1vtep-ctl(8) Open vSwitch Manual vtep-ctl(8)
2
6 vtep-ctl - utility for querying and configuring a VTEP database
7
9 vtep-ctl [options] -- [options] command [args] [-- [options] command
10 [args]]...
11
13 The vtep-ctl program configures a VTEP database. See vtep(5) for com‐
14 prehensive documentation of the database schema.
15 vtep-ctl connects to an ovsdb-server process that maintains a VTEP con‐
17 figuration database. Using this connection, it queries and possibly
18 applies changes to the database, depending on the supplied commands.
19 vtep-ctl can perform any number of commands in a single run, imple‐
21 mented as a single atomic transaction against the database.
22 The vtep-ctl command line begins with global options (see OPTIONS below
24 for details). The global options are followed by one or more commands.
25 Each command should begin with -- by itself as a command-line argument,
26 to separate it from the following commands. (The -- before the first
27 command is optional.) The command itself starts with command-specific
28 options, if any, followed by the command name and any arguments. See
29 EXAMPLES below for syntax examples.
30
32 The following options affect the behavior vtep-ctl as a whole. Some
33 individual commands also accept their own options, which are given just
34 before the command name. If the first command on the command line has
35 options, then those options must be separated from the global options
36 by --.
37 --db=server
39 Sets server as the database server that vtep-ctl contacts to
40 query or modify configuration. server may be an OVSDB active or
41 passive connection method, as described in ovsdb(7). The
42 default is unix:/var/run/openvswitch/db.sock.
43 --no-syslog
45 By default, vtep-ctl logs its arguments and the details of any
46 changes that it makes to the system log. This option disables
47 this logging.
48 This option is equivalent to --verbose=vtep_ctl:syslog:warn.
50 --oneline
52 Modifies the output format so that the output for each command
53 is printed on a single line. New-line characters that would
54 otherwise separate lines are printed as \n, and any instances of
55 \ that would otherwise appear in the output are doubled. Prints
56 a blank line for each command that has no output. This option
57 does not affect the formatting of output from the list or find
58 commands; see Table Formatting Options below.
59 --dry-run
61 Prevents vtep-ctl from actually modifying the database.
62 -t secs
64 --timeout=secs
65 By default, or with a secs of 0, vtep-ctl waits forever for a
66 response from the database. This option limits runtime to
67 approximately secs seconds. If the timeout expires, vtep-ctl
68 will exit with a SIGALRM signal. (A timeout would normally hap‐
69 pen only if the database cannot be contacted, or if the system
70 is overloaded.)
71 Table Formatting Options
73 These options control the format of output from the list and find com‐
74 mands.
75 -f format
77 --format=format
78 Sets the type of table formatting. The following types of for‐
79 mat are available:
80 table 2-D text tables with aligned columns.
82 list (default)
84 A list with one column per line and rows separated by a
85 blank line.
86 html HTML tables.
88 csv Comma-separated values as defined in RFC 4180.
90 json JSON format as defined in RFC 4627. The output is a
92 sequence of JSON objects, each of which corresponds to
93 one table. Each JSON object has the following members
94 with the noted values:
95 caption
97 The table's caption. This member is omitted if
98 the table has no caption.
99 headings
101 An array with one element per table column. Each
102 array element is a string giving the corresponding
103 column's heading.
104 data An array with one element per table row. Each
106 element is also an array with one element per ta‐
107 ble column. The elements of this second-level
108 array are the cells that constitute the table.
109 Cells that represent OVSDB data or data types are
110 expressed in the format described in the OVSDB
111 specification; other cells are simply expressed as
112 text strings.
113 -d format
115 --data=format
116 Sets the formatting for cells within output tables unless the
117 table format is set to json, in which case json formatting is
118 always used when formatting cells. The following types of for‐
119 mat are available:
120 string (default)
122 The simple format described in the Database Values sec‐
123 tion of ovs-vsctl(8).
124 bare The simple format with punctuation stripped off: [] and
126 {} are omitted around sets, maps, and empty columns,
127 items within sets and maps are space-separated, and
128 strings are never quoted. This format may be easier for
129 scripts to parse.
