From must-gather
Analyzes OVN Northbound and Southbound databases from a cluster must-gather, showing logical switches, ports, ACLs, and routers per zone. Also supports custom OVSDB JSON queries.
How this command is triggered — by the user, by Claude, or both
Slash command
/must-gather:ovn-dbs [must-gather-path]The summary Claude sees in its command listing — used to decide when to auto-load this command
## Name must-gather:ovn-dbs ## Synopsis ## Description The `ovn-dbs` command analyzes OVN Northbound and Southbound databases collected from clusters. It uses `ovsdb-tool` to query the binary database files (`.db`) collected per-node, providing detailed information about the logical network topology, pods, ACLs, and routers on each node. The command automatically maps ovnkube pods to their corresponding nodes by reading pod specifications from the must-gather data. **Two modes of operation:** 1. **Standard Analysis** (default): Runs pre-built analysis showing switches, ports, ACLs, an...
must-gather:ovn-dbs
/must-gather:ovn-dbs [must-gather-path] [--node <node-name>] [--query <json>]
The ovn-dbs command analyzes OVN Northbound and Southbound databases collected from clusters. It uses ovsdb-tool to query the binary database files (.db) collected per-node, providing detailed information about the logical network topology, pods, ACLs, and routers on each node.
The command automatically maps ovnkube pods to their corresponding nodes by reading pod specifications from the must-gather data.
Two modes of operation:
--query): Run custom OVSDB JSON queries for specific data extractionWhat it analyzes:
Important: This command only works with must-gathers from clusters, where each node/zone has its own database files.
The must-gather should contain:
network_logs/
└── ovnk_database_store.tar.gz
Required Tools:
ovsdb-tool must be installed (from openvswitch package)
which ovsdb-toolsudo dnf install openvswitch or sudo apt install openvswitch-commonAnalysis Script:
The script is bundled with this plugin:
<plugin-root>/skills/must-gather-analyzer/scripts/analyze_ovn_dbs.py
Where <plugin-root> is the directory where this plugin is installed (typically ~/.cursor/commands/ai-helpers/plugins/must-gather/ or similar).
Claude will automatically locate it by searching for the script in the plugin installation directory, regardless of your current working directory.
The command performs the following steps:
Locate Analysis Script:
SCRIPT_PATH=$(find ~ -name "analyze_ovn_dbs.py" -path "*/must-gather/skills/must-gather-analyzer/scripts/*" 2>/dev/null | head -1)
if [ -z "$SCRIPT_PATH" ]; then
echo "ERROR: analyze_ovn_dbs.py script not found."
echo "Please ensure the must-gather plugin from ai-helpers is properly installed."
exit 1
fi
SCRIPTS_DIR=$(dirname "$SCRIPT_PATH")
Extract Database Tarball:
network_logs/ovnk_database_store.tar.gz*_nbdb and *_sbdb filesQuery Each Zone's Database:
For each zone (node), query the Northbound database using ovsdb-tool query:
ovsdb-tool query <zone>_nbdb '["OVN_Northbound", {"op":"select", "table":"<table>", "where":[], "columns":[...]}]'
Analyze and Display:
Present Zone Summary:
The command outputs structured analysis for each node:
Found 6 node(s)
================================================================================
Node: ip-10-0-26-145.us-east-2.compute.internal
Pod: ovnkube-node-79cbh
================================================================================
Logical Switches: 4
Logical Switch Ports: 55
ACLs: 7
Logical Routers: 2
LOGICAL SWITCHES (4):
NAME PORTS
--------------------------------------------------------------------------------
transit_switch 6
ip-10-0-1-10.us-east-2.compute.internal 7
ext_ip-10-0-1-10.us-east-2.compute.internal 2
join 2
POD LOGICAL SWITCH PORTS (5):
NAMESPACE POD IP
------------------------------------------------------------------------------------------------------------------------
openshift-dns dns-default-abc123 10.128.0.5
openshift-monitoring prometheus-k8s-0 10.128.0.10
openshift-etcd etcd-master-0 10.128.0.3
...
ACCESS CONTROL LISTS (7):
PRIORITY DIRECTION ACTION MATCH
------------------------------------------------------------------------------------------------------------------------
1012 from-lport allow inport == @a4743249366342378346 && (ip4.mcast ...
