ovn-ctl(8) OVN Manual ovn-ctl(8) NAME ovn-ctl - Open Virtual Network northbound daemon lifecycle utility SYNOPSIS ovn-ctl [options] command [-- extra_args] DESCRIPTION This program is intended to be invoked internally by Open Virtual Net‐ work startup scripts. System administrators should not normally invoke it directly. COMMANDS start_northd start_controller start_controller_vtep start_ic stop_northd stop_controller stop_controller_vtep stop_ic restart_northd restart_controller restart_controller_vtep restart_ic promote_ovnnb promote_ovnsb demote_ovnnb demote_ovnsb status_ovnnb status_ovnsb start_ovsdb start_nb_ovsdb start_sb_ovsdb stop_ovsdb stop_nb_ovsdb stop_sb_ovsdb restart_ovsdb run_nb_ovsdb run_sb_ovsdb promote_ic_nb promote_ic_sb demote_ic_nb demote_ic_sb status_ic_nb status_ic_sb start_ic_ovsdb start_ic_nb_ovsdb start_ic_sb_ovsdb stop_ic_ovsdb stop_ic_nb_ovsdb stop_ic_sb_ovsdb restart_ic_ovsdb run_ic_nb_ovsdb run_ic_sb_ovsdb OPTIONS --ovn-northd-priority=NICE --ovn-northd-wrapper=WRAPPER --ovn-controller-priority=NICE --ovn-controller-wrapper=WRAPPER --ovn-ic-priority=NICE --ovn-ic-wrapper=WRAPPER --ovsdb-nb-wrapper=WRAPPER --ovsdb-sb-wrapper=WRAPPER --ovn-user=USER:GROUP -h | --help FILE LOCATION OPTIONS --db-sock=SOCKET --db-nb-file=FILE --db-sb-file=FILE --db-nb-schema=FILE --db-sb-schema=FILE --db-sb-create-insecure-remote=yes|no --db-nb-create-insecure-remote=yes|no --db-ic-nb-file=FILE --db-ic-sb-file=FILE --db-ic-nb-schema=FILE --db-ic-sb-schema=FILE --db-ic-sb-create-insecure-remote=yes|no --db-ic-nb-create-insecure-remote=yes|no --db-nb-config-file=FILE --db-sb-config-file=FILE --db-ic-nb-config-file=FILE --db-ic-sb-config-file=FILE --db-sb-relay-config-file=FILE --ovn-controller-ssl-key=KEY --ovn-controller-ssl-cert=CERT --ovn-controller-ssl-ca-cert=CERT --ovn-controller-ssl-bootstrap-ca-cert=CERT PROTOCOL AND CIPHER OPTIONS --ovn-controller-ssl-protocols=PROTOCOLS --ovn-ic-ssl-protocols=PROTOCOLS --ovn-northd-ssl-protocols=PROTOCOLS --ovn-nb-db-ssl-protocols=PROTOCOLS --ovn-sb-db-ssl-protocols=PROTOCOLS --ovn-ic-nb-db-ssl-protocols=PROTOCOLS --ovn-ic-sb-db-ssl-protocols=PROTOCOLS --ovn-controller-ssl-ciphers=CIPHERS --ovn-ic-ssl-ciphers=CIPHERS --ovn-northd-ssl-ciphers=CIPHERS --ovn-nb-db-ssl-ciphers=CIPHERS --ovn-sb-db-ssl-ciphers=CIPHERS --ovn-ic-nb-db-ssl-ciphers=CIPHERS --ovn-ic-sb-db-ssl-ciphers=CIPHERS ADDRESS AND PORT OPTIONS --db-nb-sync-from-addr=IP ADDRESS --db-nb-sync-from-port=PORT NUMBER --db-nb-sync-from-proto=PROTO --db-sb-sync-from-addr=IP ADDRESS --db-sb-sync-from-port=PORT NUMBER --db-sb-sync-from-proto=PROTO --db-ic-nb-sync-from-addr=IP ADDRESS --db-ic-nb-sync-from-port=PORT NUMBER --db-ic-nb-sync-from-proto=PROTO --db-ic-sb-sync-from-addr=IP ADDRESS --db-ic-sb-sync-from-port=PORT NUMBER --db-ic-sb-sync-from-proto=PROTO --ovn-northd-nb-db=PROTO:IP ADDRESS: PORT.. --ovn-northd-sb-db=PROTO:IP ADDRESS: PORT.. --ovn-ic-nb-db=PROTO:IP ADDRESS: PORT.. --ovn-ic-sb-db=PROTO:IP ADDRESS: PORT.. CLUSTERING OPTIONS --db-nb-cluster-local-addr=IP ADDRESS --db-nb-cluster-local-port=PORT NUMBER --db-nb-cluster-local-proto=PROTO (tcp/ssl) --db-nb-cluster-remote-addr=IP ADDRESS --db-nb-cluster-remote-port=PORT NUMBER --db-nb-cluster-remote-proto=PROTO (tcp/ssl) --db-nb-election-timer=Timeout in milliseconds --db-sb-cluster-local-addr=IP