130 json The RFC 4627 JSON format as described above.
132 --no-headings
134 This option suppresses the heading row that otherwise appears in
135 the first row of table output.
136 --pretty
138 By default, JSON in output is printed as compactly as possible.
139 This option causes JSON in output to be printed in a more read‐
140 able fashion. Members of objects and elements of arrays are
141 printed one per line, with indentation.
142 This option does not affect JSON in tables, which is always
144 printed compactly.
145 --bare Equivalent to --format=list --data=bare --no-headings.
147 --max-column-width=n
149 For table output only, limits the width of any column in the
150 output to n columns. Longer cell data is truncated to fit, as
151 necessary. Columns are always wide enough to display the column
152 names, if the heading row is printed.
153 Public Key Infrastructure Options
155 -p privkey.pem
156 --private-key=privkey.pem
157 Specifies a PEM file containing the private key used as
158 vtep-ctl's identity for outgoing SSL connections.
159 -c cert.pem
161 --certificate=cert.pem
162 Specifies a PEM file containing a certificate that certifies the
163 private key specified on -p or --private-key to be trustworthy.
164 The certificate must be signed by the certificate authority (CA)
165 that the peer in SSL connections will use to verify it.
166 -C cacert.pem
168 --ca-cert=cacert.pem
169 Specifies a PEM file containing the CA certificate that vtep-ctl
170 should use to verify certificates presented to it by SSL peers.
171 (This may be the same certificate that SSL peers use to verify
172 the certificate specified on -c or --certificate, or it may be a
173 different one, depending on the PKI design in use.)
174 -C none
176 --ca-cert=none
177 Disables verification of certificates presented by SSL peers.
178 This introduces a security risk, because it means that certifi‐
179 cates cannot be verified to be those of known trusted hosts.
180 --bootstrap-ca-cert=cacert.pem
182 When cacert.pem exists, this option has the same effect as -C or
183 --ca-cert. If it does not exist, then vtep-ctl will attempt to
184 obtain the CA certificate from the SSL peer on its first SSL
185 connection and save it to the named PEM file. If it is success‐
186 ful, it will immediately drop the connection and reconnect, and
187 from then on all SSL connections must be authenticated by a cer‐
188 tificate signed by the CA certificate thus obtained.
189 This option exposes the SSL connection to a man-in-the-middle
191 attack obtaining the initial CA certificate, but it may be use‐
192 ful for bootstrapping.
193 This option is only useful if the SSL peer sends its CA certifi‐
195 cate as part of the SSL certificate chain. The SSL protocol
196 does not require the server to send the CA certificate.
197 This option is mutually exclusive with -C and --ca-cert.
199 --peer-ca-cert=peer-cacert.pem
201 Specifies a PEM file that contains one or more additional cer‐
202 tificates to send to SSL peers. peer-cacert.pem should be the
203 CA certificate used to sign vtep-ctl's own certificate, that is,
204 the certificate specified on -c or --certificate. If vtep-ctl's
205 certificate is self-signed, then --certificate and
206 --peer-ca-cert should specify the same file.
207 This option is not useful in normal operation, because the SSL
209 peer must already have the CA certificate for the peer to have
210 any confidence in vtep-ctl's identity. However, this offers a
211 way for a new installation to bootstrap the CA certificate on
212 its first SSL connection.
213 -v[spec]
215 --verbose=[spec]
216 Sets logging levels. Without any spec, sets the log level for
217 every module and destination to dbg. Otherwise, spec is a list
218 of words separated by spaces or commas or colons, up to one from
219 each category below:
220 · A valid module name, as displayed by the vlog/list com‐
222 mand on ovs-appctl(8), limits the log level change to the
223 specified module.
224 · syslog, console, or file, to limit the log level change
226 to only to the system log, to the console, or to a file,
227 respectively. (If --detach is specified, vtep-ctl closes
228 its standard file descriptors, so logging to the console
229 will have no effect.)
230 On Windows platform, syslog is accepted as a word and is
232 only useful along with the --syslog-target option (the
233 word has no effect otherwise).
