1ovn-sbctl(8) OVN Manual ovn-sbctl(8)
2
6 ovn-sbctl - utility for querying and configuring OVN_Southbound data‐
7 base
8
10 ovn-sbctl [options] -- [options] command [args] [-- [options] command
11 [args]]...
12
14 The ovn-sbctl program configures the OVN_Southbound database by provid‐
15 ing a high-level interface to its configuration database. See
16 ovn-sb(5) for comprehensive documentation of the database schema.
17 ovn-sbctl connects to an ovsdb-server process that maintains an
19 OVN_Southbound configuration database. Using this connection, it
20 queries and possibly applies changes to the database, depending on the
21 supplied commands.
22 ovn-sbctl can perform any number of commands in a single run, imple‐
24 mented as a single atomic transaction against the database.
25 The ovn-sbctl command line begins with global options (see OPTIONS be‐
27 low for details). The global options are followed by one or more com‐
28 mands. Each command should begin with -- by itself as a command-line
29 argument, to separate it from the following commands. (The -- before
30 the first command is optional.) The command itself starts with com‐
31 mand-specific options, if any, followed by the command name and any ar‐
32 guments.
33
35 The following options affect the behavior of ovn-sbctl as a whole.
36 Some individual commands also accept their own options, which are given
37 just before the command name. If the first command on the command line
38 has options, then those options must be separated from the global op‐
39 tions by --.
40 --db=server
42 The OVSDB database remote to contact. If the OVN_SB_DB environ‐
43 ment variable is set, its value is used as the default. Other‐
44 wise, the default is unix:@RUNDIR@/ovnsb_db.sock, but this de‐
45 fault is unlikely to be useful outside of single-machine OVN
46 test environments.
47 server may be an OVSDB active or passive connection method, e.g.
49 ssl:192.168.10.5:6640, as described in ovsdb(7).
50 --leader-only
52 --no-leader-only
53 By default, or with --leader-only, when the database server is a
54 clustered database, ovn-sbctl will avoid servers other than the
55 cluster leader. This ensures that any data that ovn-sbctl reads
56 and reports is up-to-date. With --no-leader-only, ovn-sbctl
57 will use any server in the cluster, which means that for read-
58 only transactions it can report and act on stale data (transac‐
59 tions that modify the database are always serialized even with
60 --no-leader-only). Refer to Understanding Cluster Consistency
61 in ovsdb(7) for more information.
62 --no-syslog
64 By default, ovn-sbctl logs its arguments and the details of any
65 changes that it makes to the system log. This option disables
66 this logging.
67 This option is equivalent to --verbose=sbctl:syslog:warn.
69 --oneline
71 Modifies the output format so that the output for each command
72 is printed on a single line. New-line characters that would
73 otherwise separate lines are printed as \n, and any instances of
74 \ that would otherwise appear in the output are doubled. Prints
75 a blank line for each command that has no output. This option
76 does not affect the formatting of output from the list or find
77 commands; see Table Formatting Options below.
78 --dry-run
80 Prevents ovn-sbctl from actually modifying the database.
81 -t secs
83 --timeout=secs
84 By default, or with a secs of 0, ovn-sbctl waits forever for a
85 response from the database. This option limits runtime to ap‐
86 proximately secs seconds. If the timeout expires, ovn-sbctl
87 will exit with a SIGALRM signal. (A timeout would normally hap‐
88 pen only if the database cannot be contacted, or if the system
89 is overloaded.)
90 OVN_SBCTL_OPTIONS
92 User can set one or more options using OVN_SBCTL_OPTIONS envi‐
93 ronment variable. Under the Bourne shell this might be done like
94 this: export OVN_SBCTL_OPTIONS"="--db=unix:sb1.ovsdb --no-
95 leader-only". However user can still over-ride environment op‐
96 tions by passing different options in cli. When the environment
97 variable is no longer needed, unset it, e.g.: unset
98 OVN_SBCTL_OPTIONS"
99 -v[spec]
101 --verbose=[spec]
102 Sets logging levels. Without any spec, sets the log level for
103 every module and destination to dbg. Otherwise, spec is a list
104 of words separated by spaces or commas or colons, up to one from
105 each category below:
106 • A valid module name, as displayed by the vlog/list com‐
108 mand on ovs-appctl(8), limits the log level change to the
109 specified module.
