OVSDB-SERVER(7) Open vSwitch OVSDB-SERVER(7)
NAME
ovsdb-server - Open vSwitch Database Server Protocol
DESCRIPTION
ovsdb-server implements the Open vSwitch Database (OVSDB) protocol
specified in RFC 7047. This document provides clarifications for how
ovsdb-server implements the protocol and describes the extensions that
it provides beyond RFC 7047. Numbers in section headings refer to cor‐
responding sections in RFC 7047.
3.1 JSON Usage
RFC 4627 says that names within a JSON object should be unique. The
Open vSwitch JSON parser discards all but the last value for a name
that is specified more than once.
The definition of <error> allows for implementation extensions. Cur‐
rently ovsdb-server uses the following additional error strings (which
might change in later releases):
syntax error or unknown column
The request could not be parsed as an OVSDB request. An addi‐
tional syntax member, whose value is a string that contains
JSON, may narrow down the particular syntax that could not be
parsed.
internal error
The request triggered a bug in ovsdb-server.
ovsdb error
A map or set contains a duplicate key.
permission error
The request was denied by the role-based access control exten‐
sion, introduced in version 2.8.
3.2 Schema Format
RFC 7047 requires the version field in <database-schema>. Current ver‐
sions of ovsdb-server allow it to be omitted (future versions are
likely to require it).
RFC 7047 allows columns that contain weak references to be immutable.
This raises the issue of the behavior of the weak reference when the
rows that it references are deleted. Since version 2.6, ovsdb-server
forces columns that contain weak references to be mutable.
Since version 2.8, the table name RBAC_Role is used internally by the
role-based access control extension to ovsdb-server and should not be
used for purposes other than defining mappings of role names to table
access permissions. This table has one row per role name and the fol‐
lowing columns:
name The role name.
permissions
A map of table name to a reference to a row in a separate per‐
mission table.
The separate RBAC permission table has one row per access control con‐
figuration and the following columns:
name The name of the table to which the row applies.
authorization
The set of column names and column:key pairs to be compared with
the client ID in order to determine the authorization status of
the requested operation.
insert_delete
A boolean value, true if authorized insertions and deletions are
allowed, false if no insertions or deletions are allowed.
update The set of columns and column:key pairs for which authorized up‐
date and mutate operations should be permitted.
4 Wire Protocol
The original OVSDB specifications included the following reasons, omit‐
ted from RFC 7047, to operate JSON-RPC directly over a stream instead
of over HTTP:
• JSON-RPC is a peer-to-peer protocol, but HTTP is a client-server pro‐
tocol, which is a poor match. Thus, JSON-RPC over HTTP requires the
client to periodically poll the server to receive server requests.
• HTTP is more complicated than stream connections and doesn’t provide
any corresponding advantage.
• The JSON-RPC specification for HTTP transport is incomplete.
4.1.3 Transact
Since version 2.8, role-based access controls can be applied to opera‐
tions within a transaction that would modify the contents of the data‐
base (these operations include row insert, row delete, column update,
and column mutate). Role-based access controls are applied when the
database schema contains a table with the name RBAC_Role and the con‐
nection on which the transaction request was received has an associated
role name (from the role column in the remote connection table). When
role-based access controls are enabled, transactions that are otherwise
well-formed may be rejected depending on the client’s role, ID, and the
contents of the RBAC_Role table and associated permissions table.
4.1.5 Monitor
For backward compatibility, ovsdb-server currently permits a single
<monitor-request> to be used instead of an array; it is treated as a
single-element array. Future versions of ovsdb-server might remove
this compatibility feature.
Because the <json-value> parameter is used to match subsequent update
notifications (see below) to the request, it must be unique among all
active monitors. ovsdb-server rejects attempt to create two monitors
with the same identifier.
When a given client sends a transact request that changes a table that
the same client is monitoring, ovsdb-server always sends the update (or
update2 or update3) for these changes before it sends the reply to the
transact request. Thus, when a client receives a transact reply, it
can know immediately what changes (if any) the transaction made. (If
ovsdb-server might use the other order, then a client that wishes to
act on based on the results of its own transactions would not know when
this was guaranteed to have taken place.)
