1ovn-sbctl(8)                      OVN Manual                      ovn-sbctl(8)
2
3
4

NAME

6       ovn-sbctl  -  utility for querying and configuring OVN_Southbound data‐
7       base
8

SYNOPSIS

10       ovn-sbctl [options] -- [options] command [args] [--  [options]  command
11       [args]]...
12

DESCRIPTION

14       The ovn-sbctl program configures the OVN_Southbound database by provid‐
15       ing  a  high-level  interface  to  its  configuration  database.    See
16       ovn-sb(5) for comprehensive documentation of the database schema.
17
18       ovn-sbctl  connects  to  an  ovsdb-server  process  that  maintains  an
19       OVN_Southbound  configuration  database.   Using  this  connection,  it
20       queries  and possibly applies changes to the database, depending on the
21       supplied commands.
22
23       ovn-sbctl can perform any number of commands in a  single  run,  imple‐
24       mented as a single atomic transaction against the database.
25
26       The  ovn-sbctl  command  line  begins  with global options (see OPTIONS
27       below for details).  The global options are followed  by  one  or  more
28       commands.   Each  command  should begin with -- by itself as a command-
29       line argument, to separate it from the  following  commands.   (The  --
30       before  the first command is optional.)  The command itself starts with
31       command-specific options, if any, followed by the command name and  any
32       arguments.
33

OPTIONS

35       The  following  options  affect  the  behavior of ovn-sbctl as a whole.
36       Some individual commands also accept their own options, which are given
37       just before the command name.  If the first command on the command line
38       has options, then those options  must  be  separated  from  the  global
39       options by --.
40
41       --db=server
42              The OVSDB database remote to contact.  If the OVN_SB_DB environ‐
43              ment variable is set, its value is used as the default.   Other‐
44              wise,  the  default  is  unix:@RUNDIR@/ovnsb_db.sock,  but  this
45              default is unlikely to be useful outside of  single-machine  OVN
46              test environments.
47
48              server may be an OVSDB active or passive connection method, e.g.
49              ssl:192.168.10.5:6640, as described in ovsdb(7).
50
51       --leader-only
52       --no-leader-only
53              By default, or with --leader-only, when the database server is a
54              clustered  database, ovn-sbctl will avoid servers other than the
55              cluster leader.  This ensures that any data that ovn-sbctl reads
56              and  reports  is  up-to-date.   With --no-leader-only, ovn-sbctl
57              will use any server in the cluster, which means that  for  read-
58              only  transactions it can report and act on stale data (transac‐
59              tions that modify the database are always serialized  even  with
60              --no-leader-only).   Refer  to Understanding Cluster Consistency
61              in ovsdb(7) for more information.
62
63       --no-syslog
64              By default, ovn-sbctl logs its arguments and the details of  any
65              changes  that  it makes to the system log.  This option disables
66              this logging.
67
68              This option is equivalent to --verbose=sbctl:syslog:warn.
69
70       --oneline
71              Modifies the output format so that the output for  each  command
72              is  printed  on  a  single line.  New-line characters that would
73              otherwise separate lines are printed as \n, and any instances of
74              \ that would otherwise appear in the output are doubled.  Prints
75              a blank line for each command that has no output.   This  option
76              does  not  affect the formatting of output from the list or find
77              commands; see Table Formatting Options below.
78
79       --dry-run
80              Prevents ovn-sbctl from actually modifying the database.
81
82       -t secs
83       --timeout=secs
84              By default, or with a secs of 0, ovn-sbctl waits forever  for  a
85              response  from  the  database.   This  option  limits runtime to
86              approximately secs seconds.  If the timeout  expires,  ovn-sbctl
87              will exit with a SIGALRM signal.  (A timeout would normally hap‐
88              pen only if the database cannot be contacted, or if  the  system
89              is overloaded.)
