.\" Man page generated from reStructuredText. . .TH "OVS-CTL" "8" "Apr 11, 2023" "2.15" "Open vSwitch" .SH NAME ovs-ctl \- OVS startup helper script . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SH SYNOPSIS .sp \fBovs\-ctl \-\-system\-id=random| [] start\fP .sp \fBovs\-ctl stop\fP .sp \fBovs\-ctl \-\-system\-id=random| [] restart\fP .sp \fBovs\-ctl status\fP .sp \fBovs\-ctl version\fP .sp \fBovs\-ctl [] load\-kmod\fP .sp \fBovs\-ctl \-\-system\-id=random| [] force\-reload\-kmod\fP .sp \fBovs\-ctl [\-\-protocol=] [\-\-sport=] [\-\-dport=] enable\-protocol\fP .sp \fBovs\-ctl delete\-transient\-ports\fP .sp \fBovs\-ctl help | \-h | \-\-help\fP .sp \fBovs\-ctl \-\-version\fP .SH DESCRIPTION .sp The \fBovs\-ctl\fP program starts, stops, and checks the status of Open vSwitch daemons. It is not meant to be invoked directly by system administrators but to be called internally by system startup scripts. .sp Each \fBovs\-ctl\fP command is described separately below. .SS The \fBstart\fP command .sp The \fBstart\fP command starts Open vSwitch. It performs the following tasks: .INDENT 0.0 .IP 1. 3 Loads the Open vSwitch kernel module. If this fails, and the Linux bridge module is loaded but no bridges exist, it tries to unload the bridge module and tries loading the Open vSwitch kernel module again. (This is because the Open vSwitch kernel module cannot coexist with the Linux bridge module before 2.6.37.) .UNINDENT .sp The \fBstart\fP command skips the following steps if \fBovsdb\-server\fP is already running: .INDENT 0.0 .IP 2. 3 If the Open vSwitch database file does not exist, it creates it. If the database does exist, but it has an obsolete version, it upgrades it to the latest schema. .IP 3. 3 Starts \fBovsdb\-server\fP, unless the \fB\-\-no\-ovsdb\-server\fP command option is given. .IP 4. 3 Initializes a few values inside the database. .IP 5. 3 If the \fB\-\-delete\-bridges\fP option was used, deletes all of the bridges from the database. .IP 6. 3 If the \fB\-\-delete\-transient\-ports\fP option was used, deletes all ports that have \fBother_config:transient\fP set to true. .UNINDENT .sp The \fBstart\fP command skips the following step if \fBovs\-vswitchd\fP is already running, or if the \fB\-\-no\-ovs\-vswitchd\fP command option is given: .INDENT 0.0 .IP 7. 3 Starts \fBovs\-vswitchd\fP\&. .UNINDENT .SS Options .sp Several command\-line options influence the \fBstart\fP command’s behavior. Some form of the following option should ordinarily be specified: .INDENT 0.0 .IP \(bu 2 \fB\-\-system\-id=\fP or \fB\-\-system\-id=random\fP .sp This specifies a unique system identifier to store into \fBexternal\-ids:system\-id\fP in the database’s \fBOpen_vSwitch\fP table. Remote managers that talk to the Open vSwitch database server over network protocols use this value to identify and distinguish Open vSwitch instances, so it should be unique (at least) within OVS instances that will connect to a single controller. .sp When \fBrandom\fP is specified, \fBovs\-ctl\fP will generate a random ID that persists from one run to another (stored in a file). When another string is specified \fBovs\-ctl\fP uses it literally. .UNINDENT .sp The following options should be specified if the defaults are not suitable: .INDENT 0.0 .IP \(bu 2 \fB\-\-system\-type=\fP or \fB\-\-system\-version=\fP .sp Sets the value to store in the \fBsystem\-type\fP and \fBsystem\-version\fP columns, respectively, in the database’s \fBOpen_vSwitch\fP table. Remote managers may use these values too determine the kind of system to which they are connected (primarily for display to human administrators). .sp When not specified, \fBovs\-ctl\fP uses values from the optional \fBsystem\-type.conf\fP and \fBsystem\-version.conf\fP files (see \fI\%Files\fP) or it uses the \fBlsb_release\fP program, if present, to provide reasonable defaults. .UNINDENT .sp The following options are also likely to be useful: .INDENT 0.0 .IP \(bu 2 \fB\-\-external\-id="="\fP .sp Sets \fBexternal\-ids:\fP to in the database’s \fBOpen_vSwitch\fP table. Specifying this option multiple times adds multiple key\-value pairs. .IP \(bu 2 \fB\-\-delete\-bridges\fP .sp Ordinarily Open vSwitch bridges persist from one system boot to the next, as long as the database is preserved. Some environments instead expect to re\-create all of the