Editing Vzctl for upstream kernel

Since version 4.0, vzctl tool can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality.
It is currently possible to create and start a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all.

{{Warning| Running vzctl on upstream kernels is considered an experimental feature.}}

== Limitations ==
The following vzctl commands are not working at all:
* <code>quotaon</code>/<code>quotaoff</code>/<code>quotainit</code> (vzquota-specific)
* <code>convert</code>, <code>compact</code>, <code>snapshot*</code> (ploop-specific)
* <code>console</code> (needs a virtual /dev/console, /dev/ttyN device)
* <code>enter</code>, <code>exec</code> and <code>runscript</code> (need pidns entering support)
* <code>chkpnt</code>, <code>restore</code> (currently need OpenVZ-kernel-specific checkpointing, [http://crui.org/ CRIU] will be supported later)

The following commands have severe limitations:
* <code>stop</code>. A container can be stopped from inside (say if one is connected to CT over ssh) in case the underlying kernel supports rebooting a PID namespace (> 3.4). Using vzctl, the "stop" command is not supported, unless accompanied by the --fast switch, which will simply forceably kill all processes in the container.

=== /proc and /sys ===
Software that depend on information supplied by the proc filesystem may not work correctly, since there is not a full solution for full /proc virtualization. For instance, /proc/stat is not yet virtualized, and top will show distorted values.

=== Resource management ===

Setting resources like <code>--ram</code> and <code>--cpuunits</code> work, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:
* cpu.cfs_quota_us
* cpu.shares
* cpuset.cpus
* memory.limit_in_bytes
* memory.memsw.limit_in_bytes
* memory.kmem.limit_in_bytes
* memory.kmem.tcp.limit_in_bytes

=== Other binaries ===

Pretty much everything else other than vzctl is not working. That includes:
* vzlist
* vzcalc
* vzcfgvalidate
* vzcpucheck
* vzmemcheck
* vzmigrate
* vzeventd
* vzpid
* vzsplit
* vzubc

== Building ==

=== Dependencies ===

The following software needs to be installed on your system:

* iproute2 >= 3.0.0 (runtime only)
* libcg >= 0.38

=== Compile ===

Upstream support is not enabled by default. To build it into vzctl, one needs to specify the <code>--with-cgroup</code> switch to <code>configure</code>. Also, it makes sense to add <code>--without-ploop</code> (unless you want ploop compiled it) because otherwise you will need ploop lib headers.

 $ ./configure --with-cgroup --without-ploop

== Using ==

For supported features, usage is expected to be the same as standard vzctl tool.

=== Networking ===
Networking is available through the switches --netdev_add, --netif_add, and their respective deletion counterparts.