234 · off, emer, err, warn, info, or dbg, to control the log
236 level. Messages of the given severity or higher will be
237 logged, and messages of lower severity will be filtered
238 out. off filters out all messages. See ovs-appctl(8)
239 for a definition of each log level.
240 Case is not significant within spec.
242 Regardless of the log levels set for file, logging to a file
244 will not take place unless --log-file is also specified (see
245 below).
246 For compatibility with older versions of OVS, any is accepted as
248 a word but has no effect.
249 -v
251 --verbose
252 Sets the maximum logging verbosity level, equivalent to --ver‐
253 bose=dbg.
254 -vPATTERN:destination:pattern
256 --verbose=PATTERN:destination:pattern
257 Sets the log pattern for destination to pattern. Refer to
258 ovs-appctl(8) for a description of the valid syntax for pattern.
259 -vFACILITY:facility
261 --verbose=FACILITY:facility
262 Sets the RFC5424 facility of the log message. facility can be
263 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
264 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
265 local3, local4, local5, local6 or local7. If this option is not
266 specified, daemon is used as the default for the local system
267 syslog and local0 is used while sending a message to the target
268 provided via the --syslog-target option.
269 --log-file[=file]
271 Enables logging to a file. If file is specified, then it is
272 used as the exact name for the log file. The default log file
273 name used if file is omitted is /var/log/open‐
274 vswitch/vtep-ctl.log.
275 --syslog-target=host:port
277 Send syslog messages to UDP port on host, in addition to the
278 system syslog. The host must be a numerical IP address, not a
279 hostname.
280 --syslog-method=method
282 Specify method how syslog messages should be sent to syslog dae‐
283 mon. Following forms are supported:
284 · libc, use libc syslog() function. This is the default
286 behavior. Downside of using this options is that libc
287 adds fixed prefix to every message before it is actually
288 sent to the syslog daemon over /dev/log UNIX domain
289 socket.
290 · unix:file, use UNIX domain socket directly. It is possi‐
292 ble to specify arbitrary message format with this option.
293 However, rsyslogd 8.9 and older versions use hard coded
294 parser function anyway that limits UNIX domain socket
295 use. If you want to use arbitrary message format with
296 older rsyslogd versions, then use UDP socket to localhost
297 IP address instead.
298 · udp:ip:port, use UDP socket. With this method it is pos‐
300 sible to use arbitrary message format also with older
301 rsyslogd. When sending syslog messages over UDP socket
302 extra precaution needs to be taken into account, for
303 example, syslog daemon needs to be configured to listen
304 on the specified UDP port, accidental iptables rules
305 could be interfering with local syslog traffic and there
306 are some security considerations that apply to UDP sock‐
307 ets, but do not apply to UNIX domain sockets.
308 -h
310 --help Prints a brief help message to the console.
311 -V
313 --version
314 Prints version information to the console.
315
317 The commands implemented by vtep-ctl are described in the sections
318 below.
319 Physical Switch Commands
321 These commands examine and manipulate physical switches.
322 [--may-exist] add-ps pswitch
324 Creates a new physical switch named pswitch. Initially the
325 switch will have no ports.
326 Without --may-exist, attempting to create a switch that exists
328 is an error. With --may-exist, this command does nothing if
329 pswitch already exists.
330 [--if-exists] del-ps pswitch
332 Deletes pswitch and all of its ports.
333 Without --if-exists, attempting to delete a switch that does not
335 exist is an error. With --if-exists, attempting to delete a
336 switch that does not exist has no effect.
337 list-ps
339 Lists all existing physical switches on standard output, one per
340 line.
341 ps-exists pswitch
343 Tests whether pswitch exists. If so, vtep-ctl exits success‐
344 fully with exit code 0. If not, vtep-ctl exits unsuccessfully
345 with exit code 2.
346 Port Commands
348 These commands examine and manipulate VTEP physical ports.
349 list-ports pswitch
351 Lists all of the ports within pswitch on standard output, one
352 per line.
353 [--may-exist] add-port pswitch port
355 Creates on pswitch a new port named port from the network device
356 of the same name.
