Provided by: openvswitch-switch_1.4.0-1ubuntu1_amd64
ovsdb-server - Open vSwitch database server
ovsdb-server [database] [--remote=remote]... [--run=command] Daemon options: [--pidfile[=pidfile]] [--overwrite-pidfile] [--detach] [--no-chdir] Logging options: [-v[module[:facility[:level]]]]... [--verbose[=module[:facility[:level]]]]... [--log-file[=file]] Public key infrastructure options: [--private-key=privkey.pem] [--certificate=cert.pem] [--ca-cert=cacert.pem] [--bootstrap-ca-cert=cacert.pem] Runtime management options: --unixctl=socket Common options: [-h | --help] [-V | --version]
The ovsdb-server program provides RPC interfaces to an Open vSwitch database (OVSDB). It supports JSON-RPC client connections over active or passive TCP/IP or Unix domain sockets. The OVSDB file may be specified on the command line as database. The default is /etc/openvswitch/conf.db. The database file must already have been created and initialized using, for example, ovsdb-tool create.
--remote=remote Adds remote as a connection method used by ovsdb-server. remote must take one of the following forms: pssl:port[:ip] Listen on the given SSL port for a connection. By default, ovsdb-server listens for connections to any local IP address, but specifying ip limits connections to those from the given ip. The --private-key, --certificate, and --ca-cert options are mandatory when this form is used. ptcp:port[:ip] Listen on the given TCP port for a connection. By default, ovsdb-server listens for connections to any local IP address, but ip may be specified to listen only for connections to the given ip. punix:file Listen on the Unix domain server socket named file for a connection. ssl:ip:port The specified SSL port on the host at the given ip, which must be expressed as an IP address (not a DNS name). The --private-key, --certificate, and --ca-cert options are mandatory when this form is used. tcp:ip:port Connect to the given TCP port on ip. unix:file Connect to the Unix domain server socket named file. db:table,column Reads additional connection methods from column in all of the rows in table. As the contents of column changes, ovsdb-server also adds and drops connection methods accordingly. If column's type is string or set of strings, then the connection methods are taken directly from the column. The connection methods in the column must have one of the forms described above. If column's type is UUID or set of UUIDs and references a table, then each UUID is looked up in the referenced table to obtain a row. The following columns in the row, if present and of the correct type, configure a connection method. Any additional columns are ignored. target (string) Connection method, in one of the forms described above. This column is mandatory: if it is missing or empty then no connection method can be configured. max_backoff (integer) Maximum number of milliseconds to wait between connection attempts. inactivity_probe (integer) Maximum number of milliseconds of idle time on connection to client before sending an inactivity probe message. It is an error for column to have another type. --run=command] Ordinarily ovsdb-server runs forever, or until it is told to exit (see RUNTIME MANAGEMENT COMMANDS below). With this option, ovsdb-server instead starts a shell subprocess running command. When the subprocess terminates, ovsdb-server also exits gracefully. If the subprocess exits normally with exit code 0, then ovsdb-server exits with exit code 0 also; otherwise, it exits with exit code 1. This option can be useful where a database server is needed only to run a single command, e.g.: ovsdb-server --remote=punix:socket --run='ovsdb-client dump unix:socket Open_vSwitch' Daemon Options --pidfile[=pidfile] Causes a file (by default, ovsdb-server.pid) to be created indicating the PID of the running process. If the pidfile argument is not specified, or if it does not begin with /, then it is created in /var/run/openvswitch. If --pidfile is not specified, no pidfile is created. --overwrite-pidfile By default, when --pidfile is specified and the specified pidfile already exists and is locked by a running process, ovsdb-server refuses to start. Specify --overwrite-pidfile to cause it to instead overwrite the pidfile. When --pidfile is not specified, this option has no effect. --detach Causes ovsdb-server to detach itself from the foreground session and run as a background process. ovsdb-server detaches only after it starts listening on all configured remotes. --monitor Creates an additional process to monitor the ovsdb-server daemon. If the daemon dies due to a signal that indicates a programming error (e.g. SIGSEGV, SIGABRT), then the monitor process starts a new copy of it. If the daemon die or exits for another reason, the monitor process exits. This option is normally used with --detach, but it also functions without it. --no-chdir By default, when --detach is specified, ovsdb-server changes its current working