1ovsdb-server(1)               Open vSwitch Manual              ovsdb-server(1)
2
3
4

NAME

6       ovsdb-server - Open vSwitch database server
7

SYNOPSIS

9       ovsdb-server   [database]...    [relay:schema_name:remote]...    [--re‐
10       mote=remote]...  [--run=command]
11
12       Daemon options:
13              [--pidfile[=pidfile]]      [--overwrite-pidfile]      [--detach]
14              [--no-chdir] [--no-self-confinement]
15
16       Service options:
17              [--service] [--service-monitor]
18
19       Logging options:
20              [-v[module[:destination[:level]]]]...
21              [--verbose[=module[:destination[:level]]]]...
22              [--log-file[=file]]
23
24       Active-backup options:
25              [--sync-from=server]     [--sync-exclude-tables=db:table[,db:ta‐
26              ble]...]  [--active]
27
28       Public key infrastructure options:
29              [--private-key=privkey.pem]
30              [--certificate=cert.pem]
31              [--ca-cert=cacert.pem]
32              [--bootstrap-ca-cert=cacert.pem]
33              [--peer-ca-cert=peer-cacert.pem]
34
35       SSL connection options:
36              [--ssl-protocols=protocols]
37              [--ssl-ciphers=ciphers]
38
39       Runtime management options:
40              --unixctl=socket
41
42       Replay options:
43              [--record[=directory]] [--replay[=directory]]
44
45       Common options:
46              [-h | --help] [-V | --version]
47
48

DESCRIPTION

50       The ovsdb-server program provides RPC interfaces to one  or  more  Open
51       vSwitch  databases  (OVSDBs).   It supports JSON-RPC client connections
52       over active or passive TCP/IP or Unix domain sockets.  For an introduc‐
53       tion to OVSDB and its implementation in Open vSwitch, see ovsdb(7).
54
55       Each  OVSDB file may be specified on the command line as database.  Re‐
56       lay  databases  may  be  specified  on  the   command   line   as   re‐
57       lay:schema_name:remote.   For  a detailed description of relay database
58       argument, see ovsdb(7).  If none of database files or  relay  databases
59       is  specified,  the  default is /etc/openvswitch/conf.db.  The database
60       files must already have been created and initialized using,  for  exam‐
61       ple, ovsdb-tool's create, create-cluster, or join-cluster command.
62
63       This OVSDB implementation supports standalone, active-backup, relay and
64       clustered database service models, as  well  as  database  replication.
65       See the Service Models section of ovsdb(7) for more information.
66
67       For clustered databases, when the --detach option is used, ovsdb-server
68       detaches without waiting for the server to successfully join a  cluster
69       (if  the database file is freshly created with ovsdb-tool join-cluster)
70       or connect to a cluster that it has already joined.   Use  ovsdb-client
71       wait  (see  ovsdb-client(1))  to wait until the server has successfully
72       joined and connected to a cluster.  The same is true  for  relay  data‐
73       bases.   Same  commands  could  be used to wait for a relay database to
74       connect to the relay source (remote).
75
76       In addition to user-specified databases, ovsdb-server version  2.9  and
77       later  also always hosts a built-in database named _Server.  Please see
78       ovsdb-server(5) for documentation on this database's schema.
79

OPTIONS

81       --remote=remote
82              Adds remote as a connection method used  by  ovsdb-server.   The
83              remote may be an OVSDB active or passive connection method, e.g.
84              pssl:6640, as described in ovsdb(7).  The  following  additional
85              form is also supported:
86
87              db:db,table,column
88                     Reads additional connection methods from column in all of
89                     the rows in table within db.  As the contents  of  column
90                     changes,  ovsdb-server  also  adds  and  drops connection
91                     methods accordingly.
92
93                     If column's type is string or set of  strings,  then  the
94                     connection  methods  are  taken directly from the column.
95                     The connection methods in the column must have one of the
96                     forms described above.
97
98                     If column's type is UUID or set of UUIDs and references a
99                     table, then each UUID is looked up in the referenced  ta‐
100                     ble  to  obtain a row.  The following columns in the row,
101                     if present and of the correct type, configure  a  connec‐
102                     tion method.  Any additional columns are ignored.
103
104                     target (string)
105                            Connection  method,  in one of the forms described
106                            above.  This column is mandatory: if it is missing
107                            or  empty then no connection method can be config‐
108                            ured.
109
110                     max_backoff (integer)
111                            Maximum number of  milliseconds  to  wait  between
112                            connection attempts.