90
91       OVN_SBCTL_OPTIONS
92              User  can  set one or more options using OVN_SBCTL_OPTIONS envi‐
93              ronment variable. Under the Bourne shell this might be done like
94              this:   export   OVN_SBCTL_OPTIONS"="--db=unix:sb1.ovsdb   --no-
95              leader-only".  However  user  can  still  over-ride  environment
96              options  by  passing different options in cli. When the environ‐
97              ment variable  is  no  longer  needed,  unset  it,  e.g.:  unset
98              OVN_SBCTL_OPTIONS"
99
100       -v[spec]
101       --verbose=[spec]
102              Sets  logging  levels.  Without any spec, sets the log level for
103              every module and destination to dbg.  Otherwise, spec is a  list
104              of words separated by spaces or commas or colons, up to one from
105              each category below:
106
107              ·      A valid module name, as displayed by the  vlog/list  com‐
108                     mand on ovs-appctl(8), limits the log level change to the
109                     specified module.
110
111              ·      syslog, console, or file, to limit the log  level  change
112                     to  only to the system log, to the console, or to a file,
113                     respectively.   (If  --detach  is  specified,   ovn-sbctl
114                     closes  its  standard file descriptors, so logging to the
115                     console will have no effect.)
116
117                     On Windows platform, syslog is accepted as a word and  is
118                     only  useful  along  with the --syslog-target option (the
119                     word has no effect otherwise).
120
121              ·      off, emer, err, warn, info, or dbg, to  control  the  log
122                     level.   Messages of the given severity or higher will be
123                     logged, and messages of lower severity will  be  filtered
124                     out.   off  filters  out all messages.  See ovs-appctl(8)
125                     for a definition of each log level.
126
127              Case is not significant within spec.
128
129              Regardless of the log levels set for file,  logging  to  a  file
130              will  not  take  place  unless --log-file is also specified (see
131              below).
132
133              For compatibility with older versions of OVS, any is accepted as
134              a word but has no effect.
135
136       -v
137       --verbose
138              Sets  the  maximum logging verbosity level, equivalent to --ver‐
139              bose=dbg.
140
141       -vPATTERN:destination:pattern
142       --verbose=PATTERN:destination:pattern
143              Sets the log pattern  for  destination  to  pattern.   Refer  to
144              ovs-appctl(8) for a description of the valid syntax for pattern.
145
146       -vFACILITY:facility
147       --verbose=FACILITY:facility
148              Sets  the  RFC5424  facility of the log message. facility can be
149              one of kern, user, mail, daemon, auth, syslog, lpr, news,  uucp,
150              clock,  ftp,  ntp, audit, alert, clock2, local0, local1, local2,
151              local3, local4, local5, local6 or local7. If this option is  not
152              specified,  daemon  is  used as the default for the local system
153              syslog and local0 is used while sending a message to the  target
154              provided via the --syslog-target option.
155
156       --log-file[=file]
157              Enables  logging  to  a  file.  If file is specified, then it is
158              used as the exact name for the log file.  The default  log  file
159              name used if file is omitted is /var/log/ovn/ovn-sbctl.log.
160
161       --syslog-target=host:port
162              Send  syslog  messages  to  UDP port on host, in addition to the
163              system syslog.  The host must be a numerical IP address,  not  a
164              hostname.
165
166       --syslog-method=method
167              Specify method how syslog messages should be sent to syslog dae‐
168              mon.  Following forms are supported:
169
170              ·      libc, use libc syslog() function.  Downside of using this
171                     options  is  that libc adds fixed prefix to every message
172                     before it is actually sent  to  the  syslog  daemon  over
173                     /dev/log UNIX domain socket.
174
175              ·      unix:file, use UNIX domain socket directly.  It is possi‐
176                     ble to specify arbitrary message format with this option.
177                     However,  rsyslogd  8.9 and older versions use hard coded
178                     parser function anyway that  limits  UNIX  domain  socket
179                     use.   If  you  want to use arbitrary message format with
180                     older rsyslogd versions, then use UDP socket to localhost
181                     IP address instead.
182
183              ·      udp:ip:port, use UDP socket.  With this method it is pos‐
184                     sible to use arbitrary message  format  also  with  older
185                     rsyslogd.   When  sending syslog messages over UDP socket
186                     extra precaution needs to  be  taken  into  account,  for
187                     example,  syslog  daemon needs to be configured to listen
188                     on the specified  UDP  port,  accidental  iptables  rules
189                     could  be interfering with local syslog traffic and there
190                     are some security considerations that apply to UDP  sock‐
191                     ets, but do not apply to UNIX domain sockets.
