1ovn-sbctl(8)                      OVN Manual                      ovn-sbctl(8)
2
3
4

NAME

6       ovn-sbctl  -  utility for querying and configuring OVN_Southbound data‐
7       base
8

SYNOPSIS

10       ovn-sbctl [options] -- [options] command [args] [--  [options]  command
11       [args]]...
12

DESCRIPTION

14       The ovn-sbctl program configures the OVN_Southbound database by provid‐
15       ing  a  high-level  interface  to  its  configuration  database.    See
16       ovn-sb(5) for comprehensive documentation of the database schema.
17
18       ovn-sbctl  connects  to  an  ovsdb-server  process  that  maintains  an
19       OVN_Southbound  configuration  database.   Using  this  connection,  it
20       queries  and possibly applies changes to the database, depending on the
21       supplied commands.
22
23       ovn-sbctl can perform any number of commands in a  single  run,  imple‐
24       mented as a single atomic transaction against the database.
25
26       The  ovn-sbctl command line begins with global options (see OPTIONS be‐
27       low for details).  The global options are followed by one or more  com‐
28       mands.   Each  command should begin with -- by itself as a command-line
29       argument, to separate it from the following commands.  (The  --  before
30       the  first  command  is optional.)  The command itself starts with com‐
31       mand-specific options, if any, followed by the command name and any ar‐
32       guments.
33

OPTIONS

35       The  following  options  affect  the  behavior of ovn-sbctl as a whole.
36       Some individual commands also accept their own options, which are given
37       just before the command name.  If the first command on the command line
38       has options, then those options must be separated from the  global  op‐
39       tions by --.
40
41       --db=server
42              The OVSDB database remote to contact.  If the OVN_SB_DB environ‐
43              ment variable is set, its value is used as the default.   Other‐
44              wise,  the  default is unix:@RUNDIR@/ovnsb_db.sock, but this de‐
45              fault is unlikely to be useful  outside  of  single-machine  OVN
46              test environments.
47
48              server may be an OVSDB active or passive connection method, e.g.
49              ssl:192.168.10.5:6640, as described in ovsdb(7).
50
51       --leader-only
52       --no-leader-only
53              By default, or with --leader-only, when the database server is a
54              clustered  database, ovn-sbctl will avoid servers other than the
55              cluster leader.  This ensures that any data that ovn-sbctl reads
56              and  reports  is  up-to-date.   With --no-leader-only, ovn-sbctl
57              will use any server in the cluster, which means that  for  read-
58              only  transactions it can report and act on stale data (transac‐
59              tions that modify the database are always serialized  even  with
60              --no-leader-only).   Refer  to Understanding Cluster Consistency
61              in ovsdb(7) for more information.
62
63       --no-syslog
64              By default, ovn-sbctl logs its arguments and the details of  any
65              changes  that  it makes to the system log.  This option disables
66              this logging.
67
68              This option is equivalent to --verbose=sbctl:syslog:warn.
69
70       --oneline
71              Modifies the output format so that the output for  each  command
72              is  printed  on  a  single line.  New-line characters that would
73              otherwise separate lines are printed as \n, and any instances of
74              \ that would otherwise appear in the output are doubled.  Prints
75              a blank line for each command that has no output.   This  option
76              does  not  affect the formatting of output from the list or find
77              commands; see Table Formatting Options below.
78
79       --dry-run
80              Prevents ovn-sbctl from actually modifying the database.
81
82       -t secs
83       --timeout=secs
84              By default, or with a secs of 0, ovn-sbctl waits forever  for  a
85              response  from  the database.  This option limits runtime to ap‐
86              proximately secs seconds.  If  the  timeout  expires,  ovn-sbctl
87              will exit with a SIGALRM signal.  (A timeout would normally hap‐
88              pen only if the database cannot be contacted, or if  the  system
89              is overloaded.)
