
294
295       -p privkey.pem
296       --private-key=privkey.pem
297              Specifies  a  PEM  file  containing  the  private  key  used  as
298              ovn-sbctl's identity for outgoing SSL connections.
299
300       -c cert.pem
301       --certificate=cert.pem
302              Specifies a PEM file containing a certificate that certifies the
303              private  key specified on -p or --private-key to be trustworthy.
304              The certificate must be signed by the certificate authority (CA)
305              that the peer in SSL connections will use to verify it.
306
307       -C cacert.pem
308       --ca-cert=cacert.pem
309              Specifies   a  PEM  file  containing  the  CA  certificate  that
310              ovn-sbctl should use to verify certificates presented to  it  by
311              SSL peers.  (This may be the same certificate that SSL peers use
312              to verify the certificate specified on -c or  --certificate,  or
313              it may be a different one, depending on the PKI design in use.)
314
315       -C none
316       --ca-cert=none
317              Disables  verification  of  certificates presented by SSL peers.
318              This introduces a security risk, because it means that  certifi‐
319              cates cannot be verified to be those of known trusted hosts.
320

COMMANDS

322       The  commands  implemented  by  ovn-sbctl are described in the sections
323       below.
324
325   OVN_Southbound Commands
326       These commands work with an OVN_Southbound database as a whole.
327
328       init   Initializes the database, if it is empty.  If the  database  has
329              already been initialized, this command has no effect.
330
331       show   Prints a brief overview of the database contents.
332
333   Chassis Commands
334       These commands manipulate OVN_Southbound chassis.
335
336       [--may-exist] chassis-add chassis encap-type encap-ip
337              Creates a new chassis named chassis.  encap-type is a comma-sep‐
338              arated list of tunnel types.  The chassis will  have  one  encap
339              entry for each specified tunnel type with encap-ip as the desti‐
340              nation IP for each.
341
342              Without --may-exist, attempting to create a chassis that  exists
343              is  an  error.   With  --may-exist, this command does nothing if
344              chassis already exists.
345
346       [--if-exists] chassis-del chassis
347              Deletes chassis and its encaps and gateway_ports.
348
349              Without --if-exists, attempting to delete a  chassis  that  does
350              not exist is an error.  With --if-exists, attempting to delete a
351              chassis that does not exist has no effect.
352
353   Port binding Commands
354       These commands manipulate OVN_Southbound port bindings.
355
356       [--may-exist] lsp-bind logical-port chassis
357              Binds the logical port named logical-port to chassis.
358
359              Without --may-exist, attempting to bind a logical port that  has
360              already  been bound is an error.  With --may-exist, this command
361              does nothing if logical-port has already been bound to  a  chas‐
362              sis.
363
364       [--if-exists] lsp-unbind logical-port
365              Resets the binding of logical-port to NULL.
366
367              Without --if-exists, attempting to unbind a logical port that is
368              not bound is an error.  With --if-exists, attempting  to  unbind
369              logical port that is not bound has no effect.
370
371   Logical Flow Commands
372       [--uuid]   [--ovs[=remote]]   [--stats]  lflow-list  [logical-datapath]
373       [lflow...]
374              List logical flows.  If logical-datapath is specified, only list
375              flows  for  that  logical datapath.  The logical-datapath may be
376              given as a UUID or as a datapath name  (reporting  an  error  if
377              multiple datapaths have the same name).
378
379              If  at least one lflow is given, only matching logical flows, if
380              any, are listed.  Each lflow may be specified as a UUID  or  the
381              first  few  characters  of  a  UUID,  optionally prefixed by 0x.
382              (Because ovn-controller sets OpenFlow flow cookies to the  first
383              32  bits of the corresponding logical flow's UUID, this makes it
384              easy to look up the logical flow  that  generated  a  particular
385              OpenFlow flow.)
386
387              If --uuid is specified, the output includes the first 32 bits of
388              each logical flow's UUID.  This makes  it  easier  to  find  the
389              OpenFlow flows that correspond to a given logical flow.
390
391              If  --ovs  is included, ovn-sbctl attempts to obtain and display
392              the OpenFlow flows that correspond to each OVN logical flow.  To
393              do    so,    ovn-sbctl   connects   to   remote   (by   default,
394              unix:/var/run/openvswitch/br-int.mgmt)   over    OpenFlow    and
395              retrieves  the  flows.   If  remote  is specified, it must be an
396              active OpenFlow connection  method  described  in  ovs-ofctl(8).