192
193              ·      null, discards all messages logged to syslog.
194
195              The  default  is  taken  from  the OVS_SYSLOG_METHOD environment
196              variable; if it is unset, the default is libc.
197
198       -h
199       --help Prints a brief help message to the console.
200
201       -V
202       --version
203              Prints version information to the console.
204
205   Table Formatting Options
206       These options control the format of output from the list and find  com‐
207       mands.
208
209       -f format
210       --format=format
211              Sets  the type of table formatting.  The following types of for‐
212              mat are available:
213
214              table  2-D text tables with aligned columns.
215
216              list (default)
217                     A list with one column per line and rows separated  by  a
218                     blank line.
219
220              html   HTML tables.
221
222              csv    Comma-separated values as defined in RFC 4180.
223
224              json   JSON  format  as  defined  in  RFC 4627.  The output is a
225                     sequence of JSON objects, each of  which  corresponds  to
226                     one  table.   Each  JSON object has the following members
227                     with the noted values:
228
229                     caption
230                            The table's caption.  This member  is  omitted  if
231                            the table has no caption.
232
233                     headings
234                            An  array with one element per table column.  Each
235                            array element is a string giving the corresponding
236                            column's heading.
237
238                     data   An  array  with  one  element per table row.  Each
239                            element is also an array with one element per  ta‐
240                            ble  column.   The  elements  of this second-level
241                            array are the cells  that  constitute  the  table.
242                            Cells  that represent OVSDB data or data types are
243                            expressed in the format  described  in  the  OVSDB
244                            specification; other cells are simply expressed as
245                            text strings.
246
247       -d format
248       --data=format
249              Sets the formatting for cells within output  tables  unless  the
250              table  format  is  set to json, in which case json formatting is
251              always used when formatting cells.  The following types of  for‐
252              mat are available:
253
254              string (default)
255                     The  simple  format described in the Database Values sec‐
256                     tion of ovs-vsctl(8).
257
258              bare   The simple format with punctuation stripped off:  []  and
259                     {}  are  omitted  around  sets,  maps, and empty columns,
260                     items within  sets  and  maps  are  space-separated,  and
261                     strings  are never quoted.  This format may be easier for
262                     scripts to parse.
263
264              json   The RFC 4627 JSON format as described above.
265
266       --no-headings
267              This option suppresses the heading row that otherwise appears in
268              the first row of table output.
269
270       --pretty
271              By  default, JSON in output is printed as compactly as possible.
272              This option causes JSON in output to be printed in a more  read‐
273              able  fashion.   Members  of  objects and elements of arrays are
274              printed one per line, with indentation.
275
276              This option does not affect JSON  in  tables,  which  is  always
277              printed compactly.
278
279       --bare Equivalent to --format=list --data=bare --no-headings.
280
281       --max-column-width=n
282              For  table  output  only,  limits the width of any column in the
283              output to n columns.  Longer cell data is truncated to  fit,  as
284              necessary.  Columns are always wide enough to display the column
285              names, if the heading row is printed.
286
287   Public Key Infrastructure Options
288       --bootstrap-ca-cert=cacert.pem
289              When cacert.pem exists, this option has the same effect as -C or
290              --ca-cert.  If it does not exist, then ovn-sbctl will attempt to
291              obtain the CA certificate from the SSL peer  on  its  first  SSL
292              connection and save it to the named PEM file.  If it is success‐
293              ful, it will immediately drop the connection and reconnect,  and
294              from then on all SSL connections must be authenticated by a cer‐
295              tificate signed by the CA certificate thus obtained.
296
297              This option exposes the SSL connection  to  a  man-in-the-middle
298              attack  obtaining the initial CA certificate, but it may be use‐
299              ful for bootstrapping.
300
301              This option is only useful if the SSL peer sends its CA certifi‐
302              cate  as  part  of  the SSL certificate chain.  The SSL protocol
303              does not require the server to send the CA certificate.
304
305              This option is mutually exclusive with -C and --ca-cert.
306
307       -p privkey.pem
308       --private-key=privkey.pem
309              Specifies  a  PEM  file  containing  the  private  key  used  as
310              ovn-sbctl's identity for outgoing SSL connections.
