1ovs-ctl(8) Open vSwitch Manual ovs-ctl(8)
2
6 ovs-ctl - OVS startup helper script
7
9 ovs-ctl --system-id=random|uuid [options] start
10 ovs-ctl stop
11 ovs-ctl --system-id=random|uuid [options] restart
12 ovs-ctl status
13 ovs-ctl version
14 ovs-ctl [options] load-kmod
15 ovs-ctl --system-id=random|uuid [options] force-reload-kmod
16 ovs-ctl [--protocol=protocol] [--sport=sport] [--dport=dport]
17 enable-protocol
18 ovs-ctl delete-transient-ports
19 ovs-ctl help | -h | --help
20 ovs-ctl --version
21
23 The ovs-ctl program starts, stops, and checks the status of Open
24 vSwitch daemons. It is not meant to be invoked directly by system
25 administrators but to be called internally by system startup scripts.
26 Each of ovs-ctl's commands is described separately below.
28
30 The start command starts Open vSwitch. It performs the following
31 tasks:
32 1. Loads the Open vSwitch kernel module. If this fails, and the
34 Linux bridge module is loaded but no bridges exist, it tries to
35 unload the bridge module and tries loading the Open vSwitch ker‐
36 nel module again. (This is because the Open vSwitch kernel mod‐
37 ule cannot coexist with the Linux bridge module before 2.6.37.)
38 The start command skips the following steps if ovsdb-server is already
40 running:
41 2. If the Open vSwitch database file does not exist, it creates it.
43 If the database does exist, but it has an obsolete version, it
44 upgrades it to the latest schema.
45 3. Starts ovsdb-server, unless the --no-ovsdb-server command option
47 is given.
48 4. Initializes a few values inside the database.
50 5. If the --delete-bridges option was used, deletes all of the
52 bridges from the database.
53 6. If the --delete-transient-ports option was used, deletes all
55 ports that have other_config:transient set to true.
56 The start command skips the following step if ovs-vswitchd is already
58 running, or if the --no-ovs-vswitchd command option is given:
59 7. Starts ovs-vswitchd.
61 Options
63 Several command-line options influence the start command's behavior.
64 Some form of the following option should ordinarily be specified:
65 --system-id=uuid
67 --system-id=random
68 This specifies a unique system identifier to store into exter‐
69 nal-ids:system-id in the database's Open_vSwitch table. Remote
70 managers that talk to the Open vSwitch database server over net‐
71 work protocols use this value to identify and distinguish Open
72 vSwitch instances, so it should be unique (at least) within OVS
73 instances that will connect to a single controller.
74 When random is specified, ovs-ctl will generate a random ID that
76 persists from one run to another (stored in a file). When
77 another string is specified ovs-ctl uses it literally.
78 The following options should be specified if the defaults are not suit‐
80 able:
81 --system-type=type
83 --system-version=version
84 Sets the value to store in the system-type and system-version
85 columns, respectively, in the database's Open_vSwitch table.
86 Remote managers may use these values to determine the kind of
87 system to which they are connected (primarily for display to
88 human administrators).
89 When not specified, ovs-ctl uses values from the optional sys‐
91 tem-type.conf and system-version.conf files(see section FILES)
92 or it uses the lsb_release program, if present, to provide rea‐
93 sonable defaults.
94 The following options are also likely to be useful:
96 --external-id="name=value"
98 Sets external-ids:name to value in the database's Open_vSwitch
99 table. Specifying this option multiple times adds multiple key-
100 value pairs.
101 --delete-bridges
103 Ordinarily Open vSwitch bridges persist from one system boot to
104 the next, as long as the database is preserved. Some environ‐
105 ments instead expect to re-create all of the bridges and other
106 configuration state on every boot. This option supports that,
107 by deleting all Open vSwitch bridges after starting ovsdb-server
108 but before starting ovs-vswitchd.
109 --delete-transient-ports
111 Deletes all ports that have the other_config:transient value set
112 to true. This is important on certain environments where some
113 ports are going to be recreated after reboot, but other ports
114 need to be persisted in the database.
115 --ovs-user=user[:group]
117 Ordinarily Open vSwitch daemons are started as the user invoking
118 the ovs-ctl command. Some system administrators would prefer to
119 have the various daemons spawn as different users in their envi‐
120 ronments. This option allows passing the --user option to the
121 ovsdb-server and ovs-vswitchd daemons, allowing them to change
122 their privilege levels.
123 The following options are less important:
125 --no-monitor
127 By default ovs-ctl passes --monitor to ovs-vswitchd and
128 ovsdb-server, requesting that it spawn a process monitor which
129 will restart the daemon if it crashes. This option suppresses
130 that behavior.
131 --daemon-cwd=directory
133 Specifies the current working directory that the OVS daemons
134 should run from. The default is / (the root directory) if this
135 option is not specified. (This option is useful because most
136 systems create core files in a process's current working direc‐
137 tory and because a file system that is in use as a process's
138 current working directory cannot be unmounted.)
