1ovsdb-server(1) Open vSwitch Manual ovsdb-server(1)
2
6 ovsdb-server - Open vSwitch database server
7
9 ovsdb-server [database]... [relay:schema_name:remote]... [--re‐
10 mote=remote]... [--run=command]
11 Daemon options:
13 [--pidfile[=pidfile]] [--overwrite-pidfile] [--detach]
14 [--no-chdir] [--no-self-confinement]
15 Service options:
17 [--service] [--service-monitor]
18 Logging options:
20 [-v[module[:destination[:level]]]]...
21 [--verbose[=module[:destination[:level]]]]...
22 [--log-file[=file]]
23 Active-backup options:
25 [--sync-from=server] [--sync-exclude-tables=db:table[,db:ta‐
26 ble]...] [--active]
27 Public key infrastructure options:
29 [--private-key=privkey.pem]
30 [--certificate=cert.pem]
31 [--ca-cert=cacert.pem]
32 [--bootstrap-ca-cert=cacert.pem]
33 [--peer-ca-cert=peer-cacert.pem]
34 SSL connection options:
36 [--ssl-protocols=protocols]
37 [--ssl-ciphers=ciphers]
38 Runtime management options:
40 --unixctl=socket
41 Replay options:
43 [--record[=directory]] [--replay[=directory]]
44 Common options:
46 [-h | --help] [-V | --version]
47
50 The ovsdb-server program provides RPC interfaces to one or more Open
51 vSwitch databases (OVSDBs). It supports JSON-RPC client connections
52 over active or passive TCP/IP or Unix domain sockets. For an introduc‐
53 tion to OVSDB and its implementation in Open vSwitch, see ovsdb(7).
54 Each OVSDB file may be specified on the command line as database. Re‐
56 lay databases may be specified on the command line as re‐
57 lay:schema_name:remote. For a detailed description of relay database
58 argument, see ovsdb(7). If none of database files or relay databases
59 is specified, the default is /etc/openvswitch/conf.db. The database
60 files must already have been created and initialized using, for exam‐
61 ple, ovsdb-tool's create, create-cluster, or join-cluster command.
62 This OVSDB implementation supports standalone, active-backup, relay and
64 clustered database service models, as well as database replication.
65 See the Service Models section of ovsdb(7) for more information.
66 For clustered databases, when the --detach option is used, ovsdb-server
68 detaches without waiting for the server to successfully join a cluster
69 (if the database file is freshly created with ovsdb-tool join-cluster)
70 or connect to a cluster that it has already joined. Use ovsdb-client
71 wait (see ovsdb-client(1)) to wait until the server has successfully
72 joined and connected to a cluster. The same is true for relay data‐
73 bases. Same commands could be used to wait for a relay database to
74 connect to the relay source (remote).
75 In addition to user-specified databases, ovsdb-server version 2.9 and
77 later also always hosts a built-in database named _Server. Please see
78 ovsdb-server(5) for documentation on this database's schema.
79
81 --remote=remote
82 Adds remote as a connection method used by ovsdb-server. The
83 remote may be an OVSDB active or passive connection method, e.g.
84 pssl:6640, as described in ovsdb(7). The following additional
85 form is also supported:
86 db:db,table,column
88 Reads additional connection methods from column in all of
89 the rows in table within db. As the contents of column
90 changes, ovsdb-server also adds and drops connection
91 methods accordingly.
92 If column's type is string or set of strings, then the
94 connection methods are taken directly from the column.
95 The connection methods in the column must have one of the
96 forms described above.
97 If column's type is UUID or set of UUIDs and references a
99 table, then each UUID is looked up in the referenced ta‐
100 ble to obtain a row. The following columns in the row,
101 if present and of the correct type, configure a connec‐
102 tion method. Any additional columns are ignored.
103 target (string)
105 Connection method, in one of the forms described
106 above. This column is mandatory: if it is missing
107 or empty then no connection method can be config‐
108 ured.
109 max_backoff (integer)
111 Maximum number of milliseconds to wait between
112 connection attempts.
113 inactivity_probe (integer)
115 Maximum number of milliseconds of idle time on
116 connection to client before sending an inactivity
117 probe message.
