1ovn-sbctl(8) Open vSwitch Manual ovn-sbctl(8)
2
6 ovn-sbctl - utility for querying and configuring OVN_Southbound data‐
7 base
8
10 ovn-sbctl [options] -- [options] command [args] [-- [options] command
11 [args]]...
12
14 The ovn-sbctl program configures the OVN_Southbound database by provid‐
15 ing a high-level interface to its configuration database. See
16 ovn-sb(5) for comprehensive documentation of the database schema.
17 ovn-sbctl connects to an ovsdb-server process that maintains an
19 OVN_Southbound configuration database. Using this connection, it
20 queries and possibly applies changes to the database, depending on the
21 supplied commands.
22 ovn-sbctl can perform any number of commands in a single run, imple‐
24 mented as a single atomic transaction against the database.
25 The ovn-sbctl command line begins with global options (see OPTIONS
27 below for details). The global options are followed by one or more
28 commands. Each command should begin with -- by itself as a command-
29 line argument, to separate it from the following commands. (The --
30 before the first command is optional.) The command itself starts with
31 command-specific options, if any, followed by the command name and any
32 arguments.
33
35 The following options affect the behavior of ovn-sbctl as a whole.
36 Some individual commands also accept their own options, which are given
37 just before the command name. If the first command on the command line
38 has options, then those options must be separated from the global
39 options by --.
40 --db=server
42 The OVSDB database remote to contact. If the OVN_SB_DB environ‐
43 ment variable is set, its value is used as the default. Other‐
44 wise, the default is unix:/var/run/openvswitch/ovnsb_db.sock,
45 but this default is unlikely to be useful outside of single-
46 machine OVN test environments.
47 server may be an OVSDB active or passive connection method, e.g.
49 ssl:192.168.10.5:6640, as described in ovsdb(7).
50 --leader-only
52 --no-leader-only
53 By default, or with --leader-only, when the database server is a
54 clustered database, ovn-sbctl will avoid servers other than the
55 cluster leader. This ensures that any data that ovn-sbctl reads
56 and reports is up-to-date. With --no-leader-only, ovn-sbctl
57 will use any server in the cluster, which means that for read-
58 only transactions it can report and act on stale data (transac‐
59 tions that modify the database are always serialized even with
60 --no-leader-only). Refer to Understanding Cluster Consistency
61 in ovsdb(7) for more information.
62 --no-syslog
64 By default, ovn-sbctl logs its arguments and the details of any
65 changes that it makes to the system log. This option disables
66 this logging.
67 This option is equivalent to --verbose=sbctl:syslog:warn.
69 --oneline
71 Modifies the output format so that the output for each command
72 is printed on a single line. New-line characters that would
73 otherwise separate lines are printed as \n, and any instances of
74 \ that would otherwise appear in the output are doubled. Prints
75 a blank line for each command that has no output. This option
76 does not affect the formatting of output from the list or find
77 commands; see Table Formatting Options below.
78 --dry-run
80 Prevents ovn-sbctl from actually modifying the database.
81 -t secs
83 --timeout=secs
84 By default, or with a secs of 0, ovn-sbctl waits forever for a
85 response from the database. This option limits runtime to
86 approximately secs seconds. If the timeout expires, ovn-sbctl
87 will exit with a SIGALRM signal. (A timeout would normally hap‐
88 pen only if the database cannot be contacted, or if the system
89 is overloaded.)
90 -v[spec]
92 --verbose=[spec]
93 Sets logging levels. Without any spec, sets the log level for
94 every module and destination to dbg. Otherwise, spec is a list
95 of words separated by spaces or commas or colons, up to one from
96 each category below:
97 · A valid module name, as displayed by the vlog/list com‐
99 mand on ovs-appctl(8), limits the log level change to the
100 specified module.
101 · syslog, console, or file, to limit the log level change
103 to only to the system log, to the console, or to a file,
104 respectively. (If --detach is specified, ovn-sbctl
105 closes its standard file descriptors, so logging to the
106 console will have no effect.)
107 On Windows platform, syslog is accepted as a word and is
109 only useful along with the --syslog-target option (the
110 word has no effect otherwise).
