1ovsdb-client(1) Open vSwitch Manual ovsdb-client(1)
2
6 ovsdb-client - command-line interface to ovsdb-server(1)
7
9 Server-Level Commands:
10 ovsdb-client [options] list-dbs [server]
11 Database Schema Commands:
13 ovsdb-client [options] get-schema [server] [database]
14 ovsdb-client [options] list-tables [server] [database]
15 ovsdb-client [options] list-columns [server] [database] [table]
16 Database Version Management Commands:
18 ovsdb-client [options] convert [server] schema
19 ovsdb-client [options] needs-conversion [server] schema
20 ovsdb-client [options] get-schema-version [server] [database]
21 Data Management Commands:
23 ovsdb-client [options] transact [server] transaction
24 ovsdb-client [options] query [server] transaction
25 ovsdb-client [options] dump [server] [database] [table [col‐
26 umn...]]
27 ovsdb-client [options] backup [server] [database] > snapshot
28 ovsdb-client [options] [--force] restore [server] [database] <
29 snapshot
30 ovsdb-client [options] monitor [server] [database] table [col‐
31 umn[,column]...]...
32 ovsdb-client [options] monitor [server] [database] ALL
33 ovsdb-client [options] monitor-cond [server] [database] condi‐
34 tions table [column[,column]...]...
35 ovsdb-client [options] monitor-cond-since [server] [database]
36 [last-id] conditions table [column[,column]...]...
37 ovsdb-client [options] wait [server] database state
38 Testing Commands:
40 ovsdb-client [options] lock [server] lock
41 ovsdb-client [options] steal [server] lock
42 ovsdb-client [options] unlock [server] lock
43 Other Commands:
45 ovsdb-client help
46 Cluster Options:
48 [--no-leader-only]
49 Output formatting options:
51 [--format=format] [--data=format] [--no-headings] [--pretty]
52 [--bare] [--timestamp]
53 Daemon options:
55 [--pidfile[=pidfile]] [--overwrite-pidfile] [--detach]
56 [--no-chdir] [--no-self-confinement]
57 Logging options:
59 [-v[module[:destination[:level]]]]...
60 [--verbose[=module[:destination[:level]]]]...
61 [--log-file[=file]]
62 Public key infrastructure options:
64 [--private-key=privkey.pem]
65 [--certificate=cert.pem]
66 [--ca-cert=cacert.pem]
67 [--bootstrap-ca-cert=cacert.pem]
68 SSL connection options:
70 [--ssl-protocols=protocols]
71 [--ssl-ciphers=ciphers]
72 Replay options:
74 [--record[=directory]] [--replay[=directory]]
75 Common options:
77 [-h | --help] [-V | --version]
78
81 The ovsdb-client program is a command-line client for interacting with
82 a running ovsdb-server process. Each command connects to the specified
83 OVSDB server, which may be an OVSDB active or passive connection
84 method, as described in ovsdb(7). The default server is
85 unix:/var/run/openvswitch/db.sock and the default database is
86 Open_vSwitch.
87 ovsdb-client supports the method1,method2,...,methodN syntax described
89 in ovsdb(7) for connecting to a cluster. When this syntax is used,
90 ovsdb-client tries the cluster members in random order until it finds
91 the cluster leader. Specify the --no-leader-only option to instead ac‐
92 cept any server that is connected to the cluster.
93 For an introduction to OVSDB and its implementation in Open vSwitch,
95 see ovsdb(7).
96 The following sections describe the commands that ovsdb-client sup‐
98 ports.
99 Server-Level Commands
101 Most ovsdb-client commands work with an individual database, but these
102 commands apply to an entire database server.
103 list-dbs [server]
105 Connects to server, retrieves the list of known databases, and
106 prints them one per line. These database names are the ones
107 that other commands may use for database.
108 Database Schema Commands
110 These commands obtain the schema from a database and print it or part
111 of it.
