Provided by: openvswitch-switch_2.0.2-0ubuntu0.14.04.3_amd64 bug

NAME

       ovsdb-server - Open vSwitch database server

SYNOPSIS

       ovsdb-server [database]...  [--remote=remote]...  [--run=command]

       Daemon options:
              [--pidfile[=pidfile]] [--overwrite-pidfile] [--detach] [--no-chdir]

       Logging options:
              [-v[module[:facility[:level]]]]...
              [--verbose[=module[:facility[:level]]]]...
              [--log-file[=file]]

       Public key infrastructure options:
              [--private-key=privkey.pem]
              [--certificate=cert.pem]
              [--ca-cert=cacert.pem]
              [--bootstrap-ca-cert=cacert.pem]

       Runtime management options:
              --unixctl=socket

       Common options:
              [-h | --help] [-V | --version]

DESCRIPTION

       The  ovsdb-server  program  provides  RPC interfaces to one or more Open vSwitch databases
       (OVSDBs).  It supports JSON-RPC client connections over active or passive TCP/IP  or  Unix
       domain sockets.

       Each  OVSDB  file may be specified on the command line as database.  If none is specified,
       the default is /etc/openvswitch/conf.db.   The  database  files  must  already  have  been
       created and initialized using, for example, ovsdb-tool create.

OPTIONS

       --remote=remote
              Adds  remote  as a connection method used by ovsdb-server.  remote must take one of
              the following forms:

              pssl:port[:ip]
                     Listen on the given SSL port for a connection.  By default, connections  are
                     not  bound  to  a  particular  local  IP  address,  but specifying ip limits
                     connections to those from the given ip.  The  --private-key,  --certificate,
                     and --ca-cert options are mandatory when this form is used.

              ptcp:port[:ip]
                     Listen  on the given TCP port for a connection.  By default, connections are
                     not bound to a particular local IP address,  but  ip  may  be  specified  to
                     listen only for connections to the given ip.

              punix:file
                     Listen on the Unix domain server socket named file for a connection.

              ssl:ip:port
                     The  specified SSL port on the host at the given ip, which must be expressed
                     as an IP address (not a DNS name).  The  --private-key,  --certificate,  and
                     --ca-cert options are mandatory when this form is used.

              tcp:ip:port
                     Connect to the given TCP port on ip.

              unix:file
                     Connect to the Unix domain server socket named file.

              db:db,table,column
                     Reads  additional connection methods from column in all of the rows in table
                     within db.  As the contents of column changes, ovsdb-server  also  adds  and
                     drops connection methods accordingly.

                     If  column's  type  is string or set of strings, then the connection methods
                     are taken directly from the column.  The connection methods  in  the  column
                     must have one of the forms described above.

                     If  column's  type is UUID or set of UUIDs and references a table, then each
                     UUID is looked up in the referenced table to obtain a  row.   The  following
                     columns  in  the  row,  if  present  and  of  the  correct type, configure a
                     connection method.  Any additional columns are ignored.

                     target (string)
                            Connection method, in one of the forms described above.  This  column
                            is mandatory: if it is missing or empty then no connection method can
                            be configured.

                     max_backoff (integer)
                            Maximum number of milliseconds to wait between connection attempts.

                     inactivity_probe (integer)
                            Maximum number of milliseconds of idle time on connection  to  client
                            before sending an inactivity probe message.

                     It is an error for column to have another type.

       --run=command]
              Ordinarily  ovsdb-server  runs  forever,  or  until it is told to exit (see RUNTIME
              MANAGEMENT COMMANDS below).  With this option, ovsdb-server instead starts a  shell
              subprocess  running  command.   When  the  subprocess terminates, ovsdb-server also
              exits gracefully.  If  the  subprocess  exits  normally  with  exit  code  0,  then
              ovsdb-server exits with exit code 0 also; otherwise, it exits with exit code 1.