111 · off, emer, err, warn, info, or dbg, to control the log
113 level. Messages of the given severity or higher will be
114 logged, and messages of lower severity will be filtered
115 out. off filters out all messages. See ovs-appctl(8)
116 for a definition of each log level.
117 Case is not significant within spec.
119 Regardless of the log levels set for file, logging to a file
121 will not take place unless --log-file is also specified (see
122 below).
123 For compatibility with older versions of OVS, any is accepted as
125 a word but has no effect.
126 -v
128 --verbose
129 Sets the maximum logging verbosity level, equivalent to --ver‐
130 bose=dbg.
131 -vPATTERN:destination:pattern
133 --verbose=PATTERN:destination:pattern
134 Sets the log pattern for destination to pattern. Refer to
135 ovs-appctl(8) for a description of the valid syntax for pattern.
136 -vFACILITY:facility
138 --verbose=FACILITY:facility
139 Sets the RFC5424 facility of the log message. facility can be
140 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
141 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
142 local3, local4, local5, local6 or local7. If this option is not
143 specified, daemon is used as the default for the local system
144 syslog and local0 is used while sending a message to the target
145 provided via the --syslog-target option.
146 --log-file[=file]
148 Enables logging to a file. If file is specified, then it is
149 used as the exact name for the log file. The default log file
150 name used if file is omitted is /var/log/open‐
151 vswitch/ovn-sbctl.log.
152 --syslog-target=host:port
154 Send syslog messages to UDP port on host, in addition to the
155 system syslog. The host must be a numerical IP address, not a
156 hostname.
157 --syslog-method=method
159 Specify method how syslog messages should be sent to syslog dae‐
160 mon. Following forms are supported:
161 · libc, use libc syslog() function. Downside of using this
163 options is that libc adds fixed prefix to every message
164 before it is actually sent to the syslog daemon over
165 /dev/log UNIX domain socket.
166 · unix:file, use UNIX domain socket directly. It is possi‐
168 ble to specify arbitrary message format with this option.
169 However, rsyslogd 8.9 and older versions use hard coded
170 parser function anyway that limits UNIX domain socket
171 use. If you want to use arbitrary message format with
172 older rsyslogd versions, then use UDP socket to localhost
173 IP address instead.
174 · udp:ip:port, use UDP socket. With this method it is pos‐
176 sible to use arbitrary message format also with older
177 rsyslogd. When sending syslog messages over UDP socket
178 extra precaution needs to be taken into account, for
179 example, syslog daemon needs to be configured to listen
180 on the specified UDP port, accidental iptables rules
181 could be interfering with local syslog traffic and there
182 are some security considerations that apply to UDP sock‐
183 ets, but do not apply to UNIX domain sockets.
184 · null, discards all messages logged to syslog.
186 The default is taken from the OVS_SYSLOG_METHOD environment
188 variable; if it is unset, the default is libc.
189 -h
191 --help Prints a brief help message to the console.
192 -V
194 --version
195 Prints version information to the console.
196 Table Formatting Options
198 These options control the format of output from the list and find com‐
199 mands.
200 -f format
202 --format=format
203 Sets the type of table formatting. The following types of for‐
204 mat are available:
205 table 2-D text tables with aligned columns.
207 list (default)
209 A list with one column per line and rows separated by a
210 blank line.
211 html HTML tables.
213 csv Comma-separated values as defined in RFC 4180.
215 json JSON format as defined in RFC 4627. The output is a
217 sequence of JSON objects, each of which corresponds to
218 one table. Each JSON object has the following members
219 with the noted values:
220 caption
222 The table's caption. This member is omitted if
223 the table has no caption.
224 headings
226 An array with one element per table column. Each
227 array element is a string giving the corresponding
228 column's heading.
229 data An array with one element per table row. Each
231 element is also an array with one element per ta‐
232 ble column. The elements of this second-level
233 array are the cells that constitute the table.
234 Cells that represent OVSDB data or data types are
235 expressed in the format described in the OVSDB
236 specification; other cells are simply expressed as
237 text strings.