112 get-schema [server] [database]
114 Connects to server, retrieves the schema for database, and
115 prints it in JSON format.
116 list-tables [server] [database]
118 Connects to server, retrieves the schema for database, and
119 prints a table listing the name of each table within the data‐
120 base.
121 list-columns [server] [database] table
123 Connects to server, retrieves the schema for database, and
124 prints a table listing the name and type of each column. If ta‐
125 ble is specified, only columns in that table are listed; other‐
126 wise, the tables include columns in all tables.
127 Database Version Management Commands
129 An OVSDB schema has a schema version number, and an OVSDB database em‐
130 beds a particular version of an OVSDB schema. These version numbers
131 take the form x.y.z, e.g. 1.2.3. The OVSDB implementation does not en‐
132 force a particular version numbering scheme, but schemas managed within
133 the Open vSwitch project use the following approach. Whenever the
134 database schema is changed in a non-backward compatible way (e.g.
135 deleting a column or a table), x is incremented (and y and z are reset
136 to 0). When the database schema is changed in a backward compatible
137 way (e.g. adding a new column), y is incremented (and z is reset to 0).
138 When the database schema is changed cosmetically (e.g. reindenting its
139 syntax), z is incremented.
140 Some OVSDB databases and schemas, especially very old ones, do not have
142 a version number.
143 Schema version numbers and Open vSwitch version numbers are indepen‐
145 dent.
146 These commands work with different versions of OVSDB schemas and data‐
148 bases.
149 convert [server] schema
151 Reads an OVSDB schema in JSON format, as specified in the OVSDB
152 specification, from schema, then connects to server and requests
153 the server to convert the database whose name is specified in
154 schema to the schema also specified in schema.
155 The conversion is atomic, consistent, isolated, and durable.
157 Following the schema change, the server notifies clients that
158 use the set_db_change_aware RPC introduced in Open vSwitch 2.9
159 and cancels their outstanding transactions and monitors. The
160 server disconnects other clients, enabling them to notice the
161 change when they reconnect.
162 This command can do simple ``upgrades'' and ``downgrades'' on a
164 database's schema. The data in the database must be valid when
165 interpreted under schema, with only one exception: data for ta‐
166 bles and columns that do not exist in schema are ignored. Col‐
167 umns that exist in schema but not in the database are set to
168 their default values. All of schema's constraints apply in
169 full.
170 Some uses of this command can cause unrecoverable data loss.
172 For example, converting a database from a schema that has a
173 given column or table to one that does not will delete all data
174 in that column or table. Back up critical databases before con‐
175 verting them.
176 This command works with clustered and standalone databases.
178 Standalone databases may also be converted (offline) with
179 ovsdb-tool's convert command.
180 needs-conversion [server] schema
182 Reads the schema from schema, then connects to server and re‐
183 quests the schema from the database whose name is specified in
184 schema. If the two schemas are the same, prints no on stdout;
185 if they differ, prints yes.
186 get-schema-version [server] [database]
188 Connects to server, retrieves the schema for database, and
189 prints its version number on stdout. If database was created
190 before schema versioning was introduced, then it will not have a
191 version number and this command will print a blank line.
192 get-schema-cksum [server] [database]
194 Connects to server, retrieves the schema for database, and
195 prints its checksum on stdout. If database does not include a
196 checksum, prints a blank line.
197 Data Management Commands
199 These commands read or modify the data in a database.
200 transact [server] transaction
202 Connects to server, sends it the specified transaction, which
203 must be a JSON array appropriate for use as the params to a
204 JSON-RPC transact request, and prints the received reply on std‐
205 out.
206 query [server] transaction
208 This commands acts like a read-only version of transact. It
209 connects to server, sends it the specified transaction, which
210 must be a JSON array appropriate for use as the params to a
211 JSON-RPC transact request, and prints the received reply on std‐
212 out. To ensure that the transaction does not modify the data‐
213 base, this command appends an abort operation to the set of op‐
214 erations included in transaction before sending it to the data‐
215 base, and then removes the abort result from the reply (if it is
216 present).