ADDRESS --db-sb-cluster-local-port=PORT NUMBER --db-sb-cluster-local-proto=PROTO (tcp/ssl) --db-sb-cluster-remote-addr=IP ADDRESS --db-sb-cluster-remote-port=PORT NUMBER --db-sb-cluster-remote-proto=PROTO (tcp/ssl) --db-sb-election-timer=Timeout in milliseconds --db-ic-nb-cluster-local-addr=IP ADDRESS --db-ic-nb-cluster-local-port=PORT NUMBER --db-ic-nb-cluster-local-proto=PROTO (tcp/ssl) --db-ic-nb-cluster-remote-addr=IP ADDRESS --db-ic-nb-cluster-remote-port=PORT NUMBER --db-ic-nb-cluster-remote-proto=PROTO (tcp/ssl) --db-ic-sb-cluster-local-addr=IP ADDRESS --db-ic-sb-cluster-local-port=PORT NUMBER --db-ic-sb-cluster-local-proto=PROTO (tcp/ssl) --db-ic-sb-cluster-remote-addr=IP ADDRESS --db-ic-sb-cluster-remote-port=PORT NUMBER --db-ic-sb-cluster-remote-proto=PROTO (tcp/ssl) --db-cluster-schema-upgrade=yes|no PROBE INTERVAL OPTIONS --db-nb-probe-interval-to-active=Time in milliseconds --db-sb-probe-interval-to-active=Time in milliseconds EXTRA OPTIONS Any options after ’-’ will be passed on to the binary run by command with the exception of start_northd, which can have options specified in ovn-northd-db-params.conf. Any extra_args passed to start_northd will be passed to the ovsdb-servers if --ovn-manage-ovsdb=yes CONFIGURATION FILES Following are the optional configuration files. If present, it should be located in the etc dir ovnnb-active.conf If present, this file should hold the url to connect to the active Northbound DB server tcp:x.x.x.x:6641 ovnsb-active.conf If present, this file should hold the url to connect to the active Southbound DB server tcp:x.x.x.x:6642 ovn-northd-db-params.conf If present, start_northd will not start the DB server even if --ovn-manage-ovsdb=yes. This file should hold the database url parame‐ ters to be passed to ovn-northd. --ovnnb-db=tcp:x.x.x.x:6641 --ovnsb-db=tcp:x.x.x.x:6642 ic-nb-active.conf If present, this file should hold the url to connect to the active In‐ terconnection Northbound DB server tcp:x.x.x.x:6645 ic-sb-active.conf If present, this file should hold the url to connect to the active In‐ terconnection Southbound DB server tcp:x.x.x.x:6646 ovn-ic-db-params.conf If present, this file should hold the database url parameters to be passed to ovn-ic. --ic-nb-db=tcp:x.x.x.x:6645 --ic-sb-db=tcp:x.x.x.x:6646 RUNNING OVN DB SERVERS WITHOUT DETACHING # ovn-ctl run_nb_ovsdb This command runs the OVN nb ovsdb-server without passing the detach option, making it to block until ovsdb-server exits. This command will be useful for starting the OVN nb ovsdb-server in a container. # ovn-ctl run_sb_ovsdb This command runs the OVN sb ovsdb-server without passing the detach option, making it to block until ovsdb-server exits. This command will be useful for starting the OVN sb ovsdb-server in a container. # ovn-ctl run_ic_nb_ovsdb This command runs the OVN IC-NB ovsdb-server without passing the detach option, making it to block until ovsdb-server exits. This command will be useful for starting the OVN IC-NB ovsdb-server in a container. # ovn-ctl run_ic_sb_ovsdb This command runs the OVN IC-SB ovsdb-server without passing the detach option, making it to block until ovsdb-server exits. This command will be useful for starting the OVN IC-SB ovsdb-server in a container. EXAMPLE USAGE Run ovn-controller on