110 • syslog, console, or file, to limit the log level change
112 to only to the system log, to the console, or to a file,
113 respectively. (If --detach is specified, ovn-sbctl
114 closes its standard file descriptors, so logging to the
115 console will have no effect.)
116 On Windows platform, syslog is accepted as a word and is
118 only useful along with the --syslog-target option (the
119 word has no effect otherwise).
120 • off, emer, err, warn, info, or dbg, to control the log
122 level. Messages of the given severity or higher will be
123 logged, and messages of lower severity will be filtered
124 out. off filters out all messages. See ovs-appctl(8)
125 for a definition of each log level.
126 Case is not significant within spec.
128 Regardless of the log levels set for file, logging to a file
130 will not take place unless --log-file is also specified (see be‐
131 low).
132 For compatibility with older versions of OVS, any is accepted as
134 a word but has no effect.
135 -v
137 --verbose
138 Sets the maximum logging verbosity level, equivalent to --ver‐
139 bose=dbg.
140 -vPATTERN:destination:pattern
142 --verbose=PATTERN:destination:pattern
143 Sets the log pattern for destination to pattern. Refer to
144 ovs-appctl(8) for a description of the valid syntax for pattern.
145 -vFACILITY:facility
147 --verbose=FACILITY:facility
148 Sets the RFC5424 facility of the log message. facility can be
149 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
150 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
151 local3, local4, local5, local6 or local7. If this option is not
152 specified, daemon is used as the default for the local system
153 syslog and local0 is used while sending a message to the target
154 provided via the --syslog-target option.
155 --log-file[=file]
157 Enables logging to a file. If file is specified, then it is
158 used as the exact name for the log file. The default log file
159 name used if file is omitted is /var/log/ovn/ovn-sbctl.log.
160 --syslog-target=host:port
162 Send syslog messages to UDP port on host, in addition to the
163 system syslog. The host must be a numerical IP address, not a
164 hostname.
165 --syslog-method=method
167 Specify method how syslog messages should be sent to syslog dae‐
168 mon. Following forms are supported:
169 • libc, use libc syslog() function. Downside of using this
171 options is that libc adds fixed prefix to every message
172 before it is actually sent to the syslog daemon over
173 /dev/log UNIX domain socket.
174 • unix:file, use UNIX domain socket directly. It is possi‐
176 ble to specify arbitrary message format with this option.
177 However, rsyslogd 8.9 and older versions use hard coded
178 parser function anyway that limits UNIX domain socket
179 use. If you want to use arbitrary message format with
180 older rsyslogd versions, then use UDP socket to localhost
181 IP address instead.
182 • udp:ip:port, use UDP socket. With this method it is pos‐
184 sible to use arbitrary message format also with older
185 rsyslogd. When sending syslog messages over UDP socket
186 extra precaution needs to be taken into account, for ex‐
187 ample, syslog daemon needs to be configured to listen on
188 the specified UDP port, accidental iptables rules could
189 be interfering with local syslog traffic and there are
190 some security considerations that apply to UDP sockets,
191 but do not apply to UNIX domain sockets.
192 • null, discards all messages logged to syslog.
194 The default is taken from the OVS_SYSLOG_METHOD environment
196 variable; if it is unset, the default is libc.
197 -h
199 --help Prints a brief help message to the console.
200 -V
202 --version
203 Prints version information to the console.
204 Table Formatting Options
206 These options control the format of output from the list and find com‐
207 mands.
208 -f format
210 --format=format
211 Sets the type of table formatting. The following types of for‐
212 mat are available:
213 table 2-D text tables with aligned columns.
215 list (default)
217 A list with one column per line and rows separated by a
218 blank line.
219 html HTML tables.
221 csv Comma-separated values as defined in RFC 4180.
223 json JSON format as defined in RFC 4627. The output is a se‐
225 quence of JSON objects, each of which corresponds to one
226 table. Each JSON object has the following members with
227 the noted values:
228 caption
230 The table's caption. This member is omitted if
231 the table has no caption.
232 headings
234 An array with one element per table column. Each
235 array element is a string giving the corresponding
236 column's heading.
237 data An array with one element per table row. Each el‐
239 ement is also an array with one element per table
240 column. The elements of this second-level array
241 are the cells that constitute the table. Cells
242 that represent OVSDB data or data types are ex‐
243 pressed in the format described in the OVSDB spec‐
244 ification; other cells are simply expressed as
245 text strings.