311
312       -c cert.pem
313       --certificate=cert.pem
314              Specifies a PEM file containing a certificate that certifies the
315              private key specified on -p or --private-key to be  trustworthy.
316              The certificate must be signed by the certificate authority (CA)
317              that the peer in SSL connections will use to verify it.
318
319       -C cacert.pem
320       --ca-cert=cacert.pem
321              Specifies  a  PEM  file  containing  the  CA  certificate   that
322              ovn-sbctl  should  use to verify certificates presented to it by
323              SSL peers.  (This may be the same certificate that SSL peers use
324              to  verify  the certificate specified on -c or --certificate, or
325              it may be a different one, depending on the PKI design in use.)
326
327       -C none
328       --ca-cert=none
329              Disables verification of certificates presented  by  SSL  peers.
330              This  introduces a security risk, because it means that certifi‐
331              cates cannot be verified to be those of known trusted hosts.
332

COMMANDS

334       The commands implemented by ovn-sbctl are  described  in  the  sections
335       below.
336
337   OVN_Southbound Commands
338       These commands work with an OVN_Southbound database as a whole.
339
340       init   Initializes  the  database, if it is empty.  If the database has
341              already been initialized, this command has no effect.
342
343       show   Prints a brief overview of the database contents.
344
345   Chassis Commands
346       These commands manipulate OVN_Southbound chassis.
347
348       [--may-exist] chassis-add chassis encap-type encap-ip
349              Creates a new chassis named chassis.  encap-type is a comma-sep‐
350              arated  list  of  tunnel types.  The chassis will have one encap
351              entry for each specified tunnel type with encap-ip as the desti‐
352              nation IP for each.
353
354              Without  --may-exist, attempting to create a chassis that exists
355              is an error.  With --may-exist, this  command  does  nothing  if
356              chassis already exists.
357
358       [--if-exists] chassis-del chassis
359              Deletes chassis and its encaps and gateway_ports.
360
361              Without  --if-exists,  attempting  to delete a chassis that does
362              not exist is an error.  With --if-exists, attempting to delete a
363              chassis that does not exist has no effect.
364
365   Port binding Commands
366       These commands manipulate OVN_Southbound port bindings.
367
368       [--may-exist] lsp-bind logical-port chassis
369              Binds the logical port named logical-port to chassis.
370
371              Without  --may-exist, attempting to bind a logical port that has
372              already been bound is an error.  With --may-exist, this  command
373              does  nothing  if logical-port has already been bound to a chas‐
374              sis.
375
376       [--if-exists] lsp-unbind logical-port
377              Resets the binding of logical-port to NULL.
378
379              Without --if-exists, attempting to unbind a logical port that is
380              not  bound  is an error.  With --if-exists, attempting to unbind
381              logical port that is not bound has no effect.
382
383   Logical Flow Commands
384       [--uuid] [--ovs[=remote]]  [--stats]  [--vflows]  lflow-list  [logical-
385       datapath] [lflow...]
386              List logical flows.  If logical-datapath is specified, only list
387              flows for that logical datapath.  The  logical-datapath  may  be
388              given  as  a  UUID  or as a datapath name (reporting an error if
389              multiple datapaths have the same name).
390
391              If at least one lflow is given, only matching logical flows,  if
392              any,  are  listed.  Each lflow may be specified as a UUID or the
393              first few characters of  a  UUID,  optionally  prefixed  by  0x.
394              (Because  ovn-controller sets OpenFlow flow cookies to the first
395              32 bits of the corresponding logical flow's UUID, this makes  it
396              easy  to  look  up  the logical flow that generated a particular
397              OpenFlow flow.)
398
399              If --uuid is specified, the output includes the first 32 bits of
400              each  logical  flow's  UUID.   This  makes it easier to find the
401              OpenFlow flows that correspond to a given logical flow.
402
403              If --ovs is included, ovn-sbctl attempts to obtain  and  display
404              the OpenFlow flows that correspond to each OVN logical flow.  To
405              do   so,   ovn-sbctl   connects   to   remote    (by    default,
406              unix:@RUNDIR@/br-int.mgmt)   over  OpenFlow  and  retrieves  the
407              flows.  If remote is specified, it must be  an  active  OpenFlow
408              connection method described in ovsdb(7).  Please see the discus‐
409              sion of the similar --ovs option in ovn-trace(8) for more infor‐
410              mation about the OpenFlow flow output.