bridges and other configuration state on every boot. This option supports that, by deleting all Open vSwitch bridges after starting \fBovsdb\-server\fP but before starting \fBovs\-vswitchd\fP\&. .IP \(bu 2 \fB\-\-delete\-transient\-ports\fP .sp Deletes all ports that have \fBother_config:transient\fP set to \fBtrue\fP\&. This is important on certain environments where some ports are going to be recreated after reboot, but other ports need to be persisted in the database. .IP \(bu 2 \fB\-\-ovs\-user=user[:group]\fP .sp Ordinarily Open vSwitch daemons are started as the user invoking the ovs\-ctl command. Some system administrators would prefer to have the various daemons spawn as different users in their environments. This option allows passing the \fB\-\-user\fP option to the \fBovsdb\-server\fP and \fBovs\-vswitchd\fP daemons, allowing them to change their privilege levels. .UNINDENT .sp The following options are less important: .INDENT 0.0 .IP \(bu 2 \fB\-\-no\-monitor\fP .sp By default \fBovs\-ctl\fP passes \fB\-\-monitor\fP to \fBovs\-vswitchd\fP and \fBovsdb\-server\fP, requesting that it spawn a process monitor which will restart the daemon if it crashes. This option suppresses that behavior. .IP \(bu 2 \fB\-\-daemon\-cwd=\fP .sp Specifies the current working directory that the OVS daemons should run from. The default is \fB/\fP (the root directory) if this option is not specified. (This option is useful because most systems create core files in a process’s current working directory and because a file system that is in use as a process’s current working directory cannot be unmounted.) .IP \(bu 2 \fB\-\-no\-force\-corefiles\fP .sp By default, \fBovs\-ctl\fP enables core dumps for the OVS daemons. This option disables that behavior. .IP \(bu 2 \fB\-\-no\-mlockall\fP .sp By default \fBovs\-ctl\fP passes \fB\-\-mlockall\fP to \fBovs\-vswitchd\fP, requesting that it lock all of its virtual memory, preventing it from being paged to disk. This option suppresses that behavior. .IP \(bu 2 \fB\-\-no\-self\-confinement\fP .sp Disable self\-confinement for \fBovs\-vswitchd\fP and \fBovsdb\-server\fP daemons. This flag may be used when, for example, OpenFlow controller creates its Unix Domain Socket outside OVS run directory and OVS needs to connect to it. It is better to stick with the default behavior and not to use this flag, unless: .INDENT 2.0 .IP \(bu 2 You have Open vSwitch running under SELinux or AppArmor Mandatory Access Control that would prevent OVS from messing with sockets outside ordinary OVS directories. .IP \(bu 2 You believe that relying on protocol handshakes (e.g. OpenFlow) is enough to prevent OVS to adversely interact with other daemons running on your system. .IP \(bu 2 You don’t have much worries of remote OVSDB exploits in the first place, because, perhaps, OVSDB manager is running on the same host as OVS and share similar attack vectors. .UNINDENT .IP \(bu 2 \fB\-\-ovsdb\-server\-priority=\fP or \fB\-\-ovs\-vswitchd\-priority=\fP .sp Sets the \fBnice(1)\fP level used for each daemon. All of them default to \fB\-10\fP\&. .IP \(bu 2 \fB\-\-ovsdb\-server\-wrapper=\fP or \fB\-\-ovs\-vswitchd\-wrapper=\fP .sp Configures the specified daemon to run under , which is one of the following: .INDENT 2.0 .IP \(bu 2 \fBvalgrind\fP: Run the daemon under \fBvalgrind(1)\fP, if it is installed, logging to \fB.valgrind.log.\fP in the log directory. .IP \(bu 2 \fBstrace\fP: Run the daemon under \fBstrace(1)\fP, if it is installed, logging to \fB.strace.log.\fP in the log directory. .IP \(bu 2 \fBglibc\fP: Enable GNU C library features designed to find memory errors. .UNINDENT .sp By default, no wrapper is used. .sp Each of the wrappers can expose bugs in Open vSwitch that lead to incorrect operation, including crashes. The \fBvalgrind\fP and \fBstrace\fP wrappers greatly slow daemon operations so they should not be used in production. They also produce voluminous logs that can quickly fill small disk partitions. The \fBglibc\fP wrapper is less resource\-intensive but still somewhat slows the daemons. .UNINDENT .sp The following options control file locations. They should only be used if the default locations cannot be used. See \fBFILES\fP, below, for more information. .INDENT 0.0 .IP \(bu 2 \fB\-\-db\-file=\fP .sp Overrides the file name for the OVS database. .IP \(bu 2 \fB\-\-db\-sock=\fP .sp Overrides the file name for the Unix domain socket used to connect to \fBovsdb\-server\fP\&. .IP \(bu 2 \fB\-\-db\-schema=\fP .sp Overrides the file name for the OVS database schema. .IP \(bu 2 \fB\-\-extra\-dbs=\fP .sp Adds as an extra database for \fBovsdb\-server\fP to serve out. Multiple space\-separated file names may also be specified. should begin with \fB/\fP; if it does not, then it will be taken as relative to . .UNINDENT .SS The \fBstop\fP command .sp The \fBstop\fP command stops the \fBovs\-vswitchd\fP and \fBovsdb\-server\fP daemons. It does not unload the Open vSwitch kernel modules. It can take the same \fB\-\-no\-ovsdb\-server\fP and \fB\-\-no\-ovs\-vswitchd\fP options as that of the \fBstart\fP command. .sp This command does nothing and finishes successfully if the OVS daemons aren’t running. .SS The \fBrestart\fP command .sp The \fBrestart\fP command performs a \fBstop\fP followed by a \fBstart\fP command. The command can take the same options as that of the \fBstart\fP command. In addition, it saves and restores OpenFlow flows for each individual bridge. .SS The \fBstatus\fP command .sp The \fBstatus\fP command checks whether the OVS daemons \fBovs\-vswitchd\fP and \fBovsdb\-server\fP are running and prints messages with that information. It exits with status 0 if the daemons are running, 1 otherwise. .SS The \fBversion\fP command .sp The \fBversion\fP command runs \fBovsdb\-server \-\-version\fP and \fBovs\-vswitchd \-\-version\fP\&. .SS The \fBforce\-reload\-kmod\fP command .sp The \fBforce\-reload\-kmod\fP command allows upgrading the Open vSwitch kernel module without rebooting. It performs the following tasks: .INDENT 0.0 .IP 1. 3 Gets a list of OVS “internal” interfaces, that is, network devices implemented by Open vSwitch. The most common examples of these are bridge “local ports”. .IP 2. 3 Saves the OpenFlow flows of each bridge. .IP 3. 3 Stops the Open vSwitch daemons, as if by a call to \fBovs\-ctl stop\fP\&. .IP 4. 3 Saves the kernel configuration state of the OVS internal interfaces listed in step 1, including IP and IPv6 addresses and routing table entries. .IP 5. 3 Unloads the Open vSwitch kernel module (including the bridge compatibility module if it is loaded). .IP 6. 3 Starts OVS back up, as if by a call to \fBovs\-ctl start\fP\&. This reloads the kernel module, restarts the OVS daemons and finally restores the saved OpenFlow flows. .IP 7. 3 Restores the kernel configuration state that was saved in step 4. .IP 8. 3 Checks for daemons that may need to be restarted because they have packet sockets that are listening on old instances of Open vSwitch kernel interfaces and, if it finds any, prints a warning on stdout. DHCP is a common example: if the ISC DHCP client is running on an OVS internal interface, then it will have to be restarted after completing the above procedure. (It would be nice if \fBovs\-ctl\fP could restart daemons automatically, but the details are far too specific to a particular distribution and installation.) .UNINDENT .sp \fBforce\-kmod\-reload\fP internally stops and starts OVS, so it accepts all of the options accepted by the \fBstart\fP command except for the \fB\-\-no\-ovs\-vswitchd\fP option. .SS The \fBload\-kmod\fP command .sp The \fBload\-kmod\fP command loads the openvswitch kernel modules if they are not already loaded. This operation also occurs as part of the \fBstart\fP command. The motivation for providing the \fBload\-kmod\fP command is to allow errors when loading modules to be handled separately from other errors that may occur when running the \fBstart\fP command. .sp By default the \fBload\-kmod\fP command attempts to load the \fBopenvswitch\fP kernel module. .SS The \fBenable\-protocol\fP command .sp The \fBenable\-protocol\fP command checks for rules related to a specified protocol in the system’s \fBiptables(8)\fP configuration. If there are no rules specifically related to that protocol, then it inserts a rule to accept the specified protocol. .sp More specifically: .INDENT 0.0 .IP \(bu 2 If \fBiptables\fP is not installed or not enabled, this command does nothing, assuming that lack of filtering means that the protocol is enabled. .IP \(bu 2 If the \fBINPUT\fP chain has a rule that matches the specified protocol, then this command does