113
114                     inactivity_probe (integer)
115                            Maximum  number  of  milliseconds  of idle time on
116                            connection to client before sending an  inactivity
117                            probe message.
118
119                     read_only (boolean)
120                            If  true,  only read-only transactions are allowed
121                            on this connection.
122
123                     It is an error for column to have another type.
124
125              To connect or listen on multiple connection methods, use  multi‐
126              ple --remote options.
127
128       --run=command]
129              Ordinarily  ovsdb-server  runs  forever,  or until it is told to
130              exit (see RUNTIME MANAGEMENT COMMANDS below).  With this option,
131              ovsdb-server  instead starts a shell subprocess running command.
132              When the subprocess terminates, ovsdb-server also  exits  grace‐
133              fully.   If the subprocess exits normally with exit code 0, then
134              ovsdb-server exits with exit code 0 also;  otherwise,  it  exits
135              with exit code 1.
136
137              This option can be useful where a database server is needed only
138              to   run   a   single   command,   e.g.:   ovsdb-server    --re‐
139              mote=punix:socket     --run='ovsdb-client    dump    unix:socket
140              Open_vSwitch'
141
142              This option is not supported on Windows platform.
143
144   Daemon Options
145       The following options are valid on POSIX based platforms.
146
147       --pidfile[=pidfile]
148              Causes a file (by default, ovsdb-server.pid) to be created indi‐
149              cating  the PID of the running process.  If the pidfile argument
150              is not specified, or if it does not begin with  /,  then  it  is
151              created in /var/run/openvswitch.
152
153              If --pidfile is not specified, no pidfile is created.
154
155       --overwrite-pidfile
156              By  default,  when --pidfile is specified and the specified pid‐
157              file  already  exists  and  is  locked  by  a  running  process,
158              ovsdb-server  refuses  to start.  Specify --overwrite-pidfile to
159              cause it to instead overwrite the pidfile.
160
161              When --pidfile is not specified, this option has no effect.
162
163       --detach
164              Runs ovsdb-server as a background process.  The  process  forks,
165              and  in  the  child it starts a new session, closes the standard
166              file descriptors (which has the side effect of disabling logging
167              to  the  console), and changes its current directory to the root
168              (unless --no-chdir is specified).  After the child completes its
169              initialization,  the  parent  exits.  ovsdb-server detaches only
170              after it starts listening on all configured  remotes.   At  this
171              point,  all standalone and active-backup databases are ready for
172              use.  Clustered databases only become ready for use  after  they
173              finish joining their clusters (which could have already happened
174              in previous runs of ovsdb-server).
175
176       --monitor
177              Creates an additional process to monitor the  ovsdb-server  dae‐
178              mon.   If  the daemon dies due to a signal that indicates a pro‐
179              gramming error (SIGABRT, SIGALRM, SIGBUS, SIGFPE,  SIGILL,  SIG‐
180              PIPE,  SIGSEGV,  SIGXCPU,  or  SIGXFSZ) then the monitor process
181              starts a new copy of it.  If the daemon dies or  exits  for  an‐
182              other reason, the monitor process exits.
183
184              This  option  is  normally used with --detach, but it also func‐
185              tions without it.
186
187       --no-chdir
188              By default, when --detach is specified, ovsdb-server changes its
189              current  working  directory  to  the root directory after it de‐
190              taches.  Otherwise, invoking ovsdb-server from a carelessly cho‐
191              sen  directory  would  prevent the administrator from unmounting
192              the file system that holds that directory.
193
194              Specifying  --no-chdir  suppresses  this  behavior,   preventing
195              ovsdb-server  from changing its current working directory.  This
196              may be useful for collecting core files, since it is common  be‐
197              havior  to  write  core dumps into the current working directory
198              and the root directory is not a good directory to use.
199
200              This option has no effect when --detach is not specified.
201
202       --no-self-confinement
203              By default daemon will try to self-confine itself to  work  with
204              files  under well-known directories determined during build.  It
205              is better to stick with this default behavior  and  not  to  use
206              this  flag  unless  some other Access Control is used to confine
207              daemon.  Note that in contrast to other access control implemen‐
208              tations  that are typically enforced from kernel-space (e.g. DAC
209              or MAC), self-confinement is imposed from the user-space  daemon
210              itself  and hence should not be considered as a full confinement
211              strategy, but instead should be viewed as an additional layer of
212              security.
213
214       --user Causes  ovsdb-server  to  run  as  a different user specified in
215              "user:group", thus dropping most of the root  privileges.  Short
216              forms "user" and ":group" are also allowed, with current user or
217              group are assumed respectively. Only daemons started by the root
218              user accepts this argument.