411
412              By  default,  OpenFlow  flow  output  includes  only  match  and
413              actions.  Add --stats to include all OpenFlow information,  such
414              as packet and byte counters, duration, and timeouts.
415
416              If  --vflows  is  included,  other  southbound  database records
417              directly used for generating OpenFlow  flows  are  also  listed.
418              This  includes:  port-bindings,  mac-bindings, multicast-groups,
419              chassis.  The --ovs and --stats can also be used in  conjunction
420              with --vflows.
421
422       [--uuid] dump-flows [logical-datapath]
423              Alias for lflow-list.
424
425   Remote Connectivity Commands
426       These commands manipulate the connections column in the SB_Global table
427       and rows in the Connection table.  When ovsdb-server is  configured  to
428       use  the  connections  column  for  OVSDB  connections, this allows the
429       administrator to use ovn-sbctl to configure database connections.
430
431       get-connection
432              Prints the configured connection(s).
433
434       del-connection
435              Deletes the configured connection(s).
436
437       set-connection [access-specifier] target...
438              Sets the configured manager target or targets.  Each target  may
439              may  be  an  OVSDB  active  or  passive  connection method, e.g.
440              pssl:6640, as described in ovsdb(7), optionally preceded  by  an
441              optional  access-specifier  (read-only  or read-write).  If pro‐
442              vided, the effect of the access specifier  persists  for  subse‐
443              quent targets until changed by another access specifier.
444
445   SSL Configuration
446       When  ovsdb-server  is  configured  to connect using SSL, the following
447       parameters are required:
448
449       private-key
450              Specifies a PEM file containing the private  key  used  for  SSL
451              connections.
452
453       certificate
454              Specifies  a  PEM  file  containing a certificate, signed by the
455              certificate authority (CA) used by the  connection  peers,  that
456              certifies the private key, identifying a trustworthy peer.
457
458       ca-cert
459              Specifies  a PEM file containing the CA certificate used to ver‐
460              ify that the connection peers are trustworthy.
461
462       These SSL settings apply to all SSL connections made by the  southbound
463       database server.
464
465       get-ssl
466              Prints the SSL configuration.
467
468       del-ssl
469              Deletes the current SSL configuration.
470
471       [--bootstrap]  set-ssl  private-key  certificate ca-cert [ssl-protocol-
472       list [ssl-cipher-list]]
473              Sets the SSL configuration.  The --bootstrap option is described
474              below.
475
476     CA Certificate Bootstrap
477
478       Ordinarily,  all of the files named in the SSL configuration must exist
479       before SSL connectivity can be used.  However, if the ca-cert file does
480       not  exist  and the --bootstrap option is given, then ovsdb-server will
481       attempt to obtain the CA certificate from the target on its  first  SSL
482       connection  and save it to the named PEM file.  If it is successful, it
483       will immediately drop the connection and reconnect, and  from  then  on
484       all  SSL  connections  must be authenticated by a certificate signed by
485       the CA certificate thus obtained.
486
487       This option exposes the SSL connection to  a  man-in-the-middle  attack
488       obtaining  the  initial  CA certificate, but it may be useful for boot‐
489       strapping.
490
491       This option is only useful if the SSL peer sends its CA certificate  as
492       part  of  the SSL certificate chain.  The SSL protocol does not require
493       the controller to send the CA certificate.
494
495   Database Commands
496       These commands query and modify the contents of ovsdb tables.  They are
497       a slight abstraction of the ovsdb interface and as such they operate at
498       a lower level than other ovs-sbctl commands.
499
500     Identifying Tables, Records, and Columns
501
502       Each of these commands has a table parameter to identify a table within
503       the  database.   Many of them also take a record parameter that identi‐
504       fies a particular record within a table.  The record parameter  may  be
505       the  UUID  for a record, and many tables offer additional ways to iden‐
506       tify records.  Some commands also take column parameters that  identify
507       a particular field within the records in a table.
508
509       For  a list of tables and their columns, see ovn-sb(5) or see the table
510       listing from the --help option.