217 dump [server] [database] [table [column...]]
219 Connects to server, retrieves all of the data in database, and
220 prints it on stdout as a series of tables. If table is speci‐
221 fied, only that table is retrieved. If at least one column is
222 specified, only those columns are retrieved.
223 backup [server] [database] > snapshot
225 Connects to server, retrieves a snapshot of the schema and data
226 in database, and prints it on stdout in the format used for
227 OVSDB standalone and active-backup databases. This is an appro‐
228 priate way to back up any remote database. The database snap‐
229 shot that it outputs is suitable to be served up directly by
230 ovsdb-server or used as the input to ovsdb-client restore.
231 Another way to back up a standalone or active-backup database is
233 to copy its database file, e.g. with cp. This is safe even if
234 the database is in use.
235 The output does not include ephemeral columns, which by design
237 do not survive across restarts of ovsdb-server.
238 [--force] restore [server] [database] < snapshot
240 Reads snapshot, which must be a OVSDB standalone or active-
241 backup database (possibly but not necessarily created by
242 ovsdb-client backup). Then, connects to server, verifies that
243 database and snapshot have the same schema, then deletes all of
244 the data in database and replaces it by snapshot. The replace‐
245 ment happens atomically, in a single transaction.
246 UUIDs for rows in the restored database will differ from those
248 in snapshot, because the OVSDB protocol does not allow clients
249 to specify row UUIDs. Another way to restore a standalone or
250 active-backup database, which does also restore row UUIDs, is to
251 stop the server or servers, replace the database file by the
252 snapshot, then restart the database. Either way, ephemeral col‐
253 umns are not restored, since by design they do not survive
254 across restarts of ovsdb-server.
255 Normally restore exits with a failure if snapshot and the
257 server's database have different schemas. In such a case, it is
258 a good idea to convert the database to the new schema before
259 restoring, e.g. with ovsdb-client convert. Use --force to pro‐
260 ceed regardless of schema differences even though the restore
261 might fail with an error or succeed with surprising results.
262 monitor [server] [database] table [column[,column]...]...
264 monitor-cond [server] [database] conditions table [column[,col‐
265 umn]...]...
266 monitor-cond-since [server] [database] [last-id] conditions table [col‐
267 umn[,column]...]...
268 Connects to server and monitors the contents of rows that match
269 conditions in table in database. By default, the initial con‐
270 tents of table are printed, followed by each change as it oc‐
271 curs. If conditions empty, all rows will be monitored. If at
272 least one column is specified, only those columns are monitored.
273 The following column names have special meanings:
274 !initial
276 Do not print the initial contents of the specified col‐
277 umns.
278 !insert
280 Do not print newly inserted rows.
281 !delete
283 Do not print deleted rows.
284 !modify
286 Do not print modifications to existing rows.
287 Multiple [column[,column]...] groups may be specified as sepa‐
289 rate arguments, e.g. to apply different reporting parameters to
290 each group. Whether multiple groups or only a single group is
291 specified, any given column may only be mentioned once on the
292 command line.
293 conditions is a JSON array of <condition> as defined in RFC 7047
295 5.1 with the following change: A condition can be either a 3-el‐
296 ement JSON array as described in the RFC or a boolean value.
297 If --detach is used with monitor, monitor-cond or moni‐
299 tor-cond-since, then ovsdb-client detaches after it has success‐
300 fully received and printed the initial contents of table.
301 The monitor command uses RFC 7047 "monitor" method to open a
303 monitor session with the server. The monitor-cond and moni‐
304 tor-cond-since commandls uses RFC 7047 extension "monitor_cond"
305 and "monitor_cond_since" methods. See ovsdb-server(1) for de‐
306 tails.
