xenial (1) ovsdb-client.1.gz

Provided by: openvswitch-common_2.5.9-0ubuntu0.16.04.3_amd64 bug

NAME

       ovsdb-client - command-line interface to ovsdb-server(1)

SYNOPSIS

       ovsdb-client [options] list-dbs [server]
       ovsdb-client [options] get-schema [server] [database]
       ovsdb-client [options] get-schema-version [server] [database]
       ovsdb-client [options] list-tables [server] [database]
       ovsdb-client [options] list-columns [server] [database] [table]
       ovsdb-client [options] transact [server] transaction
       ovsdb-client [options] dump [server] [database] [table [column...]]
       ovsdb-client [options] monitor [server] [database] table [column[,column]...]...
       ovsdb-client [options] monitor [server] [database] ALL
       ovsdb-client help

       Output formatting options:
              [--format=format] [--data=format] [--no-heading] [--pretty] [--bare] [--no-heading] [--timestamp]

       Daemon options:
              [--pidfile[=pidfile]] [--overwrite-pidfile] [--detach] [--no-chdir]

       Logging options:
              [-v[module[:destination[:level]]]]...
              [--verbose[=module[:destination[:level]]]]...
              [--log-file[=file]]

       Public key infrastructure options:
              [--private-key=privkey.pem]
              [--certificate=cert.pem]
              [--ca-cert=cacert.pem]
              [--bootstrap-ca-cert=cacert.pem]

       Common options:
              [-h | --help] [-V | --version]

DESCRIPTION

       The  ovsdb-client  program  is a command-line client for interacting with a running ovsdb-server process.
       Each command connects to an OVSDB server, which is unix:/var/run/openvswitch/db.sock by default,  or  may
       be specified as server in one of the following forms:

              ssl:ip:port
                     The  specified  SSL  port  on  the  host  at the given ip, which must be expressed as an IP
                     address (not a DNS name) in IPv4 or IPv6 address format.  If ip is an  IPv6  address,  then
                     wrap  ip with square brackets, e.g.: ssl:[::1]:6640.  The --private-key, --certificate, and
                     --ca-cert options are mandatory when this form is used.

              tcp:ip:port
                     Connect to the given TCP port on ip, where ip can be IPv4 or IPv6 address. If ip is an IPv6
                     address, then wrap ip with square brackets, e.g.: tcp:[::1]:6640.

              unix:file
                     On POSIX, connect to the Unix domain server socket named file.

                     On Windows, connect to a localhost TCP port whose value is written in file.

              pssl:port[:ip]
                     Listen  on the given SSL port for a connection.  By default, connections are not bound to a
                     particular local IP address and it listens only on  IPv4  (but  not  IPv6)  addresses,  but
                     specifying  ip  limits connections to those from the given ip, either IPv4 or IPv6 address.
                     If ip is an IPv6 address, then wrap ip with square brackets,  e.g.:  pssl:6640:[::1].   The
                     --private-key, --certificate, and --ca-cert options are mandatory when this form is used.

              ptcp:port[:ip]
                     Listen  on the given TCP port for a connection.  By default, connections are not bound to a
                     particular local IP address and it listens only on IPv4 (but not IPv6)  addresses,  but  ip
                     may  be  specified  to  listen  only  for  connections to the given ip, either IPv4 or IPv6
                     address.   If  ip  is  an  IPv6  address,  then  wrap  ip  with  square   brackets,   e.g.:
                     ptcp:6640:[::1].

              punix:file
                     On POSIX, listen on the Unix domain server socket named file for a connection.

                     On Windows, listen on a kernel chosen TCP port on the localhost. The kernel chosen TCP port
                     value is written in file.

       The default database is Open_vSwitch.

   Commands
       The following commands are implemented:

       list-dbs [server]
              Connects to server, retrieves the list of known databases, and prints them one  per  line.   These
              database names are the ones that may be used for database in the following commands.

       get-schema [server] [database]
              Connects to server, retrieves the schema for database, and prints it in JSON format.

       get-schema-version [server] [database]
              Connects to server, retrieves the schema for database, and prints its version number on stdout.  A
              schema version number has the form x.y.z.  See ovs-vswitchd.conf.db(5) for details.

              Schema version numbers and Open vSwitch version numbers are independent.

