1ovn-sbctl(8) OVN Manual ovn-sbctl(8)
2
3
4
6 ovn-sbctl - utility for querying and configuring OVN_Southbound data‐
7 base
8
10 ovn-sbctl [options] -- [options] command [args] [-- [options] command
11 [args]]...
12
14 The ovn-sbctl program configures the OVN_Southbound database by provid‐
15 ing a high-level interface to its configuration database. See
16 ovn-sb(5) for comprehensive documentation of the database schema.
17
18 ovn-sbctl connects to an ovsdb-server process that maintains an
19 OVN_Southbound configuration database. Using this connection, it
20 queries and possibly applies changes to the database, depending on the
21 supplied commands.
22
23 ovn-sbctl can perform any number of commands in a single run, imple‐
24 mented as a single atomic transaction against the database.
25
26 The ovn-sbctl command line begins with global options (see OPTIONS
27 below for details). The global options are followed by one or more
28 commands. Each command should begin with -- by itself as a command-
29 line argument, to separate it from the following commands. (The --
30 before the first command is optional.) The command itself starts with
31 command-specific options, if any, followed by the command name and any
32 arguments.
33
35 The following options affect the behavior of ovn-sbctl as a whole.
36 Some individual commands also accept their own options, which are given
37 just before the command name. If the first command on the command line
38 has options, then those options must be separated from the global
39 options by --.
40
41 --db=server
42 The OVSDB database remote to contact. If the OVN_SB_DB environ‐
43 ment variable is set, its value is used as the default. Other‐
44 wise, the default is unix:@RUNDIR@/ovnsb_db.sock, but this
45 default is unlikely to be useful outside of single-machine OVN
46 test environments.
47
48 server may be an OVSDB active or passive connection method, e.g.
49 ssl:192.168.10.5:6640, as described in ovsdb(7).
50
51 --leader-only
52 --no-leader-only
53 By default, or with --leader-only, when the database server is a
54 clustered database, ovn-sbctl will avoid servers other than the
55 cluster leader. This ensures that any data that ovn-sbctl reads
56 and reports is up-to-date. With --no-leader-only, ovn-sbctl
57 will use any server in the cluster, which means that for read-
58 only transactions it can report and act on stale data (transac‐
59 tions that modify the database are always serialized even with
60 --no-leader-only). Refer to Understanding Cluster Consistency
61 in ovsdb(7) for more information.
62
63 --no-syslog
64 By default, ovn-sbctl logs its arguments and the details of any
65 changes that it makes to the system log. This option disables
66 this logging.
67
68 This option is equivalent to --verbose=sbctl:syslog:warn.
69
70 --oneline
71 Modifies the output format so that the output for each command
72 is printed on a single line. New-line characters that would
73 otherwise separate lines are printed as \n, and any instances of
74 \ that would otherwise appear in the output are doubled. Prints
75 a blank line for each command that has no output. This option
76 does not affect the formatting of output from the list or find
77 commands; see Table Formatting Options below.
78
79 --dry-run
80 Prevents ovn-sbctl from actually modifying the database.
81
82 -t secs
83 --timeout=secs
84 By default, or with a secs of 0, ovn-sbctl waits forever for a
85 response from the database. This option limits runtime to
86 approximately secs seconds. If the timeout expires, ovn-sbctl
87 will exit with a SIGALRM signal. (A timeout would normally hap‐
88 pen only if the database cannot be contacted, or if the system
89 is overloaded.)
90
91 OVN_SBCTL_OPTIONS
92 User can set one or more options using OVN_SBCTL_OPTIONS envi‐
93 ronment variable. Under the Bourne shell this might be done like
94 this: export OVN_SBCTL_OPTIONS"="--db=unix:sb1.ovsdb --no-
95 leader-only". However user can still over-ride environment
96 options by passing different options in cli. When the environ‐
97 ment variable is no longer needed, unset it, e.g.: unset
98 OVN_SBCTL_OPTIONS"
99
100 -v[spec]
101 --verbose=[spec]
102 Sets logging levels. Without any spec, sets the log level for
103 every module and destination to dbg. Otherwise, spec is a list
104 of words separated by spaces or commas or colons, up to one from
105 each category below:
106
107 · A valid module name, as displayed by the vlog/list com‐
108 mand on ovs-appctl(8), limits the log level change to the
109 specified module.