90
91       OVN_SBCTL_OPTIONS
92              User  can  set one or more options using OVN_SBCTL_OPTIONS envi‐
93              ronment variable. Under the Bourne shell this might be done like
94              this:   export   OVN_SBCTL_OPTIONS"="--db=unix:sb1.ovsdb   --no-
95              leader-only".  However user can still over-ride environment  op‐
96              tions  by passing different options in cli. When the environment
97              variable  is  no  longer   needed,   unset   it,   e.g.:   unset
98              OVN_SBCTL_OPTIONS"
99
100       -v[spec]
101       --verbose=[spec]
102              Sets  logging  levels.  Without any spec, sets the log level for
103              every module and destination to dbg.  Otherwise, spec is a  list
104              of words separated by spaces or commas or colons, up to one from
105              each category below:
106
107              •      A valid module name, as displayed by the  vlog/list  com‐
108                     mand on ovs-appctl(8), limits the log level change to the
109                     specified module.
110
111syslog, console, or file, to limit the log  level  change
112                     to  only to the system log, to the console, or to a file,
113                     respectively.   (If  --detach  is  specified,   ovn-sbctl
114                     closes  its  standard file descriptors, so logging to the
115                     console will have no effect.)
116
117                     On Windows platform, syslog is accepted as a word and  is
118                     only  useful  along  with the --syslog-target option (the
119                     word has no effect otherwise).
120
121off, emer, err, warn, info, or dbg, to  control  the  log
122                     level.   Messages of the given severity or higher will be
123                     logged, and messages of lower severity will  be  filtered
124                     out.   off  filters  out all messages.  See ovs-appctl(8)
125                     for a definition of each log level.
126
127              Case is not significant within spec.
128
129              Regardless of the log levels set for file,  logging  to  a  file
130              will not take place unless --log-file is also specified (see be‐
131              low).
132
133              For compatibility with older versions of OVS, any is accepted as
134              a word but has no effect.
135
136       -v
137       --verbose
138              Sets  the  maximum logging verbosity level, equivalent to --ver‐
139              bose=dbg.
140
141       -vPATTERN:destination:pattern
142       --verbose=PATTERN:destination:pattern
143              Sets the log pattern  for  destination  to  pattern.   Refer  to
144              ovs-appctl(8) for a description of the valid syntax for pattern.
145
146       -vFACILITY:facility
147       --verbose=FACILITY:facility
148              Sets  the  RFC5424  facility of the log message. facility can be
149              one of kern, user, mail, daemon, auth, syslog, lpr, news,  uucp,
150              clock,  ftp,  ntp, audit, alert, clock2, local0, local1, local2,
151              local3, local4, local5, local6 or local7. If this option is  not
152              specified,  daemon  is  used as the default for the local system
153              syslog and local0 is used while sending a message to the  target
154              provided via the --syslog-target option.
155
156       --log-file[=file]
157              Enables  logging  to  a  file.  If file is specified, then it is
158              used as the exact name for the log file.  The default  log  file
159              name used if file is omitted is /var/log/ovn/ovn-sbctl.log.
160
161       --syslog-target=host:port
162              Send  syslog  messages  to  UDP port on host, in addition to the
163              system syslog.  The host must be a numerical IP address,  not  a
164              hostname.
165
166       --syslog-method=method
167              Specify method how syslog messages should be sent to syslog dae‐
168              mon.  Following forms are supported:
169
170libc, use libc syslog() function.  Downside of using this
171                     options  is  that libc adds fixed prefix to every message
172                     before it is actually sent  to  the  syslog  daemon  over
173                     /dev/log UNIX domain socket.
174
175unix:file, use UNIX domain socket directly.  It is possi‐
176                     ble to specify arbitrary message format with this option.
177                     However,  rsyslogd  8.9 and older versions use hard coded
178                     parser function anyway that  limits  UNIX  domain  socket
179                     use.   If  you  want to use arbitrary message format with
180                     older rsyslogd versions, then use UDP socket to localhost
181                     IP address instead.
182
183udp:ip:port, use UDP socket.  With this method it is pos‐
184                     sible to use arbitrary message  format  also  with  older
185                     rsyslogd.   When  sending syslog messages over UDP socket
186                     extra precaution needs to be taken into account, for  ex‐
187                     ample,  syslog daemon needs to be configured to listen on
188                     the specified UDP port, accidental iptables  rules  could
189                     be  interfering  with  local syslog traffic and there are
190                     some security considerations that apply to  UDP  sockets,
191                     but do not apply to UNIX domain sockets.
192
193null, discards all messages logged to syslog.