              This  option  can  be useful where a database server is needed only to run a single
              command,  e.g.:   ovsdb-server   --remote=punix:socket   --run='ovsdb-client   dump
              unix:socket Open_vSwitch'

   Daemon Options
       --pidfile[=pidfile]
              Causes  a  file  (by default, ovsdb-server.pid) to be created indicating the PID of
              the running process.  If the pidfile argument is not specified, or if it  does  not
              begin with /, then it is created in /var/run/openvswitch.

              If --pidfile is not specified, no pidfile is created.

       --overwrite-pidfile
              By  default,  when  --pidfile is specified and the specified pidfile already exists
              and is locked by  a  running  process,  ovsdb-server  refuses  to  start.   Specify
              --overwrite-pidfile to cause it to instead overwrite the pidfile.

              When --pidfile is not specified, this option has no effect.

       --detach
              Causes  ovsdb-server  to  detach  itself  from  the foreground session and run as a
              background process. ovsdb-server detaches only after it  starts  listening  on  all
              configured remotes.

       --monitor
              Creates  an  additional  process to monitor the ovsdb-server daemon.  If the daemon
              dies due to a signal that indicates a programming error  (e.g.  SIGSEGV,  SIGABRT),
              then  the  monitor process starts a new copy of it.  If the daemon die or exits for
              another reason, the monitor process exits.

              This option is normally used with --detach, but it also functions without it.

       --no-chdir
              By default, when --detach is specified, ovsdb-server changes  its  current  working
              directory   to   the   root  directory  after  it  detaches.   Otherwise,  invoking
              ovsdb-server from a carelessly chosen directory  would  prevent  the  administrator
              from unmounting the file system that holds that directory.

              Specifying  --no-chdir  suppresses  this  behavior,  preventing  ovsdb-server  from
              changing its current working directory.  This may be  useful  for  collecting  core
              files,  since  it  is  common behavior to write core dumps into the current working
              directory and the root directory is not a good directory to use.

              This option has no effect when --detach is not specified.

   Logging Options
       -v[spec]
       --verbose=[spec]
              Sets logging levels.  Without any spec, sets the log level  for  every  module  and
              facility  to dbg.  Otherwise, spec is a list of words separated by spaces or commas
              or colons, up to one from each category below:

              •      A valid module name, as displayed by the vlog/list command on ovs-appctl(8),
                     limits the log level change to the specified module.

              •      syslog,  console,  or  file,  to  limit  the log level change to only to the
                     system log, to the console, or to a file, respectively.

              •      off, emer, err, warn, info, or dbg, to control the log level.   Messages  of
                     the  given severity or higher will be logged, and messages of lower severity
                     will be filtered out.  off filters out all messages.  See ovs-appctl(8)  for
                     a definition of each log level.

              Case is not significant within spec.

              Regardless  of  the  log levels set for file, logging to a file will not take place
              unless --log-file is also specified (see below).

              For compatibility with older versions of OVS, any is accepted as a word but has  no
              effect.

       -v
       --verbose
              Sets the maximum logging verbosity level, equivalent to --verbose=dbg.

       --log-file[=file]
              Enables logging to a file.  If file is specified, then it is used as the exact name
              for the log  file.   The  default  log  file  name  used  if  file  is  omitted  is
              /var/log/openvswitch/ovsdb-server.log.

   Public Key Infrastructure Options
       The  options  described  below  for configuring the SSL public key infrastructure accept a
       special syntax for obtaining their configuration from  the  database.   If  any  of  these
       options  is  given  db:db,table,column  as its argument, then the actual file name is read
       from the specified column in table within the db database.   The  column  must  have  type
       string  or  set  of  strings.  The first nonempty string in the table is taken as the file
       name.  (This means that ordinarily there should be at most one row in table.)

       -p privkey.pem
       --private-key=privkey.pem
              Specifies a PEM file containing the private key used as ovsdb-server's identity for
              outgoing SSL connections.