118 read_only (boolean)
120 If true, only read-only transactions are allowed
121 on this connection.
122 It is an error for column to have another type.
124 To connect or listen on multiple connection methods, use multi‐
126 ple --remote options.
127 --run=command]
129 Ordinarily ovsdb-server runs forever, or until it is told to
130 exit (see RUNTIME MANAGEMENT COMMANDS below). With this option,
131 ovsdb-server instead starts a shell subprocess running command.
132 When the subprocess terminates, ovsdb-server also exits grace‐
133 fully. If the subprocess exits normally with exit code 0, then
134 ovsdb-server exits with exit code 0 also; otherwise, it exits
135 with exit code 1.
136 This option can be useful where a database server is needed only
138 to run a single command, e.g.: ovsdb-server --re‐
139 mote=punix:socket --run='ovsdb-client dump unix:socket
140 Open_vSwitch'
141 This option is not supported on Windows platform.
143 Daemon Options
145 The following options are valid on POSIX based platforms.
146 --pidfile[=pidfile]
148 Causes a file (by default, ovsdb-server.pid) to be created indi‐
149 cating the PID of the running process. If the pidfile argument
150 is not specified, or if it does not begin with /, then it is
151 created in /var/run/openvswitch.
152 If --pidfile is not specified, no pidfile is created.
154 --overwrite-pidfile
156 By default, when --pidfile is specified and the specified pid‐
157 file already exists and is locked by a running process,
158 ovsdb-server refuses to start. Specify --overwrite-pidfile to
159 cause it to instead overwrite the pidfile.
160 When --pidfile is not specified, this option has no effect.
162 --detach
164 Runs ovsdb-server as a background process. The process forks,
165 and in the child it starts a new session, closes the standard
166 file descriptors (which has the side effect of disabling logging
167 to the console), and changes its current directory to the root
168 (unless --no-chdir is specified). After the child completes its
169 initialization, the parent exits. ovsdb-server detaches only
170 after it starts listening on all configured remotes. At this
171 point, all standalone and active-backup databases are ready for
172 use. Clustered databases only become ready for use after they
173 finish joining their clusters (which could have already happened
174 in previous runs of ovsdb-server).
175 --monitor
177 Creates an additional process to monitor the ovsdb-server dae‐
178 mon. If the daemon dies due to a signal that indicates a pro‐
179 gramming error (SIGABRT, SIGALRM, SIGBUS, SIGFPE, SIGILL, SIG‐
180 PIPE, SIGSEGV, SIGXCPU, or SIGXFSZ) then the monitor process
181 starts a new copy of it. If the daemon dies or exits for an‐
182 other reason, the monitor process exits.
183 This option is normally used with --detach, but it also func‐
185 tions without it.
186 --no-chdir
188 By default, when --detach is specified, ovsdb-server changes its
189 current working directory to the root directory after it de‐
190 taches. Otherwise, invoking ovsdb-server from a carelessly cho‐
191 sen directory would prevent the administrator from unmounting
192 the file system that holds that directory.
193 Specifying --no-chdir suppresses this behavior, preventing
195 ovsdb-server from changing its current working directory. This
196 may be useful for collecting core files, since it is common be‐
197 havior to write core dumps into the current working directory
198 and the root directory is not a good directory to use.
199 This option has no effect when --detach is not specified.
201 --no-self-confinement
203 By default daemon will try to self-confine itself to work with
204 files under well-known directories determined during build. It
205 is better to stick with this default behavior and not to use
206 this flag unless some other Access Control is used to confine
207 daemon. Note that in contrast to other access control implemen‐
208 tations that are typically enforced from kernel-space (e.g. DAC
209 or MAC), self-confinement is imposed from the user-space daemon
210 itself and hence should not be considered as a full confinement
211 strategy, but instead should be viewed as an additional layer of
212 security.
213 --user Causes ovsdb-server to run as a different user specified in
215 "user:group", thus dropping most of the root privileges. Short
216 forms "user" and ":group" are also allowed, with current user or
217 group are assumed respectively. Only daemons started by the root
218 user accepts this argument.
