1ovs-ctl(8)                    Open vSwitch Manual                   ovs-ctl(8)
2
3
4

NAME

6       ovs-ctl - OVS startup helper script
7

SYNOPSIS

9       ovs-ctl --system-id=random|uuid [options] start
10       ovs-ctl stop
11       ovs-ctl --system-id=random|uuid [options] restart
12       ovs-ctl status
13       ovs-ctl version
14       ovs-ctl [options] load-kmod
15       ovs-ctl --system-id=random|uuid [options] force-reload-kmod
16       ovs-ctl     [--protocol=protocol]    [--sport=sport]    [--dport=dport]
17       enable-protocol
18       ovs-ctl delete-transient-ports
19       ovs-ctl help | -h | --help
20       ovs-ctl --version
21

DESCRIPTION

23       The ovs-ctl program starts,  stops,  and  checks  the  status  of  Open
24       vSwitch  daemons.   It  is  not  meant to be invoked directly by system
25       administrators but to be called internally by system startup scripts.
26
27       Each of ovs-ctl's commands is described separately below.
28

The ``start'' command

30       The start command starts  Open  vSwitch.   It  performs  the  following
31       tasks:
32
33       1.     Loads  the  Open  vSwitch kernel module.  If this fails, and the
34              Linux bridge module is loaded but no bridges exist, it tries  to
35              unload the bridge module and tries loading the Open vSwitch ker‐
36              nel module again.  (This is because the Open vSwitch kernel mod‐
37              ule cannot coexist with the Linux bridge module before 2.6.37.)
38
39       The  start command skips the following steps if ovsdb-server is already
40       running:
41
42       2.     If the Open vSwitch database file does not exist, it creates it.
43              If  the  database does exist, but it has an obsolete version, it
44              upgrades it to the latest schema.
45
46       3.     Starts ovsdb-server, unless the --no-ovsdb-server command option
47              is given.
48
49       4.     Initializes a few values inside the database.
50
51       5.     If  the  --delete-bridges  option  was  used, deletes all of the
52              bridges from the database.
53
54       6.     If the --delete-transient-ports option  was  used,  deletes  all
55              ports that have other_config:transient set to true.
56
57       The  start  command skips the following step if ovs-vswitchd is already
58       running, or if the --no-ovs-vswitchd command option is given:
59
60       7.     Starts ovs-vswitchd.
61
62   Options
63       Several command-line options influence the  start  command's  behavior.
64       Some form of the following option should ordinarily be specified:
65
66       --system-id=uuid
67       --system-id=random
68              This  specifies  a unique system identifier to store into exter‐
69              nal-ids:system-id in the database's Open_vSwitch table.   Remote
70              managers that talk to the Open vSwitch database server over net‐
71              work protocols use this value to identify and  distinguish  Open
72              vSwitch  instances, so it should be unique (at least) within OVS
73              instances that will connect to a single controller.
74
75              When random is specified, ovs-ctl will generate a random ID that
76              persists  from  one  run  to  another  (stored in a file).  When
77              another string is specified ovs-ctl uses it literally.
78
79       The following options should be specified if the defaults are not suit‐
80       able:
81
82       --system-type=type
83       --system-version=version
84              Sets  the  value  to store in the system-type and system-version
85              columns, respectively, in  the  database's  Open_vSwitch  table.
86              Remote  managers  may  use these values to determine the kind of
87              system to which they are connected  (primarily  for  display  to
88              human administrators).
89
90              When  not  specified, ovs-ctl uses values from the optional sys‐
91              tem-type.conf and system-version.conf files(see  section  FILES)
92              or  it uses the lsb_release program, if present, to provide rea‐
93              sonable defaults.
94
95       The following options are also likely to be useful:
96
97       --external-id="name=value"
98              Sets external-ids:name to value in the  database's  Open_vSwitch
99              table.  Specifying this option multiple times adds multiple key-
100              value pairs.
101
102       --delete-bridges
103              Ordinarily Open vSwitch bridges persist from one system boot  to
104              the  next,  as long as the database is preserved.  Some environ‐
105              ments instead expect to re-create all of the bridges  and  other
106              configuration  state  on every boot.  This option supports that,
107              by deleting all Open vSwitch bridges after starting ovsdb-server
108              but before starting ovs-vswitchd.
109
110       --delete-transient-ports
111              Deletes all ports that have the other_config:transient value set
112              to true. This is important on certain  environments  where  some
113              ports  are  going  to be recreated after reboot, but other ports