139 --no-force-corefiles
141 By default, ovs-ctl enables core dumps for the OVS daemons.
142 This option disables that behavior.
143 --no-mlockall
145 By default ovs-ctl passes --mlockall to ovs-vswitchd, requesting
146 that it lock all of its virtual memory, preventing it from being
147 paged to disk. This option suppresses that behavior.
148 --no-self-confinement
150 Disable self-confinement for ovs-vswitchd and ovsdb-server dae‐
151 mons. This flag may be used when, for example, OpenFlow con‐
152 troller creates its Unix Domain Socket outside OVS run directory
153 and OVS needs to connect to it. It is better to stick with the
154 default behavior and not to use this flag, unless:
155 · You have Open vSwitch running under SELinux or AppArmor
157 Mandatory Access Control that would prevent OVS from
158 messing with sockets outside ordinary OVS directories.
159 · You believe that relying on protocol handshakes (e.g.
161 OpenFlow) is enough to prevent OVS to adversely interact
162 with other daemons running on your system.
163 · You don't have much worries of remote OVSDB exploits in
165 the first place, because, perhaps, OVSDB manager is run‐
166 ning on the same host as OVS and share similar attack
167 vectors.
168 --ovsdb-server-priority=niceness
170 --ovs-vswitchd-priority=niceness
171 Sets the nice(1) level used for each daemon. All of them
172 default to -10.
173 --ovsdb-server-wrapper=wrapper
175 --ovs-vswitchd-wrapper=wrapper
176 Configures the specified daemon to run under wrapper, which is
177 one of the following:
178 valgrind
180 Run the daemon under valgrind(1), if it is installed,
181 logging to daemon.valgrind.log.pid in the log directory.
182 strace Run the daemon under strace(1), if it is installed, log‐
184 ging to daemon.strace.log.pid in the log directory.
185 glibc Enable GNU C library features designed to find memory
187 errors.
188 By default, no wrapper is used.
190 Each of the wrappers can expose bugs in Open vSwitch that lead
192 to incorrect operation, including crashes. The valgrind and
193 strace wrappers greatly slow daemon operations so they should
194 not be used in production. They also produce voluminous logs
195 that can quickly fill small disk partitions. The glibc wrapper
196 is less resource-intensive but still somewhat slows the daemons.
197 The following options control file locations. They should only be used
199 if the default locations cannot be used. See FILES, below, for more
200 information.
201 --db-file=file
203 Overrides the file name for the OVS database.
204 --db-sock=socket
206 Overrides the file name for the Unix domain socket used to con‐
207 nect to ovsdb-server.
208 --db-schema=schema
210 Overrides the file name for the OVS database schema.
211 --extra-dbs=file
213 Adds file as an extra database for ovsdb-server to serve out.
214 Multiple space-separated file names may also be specified. file
215 should begin with /; if it does not, then it will be taken as
216 relative to dbdir.
217
219 The stop command does not unload the Open vSwitch kernel modules. It
220 can take the same --no-ovsdb-server and --no-ovs-vswitchd options as
221 that of the start command.
222 This command does nothing and finishes successfully if the OVS daemons
224 aren't running.
225
227 The restart command performs a stop followed by a start command. The
228 command can take the same options as that of the start command. In
229 addition, it saves and restores OpenFlow flows for each individual
230 bridge.
231
233 The status command checks whether the OVS daemons ovs-vswitchd and
234 ovsdb-server are running and prints messages with that information. It
235 exits with status 0 if the daemons are running, 1 otherwise.
236
238 The version command runs ovsdb-server --version and ovs-vswitchd --ver‐
239 sion.
240
242 The force-reload-kmod command allows upgrading the Open vSwitch kernel
243 module without rebooting. It performs the following tasks:
244 1. Gets a list of OVS ``internal'' interfaces, that is, network
246 devices implemented by Open vSwitch. The most common examples
247 of these are bridge ``local ports''.
248 2. Saves the OpenFlow flows of each bridge.
250 3. Stops the Open vSwitch daemons, as if by a call to ovs-ctl stop.
252 4. Saves the kernel configuration state of the OVS internal inter‐
254 faces listed in step 1, including IP and IPv6 addresses and
255 routing table entries.
256 5. Unloads the Open vSwitch kernel module (including the bridge
258 compatibility module if it is loaded).
259 6. Starts OVS back up, as if by a call to ovs-ctl start. This
261 reloads the kernel module, restarts the OVS daemons and finally
262 restores the saved OpenFlow flows.
263 7. Restores the kernel configuration state that was saved in step
265 4.