              If database was created before schema versioning was introduced, then it will not have  a  version
              number and this command will print a blank line.

       list-tables [server] [database]
              Connects to server, retrieves the schema for database, and prints a table listing the name of each
              table within the database.

       list-columns [server] [database] table
              Connects to server, retrieves the schema for database, and prints a table  listing  the  name  and
              type of each column.  If table is specified, only columns in that table are listed; otherwise, the
              tables include columns in all tables.

       transact [server] transaction
              Connects to server, sends it the specified transaction, which must be a JSON array containing  one
              or more valid OVSDB operations, and prints the received reply on stdout.

       dump [server] [database] [table [column...]]
              Connects  to server, retrieves all of the data in database, and prints it on stdout as a series of
              tables. If table is specified, only that table is retrieved.  If at least one column is specified,
              only those columns are retrieved.

       monitor [server] [database] table [column[,column]...]...
              Connects  to  server  and  monitors  the  contents  of table in database.  By default, the initial
              contents of table are printed, followed by each change as it occurs.  If at least  one  column  is
              specified, only those columns are monitored.  The following column names have special meanings:

              !initial
                     Do not print the initial contents of the specified columns.

              !insert
                     Do not print newly inserted rows.

              !delete
                     Do not print deleted rows.

              !modify
                     Do not print modifications to existing rows.

              Multiple  [column[,column]...]  groups  may  be  specified  as  separate  arguments, e.g. to apply
              different reporting parameters to each group.  Whether multiple groups or only a single  group  is
              specified, any given column may only be mentioned once on the command line.

              If  --detach  is  used with monitor, then ovsdb-client detaches after it has successfully received
              and printed the initial contents of table.

       monitor [server] [database] ALL
              Connects to server and monitors the contents of all tables in database.  Prints initial values and
              all  kinds  of changes to all columns in the database.  The --detach option causes ovsdb-client to
              detach after it successfully receives and prints the initial database contents.

OPTIONS

   Output Formatting Options
       Much of the output from ovsdb-client is in the form of tables.  The following options controlling  output
       formatting:

       -f format
       --format=format
              Sets the type of table formatting.  The following types of format are available:

              table (default)
                     2-D text tables with aligned columns.

              list   A list with one column per line and rows separated by a blank line.

              html   HTML tables.

              csv    Comma-separated values as defined in RFC 4180.

              json   JSON  format  as  defined  in  RFC 4627.  The output is a sequence of JSON objects, each of
                     which corresponds to one table.  Each JSON object has the following members with the  noted
                     values:

                     caption
                            The table's caption.  This member is omitted if the table has no caption.

                     headings
                            An  array  with one element per table column.  Each array element is a string giving
                            the corresponding column's heading.

                     data   An array with one element per table row.  Each element is also  an  array  with  one
                            element  per  table  column.   The elements of this second-level array are the cells
                            that constitute the table.  Cells that  represent  OVSDB  data  or  data  types  are
                            expressed in the format described in the OVSDB specification; other cells are simply
                            expressed as text strings.

       -d format
       --data=format
              Sets the formatting for cells within output tables.  The following types of format are available:

              string (default)
                     The simple format described in the Database Values section of ovs-vsctl(8).

              bare   The simple format with punctuation stripped off: [] and {} are omitted around  sets,  maps,
                     and  empty  columns,  items within sets and maps are space-separated, and strings are never
                     quoted.  This format may be easier for scripts to parse.

              json   JSON.

              The json output format always outputs cells in JSON format, ignoring this option.

       --no-heading
              This option suppresses the heading row that otherwise appears in the first row of table output.

       --pretty
              By default, JSON in output is printed as compactly as possible.  This option causes JSON in output
              to  be  printed in a more readable fashion.  Members of objects and elements of arrays are printed
              one per line, with indentation.

              This option does not affect JSON in tables, which is always printed compactly.

       --bare Equivalent to --format=list --data=bare --no-headings.

       --timestamp
              For the monitor command, adds a timestamp to each table  update.   Most  output  formats  add  the
              timestamp on a line of its own just above the table.  The JSON output format puts the timestamp in
              a member of the top-level JSON object named time.

