1ovn-sbctl(8) Open vSwitch Manual ovn-sbctl(8)
2
3
4
6 ovn-sbctl - utility for querying and configuring OVN_Southbound data‐
7 base
8
10 ovn-sbctl [options] -- [options] command [args] [-- [options] command
11 [args]]...
12
14 The ovn-sbctl program configures the OVN_Southbound database by provid‐
15 ing a high-level interface to its configuration database. See
16 ovn-sb(5) for comprehensive documentation of the database schema.
17
18 ovn-sbctl connects to an ovsdb-server process that maintains an
19 OVN_Southbound configuration database. Using this connection, it
20 queries and possibly applies changes to the database, depending on the
21 supplied commands.
22
23 ovn-sbctl can perform any number of commands in a single run, imple‐
24 mented as a single atomic transaction against the database.
25
26 The ovn-sbctl command line begins with global options (see OPTIONS
27 below for details). The global options are followed by one or more
28 commands. Each command should begin with -- by itself as a command-
29 line argument, to separate it from the following commands. (The --
30 before the first command is optional.) The command itself starts with
31 command-specific options, if any, followed by the command name and any
32 arguments.
33
35 The following options affect the behavior of ovn-sbctl as a whole.
36 Some individual commands also accept their own options, which are given
37 just before the command name. If the first command on the command line
38 has options, then those options must be separated from the global
39 options by --.
40
41 --db=server
42 The OVSDB database remote to contact. If the OVN_SB_DB environ‐
43 ment variable is set, its value is used as the default. Other‐
44 wise, the default is unix:/var/run/openvswitch/ovnsb_db.sock,
45 but this default is unlikely to be useful outside of single-
46 machine OVN test environments.
47
48 server may be an OVSDB active or passive connection method, e.g.
49 ssl:192.168.10.5:6640, as described in ovsdb(7).
50
51 --leader-only
52 --no-leader-only
53 By default, or with --leader-only, when the database server is a
54 clustered database, ovn-sbctl will avoid servers other than the
55 cluster leader. This ensures that any data that ovn-sbctl reads
56 and reports is up-to-date. With --no-leader-only, ovn-sbctl
57 will use any server in the cluster, which means that for read-
58 only transactions it can report and act on stale data (transac‐
59 tions that modify the database are always serialized even with
60 --no-leader-only). Refer to Understanding Cluster Consistency
61 in ovsdb(7) for more information.
62
63 --no-syslog
64 By default, ovn-sbctl logs its arguments and the details of any
65 changes that it makes to the system log. This option disables
66 this logging.
67
68 This option is equivalent to --verbose=sbctl:syslog:warn.
69
70 --oneline
71 Modifies the output format so that the output for each command
72 is printed on a single line. New-line characters that would
73 otherwise separate lines are printed as \n, and any instances of
74 \ that would otherwise appear in the output are doubled. Prints
75 a blank line for each command that has no output. This option
76 does not affect the formatting of output from the list or find
77 commands; see Table Formatting Options below.
78
79 --dry-run
80 Prevents ovn-sbctl from actually modifying the database.
81
82 -t secs
83 --timeout=secs
84 By default, or with a secs of 0, ovn-sbctl waits forever for a
85 response from the database. This option limits runtime to
86 approximately secs seconds. If the timeout expires, ovn-sbctl
87 will exit with a SIGALRM signal. (A timeout would normally hap‐
88 pen only if the database cannot be contacted, or if the system
89 is overloaded.)
90
91 -v[spec]
92 --verbose=[spec]
93 Sets logging levels. Without any spec, sets the log level for
94 every module and destination to dbg. Otherwise, spec is a list
95 of words separated by spaces or commas or colons, up to one from
96 each category below:
97
98 · A valid module name, as displayed by the vlog/list com‐
99 mand on ovs-appctl(8), limits the log level change to the
100 specified module.
101
102 · syslog, console, or file, to limit the log level change
103 to only to the system log, to the console, or to a file,
104 respectively. (If --detach is specified, ovn-sbctl
105 closes its standard file descriptors, so logging to the
106 console will have no effect.)
107
108 On Windows platform, syslog is accepted as a word and is
109 only useful along with the --syslog-target option (the
110 word has no effect otherwise).