110
111 · syslog, console, or file, to limit the log level change
112 to only to the system log, to the console, or to a file,
113 respectively. (If --detach is specified, ovn-sbctl
114 closes its standard file descriptors, so logging to the
115 console will have no effect.)
116
117 On Windows platform, syslog is accepted as a word and is
118 only useful along with the --syslog-target option (the
119 word has no effect otherwise).
120
121 · off, emer, err, warn, info, or dbg, to control the log
122 level. Messages of the given severity or higher will be
123 logged, and messages of lower severity will be filtered
124 out. off filters out all messages. See ovs-appctl(8)
125 for a definition of each log level.
126
127 Case is not significant within spec.
128
129 Regardless of the log levels set for file, logging to a file
130 will not take place unless --log-file is also specified (see
131 below).
132
133 For compatibility with older versions of OVS, any is accepted as
134 a word but has no effect.
135
136 -v
137 --verbose
138 Sets the maximum logging verbosity level, equivalent to --ver‐
139 bose=dbg.
140
141 -vPATTERN:destination:pattern
142 --verbose=PATTERN:destination:pattern
143 Sets the log pattern for destination to pattern. Refer to
144 ovs-appctl(8) for a description of the valid syntax for pattern.
145
146 -vFACILITY:facility
147 --verbose=FACILITY:facility
148 Sets the RFC5424 facility of the log message. facility can be
149 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
150 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
151 local3, local4, local5, local6 or local7. If this option is not
152 specified, daemon is used as the default for the local system
153 syslog and local0 is used while sending a message to the target
154 provided via the --syslog-target option.
155
156 --log-file[=file]
157 Enables logging to a file. If file is specified, then it is
158 used as the exact name for the log file. The default log file
159 name used if file is omitted is /var/log/ovn/ovn-sbctl.log.
160
161 --syslog-target=host:port
162 Send syslog messages to UDP port on host, in addition to the
163 system syslog. The host must be a numerical IP address, not a
164 hostname.
165
166 --syslog-method=method
167 Specify method how syslog messages should be sent to syslog dae‐
168 mon. Following forms are supported:
169
170 · libc, use libc syslog() function. Downside of using this
171 options is that libc adds fixed prefix to every message
172 before it is actually sent to the syslog daemon over
173 /dev/log UNIX domain socket.
174
175 · unix:file, use UNIX domain socket directly. It is possi‐
176 ble to specify arbitrary message format with this option.
177 However, rsyslogd 8.9 and older versions use hard coded
178 parser function anyway that limits UNIX domain socket
179 use. If you want to use arbitrary message format with
180 older rsyslogd versions, then use UDP socket to localhost
181 IP address instead.
182
183 · udp:ip:port, use UDP socket. With this method it is pos‐
184 sible to use arbitrary message format also with older
185 rsyslogd. When sending syslog messages over UDP socket
186 extra precaution needs to be taken into account, for
187 example, syslog daemon needs to be configured to listen
188 on the specified UDP port, accidental iptables rules
189 could be interfering with local syslog traffic and there
190 are some security considerations that apply to UDP sock‐
191 ets, but do not apply to UNIX domain sockets.
192
193 · null, discards all messages logged to syslog.
194
195 The default is taken from the OVS_SYSLOG_METHOD environment
196 variable; if it is unset, the default is libc.
197
198 -h
199 --help Prints a brief help message to the console.
200
201 -V
202 --version
203 Prints version information to the console.
204
205 Table Formatting Options
206 These options control the format of output from the list and find com‐
207 mands.
208
209 -f format
210 --format=format
211 Sets the type of table formatting. The following types of for‐
212 mat are available:
213
214 table 2-D text tables with aligned columns.
215
216 list (default)
217 A list with one column per line and rows separated by a
218 blank line.
219
220 html HTML tables.
221
222 csv Comma-separated values as defined in RFC 4180.
223
224 json JSON format as defined in RFC 4627. The output is a
225 sequence of JSON objects, each of which corresponds to
226 one table. Each JSON object has the following members
227 with the noted values:
228
229 caption
230 The table's caption. This member is omitted if
231 the table has no caption.
232
233 headings
234 An array with one element per table column. Each
235 array element is a string giving the corresponding
236 column's heading.
237
238 data An array with one element per table row. Each
239 element is also an array with one element per ta‐
240 ble column. The elements of this second-level
241 array are the cells that constitute the table.