307 monitor [server] [database] ALL
309 Connects to server and monitors the contents of all tables in
310 database. Prints initial values and all kinds of changes to all
311 columns in the database. The --detach option causes
312 ovsdb-client to detach after it successfully receives and prints
313 the initial database contents.
314 The monitor command uses RFC 7047 "monitor" method to open a
316 monitor session with the server.
317 wait [server] database state
319 Waits for database on server to enter a desired state, which may
320 be one of:
321 added Waits until a database with the given name has been added
323 to server.
324 connected
326 Waits until a database with the given name has been added
327 to server. Then, if database is clustered, additionally
328 waits until it has joined and connected to its cluster.
329 removed
331 Waits until database has been removed from the database
332 server. This can also be used to wait for a database to
333 complete leaving its cluster, because ovsdb-server re‐
334 moves a database at that point.
335 database is mandatory for this command because it is often used
337 to check for databases that have not yet been added to the
338 server, so that the ovsdb-client semantics of acting on a de‐
339 fault database do not work.
340 This command acts on a particular database server, not on a
342 cluster, so server must name a single server, not a comma-delim‐
343 ited list of servers.
344 Testing commands
346 These commands are mostly of interest for testing the correctness of
347 the OVSDB server.
348 lock [server] lock
350 steal [server] lock
351 unlock [server] lock
352 Connects to server and issues corresponding RFC 7047 lock opera‐
353 tions on lock. Prints json reply or subsequent update messages.
354 The --detach option causes ovsdb-client to detach after it suc‐
355 cessfully receives and prints the initial reply.
356 When running with the --detach option, lock, steal, unlock and
358 exit commands can be issued by using ovs-appctl. exit command
359 causes the ovsdb-client to close its ovsdb-server connection be‐
360 fore exit. The lock, steal and unlock commands can be used to
361 issue additional lock operations over the same ovsdb-server con‐
362 nection. All above commands take a single lock argument, which
363 does not have to be the same as the lock that ovsdb-client
364 started with.
365
367 Output Formatting Options
368 Much of the output from ovsdb-client is in the form of tables. The
369 following options controlling output formatting:
370 -f format
372 --format=format
373 Sets the type of table formatting. The following types of for‐
374 mat are available:
375 table (default)
377 2-D text tables with aligned columns.
378 list A list with one column per line and rows separated by a
380 blank line.
381 html HTML tables.
383 csv Comma-separated values as defined in RFC 4180.
385 json JSON format as defined in RFC 4627. The output is a se‐
387 quence of JSON objects, each of which corresponds to one
388 table. Each JSON object has the following members with
389 the noted values:
390 caption
392 The table's caption. This member is omitted if
393 the table has no caption.
394 headings
396 An array with one element per table column. Each
397 array element is a string giving the corresponding
398 column's heading.
399 data An array with one element per table row. Each el‐
401 ement is also an array with one element per table
402 column. The elements of this second-level array
403 are the cells that constitute the table. Cells
404 that represent OVSDB data or data types are ex‐
405 pressed in the format described in the OVSDB spec‐
406 ification; other cells are simply expressed as
407 text strings.
408 -d format
410 --data=format
411 Sets the formatting for cells within output tables unless the
412 table format is set to json, in which case json formatting is
413 always used when formatting cells. The following types of for‐
414 mat are available:
415 string (default)
417 The simple format described in the Database Values sec‐
418 tion of ovs-vsctl(8).
419 bare The simple format with punctuation stripped off: [] and
421 {} are omitted around sets, maps, and empty columns,
422 items within sets and maps are space-separated, and
423 strings are never quoted. This format may be easier for
424 scripts to parse.
425 json The RFC 4627 JSON format as described above.
427 --no-headings
429 This option suppresses the heading row that otherwise appears in
430 the first row of table output.
431 --pretty
433 By default, JSON in output is printed as compactly as possible.
434 This option causes JSON in output to be printed in a more read‐
435 able fashion. Members of objects and elements of arrays are
436 printed one per line, with indentation.
