[mirror_ovs.git] / ovn / ovn-nbctl.8.xml

<?xml version="1.0" encoding="utf-8"?>
<manpage program="ovn-nbctl" section="8" title="ovn-nbctl">
    <h1>Name</h1>
    <p>ovn-nbctl -- Open Virtual Network northbound db management utility</p>

    <h1>Synopsys</h1>
    <p><code>ovn-nbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p>

    <h1>Description</h1>
    <p>This utility can be used to manage the OVN northbound database.</p>

    <h1>General Commands</h1>

    <dl>
      <dt><code>show [<var>lswitch</var>]</code></dt>
      <dd>
        Prints a brief overview of the database contents.  If
        <var>lswitch</var> is provided, only records related to that
        logical switch are shown.
      </dd>
    </dl>

    <h1>Logical Switch Commands</h1>

    <dl>
      <dt><code>lswitch-add</code> [<var>lswitch</var>]</dt>
      <dd>
        Creates a new logical switch named <var>lswitch</var>.  If
        <var>lswitch</var> is not provided, the switch will not have a
        name so other commands must refer to this switch by its UUID.
        Initially the switch will have no ports.
      </dd>

      <dt><code>lswitch-del</code> <var>lswitch</var></dt>
      <dd>
        Deletes <var>lswitch</var>.
      </dd>

      <dt><code>lswitch-list</code></dt>
      <dd>
        Lists all existing switches on standard output, one per line.
      </dd>

      <dt><code>lswitch-set-external-id</code> <var>lswitch</var> <var>key</var> [<var>value</var>]</dt>
      <dd>
        <p>Sets or clears an ``external ID'' value on <var>lswitch</var>.
        These values are intended to identify entities external to OVN
        with which <var>lswitch</var> is associated.  The OVN Northbound
        database schema may specify well-known <var>key</var> values,
        but <var>key</var> and <var>value</var> are otherwise arbitrary
        strings.</p>

        <p>If <var>value</var> is specified, then <var>key</var> is set to
        <var>value</var> for <var>lswitch</var>, overwriting any
        previous value.  If <var>value</var> is omitted, then
        <var>key</var> is removed from <var>lswitch</var>'s set of
        external IDs (if it was present.</p>
       </dd>

      <dt><code>lswitch-get-external-id</code> <var>lswitch</var> [<var>key</var>]</dt>
      <dd>
        Queries the external IDs on <var>lswitch</var>.  If
        <var>key</var> is specified, the output is the value for that
        <var>key</var> or the empty string if <var>key</var> is unset.
        If <var>key</var> is omitted, the output is
        <var>key</var><code>=</code><var>value</var>, one per line, for
        each key-value pair.
      </dd>
    </dl>

    <h1>Logical Port Commands</h1>
    <dl>
      <dt><code>lport-add</code> <var>lswitch</var> <var>lport</var></dt>
      <dd>
        Creates on <var>lswitch</var> a new logical port named
        <var>lport</var>.
      </dd>

      <dt><code>lport-add</code> <var>lswitch</var> <var>lport</var> <var>parent</var> <var>tag</var></dt>
      <dd>
        Creates on <var>lswitch</var> a logical port named <var>lport</var>
        that is a child of <var>parent</var> that is identied with
        <var>tag</var>.  This is useful in cases such as virtualized
        container environments where Open vSwitch does not have a direct
        connection to the container's port and it must be shared with
        the virtual machine's port.
      </dd>

      <dt><code>lport-del</code> <var>lport</var></dt>
      <dd>
        Deletes <var>lport</var>.
      </dd>

      <dt><code>lport-list</code> <var>lswitch</var></dt>
      <dd>
        Lists all the logical ports within <var>lswitch</var> on
        standard output, one per line.
      </dd>

      <dt><code>lport-get-parent</code> <var>lport</var></dt>
      <dd>
        If set, get the parent port of <var>lport</var>.  If not set, print
        nothing.
      </dd>