IP mode networking (--ipadd / --ipdel) is currently not supported.
@@ Line 1: / Line 1: @@
-{{DISPLAYTITLE: vzctl for upstream kernel}}
+Since version 4.0, vzctl tool can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality.
+It is currently possible to create and start a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all.
-'''This article describes using OpenVZ tool vzctl as an alternative to LXC tools.'''
+{{Warning| Running vzctl on upstream kernels is considered an experimental feature.}}
-Recent vzctl releases (starting from version 4.0) can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality.
-It is currently possible to create, start and stop a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all. We appreciate all bug reports, please file to [http://bugzilla.openvz.org/enter_bug.cgi?component=vzctl bugzilla].
-Running vzctl on upstream kernels is considered an experimental feature. See [[#Limitations]] below.
-== Installation ==
-{{Note|This section describes installation for RPM-based distros. See [[#Building]] below if you want to compile vzctl from source.}}
-First, set up OpenVZ yum repository. Download [[download:openvz.repo|openvz.repo]] file and put it to your <code>/etc/yum.repos.d/</code> repository,
-and import OpenVZ GPG key used for signing RPM packages. This can be achieved by the following commands, as root:
-<pre><nowiki>
-wget -P /etc/yum.repos.d/ http://download.openvz.org/openvz.repo
-rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
-</nowiki></pre>
-In case you can not cd to /etc/yum.repos.d, it means either yum is not installed on your system, or yum version is too old.
-Then, install vzctl-core package:
- yum install vzctl-core
-== Usage ==
-For supported features, usage is expected to be the same as standard vzctl tool. See {{man|vzctl|8}} for more information.
-=== Networking ===
-{{Note|IP mode networking (--ipadd / --ipdel) is currently not supported}}
-Networking is available through the switches <code>--netdev_add</code>, <code>--netif_add</code>, and their respective deletion counterparts.
-Unfortunately now it requires some manual configuration.
-== Bridged networking ==
-The following example assumes
-* you already have a bridge configured on the host system
-* bridge interface name is virbr0
-* CT is running Red Hat like distro (CentOS)
- vzctl set $CTID --netif_add eth0,,,,virbr0 --save
- echo "NETWORKING=yes" > /vz/private/$CTID/etc/sysconfig/network
- cat << EOF > /vz/private/$CTID/etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- BOOTPROTO=dhcp
- ONBOOT=yes
- EOF
- vzctl start $CTID
-After this, you can find CT IP using this:
- # ip netns exec $CTID ip address list
 == Limitations ==
+The following vzctl commands are not working at all:
-{{Note|We recommend using [[Download/kernel/rhel6|OpenVZ kernel]] for features, stability and security}}
-The following vzctl commands are not working at all with the non-OpenVZ kernel:
 * <code>quotaon</code>/<code>quotaoff</code>/<code>quotainit</code> (vzquota-specific)
 * <code>convert</code>, <code>compact</code>, <code>snapshot*</code> (ploop-specific)
 * <code>console</code> (needs a virtual /dev/console, /dev/ttyN device)
-* <code>chkpnt</code>, <code>restore</code> (currently need OpenVZ-kernel-specific checkpointing, [http://criu.org/ CRIU] will be supported later)
+* <code>enter</code>, <code>exec</code> and <code>runscript</code> (need pidns entering support)
+* <code>chkpnt</code>, <code>restore</code> (currently need OpenVZ-kernel-specific checkpointing, [http://crui.org/ CRIU] will be supported later)
-The following binaries are not ported to work on top of upstream kernel:
+The following commands have severe limitations:
-* vzlist
+* <code>stop</code>. A container can be stopped from inside (say if one is connected to CT over ssh) in case the underlying kernel supports rebooting a PID namespace (> 3.4). Using vzctl, the "stop" command is not supported, unless accompanied by the --fast switch, which will simply forceably kill all processes in the container.
-* vzcalc
-* vzcfgvalidate
-* vzcpucheck
-* vzmemcheck
-* vzmigrate
-* vzeventd
-* vzpid
-* vzsplit
-* vzubc
 === /proc and /sys ===
@@ Line 84: / Line 20: @@
 === Resource management ===
-With non-OpenVZ kernel, setting resources like <code>--ram</code> and <code>--cpuunits</code> works, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:
+Setting resources like <code>--ram</code> and <code>--cpuunits</code> work, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:
 * cpu.cfs_quota_us
 * cpu.shares
@@ Line 92: / Line 28: @@
 * memory.kmem.limit_in_bytes
 * memory.kmem.tcp.limit_in_bytes
+=== Other binaries ===
+Pretty much everything else other than vzctl is not working. That includes:
+* vzlist
+* vzcalc
+* vzcfgvalidate
+* vzcpucheck
+* vzmemcheck
+* vzmigrate
+* vzeventd
+* vzpid
+* vzsplit
+* vzubc
 == Building ==
-In case you don't want to use packages provided by OpenVZ (available from [[Download/vzctl]]), but rather would like to compile vzctl from sources, read on.
 === Dependencies ===
@@ Line 102: / Line 50: @@
 * iproute2 >= 3.0.0 (runtime only)
-* libcgroup >= 0.38
+* libcg >= 0.38
-=== Download ===
-You can get the latest released version from [[Download/vzctl/{{Latest vzctl}}#sources]] or directly from [[download:utils/vzctl/current/src/]].
-If you are living on the bleeding edge, get vzctl sources from git. Then run autogen.sh to recreate auto* files:
- git clone <nowiki>https://src.openvz.org/scm/ovzl/vzctl.git</nowiki>
- cd vzctl
- ./autogen.sh
 === Compile ===
-Usual <code>./configure && make</code> should do. But you probably want to specify more options. It makes sense to:
+Upstream support is not enabled by default. To build it into vzctl, one needs to specify the <code>--with-cgroup</code> switch to <code>configure</code>. Also, it makes sense to add <code>--without-ploop</code> (unless you want ploop compiled it) because otherwise you will need ploop lib headers.
-* enable cgroup support
+ $ ./configure --with-cgroup --without-ploop
-* add <code>--without-ploop</code> (unless you want [[ploop]] compiled it) because otherwise you will need ploop lib headers (available from [[Download/ploop]]).
-* enable bash completion support
-* set prefix to /usr
-See <code>./configure --help</code> output for more details and options available.
+== Using ==
-So, the command will look like:
+For supported features, usage is expected to be the same as standard vzctl tool.
- $ ./configure --with-cgroup --without-ploop --enable-bashcomp --prefix=/usr
+=== Networking ===
- $ make -j4
+Networking is available through the switches --netdev_add, --netif_add, and their respective deletion counterparts.
-=== Install ===
- # make install
-vzctl is also bundled in some Linux distributions, so you can install vzctl using native distro tools (i.e. your package manager):
-* vzctl in [https://launchpad.net/ubuntu/+source/vzctl Ubuntu Linux] [https://help.ubuntu.com/community/OpenVZ Description]
-* vzctl-core in [https://apps.fedoraproject.org/packages/vzctl-core Fedora Linux] [https://fedoraproject.org/wiki/QA:Testcase_vzctl_base Description]
-* sys-cluster/vzctl in [http://packages.gentoo.org/package/sys-cluster/vzctl Gentoo Linux]
-* vzctl in [https://packages.debian.org/search?keywords=vzctl Debian Linux]
-* vzctl in [http://packages.altlinux.org/vzctl ALT Linux] ([http://altlinux.org/OpenVZ description])
-== Known issues and workarounds ==
-=== A container doesn't boot and udevd is in a process list ===
-udev doesn't work, because <code>uevent</code>s are not virtualized yet. If you don't know how to disable it, you can remove the udev package.
-=== <code>vzctl enter</code> doesn't work ===
-You see this when trying to use <code>vzctl enter</code>:
- Unable to open pty: No such file or directory
-If a CT is executed in a user namespace, devpts must be mounted with the newinstance option. You can add this option in container's <code>/etc/fstab</code> file.
-== See also ==
-* [[OpenVZ with upstream kernel]]
+IP mode networking (--ipadd / --ipdel) is currently not supported.