437 This option does not affect JSON in tables, which is always
439 printed compactly.
440 --bare Equivalent to --format=list --data=bare --no-headings.
442 --max-column-width=n
444 For table output only, limits the width of any column in the
445 output to n columns. Longer cell data is truncated to fit, as
446 necessary. Columns are always wide enough to display the column
447 names, if the heading row is printed.
448 --timestamp
450 For the monitor, monitor-cond and monitor-cond-since commands,
451 add a timestamp to each table update. Most output formats add
452 the timestamp on a line of its own just above the table. The
453 JSON output format puts the timestamp in a member of the top-
454 level JSON object named time.
455 -t
457 --timeout=secs
458 Limits ovsdb-client runtime to approximately secs seconds. If
459 the timeout expires, ovsdb-client will exit with a SIGALRM sig‐
460 nal.
461 Daemon Options
463 The daemon options apply only to the monitor, monitor-cond and moni‐
464 tor-cond-since commands. With any other command, they have no effect.
465 The following options are valid on POSIX based platforms.
467 --pidfile[=pidfile]
469 Causes a file (by default, ovsdb-client.pid) to be created indi‐
470 cating the PID of the running process. If the pidfile argument
471 is not specified, or if it does not begin with /, then it is
472 created in /var/run/openvswitch.
473 If --pidfile is not specified, no pidfile is created.
475 --overwrite-pidfile
477 By default, when --pidfile is specified and the specified pid‐
478 file already exists and is locked by a running process,
479 ovsdb-client refuses to start. Specify --overwrite-pidfile to
480 cause it to instead overwrite the pidfile.
481 When --pidfile is not specified, this option has no effect.
483 --detach
485 Runs ovsdb-client as a background process. The process forks,
486 and in the child it starts a new session, closes the standard
487 file descriptors (which has the side effect of disabling logging
488 to the console), and changes its current directory to the root
489 (unless --no-chdir is specified). After the child completes its
490 initialization, the parent exits.
491 --monitor
493 Creates an additional process to monitor the ovsdb-client dae‐
494 mon. If the daemon dies due to a signal that indicates a pro‐
495 gramming error (SIGABRT, SIGALRM, SIGBUS, SIGFPE, SIGILL, SIG‐
496 PIPE, SIGSEGV, SIGXCPU, or SIGXFSZ) then the monitor process
497 starts a new copy of it. If the daemon dies or exits for an‐
498 other reason, the monitor process exits.
499 This option is normally used with --detach, but it also func‐
501 tions without it.
502 --no-chdir
504 By default, when --detach is specified, ovsdb-client changes its
505 current working directory to the root directory after it de‐
506 taches. Otherwise, invoking ovsdb-client from a carelessly cho‐
507 sen directory would prevent the administrator from unmounting
508 the file system that holds that directory.
509 Specifying --no-chdir suppresses this behavior, preventing
511 ovsdb-client from changing its current working directory. This
512 may be useful for collecting core files, since it is common be‐
513 havior to write core dumps into the current working directory
514 and the root directory is not a good directory to use.
515 This option has no effect when --detach is not specified.
517 --no-self-confinement
519 By default daemon will try to self-confine itself to work with
520 files under well-known directories determined during build. It
521 is better to stick with this default behavior and not to use
522 this flag unless some other Access Control is used to confine
523 daemon. Note that in contrast to other access control implemen‐
524 tations that are typically enforced from kernel-space (e.g. DAC
525 or MAC), self-confinement is imposed from the user-space daemon
526 itself and hence should not be considered as a full confinement
527 strategy, but instead should be viewed as an additional layer of
528 security.
529 --user Causes ovsdb-client to run as a different user specified in
531 "user:group", thus dropping most of the root privileges. Short
532 forms "user" and ":group" are also allowed, with current user or
533 group are assumed respectively. Only daemons started by the root
534 user accepts this argument.