219
220              On   Linux,   daemons   will   be   granted   CAP_IPC_LOCK   and
221              CAP_NET_BIND_SERVICES before dropping root  privileges.  Daemons
222              that  interact  with  a  datapath, such as ovs-vswitchd, will be
223              granted three  additional  capabilities,  namely  CAP_NET_ADMIN,
224              CAP_NET_BROADCAST  and  CAP_NET_RAW.  The capability change will
225              apply even if the new user is root.
226
227              On Windows, this option is not currently supported. For security
228              reasons,  specifying  this  option will cause the daemon process
229              not to start.
230
231   Service Options
232       The following options are valid only on Windows platform.
233
234       --service
235              Causes ovsdb-server to run as a service in the  background.  The
236              service  should already have been created through external tools
237              like SC.exe.
238
239       --service-monitor
240              Causes the ovsdb-server service to be automatically restarted by
241              the  Windows  services  manager if the service dies or exits for
242              unexpected reasons.
243
244              When --service is not specified, this option has no effect.
245
246   Logging Options
247       -v[spec]
248       --verbose=[spec]
249              Sets logging levels.  Without any spec, sets the log  level  for
250              every  module and destination to dbg.  Otherwise, spec is a list
251              of words separated by spaces or commas or colons, up to one from
252              each category below:
253
254              •      A  valid  module name, as displayed by the vlog/list com‐
255                     mand on ovs-appctl(8), limits the log level change to the
256                     specified module.
257
258syslog,  console,  or file, to limit the log level change
259                     to only to the system log, to the console, or to a  file,
260                     respectively.   (If  --detach  is specified, ovsdb-server
261                     closes its standard file descriptors, so logging  to  the
262                     console will have no effect.)
263
264                     On  Windows platform, syslog is accepted as a word and is
265                     only useful along with the  --syslog-target  option  (the
266                     word has no effect otherwise).
267
268off,  emer,  err,  warn, info, or dbg, to control the log
269                     level.  Messages of the given severity or higher will  be
270                     logged,  and  messages of lower severity will be filtered
271                     out.  off filters out all  messages.   See  ovs-appctl(8)
272                     for a definition of each log level.
273
274              Case is not significant within spec.
275
276              Regardless  of  the  log  levels set for file, logging to a file
277              will not take place unless --log-file is also specified (see be‐
278              low).
279
280              For compatibility with older versions of OVS, any is accepted as
281              a word but has no effect.
282
283       -v
284       --verbose
285              Sets the maximum logging verbosity level, equivalent  to  --ver‐
286              bose=dbg.
287
288       -vPATTERN:destination:pattern
289       --verbose=PATTERN:destination:pattern
290              Sets  the  log  pattern  for  destination  to pattern.  Refer to
291              ovs-appctl(8) for a description of the valid syntax for pattern.
292
293       -vFACILITY:facility
294       --verbose=FACILITY:facility
295              Sets the RFC5424 facility of the log message.  facility  can  be
296              one  of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
297              clock, ftp, ntp, audit, alert, clock2, local0,  local1,  local2,
298              local3,  local4, local5, local6 or local7. If this option is not
299              specified, daemon is used as the default for  the  local  system
300              syslog  and local0 is used while sending a message to the target
301              provided via the --syslog-target option.
302
303       --log-file[=file]
304              Enables logging to a file.  If file is  specified,  then  it  is
305              used  as  the exact name for the log file.  The default log file
306              name   used   if   file    is    omitted    is    /var/log/open‐
307              vswitch/ovsdb-server.log.
308
309       --syslog-target=host:port
310              Send  syslog  messages  to  UDP port on host, in addition to the
311              system syslog.  The host must be a numerical IP address,  not  a
312              hostname.
313
314       --syslog-method=method
315              Specify method how syslog messages should be sent to syslog dae‐
316              mon.  Following forms are supported:
317
318libc, use libc syslog() function.  Downside of using this
319                     options  is  that libc adds fixed prefix to every message
320                     before it is actually sent  to  the  syslog  daemon  over
321                     /dev/log UNIX domain socket.
322
323unix:file, use UNIX domain socket directly.  It is possi‐
324                     ble to specify arbitrary message format with this option.