511
512       Record names must be specified in full and with correct capitalization,
513       except  that  UUIDs  may  be abbreviated to their first 4 (or more) hex
514       digits, as long as that is unique within the table.   Names  of  tables
515       and  columns  are  not  case-sensitive,  and - and _ are treated inter‐
516       changeably.  Unique abbreviations of table and column names are accept‐
517       able, e.g. addr or a is sufficient to identify the Address_Set table.
518
519     Database Values
520
521       Each  column  in  the  database accepts a fixed type of data.  The cur‐
522       rently defined basic types, and their representations, are:
523
524       integer
525              A decimal integer in the range -2**63 to 2**63-1, inclusive.
526
527       real   A floating-point number.
528
529       Boolean
530              True or false, written true or false, respectively.
531
532       string An arbitrary Unicode string, except  that  null  bytes  are  not
533              allowed.   Quotes  are optional for most strings that begin with
534              an English letter or underscore and  consist  only  of  letters,
535              underscores,  hyphens, and periods.  However, true and false and
536              strings that match the syntax  of  UUIDs  (see  below)  must  be
537              enclosed  in  double quotes to distinguish them from other basic
538              types.  When double quotes are  used,  the  syntax  is  that  of
539              strings  in JSON, e.g. backslashes may be used to escape special
540              characters.  The empty string must be represented as a  pair  of
541              double quotes ("").
542
543       UUID   Either a universally unique identifier in the style of RFC 4122,
544              e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an  @name  defined
545              by a get or create command within the same ovn-sbctl invocation.
546
547       Multiple values in a single column may be separated by spaces or a sin‐
548       gle comma.  When  multiple  values  are  present,  duplicates  are  not
549       allowed, and order is not important.  Conversely, some database columns
550       can have an empty set of values, represented as [], and square brackets
551       may  optionally  enclose other non-empty sets or single values as well.
552       For a column accepting a set of integers, database  commands  accept  a
553       range.  A  range is represented by two integers separated by -. A range
554       is inclusive. A range has a maximum size of 4096 elements. If more ele‐
555       ments are needed, they can be specified in seperate ranges.
556
557       A  few  database columns are ``maps'' of key-value pairs, where the key
558       and the value are each some fixed database type.  These  are  specified
559       in  the  form  key=value, where key and value follow the syntax for the
560       column's key type and value type, respectively.   When  multiple  pairs
561       are  present  (separated  by spaces or a comma), duplicate keys are not
562       allowed, and again the order is not important.   Duplicate  values  are
563       allowed.   An empty map is represented as {}.  Curly braces may option‐
564       ally enclose non-empty maps as well (but  use  quotes  to  prevent  the
565       shell   from  expanding  other-config={0=x,1=y}  into  other-config=0=x
566       other-config=1=y, which may not have the desired effect).
567
568     Database Command Syntax
569
570       [--if-exists] [--columns=column[,column]...] list table [record]...
571              Lists the data in each specified  record.   If  no  records  are
572              specified, lists all the records in table.
573
574              If  --columns  is  specified,  only  the  requested  columns are
575              listed, in the specified  order.   Otherwise,  all  columns  are
576              listed, in alphabetical order by column name.
577
578              Without --if-exists, it is an error if any specified record does
579              not exist.  With --if-exists, the  command  ignores  any  record
580              that does not exist, without producing any output.
581
582       [--columns=column[,column]...] find table [column[:key]=value]...
583              Lists the data in each record in table whose column equals value
584              or, if key is specified, whose column contains a  key  with  the
585              specified value.  The following operators may be used where = is
586              written in the syntax summary:
587
588              = != < > <= >=
589                     Selects records in which column[:key]  equals,  does  not
590                     equal,  is  less  than,  is greater than, is less than or
591                     equal to, or is greater than or equal to  value,  respec‐
592                     tively.
593
594                     Consider  column[:key]  and  value  as  sets of elements.
595                     Identical sets are considered equal.  Otherwise,  if  the
596                     sets  have  different  numbers  of elements, then the set
597                     with more elements is considered to  be  larger.   Other‐
598                     wise,  consider  a  element  from  each  set pairwise, in
599                     increasing order within each set.  The  first  pair  that
600                     differs  determines  the result.  (For a column that con‐
601                     tains key-value pairs, first all the keys  are  compared,
602                     and  values  are  considered only if the two sets contain
603                     identical keys.)
