1ovsdb-server(1) Open vSwitch Manual ovsdb-server(1)
2
3
4
6 ovsdb-server - Open vSwitch database server
7
9 ovsdb-server [database]... [relay:schema_name:remote]... [--re‐
10 mote=remote]... [--run=command]
11
12 Daemon options:
13 [--pidfile[=pidfile]] [--overwrite-pidfile] [--detach]
14 [--no-chdir] [--no-self-confinement]
15
16 Service options:
17 [--service] [--service-monitor]
18
19 Logging options:
20 [-v[module[:destination[:level]]]]...
21 [--verbose[=module[:destination[:level]]]]...
22 [--log-file[=file]]
23
24 Active-backup options:
25 [--sync-from=server] [--sync-exclude-tables=db:table[,db:ta‐
26 ble]...] [--active]
27
28 Public key infrastructure options:
29 [--private-key=privkey.pem]
30 [--certificate=cert.pem]
31 [--ca-cert=cacert.pem]
32 [--bootstrap-ca-cert=cacert.pem]
33 [--peer-ca-cert=peer-cacert.pem]
34
35 SSL connection options:
36 [--ssl-protocols=protocols]
37 [--ssl-ciphers=ciphers]
38
39 Runtime management options:
40 --unixctl=socket
41
42 Replay options:
43 [--record[=directory]] [--replay[=directory]]
44
45 Common options:
46 [-h | --help] [-V | --version]
47
48
50 The ovsdb-server program provides RPC interfaces to one or more Open
51 vSwitch databases (OVSDBs). It supports JSON-RPC client connections
52 over active or passive TCP/IP or Unix domain sockets. For an introduc‐
53 tion to OVSDB and its implementation in Open vSwitch, see ovsdb(7).
54
55 Each OVSDB file may be specified on the command line as database. Re‐
56 lay databases may be specified on the command line as re‐
57 lay:schema_name:remote. For a detailed description of relay database
58 argument, see ovsdb(7). If none of database files or relay databases
59 is specified, the default is /etc/openvswitch/conf.db. The database
60 files must already have been created and initialized using, for exam‐
61 ple, ovsdb-tool's create, create-cluster, or join-cluster command.
62
63 This OVSDB implementation supports standalone, active-backup, relay and
64 clustered database service models, as well as database replication.
65 See the Service Models section of ovsdb(7) for more information.
66
67 For clustered databases, when the --detach option is used, ovsdb-server
68 detaches without waiting for the server to successfully join a cluster
69 (if the database file is freshly created with ovsdb-tool join-cluster)
70 or connect to a cluster that it has already joined. Use ovsdb-client
71 wait (see ovsdb-client(1)) to wait until the server has successfully
72 joined and connected to a cluster. The same is true for relay data‐
73 bases. Same commands could be used to wait for a relay database to
74 connect to the relay source (remote).
75
76 In addition to user-specified databases, ovsdb-server version 2.9 and
77 later also always hosts a built-in database named _Server. Please see
78 ovsdb-server(5) for documentation on this database's schema.
79
81 --remote=remote
82 Adds remote as a connection method used by ovsdb-server. The
83 remote may be an OVSDB active or passive connection method, e.g.
84 pssl:6640, as described in ovsdb(7). The following additional
85 form is also supported:
86
87 db:db,table,column
88 Reads additional connection methods from column in all of
89 the rows in table within db. As the contents of column
90 changes, ovsdb-server also adds and drops connection
91 methods accordingly.
92
93 If column's type is string or set of strings, then the
94 connection methods are taken directly from the column.
95 The connection methods in the column must have one of the
96 forms described above.
97
98 If column's type is UUID or set of UUIDs and references a
99 table, then each UUID is looked up in the referenced ta‐
100 ble to obtain a row. The following columns in the row,
101 if present and of the correct type, configure a connec‐
102 tion method. Any additional columns are ignored.
103
104 target (string)
105 Connection method, in one of the forms described
106 above. This column is mandatory: if it is missing
107 or empty then no connection method can be config‐
108 ured.
109
110 max_backoff (integer)
111 Maximum number of milliseconds to wait between
112 connection attempts.