242 Cells that represent OVSDB data or data types are
243 expressed in the format described in the OVSDB
244 specification; other cells are simply expressed as
245 text strings.
246
247 -d format
248 --data=format
249 Sets the formatting for cells within output tables unless the
250 table format is set to json, in which case json formatting is
251 always used when formatting cells. The following types of for‐
252 mat are available:
253
254 string (default)
255 The simple format described in the Database Values sec‐
256 tion of ovs-vsctl(8).
257
258 bare The simple format with punctuation stripped off: [] and
259 {} are omitted around sets, maps, and empty columns,
260 items within sets and maps are space-separated, and
261 strings are never quoted. This format may be easier for
262 scripts to parse.
263
264 json The RFC 4627 JSON format as described above.
265
266 --no-headings
267 This option suppresses the heading row that otherwise appears in
268 the first row of table output.
269
270 --pretty
271 By default, JSON in output is printed as compactly as possible.
272 This option causes JSON in output to be printed in a more read‐
273 able fashion. Members of objects and elements of arrays are
274 printed one per line, with indentation.
275
276 This option does not affect JSON in tables, which is always
277 printed compactly.
278
279 --bare Equivalent to --format=list --data=bare --no-headings.
280
281 --max-column-width=n
282 For table output only, limits the width of any column in the
283 output to n columns. Longer cell data is truncated to fit, as
284 necessary. Columns are always wide enough to display the column
285 names, if the heading row is printed.
286
287 Public Key Infrastructure Options
288 --bootstrap-ca-cert=cacert.pem
289 When cacert.pem exists, this option has the same effect as -C or
290 --ca-cert. If it does not exist, then ovn-sbctl will attempt to
291 obtain the CA certificate from the SSL peer on its first SSL
292 connection and save it to the named PEM file. If it is success‐
293 ful, it will immediately drop the connection and reconnect, and
294 from then on all SSL connections must be authenticated by a cer‐
295 tificate signed by the CA certificate thus obtained.
296
297 This option exposes the SSL connection to a man-in-the-middle
298 attack obtaining the initial CA certificate, but it may be use‐
299 ful for bootstrapping.
300
301 This option is only useful if the SSL peer sends its CA certifi‐
302 cate as part of the SSL certificate chain. The SSL protocol
303 does not require the server to send the CA certificate.
304
305 This option is mutually exclusive with -C and --ca-cert.
306
307 -p privkey.pem
308 --private-key=privkey.pem
309 Specifies a PEM file containing the private key used as
310 ovn-sbctl's identity for outgoing SSL connections.
311
312 -c cert.pem
313 --certificate=cert.pem
314 Specifies a PEM file containing a certificate that certifies the
315 private key specified on -p or --private-key to be trustworthy.
316 The certificate must be signed by the certificate authority (CA)
317 that the peer in SSL connections will use to verify it.
318
319 -C cacert.pem
320 --ca-cert=cacert.pem
321 Specifies a PEM file containing the CA certificate that
322 ovn-sbctl should use to verify certificates presented to it by
323 SSL peers. (This may be the same certificate that SSL peers use
324 to verify the certificate specified on -c or --certificate, or
325 it may be a different one, depending on the PKI design in use.)
326
327 -C none
328 --ca-cert=none
329 Disables verification of certificates presented by SSL peers.
330 This introduces a security risk, because it means that certifi‐
331 cates cannot be verified to be those of known trusted hosts.
332
334 The commands implemented by ovn-sbctl are described in the sections
335 below.
336
337 OVN_Southbound Commands
338 These commands work with an OVN_Southbound database as a whole.
339
340 init Initializes the database, if it is empty. If the database has
341 already been initialized, this command has no effect.
342
343 show Prints a brief overview of the database contents.
344
345 Chassis Commands
346 These commands manipulate OVN_Southbound chassis.
347
348 [--may-exist] chassis-add chassis encap-type encap-ip
349 Creates a new chassis named chassis. encap-type is a comma-sep‐
350 arated list of tunnel types. The chassis will have one encap
351 entry for each specified tunnel type with encap-ip as the desti‐
352 nation IP for each.
353
354 Without --may-exist, attempting to create a chassis that exists
355 is an error. With --may-exist, this command does nothing if
356 chassis already exists.