604
605              {=} {!=}
606                     Test for set equality or inequality, respectively.
607
608              {<=}   Selects records in which  column[:key]  is  a  subset  of
609                     value.   For  example, flood-vlans{<=}1,2 selects records
610                     in which the flood-vlans column is the empty set or  con‐
611                     tains 1 or 2 or both.
612
613              {<}    Selects  records in which column[:key] is a proper subset
614                     of value.  For example, flood-vlans{<}1,2 selects records
615                     in  which the flood-vlans column is the empty set or con‐
616                     tains 1 or 2 but not both.
617
618              {>=} {>}
619                     Same as {<=} and {<}, respectively, except that the rela‐
620                     tionship  is  reversed.   For example, flood-vlans{>=}1,2
621                     selects records in which the flood-vlans column  contains
622                     both 1 and 2.
623
624              For arithmetic operators (= != < > <= >=), when key is specified
625              but a particular record's  column  does  not  contain  key,  the
626              record  is always omitted from the results.  Thus, the condition
627              other-config:mtu!=1500 matches records that have a mtu key whose
628              value is not 1500, but not those that lack an mtu key.
629
630              For  the  set  operators, when key is specified but a particular
631              record's column does not contain key,  the  comparison  is  done
632              against   an   empty   set.    Thus,  the  condition  other-con‐
633              fig:mtu{!=}1500 matches records that have a mtu key whose  value
634              is not 1500 and those that lack an mtu key.
635
636              Don't forget to escape < or > from interpretation by the shell.
637
638              If  --columns  is  specified,  only  the  requested  columns are
639              listed, in the  specified  order.   Otherwise  all  columns  are
640              listed, in alphabetical order by column name.
641
642              The  UUIDs  shown for rows created in the same ovn-sbctl invoca‐
643              tion will be wrong.
644
645       [--if-exists] [--id=@name] get table record [column[:key]]...
646              Prints the value of each specified column in the given record in
647              table.   For  map columns, a key may optionally be specified, in
648              which case the value  associated  with  key  in  the  column  is
649              printed, instead of the entire map.
650
651              Without  --if-exists, it is an error if record does not exist or
652              key is specified,  if  key  does  not  exist  in  record.   With
653              --if-exists, a missing record yields no output and a missing key
654              prints a blank line.
655
656              If @name is specified, then the UUID for record may be  referred
657              to  by  that name later in the same ovn-sbctl invocation in con‐
658              texts where a UUID is expected.
659
660              Both --id and the column arguments are optional, but usually  at
661              least  one  or the other should be specified.  If both are omit‐
662              ted, then get has no effect except to verify that record  exists
663              in table.
664
665              --id and --if-exists cannot be used together.
666
667       [--if-exists] set table record column[:key]=value...
668              Sets  the  value of each specified column in the given record in
669              table to value.  For map columns, a key may optionally be speci‐
670              fied, in which case the value associated with key in that column
671              is changed (or added, if none exists),  instead  of  the  entire
672              map.
673
674              Without  --if-exists,  it  is an error if record does not exist.
675              With --if-exists, this command does nothing if record  does  not
676              exist.
677
678       [--if-exists] add table record column [key=]value...
679              Adds  the  specified value or key-value pair to column in record
680              in table.  If column is a map, then key is  required,  otherwise
681              it  is  prohibited.  If key already exists in a map column, then
682              the current value is  not  replaced  (use  the  set  command  to
683              replace an existing value).
684
685              Without  --if-exists,  it  is an error if record does not exist.
686              With --if-exists, this command does nothing if record  does  not
687              exist.
688
689       [--if-exists] remove table record column value...
690       [--if-exists] remove table record column key...
691       [--if-exists] remove table record column key=value...
692              Removes  the  specified values or key-value pairs from column in
693              record in table.  The first form applies to columns that are not
694              maps: each specified value is removed from the column.  The sec‐
695              ond and third forms apply to map columns: if only a key is spec‐
696              ified,  then  any  key-value pair with the given key is removed,
697              regardless of its value; if a value is  given  then  a  pair  is
698              removed only if both key and value match.
