Changes

← Older edit

Man/vzctl.8

32,025 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

vzctl −

~~utility to control~~ perform various operations on an OpenVZ container.

== SYNOPSIS ==

<~~p style~~table width="~~margin-left:11~~100%~~; margin-top: 1em~~"~~>vzctl~~border="0" rules="none" frame="void"~~[flags] create CTID</i~~ cellspacing="0" cellpadding="0">[<~~b>--ostemplate name] [--config</b~~tr valign="top" align="left"><~~i>name] [--private <i~~td width="11%">~~path~~</~~i>] [--root</b~~td><~~i>path] [--ipadd addr] [--hostnamename]</p~~td width="7%">

~~vzctl~~[<ib>~~flags~~vzctl</~~i>] <~~b>~~set~~</bp> ~~CTID parameters~~</itd>[<btd width="2%">~~--save~~</btd>]</ptd width="80%">

~~vzctl~~[<ib>~~flags~~vzctl</~~i>] <~~b>~~exec~~</~~b> | <b~~p>~~exec2~~</~~b> <i~~td>~~CTIDcommand~~<~~/i> [<i~~td width="2%">~~arg~~</itd> ~~...]~~</ptd width="80%">

~~vzctl~~[flags] ~~enter~~start CTID [--~~exec~~wait][<ib>~~command~~--force</ib> ] [<ib>~~arg~~--skip-fsck</ib> ~~...~~][--skip-remount] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~vzctl~~[<ib>~~flags~~vzctl</ib>] <b/p>~~runscript~~</btd> <itd width="2%">~~CTID script~~</itd></ptd width="80%">

~~vzctl~~[flags] stop CTID [--~~help~~fast | ][--~~version~~skip-umount] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] restart CTID[--wait] [--force] [-~~left:11%; margin~~-~~top: 1em"~~fast~~Utility~~][~~vzctl~~--skip-fsck ~~runs on the host system (otherwise known as~~] [--skip-remount]</td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] suspend | resumeCTID [--dumpfile name]</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

[flags] snapshot CTID[--id uuid][--name name][--description desc][--skip-suspend] [--skip-config]</td></tr><tr valign="~~margin-~~top~~: 1em~~" align="left">~~These flags come before acommand, and can be used with any command. They affect~~<td width="11%"></td>~~logging to console (terminal) only, and do not affectlogging to a log file.~~</ptd width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] snapshot-switch CTID[--skip-resume | --must-resume][--skip-config] --id uuid</td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [<bi>~~VERBOSE~~flags</bi> ~~parameter in theglobal configuration file [[Man/vz.conf.5|~~] ~~vz.conf~~snapshot-delete~~(5)]], or to~~ <bi>0CTID</bi>~~if not set by~~ ~~VERBOSE~~--id ~~parameter.~~uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Setting container parameters ===~~"80%">

[flags] ~~set~~snapshot-mount CTID~~parameters~~ [--~~save~~id~~] [~~uuid --~~force~~target]dir</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~This command sets variouscontainer parameters. If a~~ ~~--save~~vzctl ~~flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|ctid.conf~~</~~b>(5)]]. Use <b~~p>~~--force~~</btd> ~~to save theparameters even if the current kernel doesn’t supportOpenVZ. If the container is currently running,~~ <btd width="2%">~~vzctl~~</btd>~~applies these parameters to the container.~~</ptd width="80%">

[flags] snapshot-~~left:17%; margin-top: 1em"~~umount CTID~~The followingparameters can be used with~~ ~~set~~--id ~~command.~~uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~Miscellaneous~~ vzctl<br/b>~~--onboot yes~~</btd>|<btd width="2%">no</btd></ptd width="80%">

[flags] snapshot-~~left:17%;"~~list CTID~~Sets whether the container willbe started during system boot~~[-H] [-o field[,field... ~~The container will not be~~]~~auto~~[--~~started unless this parameter is set to~~ id ~~yes~~uuid.]</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--bootorder~~vzctl</td><itd width="2%">~~number~~</itd></ptd width="80%">

~~Sets the boot order priorityfor this CT. The higher the~~ [flags~~number~~] set CTID --parameter value ~~is, the earlier inthe boot process this container starts~~[... ~~By default this~~] [--save] [--force]~~parameter is unset, which is considered to be the lowestpriority, so containers with unset~~ [--setmode restart|~~bootorder~~ignore ~~will~~] </td></tr><tr valign="top" align="left">~~start last.~~<td width="11%"></ptd><td width="7%">

~~--root~~vzctl <i/p>~~path~~</itd><td width="2%"></ptd><td width="80%">

~~Sets the path to root directoryfor this container. This is essentially a mount point forcontainer’s root directory. Argument can containliteral string~~ [flags] ~~$VEID~~set~~, which will be substituted withthe numeric CT ID. Changing this parameter is not~~CTID~~recommended, better edit [[Man/vz.conf.5|~~~~vz.conf~~--reset_ub~~(5)]] global~~ </td></tr><tr valign="top" align="left">~~configuration file.~~<td width="11%"></ptd><td width="7%">

~~--userpasswd~~vzctl<i/p>~~user~~</itd>:<itd width="2%">~~password~~</itd></ptd width="80%">

~~Sets password for the given~~[flags] destroy | delete |~~user in a container, creating the user if it does not~~mount | umount | status |~~exists. Note that this option is not saved in configurationfile at all (so~~ ~~--save~~quotaon | quotaoff | quotainit ~~flag is useless), it isapplied to the container (by modifying its~~ CTID</~~etc~~i></~~passwd and~~p> </~~etc~~td></~~shadow files).~~tr><tr valign="top" align="left"><td width="11%"></ptd><td width="7%">

vzctl</td><td width="~~margin-left:17~~2%~~; margin-top: 1em~~">~~In case~~</td>~~container root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~</ptd width="80%">

[flags] console CTID[ttynum] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%~~; margin-top: 1em~~">~~Note that~~</td>~~container should be created before using this option.~~</ptd width="7%">

~~--disabled~~vzctl<i/p>~~yes~~</itd>|<itd width="2%">no</itd></ptd width="80%">

~~Disable container start. To~~[flags] convert CTID~~force the start of a disabled container, use~~ [~~vzctl start~~--~~force~~layout ploop[:.{expanded|plain|raw}]] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--name~~vzctl <i/p>~~name~~</itd><td width="2%"></ptd><td width="80%">

~~Add a name for a container. The~~[~~name~~flags ~~can later be used in subsequent calls to~~] ~~vzctl~~compact ~~in place of~~ CTID.</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--description~~vzctl</td><itd width="2%">~~string~~</itd></ptd width="80%">

[flags] exec | exec2 CTIDcommand [arg ...]</td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Add a textual description for a~~</td>~~container.~~</ptd width="7%">

~~--setmoderestart~~vzctl|<b/p>~~ignore~~</btd><td width="2%"></ptd><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Whether to restart a container~~</td>~~after applying parameters that require the container to berestarted in order to take effect.~~</ptd width="7%">

~~Networking~~ vzctl<br/p>~~--ipadd~~</btd> <itd width="2%">~~addr~~</itd></ptd width="80%">

[flags] runscript CTID script</td></tr><tr valign="top" align="~~margin-~~left~~:17%;~~">~~Adds IP address to a givencontainer. Note that this option is incremental, so~~<itd width="11%">~~addr~~</itd> ~~are added to already existing ones.~~</ptd width="7%">

~~--ipdel~~vzctl <i/p>~~addr~~</itd> |<btd width="2%">~~all~~</btd></ptd width="80%">

~~Removes IP address~~ <ib>~~addr~~--help</ib>~~from a container. If you want to remove all the addresses,use~~ | --~~ipdel all~~version.</td></tr></table>

~~--hostnamename~~= DESCRIPTION ==

~~Sets container hostname.~~Utilityvzctl ~~writes it to~~ runs on the ~~appropriate file inside a~~host system (otherwise known asHardware Node, or HN) and performs direct manipulations with~~container~~ containers (~~distribution-dependent~~CTs).

Containers canbe referred to by either numeric CTID or by name (see--~~nameserver~~nameoption). Note that CT ID <= 100 arereserved for OpenVZ internal purposes. A numeric ID shouldnot be more than <ib>~~addr~~2147483644</ib>.