      <dt><code>lport-get-tag</code> <var>lport</var></dt>
      <dd>
        If set, get the tag for <var>lport</var> traffic.  If not set, print
        nothing.
      </dd>

      <dt><code>lport-set-external-id</code> <var>lport</var> <var>key</var> [<var>value</var>]</dt>
      <dd>
        <p>Sets or clears an ``external ID'' value on <var>lport</var>.
        These values are intended to identify entities external to OVN
        with which <var>lport</var> is associated.  The OVN Northbound
        database schema may specify well-known <var>key</var> values,
        but <var>key</var> and <var>value</var> are otherwise arbitrary
        strings.</p>

        <p>If <var>value</var> is specified, then <var>key</var> is set to
        <var>value</var> for <var>lport</var>, overwriting any
        previous value.  If <var>value</var> is omitted, then
        <var>key</var> is removed from <var>lport</var>'s set of
        external IDs (if it was present.</p>
      </dd>

      <dt><code>lport-get-external-id</code> <var>lport</var> [<var>key</var>]</dt>
      <dd>
        Queries the external IDs on <var>lport</var>.  If
        <var>key</var> is specified, the output is the value for that
        <var>key</var> or the empty string if <var>key</var> is unset.
        If <var>key</var> is omitted, the output is
        <var>key</var><code>=</code><var>value</var>, one per line, for
        each key-value pair.
      </dd>

      <dt><code>lport-set-macs</code> <var>lport</var> [<var>mac</var>]...</dt>
      <dd>
        Sets the MACs associated with <var>lport</var> to
        <var>mac</var>.  Multiple MACs may be sets by using multiple
        <var>mac</var> arguments.  If no <var>mac</var> argument is
        given, <var>lport</var> will have no MACs associated with it.
      </dd>

      <dt><code>lport-get-macs</code> <var>lport</var></dt>
      <dd>
        Lists all the MACs associated with <var>lport</var> on standard
        output, one per line.
      </dd>

      <dt><code>lport-set-port-security</code> <var>lport</var> [<var>addrs</var>]...</dt>
      <dd>
	<p>
          Sets the port security addresses associated with <var>lport</var> to
          <var>addrs</var>.  Multiple sets of addresses may be set by using
          multiple <var>addrs</var> arguments.  If no <var>addrs</var> argument
          is given, <var>lport</var> will not have port security enabled.
	</p>

	<p>
	  Port security limits the addresses from which a logical port may send
	  packets and to which it may receive packets.  See the
	  <code>ovn-nb</code>(5) documentation for the <ref
	  column="port_security" table="Logical_Port"/> column in the <ref
	  table="Logical_Port"/> table for details.
	</p>
      </dd>

      <dt><code>lport-get-port-security</code> <var>lport</var></dt>
      <dd>
        Lists all the port security addresses associated with <var>lport</var>
        on standard output, one per line.
      </dd>

      <dt><code>lport-get-up</code> <var>lport</var></dt>
      <dd>
        Prints the state of <var>lport</var>, either <code>up</code> or
        <code>down</code>.
      </dd>

      <dt><code>lport-set-enabled</code> <var>lport</var> <var>state</var></dt>
      <dd>
        Set the administrative state of <var>lport</var>, either <code>enabled</code>
        or <code>disabled</code>.  When a port is disabled, no traffic is allowed into
        or out of the port.
      </dd>

      <dt><code>lport-get-enabled</code> <var>lport</var></dt>
      <dd>
        Prints the administrative state of <var>lport</var>, either <code>enabled</code>
        or <code>disabled</code>.
      </dd>

    </dl>

    <h1>Options</h1>

    <dl>
    <dt><code>-d</code> <var>database</var></dt>
    <dt><code>--db</code> <var>database</var></dt>
    <dd>
      The OVSDB database remote to contact.  If the <env>OVN_NB_DB</env>
      environment variable is set, its value is used as the default.
      Otherwise, the default is <code>unix:@RUNDIR@/db.sock</code>, but this
      default is unlikely to be useful outside of single-machine OVN test
      environments.
    </dd>