238 -d format
240 --data=format
241 Sets the formatting for cells within output tables unless the
242 table format is set to json, in which case json formatting is
243 always used when formatting cells. The following types of for‐
244 mat are available:
245 string (default)
247 The simple format described in the Database Values sec‐
248 tion of ovs-vsctl(8).
249 bare The simple format with punctuation stripped off: [] and
251 {} are omitted around sets, maps, and empty columns,
252 items within sets and maps are space-separated, and
253 strings are never quoted. This format may be easier for
254 scripts to parse.
255 json The RFC 4627 JSON format as described above.
257 --no-headings
259 This option suppresses the heading row that otherwise appears in
260 the first row of table output.
261 --pretty
263 By default, JSON in output is printed as compactly as possible.
264 This option causes JSON in output to be printed in a more read‐
265 able fashion. Members of objects and elements of arrays are
266 printed one per line, with indentation.
267 This option does not affect JSON in tables, which is always
269 printed compactly.
270 --bare Equivalent to --format=list --data=bare --no-headings.
272 --max-column-width=n
274 For table output only, limits the width of any column in the
275 output to n columns. Longer cell data is truncated to fit, as
276 necessary. Columns are always wide enough to display the column
277 names, if the heading row is printed.
278 Public Key Infrastructure Options
280 --bootstrap-ca-cert=cacert.pem
281 When cacert.pem exists, this option has the same effect as -C or
282 --ca-cert. If it does not exist, then ovn-sbctl will attempt to
283 obtain the CA certificate from the SSL peer on its first SSL
284 connection and save it to the named PEM file. If it is success‐
285 ful, it will immediately drop the connection and reconnect, and
286 from then on all SSL connections must be authenticated by a cer‐
287 tificate signed by the CA certificate thus obtained.
288 This option exposes the SSL connection to a man-in-the-middle
290 attack obtaining the initial CA certificate, but it may be use‐
291 ful for bootstrapping.
292 This option is only useful if the SSL peer sends its CA certifi‐
294 cate as part of the SSL certificate chain. The SSL protocol
295 does not require the server to send the CA certificate.
296 This option is mutually exclusive with -C and --ca-cert.
298 -p privkey.pem
300 --private-key=privkey.pem
301 Specifies a PEM file containing the private key used as
302 ovn-sbctl's identity for outgoing SSL connections.
303 -c cert.pem
305 --certificate=cert.pem
306 Specifies a PEM file containing a certificate that certifies the
307 private key specified on -p or --private-key to be trustworthy.
308 The certificate must be signed by the certificate authority (CA)
309 that the peer in SSL connections will use to verify it.
310 -C cacert.pem
312 --ca-cert=cacert.pem
313 Specifies a PEM file containing the CA certificate that
314 ovn-sbctl should use to verify certificates presented to it by
315 SSL peers. (This may be the same certificate that SSL peers use
316 to verify the certificate specified on -c or --certificate, or
317 it may be a different one, depending on the PKI design in use.)
318 -C none
320 --ca-cert=none
321 Disables verification of certificates presented by SSL peers.
322 This introduces a security risk, because it means that certifi‐
323 cates cannot be verified to be those of known trusted hosts.
324
326 The commands implemented by ovn-sbctl are described in the sections
327 below.
328 OVN_Southbound Commands
330 These commands work with an OVN_Southbound database as a whole.
331 init Initializes the database, if it is empty. If the database has
333 already been initialized, this command has no effect.
334 show Prints a brief overview of the database contents.
336 Chassis Commands
338 These commands manipulate OVN_Southbound chassis.
339 [--may-exist] chassis-add chassis encap-type encap-ip
341 Creates a new chassis named chassis. encap-type is a comma-sep‐
342 arated list of tunnel types. The chassis will have one encap
343 entry for each specified tunnel type with encap-ip as the desti‐
344 nation IP for each.
345 Without --may-exist, attempting to create a chassis that exists
347 is an error. With --may-exist, this command does nothing if
348 chassis already exists.
349 [--if-exists] chassis-del chassis
351 Deletes chassis and its encaps and gateway_ports.
352 Without --if-exists, attempting to delete a chassis that does
354 not exist is an error. With --if-exists, attempting to delete a
355 chassis that does not exist has no effect.