~~Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use --nameserver optionmultiple times in one call to vzctl, as all the nameserver values set in previous calls to vzctl areoverwritten.~~= OPTIONS ==

~~--searchdomainname~~== Flags ===

~~Sets DNS search domains for~~ These flags come before a~~container~~command, and can be used with any command. ~~If you want~~ They affectlogging to ~~set several search domains~~console (terminal) only, ~~youshould~~ and do ~~it at once, so use --searchdomain option~~not affect~~multiple times in one call~~ logging to ~~vzctl, as all thesearch domain values set in previous calls to vzctlare overwritten~~a log file.

--~~netif_add~~quiet~~ifname[,mac,host_ifname,host_mac,bridge]</i~~>

~~Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX~~Disables output.Note that~~bridge is an optional parameter which can be used incustom network start~~ scripts run by vzctl are still able to ~~automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if not~~produce some~~specified~~output.

--~~netif_deldev_name | all~~verbose

~~Removes virtual Ethernet device~~Increments logging level upfrom ~~a container~~the default. Can be used multiple times. ~~If you want~~ Default valueis set to ~~remove all devices~~the value of VERBOSE parameter in theglobal configuration file [[Man/vz.conf.5|vz.conf(5)]], ~~use~~or to 0if not set by ~~all~~VERBOSEparameter. === Setting container parameters ===

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><btr valign="top" align="left">~~Veth interfaceconfiguration~~<td width="11%"></btd></ptd width="4%">

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ ~~--ifname~~set <i/p>~~name~~</~~i> option. <br~~td>~~--mac~~</btd width="2%"> ~~XX:XX:XX:XX:XX:XX~~</itd></ptd width="83%">

CTID[--onboot yes|no][--bootorder number][--root path][--private path][--mount_opts options][--userpasswd user:pass][--disabled yes|no][--name name][--description string][--ostemplate string][--stop-timeout seconds][--ipadd addr][--ipdel addr|all][--hostname name][--nameserver addr][--searchdomain name][--netif_add dev[,params...]][--netif_del dev|all][--ifname dev[--mac hwaddr][--host_ifname dev][--host_mac hwaddr][--bridge name][--mac_filter on|off]][--numproc items][--numtcpsock items][--numothersock items][--vmguarpages pages][--kmemsize bytes][--tcpsndbuf bytes][--tcprcvbuf bytes][--othersockbuf bytes][--dgramrcvbuf bytes][--oomguarpages pages][--lockedpages pages][--privvmpages pages][--shmpages pages][--numfile items][--numflock items][--numpty items][--numsiginfo items][--dcachesize bytes][--numiptent num][--physpages pages][--swappages pages][--ram bytes][--swap bytes][--vm_overcommit float][--cpuunits num][--cpulimit num][--cpus num][--cpumask cpus|auto|all][--nodemask nodes|all][--meminfo none|mode:value][--iptables name[,...]][--netfilter disabled|stateless|stateful|full][--netdev_add ifname][--netdev_del ifname][--diskquota yes|no][--diskspace num][--diskinodes num][--quotatime seconds][--quotaugidlimit num][--capability capname:~~22%~~on|off[,...]][--devnodes param][--devices param][--pci_add dev][--pci_del "dev~~MAC address of interface inside~~]~~a container~~[--features name:on|off[,...]][--applyconfig name][--applyconfig_map group][--ioprio num][--iolimit mbps][--iopslimit iops] [--save][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%">

This command sets various container parameters. If thecontainer is currently running, ~~--host_ifname~~vzctlapplies theseparameters to the container. The following options can beused with <ib>~~name~~set</ib>command.</td></tr></table>

~~interface name for virtualinterface in the host system.~~=== Flags ====

--~~host_mac~~save~~XX:XX:XX:XX:XX:XX</i~~>

~~MAC address of interface~~ If this flag is given,parameters are saved in ~~the~~container configuration file~~host system~~[[Man/ctid.conf.5|ctid.conf(5)]].

--~~bridge~~force</b~~> name</i~~>

~~Bridge name~~If this flag is given togetherwith --save, parameters are saved even if the currentkernel doesn’t support OpenVZ. ~~Custom network~~Note this flag does not~~start scripts can use this value to automatically add the~~make sense without --save, so --save is~~interface to a bridge~~required.

--~~mac_filter~~reset_ub~~on|off</i~~>

~~Enables~~If this flag is given,vzctl</~~disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device~~ b> applies all User Beancounter parameters from ~~inside~~the ~~Container~~configuration file to a running container. ~~If the filtering~~ This is ~~turned on: • the veth device accepts only those packets that have~~helpful in case configuration file is modified manually.~~a MAC address in their headers corresponding to that of~~ Please note this~~device (excluding all broadcast and multicast packets); •~~ flag is exclusive, i.e. it ~~is impossible to modify the veth MAC address from~~can not be~~inside the Container~~combined with any other options or flags.

--~~top: 1em"~~setmode restart~~By default,~~|~~this functionality is enabled for all veth devices existinginside the Container.~~ignore

A few parameters can only beapplied by restarting the container. By default,~~Resource limits~~vzctlprints a warning if such parameters aresupplied and a container is running. Use --setmoderestart together with --save flag to restart acontainer in such a case, or --setmode ignore tosuppress the warning.

~~The followingoptions sets barrier and limit for various userbeancounters. Each option requires one or two arguments. Incase of one argument, vzctl sets barrier and limit tothe same value. In case of two colon-separated arguments,the first is a barrier, and the second is a limit. Eachargument is either a number, a number with a suffix, or aspecial value unlimited.~~=== Miscellaneous ====

~~Arguments arein items, pages or bytes. Note that page size isarchitecture~~--~~specific, it is 4096 bytes on IA32~~onboot yes |~~platform.~~no

~~You can also~~Sets whether the container will~~specify different suffixes for~~ be started during system boot. The container will be startedon boot by ~~set~~vz ~~parameters (except~~initscript if either this parameter is~~for the parameters which names start with~~ set to ~~num~~yes~~). For~~, or the container was running just before~~example~~last reboot, ~~vzctl~~ and this parameter is not setto ~~CTID~~no</~~i> <~~b>~~--privvmpages~~.~~5M:6M should set privvmpages’ barrier to 5~~Default value is unset, meaning the container will be~~megabytes and its limit to 6 megabytes~~started if it was running before the last reboot.

~~Availablesuffixes are: g, G -- gigabytes. m, M~~ -- ~~megabytes. k, K~~bootorder</b~~> -- kilobytes. <br~~>~~p,~~ <bi>Pnumber</bi> ~~-- pages (page is 4096 bytes on x86architecture, other architectures may differ).~~

~~You can also~~Sets the boot order priority~~specify~~ for this CT. The higher the ~~literal word~~ <bi>~~unlimited~~number</bi> is, the earlier in ~~place of anumber~~the boot process this container starts. ~~In that case~~ By default thisparameter is unset, which is considered to be the ~~corresponding value will be set to~~lowestpriority, so containers with unset ~~LONG_MAX~~bootorder~~, i. e. the maximum possible value~~willstart last.

--~~numproc~~root~~items~~path~~[:items]~~

~~Maximum number of processes and~~Sets the path to root directory~~kernel-level threads~~(VE_ROOT) for this container. This is essentially amount point for container’s root directory. ~~Setting~~ Argumentcan contain literal string $VEID, which will besubstituted with the ~~barrier and the limit todifferent values does not make practical sense~~numeric CT ID.

--~~numtcpsock~~private~~items~~path~~[:items]~~

~~Maximum number of TCP sockets~~Sets the path to privatedirectory (VE_PRIVATE) for this container.This is a~~This parameter limits~~ directory in which all the ~~number of TCP connections and,~~container’s files are~~thus~~stored. Argument can contain literal string $VEID, ~~the number of clients the server application canhandle in parallel. Setting~~ which will be substituted with the ~~barrier and the limit todifferent values does not make practical sense~~numeric CT ID.

--~~numothersock~~mount_opts~~items~~option[:,~~items~~option...]

~~Maximum number of non-TCP~~Sets additional mount options~~sockets (local sockets, UDP and other types of sockets)~~for container file system.Only applicable for ploop~~Setting the barrier and the limit to different values doesnot make practical sense~~layout, ignored otherwise.

--~~vmguarpages~~userpasswd~~pages~~user[:~~pages~~password] Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so --save flag is useless), it isapplied directly to the container, by runningdistribution-specific programs inside the container. It isnot recommended to combine this option with any otheroptions.

~~Memory allocation guarantee.~~In case~~This parameter controls how much memory~~ container was not running, it is ~~available to a~~automatically started then~~container. The barrier is~~ all the ~~amount of memory thatcontainer’s applications~~ appropriate changes are ~~guaranteed to be able toallocate. The meaning of the limit~~ applied, then it is ~~currently unspecified;it should be set to unlimited~~stopped.