397              Please  see  the  discussion of the similar --ovs option in ovn-
398              trace(8) for more information about the OpenFlow flow output.
399
400              By  default,  OpenFlow  flow  output  includes  only  match  and
401              actions.   Add --stats to include all OpenFlow information, such
402              as packet and byte counters, duration, and timeouts.
403
404       [--uuid] dump-flows [logical-datapath]
405              Alias for lflow-list.
406
407   Remote Connectivity Commands
408       These commands manipulate the connections column in the SB_Global table
409       and  rows  in the Connection table.  When ovsdb-server is configured to
410       use the connections column  for  OVSDB  connections,  this  allows  the
411       administrator to use ovn-sbctl to configure database connections.
412
413       get-connection
414              Prints the configured connection(s).
415
416       del-connection
417              Deletes the configured connection(s).
418
419       set-connection [access-specifier] target...
420              Sets  the configured manager target or targets.  Each target may
421              may be an  OVSDB  active  or  passive  connection  method,  e.g.
422              pssl:6640,  as  described in ovsdb(7), optionally preceded by an
423              optional access-specifier (read-only or  read-write).   If  pro‐
424              vided,  the  effect  of the access specifier persists for subse‐
425              quent targets until changed by another access specifier.
426
427   SSL Configuration
428       When ovsdb-server is configured to connect  using  SSL,  the  following
429       parameters are required:
430
431       private-key
432              Specifies  a  PEM  file  containing the private key used for SSL
433              connections.
434
435       certificate
436              Specifies a PEM file containing a  certificate,  signed  by  the
437              certificate  authority  (CA)  used by the connection peers, that
438              certifies the private key, identifying a trustworthy peer.
439
440       ca-cert
441              Specifies a PEM file containing the CA certificate used to  ver‐
442              ify that the connection peers are trustworthy.
443
444       These  SSL settings apply to all SSL connections made by the southbound
445       database server.
446
447       get-ssl
448              Prints the SSL configuration.
449
450       del-ssl
451              Deletes the current SSL configuration.
452
453       [--bootstrap] set-ssl private-key  certificate  ca-cert  [ssl-protocol-
454       list [ssl-cipher-list]]
455              Sets the SSL configuration.  The --bootstrap option is described
456              below.
457
458     CA Certificate Bootstrap
459
460       Ordinarily, all of the files named in the SSL configuration must  exist
461       before SSL connectivity can be used.  However, if the ca-cert file does
462       not exist and the --bootstrap option is given, then  ovsdb-server  will
463       attempt  to  obtain the CA certificate from the target on its first SSL
464       connection and save it to the named PEM file.  If it is successful,  it
465       will  immediately  drop  the connection and reconnect, and from then on
466       all SSL connections must be authenticated by a  certificate  signed  by
467       the CA certificate thus obtained.
468
469       This  option  exposes  the SSL connection to a man-in-the-middle attack
470       obtaining the initial CA certificate, but it may be  useful  for  boot‐
471       strapping.
472
473       This  option is only useful if the SSL peer sends its CA certificate as
474       part of the SSL certificate chain.  The SSL protocol does  not  require
475       the controller to send the CA certificate.
476
477   Database Commands
478       These commands query and modify the contents of ovsdb tables.  They are
479       a slight abstraction of the ovsdb interface and as such they operate at
480       a lower level than other ovs-sbctl commands.
481
482     Identifying Tables, Records, and Columns
483
484       Each of these commands has a table parameter to identify a table within
485       the database.  Many of them also take a record parameter  that  identi‐
486       fies  a  particular record within a table.  The record parameter may be
487       the UUID for a record, and many tables offer additional ways  to  iden‐
488       tify  records.  Some commands also take column parameters that identify
489       a particular field within the records in a table.
490
491       For a list of tables and their columns, see ovn-sb(5) or see the  table
492       listing from the --help option.