356 Port binding Commands
358 These commands manipulate OVN_Southbound port bindings.
359 [--may-exist] lsp-bind logical-port chassis
361 Binds the logical port named logical-port to chassis.
362 Without --may-exist, attempting to bind a logical port that has
364 already been bound is an error. With --may-exist, this command
365 does nothing if logical-port has already been bound to a chas‐
366 sis.
367 [--if-exists] lsp-unbind logical-port
369 Resets the binding of logical-port to NULL.
370 Without --if-exists, attempting to unbind a logical port that is
372 not bound is an error. With --if-exists, attempting to unbind
373 logical port that is not bound has no effect.
374 Logical Flow Commands
376 [--uuid] [--ovs[=remote]] [--stats] lflow-list [logical-datapath]
377 [lflow...]
378 List logical flows. If logical-datapath is specified, only list
379 flows for that logical datapath. The logical-datapath may be
380 given as a UUID or as a datapath name (reporting an error if
381 multiple datapaths have the same name).
382 If at least one lflow is given, only matching logical flows, if
384 any, are listed. Each lflow may be specified as a UUID or the
385 first few characters of a UUID, optionally prefixed by 0x.
386 (Because ovn-controller sets OpenFlow flow cookies to the first
387 32 bits of the corresponding logical flow's UUID, this makes it
388 easy to look up the logical flow that generated a particular
389 OpenFlow flow.)
390 If --uuid is specified, the output includes the first 32 bits of
392 each logical flow's UUID. This makes it easier to find the
393 OpenFlow flows that correspond to a given logical flow.
394 If --ovs is included, ovn-sbctl attempts to obtain and display
396 the OpenFlow flows that correspond to each OVN logical flow. To
397 do so, ovn-sbctl connects to remote (by default,
398 unix:/var/run/openvswitch/br-int.mgmt) over OpenFlow and
399 retrieves the flows. If remote is specified, it must be an
400 active OpenFlow connection method described in ovsdb(7). Please
401 see the discussion of the similar --ovs option in ovn-trace(8)
402 for more information about the OpenFlow flow output.
403 By default, OpenFlow flow output includes only match and
405 actions. Add --stats to include all OpenFlow information, such
406 as packet and byte counters, duration, and timeouts.
407 [--uuid] dump-flows [logical-datapath]
409 Alias for lflow-list.
410 Remote Connectivity Commands
412 These commands manipulate the connections column in the SB_Global table
413 and rows in the Connection table. When ovsdb-server is configured to
414 use the connections column for OVSDB connections, this allows the
415 administrator to use ovn-sbctl to configure database connections.
416 get-connection
418 Prints the configured connection(s).
419 del-connection
421 Deletes the configured connection(s).
422 set-connection [access-specifier] target...
424 Sets the configured manager target or targets. Each target may
425 may be an OVSDB active or passive connection method, e.g.
426 pssl:6640, as described in ovsdb(7), optionally preceded by an
427 optional access-specifier (read-only or read-write). If pro‐
428 vided, the effect of the access specifier persists for subse‐
429 quent targets until changed by another access specifier.
430 SSL Configuration
432 When ovsdb-server is configured to connect using SSL, the following
433 parameters are required:
434 private-key
436 Specifies a PEM file containing the private key used for SSL
437 connections.
438 certificate
440 Specifies a PEM file containing a certificate, signed by the
441 certificate authority (CA) used by the connection peers, that
442 certifies the private key, identifying a trustworthy peer.
443 ca-cert
445 Specifies a PEM file containing the CA certificate used to ver‐
446 ify that the connection peers are trustworthy.
447 These SSL settings apply to all SSL connections made by the southbound
449 database server.
450 get-ssl
452 Prints the SSL configuration.
453 del-ssl
455 Deletes the current SSL configuration.
456 [--bootstrap] set-ssl private-key certificate ca-cert [ssl-protocol-
458 list [ssl-cipher-list]]
459 Sets the SSL configuration. The --bootstrap option is described
460 below.