113
114 inactivity_probe (integer)
115 Maximum number of milliseconds of idle time on
116 connection to client before sending an inactivity
117 probe message.
118
119 read_only (boolean)
120 If true, only read-only transactions are allowed
121 on this connection.
122
123 It is an error for column to have another type.
124
125 To connect or listen on multiple connection methods, use multi‐
126 ple --remote options.
127
128 --run=command]
129 Ordinarily ovsdb-server runs forever, or until it is told to
130 exit (see RUNTIME MANAGEMENT COMMANDS below). With this option,
131 ovsdb-server instead starts a shell subprocess running command.
132 When the subprocess terminates, ovsdb-server also exits grace‐
133 fully. If the subprocess exits normally with exit code 0, then
134 ovsdb-server exits with exit code 0 also; otherwise, it exits
135 with exit code 1.
136
137 This option can be useful where a database server is needed only
138 to run a single command, e.g.: ovsdb-server --re‐
139 mote=punix:socket --run='ovsdb-client dump unix:socket
140 Open_vSwitch'
141
142 This option is not supported on Windows platform.
143
144 Daemon Options
145 The following options are valid on POSIX based platforms.
146
147 --pidfile[=pidfile]
148 Causes a file (by default, ovsdb-server.pid) to be created indi‐
149 cating the PID of the running process. If the pidfile argument
150 is not specified, or if it does not begin with /, then it is
151 created in /var/run/openvswitch.
152
153 If --pidfile is not specified, no pidfile is created.
154
155 --overwrite-pidfile
156 By default, when --pidfile is specified and the specified pid‐
157 file already exists and is locked by a running process,
158 ovsdb-server refuses to start. Specify --overwrite-pidfile to
159 cause it to instead overwrite the pidfile.
160
161 When --pidfile is not specified, this option has no effect.
162
163 --detach
164 Runs ovsdb-server as a background process. The process forks,
165 and in the child it starts a new session, closes the standard
166 file descriptors (which has the side effect of disabling logging
167 to the console), and changes its current directory to the root
168 (unless --no-chdir is specified). After the child completes its
169 initialization, the parent exits. ovsdb-server detaches only
170 after it starts listening on all configured remotes. At this
171 point, all standalone and active-backup databases are ready for
172 use. Clustered databases only become ready for use after they
173 finish joining their clusters (which could have already happened
174 in previous runs of ovsdb-server).
175
176 --monitor
177 Creates an additional process to monitor the ovsdb-server dae‐
178 mon. If the daemon dies due to a signal that indicates a pro‐
179 gramming error (SIGABRT, SIGALRM, SIGBUS, SIGFPE, SIGILL, SIG‐
180 PIPE, SIGSEGV, SIGXCPU, or SIGXFSZ) then the monitor process
181 starts a new copy of it. If the daemon dies or exits for an‐
182 other reason, the monitor process exits.
183
184 This option is normally used with --detach, but it also func‐
185 tions without it.
186
187 --no-chdir
188 By default, when --detach is specified, ovsdb-server changes its
189 current working directory to the root directory after it de‐
190 taches. Otherwise, invoking ovsdb-server from a carelessly cho‐
191 sen directory would prevent the administrator from unmounting
192 the file system that holds that directory.
193
194 Specifying --no-chdir suppresses this behavior, preventing
195 ovsdb-server from changing its current working directory. This
196 may be useful for collecting core files, since it is common be‐
197 havior to write core dumps into the current working directory
198 and the root directory is not a good directory to use.
199
200 This option has no effect when --detach is not specified.
201
202 --no-self-confinement
203 By default daemon will try to self-confine itself to work with
204 files under well-known directories determined during build. It
205 is better to stick with this default behavior and not to use
206 this flag unless some other Access Control is used to confine
207 daemon. Note that in contrast to other access control implemen‐
208 tations that are typically enforced from kernel-space (e.g. DAC
209 or MAC), self-confinement is imposed from the user-space daemon
210 itself and hence should not be considered as a full confinement
211 strategy, but instead should be viewed as an additional layer of
212 security.
213
214 --user Causes ovsdb-server to run as a different user specified in
215 "user:group", thus dropping most of the root privileges. Short
216 forms "user" and ":group" are also allowed, with current user or
217 group are assumed respectively. Only daemons started by the root
218 user accepts this argument.