~~--kmemsize~~Note that~~bytes[:bytes]~~container should be created before using this option.

~~Maximum amount of kernel memoryused. This parameter is related to~~ --~~numproc~~disabled yes~~. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the~~|~~kmemsize~~no ~~usage under the limit.~~

Disable container start. Toforce the start of a disabled container, use vzctl start--~~tcpsndbuf~~force~~bytes[:bytes]~~.

~~Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ ~~numtcpsock~~--name ~~multiplied by 2.5KB.~~name

Add a name for a container. Thename can later be used in subsequent calls to~~--tcprcvbuf~~vzctlin place of ~~bytes~~CTID[:. Note this option cannot be used without <ib>~~bytes~~--save</ib>].

~~Maximum size of TCP receivebuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ ~~numtcpsock~~--description ~~multiplied by 2.5KB.~~string

~~--othersockbuf~~Add a textual description for a~~bytes[:bytes]~~container.

~~Maximum size of other (non~~-~~TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX~~-~~domain)~~ostemplate~~sockets.~~string

Sets a new value of~~--dgramrcvbuf~~OSTEMPLATEparameter in container configuration file[[Man/ctid.conf.5|<ib>~~bytes~~ctid.conf</ib>[:(5)]]. Requires <ib>~~bytes~~--save</ib>]flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.

~~Maximum size of other (non~~-~~TCP)~~-stop-timeout~~socket receive buffers. If container’s processes needsto receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and thelimit is not needed.~~seconds

Sets a time to wait forcontainer to stop on ~~--oomguarpages~~vzctl stopbefore forciblykilling it, in seconds. Note this option can not be usedwithout <ib>~~pages~~--save</~~i>[:pages</i~~b>]flag.

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is the~~Special value~~out-~~of~~-memory guarantee. If the~~ ~~oomguarpages~~0 ~~usage isbelow the barrier, processes of this container areguaranteed not~~ means to ~~be killed~~ use compiled-in ~~out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto unlimited~~default.

~~--lockedpagespages[:pages]~~=== Networking ====

~~Maximum number of pagesacquired by~~ ~~mlock~~--ipadd~~(2).~~addr

Adds an IP address <bi>~~--privvmpages~~addr</bi>to a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g. <ib>~~pages~~10.1.2.3/25</ib>[:).Note that this option is incremental, so ~~pages~~addr]areadded to already existing ones.

~~Allows controlling the amountof memory allocated by the applications. For shared (mapped~~as ~~MAP_SHARED~~--ipdel~~) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped as~~addr |~~MAP_PRIVATE~~all~~), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.~~

~~The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upper~~Removes IP address addr~~boundary does not guarantee that~~ from a container ~~will be able toallocate that much memory~~. ~~The primary mechanism~~ If you want to ~~control~~remove all the addresses,~~memory allocation is the~~ use --~~vmguarpages~~ipdel all ~~guarantee~~.

--~~shmpages~~hostname~~pages~~name~~[:pages]~~

~~Maximum IPC SHM segment size~~Sets container hostname.~~Setting~~ vzctl writes it to the ~~barrier and the limit to different values does~~appropriate file inside a~~not make practical sense~~container (distribution-dependent).

--~~numfile~~nameserver~~items~~addr~~[:items]~~

~~Maximum number of open files~~Sets DNS server IP address fora container.If you want to set several nameservers, you~~In most cases the barrier and the limit~~ should ~~be set to the~~do it at once, so use --nameserver option~~same value. Setting the barrier~~ multiple times in one call to 0vzctl ~~effectively~~, as all the name~~disables pre-charging optimization for this beancounter~~ server values set in~~the kernel, which leads~~ previous calls to ~~the held value being precise but~~vzctl are~~could slightly degrade file open performance~~overwritten.

A special valueof ~~--numflock~~inheritcan be used to auto-propagate nameservervalue(s) from the host system’s<ib>~~items<~~/~~i>[:items~~etc/resolv.conf</ib>]file.

~~Maximum number of file locks.~~--searchdomain~~Safety gap should be between barrier and limit.~~name

Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use --~~numpty~~searchdomainoptionmultiple times in one call to <ib>~~items~~vzctl</ib>[:, as all thesearch domain values set in previous calls to <ib>~~items~~vzctl</ib>]are overwritten.

~~Number~~ A special valueof ~~pseudo~~inherit can be used to auto-~~terminals~~propagate searchdomain value(~~PTY~~s)~~. Note that in OpenVZ each container can have not more~~from the host system’s~~than 255 PTYs~~/etc/resolv. ~~Setting the barrier and the limit todifferent values does not make practical sense~~conf file.

--~~numsiginfo~~netif_add~~items~~ifname[,mac[:,host_ifname,~~items~~host_mac,bridge]

~~Number of siginfo structures.~~Adds a virtual Ethernet device~~Setting the barrier and the limit~~ (veth) to ~~different values doesnot make practical sense~~a given container.Here ifname</pi>is theEthernet device name in the container, mac is its MACaddress, host_ifname<~~p style="margin-left:11%;"~~/i>is the Ethernet device name onthe host, and <bi>~~--dcachesize~~host_mac</bi>is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.~~bytes~~bridge[:is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ~~bytes~~ifname]are optional and are automatically generated if notspecified.

~~Maximum size offilesystem~~--~~related caches, such as directory entry and inode~~netif_del~~caches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.~~dev_name | all

Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--numiptent~~all~~num[:num]~~ ~~Number of iptables (netfilter)entries. Setting the barrier and the limit to differentvalues does not make practical sense~~.

~~--physpagespages[:pages]~~=== veth interface configuration ====

~~This is currently an~~The following~~accounting~~options can be used to reconfigure the already-~~only parameter~~createdvirtual Ethernet interface. ~~It shows~~ To select the ~~usage of RAM by this~~interface to~~container. Barrier should be set to 0~~configure, ~~and limit should beset to~~ use ~~unlimited~~--ifnamename option. --mac XX:XX:XX:XX:XX:XX

~~--swappages~~MAC address of interface inside~~pages[:pages]~~a container.

~~The limit, if set, is used toshow a total amount of swap space available inside thecontainer. The barrier of this parameter is currentlyignored. The default value is~~ ~~unlimited~~--host_ifname~~, meaningtotal swap will be reported as 0.~~name

~~Note that~~ interface name for virtualinterface in~~order for~~ the ~~value to be shown as total swap space,--meminfo parameter should be set to value other thannone~~host system.

~~CPU fair scheduler~~--host_mac~~parameters~~XX:XX:XX:XX:XX:XX</bi>

~~These~~MAC address of interface in the~~parameters control CPU usage by container~~host system.

~~--cpuunits~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here~~num~~(FE:FF:FF:FF:FF:FF).

~~CPU weight for a container.Argument is positive non~~--~~zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ bridge~~cpuunits~~name</bi> ~~are not specified,default value of 1000 is used.~~

Bridge name. Custom networkstart scripts can use this value to automatically add theinterface to a bridge. ~~You can set CPUweight for CT0 (host system itself) as well (use~~ ~~vzctlset 0~~ --~~cpuunits~~mac_filter on ~~num). Usually, OpenVZ initscript~~|(~~/etc/init.d/vz~~off~~) takes care of setting this.~~

~~--cpulimit<~~Enables/b>disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container. If the filtering is turned on: <ibr>~~num~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); </ibr>~~[%]~~• it is impossible to modify the veth MAC address frominside the Container.

~~Limit of CPU usage for thecontainer~~By default, ~~in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit~~ this functionality is ~~0~~enabled for all veth devices existing~~(no CPU limit)~~inside the Container.

~~--cpus num~~=== VSwap limits ====

The followingoptions sets ~~number of CPUs available~~memory and swap limits for VSwap-enabled~~in the container~~kernels (kernel version 042stab042 or greater).

~~--cpumask cpus |~~Argument is inbytes, unless otherwise specified by an optional suffix.~~all~~Available suffixes are:

~~sets list of allowed CPUs for~~•~~the container. Input format is a comma~~T, t -~~separated list of~~terabytes; ~~decimal numbers and ranges. Consecutively set bits are shown~~• G, g - gigabytes; ~~as two hyphen~~• M, m -~~separated decimal numbers, the smallest and~~megabytes; ~~largest bit numbers set in the range. For example~~• K, ~~if you~~k - kilobytes; ~~want the container to execute on CPUs 0~~• P, 1p - memory pages (arch-specific, ~~2, 7, you shouldpass~~ usually 4KB); • ~~0-2,7~~B~~. Default value is~~ , ~~all~~b - bytes (this is the~~container can execute on any CPU~~default). --ram bytes

Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting ~~Memory outputparameters~~--physpageslimit (the barrier is set to0).