    <dt><code>-h</code> | <code>--help</code></dt>
    <dt><code>-o</code> | <code>--options</code></dt>
    <dt><code>-V</code> | <code>--version</code></dt>
    </dl>

    <h1>Logging options</h1>
    <dl>
    <dt><code>-v</code><var>spec</var>, <code>--verbose=</code><var>spec</var></dt>
    <dt><code>-v</code>, <code>--verbose</code></dt>
    <dt><code>--log-file</code>[<code>=</code><var>file</var>]</dt>
    <dt><code>--syslog-target=</code><var>host</var><code>:</code><var>port</var></dt>
    </dl>

    <h1>PKI configuration (required to use SSL)</h1>
    <dl>
    <dt><code>-p</code>, <code>--private-key=</code><var>file</var>  file with private key</dt>
    <dt><code>-c</code>, <code>--certificate=</code><var>file</var>  file with certificate for private key</dt>
    <dt><code>-C</code>, <code>--ca-cert=</code><var>file</var>      file with peer CA certificate</dt>
    </dl>

</manpage>
Commit	Line	Data
a416ff28 RB	1	<?xml version="1.0" encoding="utf-8"?>
	2	<manpage program="ovn-nbctl" section="8" title="ovn-nbctl">
	3	<h1>Name</h1>
	4	<p>ovn-nbctl -- Open Virtual Network northbound db management utility</p>
	5
	6	<h1>Synopsys</h1>
	7	<p><code>ovn-nbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p>
	8
	9	<h1>Description</h1>
	10	<p>This utility can be used to manage the OVN northbound database.</p>
	11
907a0edf JP	12	<h1>General Commands</h1>
	13
	14	<dl>
	15	<dt><code>show [<var>lswitch</var>]</code></dt>
	16	<dd>
	17	Prints a brief overview of the database contents. If
	18	<var>lswitch</var> is provided, only records related to that
	19	logical switch are shown.
	20	</dd>
	21	</dl>
	22
a416ff28	23	<h1>Logical Switch Commands</h1>
f74baecf JP	24
	25	<dl>
	26	<dt><code>lswitch-add</code> [<var>lswitch</var>]</dt>
	27	<dd>
	28	Creates a new logical switch named <var>lswitch</var>. If
	29	<var>lswitch</var> is not provided, the switch will not have a
	30	name so other commands must refer to this switch by its UUID.
	31	Initially the switch will have no ports.
	32	</dd>
	33
	34	<dt><code>lswitch-del</code> <var>lswitch</var></dt>
	35	<dd>
	36	Deletes <var>lswitch</var>.
	37	</dd>
	38
	39	<dt><code>lswitch-list</code></dt>
	40	<dd>
	41	Lists all existing switches on standard output, one per line.
	42	</dd>
	43
	44	<dt><code>lswitch-set-external-id</code> <var>lswitch</var> <var>key</var> [<var>value</var>]</dt>
	45	<dd>
	46	<p>Sets or clears an ``external ID'' value on <var>lswitch</var>.
	47	These values are intended to identify entities external to OVN
	48	with which <var>lswitch</var> is associated. The OVN Northbound
	49	database schema may specify well-known <var>key</var> values,
	50	but <var>key</var> and <var>value</var> are otherwise arbitrary
	51	strings.</p>
	52
	53	<p>If <var>value</var> is specified, then <var>key</var> is set to
	54	<var>value</var> for <var>lswitch</var>, overwriting any
	55	previous value. If <var>value</var> is omitted, then
	56	<var>key</var> is removed from <var>lswitch</var>'s set of
	57	external IDs (if it was present.</p>
	58	</dd>
	59
	60	<dt><code>lswitch-get-external-id</code> <var>lswitch</var> [<var>key</var>]</dt>
	61	<dd>
	62	Queries the external IDs on <var>lswitch</var>. If
	63	<var>key</var> is specified, the output is the value for that
	64	<var>key</var> or the empty string if <var>key</var> is unset.