111
112 · off, emer, err, warn, info, or dbg, to control the log
113 level. Messages of the given severity or higher will be
114 logged, and messages of lower severity will be filtered
115 out. off filters out all messages. See ovs-appctl(8)
116 for a definition of each log level.
117
118 Case is not significant within spec.
119
120 Regardless of the log levels set for file, logging to a file
121 will not take place unless --log-file is also specified (see
122 below).
123
124 For compatibility with older versions of OVS, any is accepted as
125 a word but has no effect.
126
127 -v
128 --verbose
129 Sets the maximum logging verbosity level, equivalent to --ver‐
130 bose=dbg.
131
132 -vPATTERN:destination:pattern
133 --verbose=PATTERN:destination:pattern
134 Sets the log pattern for destination to pattern. Refer to
135 ovs-appctl(8) for a description of the valid syntax for pattern.
136
137 -vFACILITY:facility
138 --verbose=FACILITY:facility
139 Sets the RFC5424 facility of the log message. facility can be
140 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
141 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
142 local3, local4, local5, local6 or local7. If this option is not
143 specified, daemon is used as the default for the local system
144 syslog and local0 is used while sending a message to the target
145 provided via the --syslog-target option.
146
147 --log-file[=file]
148 Enables logging to a file. If file is specified, then it is
149 used as the exact name for the log file. The default log file
150 name used if file is omitted is /var/log/open‐
151 vswitch/ovn-sbctl.log.
152
153 --syslog-target=host:port
154 Send syslog messages to UDP port on host, in addition to the
155 system syslog. The host must be a numerical IP address, not a
156 hostname.
157
158 --syslog-method=method
159 Specify method how syslog messages should be sent to syslog dae‐
160 mon. Following forms are supported:
161
162 · libc, use libc syslog() function. This is the default
163 behavior. Downside of using this options is that libc
164 adds fixed prefix to every message before it is actually
165 sent to the syslog daemon over /dev/log UNIX domain
166 socket.
167
168 · unix:file, use UNIX domain socket directly. It is possi‐
169 ble to specify arbitrary message format with this option.
170 However, rsyslogd 8.9 and older versions use hard coded
171 parser function anyway that limits UNIX domain socket
172 use. If you want to use arbitrary message format with
173 older rsyslogd versions, then use UDP socket to localhost
174 IP address instead.
175
176 · udp:ip:port, use UDP socket. With this method it is pos‐
177 sible to use arbitrary message format also with older
178 rsyslogd. When sending syslog messages over UDP socket
179 extra precaution needs to be taken into account, for
180 example, syslog daemon needs to be configured to listen
181 on the specified UDP port, accidental iptables rules
182 could be interfering with local syslog traffic and there
183 are some security considerations that apply to UDP sock‐
184 ets, but do not apply to UNIX domain sockets.
185
186 -h
187 --help Prints a brief help message to the console.
188
189 -V
190 --version
191 Prints version information to the console.
192
193 Table Formatting Options
194 These options control the format of output from the list and find com‐
195 mands.
196
197 -f format
198 --format=format
199 Sets the type of table formatting. The following types of for‐
200 mat are available:
201
202 table 2-D text tables with aligned columns.
203
204 list (default)
205 A list with one column per line and rows separated by a
206 blank line.
207
208 html HTML tables.
209
210 csv Comma-separated values as defined in RFC 4180.
211
212 json JSON format as defined in RFC 4627. The output is a
213 sequence of JSON objects, each of which corresponds to
214 one table. Each JSON object has the following members
215 with the noted values:
216
217 caption
218 The table's caption. This member is omitted if
219 the table has no caption.
220
221 headings
222 An array with one element per table column. Each
223 array element is a string giving the corresponding
224 column's heading.
225
226 data An array with one element per table row. Each
227 element is also an array with one element per ta‐
228 ble column. The elements of this second-level
229 array are the cells that constitute the table.
230 Cells that represent OVSDB data or data types are
231 expressed in the format described in the OVSDB
232 specification; other cells are simply expressed as
233 text strings.
234
235 -d format
236 --data=format
237 Sets the formatting for cells within output tables unless the
238 table format is set to json, in which case json formatting is
239 always used when formatting cells. The following types of for‐
240 mat are available:
241
242 string (default)
243 The simple format described in the Database Values sec‐
244 tion of ovs-vsctl(8).