   Daemon Options
       The daemon options apply only to the monitor command.  With any other command, they have no effect.   The
       following options are valid on POSIX based platforms.

       --pidfile[=pidfile]
              Causes  a  file  (by  default,  ovsdb-client.pid)  to be created indicating the PID of the running
              process.  If the pidfile argument is not specified, or if it does not begin with  /,  then  it  is
              created in /var/run/openvswitch.

              If --pidfile is not specified, no pidfile is created.

       --overwrite-pidfile
              By  default, when --pidfile is specified and the specified pidfile already exists and is locked by
              a running process, ovsdb-client refuses to start.  Specify  --overwrite-pidfile  to  cause  it  to
              instead overwrite the pidfile.

              When --pidfile is not specified, this option has no effect.

       --detach
              Runs  ovsdb-client  as  a background process.  The process forks, and in the child it starts a new
              session, closes the standard file descriptors (which has the side effect of disabling  logging  to
              the  console),  and  changes  its  current directory to the root (unless --no-chdir is specified).
              After the child completes its initialization, the parent exits.

       --monitor
              Creates an additional process to monitor the ovsdb-client daemon.  If the daemon  dies  due  to  a
              signal  that  indicates  a  programming  error (SIGABRT, SIGALRM, SIGBUS, SIGFPE, SIGILL, SIGPIPE,
              SIGSEGV, SIGXCPU, or SIGXFSZ) then the monitor process starts a new copy of  it.   If  the  daemon
              dies or exits for another reason, the monitor process exits.

              This option is normally used with --detach, but it also functions without it.

       --no-chdir
              By  default, when --detach is specified, ovsdb-client changes its current working directory to the
              root directory after it detaches.  Otherwise,  invoking  ovsdb-client  from  a  carelessly  chosen
              directory  would  prevent  the  administrator  from  unmounting  the  file  system that holds that
              directory.

              Specifying --no-chdir suppresses this behavior, preventing ovsdb-client from changing its  current
              working  directory.   This may be useful for collecting core files, since it is common behavior to
              write core dumps into the current working directory and the root directory is not a good directory
              to use.

              This option has no effect when --detach is not specified.

       --user Causes  ovsdb-client  to  run as a different user specified in "user:group", thus dropping most of
              the root privileges. Short forms "user" and ":group" are also allowed, with current user or  group
              are assumed respectively. Only daemons started by the root user accepts this argument.

              On  Linux,  daemons  will  be  granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES before dropping root
              privileges. Daemons interact with datapath, such as ovs-vswitchd, will be granted  two  additional
              capabilities,  namely  CAP_NET_ADMIN and CAP_NET_RAW. The capability change will apply even if new
              user is "root".

              On Windows, this option is not currently supported. For security reasons, specifying  this  option
              will cause the daemon process not to start.

   Logging Options
       -v[spec]
       --verbose=[spec]
              Sets  logging  levels.   Without  any spec, sets the log level for every module and destination to
              dbg.  Otherwise, spec is a list of words separated by spaces or commas or colons, up to  one  from
              each category below:

              •      A valid module name, as displayed by the vlog/list command on ovs-appctl(8), limits the log
                     level change to the specified module.

              •      syslog, console, or file, to limit the log level change to only to the system log,  to  the
                     console,  or  to  a file, respectively.  (If --detach is specified, ovsdb-client closes its
                     standard file descriptors, so logging to the console will have no effect.)

                     On Windows platform, syslog is accepted as a  word  and  is  only  useful  along  with  the
                     --syslog-target option (the word has no effect otherwise).

              •      off,  emer,  err,  warn,  info,  or  dbg,  to control the log level.  Messages of the given
                     severity or higher will be logged, and messages of lower severity  will  be  filtered  out.
                     off filters out all messages.  See ovs-appctl(8) for a definition of each log level.

              Case is not significant within spec.

              Regardless of the log levels set for file, logging to a file will not take place unless --log-file
              is also specified (see below).

              For compatibility with older versions of OVS, any is accepted as a word but has no effect.

       -v
       --verbose
              Sets the maximum logging verbosity level, equivalent to --verbose=dbg.

       -vPATTERN:destination:pattern
       --verbose=PATTERN:destination:pattern
              Sets the log pattern for destination to pattern.  Refer to ovs-appctl(8) for a description of  the
              valid syntax for pattern.