357
358 [--if-exists] chassis-del chassis
359 Deletes chassis and its encaps and gateway_ports.
360
361 Without --if-exists, attempting to delete a chassis that does
362 not exist is an error. With --if-exists, attempting to delete a
363 chassis that does not exist has no effect.
364
365 Port binding Commands
366 These commands manipulate OVN_Southbound port bindings.
367
368 [--may-exist] lsp-bind logical-port chassis
369 Binds the logical port named logical-port to chassis.
370
371 Without --may-exist, attempting to bind a logical port that has
372 already been bound is an error. With --may-exist, this command
373 does nothing if logical-port has already been bound to a chas‐
374 sis.
375
376 [--if-exists] lsp-unbind logical-port
377 Resets the binding of logical-port to NULL.
378
379 Without --if-exists, attempting to unbind a logical port that is
380 not bound is an error. With --if-exists, attempting to unbind
381 logical port that is not bound has no effect.
382
383 Logical Flow Commands
384 [--uuid] [--ovs[=remote]] [--stats] [--vflows] lflow-list [logical-
385 datapath] [lflow...]
386 List logical flows. If logical-datapath is specified, only list
387 flows for that logical datapath. The logical-datapath may be
388 given as a UUID or as a datapath name (reporting an error if
389 multiple datapaths have the same name).
390
391 If at least one lflow is given, only matching logical flows, if
392 any, are listed. Each lflow may be specified as a UUID or the
393 first few characters of a UUID, optionally prefixed by 0x.
394 (Because ovn-controller sets OpenFlow flow cookies to the first
395 32 bits of the corresponding logical flow's UUID, this makes it
396 easy to look up the logical flow that generated a particular
397 OpenFlow flow.)
398
399 If --uuid is specified, the output includes the first 32 bits of
400 each logical flow's UUID. This makes it easier to find the
401 OpenFlow flows that correspond to a given logical flow.
402
403 If --ovs is included, ovn-sbctl attempts to obtain and display
404 the OpenFlow flows that correspond to each OVN logical flow. To
405 do so, ovn-sbctl connects to remote (by default,
406 unix:@RUNDIR@/br-int.mgmt) over OpenFlow and retrieves the
407 flows. If remote is specified, it must be an active OpenFlow
408 connection method described in ovsdb(7). Please see the discus‐
409 sion of the similar --ovs option in ovn-trace(8) for more infor‐
410 mation about the OpenFlow flow output.
411
412 By default, OpenFlow flow output includes only match and
413 actions. Add --stats to include all OpenFlow information, such
414 as packet and byte counters, duration, and timeouts.
415
416 If --vflows is included, other southbound database records
417 directly used for generating OpenFlow flows are also listed.
418 This includes: port-bindings, mac-bindings, multicast-groups,
419 chassis. The --ovs and --stats can also be used in conjunction
420 with --vflows.
421
422 [--uuid] dump-flows [logical-datapath]
423 Alias for lflow-list.
424
425 Remote Connectivity Commands
426 These commands manipulate the connections column in the SB_Global table
427 and rows in the Connection table. When ovsdb-server is configured to
428 use the connections column for OVSDB connections, this allows the
429 administrator to use ovn-sbctl to configure database connections.
430
431 get-connection
432 Prints the configured connection(s).
433
434 del-connection
435 Deletes the configured connection(s).
436
437 set-connection [access-specifier] target...
438 Sets the configured manager target or targets. Each target may
439 may be an OVSDB active or passive connection method, e.g.
440 pssl:6640, as described in ovsdb(7), optionally preceded by an
441 optional access-specifier (read-only or read-write). If pro‐
442 vided, the effect of the access specifier persists for subse‐
443 quent targets until changed by another access specifier.
444
445 SSL Configuration
446 When ovsdb-server is configured to connect using SSL, the following
447 parameters are required:
448
449 private-key
450 Specifies a PEM file containing the private key used for SSL
451 connections.
452
453 certificate
454 Specifies a PEM file containing a certificate, signed by the
455 certificate authority (CA) used by the connection peers, that
456 certifies the private key, identifying a trustworthy peer.
457
458 ca-cert
459 Specifies a PEM file containing the CA certificate used to ver‐
460 ify that the connection peers are trustworthy.
461
462 These SSL settings apply to all SSL connections made by the southbound
463 database server.