266 8. Checks for daemons that may need to be restarted because they
268 have packet sockets that are listening on old instances of Open
269 vSwitch kernel interfaces and, if it finds any, prints a warning
270 on stdout. DHCP is a common example: if the ISC DHCP client is
271 running on an OVS internal interface, then it will have to be
272 restarted after completing the above procedure. (It would be
273 nice if ovs-ctl could restart daemons automatically, but the
274 details are far too specific to a particular distribution and
275 installation.)
276 force-kmod-reload internally stops and starts OVS, so it accepts all of
278 the options accepted by the start command except for the
279 --no-ovs-vswitchd option.
280
282 The load-kmod command loads the openvswitch kernel modules if they are
283 not already loaded. This operation also occurs as part of the start
284 command. The motivation for providing the load-kmod command is to allow
285 errors when loading modules to be handled separatetly from other errors
286 that may occur when running the start command.
287 By default the load-kmod command attempts to load the openvswitch ker‐
289 nel module.
290
292 The enable-protocol command checks for rules related to a specified
293 protocol in the system's iptables(8) configuration. If there are no
294 rules specifically related to that protocol, then it inserts a rule to
295 accept the specified protocol.
296 More specifically:
298 · If iptables is not installed or not enabled, this command does
300 nothing, assuming that lack of filtering means that the protocol
301 is enabled.
302 · If the INPUT chain has a rule that matches the specified proto‐
304 col, then this command does nothing, assuming that whatever rule
305 is installed reflects the system administrator's decisions.
306 · Otherwise, this command installs a rule that accepts traffic of
308 the specified protocol.
309 This command normally completes successfully, even if it does nothing.
311 Only the failure of an attempt to insert a rule normally causes it to
312 return an exit code other than 0. The following options control the
313 protocol to be enabled:
314 --protocol=protocol
316 The name of the IP protocol to be enabled, such as gre or tcp.
317 The default is gre.
318 --sport=sport
320 --dport=dport
321 TCP or UDP source or destination port to match. These are
322 optional and allowed only with --protocol=tcp or --protocol=udp.
323
325 Deletes all ports that have the other_config:transient value set to
326 true.
327
329 Prints a usage message and exits successfully.
330
332 In addition to the options listed for each command above, these options
333 control the behavior of several of ovs-ctl's commands.
334 By default, ovs-ctl will control the ovsdb-server, and the ovs-vswitchd
336 daemons. The following options restrict that control to exclude one or
337 the other:
338 --no-ovsdb-server
340 Specifies that the ovs-ctl commands start, stop, and restart
341 should not modify the running status of ovsdb-server.
342 --no-ovs-vswitchd
344 Specifies that the ovs-ctl commands start, stop, and restart
345 should not modify the running status of ovs-vswitchd. It is an
346 error to include this option with the force-reload-kmod command.
347
349 ovs-ctl exits with status 0 on success and nonzero on failure. The
350 start command is considered to succeed if OVS is already started; the
351 stop command is considered to succeed if OVS is already stopped.
352
354 The following environment variables affect ovs-ctl:
355 PATH ovs-ctl does not hardcode the location of any of the programs
357 that it runs. ovs-ctl will add the sbindir and bindir that were
358 specified at configure time to PATH, if they are not already
359 present.
360 OVS_LOGDIR
362 OVS_RUNDIR
363 OVS_DBDIR
364 OVS_SYSCONFDIR
365 OVS_PKGDATADIR
366 OVS_BINDIR
367 OVS_SBINDIR
368 Setting one of these variables in the environment overrides the
369 respective configure option, both for ovs-ctl itself and for the
370 other Open vSwitch programs that it runs.
371
373 ovs-ctl uses the following files:
374 ovs-lib
376 Shell function library used internally by ovs-ctl. It must be
377 installed in the same directory as ovs-ctl.
378 logdir/daemon.log
380 Per-daemon logfiles.
381 rundir/daemon.pid
383 Per-daemon pidfiles to track whether a daemon is running and
384 with what process ID.
385 pkgdatadir/vswitch.ovsschema
387 The OVS database schema used to initialize the database (use
388 --db-schema to override this location).
389 dbdir/conf.db
391 The OVS database (use --db-file to override this location).
392 rundir/openvswitch/db.sock
394 The Unix domain socket used for local communication with
395 ovsdb-server (use --db-sock to override this location).
396 sysconfdir/openvswitch/system-id.conf
398 The persistent system UUID created and read by --system-id=ran‐
399 dom.
400 sysconfdir/openvswitch/system-type.conf
402 sysconfdir/openvswitch/system-version.conf
403 The system-type and system-version values stored in the data‐
404 base's Open_vSwitch table when not specified as a command-line
405 option.
406
408 The files debian/openvswitch-switch.init and xenserver/etc_init.d_open‐
409 vswitch in the Open vSwitch source distribution are good examples of
410 how to use ovs-ctl.
411
413 README.rst, ovsdb-server(8), ovs-vswitchd(8).
414Open vSwitch June 2011 ovs-ctl(8)