245
246 bare The simple format with punctuation stripped off: [] and
247 {} are omitted around sets, maps, and empty columns,
248 items within sets and maps are space-separated, and
249 strings are never quoted. This format may be easier for
250 scripts to parse.
251
252 json The RFC 4627 JSON format as described above.
253
254 --no-headings
255 This option suppresses the heading row that otherwise appears in
256 the first row of table output.
257
258 --pretty
259 By default, JSON in output is printed as compactly as possible.
260 This option causes JSON in output to be printed in a more read‐
261 able fashion. Members of objects and elements of arrays are
262 printed one per line, with indentation.
263
264 This option does not affect JSON in tables, which is always
265 printed compactly.
266
267 --bare Equivalent to --format=list --data=bare --no-headings.
268
269 --max-column-width=n
270 For table output only, limits the width of any column in the
271 output to n columns. Longer cell data is truncated to fit, as
272 necessary. Columns are always wide enough to display the column
273 names, if the heading row is printed.
274
275 Public Key Infrastructure Options
276 --bootstrap-ca-cert=cacert.pem
277 When cacert.pem exists, this option has the same effect as -C or
278 --ca-cert. If it does not exist, then ovn-sbctl will attempt to
279 obtain the CA certificate from the SSL peer on its first SSL
280 connection and save it to the named PEM file. If it is success‐
281 ful, it will immediately drop the connection and reconnect, and
282 from then on all SSL connections must be authenticated by a cer‐
283 tificate signed by the CA certificate thus obtained.
284
285 This option exposes the SSL connection to a man-in-the-middle
286 attack obtaining the initial CA certificate, but it may be use‐
287 ful for bootstrapping.
288
289 This option is only useful if the SSL peer sends its CA certifi‐
290 cate as part of the SSL certificate chain. The SSL protocol
291 does not require the server to send the CA certificate.
292
293 This option is mutually exclusive with -C and --ca-cert.
294
295 -p privkey.pem
296 --private-key=privkey.pem
297 Specifies a PEM file containing the private key used as
298 ovn-sbctl's identity for outgoing SSL connections.
299
300 -c cert.pem
301 --certificate=cert.pem
302 Specifies a PEM file containing a certificate that certifies the
303 private key specified on -p or --private-key to be trustworthy.
304 The certificate must be signed by the certificate authority (CA)
305 that the peer in SSL connections will use to verify it.
306
307 -C cacert.pem
308 --ca-cert=cacert.pem
309 Specifies a PEM file containing the CA certificate that
310 ovn-sbctl should use to verify certificates presented to it by
311 SSL peers. (This may be the same certificate that SSL peers use
312 to verify the certificate specified on -c or --certificate, or
313 it may be a different one, depending on the PKI design in use.)
314
315 -C none
316 --ca-cert=none
317 Disables verification of certificates presented by SSL peers.
318 This introduces a security risk, because it means that certifi‐
319 cates cannot be verified to be those of known trusted hosts.
320
322 The commands implemented by ovn-sbctl are described in the sections
323 below.
324
325 OVN_Southbound Commands
326 These commands work with an OVN_Southbound database as a whole.
327
328 init Initializes the database, if it is empty. If the database has
329 already been initialized, this command has no effect.
330
331 show Prints a brief overview of the database contents.
332
333 Chassis Commands
334 These commands manipulate OVN_Southbound chassis.
335
336 [--may-exist] chassis-add chassis encap-type encap-ip
337 Creates a new chassis named chassis. encap-type is a comma-sep‐
338 arated list of tunnel types. The chassis will have one encap
339 entry for each specified tunnel type with encap-ip as the desti‐
340 nation IP for each.
341
342 Without --may-exist, attempting to create a chassis that exists
343 is an error. With --may-exist, this command does nothing if
344 chassis already exists.
345
346 [--if-exists] chassis-del chassis
347 Deletes chassis and its encaps and gateway_ports.
348
349 Without --if-exists, attempting to delete a chassis that does
350 not exist is an error. With --if-exists, attempting to delete a
351 chassis that does not exist has no effect.