464
465 get-ssl
466 Prints the SSL configuration.
467
468 del-ssl
469 Deletes the current SSL configuration.
470
471 [--bootstrap] set-ssl private-key certificate ca-cert [ssl-protocol-
472 list [ssl-cipher-list]]
473 Sets the SSL configuration. The --bootstrap option is described
474 below.
475
476 CA Certificate Bootstrap
477
478 Ordinarily, all of the files named in the SSL configuration must exist
479 before SSL connectivity can be used. However, if the ca-cert file does
480 not exist and the --bootstrap option is given, then ovsdb-server will
481 attempt to obtain the CA certificate from the target on its first SSL
482 connection and save it to the named PEM file. If it is successful, it
483 will immediately drop the connection and reconnect, and from then on
484 all SSL connections must be authenticated by a certificate signed by
485 the CA certificate thus obtained.
486
487 This option exposes the SSL connection to a man-in-the-middle attack
488 obtaining the initial CA certificate, but it may be useful for boot‐
489 strapping.
490
491 This option is only useful if the SSL peer sends its CA certificate as
492 part of the SSL certificate chain. The SSL protocol does not require
493 the controller to send the CA certificate.
494
495 Database Commands
496 These commands query and modify the contents of ovsdb tables. They are
497 a slight abstraction of the ovsdb interface and as such they operate at
498 a lower level than other ovs-sbctl commands.
499
500 Identifying Tables, Records, and Columns
501
502 Each of these commands has a table parameter to identify a table within
503 the database. Many of them also take a record parameter that identi‐
504 fies a particular record within a table. The record parameter may be
505 the UUID for a record, and many tables offer additional ways to iden‐
506 tify records. Some commands also take column parameters that identify
507 a particular field within the records in a table.
508
509 For a list of tables and their columns, see ovn-sb(5) or see the table
510 listing from the --help option.
511
512 Record names must be specified in full and with correct capitalization,
513 except that UUIDs may be abbreviated to their first 4 (or more) hex
514 digits, as long as that is unique within the table. Names of tables
515 and columns are not case-sensitive, and - and _ are treated inter‐
516 changeably. Unique abbreviations of table and column names are accept‐
517 able, e.g. addr or a is sufficient to identify the Address_Set table.
518
519 Database Values
520
521 Each column in the database accepts a fixed type of data. The cur‐
522 rently defined basic types, and their representations, are:
523
524 integer
525 A decimal integer in the range -2**63 to 2**63-1, inclusive.
526
527 real A floating-point number.
528
529 Boolean
530 True or false, written true or false, respectively.
531
532 string An arbitrary Unicode string, except that null bytes are not
533 allowed. Quotes are optional for most strings that begin with
534 an English letter or underscore and consist only of letters,
535 underscores, hyphens, and periods. However, true and false and
536 strings that match the syntax of UUIDs (see below) must be
537 enclosed in double quotes to distinguish them from other basic
538 types. When double quotes are used, the syntax is that of
539 strings in JSON, e.g. backslashes may be used to escape special
540 characters. The empty string must be represented as a pair of
541 double quotes ("").
542
543 UUID Either a universally unique identifier in the style of RFC 4122,
544 e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an @name defined
545 by a get or create command within the same ovn-sbctl invocation.
546
547 Multiple values in a single column may be separated by spaces or a sin‐
548 gle comma. When multiple values are present, duplicates are not
549 allowed, and order is not important. Conversely, some database columns
550 can have an empty set of values, represented as [], and square brackets
551 may optionally enclose other non-empty sets or single values as well.
552 For a column accepting a set of integers, database commands accept a
553 range. A range is represented by two integers separated by -. A range
554 is inclusive. A range has a maximum size of 4096 elements. If more ele‐
555 ments are needed, they can be specified in seperate ranges.
556
557 A few database columns are ``maps'' of key-value pairs, where the key
558 and the value are each some fixed database type. These are specified
559 in the form key=value, where key and value follow the syntax for the
560 column's key type and value type, respectively. When multiple pairs
561 are present (separated by spaces or a comma), duplicate keys are not
562 allowed, and again the order is not important. Duplicate values are
563 allowed. An empty map is represented as {}. Curly braces may option‐
564 ally enclose non-empty maps as well (but use quotes to prevent the
565 shell from expanding other-config={0=x,1=y} into other-config=0=x
566 other-config=1=y, which may not have the desired effect).
567
568 Database Command Syntax
569
570 [--if-exists] [--columns=column[,column]...] list table [record]...