535 On Linux, daemons will be granted CAP_IPC_LOCK and
537 CAP_NET_BIND_SERVICES before dropping root privileges. Daemons
538 that interact with a datapath, such as ovs-vswitchd, will be
539 granted three additional capabilities, namely CAP_NET_ADMIN,
540 CAP_NET_BROADCAST and CAP_NET_RAW. The capability change will
541 apply even if the new user is root.
542 On Windows, this option is not currently supported. For security
544 reasons, specifying this option will cause the daemon process
545 not to start.
546 Logging Options
548 -v[spec]
549 --verbose=[spec]
550 Sets logging levels. Without any spec, sets the log level for
551 every module and destination to dbg. Otherwise, spec is a list
552 of words separated by spaces or commas or colons, up to one from
553 each category below:
554 • A valid module name, as displayed by the vlog/list com‐
556 mand on ovs-appctl(8), limits the log level change to the
557 specified module.
558 • syslog, console, or file, to limit the log level change
560 to only to the system log, to the console, or to a file,
561 respectively. (If --detach is specified, ovsdb-client
562 closes its standard file descriptors, so logging to the
563 console will have no effect.)
564 On Windows platform, syslog is accepted as a word and is
566 only useful along with the --syslog-target option (the
567 word has no effect otherwise).
568 • off, emer, err, warn, info, or dbg, to control the log
570 level. Messages of the given severity or higher will be
571 logged, and messages of lower severity will be filtered
572 out. off filters out all messages. See ovs-appctl(8)
573 for a definition of each log level.
574 Case is not significant within spec.
576 Regardless of the log levels set for file, logging to a file
578 will not take place unless --log-file is also specified (see be‐
579 low).
580 For compatibility with older versions of OVS, any is accepted as
582 a word but has no effect.
583 -v
585 --verbose
586 Sets the maximum logging verbosity level, equivalent to --ver‐
587 bose=dbg.
588 -vPATTERN:destination:pattern
590 --verbose=PATTERN:destination:pattern
591 Sets the log pattern for destination to pattern. Refer to
592 ovs-appctl(8) for a description of the valid syntax for pattern.
593 -vFACILITY:facility
595 --verbose=FACILITY:facility
596 Sets the RFC5424 facility of the log message. facility can be
597 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
598 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
599 local3, local4, local5, local6 or local7. If this option is not
600 specified, daemon is used as the default for the local system
601 syslog and local0 is used while sending a message to the target
602 provided via the --syslog-target option.
603 --log-file[=file]
605 Enables logging to a file. If file is specified, then it is
606 used as the exact name for the log file. The default log file
607 name used if file is omitted is /var/log/open‐
608 vswitch/ovsdb-client.log.
609 --syslog-target=host:port
611 Send syslog messages to UDP port on host, in addition to the
612 system syslog. The host must be a numerical IP address, not a
613 hostname.
614 --syslog-method=method
616 Specify method how syslog messages should be sent to syslog dae‐
617 mon. Following forms are supported:
618 • libc, use libc syslog() function. Downside of using this
620 options is that libc adds fixed prefix to every message
621 before it is actually sent to the syslog daemon over
622 /dev/log UNIX domain socket.
623 • unix:file, use UNIX domain socket directly. It is possi‐
625 ble to specify arbitrary message format with this option.
626 However, rsyslogd 8.9 and older versions use hard coded
627 parser function anyway that limits UNIX domain socket
628 use. If you want to use arbitrary message format with
629 older rsyslogd versions, then use UDP socket to localhost
630 IP address instead.
631 • udp:ip:port, use UDP socket. With this method it is pos‐
633 sible to use arbitrary message format also with older
634 rsyslogd. When sending syslog messages over UDP socket
635 extra precaution needs to be taken into account, for ex‐
636 ample, syslog daemon needs to be configured to listen on
637 the specified UDP port, accidental iptables rules could
638 be interfering with local syslog traffic and there are
639 some security considerations that apply to UDP sockets,
640 but do not apply to UNIX domain sockets.
