ovs-ctl.8 16.9 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
.\" -*- nroff -*-
.de IQ
.  br
.  ns
.  IP "\\$1"
..
.de ST
.  PP
.  RS -0.15in
.  I "\\$1"
.  RE
..
.TH ovs\-ctl 8 "June 2011" "Open vSwitch" "Open vSwitch Manual"
.ds PN ovs\-ctl
.
.SH NAME
ovs\-ctl \- OVS startup helper script
.
.SH SYNOPSIS
20
\fBovs\-ctl\fR \fB\-\-system\-id=random\fR|\fIuuid\fR
21 22 23 24
[\fIoptions\fR] \fBstart
.br
\fBovs\-ctl stop
.br
25 26 27
\fBovs\-ctl\fR \fB\-\-system\-id=random\fR|\fIuuid\fR
[\fIoptions\fR] \fBrestart
.br
28 29 30 31
\fBovs\-ctl status
.br
\fBovs\-ctl version
.br
32
\fBovs\-ctl
33 34 35 36
[\fIoptions\fR]
\fBload\-kmod\fR
.br
\fBovs\-ctl
37 38 39 40 41 42 43 44 45
\fB\-\-system\-id=random\fR|\fIuuid\fR
[\fIoptions\fR]
\fBforce\-reload\-kmod\fR
.br
\fBovs\-ctl
\fR[\fB\-\-protocol=\fIprotocol\fR]
[\fB\-\-sport=\fIsport\fR]
[\fB\-\-dport=\fIdport\fR]
\fBenable\-protocol\fR
46
.br
47 48
\fBovs\-ctl delete\-transient\-ports
.br
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
\fBovs\-ctl help \fR| \fB\-h \fR| \fB\-\-help
.br
\fBovs\-ctl \-\-version
.
.SH DESCRIPTION
.
.PP
The \fBovs\-ctl\fR program starts, stops, and checks the status of
Open vSwitch daemons.  It is not meant to be invoked directly by
system administrators but to be called internally by system startup
scripts.
.
.PP
Each of \fBovs\-ctl\fR's commands is described separately below.
.
.SH "The ``start'' command"
.
.PP
The \fBstart\fR command starts Open vSwitch.  It performs the
following tasks:
.
.IP 1.
Loads the Open vSwitch kernel module.  If this fails, and the Linux
bridge module is loaded but no bridges exist, it tries to unload the
bridge module and tries loading the Open vSwitch kernel module again.
(This is because the Open vSwitch kernel module cannot coexist with
the Linux bridge module before 2.6.37.)
.
.PP
The \fBstart\fR command skips the following steps if
\fBovsdb\-server\fR is already running:
80
.IP 2.
81 82 83 84
If the Open vSwitch database file does not exist, it creates it.
If the database does exist, but it has an obsolete version, it
upgrades it to the latest schema.
.
85
.IP 3.
86 87
Starts \fBovsdb-server\fR, unless the \fB\-\-no\-ovsdb\-server\fR command
option is given.
88
.
89
.IP 4.
90 91
Initializes a few values inside the database.
.
92
.IP 5.
93 94 95
If the \fB\-\-delete\-bridges\fR option was used, deletes all of the
bridges from the database.
.
96 97 98 99
.IP 6.
If the \fB\-\-delete\-transient\-ports\fR option was used, deletes all ports
that have \fBother_config:transient\fR set to true.
.
100 101
.PP
The \fBstart\fR command skips the following step if
102 103
\fBovs\-vswitchd\fR is already running, or if the \fB\-\-no\-ovs\-vswitchd\fR
command option is given:
104
.IP 7.
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
Starts \fBovs\-vswitchd\fR.
.
.SS "Options"
.PP
Several command-line options influence the \fBstart\fR command's
behavior.  Some form of the following option should ordinarily be
specified:
.
.IP "\fB\-\-system\-id=\fIuuid\fR"
.IQ "\fB\-\-system\-id=random\fR"
This specifies a unique system identifier to store into
\fBexternal-ids:system-id\fR in the database's \fBOpen_vSwitch\fR
table.  Remote managers that talk to the Open vSwitch database server
over network protocols use this value to identify and distinguish Open
vSwitch instances, so it should be unique (at least) within OVS
instances that will connect to a single controller.