352
353 Port binding Commands
354 These commands manipulate OVN_Southbound port bindings.
355
356 [--may-exist] lsp-bind logical-port chassis
357 Binds the logical port named logical-port to chassis.
358
359 Without --may-exist, attempting to bind a logical port that has
360 already been bound is an error. With --may-exist, this command
361 does nothing if logical-port has already been bound to a chas‐
362 sis.
363
364 [--if-exists] lsp-unbind logical-port
365 Resets the binding of logical-port to NULL.
366
367 Without --if-exists, attempting to unbind a logical port that is
368 not bound is an error. With --if-exists, attempting to unbind
369 logical port that is not bound has no effect.
370
371 Logical Flow Commands
372 [--uuid] [--ovs[=remote]] [--stats] lflow-list [logical-datapath]
373 [lflow...]
374 List logical flows. If logical-datapath is specified, only list
375 flows for that logical datapath. The logical-datapath may be
376 given as a UUID or as a datapath name (reporting an error if
377 multiple datapaths have the same name).
378
379 If at least one lflow is given, only matching logical flows, if
380 any, are listed. Each lflow may be specified as a UUID or the
381 first few characters of a UUID, optionally prefixed by 0x.
382 (Because ovn-controller sets OpenFlow flow cookies to the first
383 32 bits of the corresponding logical flow's UUID, this makes it
384 easy to look up the logical flow that generated a particular
385 OpenFlow flow.)
386
387 If --uuid is specified, the output includes the first 32 bits of
388 each logical flow's UUID. This makes it easier to find the
389 OpenFlow flows that correspond to a given logical flow.
390
391 If --ovs is included, ovn-sbctl attempts to obtain and display
392 the OpenFlow flows that correspond to each OVN logical flow. To
393 do so, ovn-sbctl connects to remote (by default,
394 unix:/var/run/openvswitch/br-int.mgmt) over OpenFlow and
395 retrieves the flows. If remote is specified, it must be an
396 active OpenFlow connection method described in ovs-ofctl(8).
397 Please see the discussion of the similar --ovs option in ovn-
398 trace(8) for more information about the OpenFlow flow output.
399
400 By default, OpenFlow flow output includes only match and
401 actions. Add --stats to include all OpenFlow information, such
402 as packet and byte counters, duration, and timeouts.
403
404 [--uuid] dump-flows [logical-datapath]
405 Alias for lflow-list.
406
407 Remote Connectivity Commands
408 These commands manipulate the connections column in the SB_Global table
409 and rows in the Connection table. When ovsdb-server is configured to
410 use the connections column for OVSDB connections, this allows the
411 administrator to use ovn-sbctl to configure database connections.
412
413 get-connection
414 Prints the configured connection(s).
415
416 del-connection
417 Deletes the configured connection(s).
418
419 set-connection [access-specifier] target...
420 Sets the configured manager target or targets. Each target may
421 may be an OVSDB active or passive connection method, e.g.
422 pssl:6640, as described in ovsdb(7), optionally preceded by an
423 optional access-specifier (read-only or read-write). If pro‐
424 vided, the effect of the access specifier persists for subse‐
425 quent targets until changed by another access specifier.
426
427 SSL Configuration
428 When ovsdb-server is configured to connect using SSL, the following
429 parameters are required:
430
431 private-key
432 Specifies a PEM file containing the private key used for SSL
433 connections.
434
435 certificate
436 Specifies a PEM file containing a certificate, signed by the
437 certificate authority (CA) used by the connection peers, that
438 certifies the private key, identifying a trustworthy peer.
439
440 ca-cert
441 Specifies a PEM file containing the CA certificate used to ver‐
442 ify that the connection peers are trustworthy.
443
444 These SSL settings apply to all SSL connections made by the southbound
445 database server.
446
447 get-ssl
448 Prints the SSL configuration.
449
450 del-ssl
451 Deletes the current SSL configuration.
452
453 [--bootstrap] set-ssl private-key certificate ca-cert [ssl-protocol-
454 list [ssl-cipher-list]]
455 Sets the SSL configuration. The --bootstrap option is described
456 below.