246 -d format
248 --data=format
249 Sets the formatting for cells within output tables unless the
250 table format is set to json, in which case json formatting is
251 always used when formatting cells. The following types of for‐
252 mat are available:
253 string (default)
255 The simple format described in the Database Values sec‐
256 tion of ovs-vsctl(8).
257 bare The simple format with punctuation stripped off: [] and
259 {} are omitted around sets, maps, and empty columns,
260 items within sets and maps are space-separated, and
261 strings are never quoted. This format may be easier for
262 scripts to parse.
263 json The RFC 4627 JSON format as described above.
265 --no-headings
267 This option suppresses the heading row that otherwise appears in
268 the first row of table output.
269 --pretty
271 By default, JSON in output is printed as compactly as possible.
272 This option causes JSON in output to be printed in a more read‐
273 able fashion. Members of objects and elements of arrays are
274 printed one per line, with indentation.
275 This option does not affect JSON in tables, which is always
277 printed compactly.
278 --bare Equivalent to --format=list --data=bare --no-headings.
280 --max-column-width=n
282 For table output only, limits the width of any column in the
283 output to n columns. Longer cell data is truncated to fit, as
284 necessary. Columns are always wide enough to display the column
285 names, if the heading row is printed.
286 Public Key Infrastructure Options
288 --bootstrap-ca-cert=cacert.pem
289 When cacert.pem exists, this option has the same effect as -C or
290 --ca-cert. If it does not exist, then ovn-sbctl will attempt to
291 obtain the CA certificate from the SSL peer on its first SSL
292 connection and save it to the named PEM file. If it is success‐
293 ful, it will immediately drop the connection and reconnect, and
294 from then on all SSL connections must be authenticated by a cer‐
295 tificate signed by the CA certificate thus obtained.
296 This option exposes the SSL connection to a man-in-the-middle
298 attack obtaining the initial CA certificate, but it may be use‐
299 ful for bootstrapping.
300 This option is only useful if the SSL peer sends its CA certifi‐
302 cate as part of the SSL certificate chain. The SSL protocol
303 does not require the server to send the CA certificate.
304 This option is mutually exclusive with -C and --ca-cert.
306 -p privkey.pem
308 --private-key=privkey.pem
309 Specifies a PEM file containing the private key used as
310 ovn-sbctl's identity for outgoing SSL connections.
311 -c cert.pem
313 --certificate=cert.pem
314 Specifies a PEM file containing a certificate that certifies the
315 private key specified on -p or --private-key to be trustworthy.
316 The certificate must be signed by the certificate authority (CA)
317 that the peer in SSL connections will use to verify it.
318 -C cacert.pem
320 --ca-cert=cacert.pem
321 Specifies a PEM file containing the CA certificate that
322 ovn-sbctl should use to verify certificates presented to it by
323 SSL peers. (This may be the same certificate that SSL peers use
324 to verify the certificate specified on -c or --certificate, or
325 it may be a different one, depending on the PKI design in use.)
326 -C none
328 --ca-cert=none
329 Disables verification of certificates presented by SSL peers.
330 This introduces a security risk, because it means that certifi‐
331 cates cannot be verified to be those of known trusted hosts.
332
334 The commands implemented by ovn-sbctl are described in the sections be‐
335 low.
336 OVN_Southbound Commands
338 These commands work with an OVN_Southbound database as a whole.
339 init Initializes the database, if it is empty. If the database has
341 already been initialized, this command has no effect.
342 show Prints a brief overview of the database contents.
344 Chassis Commands
346 These commands manipulate OVN_Southbound chassis.
347 [--may-exist] chassis-add chassis encap-type encap-ip
349 Creates a new chassis named chassis. encap-type is a comma-sep‐
350 arated list of tunnel types. The chassis will have one encap
351 entry for each specified tunnel type with encap-ip as the desti‐
352 nation IP for each.
353 Without --may-exist, attempting to create a chassis that exists
355 is an error. With --may-exist, this command does nothing if
356 chassis already exists.
357 [--if-exists] chassis-del chassis
359 Deletes chassis and its encaps and gateway_ports.
360 Without --if-exists, attempting to delete a chassis that does
362 not exist is an error. With --if-exists, attempting to delete a
363 chassis that does not exist has no effect.