.IP
When \fBrandom\fR is specified, \fBovs\-ctl\fR will generate a random
ID that persists from one run to another (stored in a file).  When
another string is specified \fBovs\-ctl\fR uses it literally.
.
.PP
127 128
The following options should be specified if the defaults are not
suitable:
129 130 131 132 133 134 135 136
.
.IP "\fB\-\-system\-type=\fItype\fR"
.IQ "\fB\-\-system\-version=\fIversion\fR"
Sets the value to store in the \fBsystem-type\fR and
\fBsystem-version\fR columns, respectively, in the database's
\fBOpen_vSwitch\fR table.  Remote managers may use these values to
determine the kind of system to which they are connected (primarily
for display to human administrators).
137 138 139 140 141
.IP
When not specified, \fBovs\-ctl\fR uses values from the optional
\fBsystem\-type.conf\fR and \fBsystem\-version.conf\fR files(see section
\fBFILES\fR) or it uses the \fBlsb_release\fR program, if present, to
provide reasonable defaults.
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
.
.PP
The following options are also likely to be useful:
.
.IP "\fB\-\-external\-id=\(dq\fIname\fB=\fIvalue\fB\(dq"
Sets \fBexternal-ids:\fIname\fR to \fIvalue\fR in the database's
\fBOpen_vSwitch\fR table.  Specifying this option multiple times adds
multiple key-value pairs.
.
.IP "\fB\-\-delete\-bridges\fR"
Ordinarily Open vSwitch bridges persist from one system boot to the
next, as long as the database is preserved.  Some environments instead
expect to re-create all of the bridges and other configuration state
on every boot.  This option supports that, by deleting all Open
vSwitch bridges after starting \fBovsdb\-server\fR but before starting
\fBovs\-vswitchd\fR.
.
159 160 161 162 163
.IP "\fB\-\-delete\-transient\-ports\fR"
Deletes all ports that have the other_config:transient value set to true. This
is important on certain environments where some ports are going to be recreated
after reboot, but other ports need to be persisted in the database.
.
164 165 166 167 168 169 170
.IP "\fB\-\-ovs\-user=user[:group]\fR"
Ordinarily Open vSwitch daemons are started as the user invoking the ovs-ctl
command.  Some system administrators would prefer to have the various daemons
spawn as different users in their environments.  This option allows passing the
\fB\-\-user\fR option to the \fBovsdb\-server\fR and \fBovs\-vswitchd\fR
daemons, allowing them to change their privilege levels.
.
171 172 173
.PP
The following options are less important:
.
174 175 176 177 178
.IP "\fB\-\-no\-monitor\fR"
By default \fBovs\-ctl\fR passes \fB\-\-monitor\fR to \fBovs\-vswitchd\fR and
\fBovsdb\-server\fR, requesting that it spawn a process monitor which will
restart the daemon if it crashes.  This option suppresses that behavior.
.
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196
.IP "\fB\-\-daemon-cwd=\fIdirectory\fR"
Specifies the current working directory that the OVS daemons should
run from.  The default is \fB/\fR (the root directory) if this option
is not specified.  (This option is useful because most systems create
core files in a process's current working directory and because a file
system that is in use as a process's current working directory cannot
be unmounted.)
.
.IP "\fB\-\-no\-force\-corefiles\fR"
By default, \fBovs\-ctl\fR enables core dumps for the OVS daemons.
This option disables that behavior.
.
.IP "\fB\-\-no\-mlockall\fR"
By default \fBovs\-ctl\fR passes \fB\-\-mlockall\fR to
\fBovs\-vswitchd\fR, requesting that it lock all of its virtual
memory, preventing it from being paged to disk.  This option
suppresses that behavior.
.
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220
.IP "\fB\-\-no\-self\-confinement\fR"
Disable self-confinement for \fBovs-vswitchd\fR and \fBovsdb\-server\fR
daemons.  This flag may be used when, for example, OpenFlow controller
creates its Unix Domain Socket outside OVS run directory and OVS needs
to connect to it.  It is better to stick with the default behavior and
not to use this flag, unless:
.
.RS
.IP \(bu
You have Open vSwitch running under SELinux or AppArmor Mandatory
Access Control that would prevent OVS from messing with sockets
outside ordinary OVS directories.
.
.IP \(bu
You believe that relying on protocol handshakes (e.g. OpenFlow)
is enough to prevent OVS to adversely interact with other daemons
running on your system.