219 On Linux, daemons will be granted CAP_IPC_LOCK and
221 CAP_NET_BIND_SERVICES before dropping root privileges. Daemons
222 that interact with a datapath, such as ovs-vswitchd, will be
223 granted three additional capabilities, namely CAP_NET_ADMIN,
224 CAP_NET_BROADCAST and CAP_NET_RAW. The capability change will
225 apply even if the new user is root.
226 On Windows, this option is not currently supported. For security
228 reasons, specifying this option will cause the daemon process
229 not to start.
230 Service Options
232 The following options are valid only on Windows platform.
233 --service
235 Causes ovsdb-server to run as a service in the background. The
236 service should already have been created through external tools
237 like SC.exe.
238 --service-monitor
240 Causes the ovsdb-server service to be automatically restarted by
241 the Windows services manager if the service dies or exits for
242 unexpected reasons.
243 When --service is not specified, this option has no effect.
245 Logging Options
247 -v[spec]
248 --verbose=[spec]
249 Sets logging levels. Without any spec, sets the log level for
250 every module and destination to dbg. Otherwise, spec is a list
251 of words separated by spaces or commas or colons, up to one from
252 each category below:
253 • A valid module name, as displayed by the vlog/list com‐
255 mand on ovs-appctl(8), limits the log level change to the
256 specified module.
257 • syslog, console, or file, to limit the log level change
259 to only to the system log, to the console, or to a file,
260 respectively. (If --detach is specified, ovsdb-server
261 closes its standard file descriptors, so logging to the
262 console will have no effect.)
263 On Windows platform, syslog is accepted as a word and is
265 only useful along with the --syslog-target option (the
266 word has no effect otherwise).
267 • off, emer, err, warn, info, or dbg, to control the log
269 level. Messages of the given severity or higher will be
270 logged, and messages of lower severity will be filtered
271 out. off filters out all messages. See ovs-appctl(8)
272 for a definition of each log level.
273 Case is not significant within spec.
275 Regardless of the log levels set for file, logging to a file
277 will not take place unless --log-file is also specified (see be‐
278 low).
279 For compatibility with older versions of OVS, any is accepted as
281 a word but has no effect.
282 -v
284 --verbose
285 Sets the maximum logging verbosity level, equivalent to --ver‐
286 bose=dbg.
287 -vPATTERN:destination:pattern
289 --verbose=PATTERN:destination:pattern
290 Sets the log pattern for destination to pattern. Refer to
291 ovs-appctl(8) for a description of the valid syntax for pattern.
292 -vFACILITY:facility
294 --verbose=FACILITY:facility
295 Sets the RFC5424 facility of the log message. facility can be
296 one of kern, user, mail, daemon, auth, syslog, lpr, news, uucp,
297 clock, ftp, ntp, audit, alert, clock2, local0, local1, local2,
298 local3, local4, local5, local6 or local7. If this option is not
299 specified, daemon is used as the default for the local system
300 syslog and local0 is used while sending a message to the target
301 provided via the --syslog-target option.
302 --log-file[=file]
304 Enables logging to a file. If file is specified, then it is
305 used as the exact name for the log file. The default log file
306 name used if file is omitted is /var/log/open‐
307 vswitch/ovsdb-server.log.
308 --syslog-target=host:port
310 Send syslog messages to UDP port on host, in addition to the
311 system syslog. The host must be a numerical IP address, not a
312 hostname.
313 --syslog-method=method
315 Specify method how syslog messages should be sent to syslog dae‐
316 mon. Following forms are supported:
317 • libc, use libc syslog() function. Downside of using this
319 options is that libc adds fixed prefix to every message
320 before it is actually sent to the syslog daemon over
321 /dev/log UNIX domain socket.
322 • unix:file, use UNIX domain socket directly. It is possi‐
324 ble to specify arbitrary message format with this option.
325 However, rsyslogd 8.9 and older versions use hard coded
326 parser function anyway that limits UNIX domain socket
327 use. If you want to use arbitrary message format with
328 older rsyslogd versions, then use UDP socket to localhost
329 IP address instead.
330 • udp:ip:port, use UDP socket. With this method it is pos‐
332 sible to use arbitrary message format also with older
333 rsyslogd. When sending syslog messages over UDP socket
334 extra precaution needs to be taken into account, for ex‐
335 ample, syslog daemon needs to be configured to listen on
336 the specified UDP port, accidental iptables rules could
337 be interfering with local syslog traffic and there are
338 some security considerations that apply to UDP sockets,
339 but do not apply to UNIX domain sockets.