699
700              It  is not an error if the column does not contain the specified
701              key or value or pair.
702
703              Without --if-exists, it is an error if record  does  not  exist.
704              With  --if-exists,  this command does nothing if record does not
705              exist.
706
707       [--if-exists] clear table record column...
708              Sets each column in record in table to the empty  set  or  empty
709              map,  as appropriate.  This command applies only to columns that
710              are allowed to be empty.
711
712              Without --if-exists, it is an error if record  does  not  exist.
713              With  --if-exists,  this command does nothing if record does not
714              exist.
715
716       [--id=@name] create table column[:key]=value...
717              Creates a new record in table and sets  the  initial  values  of
718              each  column.   Columns  not  explicitly  set will receive their
719              default values.  Outputs the UUID of the new row.
720
721              If @name is specified, then the UUID for  the  new  row  may  be
722              referred to by that name elsewhere in the same ovn-sbctl invoca‐
723              tion in contexts where a UUID is expected.  Such references  may
724              precede or follow the create command.
725
726              Caution (ovs-vsctl as example)
727                     Records in the Open vSwitch database are significant only
728                     when they can be reached directly or indirectly from  the
729                     Open_vSwitch  table.   Except  for  records in the QoS or
730                     Queue tables, records that are  not  reachable  from  the
731                     Open_vSwitch  table  are  automatically  deleted from the
732                     database.  This  deletion  happens  immediately,  without
733                     waiting  for additional ovs-vsctl commands or other data‐
734                     base activity.  Thus, a create command must generally  be
735                     accompanied   by  additional  commands  within  the  same
736                     ovs-vsctl invocation to add a chain of references to  the
737                     newly  created  record  from  the  top-level Open_vSwitch
738                     record.  The EXAMPLES section gives  some  examples  that
739                     show how to do this.
740
741       [--if-exists] destroy table record...
742              Deletes each specified record from table.  Unless --if-exists is
743              specified, each records must exist.
744
745       --all destroy table
746              Deletes all records from the table.
747
748              Caution (ovs-vsctl as example)
749                     The destroy command is only useful for records in the QoS
750                     or  Queue  tables.  Records in other tables are automati‐
751                     cally deleted from the database when they become unreach‐
752                     able from the Open_vSwitch table.  This means that delet‐
753                     ing the last reference to  a  record  is  sufficient  for
754                     deleting the record itself.  For records in these tables,
755                     destroy is silently ignored.  See  the  EXAMPLES  section
756                     below for more information.
757
758       wait-until table record [column[:key]=value]...
759              Waits  until  table  contains a record named record whose column
760              equals value or, if key is specified, whose  column  contains  a
761              key  with  the  specified value.  Any of the operators !=, <, >,
762              <=, or >= may be substituted for = to test for inequality,  less
763              than,  greater  than,  less than or equal to, or greater than or
764              equal to, respectively.  (Don't forget to escape  <  or  >  from
765              interpretation by the shell.)
766
767              If no column[:key]=value arguments are given, this command waits
768              only until record exists.  If more than  one  such  argument  is
769              given, the command waits until all of them are satisfied.
770
771              Caution (ovs-vsctl as example)
772                     Usually wait-until should be placed at the beginning of a
773                     set  of  ovs-vsctl  commands.   For  example,  wait-until
774                     bridge  br0  --  get bridge br0 datapath_id waits until a
775                     bridge named br0 is created, then prints its  datapath_id
776                     column,  whereas get bridge br0 datapath_id -- wait-until
777                     bridge br0 will abort if no bridge named br0 exists  when
778                     ovs-vsctl initially connects to the database.
779
780              Consider specifying --timeout=0 along with --wait-until, to pre‐
781              vent ovn-sbctl from terminating after waiting  only  at  most  5
782              seconds.
783
784       comment [arg]...
785              This  command  has  no  effect on behavior, but any database log
786              record created by the command will include the command  and  its
787              arguments.
788

EXIT STATUS

790       0      Successful program execution.
791
792       1      Usage, syntax, or configuration file error.
793

SEE ALSO

795       ovn-sb(5).
796
797
798
799OVN                                 20.12.0                       ovn-sbctl(8)
Impressum