357 Without --may-exist, attempting to create a port that exists is
359 an error. With --may-exist, this command does nothing if port
360 already exists on pswitch.
361 [--if-exists] del-port [pswitch] port
363 Deletes port. If pswitch is omitted, port is removed from what‐
364 ever switch contains it; if pswitch is specified, it must be the
365 switch that contains port.
366 Without --if-exists, attempting to delete a port that does not
368 exist is an error. With --if-exists, attempting to delete a
369 port that does not exist has no effect.
370 Logical Switch Commands
372 These commands examine and manipulate logical switches.
373 [--may-exist] add-ls lswitch
375 Creates a new logical switch named lswitch. Initially the
376 switch will have no locator bindings.
377 Without --may-exist, attempting to create a switch that exists
379 is an error. With --may-exist, this command does nothing if
380 lswitch already exists.
381 [--if-exists] del-ls lswitch
383 Deletes lswitch.
384 Without --if-exists, attempting to delete a switch that does not
386 exist is an error. With --if-exists, attempting to delete a
387 switch that does not exist has no effect.
388 list-ls
390 Lists all existing logical switches on standard output, one per
391 line.
392 ls-exists lswitch
394 Tests whether lswitch exists. If so, vtep-ctl exits success‐
395 fully with exit code 0. If not, vtep-ctl exits unsuccessfully
396 with exit code 2.
397 bind-ls pswitch port vlan lswitch
399 Bind logical switch lswitch to the port/vlan combination on the
400 physical switch pswitch.
401 unbind-ls pswitch port vlan
403 Remove the logical switch binding from the port/vlan combination
404 on the physical switch pswitch.
405 list-bindings pswitch port
407 List the logical switch bindings for port on the physical switch
408 pswitch.
409 set-replication-mode lswitch replication-mode
411 Set logical switch lswitch replication mode to replication-mode;
412 the only valid values for replication mode are "service_node"
413 and "source_node". For handling L2 broadcast, multicast and
414 unknown unicast traffic, packets can be sent to all members of a
415 logical switch referenced by a physical switch. There are dif‐
416 ferent modes to replicate the packets. The default mode of
417 replication is to send the traffic to a service node, which can
418 be a hypervisor, server or appliance, and let the service node
419 handle replication to other transport nodes (hypervisors or
420 other VTEP physical switches). This mode is called service node
421 replication. An alternate mode of replication, called source
422 node replication involves the source node sending to all other
423 transport nodes. Hypervisors are always responsible for doing
424 their own replication for locally attached VMs in both modes.
425 Service node mode is the default, if the replication mode is not
426 explicitly set. Service node replication mode is considered a
427 basic requirement because it only requires sending the packet to
428 a single transport node.
429 get-replication-mode lswitch
431 Get logical switch lswitch replication mode. The only valid
432 values for replication mode are "service_node" and
433 "source_node". An empty reply for replication mode implies a
434 default of "service_node".
435 Logical Router Commands
437 These commands examine and manipulate logical routers.
438 [--may-exist] add-lr lrouter
440 Creates a new logical router named lrouter.
441 Without --may-exist, attempting to create a router that exists
443 is an error. With --may-exist, this command does nothing if
444 lrouter already exists.
445 [--if-exists] del-lr lrouter
447 Deletes lrouter.
448 Without --if-exists, attempting to delete a router that does not
450 exist is an error. With --if-exists, attempting to delete a
451 router that does not exist has no effect.
452 list-lr
454 Lists all existing logical routers on standard output, one per
455 line.
456 lr-exists lrouter
458 Tests whether lrouter exists. If so, vtep-ctl exits success‐
459 fully with exit code 0. If not, vtep-ctl exits unsuccessfully
460 with exit code 2.
461 Local MAC Binding Commands
464 These commands examine and manipulate local MAC bindings for the logi‐
465 cal switch. The local maps are written by the VTEP to refer to MACs it
466 has learned on its physical ports.
467 add-ucast-local lswitch mac [encap] ip
469 Map the unicast Ethernet address mac to the physical location ip
470 using encapsulation encap on lswitch. If encap is not speci‐
471 fied, the default is "vxlan_over_ipv4". The local mappings are
472 used by the VTEP to refer to MACs learned on its physical ports.