340 • null, discards all messages logged to syslog.
342 The default is taken from the OVS_SYSLOG_METHOD environment
344 variable; if it is unset, the default is libc.
345 Active-Backup Options
347 These options support the ovsdb-server active-backup service model and
348 database replication. These options apply only to databases in the
349 format used for standalone and active-backup databases, which is the
350 database format created by ovsdb-tool create. By default, when it
351 serves a database in this format, ovsdb-server runs as a standalone
352 server. These options can configure it for active-backup use:
353 • Use --sync-from=server to start the server in the backup role,
355 replicating data from server. When ovsdb-server is running as a
356 backup server, it rejects all transactions that can modify the
357 database content, including lock commands. The same form can be
358 used to configure the local database as a replica of server.
359 • Use --sync-from=server --active to start the server in the ac‐
361 tive role, but prepared to switch to the backup role in which it
362 would replicate data from server. When ovsdb-server runs in ac‐
363 tive mode, it allows all transactions, including those that mod‐
364 ify the database.
365 At runtime, management commands can change a server's role and other‐
367 wise manage active-backup features. See Active-Backup Commands, below,
368 for more information.
369 --sync-from=server
371 Sets up ovsdb-server to synchronize its databases with the data‐
372 bases in server, which must be an active connection method in
373 one of the forms documented in ovsdb-client(1). Every transac‐
374 tion committed by server will be replicated to ovsdb-server.
375 This option makes ovsdb-server start as a backup server; add
376 --active to make it start as an active server.
377 --sync-exclude-tables=db:table[,db:table]...
379 Causes the specified tables to be excluded from replication.
380 --active
382 By default, --sync-from makes ovsdb-server start up as a backup
383 for server. With --active, however, ovsdb-server starts as an
384 active server. Use this option to allow the syncing options to
385 be specified using command line options, yet start the server,
386 as the default, active server. To switch the running server to
387 backup mode, use ovs-appctl(1) to execute the ovsdb-server/con‐
388 nect-active-ovsdb-server command.
389 Public Key Infrastructure Options
391 The options described below for configuring the SSL public key infra‐
392 structure accept a special syntax for obtaining their configuration
393 from the database. If any of these options is given db:db,table,column
394 as its argument, then the actual file name is read from the specified
395 column in table within the db database. The column must have type
396 string or set of strings. The first nonempty string in the table is
397 taken as the file name. (This means that ordinarily there should be at
398 most one row in table.)
399 -p privkey.pem
401 --private-key=privkey.pem
402 Specifies a PEM file containing the private key used as
403 ovsdb-server's identity for outgoing SSL connections.
404 -c cert.pem
406 --certificate=cert.pem
407 Specifies a PEM file containing a certificate that certifies the
408 private key specified on -p or --private-key to be trustworthy.
409 The certificate must be signed by the certificate authority (CA)
410 that the peer in SSL connections will use to verify it.
411 -C cacert.pem
413 --ca-cert=cacert.pem
414 Specifies a PEM file containing the CA certificate that
415 ovsdb-server should use to verify certificates presented to it
416 by SSL peers. (This may be the same certificate that SSL peers
417 use to verify the certificate specified on -c or --certificate,
418 or it may be a different one, depending on the PKI design in
419 use.)
420 -C none
422 --ca-cert=none
423 Disables verification of certificates presented by SSL peers.
424 This introduces a security risk, because it means that certifi‐
425 cates cannot be verified to be those of known trusted hosts.
426 --bootstrap-ca-cert=cacert.pem
428 When cacert.pem exists, this option has the same effect as -C or
429 --ca-cert. If it does not exist, then ovsdb-server will attempt
430 to obtain the CA certificate from the SSL peer on its first SSL
431 connection and save it to the named PEM file. If it is success‐
432 ful, it will immediately drop the connection and reconnect, and
433 from then on all SSL connections must be authenticated by a cer‐
434 tificate signed by the CA certificate thus obtained.