~~This parametercontrol output of~~ --swap</~~proc~~b> bytes</~~meminfo inside a container.~~i>

Set swap space available to acontainer. Actually, the option is a shortcut for setting--~~meminfo none~~swappageslimit (the barrier is set to 0).

--vm_overcommitfloat No Set VM overcommitment value tofloat</~~proc~~i>. If set, it is used to calculateprivmmpages</~~meminfo virtualization~~b> parameter in case it is not setexplicitly (see below). Default value is 0, meaningunlimited privvmpages. vzctlchecks if running kernel is VSwap capable, and refuses touse these parameters otherwise. This behavior can beoverriden by using --force flag beforeparameters. In VSwap mode,all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,they are calculated and set by vzctl implicitly, using the ~~same as on host system)~~following formulae: •lockedpages.barrier = oomguarpages.barrier = ram

~~--meminfo~~•lockedpages.limit = oomguarpages.limit = unlimited~~mode:value</i~~>

~~Configure total memory output~~•~~in a container~~vmguarpages. ~~Reported free memory is evaluatedaccordingly to the mode being set~~barrier = vmguarpages. ~~Reported~~ limit = ram + swap is~~evaluated according to the settings of --swappages~~~~parameter.~~

~~You can use thefollowing modes for~~ <~~i>mode: <br~~b>• ~~pages:value - sets total memory inpages; • ~~privvmpages~~:value - sets total memory~~.barrier = privvmpages.limit = (ram + swap) *~~as privvmpages~~vm_overcommit * value.

~~Default~~ (ifvm_overcommit is0 or not set,privvmpages:1.is set to "unlimited")

~~Iptables control parameters~~Here is an~~ ~~example of setting container 777 to have 512 megabytes of~~--iptables name~~RAM and 1 gigabyte of swap:

~~Allow to use the functionalityof name iptables module inside the container. Tospecify multiple names, repeat~~ vzctl set 777 --ram 512M --swap 1G -~~iptables for each,or use space~~-~~separated list as an argument (enclosed insingle or double quotes to protect spaces).~~save</ppre>

~~The defaultlist of enabled iptables modules is specified by theIPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]].~~=== User Beancounter limits ====

~~You can use the~~The following~~following values~~ options sets barrier and limit for ~~name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,~~various user~~ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner~~beancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set ~~Network devices controlparameters ~~--~~netdev_add~~ram and<ib>~~name~~--swap</ib>(see above). For older kernels, these limitsare obligatory.

~~move network device from~~ Each optionrequires one or two arguments. In case of one argument,vzctl sets barrier and limit to the same value. Incase of two colon-separated arguments, the first is abarrier, and thesecond is a limit. Each argument is either~~host system to~~ a ~~specified container~~number, a number with a suffix, or a special valueunlimited.

~~-~~Arguments arein items, pages or bytes. Note that page size isarchitecture-~~netdev_del~~specific, it is 4096 bytes on x86 and x86_64~~name~~platforms.

~~delete network device from a~~You can also~~specified container~~specify different suffixes for User Beancounter parameters(except for those which names start with num). Forexample, vzctl set CTID --privvmpages5M:6M should set privvmpages’ barrier to 5megabytes and its limit to 6 megabytes.

~~Disk quota parameters ~~Available~~--diskquota yes|no~~suffixes are:

~~allows to enable or disable~~•T, t - terabytes; • G, g - gigabytes; ~~disk quota for a container. By default~~• M, ~~a global value~~m - megabytes; (• K, ~~DISK_QUOTA~~k~~) from [[Man~~- kilobytes; • P</~~vz.conf.5|~~b>, ~~vz.conf~~p- memory pages (5arch-specific,usually 4KB)~~]] is used~~; • B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~diskspace~~numproc~~num~~items[:~~num~~items]

~~sets soft~~ Maximum number of processes and ~~hard disk quotalimits, in blocks~~kernel-level threads. ~~First parameter is soft limit, second ishard~~ Setting the barrier and the limit~~. One block is currently equal~~ to ~~1Kb. SuffixesG, M, K can also be specified (seeResource limits section for more info onsuffixes)~~different values does not make practical sense.

--~~diskinodes~~numtcpsock~~num~~items[:~~num~~items]

~~sets soft~~ Maximum number of TCP sockets.This parameter limits the number of TCP connections and ~~hard disk quota~~,~~limits~~thus, the number of clients the server application canhandle in ~~i-nodes~~parallel. ~~First parameter is soft~~ Setting the barrier and the limit~~, second is~~to~~hard limit~~different values does not make practical sense.

--~~quotatime~~numothersock~~seconds~~items[:items]

~~sets quota grace period~~Maximum number of non-TCPsockets (local sockets, UDP and other types of sockets).~~Container is permitted to exceed its soft limits for~~ Setting the~~grace period, but once it has expired,~~ barrier and the ~~soft~~ limit isto different values does~~enforced as a hard limit~~not make practical sense.

--~~quotaugidlimit~~vmguarpages~~num~~pages[:pages]

~~sets maximum number of~~Memory allocation guarantee.~~user/group IDs in~~ This parameter controls how much memory is available to a container ~~for which disk quota inside~~. The barrier is the amount of memory that~~the~~ container ~~will~~ ’s applications are guaranteed to be ~~accounted~~able toallocate. ~~If this value~~ The meaning of the limit is currently unspecified;it should be set to0unlimited~~, user and group quotas inside the container willnot be accounted~~.

~~Note that ifyou have previously set value of this parameter to~~ 0--kmemsize,~~changing it while the container is running will not takeeffect.~~bytes[:bytes]

Maximum amount of kernel memoryused. This parameter is related to ~~Mount option ~~--~~noatime yes~~numproc | . Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep thenokmemsizeusage under the limit.

~~Sets noatime flag (do not~~--tcpsndbuf~~update inode access times) on filesystem.~~bytes[:bytes]

~~Capability option ~~Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to or~~--capability capname:on|~~more than value of ~~off~~numtcpsock~~~~ ~~Sets a capability for acontainer. Note that setting capability when the containeris running does not take immediate effect; restart thecontainer in order for the changes to take effect~~multiplied by 2. ~~Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and" with~~5~~the default capability mask~~KB.

~~You can use thefollowing values for capname:~~ ~~chown~~--tcprcvbuf,<bi>~~dac_override~~bytes</bi>, [:<bi>~~dac_read_search~~bytes</~~b>, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities</b~~i>~~(7).~~]

~~WARNING:setting some~~ Maximum size of ~~those capabilities may have far reaching~~TCP receive~~security implications~~buffers. Barrier should be not less than 64 KB, ~~so do not do it unless you know what~~anddifference between barrier and limit should be equal to or~~you are doing. Also note that setting~~ more than value of ~~setpcap:on~~numtcpsock ~~fora container will most probably lead to inability to start~~multiplied by 2.5itKB.

~~Device access management ~~--~~devnodes~~othersockbuf ~~device~~bytes[:<bi>~~[r][w][q]|none~~bytes</bi>]

~~Give the container an access~~Maximum size of other (~~r~~ non- ~~read, w - write, q - disk quota~~TCP)~~management, none - no access)~~ socket send buffers. If container’s processes needs to ~~a device designated~~by send very large datagrams, the ~~special file /dev/device~~barrier should be setaccordingly. ~~Device file~~ Increased limit isnecessary for high~~created in a container by vzctl. Example: vzctl~~performance of communications through local (UNIX-domain)~~set 777 --devnodes sdb:rwq~~sockets.

--~~devicesb|c~~dgramrcvbuf:~~major~~bytes[:~~minor~~bytes~~|all:[r][w][q~~]~~|none~~

~~Give the~~ Maximum size of other (non-TCP)socket receive buffers. If container ~~an access~~ ’s processes needstoreceive very large datagrams, the barrier should be set~~a block or character device designated by itsmajor~~ accordingly. The difference between the barrier and ~~minor numbers. Device file have to~~the~~be created manually~~limit is not needed.

~~PCI device management ~~--~~pci_add~~oomguarpages[~~domain~~pages~~~~[:~~]~~~~bus:slot.func~~pages]

~~Give~~ Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container ~~an access to~~’sprocesses. The barrier of this parameter is the~~a specified PCI device~~out-of-memory guarantee. ~~All numbers~~ If the oomguarpages usage isbelow the barrier, processes of this container are ~~hexadecimal (asprinted by~~ guaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto ~~lspci~~unlimited~~(8) in the first column)~~.

