Difference between revisions of "Vzctl for upstream kernel"

Since version 4.0, vzctl tool can be used with upstream (non-OpenVZ) Linux kernels (that essentially means any recent 3.x kernel). At the moment, it provides just basic functionality. It is currently possible to create and start a container with the same steps as one would use for a normal OpenVZ container. Other features may be present with limited functionality, while some are not present at all.

Warning: Running vzctl on upstream kernels is considered an experimental feature. See #Limitatons below.

Installation

Note: This section describes installation for RPM-based distros. See #Building below if you want to compile vzctl from source.

First, set up OpenVZ yum repository. Download openvz.repo file and put it to your /etc/yum.repos.d/ repository, and import OpenVZ GPG key used for signing RPM packages. This can be achieved by the following commands, as root:

wget -P /etc/yum.repos.d/ http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

In case you can not cd to /etc/yum.repos.d, it means either yum is not installed on your system, or yum version is too old.

Then, install vzctl-core package:

yum install vzctl-core

Usage

For supported features, usage is expected to be the same as standard vzctl tool. See vzctl(8) for more information.

Networking

Networking is available through the switches --netdev_add, --netif_add, and their respective deletion counterparts.

IP mode networking (--ipadd / --ipdel) is currently not supported.

Limitations

The following vzctl commands are not working at all:

• quotaon/quotaoff/quotainit (vzquota-specific)
• convert, compact, snapshot* (ploop-specific)
• console (needs a virtual /dev/console, /dev/ttyN device)
• enter, exec and runscript (need pidns entering support)
• chkpnt, restore (currently need OpenVZ-kernel-specific checkpointing, CRIU will be supported later)

The following commands have severe limitations:

• stop. A container can be stopped from inside (say if one is connected to CT over ssh) in case the underlying kernel supports rebooting a PID namespace (> 3.4). Using vzctl, the "stop" command is not supported, unless accompanied by the --fast switch, which will simply forceably kill all processes in the container.

The following binaries are not ported to work on top of upstream kernel:

• vzlist
• vzcalc
• vzcfgvalidate
• vzcpucheck
• vzmemcheck
• vzmigrate
• vzeventd
• vzpid
• vzsplit
• vzubc

/proc and /sys

Software that depend on information supplied by the proc filesystem may not work correctly, since there is not a full solution for full /proc virtualization. For instance, /proc/stat is not yet virtualized, and top will show distorted values.

Resource management

Setting resources like --ram and --cpuunits work, but there their effect is dependent on what the current kernel supports, through the cgroups subsystem. When a particular cgroup file is present, it will be used. Currently, vzctl will search for the following files:

• cpu.cfs_quota_us
• cpu.shares
• cpuset.cpus
• memory.limit_in_bytes
• memory.memsw.limit_in_bytes
• memory.kmem.limit_in_bytes
• memory.kmem.tcp.limit_in_bytes

Building

Dependencies

The following software needs to be installed on your system:

• iproute2 >= 3.0.0 (runtime only)
• libcgroup >= 0.38

Download

You can get the latest released version from Download/vzctl/4.11.1#sources or directly from download:utils/vzctl/current/src/.

If you are living on the bleeding edge, get vzctl sources from git. Then run autogen.sh to recreate auto* files:

git clone git://git.openvz.org/pub/vzctl
cd vzctl
./autogen.sh

Compile

Usual ./confi

t makes sense to add --without-ploop (unless you want ploop compiled it) because otherwise you will need ploop lib headers.

$ ./configure --with-cgroup --without-ploop