435 This option exposes the SSL connection to a man-in-the-middle
437 attack obtaining the initial CA certificate, but it may be use‐
438 ful for bootstrapping.
439 This option is only useful if the SSL peer sends its CA certifi‐
441 cate as part of the SSL certificate chain. The SSL protocol
442 does not require the server to send the CA certificate.
443 This option is mutually exclusive with -C and --ca-cert.
445 --peer-ca-cert=peer-cacert.pem
447 Specifies a PEM file that contains one or more additional cer‐
448 tificates to send to SSL peers. peer-cacert.pem should be the
449 CA certificate used to sign ovsdb-server's own certificate, that
450 is, the certificate specified on -c or --certificate. If
451 ovsdb-server's certificate is self-signed, then --certificate
452 and --peer-ca-cert should specify the same file.
453 This option is not useful in normal operation, because the SSL
455 peer must already have the CA certificate for the peer to have
456 any confidence in ovsdb-server's identity. However, this offers
457 a way for a new installation to bootstrap the CA certificate on
458 its first SSL connection.
459 SSL Connection Options
461 --ssl-protocols=protocols
462 Specifies, in a comma- or space-delimited list, the SSL proto‐
463 cols ovsdb-server will enable for SSL connections. Supported
464 protocols include TLSv1, TLSv1.1, and TLSv1.2. Regardless of
465 order, the highest protocol supported by both sides will be cho‐
466 sen when making the connection. The default when this option is
467 omitted is TLSv1,TLSv1.1,TLSv1.2.
468 --ssl-ciphers=ciphers
470 Specifies, in OpenSSL cipher string format, the ciphers
471 ovsdb-server will support for SSL connections. The default when
472 this option is omitted is HIGH:!aNULL:!MD5.
473 Other Options
475 --unixctl=socket
476 Sets the name of the control socket on which ovsdb-server lis‐
477 tens for runtime management commands (see RUNTIME MANAGEMENT
478 COMMANDS, below). If socket does not begin with /, it is inter‐
479 preted as relative to /var/run/openvswitch. If --unixctl is not
480 used at all, the default socket is /var/run/open‐
481 vswitch/ovsdb-server.pid.ctl, where pid is ovsdb-server's
482 process ID.
483 On Windows a local named pipe is used to listen for runtime man‐
485 agement commands. A file is created in the absolute path as
486 pointed by socket or if --unixctl is not used at all, a file is
487 created as ovsdb-server.ctl in the configured OVS_RUNDIR direc‐
488 tory. The file exists just to mimic the behavior of a Unix do‐
489 main socket.
490 Specifying none for socket disables the control socket feature.
492 --record[=directory]
494 Sets the process in "recording" mode, in which it will record
495 all the connections, data from streams (Unix domain and network
496 sockets) and some other important necessary bits, so they could
497 be replayed later. Recorded data is stored in replay files in
498 specified directory. If directory does not begin with /, it is
499 interpreted as relative to /var/run/openvswitch. If directory
500 is not specified, /var/run/openvswitch will be used.
501 --replay[=directory]
503 Sets the process in "replay" mode, in which it will read infor‐
504 mation about connections, data from streams (Unix domain and
505 network sockets) and some other necessary bits directly from re‐
506 play files instead of using real sockets. Replay files from the
507 directory will be used. If directory does not begin with /, it
508 is interpreted as relative to /var/run/openvswitch. If direc‐
509 tory is not specified, /var/run/openvswitch will be used.
510 -h
512 --help Prints a brief help message to the console.
513 -V
515 --version
516 Prints version information to the console.
517
519 ovs-appctl(8) can send commands to a running ovsdb-server process. The
520 currently supported commands are described below.
521 ovsdb-server Commands
523 These commands are specific to ovsdb-server.
524 exit Causes ovsdb-server to gracefully terminate.
526 ovsdb-server/compact [db]
528 Compacts database db in-place. If db is not specified, compacts
529 every database in-place. A database is also compacted automati‐
530 cally when a transaction is logged if it is over 2 times as
531 large as its previous compacted size (and at least 10 MB), but
532 not before 100 commits have been added or 10 minutes have
533 elapsed since the last compaction. It will also be compacted au‐
534 tomatically after 24 hours since the last compaction if 100 com‐
535 mits were added regardless of its size.
