bionic (8) ovs-ctl.8.gz

Provided by: openvswitch-switch_2.9.8-0ubuntu0.18.04.5_amd64 bug

NAME

       ovs-ctl - OVS startup helper script

SYNOPSIS

       ovs-ctl --system-id=random|uuid [options] start
       ovs-ctl stop
       ovs-ctl --system-id=random|uuid [options] restart
       ovs-ctl status
       ovs-ctl version
       ovs-ctl [options] load-kmod
       ovs-ctl --system-id=random|uuid [options] force-reload-kmod
       ovs-ctl [--protocol=protocol] [--sport=sport] [--dport=dport] enable-protocol
       ovs-ctl delete-transient-ports
       ovs-ctl help | -h | --help
       ovs-ctl --version

DESCRIPTION

       The  ovs-ctl program starts, stops, and checks the status of Open vSwitch daemons.  It is not meant to be
       invoked directly by system administrators but to be called internally by system startup scripts.

       Each of ovs-ctl's commands is described separately below.

The ``start'' command

       The start command starts Open vSwitch.  It performs the following tasks:

       1.     Loads the Open vSwitch kernel module.  If this fails, and the Linux bridge module is loaded but no
              bridges  exist,  it  tries  to  unload the bridge module and tries loading the Open vSwitch kernel
              module again.  (This is because the Open vSwitch kernel  module  cannot  coexist  with  the  Linux
              bridge module before 2.6.37.)

       The start command skips the following steps if ovsdb-server is already running:

       2.     If  the Open vSwitch database file does not exist, it creates it.  If the database does exist, but
              it has an obsolete version, it upgrades it to the latest schema.

       3.     Starts ovsdb-server, unless the --no-ovsdb-server command option is given.

       4.     Initializes a few values inside the database.

       5.     If the --delete-bridges option was used, deletes all of the bridges from the database.

       6.     If   the   --delete-transient-ports   option   was   used,   deletes   all   ports    that    have
              other_config:transient set to true.

       The   start   command   skips  the  following  step  if  ovs-vswitchd  is  already  running,  or  if  the
       --no-ovs-vswitchd command option is given:

       7.     Starts ovs-vswitchd.

   Options
       Several command-line options influence the start command's behavior.  Some form of the  following  option
       should ordinarily be specified:

       --system-id=uuid
       --system-id=random
              This  specifies  a unique system identifier to store into external-ids:system-id in the database's
              Open_vSwitch table.  Remote managers that talk to the Open vSwitch database  server  over  network
              protocols  use  this  value  to  identify  and distinguish Open vSwitch instances, so it should be
              unique (at least) within OVS instances that will connect to a single controller.

              When random is specified, ovs-ctl will generate a random ID that persists from one run to  another
              (stored in a file).  When another string is specified ovs-ctl uses it literally.

       The following options should be specified if the defaults are not suitable:

       --system-type=type
       --system-version=version
              Sets  the  value  to  store  in  the  system-type and system-version columns, respectively, in the
              database's Open_vSwitch table.  Remote managers may use these values  to  determine  the  kind  of
              system to which they are connected (primarily for display to human administrators).

              When not specified, ovs-ctl uses values from the optional system-type.conf and system-version.conf
              files(see section FILES) or it uses the lsb_release program, if  present,  to  provide  reasonable
              defaults.

       The following options are also likely to be useful:

       --external-id="name=value"
              Sets  external-ids:name  to  value  in  the database's Open_vSwitch table.  Specifying this option
              multiple times adds multiple key-value pairs.

       --delete-bridges
              Ordinarily Open vSwitch bridges persist from one system boot to the next, as long as the  database
              is  preserved.   Some  environments  instead  expect  to  re-create  all  of the bridges and other
              configuration state on every boot.  This option  supports  that,  by  deleting  all  Open  vSwitch
              bridges after starting ovsdb-server but before starting ovs-vswitchd.

       --delete-transient-ports
              Deletes  all  ports  that  have the other_config:transient value set to true. This is important on
              certain environments where some ports are going to be recreated after reboot, but other ports need
              to be persisted in the database.

       --ovs-user=user[:group]
              Ordinarily Open vSwitch daemons are started as the user invoking the ovs-ctl command.  Some system
              administrators would prefer to have  the  various  daemons  spawn  as  different  users  in  their
              environments.   This  option allows passing the --user option to the ovsdb-server and ovs-vswitchd
              daemons, allowing them to change their privilege levels.

       The following options are less important:

       --no-monitor
              By default ovs-ctl passes --monitor to ovs-vswitchd and ovsdb-server, requesting that it  spawn  a
              process  monitor  which  will  restart  the  daemon  if  it  crashes.  This option suppresses that
              behavior.