325                     However,  rsyslogd  8.9 and older versions use hard coded
326                     parser function anyway that  limits  UNIX  domain  socket
327                     use.   If  you  want to use arbitrary message format with
328                     older rsyslogd versions, then use UDP socket to localhost
329                     IP address instead.
330
331udp:ip:port, use UDP socket.  With this method it is pos‐
332                     sible to use arbitrary message  format  also  with  older
333                     rsyslogd.   When  sending syslog messages over UDP socket
334                     extra precaution needs to be taken into account, for  ex‐
335                     ample,  syslog daemon needs to be configured to listen on
336                     the specified UDP port, accidental iptables  rules  could
337                     be  interfering  with  local syslog traffic and there are
338                     some security considerations that apply to  UDP  sockets,
339                     but do not apply to UNIX domain sockets.
340
341null, discards all messages logged to syslog.
342
343              The  default  is  taken  from  the OVS_SYSLOG_METHOD environment
344              variable; if it is unset, the default is libc.
345
346   Active-Backup Options
347       These options support the ovsdb-server active-backup service model  and
348       database  replication.   These  options  apply only to databases in the
349       format used for standalone and active-backup databases,  which  is  the
350       database  format  created  by  ovsdb-tool  create.  By default, when it
351       serves a database in this format, ovsdb-server  runs  as  a  standalone
352       server.  These options can configure it for active-backup use:
353
354       •      Use  --sync-from=server  to start the server in the backup role,
355              replicating data from server.  When ovsdb-server is running as a
356              backup  server,  it rejects all transactions that can modify the
357              database content, including lock commands.  The same form can be
358              used to configure the local database as a replica of server.
359
360       •      Use  --sync-from=server  --active to start the server in the ac‐
361              tive role, but prepared to switch to the backup role in which it
362              would replicate data from server.  When ovsdb-server runs in ac‐
363              tive mode, it allows all transactions, including those that mod‐
364              ify the database.
365
366       At  runtime,  management commands can change a server's role and other‐
367       wise manage active-backup features.  See Active-Backup Commands, below,
368       for more information.
369
370       --sync-from=server
371              Sets up ovsdb-server to synchronize its databases with the data‐
372              bases in server, which must be an active  connection  method  in
373              one  of the forms documented in ovsdb-client(1).  Every transac‐
374              tion committed by server will  be  replicated  to  ovsdb-server.
375              This  option  makes  ovsdb-server  start as a backup server; add
376              --active to make it start as an active server.
377
378       --sync-exclude-tables=db:table[,db:table]...
379              Causes the specified tables to be excluded from replication.
380
381       --active
382              By default, --sync-from makes ovsdb-server start up as a  backup
383              for  server.   With --active, however, ovsdb-server starts as an
384              active server.  Use this option to allow the syncing options  to
385              be  specified  using command line options, yet start the server,
386              as the default, active server.  To switch the running server  to
387              backup  mode, use ovs-appctl(1) to execute the ovsdb-server/con‐
388              nect-active-ovsdb-server command.
389
390   Public Key Infrastructure Options
391       The options described below for configuring the SSL public  key  infra‐
392       structure  accept  a  special  syntax for obtaining their configuration
393       from the database.  If any of these options is given db:db,table,column
394       as  its  argument, then the actual file name is read from the specified
395       column in table within the db database.   The  column  must  have  type
396       string  or  set  of strings.  The first nonempty string in the table is
397       taken as the file name.  (This means that ordinarily there should be at
398       most one row in table.)
399
400       -p privkey.pem
401       --private-key=privkey.pem
402              Specifies  a  PEM  file  containing  the  private  key  used  as
403              ovsdb-server's identity for outgoing SSL connections.
404
405       -c cert.pem
406       --certificate=cert.pem
407              Specifies a PEM file containing a certificate that certifies the
408              private  key specified on -p or --private-key to be trustworthy.
409              The certificate must be signed by the certificate authority (CA)
410              that the peer in SSL connections will use to verify it.
411
412       -C cacert.pem
413       --ca-cert=cacert.pem
414              Specifies   a  PEM  file  containing  the  CA  certificate  that
415              ovsdb-server should use to verify certificates presented  to  it
416              by  SSL peers.  (This may be the same certificate that SSL peers
417              use to verify the certificate specified on -c or  --certificate,
418              or  it  may  be  a different one, depending on the PKI design in
419              use.)
420
421       -C none
422       --ca-cert=none
423              Disables verification of certificates presented  by  SSL  peers.
424              This  introduces a security risk, because it means that certifi‐
425              cates cannot be verified to be those of known trusted hosts.