493
494       Record names must be specified in full and with correct capitalization,
495       except that UUIDs may be abbreviated to their first  4  (or  more)  hex
496       digits,  as  long  as that is unique within the table.  Names of tables
497       and columns are not case-sensitive, and -  and  _  are  treated  inter‐
498       changeably.  Unique abbreviations of table and column names are accept‐
499       able, e.g. addr or a is sufficient to identify the Address_Set table.
500
501     Database Values
502
503       Each column in the database accepts a fixed type  of  data.   The  cur‐
504       rently defined basic types, and their representations, are:
505
506       integer
507              A decimal integer in the range -2**63 to 2**63-1, inclusive.
508
509       real   A floating-point number.
510
511       Boolean
512              True or false, written true or false, respectively.
513
514       string An  arbitrary  Unicode  string,  except  that null bytes are not
515              allowed.  Quotes are optional for most strings that  begin  with
516              an  English  letter  or  underscore and consist only of letters,
517              underscores, hyphens, and periods.  However, true and false  and
518              strings  that  match  the  syntax  of  UUIDs (see below) must be
519              enclosed in double quotes to distinguish them from  other  basic
520              types.   When  double  quotes  are  used,  the syntax is that of
521              strings in JSON, e.g. backslashes may be used to escape  special
522              characters.   The  empty string must be represented as a pair of
523              double quotes ("").
524
525       UUID   Either a universally unique identifier in the style of RFC 4122,
526              e.g.  f81d4fae-7dec-11d0-a765-00a0c91e6bf6,  or an @name defined
527              by a get or create command within the same ovn-sbctl invocation.
528
529       Multiple values in a single column may be separated by spaces or a sin‐
530       gle  comma.   When  multiple  values  are  present,  duplicates are not
531       allowed, and order is not important.  Conversely, some database columns
532       can have an empty set of values, represented as [], and square brackets
533       may optionally enclose other non-empty sets or single values  as  well.
534       For  a  column  accepting a set of integers, database commands accept a
535       range. A range is represented by two integers separated by -.  A  range
536       is inclusive. A range has a maximum size of 4096 elements. If more ele‐
537       ments are needed, they can be specified in seperate ranges.
538
539       A few database columns are ``maps'' of key-value pairs, where  the  key
540       and  the  value are each some fixed database type.  These are specified
541       in the form key=value, where key and value follow the  syntax  for  the
542       column's  key  type  and value type, respectively.  When multiple pairs
543       are present (separated by spaces or a comma), duplicate  keys  are  not
544       allowed,  and  again  the order is not important.  Duplicate values are
545       allowed.  An empty map is represented as {}.  Curly braces may  option‐
546       ally  enclose  non-empty  maps  as  well (but use quotes to prevent the
547       shell  from  expanding  other-config={0=x,1=y}  into   other-config=0=x
548       other-config=1=y, which may not have the desired effect).
549
550     Database Command Syntax
551
552       [--if-exists] [--columns=column[,column]...] list table [record]...
553              Lists  the  data  in  each  specified record.  If no records are
554              specified, lists all the records in table.
555
556              If --columns  is  specified,  only  the  requested  columns  are
557              listed,  in  the  specified  order.   Otherwise, all columns are
558              listed, in alphabetical order by column name.
559
560              Without --if-exists, it is an error if any specified record does
561              not  exist.   With  --if-exists,  the command ignores any record
562              that does not exist, without producing any output.
563
564       [--columns=column[,column]...] find table [column[:key]=value]...
565              Lists the data in each record in table whose column equals value
566              or,  if  key  is specified, whose column contains a key with the
567              specified value.  The following operators may be used where = is
568              written in the syntax summary:
569
570              = != < > <= >=
571                     Selects  records  in  which column[:key] equals, does not
572                     equal, is less than, is greater than,  is  less  than  or
573                     equal  to,  or is greater than or equal to value, respec‐
574                     tively.
575
576                     Consider column[:key] and  value  as  sets  of  elements.
577                     Identical  sets  are considered equal.  Otherwise, if the
578                     sets have different numbers of  elements,  then  the  set
579                     with  more  elements  is considered to be larger.  Other‐
580                     wise, consider a  element  from  each  set  pairwise,  in
581                     increasing  order  within  each set.  The first pair that
582                     differs determines the result.  (For a column  that  con‐
583                     tains  key-value  pairs, first all the keys are compared,
584                     and values are considered only if the  two  sets  contain
585                     identical keys.)