.
.IP \(bu
You don't have much worries of remote OVSDB exploits in the first
place, because, perhaps, OVSDB manager is running on the same host
as OVS and share similar attack vectors.
.RE
.
221 222
.IP "\fB\-\-ovsdb\-server\-priority=\fIniceness\fR"
.IQ "\fB\-\-ovs\-vswitchd\-priority=\fIniceness\fR"
223 224
Sets the \fBnice\fR(1) level used for each daemon.  All of them
default to \fB\-10\fR.
225
.
226 227 228 229 230 231 232 233 234 235 236 237 238 239
.IP "\fB\-\-ovsdb\-server\-wrapper=\fIwrapper\fR"
.IQ "\fB\-\-ovs\-vswitchd\-wrapper=\fIwrapper\fR"
.
Configures the specified daemon to run under \fIwrapper\fR, which is
one of the following:
.
.RS
.IP "\fBvalgrind\fR"
Run the daemon under \fBvalgrind\fR(1), if it is installed, logging to
\fIdaemon\fB.valgrind.log.\fIpid\fR in the log directory.
.
.IP "\fBstrace\fR"
Run the daemon under \fBstrace\fR(1), if it is installed, logging to
\fIdaemon\fB.strace.log.\fIpid\fR in the log directory.
240 241 242
.
.IP "\fBglibc\fR"
Enable GNU C library features designed to find memory errors.
243 244 245 246 247 248
.RE
.
.IP
By default, no wrapper is used.
.
.IP
249
Each of the wrappers can expose bugs in Open vSwitch that lead to
250
incorrect operation, including crashes.  The \fBvalgrind\fR and
251 252 253 254
\fBstrace\fR wrappers greatly slow daemon operations so they should
not be used in production.  They also produce voluminous logs that can
quickly fill small disk partitions.  The \fBglibc\fR wrapper is less
resource-intensive but still somewhat slows the daemons.
255
.
256 257 258 259 260 261 262 263 264 265 266 267 268 269 270
.PP
The following options control file locations.  They should only be
used if the default locations cannot be used.  See \fBFILES\fR, below,
for more information.
.
.IP "\fB\-\-db\-file=\fIfile\fR"
Overrides the file name for the OVS database.
.
.IP "\fB\-\-db\-sock=\fIsocket\fR"
Overrides the file name for the Unix domain socket used to connect to
\fBovsdb\-server\fR.
.
.IP "\fB\-\-db\-schema=\fIschema\fR"
Overrides the file name for the OVS database schema.
.
271 272 273 274 275 276
.IP "\fB\-\-extra-dbs=\fIfile\fR"
Adds \fIfile\fR as an extra database for \fBovsdb\-server\fR to serve
out.  Multiple space-separated file names may also be specified.
\fIfile\fR should begin with \fB/\fR; if it does not, then it will be
taken as relative to \fIdbdir\fR.
.
277 278 279
.SH "The ``stop'' command"
.
.PP
280
The \fBstop\fR command does not unload the Open vSwitch kernel
281 282 283
modules. It can take the same \fB\-\-no\-ovsdb\-server\fR and
\fB\-\-no\-ovs\-vswitchd\fR options as that of the \fBstart\fR
command. 
284 285 286 287 288
.
.PP
This command does nothing and finishes successfully if the OVS daemons
aren't running.
.
289 290 291 292 293
.SH "The ``restart'' command"
.
.PP
The \fBrestart\fR command performs a \fBstop\fR followed by a \fBstart\fR
command.  The command can take the same options as that of the \fBstart\fR
294
command. In addition, it saves and restores OpenFlow flows for each
295 296
individual bridge.
.
297 298 299
.SH "The ``status'' command"
.
.PP
300 301
The \fBstatus\fR command checks whether the OVS daemons
\fBovs-vswitchd\fR and \fBovsdb\-server\fR are running and prints
302
messages with that information.  It exits with status 0 if
303 304 305 306 307 308
the daemons are running, 1 otherwise.
.
.SH "The ``version'' command"
.
.PP
The \fBversion\fR command runs \fBovsdb\-server \-\-version\fR and
309
\fBovs\-vswitchd \-\-version\fR.
310 311 312 313 314 315 316 317 318 319 320 321 322 323
.
.SH "The ``force\-reload\-kmod'' command"
.