194
195              The  default  is  taken  from  the OVS_SYSLOG_METHOD environment
196              variable; if it is unset, the default is libc.
197
198       -h
199       --help Prints a brief help message to the console.
200
201       -V
202       --version
203              Prints version information to the console.
204
205   Table Formatting Options
206       These options control the format of output from the list and find  com‐
207       mands.
208
209       -f format
210       --format=format
211              Sets  the type of table formatting.  The following types of for‐
212              mat are available:
213
214              table  2-D text tables with aligned columns.
215
216              list (default)
217                     A list with one column per line and rows separated  by  a
218                     blank line.
219
220              html   HTML tables.
221
222              csv    Comma-separated values as defined in RFC 4180.
223
224              json   JSON  format as defined in RFC 4627.  The output is a se‐
225                     quence of JSON objects, each of which corresponds to  one
226                     table.   Each  JSON object has the following members with
227                     the noted values:
228
229                     caption
230                            The table's caption.  This member  is  omitted  if
231                            the table has no caption.
232
233                     headings
234                            An  array with one element per table column.  Each
235                            array element is a string giving the corresponding
236                            column's heading.
237
238                     data   An array with one element per table row.  Each el‐
239                            ement is also an array with one element per  table
240                            column.   The  elements of this second-level array
241                            are the cells that constitute  the  table.   Cells
242                            that  represent  OVSDB  data or data types are ex‐
243                            pressed in the format described in the OVSDB spec‐
244                            ification;  other  cells  are  simply expressed as
245                            text strings.
246
247       -d format
248       --data=format
249              Sets the formatting for cells within output  tables  unless  the
250              table  format  is  set to json, in which case json formatting is
251              always used when formatting cells.  The following types of  for‐
252              mat are available:
253
254              string (default)
255                     The  simple  format described in the Database Values sec‐
256                     tion of ovs-vsctl(8).
257
258              bare   The simple format with punctuation stripped off:  []  and
259                     {}  are  omitted  around  sets,  maps, and empty columns,
260                     items within  sets  and  maps  are  space-separated,  and
261                     strings  are never quoted.  This format may be easier for
262                     scripts to parse.
263
264              json   The RFC 4627 JSON format as described above.
265
266       --no-headings
267              This option suppresses the heading row that otherwise appears in
268              the first row of table output.
269
270       --pretty
271              By  default, JSON in output is printed as compactly as possible.
272              This option causes JSON in output to be printed in a more  read‐
273              able  fashion.   Members  of  objects and elements of arrays are
274              printed one per line, with indentation.
275
276              This option does not affect JSON  in  tables,  which  is  always
277              printed compactly.
278
279       --bare Equivalent to --format=list --data=bare --no-headings.
280
281       --max-column-width=n
282              For  table  output  only,  limits the width of any column in the
283              output to n columns.  Longer cell data is truncated to  fit,  as
284              necessary.  Columns are always wide enough to display the column
285              names, if the heading row is printed.
286
287   Public Key Infrastructure Options
288       --bootstrap-ca-cert=cacert.pem
289              When cacert.pem exists, this option has the same effect as -C or
290              --ca-cert.  If it does not exist, then ovn-sbctl will attempt to
291              obtain the CA certificate from the SSL peer  on  its  first  SSL
292              connection and save it to the named PEM file.  If it is success‐
293              ful, it will immediately drop the connection and reconnect,  and
294              from then on all SSL connections must be authenticated by a cer‐
295              tificate signed by the CA certificate thus obtained.
296
297              This option exposes the SSL connection  to  a  man-in-the-middle
298              attack  obtaining the initial CA certificate, but it may be use‐
299              ful for bootstrapping.
300
301              This option is only useful if the SSL peer sends its CA certifi‐
302              cate  as  part  of  the SSL certificate chain.  The SSL protocol
303              does not require the server to send the CA certificate.
304
305              This option is mutually exclusive with -C and --ca-cert.
306
307       -p privkey.pem
308       --private-key=privkey.pem
309              Specifies  a  PEM  file  containing  the  private  key  used  as
310              ovn-sbctl's identity for outgoing SSL connections.