directory to the root directory after it detaches. Otherwise, invoking ovsdb-server from a carelessly chosen directory would prevent the administrator from unmounting the file system that holds that directory. Specifying --no-chdir suppresses this behavior, preventing ovsdb-server from changing its current working directory. This may be useful for collecting core files, since it is common behavior to write core dumps into the current working directory and the root directory is not a good directory to use. This option has no effect when --detach is not specified. Logging Options -vmodule[:facility[:level]], --verbose=module[:facility[:level]] Sets the logging level for module in facility to level: · module may be any valid module name (as displayed by the --list action on ovs-appctl(8)), or the special name ANY to set the logging levels for all modules. · facility may be syslog, console, or file to set the levels for logging to the system log, the console, or a file respectively, or ANY to set the logging levels for both facilities. If it is omitted, facility defaults to ANY. Regardless of the log levels set for file, logging to a file will not take place unless --log-file is also specified (see below). · level must be one of off, emer, err, warn, info, or dbg, designating the minimum severity of a message for it to be logged. If it is omitted, level defaults to dbg. See ovs-appctl(8) for a definition of each log level. -v, --verbose Sets the maximum logging verbosity level, equivalent to --verbose=ANY:ANY:dbg. -vPATTERN:facility:pattern, --verbose=PATTERN:facility:pattern Sets the log pattern for facility to pattern. Refer to ovs-appctl(8) for a description of the valid syntax for pattern. --log-file[=file] Enables logging to a file. If file is specified, then it is used as the exact name for the log file. The default log file name used if file is omitted is /var/log/openvswitch/ovsdb-server.log. Public Key Infrastructure Options The options described below for configuring the SSL public key infrastructure accept a special syntax for obtaining their configuration from the database. If any of these options is given db:table,column as its argument, then the actual file name is read from the specified column in table within the ovsdb-server database. The column must have type string or set of strings. The first nonempty string in the table is taken as the file name. (This means that ordinarily there should be at most one row in table.) -p privkey.pem --private-key=privkey.pem Specifies a PEM file containing the private key used as ovsdb-server's identity for outgoing SSL connections. -c cert.pem --certificate=cert.pem Specifies a PEM file containing a certificate that certifies the private key specified on -p or --private-key to be trustworthy. The certificate must be signed by the certificate authority (CA) that the peer in SSL connections will use to verify it. -C cacert.pem --ca-cert=cacert.pem Specifies a PEM file containing the CA certificate that ovsdb-server should use to verify certificates presented to it by SSL peers. (This may be the same certificate that SSL peers use to verify the certificate specified on -c or --certificate, or it may be a different one, depending on the PKI design in use.) -C none --ca-cert=none Disables verification of certificates presented by SSL peers. This introduces a security risk, because it means that certificates cannot be verified to be those of known trusted hosts. --bootstrap-ca-cert=cacert.pem When cacert.pem exists, this option has the same effect as -C or --ca-cert. If it does not exist, then ovsdb-server will attempt to obtain the CA certificate from the SSL peer on its first SSL connection and save it to the named PEM file. If it is successful, it will immediately drop the connection and reconnect, and from then on all SSL connections must be authenticated by a certificate signed by the CA certificate thus obtained. This option exposes the SSL connection to a man-in-the-middle attack obtaining the initial CA certificate, but it may be useful for bootstrapping. This option is only useful if the SSL peer sends its CA certificate as part of the SSL certificate chain. The SSL protocol does not require the server to send the CA certificate, but ovsdb-client(8) can be configured to do so with the --peer-ca-cert option. This option is mutually exclusive with -C and --ca-cert. Other Options --unixctl=socket Sets the name of the control socket on which ovsdb-server listens for runtime management commands (see RUNTIME MANAGEMENT COMMANDS, below). If socket does not begin with /, it is interpreted as relative to /var/run/openvswitch. If --unixctl is not used at all, the default socket is /var/run/openvswitch/ovsdb-server.pid.ctl, where pid is ovsdb-server's process ID. Specifying none for socket disables the control socket feature. -h, --help Prints a brief help message to the console. -V, --version Prints version information to the console.
