--no-wait | --wait=none
--wait=sb
--wait=hv
These options control whether and how ovn-nbctl waits for
the OVN system to become up-to-date with changes made in an
ovn-nbctl invocation.
By default, or if --no-wait or --wait=none, ovn-nbctl exits
immediately after confirming that changes have been
committed to the northbound database, without waiting.
With --wait=sb, before ovn-nbctl exits, it waits for
ovn-northd to bring the southbound database up-to-date with
the northbound database updates.
With --wait=hv, before ovn-nbctl exits, it additionally
waits for all OVN chassis (hypervisors and gateways) to
become up-to-date with the northbound database updates.
(This can become an indefinite wait if any chassis is
malfunctioning.)
Ordinarily, --wait=sb or --wait=hv only waits for changes by
the current ovn-nbctl invocation to take effect. This means
that, if none of the commands supplied to ovn-nbctl change
the database, then the command does not wait at all. Use the
sync command to override this behavior.
--db database
The OVSDB database remote to contact. If the OVN_NB_DB
environment variable is set, its value is used as the
default. Otherwise, the default is
unix:/usr/local/var/run/openvswitch/ovnnb_db.sock, but this
default is unlikely to be useful outside of single-machine
OVN test environments.
--leader-only
--no-leader-only
By default, or with --leader-only, when the database server
is a clustered database, ovn-nbctl will avoid servers other
than the cluster leader. This ensures that any data that
ovn-nbctl reads and reports is up-to-date. With
--no-leader-only, ovn-nbctl will use any server in the
cluster, which means that for read-only transactions it can
report and act on stale data (transactions that modify the
database are always serialized even with --no-leader-only).
Refer to Understanding Cluster Consistency in ovsdb(7) for
more information.
--shuffle-remotes
--no-shuffle-remotes
By default, or with --shuffle-remotes, when there are
multiple remotes specified in the OVSDB connection string
specified by --db or the OVN_NB_DB environment variable, the
order of the remotes will be shuffled before the client
tries to connect. The remotes will be shuffled only once to
a new order before the first connection attempt. The
following retries, if any, will follow the same new order.
The default behavior is to make sure clients of a clustered
database can distribute evenly to all memembers of the
cluster. With --no-shuffle-remotes, ovn-nbctl will use the
original order specified in the connection string to
connect. This allows user to specify the preferred order,
which is particularly useful for testing.
Daemon Options
--pidfile[=pidfile]
Causes a file (by default, program.pid) to be created
indicating the PID of the running process. If the pidfile
argument is not specified, or if it does not begin with /,
then it is created in /usr/local/var/run/openvswitch.
If --pidfile is not specified, no pidfile is created.
--overwrite-pidfile
By default, when --pidfile is specified and the specified
pidfile already exists and is locked by a running process,
the daemon refuses to start. Specify --overwrite-pidfile
to cause it to instead overwrite the pidfile.
When --pidfile is not specified, this option has no
effect.
--detach
Runs this program as a background process. The process
forks, and in the child it starts a new session, closes
the standard file descriptors (which has the side effect
of disabling logging to the console), and changes its
current directory to the root (unless --no-chdir is
specified). After the child completes its initialization,
the parent exits.
--monitor
Creates an additional process to monitor this program. If
it dies due to a signal that indicates a programming error
(SIGABRT, SIGALRM, SIGBUS, SIGFPE, SIGILL, SIGPIPE,
SIGSEGV, SIGXCPU, or SIGXFSZ) then the monitor process
starts a new copy of it. If the daemon dies or exits for
another reason, the monitor process exits.
This option is normally used with --detach, but it also
functions without it.
--no-chdir
By default, when --detach is specified, the daemon changes
its current working directory to the root directory after
it detaches. Otherwise, invoking the daemon from a
carelessly chosen directory would prevent the
administrator from unmounting the file system that holds
that directory.
Specifying --no-chdir suppresses this behavior, preventing
the daemon from changing its current working directory.
This may be useful for collecting core files, since it is
common behavior to write core dumps into the current
working directory and the root directory is not a good
directory to use.
This option has no effect when --detach is not specified.
--no-self-confinement
By default this daemon will try to self-confine itself to
work with files under well-known directories whitelisted
at build time. It is better to stick with this default
behavior and not to use this flag unless some other Access
Control is used to confine daemon. Note that in contrast
to other access control implementations that are typically
enforced from kernel-space (e.g. DAC or MAC), self-
confinement is imposed from the user-space daemon itself
and hence should not be considered as a full confinement
strategy, but instead should be viewed as an additional
layer of security.
--user=user:group
Causes this program to run as a different user specified
in user:group, thus dropping most of the root privileges.
Short forms user and :group are also allowed, with current
user or group assumed, respectively. Only daemons started
by the root user accepts this argument.
On Linux, daemons will be granted CAP_IPC_LOCK and
CAP_NET_BIND_SERVICES before dropping root privileges.
Daemons that interact with a datapath, such as
ovs-vswitchd, will be granted three additional
capabilities, namely CAP_NET_ADMIN, CAP_NET_BROADCAST and
CAP_NET_RAW. The capability change will apply even if the
new user is root.
On Windows, this option is not currently supported. For
security reasons, specifying this option will cause the
daemon process not to start.