586
587              {=} {!=}
588                     Test for set equality or inequality, respectively.
589
590              {<=}   Selects  records  in  which  column[:key]  is a subset of
591                     value.  For example, flood-vlans{<=}1,2  selects  records
592                     in  which the flood-vlans column is the empty set or con‐
593                     tains 1 or 2 or both.
594
595              {<}    Selects records in which column[:key] is a proper  subset
596                     of value.  For example, flood-vlans{<}1,2 selects records
597                     in which the flood-vlans column is the empty set or  con‐
598                     tains 1 or 2 but not both.
599
600              {>=} {>}
601                     Same as {<=} and {<}, respectively, except that the rela‐
602                     tionship is reversed.   For  example,  flood-vlans{>=}1,2
603                     selects  records in which the flood-vlans column contains
604                     both 1 and 2.
605
606              For arithmetic operators (= != < > <= >=), when key is specified
607              but  a  particular  record's  column  does  not contain key, the
608              record is always omitted from the results.  Thus, the  condition
609              other-config:mtu!=1500 matches records that have a mtu key whose
610              value is not 1500, but not those that lack an mtu key.
611
612              For the set operators, when key is specified  but  a  particular
613              record's  column  does  not  contain key, the comparison is done
614              against  an  empty  set.    Thus,   the   condition   other-con‐
615              fig:mtu{!=}1500  matches records that have a mtu key whose value
616              is not 1500 and those that lack an mtu key.
617
618              Don't forget to escape < or > from interpretation by the shell.
619
620              If --columns  is  specified,  only  the  requested  columns  are
621              listed,  in  the  specified  order.   Otherwise  all columns are
622              listed, in alphabetical order by column name.
623
624              The UUIDs shown for rows created in the same  ovn-sbctl  invoca‐
625              tion will be wrong.
626
627       [--if-exists] [--id=@name] get table record [column[:key]]...
628              Prints the value of each specified column in the given record in
629              table.  For map columns, a key may optionally be  specified,  in
630              which  case  the  value  associated  with  key  in the column is
631              printed, instead of the entire map.
632
633              Without --if-exists, it is an error if record does not exist  or
634              key  is  specified,  if  key  does  not  exist  in record.  With
635              --if-exists, a missing record yields no output and a missing key
636              prints a blank line.
637
638              If  @name is specified, then the UUID for record may be referred
639              to by that name later in the same ovn-sbctl invocation  in  con‐
640              texts where a UUID is expected.
641
642              Both  --id and the column arguments are optional, but usually at
643              least one or the other should be specified.  If both  are  omit‐
644              ted,  then get has no effect except to verify that record exists
645              in table.
646
647              --id and --if-exists cannot be used together.
648
649       [--if-exists] set table record column[:key]=value...
650              Sets the value of each specified column in the given  record  in
651              table to value.  For map columns, a key may optionally be speci‐
652              fied, in which case the value associated with key in that column
653              is  changed  (or  added,  if none exists), instead of the entire
654              map.
655
656              Without --if-exists, it is an error if record  does  not  exist.
657              With  --if-exists,  this command does nothing if record does not
658              exist.
659
660       [--if-exists] add table record column [key=]value...
661              Adds the specified value or key-value pair to column  in  record
662              in  table.   If column is a map, then key is required, otherwise
663              it is prohibited.  If key already exists in a map  column,  then
664              the  current  value  is  not  replaced  (use  the set command to
665              replace an existing value).
666
667              Without --if-exists, it is an error if record  does  not  exist.
668              With  --if-exists,  this command does nothing if record does not
669              exist.
670
671       [--if-exists] remove table record column value...
672       [--if-exists] remove table record column key...
673       [--if-exists] remove table record column key=value...
674              Removes the specified values or key-value pairs from  column  in
675              record in table.  The first form applies to columns that are not
676              maps: each specified value is removed from the column.  The sec‐
677              ond and third forms apply to map columns: if only a key is spec‐
678              ified, then any key-value pair with the given  key  is  removed,
679              regardless  of  its  value;  if  a value is given then a pair is
680              removed only if both key and value match.