4.1.7 Monitor Cancellation
When a database monitored by a session is removed, and database change
awareness is enabled for the session (see Section 4.1.16), the database
server spontaneously cancels all monitors (including conditional moni‐
tors described in Section 4.1.12) for the removed database. For each
canceled monitor, it issues a notification in the following form:
"method": "monitor_canceled"
"params": [<json-value>]
"id": null
4.1.12 Monitor_cond
A new monitor method added in Open vSwitch version 2.6. The moni‐
tor_cond request enables a client to replicate subsets of tables within
an OVSDB database by requesting notifications of changes to rows match‐
ing one of the conditions specified in where by receiving the specified
contents of these rows when table updates occur. monitor_cond also al‐
lows a more efficient update notifications by receiving <table-up‐
dates2> notifications (described below).
The monitor method described in Section 4.1.5 also applies to moni‐
tor_cond, with the following exceptions:
• RPC request method becomes monitor_cond.
• Reply result follows <table-updates2>, described in Section 4.1.14.
• Subsequent changes are sent to the client using the update2 monitor
notification, described in Section 4.1.14
• Update notifications are being sent only for rows matching [<condi‐
tion>*].
The request object has the following members:
"method": "monitor_cond"
"params": [<db-name>, <json-value>, <monitor-cond-requests>]
"id": <nonnull-json-value>
The <json-value> parameter is used to match subsequent update notifica‐
tions (see below) to this request. The <monitor-cond-requests> object
maps the name of the table to an array of <monitor-cond-request>.
Each <monitor-cond-request> is an object with the following members:
"columns": [<column>*] optional
"where": [<condition>*] optional
"select": <monitor-select> optional
The columns, if present, define the columns within the table to be mon‐
itored that match conditions. If not present, all columns are moni‐
tored.
The where, if present, is a JSON array of <condition> and boolean val‐
ues. If not present or condition is an empty array, implicit True will
be considered and updates on all rows will be sent.
<monitor-select> is an object with the following members:
"initial": <boolean> optional
"insert": <boolean> optional
"delete": <boolean> optional
"modify": <boolean> optional
The contents of this object specify how the columns or table are to be
monitored as explained in more detail below.
The response object has the following members:
"result": <table-updates2>
"error": null
"id": same "id" as request
The <table-updates2> object is described in detail in Section 4.1.14.
It contains the contents of the tables for which initial rows are se‐
lected. If no tables initial contents are requested, then result is an
empty object.
Subsequently, when changes to a specified table that match one of the
conditions in <monitor-cond-request> are committed, the changes are au‐
tomatically sent to the client using the update2 monitor notification
(see Section 4.1.14). This monitoring persists until the JSON-RPC ses‐
sion terminates or until the client sends a monitor_cancel JSON-RPC re‐
quest.
Each <monitor-cond-request> specifies one or more conditions and the
manner in which the rows that match the conditions are to be monitored.
The circumstances in which an update notification is sent for a row
within the table are determined by <monitor-select>:
• If initial is omitted or true, every row in the original table that
matches one of the conditions is sent as part of the response to the
monitor_cond request.
• If insert is omitted or true, update notifications are sent for rows
newly inserted into the table that match conditions or for rows modi‐
fied in the table so that their old version does not match the condi‐
tion and new version does.
• If delete is omitted or true, update notifications are sent for rows
deleted from the table that match conditions or for rows modified in
the table so that their old version does match the conditions and new
version does not.
• If modify is omitted or true, update notifications are sent whenever
a row in the table that matches conditions in both old and new ver‐
sion is modified.
Both monitor and monitor_cond sessions can exist concurrently. However,
monitor and monitor_cond shares the same <json-value> parameter space;
it must be unique among all monitor and monitor_cond sessions.
4.1.13 Monitor_cond_change
The monitor_cond_change request enables a client to change an existing
monitor_cond replication of the database by specifying a new condition
and columns for each replicated table. Currently changing the columns
set is not supported.
The request object has the following members:
"method": "monitor_cond_change"
"params": [<json-value>, <json-value>, <monitor-cond-update-requests>]
"id": <nonnull-json-value>
The <json-value> parameter should have a value of an existing condi‐
tional monitoring session from this client. The second <json-value> in
params array is the requested value for this session. This value is
valid only after monitor_cond_change is committed. A user can use these
values to distinguish between update messages before conditions update
and after. The <monitor-cond-update-requests> object maps the name of
the table to an array of <monitor-cond-update-request>. Monitored ta‐
bles not included in <monitor-cond-update-requests> retain their cur‐
rent conditions.