--~~pci_del~~lockedpages[~~domain~~pages~~~~[:~~]~~~~bus:slot.func~~pages]

~~Delete a PCI device from the~~Maximum number of pages~~container~~acquired by mlock(2).

~~Note that~~~~vps~~-~~pci~~-privvmpages ~~configuration script is executed by~~<bi>~~vzctl~~pages</bi> ~~then configuring PCI devices. The script isusually located at~~ [:<bi>~~/usr/lib[64]/vzctl/scripts/~~pages</bi>.]

~~Features management ~~Allows controlling the amountof memory allocated by the applications. For shared (mapped~~--features~~as ~~name~~MAP_SHARED</~~i><~~b>:) pages, each container really using amemory page is charged for the fraction of the page(depending on~~|~~the number of others using it). For"potentially private" pages (mapped as~~off~~MAP_PRIVATE~~~~), container is charged either for a ~~Enable~~ fraction of the size or ~~disable a specific~~for the full size if the allocated~~container feature~~address space. ~~Known features are: sysfs~~In the latter case,the physical pages~~nfs, sit, ipip, ppp,~~associated with the allocated address space may be in~~ipgre~~memory, ~~bridge, nfsd~~in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the ~~Apply config ~~--~~applyconfig~~vmguarpages ~~name~~guarantee.

~~Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if~~ --~~save~~shmpages ~~option specified save tothe container config file. The following parameters are notchanged:~~ <bi>~~HOSTNAME~~pages</bi>, [:<bi>~~IP_ADDRESS~~pages</~~b>,OSTEMPLATE, VE_ROOT, andVE_PRIVATE</b~~i>.]

~~--applyconfig_map~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values does~~group~~not make practical sense.

~~Apply container configparameters selected by~~ <ib>~~group~~--numfile</ib>~~. Now the only possiblevalue for~~ ~~group~~items ~~is name~~[: ~~to restore containername based on~~ <bi>~~NAME~~items</bi> ~~variable in containerconfiguration file.~~]

Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to I0</~~O priority management <br~~b>effectivelydisables pre-~~-ioprio priority~~charging optimization for this beancounter inthe kernel, which leads to the held value being precise butcould slightly degrade file open performance.

~~Assigns I/O priority tocontainer. Priority range is~~ 0-7-numflock~~. The greater~~~~priority~~items ~~is, the more time for I/O activity containerhas. By default each container has~~ [:~~priority~~items of~~4.~~]

Maximum number of file locks.Safety gap should be between barrier and ~~restore ===~~limit.

~~Checkpointing is a feature of~~--numpty~~OpenVZ kernel which allows to save a complete state of arunning container, and to restore it later.~~items[:items]

~~chkpnt CTID~~Number of pseudo-terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit to~~[--dumpfile name]~~different values does not make practical sense.

~~This command saves a completestate of a running container to a dump file, and stops thecontainer. If an option~~ --~~dumpfile~~numsiginfo ~~is not set,default dump file name~~ <bi>~~/vz/dump/Dump.~~items</bi>[:~~CTID~~items is~~used.~~]

~~restore CTID~~Number of siginfo structures.Setting the barrier and the limit to different values does~~[--dumpfile name]~~not make practical sense.

~~This command restores acontainer from the dump file created by the~~ ~~chkpnt~~--dcachesize~~command.~~bytes[:bytes]

Maximum size offilesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.

~~create CTID~~[--~~ostemplate name] [--config~~numiptent~~name~~num] [~~--private path] [--root path] [--ipadd addr][--hostname~~ :~~name~~num]

~~Creates a new container area~~Number of iptables (netfilter)entries.~~This operation should be done once, before~~ Setting the barrier and the ~~first start~~limit to different~~of the container~~values does not make practical sense.

~~If the~~--~~config~~physpages ~~option is specified, values from exampleconfiguration file~~<bi>~~/etc/vz/conf/ve-~~pages</bi>[:~~name~~pages~~.conf-sample areput into the container configuration file. If this containerconfiguration file already exists, it will be removed.~~]

~~You can use~~On VSwap-enabled kernels, this~~--root path option to sets~~ limits the ~~path~~ amount of physical memory (RAM) available to ~~the~~a~~mount point for the~~ container ~~root directory (default isVE_ROOT specified in [[Man/vz~~.~~conf.5|~~The barrier should be set to ~~vz.conf~~0~~(5)]] file).~~, and the~~Argument~~ limit to a total size of RAM that can ~~contain literal string $VEID, which will~~be used used by a~~be substituted with the numeric CT ID~~container.

~~You can use~~For older~~~~kernels, this is an accounting-~~-private path option to set~~ only parameter, showing the ~~path todirectory in which all the files and directories specific to~~usage of RAM by this ~~very~~ container ~~are stored (default is VE_PRIVATE~~. Barrier should be set to~~specified in [[Man/vz.conf.5|~~~~vz.conf~~0~~(5)]] file). Argument can containliteral string~~ , and limit should be set to ~~$VEID~~unlimited~~, which will be substituted withthe numeric CT ID~~.

~~You can use~~--~~ipadd~~swappages pages~~addr~~[:pages ~~option to assign an IP address toa container. Note that this option can be used multipletimes.~~]

~~You can use~~For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to ~~--hostname~~0 ~~name option~~ , and the limit to ~~set~~ a ~~host name for~~total size of swap thatcan be used by a container.

For older(pre-VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value is~~destroy~~unlimited |, meaning total swap will be reported as~~delete~~0.

~~Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.~~=== CPU fair scheduler parameters ====

Theseparameters control CPU usage by container. ~~start~~<~~/b> [<b~~br>--~~wait~~cpuunits][<bi>~~--force~~num</bi>]

~~Mounts (if necessary) andstarts~~ CPU weight for a container. ~~Unless ~~Argument is positive non-~~-wait option~~ zero number, passed to and used inthe kernel fair scheduler. The larger the number is, the~~specified~~more CPU time this container gets. Maximum value is 500000, ~~vzctl will return immediately; otherwisean attempt~~ minimal is 8. Number is relative to ~~wait till~~ weights of all the ~~default runlevel is reached will~~other~~be made by~~ running containers. If ~~vzctl~~cpuunitsare not specified,default value of 1000 is used.

~~Specify~~You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~force~~cpuunits ~~if you want to start a container which is~~num). Usually, OpenVZ initscript~~disabled~~ (~~see~~ ~~--disabled~~/etc/init.d/vz)takes care of setting this.

~~Note that thiscommand can lead to execution of~~ ~~premount~~--cpulimit,<bi>~~mount~~num</bi> ~~and~~ [~~start action scripts (see ACTIONSCRIPTS~~% ~~below).~~]

Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is ~~stop [--fast~~0](no CPU limit).

~~Stops and unmounts a container.Normally, halt(8) is executed inside a container;option~~ --~~fast~~cpus ~~makes~~ <bi>~~vzctl~~num</~~b> use reboot</b~~i>~~(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~

~~Note that thiscommand can lead to execution~~ sets number of ~~stop, umount~~CPUs available~~and postumount action scripts (see ACTIONSCRIPTS below)~~in the container.

~~restart~~--cpumask cpus |auto | all

~~Restarts a~~ Sets list of allowed CPUs forthe container~~, i~~.eInput format is a comma-separated list ofdecimal numbers and/or ranges.Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallest~~stops it~~ and largest bit numbers set in the range. For example, if ~~it is running~~you want the container to execute on CPUs 0, 1, 2, 7, youshould pass 0-2, ~~and starts again~~7. ~~Accepts~~ Default value is all (thecontainer can execute on any CPU). If used with the~~start~~--nodemask ~~and~~ option, value of ~~stop~~auto ~~options~~assigns allCPUs from the specified NUMA node to a container.

--~~top: 1em"~~nodemask nodes~~Note that thiscommand can lead to execution of some action scripts (see~~| ~~ACTION SCRIPTS~~all ~~below).~~

Sets list of allowed NUMA nodesfor the container. Input format is the same as for~~status~~--cpumask. Note that --nodemask must be usedwith the --cpumask option.

~~Shows a container status. Thisis a line with five or six words, separated by spaces.~~=== Memory output parameters ====

~~First word~~ ForVSwap-enabled kernels (042stab042 or greater), thisparameter isignored. For older kernels, it controls the~~literally~~ output of /proc/meminfo inside a container. ~~CTID~~ --meminfo none.