457
458 CA Certificate Bootstrap
459
460 Ordinarily, all of the files named in the SSL configuration must exist
461 before SSL connectivity can be used. However, if the ca-cert file does
462 not exist and the --bootstrap option is given, then ovsdb-server will
463 attempt to obtain the CA certificate from the target on its first SSL
464 connection and save it to the named PEM file. If it is successful, it
465 will immediately drop the connection and reconnect, and from then on
466 all SSL connections must be authenticated by a certificate signed by
467 the CA certificate thus obtained.
468
469 This option exposes the SSL connection to a man-in-the-middle attack
470 obtaining the initial CA certificate, but it may be useful for boot‐
471 strapping.
472
473 This option is only useful if the SSL peer sends its CA certificate as
474 part of the SSL certificate chain. The SSL protocol does not require
475 the controller to send the CA certificate.
476
477 Database Commands
478 These commands query and modify the contents of ovsdb tables. They are
479 a slight abstraction of the ovsdb interface and as such they operate at
480 a lower level than other ovs-sbctl commands.
481
482 Identifying Tables, Records, and Columns
483
484 Each of these commands has a table parameter to identify a table within
485 the database. Many of them also take a record parameter that identi‐
486 fies a particular record within a table. The record parameter may be
487 the UUID for a record, and many tables offer additional ways to iden‐
488 tify records. Some commands also take column parameters that identify
489 a particular field within the records in a table.
490
491 For a list of tables and their columns, see ovn-sb(5) or see the table
492 listing from the --help option.
493
494 Record names must be specified in full and with correct capitalization,
495 except that UUIDs may be abbreviated to their first 4 (or more) hex
496 digits, as long as that is unique within the table. Names of tables
497 and columns are not case-sensitive, and - and _ are treated inter‐
498 changeably. Unique abbreviations of table and column names are accept‐
499 able, e.g. addr or a is sufficient to identify the Address_Set table.
500
501 Database Values
502
503 Each column in the database accepts a fixed type of data. The cur‐
504 rently defined basic types, and their representations, are:
505
506 integer
507 A decimal integer in the range -2**63 to 2**63-1, inclusive.
508
509 real A floating-point number.
510
511 Boolean
512 True or false, written true or false, respectively.
513
514 string An arbitrary Unicode string, except that null bytes are not
515 allowed. Quotes are optional for most strings that begin with
516 an English letter or underscore and consist only of letters,
517 underscores, hyphens, and periods. However, true and false and
518 strings that match the syntax of UUIDs (see below) must be
519 enclosed in double quotes to distinguish them from other basic
520 types. When double quotes are used, the syntax is that of
521 strings in JSON, e.g. backslashes may be used to escape special
522 characters. The empty string must be represented as a pair of
523 double quotes ("").
524
525 UUID Either a universally unique identifier in the style of RFC 4122,
526 e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an @name defined
527 by a get or create command within the same ovn-sbctl invocation.
528
529 Multiple values in a single column may be separated by spaces or a sin‐
530 gle comma. When multiple values are present, duplicates are not
531 allowed, and order is not important. Conversely, some database columns
532 can have an empty set of values, represented as [], and square brackets
533 may optionally enclose other non-empty sets or single values as well.
534 For a column accepting a set of integers, database commands accept a
535 range. A range is represented by two integers separated by -. A range
536 is inclusive. A range has a maximum size of 4096 elements. If more ele‐
537 ments are needed, they can be specified in seperate ranges.
538
539 A few database columns are ``maps'' of key-value pairs, where the key
540 and the value are each some fixed database type. These are specified
541 in the form key=value, where key and value follow the syntax for the
542 column's key type and value type, respectively. When multiple pairs
543 are present (separated by spaces or a comma), duplicate keys are not
544 allowed, and again the order is not important. Duplicate values are
545 allowed. An empty map is represented as {}. Curly braces may option‐
546 ally enclose non-empty maps as well (but use quotes to prevent the
547 shell from expanding other-config={0=x,1=y} into other-config=0=x
548 other-config=1=y, which may not have the desired effect).
549
550 Database Command Syntax
551
552 [--if-exists] [--columns=column[,column]...] list table [record]...
553 Lists the data in each specified record. If no records are
554 specified, lists all the records in table.
555
556 If --columns is specified, only the requested columns are
557 listed, in the specified order. Otherwise, all columns are
558 listed, in alphabetical order by column name.