426
427       --bootstrap-ca-cert=cacert.pem
428              When cacert.pem exists, this option has the same effect as -C or
429              --ca-cert.  If it does not exist, then ovsdb-server will attempt
430              to obtain the CA certificate from the SSL peer on its first  SSL
431              connection and save it to the named PEM file.  If it is success‐
432              ful, it will immediately drop the connection and reconnect,  and
433              from then on all SSL connections must be authenticated by a cer‐
434              tificate signed by the CA certificate thus obtained.
435
436              This option exposes the SSL connection  to  a  man-in-the-middle
437              attack  obtaining the initial CA certificate, but it may be use‐
438              ful for bootstrapping.
439
440              This option is only useful if the SSL peer sends its CA certifi‐
441              cate  as  part  of  the SSL certificate chain.  The SSL protocol
442              does not require the server to send the CA certificate.
443
444              This option is mutually exclusive with -C and --ca-cert.
445
446       --peer-ca-cert=peer-cacert.pem
447              Specifies a PEM file that contains one or more  additional  cer‐
448              tificates  to  send to SSL peers.  peer-cacert.pem should be the
449              CA certificate used to sign ovsdb-server's own certificate, that
450              is,  the  certificate  specified  on  -c  or  --certificate.  If
451              ovsdb-server's certificate is  self-signed,  then  --certificate
452              and --peer-ca-cert should specify the same file.
453
454              This  option  is not useful in normal operation, because the SSL
455              peer must already have the CA certificate for the peer  to  have
456              any confidence in ovsdb-server's identity.  However, this offers
457              a way for a new installation to bootstrap the CA certificate  on
458              its first SSL connection.
459
460   SSL Connection Options
461       --ssl-protocols=protocols
462              Specifies,  in  a comma- or space-delimited list, the SSL proto‐
463              cols ovsdb-server will enable for  SSL  connections.   Supported
464              protocols  include  TLSv1,  TLSv1.1, and TLSv1.2.  Regardless of
465              order, the highest protocol supported by both sides will be cho‐
466              sen when making the connection.  The default when this option is
467              omitted is TLSv1,TLSv1.1,TLSv1.2.
468
469       --ssl-ciphers=ciphers
470              Specifies,  in  OpenSSL  cipher  string  format,   the   ciphers
471              ovsdb-server will support for SSL connections.  The default when
472              this option is omitted is HIGH:!aNULL:!MD5.
473
474   Other Options
475       --unixctl=socket
476              Sets the name of the control socket on which  ovsdb-server  lis‐
477              tens  for  runtime  management  commands (see RUNTIME MANAGEMENT
478              COMMANDS, below).  If socket does not begin with /, it is inter‐
479              preted as relative to /var/run/openvswitch.  If --unixctl is not
480              used   at   all,   the   default   socket   is    /var/run/open‐
481              vswitch/ovsdb-server.pid.ctl,   where   pid   is  ovsdb-server's
482              process ID.
483
484              On Windows a local named pipe is used to listen for runtime man‐
485              agement  commands.   A  file  is created in the absolute path as
486              pointed by socket or if --unixctl is not used at all, a file  is
487              created  as ovsdb-server.ctl in the configured OVS_RUNDIR direc‐
488              tory.  The file exists just to mimic the behavior of a Unix  do‐
489              main socket.
490
491              Specifying none for socket disables the control socket feature.
492
493       --record[=directory]
494              Sets  the  process  in "recording" mode, in which it will record
495              all the connections, data from streams (Unix domain and  network
496              sockets)  and some other important necessary bits, so they could
497              be replayed later.  Recorded data is stored in replay  files  in
498              specified  directory.  If directory does not begin with /, it is
499              interpreted as relative to /var/run/openvswitch.   If  directory
500              is not specified, /var/run/openvswitch will be used.
501
502       --replay[=directory]
503              Sets  the process in "replay" mode, in which it will read infor‐
504              mation about connections, data from  streams  (Unix  domain  and
505              network sockets) and some other necessary bits directly from re‐
506              play files instead of using real sockets.  Replay files from the
507              directory  will be used.  If directory does not begin with /, it
508              is interpreted as relative to /var/run/openvswitch.   If  direc‐
509              tory is not specified, /var/run/openvswitch will be used.
510
511       -h
512       --help Prints a brief help message to the console.
513
514       -V
515       --version
516              Prints version information to the console.
517

RUNTIME MANAGEMENT COMMANDS

519       ovs-appctl(8) can send commands to a running ovsdb-server process.  The
520       currently supported commands are described below.
521
522   ovsdb-server Commands
523       These commands are specific to ovsdb-server.
524
525       exit   Causes ovsdb-server to gracefully terminate.