       -c cert.pem
       --certificate=cert.pem
              Specifies  a  PEM  file  containing  a  certificate  that certifies the private key
              specified on -p or --private-key to be trustworthy.  The certificate must be signed
              by  the  certificate  authority  (CA)  that the peer in SSL connections will use to
              verify it.

       -C cacert.pem
       --ca-cert=cacert.pem
              Specifies a PEM file containing the CA certificate that ovsdb-server should use  to
              verify  certificates  presented  to  it  by  SSL  peers.   (This  may  be  the same
              certificate that SSL peers use  to  verify  the  certificate  specified  on  -c  or
              --certificate, or it may be a different one, depending on the PKI design in use.)

       -C none
       --ca-cert=none
              Disables  verification  of  certificates presented by SSL peers.  This introduces a
              security risk, because it means that certificates cannot be verified to be those of
              known trusted hosts.

       --bootstrap-ca-cert=cacert.pem
              When  cacert.pem exists, this option has the same effect as -C or --ca-cert.  If it
              does not exist, then ovsdb-server will attempt to obtain the  CA  certificate  from
              the  SSL peer on its first SSL connection and save it to the named PEM file.  If it
              is successful, it will immediately drop the connection and reconnect, and from then
              on  all  SSL  connections  must  be authenticated by a certificate signed by the CA
              certificate thus obtained.

              This option exposes the SSL connection to a man-in-the-middle attack obtaining  the
              initial CA certificate, but it may be useful for bootstrapping.

              This  option is only useful if the SSL peer sends its CA certificate as part of the
              SSL certificate chain.  The SSL protocol does not require the server to send the CA
              certificate, but ovsdb-client(8) can be configured to do so with the --peer-ca-cert
              option.

              This option is mutually exclusive with -C and --ca-cert.

   Other Options
       --unixctl=socket
              Sets the name of the control socket  on  which  ovsdb-server  listens  for  runtime
              management  commands  (see RUNTIME MANAGEMENT COMMANDS, below).  If socket does not
              begin with /, it is interpreted as relative to /var/run/openvswitch.  If  --unixctl
              is       not       used      at      all,      the      default      socket      is
              /var/run/openvswitch/ovsdb-server.pid.ctl, where pid is ovsdb-server's process  ID.
              Specifying none for socket disables the control socket feature.

       -h
       --help Prints a brief help message to the console.

       -V
       --version
              Prints version information to the console.

RUNTIME MANAGEMENT COMMANDS

       ovs-appctl(8)  can  send  commands  to  a  running  ovsdb-server  process.   The currently
       supported commands are described below.

   OVSDB-SERVER COMMANDS
       These commands are specific to ovsdb-server.

       exit   Causes ovsdb-server to gracefully terminate.

       ovsdb-server/compact [db]...
              Compacts each database db in-place.  If no db is specified, compacts every database
              in-place.  Databases are also automatically compacted occasionally.

       ovsdb-server/reconnect
              Makes  ovsdb-server  drop  all  of the JSON-RPC connections to database clients and
              reconnect.

              This command might be useful for debugging issues with database clients.

       ovsdb-server/add-remote remote
              Adds a remote, as if --remote=remote had been specified on the ovsdb-server command
              line.   (If  remote is already a remote, this command succeeds without changing the
              configuration.)

       ovsdb-server/remove-remote remote
              Removes the specified remote from the  configuration,  failing  with  an  error  if
              remote  is  not  configured as a remote.  This command only works with remotes that
              were named on --remote or ovsdb-server/add-remote, that  is,  it  will  not  remove
              remotes  added indirectly because they were read from the database by configuring a
              db:db,table,column   remote.    (You   can   remove   a   database   source    with
              ovsdb-server/remove-remote  db:db,table,column,  but  not  individual remotes found
              indirectly through the database.)

       ovsdb-server/list-remotes
              Outputs  a  list  of  the  currently  configured  remotes  named  on  --remote   or
              ovsdb-server/add-remote, that is, it does not list remotes added indirectly because
              they were read from the database by configuring a db:db,table,column remote.

       ovsdb-server/add-db database
              Adds the database to the running ovsdb-server.  The database file must already have
              been created and initialized using, for example, ovsdb-tool create.

       ovsdb-server/remove-db database
              Removes  database  from the running ovsdb-server.  database must be a database name
              as listed by ovsdb-server/list-dbs.