571 Lists the data in each specified record. If no records are
572 specified, lists all the records in table.
573
574 If --columns is specified, only the requested columns are
575 listed, in the specified order. Otherwise, all columns are
576 listed, in alphabetical order by column name.
577
578 Without --if-exists, it is an error if any specified record does
579 not exist. With --if-exists, the command ignores any record
580 that does not exist, without producing any output.
581
582 [--columns=column[,column]...] find table [column[:key]=value]...
583 Lists the data in each record in table whose column equals value
584 or, if key is specified, whose column contains a key with the
585 specified value. The following operators may be used where = is
586 written in the syntax summary:
587
588 = != < > <= >=
589 Selects records in which column[:key] equals, does not
590 equal, is less than, is greater than, is less than or
591 equal to, or is greater than or equal to value, respec‐
592 tively.
593
594 Consider column[:key] and value as sets of elements.
595 Identical sets are considered equal. Otherwise, if the
596 sets have different numbers of elements, then the set
597 with more elements is considered to be larger. Other‐
598 wise, consider a element from each set pairwise, in
599 increasing order within each set. The first pair that
600 differs determines the result. (For a column that con‐
601 tains key-value pairs, first all the keys are compared,
602 and values are considered only if the two sets contain
603 identical keys.)
604
605 {=} {!=}
606 Test for set equality or inequality, respectively.
607
608 {<=} Selects records in which column[:key] is a subset of
609 value. For example, flood-vlans{<=}1,2 selects records
610 in which the flood-vlans column is the empty set or con‐
611 tains 1 or 2 or both.
612
613 {<} Selects records in which column[:key] is a proper subset
614 of value. For example, flood-vlans{<}1,2 selects records
615 in which the flood-vlans column is the empty set or con‐
616 tains 1 or 2 but not both.
617
618 {>=} {>}
619 Same as {<=} and {<}, respectively, except that the rela‐
620 tionship is reversed. For example, flood-vlans{>=}1,2
621 selects records in which the flood-vlans column contains
622 both 1 and 2.
623
624 For arithmetic operators (= != < > <= >=), when key is specified
625 but a particular record's column does not contain key, the
626 record is always omitted from the results. Thus, the condition
627 other-config:mtu!=1500 matches records that have a mtu key whose
628 value is not 1500, but not those that lack an mtu key.
629
630 For the set operators, when key is specified but a particular
631 record's column does not contain key, the comparison is done
632 against an empty set. Thus, the condition other-con‐
633 fig:mtu{!=}1500 matches records that have a mtu key whose value
634 is not 1500 and those that lack an mtu key.
635
636 Don't forget to escape < or > from interpretation by the shell.
637
638 If --columns is specified, only the requested columns are
639 listed, in the specified order. Otherwise all columns are
640 listed, in alphabetical order by column name.
641
642 The UUIDs shown for rows created in the same ovn-sbctl invoca‐
643 tion will be wrong.
644
645 [--if-exists] [--id=@name] get table record [column[:key]]...
646 Prints the value of each specified column in the given record in
647 table. For map columns, a key may optionally be specified, in
648 which case the value associated with key in the column is
649 printed, instead of the entire map.
650
651 Without --if-exists, it is an error if record does not exist or
652 key is specified, if key does not exist in record. With
653 --if-exists, a missing record yields no output and a missing key
654 prints a blank line.
655
656 If @name is specified, then the UUID for record may be referred
657 to by that name later in the same ovn-sbctl invocation in con‐
658 texts where a UUID is expected.
659
660 Both --id and the column arguments are optional, but usually at
661 least one or the other should be specified. If both are omit‐
662 ted, then get has no effect except to verify that record exists
663 in table.
664
665 --id and --if-exists cannot be used together.
666
667 [--if-exists] set table record column[:key]=value...
668 Sets the value of each specified column in the given record in
669 table to value. For map columns, a key may optionally be speci‐
670 fied, in which case the value associated with key in that column
671 is changed (or added, if none exists), instead of the entire
672 map.
673
674 Without --if-exists, it is an error if record does not exist.
675 With --if-exists, this command does nothing if record does not
676 exist.
677
678 [--if-exists] add table record column [key=]value...
679 Adds the specified value or key-value pair to column in record
680 in table. If column is a map, then key is required, otherwise
681 it is prohibited. If key already exists in a map column, then
682 the current value is not replaced (use the set command to
683 replace an existing value).