473 del-ucast-local lswitch mac
475 Remove the local unicast Ethernet address mac map from lswitch.
476 The local mappings are used by the VTEP to refer to MACs learned
477 on its physical ports.
478 add-mcast-local lswitch mac [encap] ip
480 Add physical location ip using encapsulation encap to the local
481 mac binding table for multicast Ethernet address mac on lswitch.
482 If encap is not specified, the default is "vxlan_over_ipv4".
483 The local mappings are used by the VTEP to refer to MACs learned
484 on its physical ports.
485 del-mcast-local lswitch mac [encap] ip
487 Remove physical location ip using encapsulation encap from the
488 local mac binding table for multicast Ethernet address mac on
489 lswitch. If encap is not specified, the default is
490 "vxlan_over_ipv4". The local mappings are used by the VTEP to
491 refer to MACs learned on its physical ports.
492 clear-local-macs lswitch
494 Clear the local MAC bindings for lswitch.
495 list-local-macs lswitch
497 List the local MAC bindings for lswitch, one per line.
498 Remote MAC Binding Commands
500 These commands examine and manipulate local and remote MAC bindings for
501 the logical switch. The remote maps are written by the network virtu‐
502 alization controller to refer to MACs that it has learned.
503 add-ucast-remote lswitch mac [encap] ip
505 Map the unicast Ethernet address mac to the physical location ip
506 using encapsulation encap on lswitch. If encap is not speci‐
507 fied, the default is "vxlan_over_ipv4". The remote mappings are
508 used by the network virtualization platform to refer to MACs
509 that it has learned.
510 del-ucast-remote lswitch mac
512 Remove the remote unicast Ethernet address mac map from lswitch.
513 The remote mappings are used by the network virtualization plat‐
514 form to refer to MACs that it has learned.
515 add-mcast-remote lswitch mac [encap] ip
517 Add physical location ip using encapsulation encap to the remote
518 mac binding table for multicast Ethernet address mac on lswitch.
519 If encap is not specified, the default is "vxlan_over_ipv4".
520 The remote mappings are used by the network virtualization plat‐
521 form to refer to MACs that it has learned.
522 del-mcast-remote lswitch mac [encap] ip
524 Remove physical location ip using encapsulation encap from the
525 remote mac binding table for multicast Ethernet address mac on
526 lswitch. If encap is not specified, the default is
527 "vxlan_over_ipv4". The remote mappings are used by the network
528 virtualization platform to refer to MACs that it has learned.
529 clear-remote-macs lswitch
531 Clear the remote MAC bindings for lswitch.
532 list-remote-macs lswitch
534 List the remote MAC bindings for lswitch, one per line.
535 Manager Connectivity
537 These commands manipulate the managers column in the Global table and
538 rows in the Managers table. When ovsdb-server is configured to use the
539 managers column for OVSDB connections (as described in the startup
540 scripts provided with Open vSwitch), this allows the administrator to
541 use vtep-ctl to configure database connections.
542 get-manager
544 Prints the configured manager(s).
545 del-manager
547 Deletes the configured manager(s).
548 set-manager target...
550 Sets the configured manager target or targets. Each target may
551 be an OVSDB active or passive connection method, e.g. pssl:6640,
552 as described in ovsdb(7).
553 Database Commands
555 These commands query and modify the contents of ovsdb tables. They are
556 a slight abstraction of the ovsdb interface and as such they operate at
557 a lower level than other vtep-ctl commands.
558 Identifying Tables, Records, and Columns
560 Each of these commands has a table parameter to identify a table within
562 the database. Many of them also take a record parameter that identi‐
563 fies a particular record within a table. The record parameter may be
564 the UUID for a record, and many tables offer additional ways to iden‐
565 tify records. Some commands also take column parameters that identify
566 a particular field within the records in a table.
567 The following tables are currently defined:
569 Global Top-level configuration for a hardware VTEP. This table con‐
571 tains exactly one record, identified by specifying . as the
572 record name.
573 Manager
575 Configuration for an OVSDB connection. Records may be identi‐
576 fied by target (e.g. tcp:1.2.3.4).