641 • null, discards all messages logged to syslog.
643 The default is taken from the OVS_SYSLOG_METHOD environment
645 variable; if it is unset, the default is libc.
646 Public Key Infrastructure Options
648 -p privkey.pem
649 --private-key=privkey.pem
650 Specifies a PEM file containing the private key used as
651 ovsdb-client's identity for outgoing SSL connections.
652 -c cert.pem
654 --certificate=cert.pem
655 Specifies a PEM file containing a certificate that certifies the
656 private key specified on -p or --private-key to be trustworthy.
657 The certificate must be signed by the certificate authority (CA)
658 that the peer in SSL connections will use to verify it.
659 -C cacert.pem
661 --ca-cert=cacert.pem
662 Specifies a PEM file containing the CA certificate that
663 ovsdb-client should use to verify certificates presented to it
664 by SSL peers. (This may be the same certificate that SSL peers
665 use to verify the certificate specified on -c or --certificate,
666 or it may be a different one, depending on the PKI design in
667 use.)
668 -C none
670 --ca-cert=none
671 Disables verification of certificates presented by SSL peers.
672 This introduces a security risk, because it means that certifi‐
673 cates cannot be verified to be those of known trusted hosts.
674 --bootstrap-ca-cert=cacert.pem
676 When cacert.pem exists, this option has the same effect as -C or
677 --ca-cert. If it does not exist, then ovsdb-client will attempt
678 to obtain the CA certificate from the SSL peer on its first SSL
679 connection and save it to the named PEM file. If it is success‐
680 ful, it will immediately drop the connection and reconnect, and
681 from then on all SSL connections must be authenticated by a cer‐
682 tificate signed by the CA certificate thus obtained.
683 This option exposes the SSL connection to a man-in-the-middle
685 attack obtaining the initial CA certificate, but it may be use‐
686 ful for bootstrapping.
687 This option is only useful if the SSL peer sends its CA certifi‐
689 cate as part of the SSL certificate chain. The SSL protocol
690 does not require the server to send the CA certificate.
691 This option is mutually exclusive with -C and --ca-cert.
693 SSL Connection Options
695 --ssl-protocols=protocols
696 Specifies, in a comma- or space-delimited list, the SSL proto‐
697 cols ovsdb-client will enable for SSL connections. Supported
698 protocols include TLSv1, TLSv1.1, and TLSv1.2. Regardless of
699 order, the highest protocol supported by both sides will be cho‐
700 sen when making the connection. The default when this option is
701 omitted is TLSv1,TLSv1.1,TLSv1.2.
702 --ssl-ciphers=ciphers
704 Specifies, in OpenSSL cipher string format, the ciphers
705 ovsdb-client will support for SSL connections. The default when
706 this option is omitted is HIGH:!aNULL:!MD5.
707 Other Options
709 --record[=directory]
710 Sets the process in "recording" mode, in which it will record
711 all the connections, data from streams (Unix domain and network
712 sockets) and some other important necessary bits, so they could
713 be replayed later. Recorded data is stored in replay files in
714 specified directory. If directory does not begin with /, it is
715 interpreted as relative to /var/run/openvswitch. If directory
716 is not specified, /var/run/openvswitch will be used.
717 --replay[=directory]
719 Sets the process in "replay" mode, in which it will read infor‐
720 mation about connections, data from streams (Unix domain and
721 network sockets) and some other necessary bits directly from re‐
722 play files instead of using real sockets. Replay files from the
723 directory will be used. If directory does not begin with /, it
724 is interpreted as relative to /var/run/openvswitch. If direc‐
725 tory is not specified, /var/run/openvswitch will be used.
726 -h
728 --help Prints a brief help message to the console.
729 -V
731 --version
732 Prints version information to the console.
733
735 ovsdb(7), ovsdb-server(1), ovsdb-client(1).
736Open vSwitch 2.17.0 ovsdb-client(1)