a host already running OVS # ovn-ctl start_controller Run ovn-northd on a host already running OVS # ovn-ctl start_northd All-in-one OVS+OVN for testing # ovs-ctl start --system-id="random" # ovn-ctl start_northd # ovn-ctl start_controller Promote and demote ovsdb servers # ovn-ctl promote_ovnnb # ovn-ctl promote_ovnsb # ovn-ctl --db-nb-sync-from-addr=x.x.x.x --db-nb-sync-from-port=6641 --db-nb-probe-interval-to-active=60000 demote_ovnnb # ovn-ctl --db-sb-sync-from-addr=x.x.x.x --db-sb-sync-from-port=6642 --db-sb-probe-interval-to-active=60000 demote_ovnsb Creating a clustered db on 3 nodes with IPs x.x.x.x, y.y.y.y and z.z.z.z Starting OVN ovsdb servers and ovn-northd on the node with IP x.x.x.x # ovn-ctl --db-nb-addr=x.x.x.x --db-nb-create-insecure-remote=yes --db-sb-addr=x.x.x.x --db-sb-create-insecure-remote=yes --db-nb-clus‐ ter-local-addr=x.x.x.x --db-sb-cluster-local-addr=x.x.x.x --ovn-northd-nb-db=tcp:x.x.x.x:6641,tcp:y.y.y.y:6641,tcp:z.z.z.z:6641 --ovn-northd-sb-db=tcp:x.x.x.x:6642,tcp:y.y.y.y:6642,tcp:z.z.z.z:6642 start_northd Starting OVN ovsdb-servers and ovn-northd on the node with IP y.y.y.y and joining the cluster started at x.x.x.x # ovn-ctl --db-nb-addr=y.y.y.y --db-nb-create-insecure-remote=yes --db-sb-addr=y.y.y.y --db-sb-create-insecure-remote=yes --db-nb-clus‐ ter-local-addr=y.y.y.y --db-sb-cluster-local-addr=y.y.y.y --db-nb-clus‐ ter-remote-addr=x.x.x.x --db-sb-cluster-remote-addr=x.x.x.x --ovn-northd-nb-db=tcp:x.x.x.x:6641,tcp:y.y.y.y:6641,tcp:z.z.z.z:6641 --ovn-northd-sb-db=tcp:x.x.x.x:6642,tcp:y.y.y.y:6642,tcp:z.z.z.z:6642 start_northd Starting OVN ovsdb-servers and ovn-northd on the node with IP z.z.z.z and joining the cluster started at x.x.x.x # ovn-ctl --db-nb-addr=z.z.z.z --db-nb-create-insecure-remote=yes --db-nb-cluster-local-addr=z.z.z.z --db-sb-addr=z.z.z.z --db-sb-cre‐ ate-insecure-remote=yes --db-sb-cluster-local-addr=z.z.z.z --db-nb-cluster-remote-addr=x.x.x.x --db-sb-cluster-remote-addr=x.x.x.x --ovn-northd-nb-db=tcp:x.x.x.x:6641,tcp:y.y.y.y:6641,tcp:z.z.z.z:6641 --ovn-northd-sb-db=tcp:x.x.x.x:6642,tcp:y.y.y.y:6642,tcp:z.z.z.z:6642 start_northd Passing ssl keys when starting OVN dbs will supersede the default ssl val‐ ues in db Starting standalone ovn db server passing SSL certificates # ovn-ctl --ovn-nb-db-ssl-key=/etc/ovn/ovnnb-privkey.pem --ovn-nb-db-ssl-cert=/etc/ovn/ovnnb-cert.pem --ovn-nb-db-ssl-ca-cert=/etc/ovn/cacert.pem --ovn-sb-db-ssl-key=/etc/ovn/ovnsb-privkey.pem --ovn-sb-db-ssl-cert=/etc/ovn/ovnsb-cert.pem --ovn-sb-db-ssl-ca-cert=/etc/ovn/cacert.pem start_northd Avoiding automatic clustered OVN database schema upgrade If you desire more control over clustered DB schema upgrade, you can opt-out of automatic on-start upgrade attempts with --no-db-clus‐ ter-schema-upgrade. Start OVN NB and SB clustered databases on host with IP x.x.x.x without schema upgrade # ovn-ctl start_nb_ovsdb --db-nb-cluster-local-addr=x.x.x.x --no-db-cluster-schema-upgrade # ovn-ctl start_sb_ovsdb --db-sb-clus‐ ter-local-addr=x.x.x.x --no-db-cluster-schema-upgrade Trigger clustered DB schema upgrade manually # ovsdb-client convert unix:/var/run/ovn/ovnnb_db.sock /usr/lo‐ cal/share/ovn/ovn-nb.ovsschema # ovsdb-client convert unix:/var/run/ovn/ovnsb_db.sock /usr/local/share/ovn/ovn-sb.ovsschema OVN 24.09.90 ovn-ctl ovn-ctl(8)