577 Physical_Switch
579 A physical switch that implements a VTEP. Records may be iden‐
580 tified by physical switch name.
581 Physical_Port
583 A port within a physical switch.
584 Logical_Binding_Stats
586 Reports statistics for the logical switch with which a VLAN on a
587 physical port is associated.
588 Logical_Switch
590 A logical Ethernet switch. Records may be identified by logical
591 switch name.
592 Ucast_Macs_Local
594 Mapping of locally discovered unicast MAC addresses to tunnels.
595 Ucast_Macs_Remote
597 Mapping of remotely programmed unicast MAC addresses to tunnels.
598 Mcast_Macs_Local
600 Mapping of locally discovered multicast MAC addresses to tun‐
601 nels.
602 Mcast_Macs_Remote
604 Mapping of remotely programmed multicast MAC addresses to tun‐
605 nels.
606 Physical_Locator_Set
608 A set of one or more physical locators.
609 Physical_Locator
611 Identifies an endpoint to which logical switch traffic may be
612 encapsulated and forwarded. Records may be identified by physi‐
613 cal locator name.
614 Record names must be specified in full and with correct capitalization,
616 except that UUIDs may be abbreviated to their first 4 (or more) hex
617 digits, as long as that is unique within the table. Names of tables
618 and columns are not case-sensitive, and - and _ are treated inter‐
619 changeably. Unique abbreviations of table and column names are accept‐
620 able, e.g. man or m is sufficient to identify the Manager table.
621 Database Values
623 Each column in the database accepts a fixed type of data. The cur‐
625 rently defined basic types, and their representations, are:
626 integer
628 A decimal integer in the range -2**63 to 2**63-1, inclusive.
629 real A floating-point number.
631 Boolean
633 True or false, written true or false, respectively.
634 string An arbitrary Unicode string, except that null bytes are not
636 allowed. Quotes are optional for most strings that begin with
637 an English letter or underscore and consist only of letters,
638 underscores, hyphens, and periods. However, true and false and
639 strings that match the syntax of UUIDs (see below) must be
640 enclosed in double quotes to distinguish them from other basic
641 types. When double quotes are used, the syntax is that of
642 strings in JSON, e.g. backslashes may be used to escape special
643 characters. The empty string must be represented as a pair of
644 double quotes ("").
645 UUID Either a universally unique identifier in the style of RFC 4122,
647 e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an @name defined
648 by a get or create command within the same vtep-ctl invocation.
649 Multiple values in a single column may be separated by spaces or a sin‐
651 gle comma. When multiple values are present, duplicates are not
652 allowed, and order is not important. Conversely, some database columns
653 can have an empty set of values, represented as [], and square brackets
654 may optionally enclose other non-empty sets or single values as well.
655 For a column accepting a set of integers, database commands accept a
656 range. A range is represented by two integers separated by -. A range
657 is inclusive. A range has a maximum size of 4096 elements. If more ele‐
658 ments are needed, they can be specified in seperate ranges.
659 A few database columns are ``maps'' of key-value pairs, where the key
661 and the value are each some fixed database type. These are specified
662 in the form key=value, where key and value follow the syntax for the
663 column's key type and value type, respectively. When multiple pairs
664 are present (separated by spaces or a comma), duplicate keys are not
665 allowed, and again the order is not important. Duplicate values are
666 allowed. An empty map is represented as {}. Curly braces may option‐
667 ally enclose non-empty maps as well (but use quotes to prevent the
668 shell from expanding other-config={0=x,1=y} into other-config=0=x
669 other-config=1=y, which may not have the desired effect).
670 Database Command Syntax
672 [--if-exists] [--columns=column[,column]...] list table [record]...
674 Lists the data in each specified record. If no records are
675 specified, lists all the records in table.
676 If --columns is specified, only the requested columns are
678 listed, in the specified order. Otherwise, all columns are
679 listed, in alphabetical order by column name.
680 Without --if-exists, it is an error if any specified record does
682 not exist. With --if-exists, the command ignores any record
683 that does not exist, without producing any output.