364 Port binding Commands
366 These commands manipulate OVN_Southbound port bindings.
367 [--may-exist] lsp-bind logical-port chassis
369 Binds the logical port named logical-port to chassis.
370 Without --may-exist, attempting to bind a logical port that has
372 already been bound is an error. With --may-exist, this command
373 does nothing if logical-port has already been bound to a chas‐
374 sis.
375 [--if-exists] lsp-unbind logical-port
377 Resets the binding of logical-port to NULL.
378 Without --if-exists, attempting to unbind a logical port that is
380 not bound is an error. With --if-exists, attempting to unbind
381 logical port that is not bound has no effect.
382 Logical Flow Commands
384 [--uuid] [--ovs[=remote]] [--stats] [--vflows] lflow-list [logical-
385 datapath] [lflow...]
386 List logical flows. If logical-datapath is specified, only list
387 flows for that logical datapath. The logical-datapath may be
388 given as a UUID or as a datapath name (reporting an error if
389 multiple datapaths have the same name).
390 If at least one lflow is given, only matching logical flows, if
392 any, are listed. Each lflow may be specified as a UUID or the
393 first few characters of a UUID, optionally prefixed by 0x. (Be‐
394 cause ovn-controller sets OpenFlow flow cookies to the first 32
395 bits of the corresponding logical flow's UUID, this makes it
396 easy to look up the logical flow that generated a particular
397 OpenFlow flow.)
398 If --uuid is specified, the output includes the first 32 bits of
400 each logical flow's UUID. This makes it easier to find the
401 OpenFlow flows that correspond to a given logical flow.
402 If --ovs is included, ovn-sbctl attempts to obtain and display
404 the OpenFlow flows that correspond to each OVN logical flow. To
405 do so, ovn-sbctl connects to remote (by default,
406 unix:@RUNDIR@/br-int.mgmt) over OpenFlow and retrieves the
407 flows. If remote is specified, it must be an active OpenFlow
408 connection method described in ovsdb(7). Please see the discus‐
409 sion of the similar --ovs option in ovn-trace(8) for more infor‐
410 mation about the OpenFlow flow output.
411 By default, OpenFlow flow output includes only match and ac‐
413 tions. Add --stats to include all OpenFlow information, such as
414 packet and byte counters, duration, and timeouts.
415 If --vflows is included, other southbound database records di‐
417 rectly used for generating OpenFlow flows are also listed. This
418 includes: port-bindings, mac-bindings, multicast-groups, chas‐
419 sis. The --ovs and --stats can also be used in conjunction with
420 --vflows.
421 [--uuid] dump-flows [logical-datapath]
423 Alias for lflow-list.
424 Remote Connectivity Commands
426 These commands manipulate the connections column in the SB_Global table
427 and rows in the Connection table. When ovsdb-server is configured to
428 use the connections column for OVSDB connections, this allows the ad‐
429 ministrator to use ovn-sbctl to configure database connections.
430 get-connection
432 Prints the configured connection(s).
433 del-connection
435 Deletes the configured connection(s).
436 set-connection [access-specifier] target...
438 Sets the configured manager target or targets. Each target may
439 may be an OVSDB active or passive connection method, e.g.
440 pssl:6640, as described in ovsdb(7), optionally preceded by an
441 optional access-specifier (read-only or read-write). If pro‐
442 vided, the effect of the access specifier persists for subse‐
443 quent targets until changed by another access specifier.
444 SSL Configuration
446 When ovsdb-server is configured to connect using SSL, the following pa‐
447 rameters are required:
448 private-key
450 Specifies a PEM file containing the private key used for SSL
451 connections.
452 certificate
454 Specifies a PEM file containing a certificate, signed by the
455 certificate authority (CA) used by the connection peers, that
456 certifies the private key, identifying a trustworthy peer.
457 ca-cert
459 Specifies a PEM file containing the CA certificate used to ver‐
460 ify that the connection peers are trustworthy.
461 These SSL settings apply to all SSL connections made by the southbound
463 database server.
464 get-ssl
466 Prints the SSL configuration.
467 del-ssl
469 Deletes the current SSL configuration.
470 [--bootstrap] set-ssl private-key certificate ca-cert [ssl-protocol-
472 list [ssl-cipher-list]]
473 Sets the SSL configuration. The --bootstrap option is described
474 below.