461 CA Certificate Bootstrap
463 Ordinarily, all of the files named in the SSL configuration must exist
465 before SSL connectivity can be used. However, if the ca-cert file does
466 not exist and the --bootstrap option is given, then ovsdb-server will
467 attempt to obtain the CA certificate from the target on its first SSL
468 connection and save it to the named PEM file. If it is successful, it
469 will immediately drop the connection and reconnect, and from then on
470 all SSL connections must be authenticated by a certificate signed by
471 the CA certificate thus obtained.
472 This option exposes the SSL connection to a man-in-the-middle attack
474 obtaining the initial CA certificate, but it may be useful for boot‐
475 strapping.
476 This option is only useful if the SSL peer sends its CA certificate as
478 part of the SSL certificate chain. The SSL protocol does not require
479 the controller to send the CA certificate.
480 Database Commands
482 These commands query and modify the contents of ovsdb tables. They are
483 a slight abstraction of the ovsdb interface and as such they operate at
484 a lower level than other ovs-sbctl commands.
485 Identifying Tables, Records, and Columns
487 Each of these commands has a table parameter to identify a table within
489 the database. Many of them also take a record parameter that identi‐
490 fies a particular record within a table. The record parameter may be
491 the UUID for a record, and many tables offer additional ways to iden‐
492 tify records. Some commands also take column parameters that identify
493 a particular field within the records in a table.
494 For a list of tables and their columns, see ovn-sb(5) or see the table
496 listing from the --help option.
497 Record names must be specified in full and with correct capitalization,
499 except that UUIDs may be abbreviated to their first 4 (or more) hex
500 digits, as long as that is unique within the table. Names of tables
501 and columns are not case-sensitive, and - and _ are treated inter‐
502 changeably. Unique abbreviations of table and column names are accept‐
503 able, e.g. addr or a is sufficient to identify the Address_Set table.
504 Database Values
506 Each column in the database accepts a fixed type of data. The cur‐
508 rently defined basic types, and their representations, are:
509 integer
511 A decimal integer in the range -2**63 to 2**63-1, inclusive.
512 real A floating-point number.
514 Boolean
516 True or false, written true or false, respectively.
517 string An arbitrary Unicode string, except that null bytes are not
519 allowed. Quotes are optional for most strings that begin with
520 an English letter or underscore and consist only of letters,
521 underscores, hyphens, and periods. However, true and false and
522 strings that match the syntax of UUIDs (see below) must be
523 enclosed in double quotes to distinguish them from other basic
524 types. When double quotes are used, the syntax is that of
525 strings in JSON, e.g. backslashes may be used to escape special
526 characters. The empty string must be represented as a pair of
527 double quotes ("").
528 UUID Either a universally unique identifier in the style of RFC 4122,
530 e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an @name defined
531 by a get or create command within the same ovn-sbctl invocation.
532 Multiple values in a single column may be separated by spaces or a sin‐
534 gle comma. When multiple values are present, duplicates are not
535 allowed, and order is not important. Conversely, some database columns
536 can have an empty set of values, represented as [], and square brackets
537 may optionally enclose other non-empty sets or single values as well.
538 For a column accepting a set of integers, database commands accept a
539 range. A range is represented by two integers separated by -. A range
540 is inclusive. A range has a maximum size of 4096 elements. If more ele‐
541 ments are needed, they can be specified in seperate ranges.
542 A few database columns are ``maps'' of key-value pairs, where the key
544 and the value are each some fixed database type. These are specified
545 in the form key=value, where key and value follow the syntax for the
546 column's key type and value type, respectively. When multiple pairs
547 are present (separated by spaces or a comma), duplicate keys are not
548 allowed, and again the order is not important. Duplicate values are
549 allowed. An empty map is represented as {}. Curly braces may option‐
550 ally enclose non-empty maps as well (but use quotes to prevent the
551 shell from expanding other-config={0=x,1=y} into other-config=0=x
552 other-config=1=y, which may not have the desired effect).
553 Database Command Syntax
555 [--if-exists] [--columns=column[,column]...] list table [record]...
557 Lists the data in each specified record. If no records are
558 specified, lists all the records in table.
559 If --columns is specified, only the requested columns are
561 listed, in the specified order. Otherwise, all columns are
562 listed, in alphabetical order by column name.