.PP
The \fBforce\-reload\-kmod\fR command allows upgrading the Open
vSwitch kernel module without rebooting.  It performs the following
tasks:
.
.IP 1.
Gets a list of OVS ``internal'' interfaces, that is, network devices
implemented by Open vSwitch.  The most common examples of these are
bridge ``local ports''.
.
.IP 2.
324
Saves the OpenFlow flows of each bridge.
325 326
.
.IP 3.
327 328 329
Stops the Open vSwitch daemons, as if by a call to \fBovs\-ctl
stop\fR.
.
330
.IP 4.
331 332 333 334
Saves the kernel configuration state of the OVS internal interfaces
listed in step 1, including IP and IPv6 addresses and routing table
entries.
.
335
.IP 5.
336 337
Unloads the Open vSwitch kernel module (including the bridge
compatibility module if it is loaded).
338 339
.
.IP 6.
340
Starts OVS back up, as if by a call to \fBovs\-ctl start\fR.  This
341
reloads the kernel module, restarts the OVS daemons and finally
342
restores the saved OpenFlow flows.
343
.
344
.IP 7.
345 346 347
Restores the kernel configuration state that was saved in step 4.
.
.IP 8.
348 349 350 351 352 353 354 355
Checks for daemons that may need to be restarted because they have
packet sockets that are listening on old instances of Open vSwitch
kernel interfaces and, if it finds any, prints a warning on stdout.
DHCP is a common example: if the ISC DHCP client is running on an OVS
internal interface, then it will have to be restarted after completing
the above procedure.  (It would be nice if \fBovs\-ctl\fR could restart
daemons automatically, but the details are far too specific to a
particular distribution and installation.)
356 357
.
.PP
358
\fBforce\-kmod\-reload\fR internally stops and starts OVS, so it
359 360
accepts all of the options accepted by the \fBstart\fR command except
for the \fB\-\-no\-ovs\-vswitchd\fR option.
361
.
362 363 364 365 366 367 368 369 370 371 372
.SH "The ``load\-kmod'' command"
.
.PP
The \fBload\-kmod\fR command loads the openvswitch kernel modules if
they are not already loaded. This operation also occurs as part of
the \fBstart\fR command. The motivation for providing the \fBload\-kmod\fR
command is to allow errors when loading modules to be handled separatetly
from other errors that may occur when running the \fBstart\fR command.
.
.PP
By default the \fBload\-kmod\fR command attempts to load the
373
openvswitch kernel module.
374
.
375
.SH "The ``enable\-protocol'' command"
376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416
.
.PP
The \fBenable\-protocol\fR command checks for rules related to a
specified protocol in the system's \fBiptables\fR(8) configuration.  If there
are no rules specifically related to that protocol, then it inserts a
rule to accept the specified protocol.
.
.PP
More specifically:
.
.IP \(bu
If \fBiptables\fR is not installed or not enabled, this command does
nothing, assuming that lack of filtering means that the protocol is
enabled.
.
.IP \(bu
If the \fBINPUT\fR chain has a rule that matches the specified
protocol, then this command does nothing, assuming that whatever rule
is installed reflects the system administrator's decisions.
.
.IP \(bu
Otherwise, this command installs a rule that accepts traffic of the
specified protocol.
.
.PP
This command normally completes successfully, even if it does
nothing.  Only the failure of an attempt to insert a rule normally
causes it to return an exit code other than 0.
.
The following options control the protocol to be enabled:
.
.IP "\fB\-\-protocol=\fIprotocol\fR"
The name of the IP protocol to be enabled, such as \fBgre\fR or
\fBtcp\fR.  The default is \fBgre\fR.
.
.IP "\fB\-\-sport=\fIsport\fR"
.IQ "\fB\-\-dport=\fIdport\fR"
TCP or UDP source or destination port to match.  These are optional
and allowed only with \fB\-\-protocol=tcp\fR or
\fB\-\-protocol=udp\fR.
.
417 418 419 420
.SH "The ``delete\-transient\-ports'' command"
.
Deletes all ports that have the \fBother_config:transient\fR value set to true.
.
421
.SH "The ``help'' command"
422 423 424
.
Prints a usage message and exits successfully.
.
425 426
.SH "OPTIONS"
.PP
427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443
In addition to the options listed for each command above, these options
control the behavior of several of \fBovs\-ctl\fR's commands.
.