       --daemon-cwd=directory
              Specifies the current working directory that the OVS daemons should run from.  The  default  is  /
              (the root directory) if this option is not specified.  (This option is useful because most systems
              create core files in a process's current working directory and because a file system  that  is  in
              use as a process's current working directory cannot be unmounted.)

       --no-force-corefiles
              By default, ovs-ctl enables core dumps for the OVS daemons.  This option disables that behavior.

       --no-mlockall
              By  default  ovs-ctl passes --mlockall to ovs-vswitchd, requesting that it lock all of its virtual
              memory, preventing it from being paged to disk.  This option suppresses that behavior.

       --no-self-confinement
              Disable self-confinement for ovs-vswitchd and ovsdb-server daemons.  This flag may be  used  when,
              for  example, OpenFlow controller creates its Unix Domain Socket outside OVS run directory and OVS
              needs to connect to it.  It is better to stick with the default behavior and not to use this flag,
              unless:

              •      You have Open vSwitch running under SELinux or AppArmor Mandatory Access Control that would
                     prevent OVS from messing with sockets outside ordinary OVS directories.

              •      You believe that relying on protocol handshakes (e.g. OpenFlow) is enough to prevent OVS to
                     adversely interact with other daemons running on your system.

              •      You  don't have much worries of remote OVSDB exploits in the first place, because, perhaps,
                     OVSDB manager is running on the same host as OVS and share similar attack vectors.

       --ovsdb-server-priority=niceness
       --ovs-vswitchd-priority=niceness
              Sets the nice(1) level used for each daemon.  All of them default to -10.

       --ovsdb-server-wrapper=wrapper
       --ovs-vswitchd-wrapper=wrapper
              Configures the specified daemon to run under wrapper, which is one of the following:

              valgrind
                     Run the daemon under valgrind(1), if it is installed, logging to daemon.valgrind.log.pid in
                     the log directory.

              strace Run the daemon under strace(1), if it is installed, logging to daemon.strace.log.pid in the
                     log directory.

              glibc  Enable GNU C library features designed to find memory errors.

              By default, no wrapper is used.

              Each of the wrappers can expose bugs in Open vSwitch that lead to incorrect  operation,  including
              crashes.   The  valgrind  and strace wrappers greatly slow daemon operations so they should not be
              used in production.   They  also  produce  voluminous  logs  that  can  quickly  fill  small  disk
              partitions.  The glibc wrapper is less resource-intensive but still somewhat slows the daemons.

       The  following  options control file locations.  They should only be used if the default locations cannot
       be used.  See FILES, below, for more information.

       --db-file=file
              Overrides the file name for the OVS database.

       --db-sock=socket
              Overrides the file name for the Unix domain socket used to connect to ovsdb-server.

       --db-schema=schema
              Overrides the file name for the OVS database schema.

       --extra-dbs=file
              Adds file as an extra database for ovsdb-server to serve out.  Multiple space-separated file names
              may  also  be  specified.   file  should  begin  with  /; if it does not, then it will be taken as
              relative to dbdir.

The ``stop'' command

       The stop command does not unload the Open vSwitch kernel modules. It can take the same  --no-ovsdb-server
       and --no-ovs-vswitchd options as that of the start command.

       This command does nothing and finishes successfully if the OVS daemons aren't running.

The ``restart'' command

       The  restart  command performs a stop followed by a start command.  The command can take the same options
       as that of the start command. In addition, it saves and  restores  OpenFlow  flows  for  each  individual
       bridge.

The ``status'' command

       The  status  command  checks whether the OVS daemons ovs-vswitchd and ovsdb-server are running and prints
       messages with that information.  It exits with status 0 if the daemons are running, 1 otherwise.

The ``version'' command

       The version command runs ovsdb-server --version and ovs-vswitchd --version.

The ``force-reload-kmod'' command

       The force-reload-kmod command allows upgrading the Open vSwitch  kernel  module  without  rebooting.   It
       performs the following tasks:

       1.     Gets  a list of OVS ``internal'' interfaces, that is, network devices implemented by Open vSwitch.
              The most common examples of these are bridge ``local ports''.

       2.     Saves the OpenFlow flows of each bridge.

       3.     Stops the Open vSwitch daemons, as if by a call to ovs-ctl stop.

       4.     Saves the kernel configuration state of the OVS internal interfaces listed in step 1, including IP
              and IPv6 addresses and routing table entries.

       5.     Unloads  the  Open  vSwitch  kernel  module  (including  the  bridge compatibility module if it is
              loaded).

       6.     Starts OVS back up, as if by a call to ovs-ctl start.  This reloads the  kernel  module,  restarts
              the OVS daemons and finally restores the saved OpenFlow flows.