536 ovsdb-server/memory-trim-on-compaction on|off
538 If this option is on, ovsdb-server will try to reclaim all un‐
539 used heap memory back to the system after each successful data‐
540 base compaction to reduce the memory consumption of the process.
541 off by default.
542 ovsdb-server/reconnect
544 Makes ovsdb-server drop all of the JSON-RPC connections to data‐
545 base clients and reconnect.
546 This command might be useful for debugging issues with database
548 clients.
549 ovsdb-server/add-remote remote
551 Adds a remote, as if --remote=remote had been specified on the
552 ovsdb-server command line. (If remote is already a remote, this
553 command succeeds without changing the configuration.)
554 ovsdb-server/remove-remote remote
556 Removes the specified remote from the configuration, failing
557 with an error if remote is not configured as a remote. This
558 command only works with remotes that were named on --remote or
559 ovsdb-server/add-remote, that is, it will not remove remotes
560 added indirectly because they were read from the database by
561 configuring a db:db,table,column remote. (You can remove a
562 database source with ovsdb-server/remove-remote db:db,table,col‐
563 umn, but not individual remotes found indirectly through the
564 database.)
565 ovsdb-server/list-remotes
567 Outputs a list of the currently configured remotes named on
568 --remote or ovsdb-server/add-remote, that is, it does not list
569 remotes added indirectly because they were read from the data‐
570 base by configuring a db:db,table,column remote.
571 ovsdb-server/add-db database
573 Adds the database to the running ovsdb-server. database could
574 be a database file or a relay description in the following for‐
575 mat: relay:schema_name:remote. The database file must already
576 have been created and initialized using, for example, ovsdb-tool
577 create.
578 ovsdb-server/remove-db database
580 Removes database from the running ovsdb-server. database must
581 be a database name as listed by ovsdb-server/list-dbs.
582 If a remote has been configured that points to the specified
584 database (e.g. --remote=db:database,... on the command line),
585 then it will be disabled until another database with the same
586 name is added again (with ovsdb-server/add-db).
587 Any public key infrastructure options specified through this
589 database (e.g. --private-key=db:database,... on the command
590 line) will be disabled until another database with the same name
591 is added again (with ovsdb-server/add-db).
592 ovsdb-server/list-dbs
594 Outputs a list of the currently configured databases added ei‐
595 ther through the command line or through the ovsdb-server/add-db
596 command.
597 ovsdb-server/tlog-set database:table on|off
599 Enables or disables logging of all operations executed on the
600 specified database and table. Logs are generated at INFO level
601 and are rate limtied.
602 ovsdb-server/tlog-list
604 Displays the logging state for all currently configured data‐
605 bases and tables.
606 Active-Backup Commands
608 These commands query and update the role of ovsdb-server within an ac‐
609 tive-backup pair of servers. See Active-Backup Options, above, and Ac‐
610 tive-Backup Database Service Model in ovsdb(7) for more information.
611 ovsdb-server/set-active-ovsdb-server server
613 Sets the active server from which ovsdb-server connects through
614 ovsdb-server/connect-active-ovsdb-server. This overrides the
615 --sync-from command-line option.
616 ovsdb-server/get-active-ovsdb-server
618 Gets the active server from which ovsdb-server is currently syn‐
619 chronizing its databases.
620 ovsdb-server/connect-active-ovsdb-server
622 Switches the server to a backup role. The server starts syn‐
623 chronizing its databases with the active server specified by
624 ovsdb-server/set-active-ovsdb-server (or the --sync-from com‐
625 mand-line option) and closes all existing client connections,
626 which requires clients to reconnect.
627 ovsdb-server/disconnect-active-ovsdb-server
629 Switches the server to an active role. The server stops syn‐
630 chronizing its databases with an active server and closes all
631 existing client connections, which requires clients to recon‐
632 nect.
633 ovsdb-server/set-active-ovsdb-server-probe-interval probe interval
635 Sets the probe interval (in milli seconds) for the connection
636 to active server.