219
220 On Linux, daemons will be granted CAP_IPC_LOCK and
221 CAP_NET_BIND_SERVICES before dropping root privileges. Daemons
222 that interact with a datapath, such as ovs-vswitchd, will be
223 granted three additional capabilities, namely CAP_NET_ADMIN,
224 CAP_NET_BROADCAST and CAP_NET_RAW. The capability change will
225 apply even if the new user is root.
226
227 On Windows, this option is not currently supported. For security
228 reasons, specifying this option will cause the daemon process
229 not to start.
230
231 Service Options
232 The following options are valid only on Windows platform.
233
234 --service
235 Causes ovsdb-server to run as a service in the background. The
236 service should already have been created through external tools
237 like SC.exe.
238
239 --service-monitor
240 Causes the ovsdb-server service to be automatically restarted by
241 the Windows services manager if the service dies or exits for
242 unexpected reasons.
243
244 When --service is not specified, this option has no effect.
245
246 Logging Options
247 -v[spec]
248 --verbose=[spec]
249 Sets logging levels. Without any spec, sets the log level for
250 every module and destination to dbg. Otherwise, spec is a list
251 of words separated by spaces or commas or colons, up to one from
252 each category below:
253
254 • A valid module name, as displayed by the vlog/list com‐
255 mand on ovs-appctl(8), limits the log level change to the
256 specified module.
257
258 • syslog, console, or file, to limit the log level change
259 to only to the system log, to the console, or to a file,
260 respectively. (If --detach is specified, ovsdb-server
261 closes its standard file descriptors, so logging to the
262 console will have no effect.)
263
264 On Windows platform, syslog is accepted as a word and is
265 only useful along with the --syslog-target option (the
266 word has no effect otherwise).
267
268 • off, emer, err, warn, info, or dbg, to control the log
269 level. Messages of the given severity or higher will be
270 logged, and messages of lower severity will be filtered
271 out. off filters out all messages. See ovs-appctl(8)
272 for a definition of each log level.
273
274 Case is not significant within spec.
275
276 Regardless of the log levels set for file, logging to a file
277 will not take place unless --log-file is also specified (see be‐
278 low).
279
280 For compatibility with older versions of OVS, any is accepted as
281 a word but has no effect.
282
283 -v
284 --verbose
285 Sets the maximum logging verbosity level, equivalent to --ver‐
286 bose=dbg.
287
288 -vPATTERN:destination:pattern
289 --verbose=PATTERN:destination:pattern
290 Sets the log pattern for destination to pattern. Refer to
291 ovs-appctl(8) for a description of the valid syntax for pattern.
292
293 -vFACILITY:facility
294 --verbose=FACILITY:facility
295 Sets the RFC5424 facility of the log message. facility can be
296 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
297 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
298 local3, local4, local5, local6 or local7. If this option is not
299 specified, daemon is used as the default for the local system
300 syslog and local0 is used while sending a message to the target
301 provided via the --syslog-target option.
302
303 --log-file[=file]
304 Enables logging to a file. If file is specified, then it is
305 used as the exact name for the log file. The default log file
306 name used if file is omitted is /var/log/open‐
307 vswitch/ovsdb-server.log.
308
309 --syslog-target=host:port
310 Send syslog messages to UDP port on host, in addition to the
311 system syslog. The host must be a numerical IP address, not a
312 hostname.
313
314 --syslog-method=method
315 Specify method how syslog messages should be sent to syslog dae‐
316 mon. Following forms are supported:
317
318 • libc, use libc syslog() function. Downside of using this
319 options is that libc adds fixed prefix to every message
320 before it is actually sent to the syslog daemon over
321 /dev/log UNIX domain socket.
322
323 • unix:file, use UNIX domain socket directly. It is possi‐
324 ble to specify arbitrary message format with this option.
325 However, rsyslogd 8.9 and older versions use hard coded
326 parser function anyway that limits UNIX domain socket
327 use. If you want to use arbitrary message format with
328 older rsyslogd versions, then use UDP socket to localhost
329 IP address instead.
330
331 • udp:ip:port, use UDP socket. With this method it is pos‐
332 sible to use arbitrary message format also with older
333 rsyslogd. When sending syslog messages over UDP socket
334 extra precaution needs to be taken into account, for ex‐
335 ample, syslog daemon needs to be configured to listen on
336 the specified UDP port, accidental iptables rules could
337 be interfering with local syslog traffic and there are
338 some security considerations that apply to UDP sockets,
339 but do not apply to UNIX domain sockets.