526
527       ovsdb-server/compact [db]
528              Compacts database db in-place.  If db is not specified, compacts
529              every database in-place.  A database is also compacted automati‐
530              cally when a transaction is logged if it  is  over  2  times  as
531              large  as  its previous compacted size (and at least 10 MB), but
532              not before 100 commits  have  been  added  or  10  minutes  have
533              elapsed since the last compaction. It will also be compacted au‐
534              tomatically after 24 hours since the last compaction if 100 com‐
535              mits were added regardless of its size.
536
537       ovsdb-server/memory-trim-on-compaction on|off
538              If  this  option is on, ovsdb-server will try to reclaim all un‐
539              used heap memory back to the system after each successful  data‐
540              base compaction to reduce the memory consumption of the process.
541              off by default.
542
543       ovsdb-server/reconnect
544              Makes ovsdb-server drop all of the JSON-RPC connections to data‐
545              base clients and reconnect.
546
547              This  command might be useful for debugging issues with database
548              clients.
549
550       ovsdb-server/add-remote remote
551              Adds a remote, as if --remote=remote had been specified  on  the
552              ovsdb-server command line.  (If remote is already a remote, this
553              command succeeds without changing the configuration.)
554
555       ovsdb-server/remove-remote remote
556              Removes the specified remote  from  the  configuration,  failing
557              with  an  error  if  remote is not configured as a remote.  This
558              command only works with remotes that were named on  --remote  or
559              ovsdb-server/add-remote,  that  is,  it  will not remove remotes
560              added indirectly because they were read  from  the  database  by
561              configuring  a  db:db,table,column  remote.   (You  can remove a
562              database source with ovsdb-server/remove-remote db:db,table,col‐
563              umn,  but  not  individual  remotes found indirectly through the
564              database.)
565
566       ovsdb-server/list-remotes
567              Outputs a list of the  currently  configured  remotes  named  on
568              --remote  or  ovsdb-server/add-remote, that is, it does not list
569              remotes added indirectly because they were read from  the  data‐
570              base by configuring a db:db,table,column remote.
571
572       ovsdb-server/add-db database
573              Adds  the  database to the running ovsdb-server.  database could
574              be a database file or a relay description in the following  for‐
575              mat:  relay:schema_name:remote.   The database file must already
576              have been created and initialized using, for example, ovsdb-tool
577              create.
578
579       ovsdb-server/remove-db database
580              Removes  database  from the running ovsdb-server.  database must
581              be a database name as listed by ovsdb-server/list-dbs.
582
583              If a remote has been configured that  points  to  the  specified
584              database  (e.g.  --remote=db:database,...  on the command line),
585              then it will be disabled until another database  with  the  same
586              name is added again (with ovsdb-server/add-db).
587
588              Any  public  key  infrastructure  options specified through this
589              database  (e.g.  --private-key=db:database,...  on  the  command
590              line) will be disabled until another database with the same name
591              is added again (with ovsdb-server/add-db).
592
593       ovsdb-server/list-dbs
594              Outputs a list of the currently configured databases  added  ei‐
595              ther through the command line or through the ovsdb-server/add-db
596              command.
597
598   Active-Backup Commands
599       These commands query and update the role of ovsdb-server within an  ac‐
600       tive-backup pair of servers.  See Active-Backup Options, above, and Ac‐
601       tive-Backup Database Service Model in ovsdb(7) for more information.
602
603       ovsdb-server/set-active-ovsdb-server server
604              Sets  the active server from which ovsdb-server connects through
605              ovsdb-server/connect-active-ovsdb-server.   This  overrides  the
606              --sync-from command-line option.
607
608       ovsdb-server/get-active-ovsdb-server
609              Gets the active server from which ovsdb-server is currently syn‐
610              chronizing its databases.
611
612       ovsdb-server/connect-active-ovsdb-server
613              Switches  the  server  to a backup role.  The server starts syn‐
614              chronizing its databases with the  active  server  specified  by
615              ovsdb-server/set-active-ovsdb-server  (or  the  --sync-from com‐
616              mand-line option) and closes all  existing  client  connections,
617              which requires clients to reconnect.
618
619       ovsdb-server/disconnect-active-ovsdb-server
620              Switches  the  server  to an active role.  The server stops syn‐
621              chronizing its databases with an active server  and  closes  all
622              existing  client  connections,  which requires clients to recon‐
623              nect.
624
625       ovsdb-server/set-active-ovsdb-server-probe-interval probe interval
626              Sets  the probe interval (in milli seconds) for  the  connection
627              to active server.
628
629       ovsdb-server/set-sync-exclude-tables db:table[,db:table]...