1011 to-lport drop (ip4.mcast || mldv1 || mldv2 || ...
1001 to-lport allow-related ip4.src==10.128.0.2
...
LOGICAL ROUTERS (2):
NAME PORTS
--------------------------------------------------------------------------------
ovn_cluster_router 3
GR_ip-10-0-1-10.us-east-2.compute.internal 2
Analyze all nodes in a must-gather:
/must-gather:ovn-dbs ./must-gather/registry-ci-openshift-org-origin-4-20-...-sha256-abc123/
Shows logical network topology for all nodes.
Analyze specific node:
/must-gather:ovn-dbs ./must-gather/.../ --node ip-10-0-26-145
Shows OVN database information only for the specified node (supports partial name matching).
Analyze master node:
/must-gather:ovn-dbs ./must-gather/.../ --node master-0
Filter to a specific master node using partial name matching.
Interactive usage without path:
/must-gather:ovn-dbs
The command will ask for the must-gather path.
Check if pod exists in OVN:
/must-gather:ovn-dbs ./must-gather/.../
Then search the output for the pod name to see which node it's on and its IP allocation.
Investigate ACL rules on a specific node:
/must-gather:ovn-dbs ./must-gather/.../ --node worker-1
Review the ACL section for a specific node to understand traffic filtering rules.
Run custom OVSDB query (Query Mode):
/must-gather:ovn-dbs ./must-gather/.../ --query '["OVN_Northbound", {"op":"select", "table":"ACL", "where":[["priority", ">", 1000]], "columns":["priority","match","action"]}]'
Query ACLs with priority > 1000 across all nodes. Claude can construct the JSON query for any OVSDB table.
Query specific node with custom query:
/must-gather:ovn-dbs ./must-gather/.../ --node master-0 --query '["OVN_Northbound", {"op":"select", "table":"Logical_Switch", "where":[], "columns":["name","ports"]}]'
List all logical switches with their ports on master-0.
Query specific table (Claude constructs JSON): Just ask Claude to query a specific OVSDB table and it will construct the appropriate JSON query. For example:
Missing ovsdb-tool:
Error: ovsdb-tool not found. Please install openvswitch package.
Solution: Install openvswitch: sudo dnf install openvswitch
Missing database tarball:
Error: Database tarball not found: network_logs/ovnk_database_store.tar.gz
Solution: Ensure this is a must-gather from an OVN cluster.
Node not found:
Error: No databases found for node matching 'master-5'
Available nodes:
- ip-10-0-77-117.us-east-2.compute.internal
- ip-10-0-26-145.us-east-2.compute.internal
- ip-10-0-1-194.us-east-2.compute.internal
Solution: Use one of the listed node names or a partial match.
ovsdb-tool to read OVSDB binary files directlyexternal_ids with pod=trueaddresses field (format: "MAC IP")["OVN_Northbound", {"op":"select", "table":"...", ...}]Verify Pod Network Configuration:
Troubleshoot Connectivity Issues:
Understand Topology:
Audit Network Policies:
npx claudepluginhub cblecker/ai-helpers --plugin must-gather20plugins reuse this command
First indexed Jan 1, 2026
Showing the 6 earliest of 20 plugins
/ovs-dbAnalyzes Open vSwitch data from sosreports — parses conf.db and text files to report OVS version, bridges, interfaces, OpenFlow flows, port stats, tunnels, and datapath health. Supports custom OVSDB queries.
/analyze-performanceAnalyzes etcd performance metrics in OpenShift clusters, examining disk, commit, and network latency to identify bottlenecks. Accepts optional --duration flag.
/statusChecks Omni-managed Talos cluster phase and health, Kubernetes nodes, ArgoCD applications, External Secrets, and Longhorn storage, producing a formatted status report with issues.
/SKILLCreates and runs command templates with validation rules for CLI checks on network devices. Also supports analytic templates for pre/post comparison and compliance validations.
/openshiftDiagnoses and resolves OpenShift cluster issues across SCC, Routes, GitOps, and upgrades. Also supports a debug mode for general troubleshooting.
/security-scanScans PostgreSQL and MySQL databases for 50+ security vulnerabilities including weak passwords, excessive permissions, SQL injection vectors, and missing encryption. Generates OWASP compliance reports and automated remediation scripts.