              If a remote has been  configured  that  points  to  the  specified  database  (e.g.
              --remote=db:database,...  on  the  command  line),  then  it will be disabled until
              another database with the same name is added again (with ovsdb-server/add-db).

              Any public  key  infrastructure  options  specified  through  this  database  (e.g.
              --private-key=db:database,...  on  the command line) will be disabled until another
              database with the same name is added again (with ovsdb-server/add-db).

       ovsdb-server/list-dbs
              Outputs a list of the currently  configured  databases  added  either  through  the
              command line or through the ovsdb-server/add-db command.

   VLOG COMMANDS
       These commands manage ovsdb-server's logging settings.

       vlog/set [spec]
              Sets  logging  levels.   Without  any spec, sets the log level for every module and
              facility to dbg.  Otherwise, spec is a list of words separated by spaces or  commas
              or colons, up to one from each category below:

              •      A valid module name, as displayed by the vlog/list command on ovs-appctl(8),
                     limits the log level change to the specified module.

              •      syslog, console, or file, to limit the log  level  change  to  only  to  the
                     system log, to the console, or to a file, respectively.

              •      off,  emer,  err, warn, info, or dbg, to control the log level.  Messages of
                     the given severity or higher will be logged, and messages of lower  severity
                     will  be filtered out.  off filters out all messages.  See ovs-appctl(8) for
                     a definition of each log level.

              Case is not significant within spec.

              Regardless of the log levels set for file, logging to a file will  not  take  place
              unless ovsdb-server was invoked with the --log-file option.

              For  compatibility with older versions of OVS, any is accepted as a word but has no
              effect.

       vlog/set PATTERN:facility:pattern
              Sets the log pattern for  facility  to  pattern.   Refer  to  ovs-appctl(8)  for  a
              description of the valid syntax for pattern.

       vlog/list
              Lists the supported logging modules and their current levels.

       vlog/reopen
              Causes  ovsdb-server  to  close  and  reopen  its  log file.  (This is useful after
              rotating log files, to cause a new log file to be used.)

              This has no effect unless ovsdb-server was invoked with the --log-file option.

       vlog/disable-rate-limit [module]...
       vlog/enable-rate-limit [module]...
              By default, ovsdb-server limits the rate at which certain messages can  be  logged.
              When a message would appear more frequently than the limit, it is suppressed.  This
              saves disk space,  makes  logs  easier  to  read,  and  speeds  up  execution,  but
              occasionally      troubleshooting     requires     more     detail.      Therefore,
              vlog/disable-rate-limit allows rate limits to  be  disabled  at  the  level  of  an
              individual  log  module.   Specify  one  or  more module names, as displayed by the
              vlog/list command.  Specifying either no module names at all  or  the  keyword  any
              disables rate limits for every log module.

              The    vlog/enable-rate-limit    command,    whose    syntax   is   the   same   as
              vlog/disable-rate-limit, can be used to re-enable a rate limit that was  previously
              disabled.

   MEMORY COMMANDS
       These commands report memory usage.

       memory/show
              Displays  some  basic  statistics  about ovsdb-server's memory usage.  ovsdb-server
              also logs this information soon  after  startup  and  periodically  as  its  memory
              consumption grows.

   COVERAGE COMMANDS
       These  commands  manage  ovsdb-server's  ``coverage  counters,'' which count the number of
       times particular events occur during a daemon's runtime.  In addition to  these  commands,
       ovsdb-server  automatically  logs  coverage counter values, at INFO level, when it detects
       that the daemon's main loop takes unusually long to run.

       Coverage counters are useful mainly for performance analysis and debugging.

       coverage/show
              Displays the values of all of the coverage counters.

SEE ALSO

       ovsdb-tool(1).