       -vFACILITY:facility
       --verbose=FACILITY:facility
              Sets  the  RFC5424  facility  of the log message. facility can be one of kern, user, mail, daemon,
              auth, syslog, lpr, news, uucp, clock, ftp, ntp, audit,  alert,  clock2,  local0,  local1,  local2,
              local3,  local4,  local5, local6 or local7. If this option is not specified, daemon is used as the
              default for the local system syslog and local0 is used while  sending  a  message  to  the  target
              provided via the --syslog-target option.

       --log-file[=file]
              Enables  logging  to  a file.  If file is specified, then it is used as the exact name for the log
              file.  The default log file name used if file is omitted is /var/log/openvswitch/ovsdb-client.log.

       --syslog-target=host:port
              Send syslog messages to UDP port on host, in addition to the system syslog.  The host  must  be  a
              numerical IP address, not a hostname.

       --syslog-method=method
              Specify  method  how  syslog  messages  should  be  sent  to  syslog  daemon.  Following forms are
              supported:

              •      libc, use libc syslog() function.  This is the default behavior.  Downside  of  using  this
                     options  is  that libc adds fixed prefix to every message before it is actually sent to the
                     syslog daemon over /dev/log UNIX domain socket.

              •      unix:file, use UNIX domain socket directly.  It is possible to  specify  arbitrary  message
                     format  with  this  option.  However, rsyslogd 8.9 and older versions use hard coded parser
                     function anyway that limits UNIX domain socket use.  If you want to use  arbitrary  message
                     format with older rsyslogd versions, then use UDP socket to localhost IP address instead.

              •      udp:ip:port,  use  UDP  socket.   With  this method it is possible to use arbitrary message
                     format also with older rsyslogd.  When  sending  syslog  messages  over  UDP  socket  extra
                     precaution  needs  to  be  taken  into  account,  for  example,  syslog  daemon needs to be
                     configured to listen on  the  specified  UDP  port,  accidental  iptables  rules  could  be
                     interfering with local syslog traffic and there are some security considerations that apply
                     to UDP sockets, but do not apply to UNIX domain sockets.

   Public Key Infrastructure Options
       -p privkey.pem
       --private-key=privkey.pem
              Specifies a PEM file containing the private key used as ovsdb-client's identity for  outgoing  SSL
              connections.

       -c cert.pem
       --certificate=cert.pem
              Specifies  a  PEM  file containing a certificate that certifies the private key specified on -p or
              --private-key to be trustworthy.  The certificate must be signed by the certificate authority (CA)
              that the peer in SSL connections will use to verify it.

       -C cacert.pem
       --ca-cert=cacert.pem
              Specifies  a  PEM  file  containing  the  CA  certificate  that  ovsdb-client should use to verify
              certificates presented to it by SSL peers.  (This may be the same certificate that SSL  peers  use
              to  verify  the  certificate  specified  on  -c  or  --certificate,  or it may be a different one,
              depending on the PKI design in use.)

       -C none
       --ca-cert=none
              Disables verification of certificates presented by SSL peers.  This introduces  a  security  risk,
              because it means that certificates cannot be verified to be those of known trusted hosts.

       --bootstrap-ca-cert=cacert.pem
              When cacert.pem exists, this option has the same effect as -C or --ca-cert.  If it does not exist,
              then ovsdb-client will attempt to obtain the CA certificate from the SSL peer  on  its  first  SSL
              connection  and  save it to the named PEM file.  If it is successful, it will immediately drop the
              connection and reconnect, and from then  on  all  SSL  connections  must  be  authenticated  by  a
              certificate signed by the CA certificate thus obtained.

              This  option  exposes  the  SSL  connection to a man-in-the-middle attack obtaining the initial CA
              certificate, but it may be useful for bootstrapping.

              This option is only useful if the SSL peer sends its CA certificate as part of the SSL certificate
              chain.  The SSL protocol does not require the server to send the CA certificate.

              This option is mutually exclusive with -C and --ca-cert.

   Other Options
       -h
       --help Prints a brief help message to the console.

       -V
       --version
              Prints version information to the console.

SEE ALSO

       ovsdb-server(1), ovsdb-client(1), and the OVSDB specification.