114              need to be persisted in the database.
115
116       --ovs-user=user[:group]
117              Ordinarily Open vSwitch daemons are started as the user invoking
118              the ovs-ctl command.  Some system administrators would prefer to
119              have the various daemons spawn as different users in their envi‐
120              ronments.   This  option allows passing the --user option to the
121              ovsdb-server and ovs-vswitchd daemons, allowing them  to  change
122              their privilege levels.
123
124       The following options are less important:
125
126       --no-monitor
127              By   default   ovs-ctl  passes  --monitor  to  ovs-vswitchd  and
128              ovsdb-server, requesting that it spawn a process  monitor  which
129              will  restart  the daemon if it crashes.  This option suppresses
130              that behavior.
131
132       --daemon-cwd=directory
133              Specifies the current working directory  that  the  OVS  daemons
134              should  run from.  The default is / (the root directory) if this
135              option is not specified.  (This option is  useful  because  most
136              systems  create core files in a process's current working direc‐
137              tory and because a file system that is in  use  as  a  process's
138              current working directory cannot be unmounted.)
139
140       --no-force-corefiles
141              By  default,  ovs-ctl  enables  core  dumps for the OVS daemons.
142              This option disables that behavior.
143
144       --no-mlockall
145              By default ovs-ctl passes --mlockall to ovs-vswitchd, requesting
146              that it lock all of its virtual memory, preventing it from being
147              paged to disk.  This option suppresses that behavior.
148
149       --no-self-confinement
150              Disable self-confinement for ovs-vswitchd and ovsdb-server  dae‐
151              mons.   This  flag  may be used when, for example, OpenFlow con‐
152              troller creates its Unix Domain Socket outside OVS run directory
153              and  OVS needs to connect to it.  It is better to stick with the
154              default behavior and not to use this flag, unless:
155
156              ·      You have Open vSwitch running under SELinux  or  AppArmor
157                     Mandatory  Access  Control  that  would  prevent OVS from
158                     messing with sockets outside ordinary OVS directories.
159
160              ·      You believe that relying  on  protocol  handshakes  (e.g.
161                     OpenFlow)  is enough to prevent OVS to adversely interact
162                     with other daemons running on your system.
163
164              ·      You don't have much worries of remote OVSDB  exploits  in
165                     the  first place, because, perhaps, OVSDB manager is run‐
166                     ning on the same host as OVS  and  share  similar  attack
167                     vectors.
168
169       --ovsdb-server-priority=niceness
170       --ovs-vswitchd-priority=niceness
171              Sets  the  nice(1)  level  used  for  each  daemon.  All of them
172              default to -10.
173
174       --ovsdb-server-wrapper=wrapper
175       --ovs-vswitchd-wrapper=wrapper
176              Configures the specified daemon to run under wrapper,  which  is
177              one of the following:
178
179              valgrind
180                     Run  the  daemon  under  valgrind(1), if it is installed,
181                     logging to daemon.valgrind.log.pid in the log directory.
182
183              strace Run the daemon under strace(1), if it is installed,  log‐
184                     ging to daemon.strace.log.pid in the log directory.
185
186              glibc  Enable  GNU  C  library  features designed to find memory
187                     errors.
188
189              By default, no wrapper is used.
190
191              Each of the wrappers can expose bugs in Open vSwitch  that  lead
192              to  incorrect  operation,  including  crashes.  The valgrind and
193              strace wrappers greatly slow daemon operations  so  they  should
194              not  be  used  in production.  They also produce voluminous logs
195              that can quickly fill small disk partitions.  The glibc  wrapper
196              is less resource-intensive but still somewhat slows the daemons.
197
198       The following options control file locations.  They should only be used
199       if the default locations cannot be used.  See FILES,  below,  for  more
200       information.
201
202       --db-file=file
203              Overrides the file name for the OVS database.
204
205       --db-sock=socket
206              Overrides  the file name for the Unix domain socket used to con‐
207              nect to ovsdb-server.
208
209       --db-schema=schema
210              Overrides the file name for the OVS database schema.
211
212       --extra-dbs=file
213              Adds file as an extra database for ovsdb-server  to  serve  out.
214              Multiple space-separated file names may also be specified.  file
215              should begin with /; if it does not, then it will  be  taken  as
216              relative to dbdir.
217