.PP
By default, \fBovs\-ctl\fR will control the \fBovsdb\-server\fR, and
the \fBovs\-vswitchd\fR daemons. The following options restrict that control
to exclude one or the other:
.
.IP "\fB\-\-no\-ovsdb-server\fR"
Specifies that the \fBovs\-ctl\fR commands \fBstart\fR, \fBstop\fR, and
\fBrestart\fR should not modify the running status of \fBovsdb\-server\fR.
.
.IP "\fB\-\-no\-ovs\-vswitchd\fR"
Specifies that the \fBovs\-ctl\fR commands \fBstart\fR, \fBstop\fR, and
\fBrestart\fR should not modify the running status of \fBovs\-vswitchd\fR.
It is an error to include this option with the \fBforce\-reload\-kmod\fR
command.
444
.
445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463
.SH "EXIT STATUS"
.
\fBovs\-ctl\fR exits with status 0 on success and nonzero on failure.
The \fBstart\fR command is considered to succeed if OVS is already
started; the \fBstop\fR command is considered to succeed if OVS is
already stopped.
.
.SH "ENVIRONMENT"
.
The following environment variables affect \fBovs\-ctl\fR:
.
.IP "\fBPATH\fR"
\fBovs\-ctl\fR does not hardcode the location of any of the programs
that it runs.  \fBovs\-ctl\fR will add the \fIsbindir\fR and
\fIbindir\fR that were specified at \fBconfigure\fR time to
\fBPATH\fR, if they are not already present.
.
.IP "\fBOVS_LOGDIR\fR"
.IQ "\fBOVS_RUNDIR\fR"
464
.IQ "\fBOVS_DBDIR\fR"
465 466 467 468 469 470 471 472 473 474 475 476
.IQ "\fBOVS_SYSCONFDIR\fR"
.IQ "\fBOVS_PKGDATADIR\fR"
.IQ "\fBOVS_BINDIR\fR"
.IQ "\fBOVS_SBINDIR\fR"
Setting one of these variables in the environment overrides the
respective \fBconfigure\fR option, both for \fBovs\-ctl\fR itself and
for the other Open vSwitch programs that it runs.
.
.SH "FILES"
.
\fBovs\-ctl\fR uses the following files:
.
477
.IP "\fBovs\-lib"
478 479 480 481 482 483 484 485 486 487 488 489 490 491
Shell function library used internally by \fBovs\-ctl\fR.  It must be
installed in the same directory as \fBovs\-ctl\fR.
.
.IP "\fIlogdir\fB/\fIdaemon\fB.log\fR"
Per-daemon logfiles.
.
.IP "\fIrundir\fB/\fIdaemon\fB.pid\fR"
Per-daemon pidfiles to track whether a daemon is running and with what
process ID.
.
.IP "\fIpkgdatadir\fB/vswitch.ovsschema\fR"
The OVS database schema used to initialize the database (use
\fB\-\-db\-schema to override this location).
.
492
.IP "\fIdbdir\fB/conf.db\fR"
493 494 495 496 497 498 499 500 501 502 503
The OVS database (use \fB\-\-db\-file\fR to override this location).
.
.IP "\fIrundir\fB/openvswitch/db.sock\fR"
The Unix domain socket used for local communication with
\fBovsdb\-server\fR (use \fB\-\-db\-sock\fR to override this
location).
.
.IP "\fIsysconfdir\fB/openvswitch/system-id.conf\fR"
The persistent system UUID created and read by
\fB\-\-system\-id=random\fR.
.
504 505 506 507 508
.IP "\fIsysconfdir\fB/openvswitch/system\-type.conf\fR"
.IQ "\fIsysconfdir\fB/openvswitch/system\-version.conf\fR"
The \fBsystem\-type\fR  and \fBsystem\-version\fR values stored in the database's
\fBOpen_vSwitch\fR table when not specified as a command-line option.
.
509 510 511 512 513 514 515 516 517
.SH "EXAMPLE"
.
.PP
The files \fBdebian/openvswitch\-switch.init\fR and
\fBxenserver/etc_init.d_openvswitch\fR in the Open vSwitch source
distribution are good examples of how to use \fBovs\-ctl\fR.
.
.SH "SEE ALSO"
.
518
\fBREADME.rst\fR, \fBovsdb\-server\fR(8), \fBovs\-vswitchd\fR(8).