311
312       -c cert.pem
313       --certificate=cert.pem
314              Specifies a PEM file containing a certificate that certifies the
315              private key specified on -p or --private-key to be  trustworthy.
316              The certificate must be signed by the certificate authority (CA)
317              that the peer in SSL connections will use to verify it.
318
319       -C cacert.pem
320       --ca-cert=cacert.pem
321              Specifies  a  PEM  file  containing  the  CA  certificate   that
322              ovn-sbctl  should  use to verify certificates presented to it by
323              SSL peers.  (This may be the same certificate that SSL peers use
324              to  verify  the certificate specified on -c or --certificate, or
325              it may be a different one, depending on the PKI design in use.)
326
327       -C none
328       --ca-cert=none
329              Disables verification of certificates presented  by  SSL  peers.
330              This  introduces a security risk, because it means that certifi‐
331              cates cannot be verified to be those of known trusted hosts.
332

COMMANDS

334       The commands implemented by ovn-sbctl are described in the sections be‐
335       low.
336
337   OVN_Southbound Commands
338       These commands work with an OVN_Southbound database as a whole.
339
340       init   Initializes  the  database, if it is empty.  If the database has
341              already been initialized, this command has no effect.
342
343       show   Prints a brief overview of the database contents.
344
345   Chassis Commands
346       These commands manipulate OVN_Southbound chassis.
347
348       [--may-exist] chassis-add chassis encap-type encap-ip
349              Creates a new chassis named chassis.  encap-type is a comma-sep‐
350              arated  list  of  tunnel types.  The chassis will have one encap
351              entry for each specified tunnel type with encap-ip as the desti‐
352              nation IP for each.
353
354              Without  --may-exist, attempting to create a chassis that exists
355              is an error.  With --may-exist, this  command  does  nothing  if
356              chassis already exists.
357
358       [--if-exists] chassis-del chassis
359              Deletes chassis and its encaps and gateway_ports.
360
361              Without  --if-exists,  attempting  to delete a chassis that does
362              not exist is an error.  With --if-exists, attempting to delete a
363              chassis that does not exist has no effect.
364
365   Port binding Commands
366       These commands manipulate OVN_Southbound port bindings.
367
368       [--may-exist] lsp-bind logical-port chassis
369              Binds the logical port named logical-port to chassis.
370
371              Without  --may-exist, attempting to bind a logical port that has
372              already been bound is an error.  With --may-exist, this  command
373              does  nothing  if logical-port has already been bound to a chas‐
374              sis.
375
376       [--if-exists] lsp-unbind logical-port
377              Resets the binding of logical-port to NULL.
378
379              Without --if-exists, attempting to unbind a logical port that is
380              not  bound  is an error.  With --if-exists, attempting to unbind
381              logical port that is not bound has no effect.
382
383   Logical Flow Commands
384       [--uuid] [--ovs[=remote]]  [--stats]  [--vflows]  lflow-list  [logical-
385       datapath] [lflow...]
386              List logical flows.  If logical-datapath is specified, only list
387              flows for that logical datapath.  The  logical-datapath  may  be
388              given  as  a  UUID  or as a datapath name (reporting an error if
389              multiple datapaths have the same name).
390
391              If at least one lflow is given, only matching logical flows,  if
392              any,  are  listed.  Each lflow may be specified as a UUID or the
393              first few characters of a UUID, optionally prefixed by 0x.  (Be‐
394              cause  ovn-controller sets OpenFlow flow cookies to the first 32
395              bits of the corresponding logical flow's  UUID,  this  makes  it
396              easy  to  look  up  the logical flow that generated a particular
397              OpenFlow flow.)
398
399              If --uuid is specified, the output includes the first 32 bits of
400              each  logical  flow's  UUID.   This  makes it easier to find the
401              OpenFlow flows that correspond to a given logical flow.
402
403              If --ovs is included, ovn-sbctl attempts to obtain  and  display
404              the OpenFlow flows that correspond to each OVN logical flow.  To
405              do   so,   ovn-sbctl   connects   to   remote    (by    default,
406              unix:@RUNDIR@/br-int.mgmt)   over  OpenFlow  and  retrieves  the
407              flows.  If remote is specified, it must be  an  active  OpenFlow
408              connection method described in ovsdb(7).  Please see the discus‐
409              sion of the similar --ovs option in ovn-trace(8) for more infor‐
410              mation about the OpenFlow flow output.