The ``stop'' command

219       The  stop  command  does not unload the Open vSwitch kernel modules. It
220       can take the same --no-ovsdb-server and  --no-ovs-vswitchd  options  as
221       that of the start command.
222
223       This  command does nothing and finishes successfully if the OVS daemons
224       aren't running.
225

The ``restart'' command

227       The restart command performs a stop followed by a start  command.   The
228       command  can  take  the  same  options as that of the start command. In
229       addition, it saves and restores  OpenFlow  flows  for  each  individual
230       bridge.
231

The ``status'' command

233       The  status  command  checks  whether  the OVS daemons ovs-vswitchd and
234       ovsdb-server are running and prints messages with that information.  It
235       exits with status 0 if the daemons are running, 1 otherwise.
236

The ``version'' command

238       The version command runs ovsdb-server --version and ovs-vswitchd --ver‐
239       sion.
240

The ``force-reload-kmod'' command

242       The force-reload-kmod command allows upgrading the Open vSwitch  kernel
243       module without rebooting.  It performs the following tasks:
244
245       1.     Gets  a  list  of  OVS ``internal'' interfaces, that is, network
246              devices implemented by Open vSwitch.  The most  common  examples
247              of these are bridge ``local ports''.
248
249       2.     Saves the OpenFlow flows of each bridge.
250
251       3.     Stops the Open vSwitch daemons, as if by a call to ovs-ctl stop.
252
253       4.     Saves  the kernel configuration state of the OVS internal inter‐
254              faces listed in step 1, including  IP  and  IPv6  addresses  and
255              routing table entries.
256
257       5.     Unloads  the  Open  vSwitch  kernel module (including the bridge
258              compatibility module if it is loaded).
259
260       6.     Starts OVS back up, as if by a  call  to  ovs-ctl  start.   This
261              reloads  the kernel module, restarts the OVS daemons and finally
262              restores the saved OpenFlow flows.
263
264       7.     Restores the kernel configuration state that was saved  in  step
265              4.
266
267       8.     Checks  for  daemons  that may need to be restarted because they
268              have packet sockets that are listening on old instances of  Open
269              vSwitch kernel interfaces and, if it finds any, prints a warning
270              on stdout.  DHCP is a common example: if the ISC DHCP client  is
271              running  on  an  OVS internal interface, then it will have to be
272              restarted after completing the above procedure.   (It  would  be
273              nice  if  ovs-ctl  could  restart daemons automatically, but the
274              details are far too specific to a  particular  distribution  and
275              installation.)
276
277       force-kmod-reload internally stops and starts OVS, so it accepts all of
278       the  options  accepted  by   the   start   command   except   for   the
279       --no-ovs-vswitchd option.
280

The ``load-kmod'' command

282       The  load-kmod command loads the openvswitch kernel modules if they are
283       not already loaded. This operation also occurs as  part  of  the  start
284       command. The motivation for providing the load-kmod command is to allow
285       errors when loading modules to be handled separatetly from other errors
286       that may occur when running the start command.
287
288       By  default the load-kmod command attempts to load the openvswitch ker‐
289       nel module.
290