563 Without --if-exists, it is an error if any specified record does
565 not exist. With --if-exists, the command ignores any record
566 that does not exist, without producing any output.
567 [--columns=column[,column]...] find table [column[:key]=value]...
569 Lists the data in each record in table whose column equals value
570 or, if key is specified, whose column contains a key with the
571 specified value. The following operators may be used where = is
572 written in the syntax summary:
573 = != < > <= >=
575 Selects records in which column[:key] equals, does not
576 equal, is less than, is greater than, is less than or
577 equal to, or is greater than or equal to value, respec‐
578 tively.
579 Consider column[:key] and value as sets of elements.
581 Identical sets are considered equal. Otherwise, if the
582 sets have different numbers of elements, then the set
583 with more elements is considered to be larger. Other‐
584 wise, consider a element from each set pairwise, in
585 increasing order within each set. The first pair that
586 differs determines the result. (For a column that con‐
587 tains key-value pairs, first all the keys are compared,
588 and values are considered only if the two sets contain
589 identical keys.)
590 {=} {!=}
592 Test for set equality or inequality, respectively.
593 {<=} Selects records in which column[:key] is a subset of
595 value. For example, flood-vlans{<=}1,2 selects records
596 in which the flood-vlans column is the empty set or con‐
597 tains 1 or 2 or both.
598 {<} Selects records in which column[:key] is a proper subset
600 of value. For example, flood-vlans{<}1,2 selects records
601 in which the flood-vlans column is the empty set or con‐
602 tains 1 or 2 but not both.
603 {>=} {>}
605 Same as {<=} and {<}, respectively, except that the rela‐
606 tionship is reversed. For example, flood-vlans{>=}1,2
607 selects records in which the flood-vlans column contains
608 both 1 and 2.
609 For arithmetic operators (= != < > <= >=), when key is specified
611 but a particular record's column does not contain key, the
612 record is always omitted from the results. Thus, the condition
613 other-config:mtu!=1500 matches records that have a mtu key whose
614 value is not 1500, but not those that lack an mtu key.
615 For the set operators, when key is specified but a particular
617 record's column does not contain key, the comparison is done
618 against an empty set. Thus, the condition other-con‐
619 fig:mtu{!=}1500 matches records that have a mtu key whose value
620 is not 1500 and those that lack an mtu key.
621 Don't forget to escape < or > from interpretation by the shell.
623 If --columns is specified, only the requested columns are
625 listed, in the specified order. Otherwise all columns are
626 listed, in alphabetical order by column name.
627 The UUIDs shown for rows created in the same ovn-sbctl invoca‐
629 tion will be wrong.
630 [--if-exists] [--id=@name] get table record [column[:key]]...
632 Prints the value of each specified column in the given record in
633 table. For map columns, a key may optionally be specified, in
634 which case the value associated with key in the column is
635 printed, instead of the entire map.
636 Without --if-exists, it is an error if record does not exist or
638 key is specified, if key does not exist in record. With
639 --if-exists, a missing record yields no output and a missing key
640 prints a blank line.
641 If @name is specified, then the UUID for record may be referred
643 to by that name later in the same ovn-sbctl invocation in con‐
644 texts where a UUID is expected.
645 Both --id and the column arguments are optional, but usually at
647 least one or the other should be specified. If both are omit‐
648 ted, then get has no effect except to verify that record exists
649 in table.
650 --id and --if-exists cannot be used together.
652 [--if-exists] set table record column[:key]=value...
654 Sets the value of each specified column in the given record in
655 table to value. For map columns, a key may optionally be speci‐
656 fied, in which case the value associated with key in that column
657 is changed (or added, if none exists), instead of the entire
658 map.
659 Without --if-exists, it is an error if record does not exist.
661 With --if-exists, this command does nothing if record does not
662 exist.
663 [--if-exists] add table record column [key=]value...
665 Adds the specified value or key-value pair to column in record
666 in table. If column is a map, then key is required, otherwise
667 it is prohibited. If key already exists in a map column, then
668 the current value is not replaced (use the set command to
669 replace an existing value).
670 Without --if-exists, it is an error if record does not exist.
672 With --if-exists, this command does nothing if record does not
673 exist.