~~Second word is~~No /proc/meminfo virtualization(the ~~numeric CT ID~~same as on host system).

~~Third word isshowing whether this container exists or not, it can beeither~~ ~~exist~~--meminfo or <bi>mode:~~deleted~~value</bi>.

~~Fourth word~~ Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap is~~showing~~ evaluated according to the ~~status~~ settings of ~~the container filesystem, it can beeither~~ ~~mounted or unmounted~~--swappagesparameter.

~~Fifth word~~You can use thefollowing modes for mode: • pages:value - sets total memory in~~shows if the container is running, it can be either~~pages; • ~~running~~privvmpages or :value - sets total memoryas ~~down~~privvmpages * value.

~~Sixth word, ifexists,~~ Default is ~~suspended. It appears if both a containerand its dump file exist (see~~ ~~chkpnt~~privvmpages:1).

~~This commandcan also be usable from scripts.~~=== Netfilter (iptables) control parameters ====

~~mount~~--netfilter disabled|stateless|stateful|full

~~Mounts container private area.Note that this command can lead~~ Restrict access to ~~execution ofpremount<~~netfilter/~~b> and mount action scripts (see~~iptables modules for a container. This optionreplaces obsoleted ~~ACTION SCRIPTS~~--iptables ~~below)~~.

Note thatchanging this parameter requires container restart, soconsider using ~~umount~~--setmode option. The followingarguments can be used: • disabled

~~Unmounts container privatearea. Note that this command can lead to execution ofumount and postumount action scripts (seeACTION SCRIPTS below).~~no modules are allowed

~~Note that~~~~stop does umount~~• stateless ~~automatically.~~

~~quotaon <~~all modules except NAT andconntracks are allowed (i~~>ctid~~.e. filter and mangle); this is thedefault

~~Turn disk quota on. Not that~~~~mount and start~~• stateful ~~does that automatically.~~

~~quotaoff ctid~~all modules except NAT areallowed

<~~p style~~table width="~~margin-left:17~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~Turn disk quota off. Not that~~<btr valign="top" align="left">~~umount~~</btd width="22%"> ~~and stop~~</btd> ~~does that automatically.~~</ptd width="9%">

~~quotainit~~• full</td><itd width="1%">~~ctid~~</itd></ptd width="36%">

all modules are allowed</td><td width="~~margin-left:17~~32%;">~~Initialize disk quota (i.e. run~~<b/td>~~vzquota init~~</btr>~~) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|ctid.conf~~</~~b>(5)]].</p~~table>

~~exec~~--iptables ~~CTIDcommand~~name[,...]

~~Executes~~ <ib>~~command~~Note</ib> ~~in a~~this option is~~container. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If command is~~ obsoleted, --netfilter~~, commands are read fromstdin~~should be used instead.

Allow to usethe functionality of name iptables module inside thecontainer. Multiple comma-separated names can bespecified. The defaultlist of enabled iptables modules is defined by the~~exec2~~IPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]]. You can use thefollowing values for name~~CTID~~: iptable_filter,iptable_mangle, ipt_limit,~~command~~ipt_multiport</ib>, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner.

~~The same as exec, butreturn code is that of command.~~=== Network devices control parameters ====

~~runscript~~--netdev_add ~~CTIDscript~~name

~~Run specified shell script in~~move network device from the~~the container. Argument script is a file on the~~ hostsystem ~~which contents is read by vzctl and executed in thecontext of the container. For~~ to a ~~running~~ specified container~~, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as/proc) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.~~

~~enter [~~--~~exec~~netdev_del~~command [arg~~name ~~...]]~~

~~Enters into~~ delete network device from a ~~container (giving~~a specified container~~’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh(1).~~

~~Option--exec is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec can not beused) and for some reason you can not use ssh(1).~~=== Disk quota parameters ====

~~You need to logout manually from the shell to finish session (even if youspecified~~ --~~exec~~diskquota yes |no).

allows to enable or disabledisk quota for a container. By default, a global value(DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.

Note that thisparameter is ignored for ~~--help~~plooplayout.

~~Prints help message with a~~--diskspace~~brief list of possible options.~~num[:num]

For ~~--version~~simfslayout, setssoft and hard disk quota limits. First parameter is softlimit, second is hard limit.

~~Prints~~ For~~vzctl~~plooplayout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second num, if~~version~~specified, is ignored.

By default,ploop resize is done online, i.e. on a mounted ploop. Thisis a preferred way of doing resize. Although, in a rare casea container was using lots of disk space and should now beresized to a much smaller size, an offline resize might bemore appropriate. In this case, make sure the container isstopped and unmounted and use additional--offline-resize option

~~vzctlhas an ability to execute user-defined scripts when a~~Note that ploop~~specific vzctl command~~ resize is ~~run for a~~ NOT performed on container~~. Thefollowing vzctl commands can trigger execution ofaction scripts: ~~start~~~~, so forconsistency ~~stop, restart~~--diskspace,must be used together with~~mount and umount~~--saveflag.

~~Action scripts~~Suffixes~~are located in the~~ G</~~etc/vz/conf/~~b>, M ~~directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of~~ , ~~vps.~~K ~~and are executed for all containers.~~can also be specified (see~~Per-CT scripts have a~~ <ib>~~CTID~~Resource limits</ib> ~~numeric prefix and are~~section for more info on suffixes).~~executed for the given container only~~If suffix is not specified, value is in kilobytes.

~~There are 8action scripts currently defined:~~ ~~ vps.premount~~--diskinodes, ~~CTID~~num[:<bi>~~.premount~~num</bi>]

~~Global~~ sets soft and ~~per~~hard disk quotalimits, in i-~~CT mount scriptswhich are executed for a container before it is mounted~~nodes.~~Scripts are executed in the host OS context, while a CT~~ First parameter is~~not yet mounted or running. Global script, if exists~~soft limit, second is~~executed first~~hard limit.

Note that thisparameter is ignored for ~~vps.mount~~ploop,~~CTID~~layout.~~mount~~

~~Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as~~ ~~.premount~~--quotatime~~scripts.~~seconds

~~CTID~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~start~~

~~Right after~~ Note that thisparameter is ignored for ~~vzctl~~ploop ~~hasstarted a container, it executes this script in a containercontext~~layout.

<ib>~~CTID~~--quotaugidlimit</ib><bi>~~.stop~~num</bi>

~~Right before~~ Enables or disablesin-container per-user and per-group disk quotas. If thevalue is set to ~~vzctl~~0 ~~has~~or not set, disk quotas inside the~~stopped a~~ container~~, it executes this script in a containercontext~~is disabled and not accounted.

For~~vps.umount~~simfslayout containers,non-zero value sets maximum~~CTID<~~number of user/~~i>~~group IDs for which disk quota isaccounted.~~umount~~

~~Global and per~~Forploop layout containers, any non-~~CT umount~~zero value enables~~scripts which are executed for a~~ disk quota inside the container ~~before it isunmounted. Scripts are executed in~~ ; the ~~host OS context,~~number of user/group~~while a CT is mounted. Global script, if exists,~~ IDs used by disk quota is ~~executedfirst~~not limited by OpenVZ.

Note thatenabling or disabling in-container disk quotas requirescontainer restart, so consider using ~~vps.postumount~~--setmode,~~CTID~~option.~~postumount~~

~~Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umountscripts.~~=== Capability option ====

~~The environmentpassed to all the~~ *mount--capability ~~scripts is the standardenvironment of the parent (~~<i~~.e. <b~~>~~vzctl~~capname</bi>~~) with twoadditional variables~~: ~~$VEID~~on ~~and~~ |~~$VE_CONFFILE~~off.~~The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as~~ [~~$VE_ROOT~~,~~, it needs to get thosefrom global and per-CT configuration files~~...]

~~Here is anexample of~~ Sets a capability for a ~~mount script, which makes host system’s/mnt/disk available to~~ container~~(s)~~. ~~Script name~~ Multiple comma-separated capabilities can ~~either~~be ~~/etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount~~specified.

~~# If one of~~Note that~~these files~~ setting a capability when the container is running does not ~~exist then something # is really broken~~ take immediate effect; restart the container in order forthe changes to take effect (consider using <brb>[ -~~f /etc/sysconfig/vz ] || exit 1 ~~[ -~~f $VE_CONFFILE ] || exit 1~~ setmode<~~br># Source both files. Note the order is important. ~~. /~~etc/vz/vz.conf <br~~b>option). ~~$VE_CONFFILE mount -n --bind /mnt/disk $VE_ROOT/mnt/disk~~

A container hasthe default set of capabilities, thus any operation oncapabilities is "logical AND" with the defaultcapability mask.