The ``enable-protocol'' command

292       The enable-protocol command checks for rules  related  to  a  specified
293       protocol  in  the  system's iptables(8) configuration.  If there are no
294       rules specifically related to that protocol, then it inserts a rule  to
295       accept the specified protocol.
296
297       More specifically:
298
299       ·      If  iptables  is not installed or not enabled, this command does
300              nothing, assuming that lack of filtering means that the protocol
301              is enabled.
302
303       ·      If  the INPUT chain has a rule that matches the specified proto‐
304              col, then this command does nothing, assuming that whatever rule
305              is installed reflects the system administrator's decisions.
306
307       ·      Otherwise,  this command installs a rule that accepts traffic of
308              the specified protocol.
309
310       This command normally completes successfully, even if it does  nothing.
311       Only  the  failure of an attempt to insert a rule normally causes it to
312       return an exit code other than 0.  The following  options  control  the
313       protocol to be enabled:
314
315       --protocol=protocol
316              The  name  of the IP protocol to be enabled, such as gre or tcp.
317              The default is gre.
318
319       --sport=sport
320       --dport=dport
321              TCP or UDP source or  destination  port  to  match.   These  are
322              optional and allowed only with --protocol=tcp or --protocol=udp.
323

The ``delete-transient-ports'' command

325       Deletes  all  ports  that  have the other_config:transient value set to
326       true.
327

The ``help'' command

329       Prints a usage message and exits successfully.
330

OPTIONS

332       In addition to the options listed for each command above, these options
333       control the behavior of several of ovs-ctl's commands.
334
335       By default, ovs-ctl will control the ovsdb-server, and the ovs-vswitchd
336       daemons. The following options restrict that control to exclude one  or
337       the other:
338
339       --no-ovsdb-server
340              Specifies  that  the  ovs-ctl  commands start, stop, and restart
341              should not modify the running status of ovsdb-server.
342
343       --no-ovs-vswitchd
344              Specifies that the ovs-ctl commands  start,  stop,  and  restart
345              should  not modify the running status of ovs-vswitchd.  It is an
346              error to include this option with the force-reload-kmod command.
347

EXIT STATUS

349       ovs-ctl exits with status 0 on success and  nonzero  on  failure.   The
350       start  command  is considered to succeed if OVS is already started; the
351       stop command is considered to succeed if OVS is already stopped.
352

ENVIRONMENT

354       The following environment variables affect ovs-ctl:
355
356       PATH   ovs-ctl does not hardcode the location of any  of  the  programs
357              that it runs.  ovs-ctl will add the sbindir and bindir that were
358              specified at configure time to PATH, if  they  are  not  already
359              present.
360
361       OVS_LOGDIR
362       OVS_RUNDIR
363       OVS_DBDIR
364       OVS_SYSCONFDIR
365       OVS_PKGDATADIR
366       OVS_BINDIR
367       OVS_SBINDIR
368              Setting  one of these variables in the environment overrides the
369              respective configure option, both for ovs-ctl itself and for the
370              other Open vSwitch programs that it runs.
371

FILES

373       ovs-ctl uses the following files:
374
375       ovs-lib
376              Shell  function  library used internally by ovs-ctl.  It must be
377              installed in the same directory as ovs-ctl.
378
379       logdir/daemon.log
380              Per-daemon logfiles.
381
382       rundir/daemon.pid
383              Per-daemon pidfiles to track whether a  daemon  is  running  and
384              with what process ID.
385
386       pkgdatadir/vswitch.ovsschema
387              The  OVS  database  schema  used to initialize the database (use
388              --db-schema to override this location).
389
390       dbdir/conf.db
391              The OVS database (use --db-file to override this location).
392
393       rundir/openvswitch/db.sock
394              The  Unix  domain  socket  used  for  local  communication  with
395              ovsdb-server (use --db-sock to override this location).
396
397       sysconfdir/openvswitch/system-id.conf
398              The  persistent system UUID created and read by --system-id=ran‐
399              dom.
400
401       sysconfdir/openvswitch/system-type.conf
402       sysconfdir/openvswitch/system-version.conf
403              The system-type  and system-version values stored in  the  data‐
404              base's  Open_vSwitch  table when not specified as a command-line
405              option.
406

EXAMPLE

408       The files debian/openvswitch-switch.init and xenserver/etc_init.d_open‐
409       vswitch  in  the  Open vSwitch source distribution are good examples of
410       how to use ovs-ctl.
411

SEE ALSO

413       README.rst, ovsdb-server(8), ovs-vswitchd(8).
414
415
416
417Open vSwitch                       June 2011                        ovs-ctl(8)
Impressum