	65	If <var>key</var> is omitted, the output is
	66	<var>key</var><code>=</code><var>value</var>, one per line, for
	67	each key-value pair.
	68	</dd>
	69	</dl>
a416ff28 RB	70
a416ff28 RB	71	<h1>Logical Port Commands</h1>
f74baecf JP	72	<dl>
	73	<dt><code>lport-add</code> <var>lswitch</var> <var>lport</var></dt>
	74	<dd>
	75	Creates on <var>lswitch</var> a new logical port named
	76	<var>lport</var>.
	77	</dd>
	78
bf5fa52a RB	79	<dt><code>lport-add</code> <var>lswitch</var> <var>lport</var> <var>parent</var> <var>tag</var></dt>
	80	<dd>
	81	Creates on <var>lswitch</var> a logical port named <var>lport</var>
	82	that is a child of <var>parent</var> that is identied with
	83	<var>tag</var>. This is useful in cases such as virtualized
	84	container environments where Open vSwitch does not have a direct
	85	connection to the container's port and it must be shared with
	86	the virtual machine's port.
	87	</dd>
	88
f74baecf JP	89	<dt><code>lport-del</code> <var>lport</var></dt>
	90	<dd>
	91	Deletes <var>lport</var>.
	92	</dd>
	93
	94	<dt><code>lport-list</code> <var>lswitch</var></dt>
	95	<dd>
	96	Lists all the logical ports within <var>lswitch</var> on
	97	standard output, one per line.
	98	</dd>
	99
bf5fa52a RB	100	<dt><code>lport-get-parent</code> <var>lport</var></dt>
	101	<dd>
	102	If set, get the parent port of <var>lport</var>. If not set, print
	103	nothing.
	104	</dd>
	105
	106	<dt><code>lport-get-tag</code> <var>lport</var></dt>
	107	<dd>
	108	If set, get the tag for <var>lport</var> traffic. If not set, print
	109	nothing.
	110	</dd>
	111
f74baecf JP	112	<dt><code>lport-set-external-id</code> <var>lport</var> <var>key</var> [<var>value</var>]</dt>
	113	<dd>
	114	<p>Sets or clears an ``external ID'' value on <var>lport</var>.
	115	These values are intended to identify entities external to OVN
	116	with which <var>lport</var> is associated. The OVN Northbound
	117	database schema may specify well-known <var>key</var> values,
	118	but <var>key</var> and <var>value</var> are otherwise arbitrary
	119	strings.</p>
	120
	121	<p>If <var>value</var> is specified, then <var>key</var> is set to
	122	<var>value</var> for <var>lport</var>, overwriting any
	123	previous value. If <var>value</var> is omitted, then
	124	<var>key</var> is removed from <var>lport</var>'s set of
	125	external IDs (if it was present.</p>
	126	</dd>
	127
	128	<dt><code>lport-get-external-id</code> <var>lport</var> [<var>key</var>]</dt>
	129	<dd>
	130	Queries the external IDs on <var>lport</var>. If
	131	<var>key</var> is specified, the output is the value for that
	132	<var>key</var> or the empty string if <var>key</var> is unset.
	133	If <var>key</var> is omitted, the output is
	134	<var>key</var><code>=</code><var>value</var>, one per line, for
	135	each key-value pair.
	136	</dd>
	137
2de82d90	138	<dt><code>lport-set-macs</code> <var>lport</var> [<var>mac</var>]...</dt>
f74baecf JP	139	<dd>
	140	Sets the MACs associated with <var>lport</var> to
	141	<var>mac</var>. Multiple MACs may be sets by using multiple
	142	<var>mac</var> arguments. If no <var>mac</var> argument is
	143	given, <var>lport</var> will have no MACs associated with it.
	144	</dd>
	145
	146	<dt><code>lport-get-macs</code> <var>lport</var></dt>
	147	<dd>