559
560 Without --if-exists, it is an error if any specified record does
561 not exist. With --if-exists, the command ignores any record
562 that does not exist, without producing any output.
563
564 [--columns=column[,column]...] find table [column[:key]=value]...
565 Lists the data in each record in table whose column equals value
566 or, if key is specified, whose column contains a key with the
567 specified value. The following operators may be used where = is
568 written in the syntax summary:
569
570 = != < > <= >=
571 Selects records in which column[:key] equals, does not
572 equal, is less than, is greater than, is less than or
573 equal to, or is greater than or equal to value, respec‐
574 tively.
575
576 Consider column[:key] and value as sets of elements.
577 Identical sets are considered equal. Otherwise, if the
578 sets have different numbers of elements, then the set
579 with more elements is considered to be larger. Other‐
580 wise, consider a element from each set pairwise, in
581 increasing order within each set. The first pair that
582 differs determines the result. (For a column that con‐
583 tains key-value pairs, first all the keys are compared,
584 and values are considered only if the two sets contain
585 identical keys.)
586
587 {=} {!=}
588 Test for set equality or inequality, respectively.
589
590 {<=} Selects records in which column[:key] is a subset of
591 value. For example, flood-vlans{<=}1,2 selects records
592 in which the flood-vlans column is the empty set or con‐
593 tains 1 or 2 or both.
594
595 {<} Selects records in which column[:key] is a proper subset
596 of value. For example, flood-vlans{<}1,2 selects records
597 in which the flood-vlans column is the empty set or con‐
598 tains 1 or 2 but not both.
599
600 {>=} {>}
601 Same as {<=} and {<}, respectively, except that the rela‐
602 tionship is reversed. For example, flood-vlans{>=}1,2
603 selects records in which the flood-vlans column contains
604 both 1 and 2.
605
606 For arithmetic operators (= != < > <= >=), when key is specified
607 but a particular record's column does not contain key, the
608 record is always omitted from the results. Thus, the condition
609 other-config:mtu!=1500 matches records that have a mtu key whose
610 value is not 1500, but not those that lack an mtu key.
611
612 For the set operators, when key is specified but a particular
613 record's column does not contain key, the comparison is done
614 against an empty set. Thus, the condition other-con‐
615 fig:mtu{!=}1500 matches records that have a mtu key whose value
616 is not 1500 and those that lack an mtu key.
617
618 Don't forget to escape < or > from interpretation by the shell.
619
620 If --columns is specified, only the requested columns are
621 listed, in the specified order. Otherwise all columns are
622 listed, in alphabetical order by column name.
623
624 The UUIDs shown for rows created in the same ovn-sbctl invoca‐
625 tion will be wrong.
626
627 [--if-exists] [--id=@name] get table record [column[:key]]...
628 Prints the value of each specified column in the given record in
629 table. For map columns, a key may optionally be specified, in
630 which case the value associated with key in the column is
631 printed, instead of the entire map.
632
633 Without --if-exists, it is an error if record does not exist or
634 key is specified, if key does not exist in record. With
635 --if-exists, a missing record yields no output and a missing key
636 prints a blank line.
637
638 If @name is specified, then the UUID for record may be referred
639 to by that name later in the same ovn-sbctl invocation in con‐
640 texts where a UUID is expected.
641
642 Both --id and the column arguments are optional, but usually at
643 least one or the other should be specified. If both are omit‐
644 ted, then get has no effect except to verify that record exists
645 in table.
646
647 --id and --if-exists cannot be used together.
648
649 [--if-exists] set table record column[:key]=value...
650 Sets the value of each specified column in the given record in
651 table to value. For map columns, a key may optionally be speci‐
652 fied, in which case the value associated with key in that column
653 is changed (or added, if none exists), instead of the entire
654 map.
655
656 Without --if-exists, it is an error if record does not exist.
657 With --if-exists, this command does nothing if record does not
658 exist.
659
660 [--if-exists] add table record column [key=]value...
661 Adds the specified value or key-value pair to column in record
662 in table. If column is a map, then key is required, otherwise
663 it is prohibited. If key already exists in a map column, then
664 the current value is not replaced (use the set command to
665 replace an existing value).
666
667 Without --if-exists, it is an error if record does not exist.
668 With --if-exists, this command does nothing if record does not
669 exist.