411
412              By  default,  OpenFlow  flow  output includes only match and ac‐
413              tions.  Add --stats to include all OpenFlow information, such as
414              packet and byte counters, duration, and timeouts.
415
416              If  --vflows  is included, other southbound database records di‐
417              rectly used for generating OpenFlow flows are also listed.  This
418              includes:  port-bindings,  mac-bindings, multicast-groups, chas‐
419              sis.  The --ovs and --stats can also be used in conjunction with
420              --vflows.
421
422       [--uuid] dump-flows [logical-datapath]
423              Alias for lflow-list.
424
425   Remote Connectivity Commands
426       These commands manipulate the connections column in the SB_Global table
427       and rows in the Connection table.  When ovsdb-server is  configured  to
428       use  the  connections column for OVSDB connections, this allows the ad‐
429       ministrator to use ovn-sbctl to configure database connections.
430
431       get-connection
432              Prints the configured connection(s).
433
434       del-connection
435              Deletes the configured connection(s).
436
437       set-connection [access-specifier] target...
438              Sets the configured manager target or targets.  Each target  may
439              may  be  an  OVSDB  active  or  passive  connection method, e.g.
440              pssl:6640, as described in ovsdb(7), optionally preceded  by  an
441              optional  access-specifier  (read-only  or read-write).  If pro‐
442              vided, the effect of the access specifier  persists  for  subse‐
443              quent targets until changed by another access specifier.
444
445   SSL Configuration
446       When ovsdb-server is configured to connect using SSL, the following pa‐
447       rameters are required:
448
449       private-key
450              Specifies a PEM file containing the private  key  used  for  SSL
451              connections.
452
453       certificate
454              Specifies  a  PEM  file  containing a certificate, signed by the
455              certificate authority (CA) used by the  connection  peers,  that
456              certifies the private key, identifying a trustworthy peer.
457
458       ca-cert
459              Specifies  a PEM file containing the CA certificate used to ver‐
460              ify that the connection peers are trustworthy.
461
462       These SSL settings apply to all SSL connections made by the  southbound
463       database server.
464
465       get-ssl
466              Prints the SSL configuration.
467
468       del-ssl
469              Deletes the current SSL configuration.
470
471       [--bootstrap]  set-ssl  private-key  certificate ca-cert [ssl-protocol-
472       list [ssl-cipher-list]]
473              Sets the SSL configuration.  The --bootstrap option is described
474              below.
475
476     CA Certificate Bootstrap
477
478       Ordinarily,  all of the files named in the SSL configuration must exist
479       before SSL connectivity can be used.  However, if the ca-cert file does
480       not  exist  and the --bootstrap option is given, then ovsdb-server will
481       attempt to obtain the CA certificate from the target on its  first  SSL
482       connection  and save it to the named PEM file.  If it is successful, it
483       will immediately drop the connection and reconnect, and  from  then  on
484       all  SSL  connections  must be authenticated by a certificate signed by
485       the CA certificate thus obtained.
486
487       This option exposes the SSL connection to  a  man-in-the-middle  attack
488       obtaining  the  initial  CA certificate, but it may be useful for boot‐
489       strapping.
490
491       This option is only useful if the SSL peer sends its CA certificate  as
492       part  of  the SSL certificate chain.  The SSL protocol does not require
493       the controller to send the CA certificate.
494
495   Database Commands
496       These commands query and modify the contents of ovsdb tables.  They are
497       a slight abstraction of the ovsdb interface and as such they operate at
498       a lower level than other ovs-sbctl commands.
499
500     Identifying Tables, Records, and Columns
501
502       Each of these commands has a table parameter to identify a table within
503       the  database.   Many of them also take a record parameter that identi‐
504       fies a particular record within a table.  The record parameter  may  be
505       the  UUID  for a record, and many tables offer additional ways to iden‐
506       tify records.  Some commands also take column parameters that  identify
507       a particular field within the records in a table.
508
509       For  a list of tables and their columns, see ovn-sb(5) or see the table
510       listing from the --help option.