	148	Lists all the MACs associated with <var>lport</var> on standard
	149	output, one per line.
	150	</dd>
	151
92207865 BP	152	<dt><code>lport-set-port-security</code> <var>lport</var> [<var>addrs</var>]...</dt>
	153	<dd>
	154	<p>
	155	Sets the port security addresses associated with <var>lport</var> to
	156	<var>addrs</var>. Multiple sets of addresses may be set by using
	157	multiple <var>addrs</var> arguments. If no <var>addrs</var> argument
	158	is given, <var>lport</var> will not have port security enabled.
	159	</p>
	160
	161	<p>
	162	Port security limits the addresses from which a logical port may send
	163	packets and to which it may receive packets. See the
	164	<code>ovn-nb</code>(5) documentation for the <ref
	165	column="port_security" table="Logical_Port"/> column in the <ref
	166	table="Logical_Port"/> table for details.
	167	</p>
	168	</dd>
	169
	170	<dt><code>lport-get-port-security</code> <var>lport</var></dt>
	171	<dd>
	172	Lists all the port security addresses associated with <var>lport</var>
	173	on standard output, one per line.
	174	</dd>
	175
f74baecf JP	176	<dt><code>lport-get-up</code> <var>lport</var></dt>
	177	<dd>
	178	Prints the state of <var>lport</var>, either <code>up</code> or
	179	<code>down</code>.
	180	</dd>
	181
e9e8bcdf RB	182	<dt><code>lport-set-enabled</code> <var>lport</var> <var>state</var></dt>
	183	<dd>
	184	Set the administrative state of <var>lport</var>, either <code>enabled</code>
	185	or <code>disabled</code>. When a port is disabled, no traffic is allowed into
	186	or out of the port.
	187	</dd>
	188
	189	<dt><code>lport-get-enabled</code> <var>lport</var></dt>
	190	<dd>
	191	Prints the administrative state of <var>lport</var>, either <code>enabled</code>
	192	or <code>disabled</code>.
	193	</dd>
	194
f74baecf	195	</dl>
a416ff28 RB	196
a416ff28 RB	197	<h1>Options</h1>
d75ef07f BP	198
	199	<dl>
	200	<dt><code>-d</code> <var>database</var></dt>
	201	<dt><code>--db</code> <var>database</var></dt>
	202	<dd>
	203	The OVSDB database remote to contact. If the <env>OVN_NB_DB</env>
	204	environment variable is set, its value is used as the default.
	205	Otherwise, the default is <code>unix:@RUNDIR@/db.sock</code>, but this
	206	default is unlikely to be useful outside of single-machine OVN test
	207	environments.
	208	</dd>
	209
	210	<dt><code>-h</code> \| <code>--help</code></dt>
	211	<dt><code>-o</code> \| <code>--options</code></dt>
	212	<dt><code>-V</code> \| <code>--version</code></dt>
	213	</dl>
a416ff28 RB	214
a416ff28 RB	215	<h1>Logging options</h1>
d75ef07f BP	216	<dl>
	217	<dt><code>-v</code><var>spec</var>, <code>--verbose=</code><var>spec</var></dt>
	218	<dt><code>-v</code>, <code>--verbose</code></dt>
	219	<dt><code>--log-file</code>[<code>=</code><var>file</var>]</dt>
	220	<dt><code>--syslog-target=</code><var>host</var><code>:</code><var>port</var></dt>
	221	</dl>
a416ff28 RB	222
a416ff28 RB	223	<h1>PKI configuration (required to use SSL)</h1>
d75ef07f BP	224	<dl>
	225	<dt><code>-p</code>, <code>--private-key=</code><var>file</var> file with private key</dt>
	226	<dt><code>-c</code>, <code>--certificate=</code><var>file</var> file with certificate for private key</dt>
	227	<dt><code>-C</code>, <code>--ca-cert=</code><var>file</var> file with peer CA certificate</dt>
	228	</dl>
a416ff28 RB	229
a416ff28 RB	230	</manpage>