340
341 • null, discards all messages logged to syslog.
342
343 The default is taken from the OVS_SYSLOG_METHOD environment
344 variable; if it is unset, the default is libc.
345
346 Active-Backup Options
347 These options support the ovsdb-server active-backup service model and
348 database replication. These options apply only to databases in the
349 format used for standalone and active-backup databases, which is the
350 database format created by ovsdb-tool create. By default, when it
351 serves a database in this format, ovsdb-server runs as a standalone
352 server. These options can configure it for active-backup use:
353
354 • Use --sync-from=server to start the server in the backup role,
355 replicating data from server. When ovsdb-server is running as a
356 backup server, it rejects all transactions that can modify the
357 database content, including lock commands. The same form can be
358 used to configure the local database as a replica of server.
359
360 • Use --sync-from=server --active to start the server in the ac‐
361 tive role, but prepared to switch to the backup role in which it
362 would replicate data from server. When ovsdb-server runs in ac‐
363 tive mode, it allows all transactions, including those that mod‐
364 ify the database.
365
366 At runtime, management commands can change a server's role and other‐
367 wise manage active-backup features. See Active-Backup Commands, below,
368 for more information.
369
370 --sync-from=server
371 Sets up ovsdb-server to synchronize its databases with the data‐
372 bases in server, which must be an active connection method in
373 one of the forms documented in ovsdb-client(1). Every transac‐
374 tion committed by server will be replicated to ovsdb-server.
375 This option makes ovsdb-server start as a backup server; add
376 --active to make it start as an active server.
377
378 --sync-exclude-tables=db:table[,db:table]...
379 Causes the specified tables to be excluded from replication.
380
381 --active
382 By default, --sync-from makes ovsdb-server start up as a backup
383 for server. With --active, however, ovsdb-server starts as an
384 active server. Use this option to allow the syncing options to
385 be specified using command line options, yet start the server,
386 as the default, active server. To switch the running server to
387 backup mode, use ovs-appctl(1) to execute the ovsdb-server/con‐
388 nect-active-ovsdb-server command.
389
390 Public Key Infrastructure Options
391 The options described below for configuring the SSL public key infra‐
392 structure accept a special syntax for obtaining their configuration
393 from the database. If any of these options is given db:db,table,column
394 as its argument, then the actual file name is read from the specified
395 column in table within the db database. The column must have type
396 string or set of strings. The first nonempty string in the table is
397 taken as the file name. (This means that ordinarily there should be at
398 most one row in table.)
399
400 -p privkey.pem
401 --private-key=privkey.pem
402 Specifies a PEM file containing the private key used as
403 ovsdb-server's identity for outgoing SSL connections.
404
405 -c cert.pem
406 --certificate=cert.pem
407 Specifies a PEM file containing a certificate that certifies the
408 private key specified on -p or --private-key to be trustworthy.
409 The certificate must be signed by the certificate authority (CA)
410 that the peer in SSL connections will use to verify it.
411
412 -C cacert.pem
413 --ca-cert=cacert.pem
414 Specifies a PEM file containing the CA certificate that
415 ovsdb-server should use to verify certificates presented to it
416 by SSL peers. (This may be the same certificate that SSL peers
417 use to verify the certificate specified on -c or --certificate,
418 or it may be a different one, depending on the PKI design in
419 use.)
420
421 -C none
422 --ca-cert=none
423 Disables verification of certificates presented by SSL peers.
424 This introduces a security risk, because it means that certifi‐
425 cates cannot be verified to be those of known trusted hosts.
426
427 --bootstrap-ca-cert=cacert.pem
428 When cacert.pem exists, this option has the same effect as -C or
429 --ca-cert. If it does not exist, then ovsdb-server will attempt
430 to obtain the CA certificate from the SSL peer on its first SSL
431 connection and save it to the named PEM file. If it is success‐
432 ful, it will immediately drop the connection and reconnect, and
433 from then on all SSL connections must be authenticated by a cer‐
434 tificate signed by the CA certificate thus obtained.