       7.     Restores the kernel configuration state that was saved in step 4.

       8.     Checks  for  daemons  that  may  need  to  be  restarted because they have packet sockets that are
              listening on old instances of Open vSwitch kernel interfaces  and,  if  it  finds  any,  prints  a
              warning on stdout.  DHCP is a common example: if the ISC DHCP client is running on an OVS internal
              interface, then it will have to be restarted after completing the above procedure.  (It  would  be
              nice  if  ovs-ctl  could  restart daemons automatically, but the details are far too specific to a
              particular distribution and installation.)

       force-kmod-reload internally stops and starts OVS, so it accepts all of the options accepted by the start
       command except for the --no-ovs-vswitchd option.

The ``load-kmod'' command

       The load-kmod command loads the openvswitch kernel modules if they are not already loaded. This operation
       also occurs as part of the start command. The motivation for providing the load-kmod command is to  allow
       errors  when  loading modules to be handled separatetly from other errors that may occur when running the
       start command.

       By default the load-kmod command attempts to load the openvswitch kernel module.

The ``enable-protocol'' command

       The enable-protocol command checks for rules related to a specified protocol in the system's  iptables(8)
       configuration.   If  there  are no rules specifically related to that protocol, then it inserts a rule to
       accept the specified protocol.

       More specifically:

       •      If iptables is not installed or not enabled, this command does  nothing,  assuming  that  lack  of
              filtering means that the protocol is enabled.

       •      If the INPUT chain has a rule that matches the specified protocol, then this command does nothing,
              assuming that whatever rule is installed reflects the system administrator's decisions.

       •      Otherwise, this command installs a rule that accepts traffic of the specified protocol.

       This command normally completes successfully, even if it does nothing.  Only the failure of an attempt to
       insert  a rule normally causes it to return an exit code other than 0.  The following options control the
       protocol to be enabled:

       --protocol=protocol
              The name of the IP protocol to be enabled, such as gre or tcp.  The default is gre.

       --sport=sport
       --dport=dport
              TCP or UDP source or destination port  to  match.   These  are  optional  and  allowed  only  with
              --protocol=tcp or --protocol=udp.

The ``delete-transient-ports'' command

       Deletes all ports that have the other_config:transient value set to true.

The ``help'' command

       Prints a usage message and exits successfully.

OPTIONS

       In  addition  to the options listed for each command above, these options control the behavior of several
       of ovs-ctl's commands.

       By default, ovs-ctl will control the ovsdb-server, and the ovs-vswitchd daemons.  The  following  options
       restrict that control to exclude one or the other:

       --no-ovsdb-server
              Specifies  that the ovs-ctl commands start, stop, and restart should not modify the running status
              of ovsdb-server.

       --no-ovs-vswitchd
              Specifies that the ovs-ctl commands start, stop, and restart should not modify the running  status
              of ovs-vswitchd.  It is an error to include this option with the force-reload-kmod command.

EXIT STATUS

       ovs-ctl  exits  with  status  0  on  success  and nonzero on failure.  The start command is considered to
       succeed if OVS is already started; the stop command is considered to succeed if OVS is already stopped.

ENVIRONMENT

       The following environment variables affect ovs-ctl:

       PATH   ovs-ctl does not hardcode the location of any of the programs that it runs.  ovs-ctl will add  the
              sbindir and bindir that were specified at configure time to PATH, if they are not already present.

       OVS_LOGDIR
       OVS_RUNDIR
       OVS_DBDIR
       OVS_SYSCONFDIR
       OVS_PKGDATADIR
       OVS_BINDIR
       OVS_SBINDIR
              Setting  one of these variables in the environment overrides the respective configure option, both
              for ovs-ctl itself and for the other Open vSwitch programs that it runs.

FILES

       ovs-ctl uses the following files:

       ovs-lib
              Shell function library used internally by ovs-ctl.  It must be installed in the same directory  as
              ovs-ctl.

       logdir/daemon.log
              Per-daemon logfiles.

       rundir/daemon.pid
              Per-daemon pidfiles to track whether a daemon is running and with what process ID.

       pkgdatadir/vswitch.ovsschema
              The  OVS  database  schema  used  to  initialize  the  database  (use --db-schema to override this
              location).

       dbdir/conf.db
              The OVS database (use --db-file to override this location).

       rundir/openvswitch/db.sock
              The Unix domain socket used for local communication with ovsdb-server (use --db-sock  to  override
              this location).

       sysconfdir/openvswitch/system-id.conf
              The persistent system UUID created and read by --system-id=random.

       sysconfdir/openvswitch/system-type.conf
       sysconfdir/openvswitch/system-version.conf
              The  system-type   and  system-version values stored in the database's Open_vSwitch table when not
              specified as a command-line option.

EXAMPLE

       The files debian/openvswitch-switch.init and xenserver/etc_init.d_openvswitch in the Open vSwitch  source
       distribution are good examples of how to use ovs-ctl.

SEE ALSO

       README.rst, ovsdb-server(8), ovs-vswitchd(8).