475 CA Certificate Bootstrap
477 Ordinarily, all of the files named in the SSL configuration must exist
479 before SSL connectivity can be used. However, if the ca-cert file does
480 not exist and the --bootstrap option is given, then ovsdb-server will
481 attempt to obtain the CA certificate from the target on its first SSL
482 connection and save it to the named PEM file. If it is successful, it
483 will immediately drop the connection and reconnect, and from then on
484 all SSL connections must be authenticated by a certificate signed by
485 the CA certificate thus obtained.
486 This option exposes the SSL connection to a man-in-the-middle attack
488 obtaining the initial CA certificate, but it may be useful for boot‐
489 strapping.
490 This option is only useful if the SSL peer sends its CA certificate as
492 part of the SSL certificate chain. The SSL protocol does not require
493 the controller to send the CA certificate.
494 Database Commands
496 These commands query and modify the contents of ovsdb tables. They are
497 a slight abstraction of the ovsdb interface and as such they operate at
498 a lower level than other ovs-sbctl commands.
499 Identifying Tables, Records, and Columns
501 Each of these commands has a table parameter to identify a table within
503 the database. Many of them also take a record parameter that identi‐
504 fies a particular record within a table. The record parameter may be
505 the UUID for a record, and many tables offer additional ways to iden‐
506 tify records. Some commands also take column parameters that identify
507 a particular field within the records in a table.
508 For a list of tables and their columns, see ovn-sb(5) or see the table
510 listing from the --help option.
511 Record names must be specified in full and with correct capitalization,
513 except that UUIDs may be abbreviated to their first 4 (or more) hex
514 digits, as long as that is unique within the table. Names of tables
515 and columns are not case-sensitive, and - and _ are treated inter‐
516 changeably. Unique abbreviations of table and column names are accept‐
517 able, e.g. addr or a is sufficient to identify the Address_Set table.
518 Database Values
520 Each column in the database accepts a fixed type of data. The cur‐
522 rently defined basic types, and their representations, are:
523 integer
525 A decimal integer in the range -2**63 to 2**63-1, inclusive.
526 real A floating-point number.
528 Boolean
530 True or false, written true or false, respectively.
531 string An arbitrary Unicode string, except that null bytes are not al‐
533 lowed. Quotes are optional for most strings that begin with an
534 English letter or underscore and consist only of letters, under‐
535 scores, hyphens, and periods. However, true and false and
536 strings that match the syntax of UUIDs (see below) must be en‐
537 closed in double quotes to distinguish them from other basic
538 types. When double quotes are used, the syntax is that of
539 strings in JSON, e.g. backslashes may be used to escape special
540 characters. The empty string must be represented as a pair of
541 double quotes ("").
542 UUID Either a universally unique identifier in the style of RFC 4122,
544 e.g. f81d4fae-7dec-11d0-a765-00a0c91e6bf6, or an @name defined
545 by a get or create command within the same ovn-sbctl invocation.
546 Multiple values in a single column may be separated by spaces or a sin‐
548 gle comma. When multiple values are present, duplicates are not al‐
549 lowed, and order is not important. Conversely, some database columns
550 can have an empty set of values, represented as [], and square brackets
551 may optionally enclose other non-empty sets or single values as well.
552 For a column accepting a set of integers, database commands accept a
553 range. A range is represented by two integers separated by -. A range
554 is inclusive. A range has a maximum size of 4096 elements. If more ele‐
555 ments are needed, they can be specified in seperate ranges.
556 A few database columns are ``maps'' of key-value pairs, where the key
558 and the value are each some fixed database type. These are specified
559 in the form key=value, where key and value follow the syntax for the
560 column's key type and value type, respectively. When multiple pairs
561 are present (separated by spaces or a comma), duplicate keys are not
562 allowed, and again the order is not important. Duplicate values are
563 allowed. An empty map is represented as {}. Curly braces may option‐
564 ally enclose non-empty maps as well (but use quotes to prevent the
565 shell from expanding other-config={0=x,1=y} into other-config=0=x
566 other-config=1=y, which may not have the desired effect).
567 Database Command Syntax
569 [--if-exists] [--columns=column[,column]...] list table [record]...