435
436 This option exposes the SSL connection to a man-in-the-middle
437 attack obtaining the initial CA certificate, but it may be use‐
438 ful for bootstrapping.
439
440 This option is only useful if the SSL peer sends its CA certifi‐
441 cate as part of the SSL certificate chain. The SSL protocol
442 does not require the server to send the CA certificate.
443
444 This option is mutually exclusive with -C and --ca-cert.
445
446 --peer-ca-cert=peer-cacert.pem
447 Specifies a PEM file that contains one or more additional cer‐
448 tificates to send to SSL peers. peer-cacert.pem should be the
449 CA certificate used to sign ovsdb-server's own certificate, that
450 is, the certificate specified on -c or --certificate. If
451 ovsdb-server's certificate is self-signed, then --certificate
452 and --peer-ca-cert should specify the same file.
453
454 This option is not useful in normal operation, because the SSL
455 peer must already have the CA certificate for the peer to have
456 any confidence in ovsdb-server's identity. However, this offers
457 a way for a new installation to bootstrap the CA certificate on
458 its first SSL connection.
459
460 SSL Connection Options
461 --ssl-protocols=protocols
462 Specifies, in a comma- or space-delimited list, the SSL proto‐
463 cols ovsdb-server will enable for SSL connections. Supported
464 protocols include TLSv1, TLSv1.1, and TLSv1.2. Regardless of
465 order, the highest protocol supported by both sides will be cho‐
466 sen when making the connection. The default when this option is
467 omitted is TLSv1,TLSv1.1,TLSv1.2.
468
469 --ssl-ciphers=ciphers
470 Specifies, in OpenSSL cipher string format, the ciphers
471 ovsdb-server will support for SSL connections. The default when
472 this option is omitted is HIGH:!aNULL:!MD5.
473
474 Other Options
475 --unixctl=socket
476 Sets the name of the control socket on which ovsdb-server lis‐
477 tens for runtime management commands (see RUNTIME MANAGEMENT
478 COMMANDS, below). If socket does not begin with /, it is inter‐
479 preted as relative to /var/run/openvswitch. If --unixctl is not
480 used at all, the default socket is /var/run/open‐
481 vswitch/ovsdb-server.pid.ctl, where pid is ovsdb-server's
482 process ID.
483
484 On Windows a local named pipe is used to listen for runtime man‐
485 agement commands. A file is created in the absolute path as
486 pointed by socket or if --unixctl is not used at all, a file is
487 created as ovsdb-server.ctl in the configured OVS_RUNDIR direc‐
488 tory. The file exists just to mimic the behavior of a Unix do‐
489 main socket.
490
491 Specifying none for socket disables the control socket feature.
492
493 --record[=directory]
494 Sets the process in "recording" mode, in which it will record
495 all the connections, data from streams (Unix domain and network
496 sockets) and some other important necessary bits, so they could
497 be replayed later. Recorded data is stored in replay files in
498 specified directory. If directory does not begin with /, it is
499 interpreted as relative to /var/run/openvswitch. If directory
500 is not specified, /var/run/openvswitch will be used.
501
502 --replay[=directory]
503 Sets the process in "replay" mode, in which it will read infor‐
504 mation about connections, data from streams (Unix domain and
505 network sockets) and some other necessary bits directly from re‐
506 play files instead of using real sockets. Replay files from the
507 directory will be used. If directory does not begin with /, it
508 is interpreted as relative to /var/run/openvswitch. If direc‐
509 tory is not specified, /var/run/openvswitch will be used.
510
511 -h
512 --help Prints a brief help message to the console.
513
514 -V
515 --version
516 Prints version information to the console.
517
519 ovs-appctl(8) can send commands to a running ovsdb-server process. The
520 currently supported commands are described below.
521
522 ovsdb-server Commands
523 These commands are specific to ovsdb-server.
524
525 exit Causes ovsdb-server to gracefully terminate.