~~Returns 0 upon~~You can use the~~success~~following values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, ~~or an appropriate error code in case~~ sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities(7). WARNING:setting some of anthose capabilities may have far reachingsecurity implications, so do not do it unless you know what~~error~~you are doing. Also note that setting setpcap:on fora container will most probably lead to inability to startit.

~~<table width~~=~~"100%" border~~=~~"0" rules~~=~~"none" frame~~=~~"void"~~ ~~cellspacing~~Device access management =~~"0" cellpadding~~=~~"0"><tr valign~~=~~"top" align~~=~~"left"><td width="11%"></td><td width="4%">~~

<pstyle="margin-left:11%;">--devnodesdevice:[1r</pb>][w][q]|none</tdp> <~~td width~~p style="7margin-left:22%;">Give the container an access(r</tdb>- read, w - write, q - disk quotamanagement, none - no access) to a device designatedby the special file /dev/device. Device file iscreated in a container by vzctl<~~td width~~/b>. Example: <pre style="78margin-left:22%;"> vzctl set 777 --devnodes sdb:rwq</pre>

<pstyle="margin-left:11%;">--devicesb|c:major:minor|~~Failed to set a UBC parameter~~all</pb>:[r</tdb>][w</trb>][q<~~tr valign="top" align="left"~~/b>]|<~~td width="11%"~~b>none</tdb><~~td width="4%"~~/p>

<pstyle="margin-left:22%;">2Give the container an access toa b</pb>lock or c</tdb>haracter device designated by its<~~td width="7%"~~i>major and minor</tdi>numbers. Device file have tobe created manually.<~~td width="78%"~~/p>

~~Failed to set a fair scheduler parameter</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~=~~"4%">~~PCI device management ====

<pstyle="margin-left:11%;">--pci_add[domain:]3bus</pi>:slot</tdi>.<~~td width="7%"~~i>func</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">~~Generic system error~~Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by </pb>lspci</tdb>(8) in the first column).</trp> <~~tr valign="top" align~~p style="margin-left:11%;">--pci_del[domain<~~td width="11%"~~/i>:]bus:slot.func</tdi><~~td width="4%"~~/p>

<p~~>5</td><td width~~style="7margin-left:22%;">Delete a PCI device from thecontainer.</~~td><td width="78%"~~p>

<pstyle="margin-left:22%; margin-top: 1em">~~The running kernel is not an OpenVZ kernel (or some~~Note that~~OpenVZ modules are not loaded)~~</pb>vps-pci</tdb>configuration script is executed by<~~/tr~~b>vzctl<~~tr valign="top" align="left"~~/b>then configuring PCI devices. The script isusually located at <~~td width="11%"~~b>/usr/libexec/vzctl/scripts/</tdb>.<~~td width="4%"~~/p>

~~6</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~== Features management ====

<pstyle="margin-left:11%;">~~Not enough system resources~~--features</pb>name</tdi>:on</trb>|off<~~tr valign="top" align="left"~~/b>[<~~td width="11%"~~b>,</tdb>...]<~~td width="4%"~~/p>

<pstyle="margin-left:22%;">Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit, 7ipip</pb>, ppp</tdb>,<~~td width="7%"~~b>ipgre, bridge, nfsd</tdb>. A few features canbe specified at once, comma-separated.<~~td width="78%"~~/p>

~~ENV_CREATE ioctl failed</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~=~~"4%">~~Apply config ====

<pstyle="margin-left:11%;">8</pb>--applyconfig</tdb><~~td width="7%"~~i>name</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">~~Command executed by~~ Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if ~~vzctl exec~~--save ~~returned non-zero~~option specified save tothe container config file. The following parameters are not~~exit code~~changed: HOSTNAME</pb>, IP_ADDRESS</tdb>,OSTEMPLATE</trb>, VE_ROOT<~~tr valign="top" align="left"~~/b>, and<~~td width="11%"~~b>VE_PRIVATE</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">9</pb>--applyconfig_map</tdb><~~td width="7%"~~i>group</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">~~Container is locked~~ Apply container configparameters selected by ~~another~~ <bi>~~vzctl~~group</bi>. Now the only possible~~invocation~~value for </pi> group</tdi>is <~~/tr~~b>name<~~tr valign="top" align="left"~~/b>: to restore containername based on <~~td width="11%"~~b>NAME</tdb>variable in containerconfiguration file.<~~td width="4%"~~/p>

~~10<~~==== I/~~p></td><td width~~O scheduling ===~~"7%"></td><td width~~=~~"78%">~~

<pstyle="margin-left:11%;">~~Global OpenVZ configuration file [[Man/vz.conf.5|~~~~vz.conf~~--ioprio~~(5)]] notfound~~</pi> priority</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:22%;">Assigns disk I/O priority tocontainer. Priority range is 0-7. The greaterpriority is, the more time for I/O activity containerhas. By default each container has priority of114</pb>.</tdp> <~~td width~~p style="7margin-left:11%;">--iolimitlimit[B|K|M|G]</tdp> <~~td width~~p style="78margin-left:22%;">Assigns disk I/O bandwidthlimit for a container. Value is either a number with anoptional suffix, or a literal string unlimited. Valueof 0 means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

<pstyle="margin-left:22%; margin-top: 1em">If no suffix isprovided, the ~~A vzctl helper script file not found~~limit</pi> is assumed to be in megabytes persecond. Available suffixes are: • b</tdb>, B</trb> -- bytes per second; • k, K -- kilobytes per second; <~~tr valign="top" align="left"~~br>• <~~td width="11%"~~b>m, M</tdb> -- megabytes per second (default); • <~~td width="4%"~~b>g, G -- gigabytes per second;

<pstyle="margin-left:11%;">12</pb>--iopslimit</tdb><~~td width="7%"~~i>iops</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">~~Permission denied<~~Assigns IOPS limit for acontainer, in number of input/p>output operations per second.Value is a number or a literal string <~~/td~~b>unlimited</trb>.Value of <~~tr valign="top" align="left"><td width="11%"~~b>0</tdb>means "unlimited". By default acontainer has no IOPS limit.<~~td width="4%"~~/p>

~~13</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Suspending and resuming ===

<p~~>Capability setting failed</td></tr><tr valign~~style="margin-top~~" align="left~~: 1em">Checkpointing is a feature ofOpenVZ kernel which allows to save a complete in-kernel~~<td width="11%">~~state of a running container, and to restore it later.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">14suspend</pb>|chkpnt</tdb><~~td width="7%"~~i>CTID [--dumpfile name</tdi>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container configuration~~ This command suspends acontainer to a dump file ~~[[Man/ctid.conf.5|~~If an option ~~ctid.conf~~--dumpfile~~(5)]]~~ isnotset, default dump file name~~found~~/pvz/dump/Dump. CTID</tdi>is used.</trp> <~~tr valign="top" align~~p style="margin-left:11%;">resume|restore<~~td width="11%"~~i>CTID [--dumpfile name</tdi>]<~~td width="4%"~~/p>

<p~~>15</td><td width~~style="7margin-left:17%;">This command restores acontainer from the dump file created by the suspend</tdb>command.<~~td width="78%"~~/p>

~~Timeout on vzctl exec</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Snapshotting ===~~"4%">~~

<p~~>16</td><td width~~style="7%margin-top: 1em">Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop device.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">snapshot CTID~~Error during~~ [~~vzctl chkpnt~~--iduuid</pi>] [--name</tdb>name</tri>][--description <~~tr valign="top" align="left"~~i>desc] [--skip-suspend] [<~~td width="11%"~~b>--skip-config</tdb>]<~~td width="4%"~~/p>

<p~~>17</td><td width~~style="7margin-left:17%;">Creates a container snapshot,i.e. saves the current container state, including its filesystem state, running processes state, and configurationfile.</~~td><td width="78%"~~p>

<p~~>Error during vzctl restore</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">If a containeris running, and <~~td width="11%"~~b>--skip-suspend</tdb>option is notspecified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.<~~td width="4%"~~/p>

<p~~>18</td><td width~~style="7margin-left:17%; margin-top: 1em">Unless--skip-config</tdb>option is given, containerconfiguration file is saved to the snapshot.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">If uuid~~Error from~~ is not specified, it is auto-generated. Options~~setluid()~~--name ~~syscall~~and --description</pb> can be used tospecify the snapshot name and description, respectively.Name is displayed by snapshot-list</tdb>.</trp> <~~tr valign="top" align~~p style="margin-left:11%;">snapshot-switch<~~td width="11%"~~i>CTID [--skip-resume | --must-resume</tdb>][<~~td width="4%"~~b>--skip-config] --id uuid