684 [--columns=column[,column]...] find table [column[:key]=value]...
686 Lists the data in each record in table whose column equals value
687 or, if key is specified, whose column contains a key with the
688 specified value. The following operators may be used where = is
689 written in the syntax summary:
690 = != < > <= >=
692 Selects records in which column[:key] equals, does not
693 equal, is less than, is greater than, is less than or
694 equal to, or is greater than or equal to value, respec‐
695 tively.
696 Consider column[:key] and value as sets of elements.
698 Identical sets are considered equal. Otherwise, if the
699 sets have different numbers of elements, then the set
700 with more elements is considered to be larger. Other‐
701 wise, consider a element from each set pairwise, in
702 increasing order within each set. The first pair that
703 differs determines the result. (For a column that con‐
704 tains key-value pairs, first all the keys are compared,
705 and values are considered only if the two sets contain
706 identical keys.)
707 {=} {!=}
709 Test for set equality or inequality, respectively.
710 {<=} Selects records in which column[:key] is a subset of
712 value. For example, flood-vlans{<=}1,2 selects records
713 in which the flood-vlans column is the empty set or con‐
714 tains 1 or 2 or both.
715 {<} Selects records in which column[:key] is a proper subset
717 of value. For example, flood-vlans{<}1,2 selects records
718 in which the flood-vlans column is the empty set or con‐
719 tains 1 or 2 but not both.
720 {>=} {>}
722 Same as {<=} and {<}, respectively, except that the rela‐
723 tionship is reversed. For example, flood-vlans{>=}1,2
724 selects records in which the flood-vlans column contains
725 both 1 and 2.
726 For arithmetic operators (= != < > <= >=), when key is specified
728 but a particular record's column does not contain key, the
729 record is always omitted from the results. Thus, the condition
730 other-config:mtu!=1500 matches records that have a mtu key whose
731 value is not 1500, but not those that lack an mtu key.
732 For the set operators, when key is specified but a particular
734 record's column does not contain key, the comparison is done
735 against an empty set. Thus, the condition other-con‐
736 fig:mtu{!=}1500 matches records that have a mtu key whose value
737 is not 1500 and those that lack an mtu key.
738 Don't forget to escape < or > from interpretation by the shell.
740 If --columns is specified, only the requested columns are
742 listed, in the specified order. Otherwise all columns are
743 listed, in alphabetical order by column name.
744 The UUIDs shown for rows created in the same vtep-ctl invocation
746 will be wrong.
747 [--if-exists] [--id=@name] get table record [column[:key]]...
749 Prints the value of each specified column in the given record in
750 table. For map columns, a key may optionally be specified, in
751 which case the value associated with key in the column is
752 printed, instead of the entire map.
753 Without --if-exists, it is an error if record does not exist or
755 key is specified, if key does not exist in record. With
756 --if-exists, a missing record yields no output and a missing key
757 prints a blank line.
758 If @name is specified, then the UUID for record may be referred
760 to by that name later in the same vtep-ctl invocation in con‐
761 texts where a UUID is expected.
762 Both --id and the column arguments are optional, but usually at
764 least one or the other should be specified. If both are omit‐
765 ted, then get has no effect except to verify that record exists
766 in table.
767 --id and --if-exists cannot be used together.
769 [--if-exists] set table record column[:key]=value...
771 Sets the value of each specified column in the given record in
772 table to value. For map columns, a key may optionally be speci‐
773 fied, in which case the value associated with key in that column
774 is changed (or added, if none exists), instead of the entire
775 map.
776 Without --if-exists, it is an error if record does not exist.
778 With --if-exists, this command does nothing if record does not
779 exist.
780 [--if-exists] add table record column [key=]value...
782 Adds the specified value or key-value pair to column in record
783 in table. If column is a map, then key is required, otherwise
784 it is prohibited. If key already exists in a map column, then
785 the current value is not replaced (use the set command to
786 replace an existing value).
787 Without --if-exists, it is an error if record does not exist.
789 With --if-exists, this command does nothing if record does not
790 exist.
791 [--if-exists] remove table record column value...
793 [--if-exists] remove table record column key...
794 [--if-exists] remove table record column key=value...