630              Sets the table within db that will be excluded from synchroniza‐
631              tion.  This overrides the --sync-exclude-tables command-line op‐
632              tion.
633
634       ovsdb-server/get-sync-exclude-tables
635              Gets  the  tables  that are currently excluded from synchroniza‐
636              tion.
637
638       ovsdb-server/sync-status
639              Prints a summary of replication run time information. The  state
640              information is always provided, indicating whether the server is
641              running in the active or  the  backup  mode.   When  running  in
642              backup  mode, replication connection status, which can be either
643              connecting, replicating or error, are shown.  When  the  connec‐
644              tion  is  in replicating state, further output shows the list of
645              databases currently replicating, and the  tables  that  are  ex‐
646              cluded.
647
648   Cluster Commands
649       These  commands support the ovsdb-server clustered service model.  They
650       apply only to databases in the format  used  for  clustered  databases,
651       which  is  the database format created by ovsdb-tool create-cluster and
652       ovsdb-tool join-cluster.
653
654       cluster/cid db
655              Prints the cluster ID for db, which is a  UUID  that  identifies
656              the  cluster.   If  db is a database newly created by ovsdb-tool
657              cluster-join that has not yet successfully joined  its  cluster,
658              and  --cid  was  not specified on the cluster-join command line,
659              then this command will report an error because the cluster ID is
660              not yet known.
661
662       cluster/sid db
663              Prints  the  server  ID  for db, which is a UUID that identifies
664              this server within the cluster.
665
666       cluster/status db
667              Prints this server's status within the cluster and the status of
668              its connections to other servers in the cluster.
669
670       cluster/leave db
671              This  command  starts the server gracefully removing itself from
672              its cluster.  At least one server must remain, and  the  cluster
673              must  be  healthy,  that  is, over half of the cluster's servers
674              must be up.
675
676              When the server successfully leaves the cluster, it stops  serv‐
677              ing db, as if ovsdb-server/remove-db db had been executed.
678
679              Use  ovsdb-client  wait  (see ovsdb-client(1)) to wait until the
680              server has left the cluster.
681
682              Once a server leaves a cluster, it may  never  rejoin  it.   In‐
683              stead, create a new server and join it to the cluster.
684
685              Note  that removing the server from the cluster alters the total
686              size of the cluster. For example, if you remove two servers from
687              a  three  server  cluster,  then  the "cluster" becomes a single
688              functioning server.  This does not  result  in  a  three  server
689              cluster that lacks quorum.
690
691       cluster/kick db server
692              Start  graceful  removal of server from db's cluster, like clus‐
693              ter/leave (without  --force)  except  that  it  can  remove  any
694              server, not just this one.
695
696              server  may  be  a  server ID, as printed by cluster/sid, or the
697              server's local network address as passed  to  ovsdb-tool's  cre‐
698              ate-cluster  or join-cluster command.  Use cluster/status to see
699              a list of cluster members.
700
701       cluster/change-election-timer db time
702              Change the leader election timeout base value of the cluster, in
703              milliseconds.
704
705              Leader  election  will be initiated by a follower if there is no
706              heartbeat received from the leader within this time plus a  ran‐
707              dom time within 1 second.
708
709              The  default  value  is  1000, if not changed with this command.
710              This command can be used to adjust the value when necessary, ac‐
711              cording to the expected load and response time of the servers.
712
713              This  command  must be executed on the leader.  It initiates the
714              change to the cluster.  To see if the change takes effect  (com‐
715              mitted), use cluster/status to show the current setting.  Once a
716              change is committed, it persists at server restarts.
717
718       cluster/set-backlog-threshold db n_msgs n_bytes
719              Sets the backlog limits for db's RAFT connections to  a  maximum
720              of  n_msgs  messages or n_bytes bytes.  If the backlog on one of
721              the connections reaches the limit, it will be disconnected  (and
722              re-established).   Values  are  checked only if the backlog con‐
723              tains more than 50 messages.
724
725   VLOG COMMANDS
726       These commands manage ovsdb-server's logging settings.
727
728       vlog/set [spec]
729              Sets logging levels.  Without any spec, sets the log  level  for
730              every  module and destination to dbg.  Otherwise, spec is a list
731              of words separated by spaces or commas or colons, up to one from
732              each category below:
733
734              •      A  valid  module name, as displayed by the vlog/list com‐
735                     mand on ovs-appctl(8), limits the log level change to the
736                     specified module.
737
738syslog,  console,  or file, to limit the log level change
739                     to only to the system log, to the console, or to a  file,
740                     respectively.