571 Lists the data in each specified record. If no records are
572 specified, lists all the records in table.
573 If --columns is specified, only the requested columns are
575 listed, in the specified order. Otherwise, all columns are
576 listed, in alphabetical order by column name.
577 Without --if-exists, it is an error if any specified record does
579 not exist. With --if-exists, the command ignores any record
580 that does not exist, without producing any output.
581 [--columns=column[,column]...] find table [column[:key]=value]...
583 Lists the data in each record in table whose column equals value
584 or, if key is specified, whose column contains a key with the
585 specified value. The following operators may be used where = is
586 written in the syntax summary:
587 = != < > <= >=
589 Selects records in which column[:key] equals, does not
590 equal, is less than, is greater than, is less than or
591 equal to, or is greater than or equal to value, respec‐
592 tively.
593 Consider column[:key] and value as sets of elements.
595 Identical sets are considered equal. Otherwise, if the
596 sets have different numbers of elements, then the set
597 with more elements is considered to be larger. Other‐
598 wise, consider a element from each set pairwise, in in‐
599 creasing order within each set. The first pair that dif‐
600 fers determines the result. (For a column that contains
601 key-value pairs, first all the keys are compared, and
602 values are considered only if the two sets contain iden‐
603 tical keys.)
604 {=} {!=}
606 Test for set equality or inequality, respectively.
607 {<=} Selects records in which column[:key] is a subset of
609 value. For example, flood-vlans{<=}1,2 selects records
610 in which the flood-vlans column is the empty set or con‐
611 tains 1 or 2 or both.
612 {<} Selects records in which column[:key] is a proper subset
614 of value. For example, flood-vlans{<}1,2 selects records
615 in which the flood-vlans column is the empty set or con‐
616 tains 1 or 2 but not both.
617 {>=} {>}
619 Same as {<=} and {<}, respectively, except that the rela‐
620 tionship is reversed. For example, flood-vlans{>=}1,2
621 selects records in which the flood-vlans column contains
622 both 1 and 2.
623 The following operators are available only in Open vSwitch 2.16
625 and later:
626 {in} Selects records in which every element in column[:key] is
628 also in value. (This is the same as {<=}.)
629 {not-in}
631 Selects records in which every element in column[:key] is
632 not in value.
633 For arithmetic operators (= != < > <= >=), when key is specified
635 but a particular record's column does not contain key, the
636 record is always omitted from the results. Thus, the condition
637 other-config:mtu!=1500 matches records that have a mtu key whose
638 value is not 1500, but not those that lack an mtu key.
639 For the set operators, when key is specified but a particular
641 record's column does not contain key, the comparison is done
642 against an empty set. Thus, the condition other-con‐
643 fig:mtu{!=}1500 matches records that have a mtu key whose value
644 is not 1500 and those that lack an mtu key.
645 Don't forget to escape < or > from interpretation by the shell.
647 If --columns is specified, only the requested columns are
649 listed, in the specified order. Otherwise all columns are
650 listed, in alphabetical order by column name.
651 The UUIDs shown for rows created in the same ovn-sbctl invoca‐
653 tion will be wrong.
654 [--if-exists] [--id=@name] get table record [column[:key]]...
656 Prints the value of each specified column in the given record in
657 table. For map columns, a key may optionally be specified, in
658 which case the value associated with key in the column is
659 printed, instead of the entire map.
660 Without --if-exists, it is an error if record does not exist or
662 key is specified, if key does not exist in record. With
663 --if-exists, a missing record yields no output and a missing key
664 prints a blank line.
665 If @name is specified, then the UUID for record may be referred
667 to by that name later in the same ovn-sbctl invocation in con‐
668 texts where a UUID is expected.
669 Both --id and the column arguments are optional, but usually at
671 least one or the other should be specified. If both are omit‐
672 ted, then get has no effect except to verify that record exists
673 in table.
674 --id and --if-exists cannot be used together.
676 [--if-exists] set table record column[:key]=value...
678 Sets the value of each specified column in the given record in
679 table to value. For map columns, a key may optionally be speci‐
680 fied, in which case the value associated with key in that column
681 is changed (or added, if none exists), instead of the entire
682 map.
683 Without --if-exists, it is an error if record does not exist.
685 With --if-exists, this command does nothing if record does not
686 exist.
687 [--if-exists] add table record column [key=]value...