Each <monitor-cond-update-request> is an object with the following mem‐
bers:
"columns": [<column>*] optional
"where": [<condition>*] optional
The columns specify a new array of columns to be monitored, although
this feature is not yet supported.
The where specify a new array of conditions to be applied to this moni‐
toring session.
The response object has the following members:
"result": {}
"error": null
"id": same "id" as request
Subsequent <table-updates2> notifications are described in detail in
Section 4.1.14 in the RFC. If insert contents are requested by origi‐
nal monitor_cond request, <table-updates2> will contain rows that match
the new condition and do not match the old condition. If deleted con‐
tents are requested by origin monitor request, <table-updates2> will
contain any matched rows by old condition and not matched by the new
condition.
Changes according to the new conditions are automatically sent to the
client using the update2 or update3 monitor notification depending on
the monitor method. An update, if any, as a result of a condition
change, will be sent to the client before the reply to the moni‐
tor_cond_change request.
4.1.14 Update2 notification
The update2 notification is sent by the server to the client to report
changes in tables that are being monitored following a monitor_cond re‐
quest as described above. The notification has the following members:
"method": "update2"
"params": [<json-value>, <table-updates2>]
"id": null
The <json-value> in params is the same as the value passed as the
<json-value> in params for the corresponding monitor request. <ta‐
ble-updates2> is an object that maps from a table name to a <table-up‐
date2>. A <table-update2> is an object that maps from row’s UUID to a
<row-update2> object. A <row-update2> is an object with one of the fol‐
lowing members:
"initial": <row>
present for initial updates
"insert": <row>
present for insert updates
"delete": <row>
present for delete updates
"modify": <row>"
present for modify updates
The format of <row> is described in Section 5.1.
<row> is always a null object for a delete update. In initial and in‐
sert updates, <row> omits columns whose values equal the default value
of the column type.
For a modify update, <row> contains only the columns that are modified.
<row> stores the difference between the old and new value for those
columns, as described below.
For columns with single value, the difference is the value of the new
column.
The difference between two sets are all elements that only belong to
one of the sets.
The difference between two maps are all key-value pairs whose keys ap‐
pears in only one of the maps, plus the key-value pairs whose keys ap‐
pear in both maps but with different values. For the latter elements,
<row> includes the value from the new column.
Initial views of rows are not presented in update2 notifications, but
in the response object to the monitor_cond request. The formatting of
the <table-updates2> object, however, is the same in either case.
4.1.15 Monitor_cond_since
A new monitor method added in Open vSwitch version 2.12. The moni‐
tor_cond_since request enables a client to request changes that hap‐
pened after a specific transaction id. A client can use this feature to
request only latest changes after a server connection reset instead of
re-transfer all data from the server again.
The monitor_cond method described in Section 4.1.12 also applies to
monitor_cond_since, with the following exceptions:
• RPC request method becomes monitor_cond_since.
• Reply result includes extra parameters.
• Subsequent changes are sent to the client using the update3 monitor
notification, described in Section 4.1.16
The request object has the following members:
"method": "monitor_cond_since"
"params": [<db-name>, <json-value>, <monitor-cond-requests>, <last-txn-id>]
"id": <nonnull-json-value>
The <last-txn-id> parameter is the transaction id that identifies the
latest data the client already has, and it requests server to send
changes AFTER this transaction (exclusive).
All other parameters are the same as monitor_cond method.
The response object has the following members:
"result": [<found>, <last-txn-id>, <table-updates2>]
"error": null
"id": same "id" as request
The <found> is a boolean value that tells if the <last-txn-id> re‐
quested by client is found in server’s history or not. If true, the
changes after that version up to current is sent. Otherwise, all data
is sent.
The <last-txn-id> is the transaction id that identifies the latest
transaction included in the changes in <table-updates2> of this re‐
sponse, so that client can keep tracking. If there is no change in‐
volved in this response, it is the same as the <last-txn-id> in the re‐
quest if <found> is true, or zero uuid if <found> is false. If the
server does not support transaction uuid, it will be zero uuid as well.
All other parameters are the same as in response object of monitor_cond
method.
Like in monitor_cond, subsequent changes that match conditions in <mon‐
itor-cond-request> are automatically sent to the client, but using up‐
date3 monitor notification (see Section 4.1.16), instead of update2.