526
527 ovsdb-server/compact [db]
528 Compacts database db in-place. If db is not specified, compacts
529 every database in-place. A database is also compacted automati‐
530 cally when a transaction is logged if it is over 2 times as
531 large as its previous compacted size (and at least 10 MB), but
532 not before 100 commits have been added or 10 minutes have
533 elapsed since the last compaction. It will also be compacted au‐
534 tomatically after 24 hours since the last compaction if 100 com‐
535 mits were added regardless of its size.
536
537 ovsdb-server/memory-trim-on-compaction on|off
538 If this option is on, ovsdb-server will try to reclaim all un‐
539 used heap memory back to the system after each successful data‐
540 base compaction to reduce the memory consumption of the process.
541 off by default.
542
543 ovsdb-server/reconnect
544 Makes ovsdb-server drop all of the JSON-RPC connections to data‐
545 base clients and reconnect.
546
547 This command might be useful for debugging issues with database
548 clients.
549
550 ovsdb-server/add-remote remote
551 Adds a remote, as if --remote=remote had been specified on the
552 ovsdb-server command line. (If remote is already a remote, this
553 command succeeds without changing the configuration.)
554
555 ovsdb-server/remove-remote remote
556 Removes the specified remote from the configuration, failing
557 with an error if remote is not configured as a remote. This
558 command only works with remotes that were named on --remote or
559 ovsdb-server/add-remote, that is, it will not remove remotes
560 added indirectly because they were read from the database by
561 configuring a db:db,table,column remote. (You can remove a
562 database source with ovsdb-server/remove-remote db:db,table,col‐
563 umn, but not individual remotes found indirectly through the
564 database.)
565
566 ovsdb-server/list-remotes
567 Outputs a list of the currently configured remotes named on
568 --remote or ovsdb-server/add-remote, that is, it does not list
569 remotes added indirectly because they were read from the data‐
570 base by configuring a db:db,table,column remote.
571
572 ovsdb-server/add-db database
573 Adds the database to the running ovsdb-server. database could
574 be a database file or a relay description in the following for‐
575 mat: relay:schema_name:remote. The database file must already
576 have been created and initialized using, for example, ovsdb-tool
577 create.
578
579 ovsdb-server/remove-db database
580 Removes database from the running ovsdb-server. database must
581 be a database name as listed by ovsdb-server/list-dbs.
582
583 If a remote has been configured that points to the specified
584 database (e.g. --remote=db:database,... on the command line),
585 then it will be disabled until another database with the same
586 name is added again (with ovsdb-server/add-db).
587
588 Any public key infrastructure options specified through this
589 database (e.g. --private-key=db:database,... on the command
590 line) will be disabled until another database with the same name
591 is added again (with ovsdb-server/add-db).
592
593 ovsdb-server/list-dbs
594 Outputs a list of the currently configured databases added ei‐
595 ther through the command line or through the ovsdb-server/add-db
596 command.
597
598 Active-Backup Commands
599 These commands query and update the role of ovsdb-server within an ac‐
600 tive-backup pair of servers. See Active-Backup Options, above, and Ac‐
601 tive-Backup Database Service Model in ovsdb(7) for more information.
602
603 ovsdb-server/set-active-ovsdb-server server
604 Sets the active server from which ovsdb-server connects through
605 ovsdb-server/connect-active-ovsdb-server. This overrides the
606 --sync-from command-line option.
607
608 ovsdb-server/get-active-ovsdb-server
609 Gets the active server from which ovsdb-server is currently syn‐
610 chronizing its databases.
611
612 ovsdb-server/connect-active-ovsdb-server
613 Switches the server to a backup role. The server starts syn‐
614 chronizing its databases with the active server specified by
615 ovsdb-server/set-active-ovsdb-server (or the --sync-from com‐
616 mand-line option) and closes all existing client connections,
617 which requires clients to reconnect.
618
619 ovsdb-server/disconnect-active-ovsdb-server
620 Switches the server to an active role. The server stops syn‐
621 chronizing its databases with an active server and closes all
622 existing client connections, which requires clients to recon‐
623 nect.
624
625 ovsdb-server/set-active-ovsdb-server-probe-interval probe interval
626 Sets the probe interval (in milli seconds) for the connection
627 to active server.
628
629 ovsdb-server/set-sync-exclude-tables db:table[,db:table]...