741
742                     On  Windows platform, syslog is accepted as a word and is
743                     only useful along with the  --syslog-target  option  (the
744                     word has no effect otherwise).
745
746off,  emer,  err,  warn, info, or dbg, to control the log
747                     level.  Messages of the given severity or higher will  be
748                     logged,  and  messages of lower severity will be filtered
749                     out.  off filters out all  messages.   See  ovs-appctl(8)
750                     for a definition of each log level.
751
752              Case is not significant within spec.
753
754              Regardless  of  the  log  levels set for file, logging to a file
755              will not take place unless ovsdb-server  was  invoked  with  the
756              --log-file option.
757
758              For compatibility with older versions of OVS, any is accepted as
759              a word but has no effect.
760
761       vlog/set PATTERN:destination:pattern
762              Sets the log pattern  for  destination  to  pattern.   Refer  to
763              ovs-appctl(8) for a description of the valid syntax for pattern.
764
765       vlog/list
766              Lists the supported logging modules and their current levels.
767
768       vlog/list-pattern
769              Lists logging patterns used for each destination.
770
771       vlog/close
772              Causes  ovsdb-server to close its log file, if it is open.  (Use
773              vlog/reopen to reopen it later.)
774
775       vlog/reopen
776              Causes ovsdb-server to close its log file, if it  is  open,  and
777              then  reopen  it.   (This is useful after rotating log files, to
778              cause a new log file to be used.)
779
780              This has no effect unless  ovsdb-server  was  invoked  with  the
781              --log-file option.
782
783       vlog/disable-rate-limit [module]...
784       vlog/enable-rate-limit [module]...
785              By  default,  ovsdb-server limits the rate at which certain mes‐
786              sages can be logged.  When a  message  would  appear  more  fre‐
787              quently  than  the  limit,  it  is  suppressed.  This saves disk
788              space, makes logs easier to read, and speeds up  execution,  but
789              occasionally  troubleshooting  requires more detail.  Therefore,
790              vlog/disable-rate-limit allows rate limits to be disabled at the
791              level  of  an individual log module.  Specify one or more module
792              names, as displayed by the vlog/list command.  Specifying either
793              no  module  names at all or the keyword any disables rate limits
794              for every log module.
795
796              The vlog/enable-rate-limit command, whose syntax is the same  as
797              vlog/disable-rate-limit,  can  be used to re-enable a rate limit
798              that was previously disabled.
799
800   MEMORY COMMANDS
801       These commands report memory usage.
802
803       memory/show
804              Displays some basic statistics about ovsdb-server's  memory  us‐
805              age.  ovsdb-server also logs this information soon after startup
806              and periodically as its memory consumption grows.
807
808   COVERAGE COMMANDS
809       These commands manage ovsdb-server's ``coverage counters,'' which count
810       the  number of times particular events occur during a daemon's runtime.
811       In addition to these commands, ovsdb-server automatically logs coverage
812       counter  values,  at INFO level, when it detects that the daemon's main
813       loop takes unusually long to run.
814
815       Coverage counters are useful mainly for performance analysis and debug‐
816       ging.
817
818       coverage/show
819              Displays the averaged per-second rates for the last few seconds,
820              the last minute and the last hour, and the total counts  of  all
821              of the coverage counters.
822
823       coverage/read-counter counter
824              Displays the total count for the given coverage counter.
825

BUGS

827       In Open vSwitch before version 2.4, when ovsdb-server sent JSON-RPC er‐
828       ror responses to some requests, it incorrectly formulated them with the
829       result  and  error  swapped,  so that the response appeared to indicate
830       success (with a nonsensical result) rather than an error.  The requests
831       that suffered from this problem were:
832
833       transact
834       get_schema
835              Only if the request names a nonexistent database.
836
837       monitor
838       lock
839       unlock In all error cases.
840
841       Of  these  cases,  the  only  error  that a well-written application is
842       likely to encounter in practice is monitor of tables or columns that do
843       not  exist, in an situation where the application has been upgraded but
844       the old database schema is still temporarily in use.   To  handle  this
845       situation  gracefully, we recommend that clients should treat a monitor
846       response with a result that contains an error key-value pair as an  er‐
847       ror  (assuming that the database being monitored does not contain a ta‐
848       ble named error).
849

SEE ALSO

851       ovsdb(7), ovsdb-tool(1), ovsdb-server(5), ovsdb-server(7).
852
853
854
855Open vSwitch                        2.17.0                     ovsdb-server(1)
Impressum