681
682              It is not an error if the column does not contain the  specified
683              key or value or pair.
684
685              Without  --if-exists,  it  is an error if record does not exist.
686              With --if-exists, this command does nothing if record  does  not
687              exist.
688
689       [--if-exists] clear table record column...
690              Sets  each  column  in record in table to the empty set or empty
691              map, as appropriate.  This command applies only to columns  that
692              are allowed to be empty.
693
694              Without  --if-exists,  it  is an error if record does not exist.
695              With --if-exists, this command does nothing if record  does  not
696              exist.
697
698       [--id=@name] create table column[:key]=value...
699              Creates  a  new  record  in table and sets the initial values of
700              each column.  Columns not  explicitly  set  will  receive  their
701              default values.  Outputs the UUID of the new row.
702
703              If  @name  is  specified,  then  the UUID for the new row may be
704              referred to by that name elsewhere in the same ovn-sbctl invoca‐
705              tion  in contexts where a UUID is expected.  Such references may
706              precede or follow the create command.
707
708              Caution (ovs-vsctl as example)
709                     Records in the Open vSwitch database are significant only
710                     when  they can be reached directly or indirectly from the
711                     Open_vSwitch table.  Except for records  in  the  QoS  or
712                     Queue  tables,  records  that  are not reachable from the
713                     Open_vSwitch table are  automatically  deleted  from  the
714                     database.   This  deletion  happens  immediately, without
715                     waiting for additional ovs-vsctl commands or other  data‐
716                     base  activity.  Thus, a create command must generally be
717                     accompanied  by  additional  commands  within  the   same
718                     ovs-vsctl  invocation to add a chain of references to the
719                     newly created  record  from  the  top-level  Open_vSwitch
720                     record.   The  EXAMPLES  section gives some examples that
721                     show how to do this.
722
723       [--if-exists] destroy table record...
724              Deletes each specified record from table.  Unless --if-exists is
725              specified, each records must exist.
726
727       --all destroy table
728              Deletes all records from the table.
729
730              Caution (ovs-vsctl as example)
731                     The destroy command is only useful for records in the QoS
732                     or Queue tables.  Records in other tables  are  automati‐
733                     cally deleted from the database when they become unreach‐
734                     able from the Open_vSwitch table.  This means that delet‐
735                     ing  the  last  reference  to  a record is sufficient for
736                     deleting the record itself.  For records in these tables,
737                     destroy  is  silently  ignored.  See the EXAMPLES section
738                     below for more information.
739
740       wait-until table record [column[:key]=value]...
741              Waits until table contains a record named  record  whose  column
742              equals  value  or,  if key is specified, whose column contains a
743              key with the specified value.  Any of the operators  !=,  <,  >,
744              <=,  or >= may be substituted for = to test for inequality, less
745              than, greater than, less than or equal to, or  greater  than  or
746              equal  to,  respectively.   (Don't  forget to escape < or > from
747              interpretation by the shell.)
748
749              If no column[:key]=value arguments are given, this command waits
750              only  until  record  exists.   If more than one such argument is
751              given, the command waits until all of them are satisfied.
752
753              Caution (ovs-vsctl as example)
754                     Usually wait-until should be placed at the beginning of a
755                     set  of  ovs-vsctl  commands.   For  example,  wait-until
756                     bridge br0 -- get bridge br0 datapath_id  waits  until  a
757                     bridge  named br0 is created, then prints its datapath_id
758                     column, whereas get bridge br0 datapath_id --  wait-until
759                     bridge  br0 will abort if no bridge named br0 exists when
760                     ovs-vsctl initially connects to the database.
761
762              Consider specifying --timeout=0 along with --wait-until, to pre‐
763              vent  ovn-sbctl  from  terminating  after waiting only at most 5
764              seconds.
765
766       comment [arg]...
767              This command has no effect on behavior,  but  any  database  log
768              record  created  by the command will include the command and its
769              arguments.
770

EXIT STATUS

772       0      Successful program execution.
773
774       1      Usage, syntax, or configuration file error.
775

SEE ALSO

777       ovn-sb(5).
778
779
780
781Open vSwitch                        2.10.0                        ovn-sbctl(8)
Impressum