511
512       Record names must be specified in full and with correct capitalization,
513       except  that  UUIDs  may  be abbreviated to their first 4 (or more) hex
514       digits, as long as that is unique within the table.   Names  of  tables
515       and  columns  are  not  case-sensitive,  and - and _ are treated inter‐
516       changeably.  Unique abbreviations of table and column names are accept‐
517       able, e.g. addr or a is sufficient to identify the Address_Set table.
518
519     Database Values
520
521       Each  column  in  the  database accepts a fixed type of data.  The cur‐
522       rently defined basic types, and their representations, are:
523
524       integer
525              A decimal integer in the range -2**63 to 2**63-1, inclusive.
526
527       real   A floating-point number.
528
529       Boolean
530              True or false, written true or false, respectively.
531
532       string An arbitrary Unicode string, except that null bytes are not  al‐
533              lowed.   Quotes are optional for most strings that begin with an
534              English letter or underscore and consist only of letters, under‐
535              scores,  hyphens,  and  periods.   However,  true  and false and
536              strings that match the syntax of UUIDs (see below) must  be  en‐
537              closed  in  double  quotes  to distinguish them from other basic
538              types.  When double quotes are  used,  the  syntax  is  that  of
539              strings  in JSON, e.g. backslashes may be used to escape special
540              characters.  The empty string must be represented as a  pair  of
541              double quotes ("").
542
543       UUID   Either a universally unique identifier in the style of RFC 4122,
544              e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an  @name  defined
545              by a get or create command within the same ovn-sbctl invocation.
546
547       Multiple values in a single column may be separated by spaces or a sin‐
548       gle comma.  When multiple values are present, duplicates  are  not  al‐
549       lowed,  and  order is not important.  Conversely, some database columns
550       can have an empty set of values, represented as [], and square brackets
551       may  optionally  enclose other non-empty sets or single values as well.
552       For a column accepting a set of integers, database  commands  accept  a
553       range.  A  range is represented by two integers separated by -. A range
554       is inclusive. A range has a maximum size of 4096 elements. If more ele‐
555       ments are needed, they can be specified in seperate ranges.
556
557       A  few  database columns are ``maps'' of key-value pairs, where the key
558       and the value are each some fixed database type.  These  are  specified
559       in  the  form  key=value, where key and value follow the syntax for the
560       column's key type and value type, respectively.   When  multiple  pairs
561       are  present  (separated  by spaces or a comma), duplicate keys are not
562       allowed, and again the order is not important.   Duplicate  values  are
563       allowed.   An empty map is represented as {}.  Curly braces may option‐
564       ally enclose non-empty maps as well (but  use  quotes  to  prevent  the
565       shell   from  expanding  other-config={0=x,1=y}  into  other-config=0=x
566       other-config=1=y, which may not have the desired effect).
567
568     Database Command Syntax
569
570       [--if-exists] [--columns=column[,column]...] list table [record]...
571              Lists the data in each specified  record.   If  no  records  are
572              specified, lists all the records in table.
573
574              If  --columns  is  specified,  only  the  requested  columns are
575              listed, in the specified  order.   Otherwise,  all  columns  are
576              listed, in alphabetical order by column name.
577
578              Without --if-exists, it is an error if any specified record does
579              not exist.  With --if-exists, the  command  ignores  any  record
580              that does not exist, without producing any output.
581
582       [--columns=column[,column]...] find table [column[:key]=value]...
583              Lists the data in each record in table whose column equals value
584              or, if key is specified, whose column contains a  key  with  the
585              specified value.  The following operators may be used where = is
586              written in the syntax summary:
587
588              = != < > <= >=
589                     Selects records in which column[:key]  equals,  does  not
590                     equal,  is  less  than,  is greater than, is less than or
591                     equal to, or is greater than or equal to  value,  respec‐
592                     tively.
593
594                     Consider  column[:key]  and  value  as  sets of elements.
595                     Identical sets are considered equal.  Otherwise,  if  the
596                     sets  have  different  numbers  of elements, then the set
597                     with more elements is considered to  be  larger.   Other‐
598                     wise,  consider  a element from each set pairwise, in in‐
599                     creasing order within each set.  The first pair that dif‐
600                     fers  determines the result.  (For a column that contains
601                     key-value pairs, first all the  keys  are  compared,  and
602                     values  are considered only if the two sets contain iden‐
603                     tical keys.)