795 Removes the specified values or key-value pairs from column in
796 record in table. The first form applies to columns that are not
797 maps: each specified value is removed from the column. The sec‐
798 ond and third forms apply to map columns: if only a key is spec‐
799 ified, then any key-value pair with the given key is removed,
800 regardless of its value; if a value is given then a pair is
801 removed only if both key and value match.
802 It is not an error if the column does not contain the specified
804 key or value or pair.
805 Without --if-exists, it is an error if record does not exist.
807 With --if-exists, this command does nothing if record does not
808 exist.
809 [--if-exists] clear table record column...
811 Sets each column in record in table to the empty set or empty
812 map, as appropriate. This command applies only to columns that
813 are allowed to be empty.
814 Without --if-exists, it is an error if record does not exist.
816 With --if-exists, this command does nothing if record does not
817 exist.
818 [--id=@name] create table column[:key]=value...
820 Creates a new record in table and sets the initial values of
821 each column. Columns not explicitly set will receive their
822 default values. Outputs the UUID of the new row.
823 If @name is specified, then the UUID for the new row may be
825 referred to by that name elsewhere in the same vtep-ctl invoca‐
826 tion in contexts where a UUID is expected. Such references may
827 precede or follow the create command.
828 Caution (ovs-vsctl as example)
830 Records in the Open vSwitch database are significant only
831 when they can be reached directly or indirectly from the
832 Open_vSwitch table. Except for records in the QoS or
833 Queue tables, records that are not reachable from the
834 Open_vSwitch table are automatically deleted from the
835 database. This deletion happens immediately, without
836 waiting for additional ovs-vsctl commands or other data‐
837 base activity. Thus, a create command must generally be
838 accompanied by additional commands within the same
839 ovs-vsctl invocation to add a chain of references to the
840 newly created record from the top-level Open_vSwitch
841 record. The EXAMPLES section gives some examples that
842 show how to do this.
843 [--if-exists] destroy table record...
845 Deletes each specified record from table. Unless --if-exists is
846 specified, each records must exist.
847 --all destroy table
849 Deletes all records from the table.
850 Caution (ovs-vsctl as example)
852 The destroy command is only useful for records in the QoS
853 or Queue tables. Records in other tables are automati‐
854 cally deleted from the database when they become unreach‐
855 able from the Open_vSwitch table. This means that delet‐
856 ing the last reference to a record is sufficient for
857 deleting the record itself. For records in these tables,
858 destroy is silently ignored. See the EXAMPLES section
859 below for more information.
860 wait-until table record [column[:key]=value]...
862 Waits until table contains a record named record whose column
863 equals value or, if key is specified, whose column contains a
864 key with the specified value. Any of the operators !=, <, >,
865 <=, or >= may be substituted for = to test for inequality, less
866 than, greater than, less than or equal to, or greater than or
867 equal to, respectively. (Don't forget to escape < or > from
868 interpretation by the shell.)
869 If no column[:key]=value arguments are given, this command waits
871 only until record exists. If more than one such argument is
872 given, the command waits until all of them are satisfied.
873 Caution (ovs-vsctl as example)
875 Usually wait-until should be placed at the beginning of a
876 set of ovs-vsctl commands. For example, wait-until
877 bridge br0 -- get bridge br0 datapath_id waits until a
878 bridge named br0 is created, then prints its datapath_id
879 column, whereas get bridge br0 datapath_id -- wait-until
880 bridge br0 will abort if no bridge named br0 exists when
881 ovs-vsctl initially connects to the database.
882 Consider specifying --timeout=0 along with --wait-until, to pre‐
884 vent vtep-ctl from terminating after waiting only at most 5 sec‐
885 onds.
886 comment [arg]...
888 This command has no effect on behavior, but any database log
889 record created by the command will include the command and its
890 arguments.
891
893 0 Successful program execution.
894 1 Usage, syntax, or configuration file error.
896 2 The switch argument to ps-exists specified the name of a physi‐
898 cal switch that does not exist.
899
901 ovsdb-server(1), vtep(5).
902Open vSwitch March 2013 vtep-ctl(8)