637 ovsdb-server/set-sync-exclude-tables db:table[,db:table]...
639 Sets the table within db that will be excluded from synchroniza‐
640 tion. This overrides the --sync-exclude-tables command-line op‐
641 tion.
642 ovsdb-server/get-sync-exclude-tables
644 Gets the tables that are currently excluded from synchroniza‐
645 tion.
646 ovsdb-server/sync-status
648 Prints a summary of replication run time information. The state
649 information is always provided, indicating whether the server is
650 running in the active or the backup mode. When running in
651 backup mode, replication connection status, which can be either
652 connecting, replicating or error, are shown. When the connec‐
653 tion is in replicating state, further output shows the list of
654 databases currently replicating, and the tables that are ex‐
655 cluded.
656 Cluster Commands
658 These commands support the ovsdb-server clustered service model. They
659 apply only to databases in the format used for clustered databases,
660 which is the database format created by ovsdb-tool create-cluster and
661 ovsdb-tool join-cluster.
662 cluster/cid db
664 Prints the cluster ID for db, which is a UUID that identifies
665 the cluster. If db is a database newly created by ovsdb-tool
666 cluster-join that has not yet successfully joined its cluster,
667 and --cid was not specified on the cluster-join command line,
668 then this command will report an error because the cluster ID is
669 not yet known.
670 cluster/sid db
672 Prints the server ID for db, which is a UUID that identifies
673 this server within the cluster.
674 cluster/status db
676 Prints this server's status within the cluster and the status of
677 its connections to other servers in the cluster.
678 cluster/leave db
680 This command starts the server gracefully removing itself from
681 its cluster. At least one server must remain, and the cluster
682 must be healthy, that is, over half of the cluster's servers
683 must be up.
684 When the server successfully leaves the cluster, it stops serv‐
686 ing db, as if ovsdb-server/remove-db db had been executed.
687 Use ovsdb-client wait (see ovsdb-client(1)) to wait until the
689 server has left the cluster.
690 Once a server leaves a cluster, it may never rejoin it. In‐
692 stead, create a new server and join it to the cluster.
693 Note that removing the server from the cluster alters the total
695 size of the cluster. For example, if you remove two servers from
696 a three server cluster, then the "cluster" becomes a single
697 functioning server. This does not result in a three server
698 cluster that lacks quorum.
699 cluster/kick db server
701 Start graceful removal of server from db's cluster, like clus‐
702 ter/leave (without --force) except that it can remove any
703 server, not just this one.
704 server may be a server ID, as printed by cluster/sid, or the
706 server's local network address as passed to ovsdb-tool's cre‐
707 ate-cluster or join-cluster command. Use cluster/status to see
708 a list of cluster members.
709 cluster/change-election-timer db time
711 Change the leader election timeout base value of the cluster, in
712 milliseconds.
713 Leader election will be initiated by a follower if there is no
715 heartbeat received from the leader within this time plus a ran‐
716 dom time within 1 second.
717 The default value is 1000, if not changed with this command.
719 This command can be used to adjust the value when necessary, ac‐
720 cording to the expected load and response time of the servers.
721 This command must be executed on the leader. It initiates the
723 change to the cluster. To see if the change takes effect (com‐
724 mitted), use cluster/status to show the current setting. Once a
725 change is committed, it persists at server restarts.
726 cluster/set-backlog-threshold db n_msgs n_bytes
728 Sets the backlog limits for db's RAFT connections to a maximum
729 of n_msgs messages or n_bytes bytes. If the backlog on one of
730 the connections reaches the limit, it will be disconnected (and
731 re-established). Values are checked only if the backlog con‐
732 tains more than 50 messages.
733 VLOG COMMANDS
735 These commands manage ovsdb-server's logging settings.
736 vlog/set [spec]
738 Sets logging levels. Without any spec, sets the log level for
739 every module and destination to dbg. Otherwise, spec is a list
740 of words separated by spaces or commas or colons, up to one from
741 each category below:
742 • A valid module name, as displayed by the vlog/list com‐
744 mand on ovs-appctl(8), limits the log level change to the
745 specified module.