RUNTIME MANAGEMENT COMMANDS
ovs-appctl(8) can send commands to a running ovsdb-server process. The currently supported commands are described below. OVSDB-SERVER COMMANDS These commands are specific to ovsdb-server. exit Causes ovsdb-server to gracefully terminate. ovsdb-server/compact Compacts the database in-place. The database is also automatically compacted occasionally. ovsdb-server/reconnect Makes ovsdb-server drop all of the JSON-RPC connections to database clients and reconnect. This command might be useful for debugging issues with database clients. VLOG COMMANDS These commands manage ovsdb-server's logging settings. vlog/set module[:facility[:level]] Sets the logging level for module in facility to level: · module may be any valid module name (as displayed by the --list action on ovs-appctl(8)), or the special name ANY to set the logging levels for all modules. · facility may be syslog, console, or file to set the levels for logging to the system log, the console, or a file respectively, or ANY to set the logging levels for both facilities. If it is omitted, facility defaults to ANY. The log level for the file facility has no effect unless ovsdb-server was invoked with the --log-file option. · level must be one of off, emer, err, warn, info, or dbg, designating the minimum severity of a message for it to be logged. If it is omitted, level defaults to dbg. vlog/set PATTERN:facility:pattern Sets the log pattern for facility to pattern. Refer to ovs-appctl(8) for a description of the valid syntax for pattern. vlog/list Lists the supported logging modules and their current levels. vlog/reopen Causes ovsdb-server to close and reopen its log file. (This is useful after rotating log files, to cause a new log file to be used.) This has no effect unless ovsdb-server was invoked with the --log-file option. STRESS OPTION COMMANDS These command manage stress options, which allow developers testing Open vSwitch to trigger behavior that otherwise would occur only in corner cases. Developers and testers can thereby more easily discover bugs that would otherwise manifest only rarely or nondeterministically. Stress options may cause surprising behavior even when they do not actually reveal bugs, so they should only be enabled as part of testing Open vSwitch. stress/enable stress/disable All stress options are disabled by default. Use stress/enable to enable stress options and stress/disable to disable them. stress/list Lists and describes the available stress options and their settings in tabular form. The columns in the table are: NAME A single-word identifier for the option, used to identify stress options to stress/set. DESCRIPTION A description for a person unfamiliar with the detailed internals of the code what behavior the option affects. PERIOD Currently configured trigger period. If the stress option is disabled, this is disabled. Otherwise this is a number giving the number of occurrences of the event between activations of the stress option triggers. MODE If the stress option is disabled, this is n/a. Otherwise it is periodic if the stress option triggers after exactly the period, or random if it triggers randomly but on average after the number of occurrences specified by the period. COUNTER If the stress option is disabled, this is n/a. Otherwise it is the number of occurrences of the event before the next time the stress option triggers. HITS The number of times that this stress option has triggered since this program started. RECOMMENDED A suggested period for a person unfamiliar with the internals. It should put reasonable stress on the system without crippling it. MINIMUM MAXIMUM Minimum and maximum values allowed for the period. DEFAULT The default period, used when stress options have been enabled (with stress/enable) but this particular stress option has not been specifically configured (with stress/set). It is disabled if the option is disabled by default. It is nonzero for options that can be left on at low levels without noticable impact to the end user. stress/set option period [random|periodic] Sets the period at which stress option triggers to period. A period of 0 disables option. Specify random to make the option trigger randomly with an average period of period, or periodic to trigger exactly every period events; the latter is the default. If stress options have not been enabled with stress/enable, this command has no effect.