604
605              {=} {!=}
606                     Test for set equality or inequality, respectively.
607
608              {<=}   Selects records in which  column[:key]  is  a  subset  of
609                     value.   For  example, flood-vlans{<=}1,2 selects records
610                     in which the flood-vlans column is the empty set or  con‐
611                     tains 1 or 2 or both.
612
613              {<}    Selects  records in which column[:key] is a proper subset
614                     of value.  For example, flood-vlans{<}1,2 selects records
615                     in  which the flood-vlans column is the empty set or con‐
616                     tains 1 or 2 but not both.
617
618              {>=} {>}
619                     Same as {<=} and {<}, respectively, except that the rela‐
620                     tionship  is  reversed.   For example, flood-vlans{>=}1,2
621                     selects records in which the flood-vlans column  contains
622                     both 1 and 2.
623
624              The  following operators are available only in Open vSwitch 2.16
625              and later:
626
627              {in}   Selects records in which every element in column[:key] is
628                     also in value.  (This is the same as {<=}.)
629
630              {not-in}
631                     Selects records in which every element in column[:key] is
632                     not in value.
633
634              For arithmetic operators (= != < > <= >=), when key is specified
635              but  a  particular  record's  column  does  not contain key, the
636              record is always omitted from the results.  Thus, the  condition
637              other-config:mtu!=1500 matches records that have a mtu key whose
638              value is not 1500, but not those that lack an mtu key.
639
640              For the set operators, when key is specified  but  a  particular
641              record's  column  does  not  contain key, the comparison is done
642              against  an  empty  set.    Thus,   the   condition   other-con‐
643              fig:mtu{!=}1500  matches records that have a mtu key whose value
644              is not 1500 and those that lack an mtu key.
645
646              Don't forget to escape < or > from interpretation by the shell.
647
648              If --columns  is  specified,  only  the  requested  columns  are
649              listed,  in  the  specified  order.   Otherwise  all columns are
650              listed, in alphabetical order by column name.
651
652              The UUIDs shown for rows created in the same  ovn-sbctl  invoca‐
653              tion will be wrong.
654
655       [--if-exists] [--id=@name] get table record [column[:key]]...
656              Prints the value of each specified column in the given record in
657              table.  For map columns, a key may optionally be  specified,  in
658              which  case  the  value  associated  with  key  in the column is
659              printed, instead of the entire map.
660
661              Without --if-exists, it is an error if record does not exist  or
662              key  is  specified,  if  key  does  not  exist  in record.  With
663              --if-exists, a missing record yields no output and a missing key
664              prints a blank line.
665
666              If  @name is specified, then the UUID for record may be referred
667              to by that name later in the same ovn-sbctl invocation  in  con‐
668              texts where a UUID is expected.
669
670              Both  --id and the column arguments are optional, but usually at
671              least one or the other should be specified.  If both  are  omit‐
672              ted,  then get has no effect except to verify that record exists
673              in table.
674
675              --id and --if-exists cannot be used together.
676
677       [--if-exists] set table record column[:key]=value...
678              Sets the value of each specified column in the given  record  in
679              table to value.  For map columns, a key may optionally be speci‐
680              fied, in which case the value associated with key in that column
681              is  changed  (or  added,  if none exists), instead of the entire
682              map.
683
684              Without --if-exists, it is an error if record  does  not  exist.
685              With  --if-exists,  this command does nothing if record does not
686              exist.
687
688       [--if-exists] add table record column [key=]value...
689              Adds the specified value or key-value pair to column  in  record
690              in  table.   If column is a map, then key is required, otherwise
691              it is prohibited.  If key already exists in a map  column,  then
692              the  current  value  is not replaced (use the set command to re‐
693              place an existing value).
694
695              Without --if-exists, it is an error if record  does  not  exist.
696              With  --if-exists,  this command does nothing if record does not
697              exist.
698
699       [--if-exists] remove table record column value...
700       [--if-exists] remove table record column key...
701       [--if-exists] remove table record column key=value...