684
685 Without --if-exists, it is an error if record does not exist.
686 With --if-exists, this command does nothing if record does not
687 exist.
688
689 [--if-exists] remove table record column value...
690 [--if-exists] remove table record column key...
691 [--if-exists] remove table record column key=value...
692 Removes the specified values or key-value pairs from column in
693 record in table. The first form applies to columns that are not
694 maps: each specified value is removed from the column. The sec‐
695 ond and third forms apply to map columns: if only a key is spec‐
696 ified, then any key-value pair with the given key is removed,
697 regardless of its value; if a value is given then a pair is
698 removed only if both key and value match.
699
700 It is not an error if the column does not contain the specified
701 key or value or pair.
702
703 Without --if-exists, it is an error if record does not exist.
704 With --if-exists, this command does nothing if record does not
705 exist.
706
707 [--if-exists] clear table record column...
708 Sets each column in record in table to the empty set or empty
709 map, as appropriate. This command applies only to columns that
710 are allowed to be empty.
711
712 Without --if-exists, it is an error if record does not exist.
713 With --if-exists, this command does nothing if record does not
714 exist.
715
716 [--id=@name] create table column[:key]=value...
717 Creates a new record in table and sets the initial values of
718 each column. Columns not explicitly set will receive their
719 default values. Outputs the UUID of the new row.
720
721 If @name is specified, then the UUID for the new row may be
722 referred to by that name elsewhere in the same ovn-sbctl invoca‐
723 tion in contexts where a UUID is expected. Such references may
724 precede or follow the create command.
725
726 Caution (ovs-vsctl as example)
727 Records in the Open vSwitch database are significant only
728 when they can be reached directly or indirectly from the
729 Open_vSwitch table. Except for records in the QoS or
730 Queue tables, records that are not reachable from the
731 Open_vSwitch table are automatically deleted from the
732 database. This deletion happens immediately, without
733 waiting for additional ovs-vsctl commands or other data‐
734 base activity. Thus, a create command must generally be
735 accompanied by additional commands within the same
736 ovs-vsctl invocation to add a chain of references to the
737 newly created record from the top-level Open_vSwitch
738 record. The EXAMPLES section gives some examples that
739 show how to do this.
740
741 [--if-exists] destroy table record...
742 Deletes each specified record from table. Unless --if-exists is
743 specified, each records must exist.
744
745 --all destroy table
746 Deletes all records from the table.
747
748 Caution (ovs-vsctl as example)
749 The destroy command is only useful for records in the QoS
750 or Queue tables. Records in other tables are automati‐
751 cally deleted from the database when they become unreach‐
752 able from the Open_vSwitch table. This means that delet‐
753 ing the last reference to a record is sufficient for
754 deleting the record itself. For records in these tables,
755 destroy is silently ignored. See the EXAMPLES section
756 below for more information.
757
758 wait-until table record [column[:key]=value]...
759 Waits until table contains a record named record whose column
760 equals value or, if key is specified, whose column contains a
761 key with the specified value. Any of the operators !=, <, >,
762 <=, or >= may be substituted for = to test for inequality, less
763 than, greater than, less than or equal to, or greater than or
764 equal to, respectively. (Don't forget to escape < or > from
765 interpretation by the shell.)
766
767 If no column[:key]=value arguments are given, this command waits
768 only until record exists. If more than one such argument is
769 given, the command waits until all of them are satisfied.
770
771 Caution (ovs-vsctl as example)
772 Usually wait-until should be placed at the beginning of a
773 set of ovs-vsctl commands. For example, wait-until
774 bridge br0 -- get bridge br0 datapath_id waits until a
775 bridge named br0 is created, then prints its datapath_id
776 column, whereas get bridge br0 datapath_id -- wait-until
777 bridge br0 will abort if no bridge named br0 exists when
778 ovs-vsctl initially connects to the database.
779
780 Consider specifying --timeout=0 along with --wait-until, to pre‐
781 vent ovn-sbctl from terminating after waiting only at most 5
782 seconds.
783
784 comment [arg]...
785 This command has no effect on behavior, but any database log
786 record created by the command will include the command and its
787 arguments.
788
790 0 Successful program execution.
791
792 1 Usage, syntax, or configuration file error.
793
795 ovn-sb(5).
796
797
798
799OVN 20.12.0 ovn-sbctl(8)