630 Sets the table within db that will be excluded from synchroniza‐
631 tion. This overrides the --sync-exclude-tables command-line op‐
632 tion.
633
634 ovsdb-server/get-sync-exclude-tables
635 Gets the tables that are currently excluded from synchroniza‐
636 tion.
637
638 ovsdb-server/sync-status
639 Prints a summary of replication run time information. The state
640 information is always provided, indicating whether the server is
641 running in the active or the backup mode. When running in
642 backup mode, replication connection status, which can be either
643 connecting, replicating or error, are shown. When the connec‐
644 tion is in replicating state, further output shows the list of
645 databases currently replicating, and the tables that are ex‐
646 cluded.
647
648 Cluster Commands
649 These commands support the ovsdb-server clustered service model. They
650 apply only to databases in the format used for clustered databases,
651 which is the database format created by ovsdb-tool create-cluster and
652 ovsdb-tool join-cluster.
653
654 cluster/cid db
655 Prints the cluster ID for db, which is a UUID that identifies
656 the cluster. If db is a database newly created by ovsdb-tool
657 cluster-join that has not yet successfully joined its cluster,
658 and --cid was not specified on the cluster-join command line,
659 then this command will report an error because the cluster ID is
660 not yet known.
661
662 cluster/sid db
663 Prints the server ID for db, which is a UUID that identifies
664 this server within the cluster.
665
666 cluster/status db
667 Prints this server's status within the cluster and the status of
668 its connections to other servers in the cluster.
669
670 cluster/leave db
671 This command starts the server gracefully removing itself from
672 its cluster. At least one server must remain, and the cluster
673 must be healthy, that is, over half of the cluster's servers
674 must be up.
675
676 When the server successfully leaves the cluster, it stops serv‐
677 ing db, as if ovsdb-server/remove-db db had been executed.
678
679 Use ovsdb-client wait (see ovsdb-client(1)) to wait until the
680 server has left the cluster.
681
682 Once a server leaves a cluster, it may never rejoin it. In‐
683 stead, create a new server and join it to the cluster.
684
685 Note that removing the server from the cluster alters the total
686 size of the cluster. For example, if you remove two servers from
687 a three server cluster, then the "cluster" becomes a single
688 functioning server. This does not result in a three server
689 cluster that lacks quorum.
690
691 cluster/kick db server
692 Start graceful removal of server from db's cluster, like clus‐
693 ter/leave (without --force) except that it can remove any
694 server, not just this one.
695
696 server may be a server ID, as printed by cluster/sid, or the
697 server's local network address as passed to ovsdb-tool's cre‐
698 ate-cluster or join-cluster command. Use cluster/status to see
699 a list of cluster members.
700
701 cluster/change-election-timer db time
702 Change the leader election timeout base value of the cluster, in
703 milliseconds.
704
705 Leader election will be initiated by a follower if there is no
706 heartbeat received from the leader within this time plus a ran‐
707 dom time within 1 second.
708
709 The default value is 1000, if not changed with this command.
710 This command can be used to adjust the value when necessary, ac‐
711 cording to the expected load and response time of the servers.
712
713 This command must be executed on the leader. It initiates the
714 change to the cluster. To see if the change takes effect (com‐
715 mitted), use cluster/status to show the current setting. Once a
716 change is committed, it persists at server restarts.
717
718 cluster/set-backlog-threshold db n_msgs n_bytes
719 Sets the backlog limits for db's RAFT connections to a maximum
720 of n_msgs messages or n_bytes bytes. If the backlog on one of
721 the connections reaches the limit, it will be disconnected (and
722 re-established). Values are checked only if the backlog con‐
723 tains more than 50 messages.
724
725 VLOG COMMANDS
726 These commands manage ovsdb-server's logging settings.
727
728 vlog/set [spec]
729 Sets logging levels. Without any spec, sets the log level for
730 every module and destination to dbg. Otherwise, spec is a list
731 of words separated by spaces or commas or colons, up to one from
732 each category below:
733
734 • A valid module name, as displayed by the vlog/list com‐
735 mand on ovs-appctl(8), limits the log level change to the
736 specified module.
737
738 • syslog, console, or file, to limit the log level change
739 to only to the system log, to the console, or to a file,
740 respectively.