670
671 [--if-exists] remove table record column value...
672 [--if-exists] remove table record column key...
673 [--if-exists] remove table record column key=value...
674 Removes the specified values or key-value pairs from column in
675 record in table. The first form applies to columns that are not
676 maps: each specified value is removed from the column. The sec‐
677 ond and third forms apply to map columns: if only a key is spec‐
678 ified, then any key-value pair with the given key is removed,
679 regardless of its value; if a value is given then a pair is
680 removed only if both key and value match.
681
682 It is not an error if the column does not contain the specified
683 key or value or pair.
684
685 Without --if-exists, it is an error if record does not exist.
686 With --if-exists, this command does nothing if record does not
687 exist.
688
689 [--if-exists] clear table record column...
690 Sets each column in record in table to the empty set or empty
691 map, as appropriate. This command applies only to columns that
692 are allowed to be empty.
693
694 Without --if-exists, it is an error if record does not exist.
695 With --if-exists, this command does nothing if record does not
696 exist.
697
698 [--id=@name] create table column[:key]=value...
699 Creates a new record in table and sets the initial values of
700 each column. Columns not explicitly set will receive their
701 default values. Outputs the UUID of the new row.
702
703 If @name is specified, then the UUID for the new row may be
704 referred to by that name elsewhere in the same ovn-sbctl invoca‐
705 tion in contexts where a UUID is expected. Such references may
706 precede or follow the create command.
707
708 Caution (ovs-vsctl as example)
709 Records in the Open vSwitch database are significant only
710 when they can be reached directly or indirectly from the
711 Open_vSwitch table. Except for records in the QoS or
712 Queue tables, records that are not reachable from the
713 Open_vSwitch table are automatically deleted from the
714 database. This deletion happens immediately, without
715 waiting for additional ovs-vsctl commands or other data‐
716 base activity. Thus, a create command must generally be
717 accompanied by additional commands within the same
718 ovs-vsctl invocation to add a chain of references to the
719 newly created record from the top-level Open_vSwitch
720 record. The EXAMPLES section gives some examples that
721 show how to do this.
722
723 [--if-exists] destroy table record...
724 Deletes each specified record from table. Unless --if-exists is
725 specified, each records must exist.
726
727 --all destroy table
728 Deletes all records from the table.
729
730 Caution (ovs-vsctl as example)
731 The destroy command is only useful for records in the QoS
732 or Queue tables. Records in other tables are automati‐
733 cally deleted from the database when they become unreach‐
734 able from the Open_vSwitch table. This means that delet‐
735 ing the last reference to a record is sufficient for
736 deleting the record itself. For records in these tables,
737 destroy is silently ignored. See the EXAMPLES section
738 below for more information.
739
740 wait-until table record [column[:key]=value]...
741 Waits until table contains a record named record whose column
742 equals value or, if key is specified, whose column contains a
743 key with the specified value. Any of the operators !=, <, >,
744 <=, or >= may be substituted for = to test for inequality, less
745 than, greater than, less than or equal to, or greater than or
746 equal to, respectively. (Don't forget to escape < or > from
747 interpretation by the shell.)
748
749 If no column[:key]=value arguments are given, this command waits
750 only until record exists. If more than one such argument is
751 given, the command waits until all of them are satisfied.
752
753 Caution (ovs-vsctl as example)
754 Usually wait-until should be placed at the beginning of a
755 set of ovs-vsctl commands. For example, wait-until
756 bridge br0 -- get bridge br0 datapath_id waits until a
757 bridge named br0 is created, then prints its datapath_id
758 column, whereas get bridge br0 datapath_id -- wait-until
759 bridge br0 will abort if no bridge named br0 exists when
760 ovs-vsctl initially connects to the database.
761
762 Consider specifying --timeout=0 along with --wait-until, to pre‐
763 vent ovn-sbctl from terminating after waiting only at most 5
764 seconds.
765
766 comment [arg]...
767 This command has no effect on behavior, but any database log
768 record created by the command will include the command and its
769 arguments.
770
772 0 Successful program execution.
773
774 1 Usage, syntax, or configuration file error.
775
777 ovn-sb(5).
778
779
780
781Open vSwitch 2.10.0 ovn-sbctl(8)