4.1.16 Update3 notification
The update3 notification is sent by the server to the client to report
changes in tables that are being monitored following a moni‐
tor_cond_since request as described above. The notification has the
following members:
"method": "update3"
"params": [<json-value>, <last-txn-id>, <table-updates2>]
"id": null
The <last-txn-id> is the same as described in the response object of
monitor_cond_since.
All other parameters are the same as in update2 monitor notification
(see Section 4.1.14).
4.1.17 Get Server ID
A new RPC method added in Open vSwitch version 2.7. The request con‐
tains the following members:
"method": "get_server_id"
"params": null
"id": <nonnull-json-value>
The response object contains the following members:
"result": "<server_id>"
"error": null
"id": same "id" as request
<server_id> is JSON string that contains a UUID that uniquely identi‐
fies the running OVSDB server process. A fresh UUID is generated when
the process restarts.
4.1.18 Database Change Awareness
RFC 7047 does not provide a way for a client to find out about some
kinds of configuration changes, such as about databases added or re‐
moved while a client is connected to the server, or databases changing
between read/write and read-only due to a transition between active and
backup roles. Traditionally, ovsdb-server disconnects all of its
clients when this happens, because this prompts a well-written client
to reassess what is available from the server when it reconnects.
OVS 2.9 provides a way for clients to keep track of these kinds of
changes, by monitoring the Database table in the _Server database in‐
troduced in this release (see ovsdb-server(5) for details). By itself,
this does not suppress ovsdb-server disconnection behavior, because a
client might monitor this database without understanding its special
semantics. Instead, ovsdb-server provides a special request:
"method": "set_db_change_aware"
"params": [<boolean>]
"id": <nonnull-json-value>
If the boolean in the request is true, it suppresses the connec‐
tion-closing behavior for the current connection, and false restores
the default behavior. The reply is always the same:
"result": {}
"error": null
"id": same "id" as request
4.1.19 Schema Conversion
Open vSwitch 2.9 adds a new JSON-RPC request to convert an online data‐
base from one schema to another. The request contains the following
members:
"method": "convert"
"params": [<db-name>, <database-schema>]
"id": <nonnull-json-value>
Upon receipt, the server converts database <db-name> to schema <data‐
base-schema>. The schema’s name must be <db-name>. The conversion is
atomic, consistent, isolated, and durable. The data in the database
must be valid when interpreted under <database-schema>, with only one
exception: data for tables and columns that do not exist in the new
schema are ignored. Columns that exist in <database-schema> but not in
the database are set to their default values. All of the new schema’s
constraints apply in full.
If the conversion is successful, the server notifies clients that use
the set_db_change_aware RPC introduced in Open vSwitch 2.9 and cancels
their outstanding transactions and monitors. The server disconnects
other clients, enabling them to notice the change when they reconnect.
The server sends the following reply:
"result": {}
"error": null
"id": same "id" as request
If the conversion fails, then the server sends an error reply in the
following form:
"result": null
"error": [<error>]
"id": same "id" as request
5.1 Notation
For <condition>, RFC 7047 only allows the use of !=, ==, includes, and
excludes operators with set types. Open vSwitch 2.4 and later extend
<condition> to allow the use of <, <=, >=, and > operators with a col‐
umn with type “set of 0 or 1 integer” and an integer argument, and with
“set of 0 or 1 real” and a real argument. These conditions evaluate to
false when the column is empty, and otherwise as described in RFC 7047
for integer and real types.
<condition> is specified in Section 5.1 in the RFC with the following
change: A condition can be either a 3-element JSON array as described
in the RFC or a boolean value. In case of an empty array an implicit
true boolean value will be considered.
5.2.1 Insert
As an extension, Open vSwitch 2.13 and later allow an optional uuid
member to specify the UUID for the new row. The specified UUID must be
unique within the table when it is inserted and not the UUID of a row
previously deleted within the transaction. If the UUID violates these
rules, then the operation fails with a duplicate uuid error.
5.2.6 Wait, 5.2.7 Commit, 5.2.9 Comment
RFC 7047 says that the wait, commit, and comment operations have no
corresponding result object. This is not true. Instead, when such an
operation is successful, it yields a result object with no members.
AUTHOR
The Open vSwitch Development Community
COPYRIGHT
2016-2021, The Open vSwitch Development Community
3.3 Jun 07, 2024 OVSDB-SERVER(7)