702              Removes the specified values or key-value pairs from  column  in
703              record in table.  The first form applies to columns that are not
704              maps: each specified value is removed from the column.  The sec‐
705              ond and third forms apply to map columns: if only a key is spec‐
706              ified, then any key-value pair with the given  key  is  removed,
707              regardless  of its value; if a value is given then a pair is re‐
708              moved only if both key and value match.
709
710              It is not an error if the column does not contain the  specified
711              key or value or pair.
712
713              Without  --if-exists,  it  is an error if record does not exist.
714              With --if-exists, this command does nothing if record  does  not
715              exist.
716
717       [--if-exists] clear table record column...
718              Sets  each  column  in record in table to the empty set or empty
719              map, as appropriate.  This command applies only to columns  that
720              are allowed to be empty.
721
722              Without  --if-exists,  it  is an error if record does not exist.
723              With --if-exists, this command does nothing if record  does  not
724              exist.
725
726       [--id=@name] create table column[:key]=value...
727              Creates  a  new  record  in table and sets the initial values of
728              each column.  Columns not explicitly set will receive their  de‐
729              fault values.  Outputs the UUID of the new row.
730
731              If  @name is specified, then the UUID for the new row may be re‐
732              ferred to by that name elsewhere in the same  ovn-sbctl  invoca‐
733              tion  in contexts where a UUID is expected.  Such references may
734              precede or follow the create command.
735
736              Caution (ovs-vsctl as example)
737                     Records in the Open vSwitch database are significant only
738                     when  they can be reached directly or indirectly from the
739                     Open_vSwitch table.  Except for records  in  the  QoS  or
740                     Queue  tables,  records  that  are not reachable from the
741                     Open_vSwitch table are  automatically  deleted  from  the
742                     database.   This  deletion  happens  immediately, without
743                     waiting for additional ovs-vsctl commands or other  data‐
744                     base  activity.  Thus, a create command must generally be
745                     accompanied  by  additional  commands  within  the   same
746                     ovs-vsctl  invocation to add a chain of references to the
747                     newly created  record  from  the  top-level  Open_vSwitch
748                     record.   The  EXAMPLES  section gives some examples that
749                     show how to do this.
750
751       [--if-exists] destroy table record...
752              Deletes each specified record from table.  Unless --if-exists is
753              specified, each records must exist.
754
755       --all destroy table
756              Deletes all records from the table.
757
758              Caution (ovs-vsctl as example)
759                     The destroy command is only useful for records in the QoS
760                     or Queue tables.  Records in other tables  are  automati‐
761                     cally deleted from the database when they become unreach‐
762                     able from the Open_vSwitch table.  This means that delet‐
763                     ing  the  last  reference  to  a record is sufficient for
764                     deleting the record itself.  For records in these tables,
765                     destroy  is  silently  ignored.  See the EXAMPLES section
766                     below for more information.
767
768       wait-until table record [column[:key]=value]...
769              Waits until table contains a record named  record  whose  column
770              equals  value  or,  if key is specified, whose column contains a
771              key with the specified value.  This command  supports  the  same
772              operators and semantics described for the find command above.
773
774              If no column[:key]=value arguments are given, this command waits
775              only until record exists.  If more than  one  such  argument  is
776              given, the command waits until all of them are satisfied.
777
778              Caution (ovs-vsctl as example)
779                     Usually wait-until should be placed at the beginning of a
780                     set  of  ovs-vsctl  commands.   For  example,  wait-until
781                     bridge  br0  --  get bridge br0 datapath_id waits until a
782                     bridge named br0 is created, then prints its  datapath_id
783                     column,  whereas get bridge br0 datapath_id -- wait-until
784                     bridge br0 will abort if no bridge named br0 exists  when
785                     ovs-vsctl initially connects to the database.
786
787              Consider specifying --timeout=0 along with --wait-until, to pre‐
788              vent ovn-sbctl from terminating after waiting  only  at  most  5
789              seconds.
790
791       comment [arg]...
792              This  command  has  no  effect on behavior, but any database log
793              record created by the command will include the command  and  its
794              arguments.
795

EXIT STATUS

797       0      Successful program execution.
798
799       1      Usage, syntax, or configuration file error.
800

SEE ALSO

802       ovn-sb(5).
803
804
805
806OVN                                 21.03.1                       ovn-sbctl(8)
Impressum