689 Adds the specified value or key-value pair to column in record
690 in table. If column is a map, then key is required, otherwise
691 it is prohibited. If key already exists in a map column, then
692 the current value is not replaced (use the set command to re‐
693 place an existing value).
694 Without --if-exists, it is an error if record does not exist.
696 With --if-exists, this command does nothing if record does not
697 exist.
698 [--if-exists] remove table record column value...
700 [--if-exists] remove table record column key...
701 [--if-exists] remove table record column key=value...
702 Removes the specified values or key-value pairs from column in
703 record in table. The first form applies to columns that are not
704 maps: each specified value is removed from the column. The sec‐
705 ond and third forms apply to map columns: if only a key is spec‐
706 ified, then any key-value pair with the given key is removed,
707 regardless of its value; if a value is given then a pair is re‐
708 moved only if both key and value match.
709 It is not an error if the column does not contain the specified
711 key or value or pair.
712 Without --if-exists, it is an error if record does not exist.
714 With --if-exists, this command does nothing if record does not
715 exist.
716 [--if-exists] clear table record column...
718 Sets each column in record in table to the empty set or empty
719 map, as appropriate. This command applies only to columns that
720 are allowed to be empty.
721 Without --if-exists, it is an error if record does not exist.
723 With --if-exists, this command does nothing if record does not
724 exist.
725 [--id=@name] create table column[:key]=value...
727 Creates a new record in table and sets the initial values of
728 each column. Columns not explicitly set will receive their de‐
729 fault values. Outputs the UUID of the new row.
730 If @name is specified, then the UUID for the new row may be re‐
732 ferred to by that name elsewhere in the same ovn-sbctl invoca‐
733 tion in contexts where a UUID is expected. Such references may
734 precede or follow the create command.
735 Caution (ovs-vsctl as example)
737 Records in the Open vSwitch database are significant only
738 when they can be reached directly or indirectly from the
739 Open_vSwitch table. Except for records in the QoS or
740 Queue tables, records that are not reachable from the
741 Open_vSwitch table are automatically deleted from the
742 database. This deletion happens immediately, without
743 waiting for additional ovs-vsctl commands or other data‐
744 base activity. Thus, a create command must generally be
745 accompanied by additional commands within the same
746 ovs-vsctl invocation to add a chain of references to the
747 newly created record from the top-level Open_vSwitch
748 record. The EXAMPLES section gives some examples that
749 show how to do this.
750 [--if-exists] destroy table record...
752 Deletes each specified record from table. Unless --if-exists is
753 specified, each records must exist.
754 --all destroy table
756 Deletes all records from the table.
757 Caution (ovs-vsctl as example)
759 The destroy command is only useful for records in the QoS
760 or Queue tables. Records in other tables are automati‐
761 cally deleted from the database when they become unreach‐
762 able from the Open_vSwitch table. This means that delet‐
763 ing the last reference to a record is sufficient for
764 deleting the record itself. For records in these tables,
765 destroy is silently ignored. See the EXAMPLES section
766 below for more information.
767 wait-until table record [column[:key]=value]...
769 Waits until table contains a record named record whose column
770 equals value or, if key is specified, whose column contains a
771 key with the specified value. This command supports the same
772 operators and semantics described for the find command above.
773 If no column[:key]=value arguments are given, this command waits
775 only until record exists. If more than one such argument is
776 given, the command waits until all of them are satisfied.
777 Caution (ovs-vsctl as example)
779 Usually wait-until should be placed at the beginning of a
780 set of ovs-vsctl commands. For example, wait-until
781 bridge br0 -- get bridge br0 datapath_id waits until a
782 bridge named br0 is created, then prints its datapath_id
783 column, whereas get bridge br0 datapath_id -- wait-until
784 bridge br0 will abort if no bridge named br0 exists when
785 ovs-vsctl initially connects to the database.
786 Consider specifying --timeout=0 along with --wait-until, to pre‐
788 vent ovn-sbctl from terminating after waiting only at most 5
789 seconds.
790 comment [arg]...
792 This command has no effect on behavior, but any database log
793 record created by the command will include the command and its
794 arguments.
795
797 0 Successful program execution.
798 1 Usage, syntax, or configuration file error.
800
802 ovn-sb(5).
803OVN 21.03.1 ovn-sbctl(8)