741
742 On Windows platform, syslog is accepted as a word and is
743 only useful along with the --syslog-target option (the
744 word has no effect otherwise).
745
746 • off, emer, err, warn, info, or dbg, to control the log
747 level. Messages of the given severity or higher will be
748 logged, and messages of lower severity will be filtered
749 out. off filters out all messages. See ovs-appctl(8)
750 for a definition of each log level.
751
752 Case is not significant within spec.
753
754 Regardless of the log levels set for file, logging to a file
755 will not take place unless ovsdb-server was invoked with the
756 --log-file option.
757
758 For compatibility with older versions of OVS, any is accepted as
759 a word but has no effect.
760
761 vlog/set PATTERN:destination:pattern
762 Sets the log pattern for destination to pattern. Refer to
763 ovs-appctl(8) for a description of the valid syntax for pattern.
764
765 vlog/list
766 Lists the supported logging modules and their current levels.
767
768 vlog/list-pattern
769 Lists logging patterns used for each destination.
770
771 vlog/close
772 Causes ovsdb-server to close its log file, if it is open. (Use
773 vlog/reopen to reopen it later.)
774
775 vlog/reopen
776 Causes ovsdb-server to close its log file, if it is open, and
777 then reopen it. (This is useful after rotating log files, to
778 cause a new log file to be used.)
779
780 This has no effect unless ovsdb-server was invoked with the
781 --log-file option.
782
783 vlog/disable-rate-limit [module]...
784 vlog/enable-rate-limit [module]...
785 By default, ovsdb-server limits the rate at which certain mes‐
786 sages can be logged. When a message would appear more fre‐
787 quently than the limit, it is suppressed. This saves disk
788 space, makes logs easier to read, and speeds up execution, but
789 occasionally troubleshooting requires more detail. Therefore,
790 vlog/disable-rate-limit allows rate limits to be disabled at the
791 level of an individual log module. Specify one or more module
792 names, as displayed by the vlog/list command. Specifying either
793 no module names at all or the keyword any disables rate limits
794 for every log module.
795
796 The vlog/enable-rate-limit command, whose syntax is the same as
797 vlog/disable-rate-limit, can be used to re-enable a rate limit
798 that was previously disabled.
799
800 MEMORY COMMANDS
801 These commands report memory usage.
802
803 memory/show
804 Displays some basic statistics about ovsdb-server's memory us‐
805 age. ovsdb-server also logs this information soon after startup
806 and periodically as its memory consumption grows.
807
808 COVERAGE COMMANDS
809 These commands manage ovsdb-server's ``coverage counters,'' which count
810 the number of times particular events occur during a daemon's runtime.
811 In addition to these commands, ovsdb-server automatically logs coverage
812 counter values, at INFO level, when it detects that the daemon's main
813 loop takes unusually long to run.
814
815 Coverage counters are useful mainly for performance analysis and debug‐
816 ging.
817
818 coverage/show
819 Displays the averaged per-second rates for the last few seconds,
820 the last minute and the last hour, and the total counts of all
821 of the coverage counters.
822
823 coverage/read-counter counter
824 Displays the total count for the given coverage counter.
825
827 In Open vSwitch before version 2.4, when ovsdb-server sent JSON-RPC er‐
828 ror responses to some requests, it incorrectly formulated them with the
829 result and error swapped, so that the response appeared to indicate
830 success (with a nonsensical result) rather than an error. The requests
831 that suffered from this problem were:
832
833 transact
834 get_schema
835 Only if the request names a nonexistent database.
836
837 monitor
838 lock
839 unlock In all error cases.
840
841 Of these cases, the only error that a well-written application is
842 likely to encounter in practice is monitor of tables or columns that do
843 not exist, in an situation where the application has been upgraded but
844 the old database schema is still temporarily in use. To handle this
845 situation gracefully, we recommend that clients should treat a monitor
846 response with a result that contains an error key-value pair as an er‐
847 ror (assuming that the database being monitored does not contain a ta‐
848 ble named error).
849
851 ovsdb(7), ovsdb-tool(1), ovsdb-server(5), ovsdb-server(7).
852
853
854
855Open vSwitch 2.17.0 ovsdb-server(1)