674 [--if-exists] remove table record column value...
676 [--if-exists] remove table record column key...
677 [--if-exists] remove table record column key=value...
678 Removes the specified values or key-value pairs from column in
679 record in table. The first form applies to columns that are not
680 maps: each specified value is removed from the column. The sec‐
681 ond and third forms apply to map columns: if only a key is spec‐
682 ified, then any key-value pair with the given key is removed,
683 regardless of its value; if a value is given then a pair is
684 removed only if both key and value match.
685 It is not an error if the column does not contain the specified
687 key or value or pair.
688 Without --if-exists, it is an error if record does not exist.
690 With --if-exists, this command does nothing if record does not
691 exist.
692 [--if-exists] clear table record column...
694 Sets each column in record in table to the empty set or empty
695 map, as appropriate. This command applies only to columns that
696 are allowed to be empty.
697 Without --if-exists, it is an error if record does not exist.
699 With --if-exists, this command does nothing if record does not
700 exist.
701 [--id=@name] create table column[:key]=value...
703 Creates a new record in table and sets the initial values of
704 each column. Columns not explicitly set will receive their
705 default values. Outputs the UUID of the new row.
706 If @name is specified, then the UUID for the new row may be
708 referred to by that name elsewhere in the same ovn-sbctl invoca‐
709 tion in contexts where a UUID is expected. Such references may
710 precede or follow the create command.
711 Caution (ovs-vsctl as example)
713 Records in the Open vSwitch database are significant only
714 when they can be reached directly or indirectly from the
715 Open_vSwitch table. Except for records in the QoS or
716 Queue tables, records that are not reachable from the
717 Open_vSwitch table are automatically deleted from the
718 database. This deletion happens immediately, without
719 waiting for additional ovs-vsctl commands or other data‐
720 base activity. Thus, a create command must generally be
721 accompanied by additional commands within the same
722 ovs-vsctl invocation to add a chain of references to the
723 newly created record from the top-level Open_vSwitch
724 record. The EXAMPLES section gives some examples that
725 show how to do this.
726 [--if-exists] destroy table record...
728 Deletes each specified record from table. Unless --if-exists is
729 specified, each records must exist.
730 --all destroy table
732 Deletes all records from the table.
733 Caution (ovs-vsctl as example)
735 The destroy command is only useful for records in the QoS
736 or Queue tables. Records in other tables are automati‐
737 cally deleted from the database when they become unreach‐
738 able from the Open_vSwitch table. This means that delet‐
739 ing the last reference to a record is sufficient for
740 deleting the record itself. For records in these tables,
741 destroy is silently ignored. See the EXAMPLES section
742 below for more information.
743 wait-until table record [column[:key]=value]...
745 Waits until table contains a record named record whose column
746 equals value or, if key is specified, whose column contains a
747 key with the specified value. Any of the operators !=, <, >,
748 <=, or >= may be substituted for = to test for inequality, less
749 than, greater than, less than or equal to, or greater than or
750 equal to, respectively. (Don't forget to escape < or > from
751 interpretation by the shell.)
752 If no column[:key]=value arguments are given, this command waits
754 only until record exists. If more than one such argument is
755 given, the command waits until all of them are satisfied.
756 Caution (ovs-vsctl as example)
758 Usually wait-until should be placed at the beginning of a
759 set of ovs-vsctl commands. For example, wait-until
760 bridge br0 -- get bridge br0 datapath_id waits until a
761 bridge named br0 is created, then prints its datapath_id
762 column, whereas get bridge br0 datapath_id -- wait-until
763 bridge br0 will abort if no bridge named br0 exists when
764 ovs-vsctl initially connects to the database.
765 Consider specifying --timeout=0 along with --wait-until, to pre‐
767 vent ovn-sbctl from terminating after waiting only at most 5
768 seconds.
769 comment [arg]...
771 This command has no effect on behavior, but any database log
772 record created by the command will include the command and its
773 arguments.
774
776 0 Successful program execution.
777 1 Usage, syntax, or configuration file error.
779
781 ovn-sb(5).
782Open vSwitch 2.11.1 ovn-sbctl(8)