nothing, assuming that whatever rule is installed reflects the system administrator’s decisions. .IP \(bu 2 Otherwise, this command installs a rule that accepts traffic of the specified protocol. .UNINDENT .sp This command normally completes successfully, even if it does nothing. Only the failure of an attempt to insert a rule normally causes it to return an exit code other than 0. .sp The following options control the protocol to be enabled: .INDENT 0.0 .IP \(bu 2 \fB\-\-protocol=\fP .sp The name of the IP protocol to be enabled, such as \fBgre\fP or \fBtcp\fP\&. The default is \fBgre\fP\&. .IP \(bu 2 \fB\-\-sport=\fP or \fB\-\-dport=\fP .sp TCP or UDP source or destination port to match. These are optional and allowed only with \fB\-\-protocol=tcp\fP or \fB\-\-protocol=udp\fP\&. .UNINDENT .SS The \fBdelete\-transient\-ports\fP command .sp Deletes all ports that have the \fBother_config:transient\fP value set to true. .SS The \fBhelp\fP command .sp Prints a usage message and exits successfully. .SH OPTIONS .sp In addition to the options listed for each command above, these options control the behavior of several \fBovs\-ctl\fP commands. .sp By default, \fBovs\-ctl\fP controls the \fBovsdb\-server\fP and \fBovs\-vswitchd\fP daemons. The following options restrict that control to exclude one or the other: .INDENT 0.0 .IP \(bu 2 \fB\-\-no\-ovsdb\-server\fP .sp Specifies that the \fBovs\-ctl\fP commands \fBstart\fP, \fBstop\fP, and \fBrestart\fP should not modify the running status of \fBovsdb\-server\fP\&. .IP \(bu 2 \fB\-\-no\-ovs\-vswitchd\fP .sp Specifies that the \fBovs\-ctl\fP commands \fBstart\fP, \fBstop\fP, and \fBrestart\fP should not modify the running status of \fBovs\-vswitchd\fP\&. It is an error to include this option with the \fBforce\-reload\-kmod\fP command. .UNINDENT .SH EXIT STATUS .sp \fBovs\-ctl\fP exits with status 0 on success and nonzero on failure. The \fBstart\fP command is considered to succeed if OVS is already started; the \fBstop\fP command is considered to succeed if OVS is already stopped. .SH ENVIRONMENT .sp The following environment variables affect \fBovs\-ctl\fP: .INDENT 0.0 .IP \(bu 2 \fBPATH\fP .sp \fBovs\-ctl\fP does not hardcode the location of any of the programs that it runs. \fBovs\-ctl\fP will add the and that were specified at \fBconfigure\fP time to \fBPATH\fP, if they are not already present. .IP \(bu 2 \fBOVS_LOGDIR\fP, \fBOVS_RUNDIR\fP, \fBOVS_DBDIR\fP, \fBOVS_SYSCONFDIR\fP, \fBOVS_PKGDATADIR\fP, \fBOVS_BINDIR\fP, \fBOVS_SBINDIR\fP .sp Setting one of these variables in the environment overrides the respective \fBconfigure\fP option, both for \fBovs\-ctl\fP itself and for the other Open vSwitch programs that it runs. .UNINDENT .SH FILES .sp \fBovs\-ctl\fP uses the following files: .INDENT 0.0 .IP \(bu 2 \fBovs\-lib\fP .sp Shell function library used internally by \fBovs\-ctl\fP\&. It must be installed in the same directory as \fBovs\-ctl\fP\&. .IP \(bu 2 \fB/.log\fP .sp Per\-daemon logfiles. .IP \(bu 2 \fB/.pid\fP .sp Per\-daemon pidfiles to track whether a daemon is running and with what process ID. .IP \(bu 2 \fB/vswitch.ovsschema\fP .sp The OVS database schema used to initialize the database (use \fB\-\-db\-schema\fP to override this location). .IP \(bu 2 \fB/conf.db\fP .sp The OVS database (use \fB\-\-db\-file\fP to override this location). .IP \(bu 2 \fB/openvswitch/db.sock\fP .sp The Unix domain socket used for local communication with \fBovsdb\-server\fP (use \fB\-\-db\-sock\fP to override this location). .IP \(bu 2 \fB/openvswitch/system\-id.conf\fP .sp The persistent system UUID created and read by \fB\-\-system\-id=random\fP\&. .IP \(bu 2 \fB/openvswitch/system\-type.conf\fP and \fB/openvswitch/system\-version.conf\fP .sp The \fBsystem\-type\fP and \fBsystem\-version\fP values stored in the database’s \fBOpen_vSwitch\fP table when not specified as a command\-line option. .UNINDENT .SH EXAMPLE .sp The files \fBdebian/openvswitch\-switch.init\fP and \fBxenserver/etc_init.d_openvswitch\fP in the Open vSwitch source distribution are good examples of how to use \fBovs\-ctl\fP\&. .SH SEE ALSO .sp \fBREADME.rst\fP, \fBovsdb\-server(8)\fP, \fBovs\-vswitchd(8)\fP\&. .SH AUTHOR The Open vSwitch Development Community .SH COPYRIGHT 2023, The Open vSwitch Development Community .\" Generated by docutils manpage writer. .