746 • syslog, console, or file, to limit the log level change
748 to only to the system log, to the console, or to a file,
749 respectively.
750 On Windows platform, syslog is accepted as a word and is
752 only useful along with the --syslog-target option (the
753 word has no effect otherwise).
754 • off, emer, err, warn, info, or dbg, to control the log
756 level. Messages of the given severity or higher will be
757 logged, and messages of lower severity will be filtered
758 out. off filters out all messages. See ovs-appctl(8)
759 for a definition of each log level.
760 Case is not significant within spec.
762 Regardless of the log levels set for file, logging to a file
764 will not take place unless ovsdb-server was invoked with the
765 --log-file option.
766 For compatibility with older versions of OVS, any is accepted as
768 a word but has no effect.
769 vlog/set PATTERN:destination:pattern
771 Sets the log pattern for destination to pattern. Refer to
772 ovs-appctl(8) for a description of the valid syntax for pattern.
773 vlog/list
775 Lists the supported logging modules and their current levels.
776 vlog/list-pattern
778 Lists logging patterns used for each destination.
779 vlog/close
781 Causes ovsdb-server to close its log file, if it is open. (Use
782 vlog/reopen to reopen it later.)
783 vlog/reopen
785 Causes ovsdb-server to close its log file, if it is open, and
786 then reopen it. (This is useful after rotating log files, to
787 cause a new log file to be used.)
788 This has no effect unless ovsdb-server was invoked with the
790 --log-file option.
791 vlog/disable-rate-limit [module]...
793 vlog/enable-rate-limit [module]...
794 By default, ovsdb-server limits the rate at which certain mes‐
795 sages can be logged. When a message would appear more fre‐
796 quently than the limit, it is suppressed. This saves disk
797 space, makes logs easier to read, and speeds up execution, but
798 occasionally troubleshooting requires more detail. Therefore,
799 vlog/disable-rate-limit allows rate limits to be disabled at the
800 level of an individual log module. Specify one or more module
801 names, as displayed by the vlog/list command. Specifying either
802 no module names at all or the keyword any disables rate limits
803 for every log module.
804 The vlog/enable-rate-limit command, whose syntax is the same as
806 vlog/disable-rate-limit, can be used to re-enable a rate limit
807 that was previously disabled.
808 MEMORY COMMANDS
810 These commands report memory usage.
811 memory/show
813 Displays some basic statistics about ovsdb-server's memory us‐
814 age. ovsdb-server also logs this information soon after startup
815 and periodically as its memory consumption grows.
816 COVERAGE COMMANDS
818 These commands manage ovsdb-server's ``coverage counters,'' which count
819 the number of times particular events occur during a daemon's runtime.
820 In addition to these commands, ovsdb-server automatically logs coverage
821 counter values, at INFO level, when it detects that the daemon's main
822 loop takes unusually long to run.
823 Coverage counters are useful mainly for performance analysis and debug‐
825 ging.
826 coverage/show
828 Displays the averaged per-second rates for the last few seconds,
829 the last minute and the last hour, and the total counts of all
830 of the coverage counters.
831 coverage/read-counter counter
833 Displays the total count for the given coverage counter.
834
836 In Open vSwitch before version 2.4, when ovsdb-server sent JSON-RPC er‐
837 ror responses to some requests, it incorrectly formulated them with the
838 result and error swapped, so that the response appeared to indicate
839 success (with a nonsensical result) rather than an error. The requests
840 that suffered from this problem were:
841 transact
843 get_schema
844 Only if the request names a nonexistent database.
845 monitor
847 lock
848 unlock In all error cases.
849 Of these cases, the only error that a well-written application is
851 likely to encounter in practice is monitor of tables or columns that do
852 not exist, in an situation where the application has been upgraded but
853 the old database schema is still temporarily in use. To handle this
854 situation gracefully, we recommend that clients should treat a monitor
855 response with a result that contains an error key-value pair as an er‐
856 ror (assuming that the database being monitored does not contain a ta‐
857 ble named error).
858
860 ovsdb(7), ovsdb-tool(1), ovsdb-server(5), ovsdb-server(7).
861Open vSwitch 3.1.1 ovsdb-server(1)