<p~~>20</td><td width~~style="7margin-left:17%;">Switches the container to asnapshot identified by uuid</tdi>, restoring its filesystem state, configuration (if available) and its runningstate (if available).<~~td width="78%"~~/p>

<p~~>Invalid command line parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em"><~~td width="11%"~~b>Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!</tdb><~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">21Option</pb>--skip-resume</tdb>is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <~~td width="7%"~~b>--skip-suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Invalid value for command line parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">If option<~~td width="11%"~~b>--must-resume</tdb>is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.<~~td width="4%"~~/p>

<p~~>22</td><td width~~style="7margin-left:17%; margin-top: 1em">Option option--skip-config</tdb>is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container root directory (~~~~VE_ROOT~~snapshot-delete~~) not set~~</pi>CTID</tdi><~~/tr~~b>--id<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<pstyle="margin-left:17%;">23Removes a specifiedsnapshot. snapshot-mountCTID --id uuid --targetdirectory</tdp> <~~td width~~p style="7margin-left:17%;">Mounts a snapshot specified byuuid to a directory. Note this mount isread-only.</tdp> <~~td width~~p style="78margin-left:11%;">snapshot-umountCTID --id uuid Unmounts a specifiedsnapshot. snapshot-listCTID [-H] [-ofield[,field...] [--id uuid] List container’ssnapshots. You cansuppress displaying header using -H option.

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~You can use the~~VE_PRIVATE~~-o~~) not~~option to display only the specified~~set~~ <~~/td~~i>field</tri>(s). List of available fields can be obtainedusing <~~tr valign="top" align="left"~~b>-L<~~td width="11%"~~/b>option.</~~td><td width="4%"~~p>

~~24</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Performing container actions ===

<~~p>Container template directory (TEMPLATE) not~~table width="100%" border="0" rules="none" frame="void"~~set </td></tr~~ cellspacing="0" cellpadding="0">

<pstyle="margin-top: 1em">create28</td><td width="72%"></td>

<pstyle="margin-top: 1em">CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root path][--ipadd addr~~Not all required UBC parameters are set, unable to start~~]~~container~~[--hostname name</pi>][ --name </tdb>name</tri>][--local_uid uid<~~tr valign="top" align="left"~~/i>][--local_gid gid] </td ~~width="11%"~~></tdtr></table> <~~td width~~p style="4margin-left:17%; margin-top: 1em">Creates a newcontainer area. This operation should be done once, beforethe first start of the container.

<pstyle="margin-left:17%; margin-top: 1em">By default, anOS template denoted by 29DEF_OSTEMPLATE</pb> parameter of[[Man/vz.conf.5|vz.conf</tdb>(5)]] is used to create a container. This can beoverwritten by <~~td width="7%"~~b>--ostemplate</tdb>option.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~OS template is not specified~~By default, ~~unable to create~~anew containerconfiguration file is created from a sampleconfiguration denoted by value of </pb> CONFIGFILE</tdb><parameter of [[Man/~~tr>~~vz.conf.5|<~~tr valign="top" align="left"><td width="11%"~~b>vz.conf</tdb>(5)]]. If the containerconfiguration file already exists, it will not bemodified.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">31The value ofCONFIGFILE</pb> can be overwritten by using the--config</tdb><~~td width="7%"~~i>name</tdi>option. This option can not beused if the container configuration file already exists.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container not running~~A new containercan either be created using simfs filesystem or on aploop device. The default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf</pb>(5)]] and can beoverwritten by --layout</tdb>option. In case ploop</trb>is used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain<~~tr valign="top" align="left"~~/b> and raw. Default is<~~td width="11%"~~b>expanded. Using value other than expanded</tdb>isnot recommended and is currently not supported.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">32You can use--diskspace</pb> and --diskinodes</tdb>options tospecify container file system size. Note that for<~~td width="7%"~~b>ploop</tdb>layout, you will not be able to change inodesvalue later.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container already running~~IfDISKSPACE</pb> is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.conf.5|vz.conf</tdb>(5)]], <~~/tr~~b>--diskspace<~~tr valign="top" align="left"~~/b>parameter is required for <~~td width="11%"~~b>ploop</tdb>layout.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">33SuffixesG</pb>, M, K</tdb>can also be specified (see<~~td width="7%"~~b>Resource limits</tdb>section for more info onsuffixes).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use--root ~~Unable~~ path option to ~~stop~~ sets the path to themount point for the containerroot directory (default is</pb>VE_ROOT</tdb>specified in [[Man/vz.conf.5|<~~/tr~~b>vz.conf<~~tr valign="top" align="left"~~/b>(5)]] file).Argument can contain literal string <~~td width="11%"~~b>$VEID</tdb>, which willbe substituted with the numeric CT ID.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use--private path option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is 34VE_PRIVATE</pb>specified in [[Man/vz.conf.5|vz.conf</tdb>(5)]] file). Argument can containliteral string <~~td width="7%"~~b>$VEID</tdb>, which will be substituted withthe numeric CT ID.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use~~Unable to add IP address to container~~--ipadd</pb><~~/td~~i>addr</tri>option to assign an IP address to~~<tr valign="top" align="left">~~a container. Note that this option can be used multiple~~<td width="11%">~~times.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">40You can use</pb>--hostname</tdb><~~td width="7%"~~i>name</tdi>option to set a host name fora container.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and~~Container not mounted~~--local_gid can be used to select which uid</pi>and gid</tdi> respectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UID</trb>and<~~tr valign="top" align="left"~~b>LOCAL_GIDfrom global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used. An explicit <~~td width="11%"~~b>--local_uid</tdb>value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid is ignored.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">41Warning:</pb>use --local_uid</tdb>and <~~td width="7%"~~b>--local_gid</tdb>with care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container already mounted~~</pb>destroy</tdb>| <~~/tr~~b>delete<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>CTID</tdi><~~td width="4%"~~/p>

<p~~>43</td><td width~~style="7margin-left:17%;">Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container private area not found~~start</pb> CTID[--wait</tdb>] [--force</trb>] [--skip-fsck<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-remount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Mounts (if necessary) andstarts a container. Unless 44--wait</pb> option isspecified, vzctl</tdb>will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by <~~td width="7%"~~b>vzctl</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private area already exists~~Specify</pb>--force</~~td></tr><tr valign="top" align="left"~~b>if you want to start a container which isdisabled (see <~~td width="11%"~~b>--disabled</tdb>).<~~td width="4%"~~/p>

<p~~>46</td><td width~~style="7margin-left:17%; margin-top: 1em">Specify--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="78%"~~/p>

<p~~>Not enough disk space</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using <~~td width="11%"~~b>--skip-remount</tdb>flag.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of 47premount</pb>,mount</tdb>and <~~td width="7%"~~b>start</tdb> action scripts (see ACTIONSCRIPTS<~~td width="78%"~~/b> below).

<pstyle="margin-left:11%;">~~Bad/broken container (~~~~/sbin/init~~stop or<bi>CTID</~~bin/sh~~i>[ ~~not found)~~--fast</pb>] [<~~/td~~b>--skip-umount</~~tr><tr valign="top" align="left"><td width="11%"~~b>]</~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">Stops a container and unmountsit (unless 48--skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option<~~td width="7%"~~b>--fast makes vzctl use reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable~~ Note thatvzctl stop is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to ~~create~~ a ~~new container private area~~few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</pb> in[[Man/vz.conf.5|vz.conf</tdb>(5)]], or per container (STOP_TIMEOUT</trb>in[[Man/ctid.conf.5|ctid.conf<~~tr valign="top" align="left"~~/b>(5)]], see <~~td width="11%"~~b>--stop-timeout</tdb>).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">49Note that thiscommand can lead to execution of stop</pb>, umount</tdb>and <~~td width="7%"~~b>postumount</tdb> action scripts (see ACTIONSCRIPTS below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to create a new container root area~~restart</pb> CTID[--wait</tdb>] [--force</trb>] [--fast<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-fsck</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">50Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the</pb>start</tdb>and <~~td width="7%"~~b>stop</tdb>options.<~~td width="78%"~~/p>

<p~~>Unable to mount container</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Note that thiscommand can lead to execution of some action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">51</pb>status</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Unable to unmount container</td></tr><tr valign="top" align~~style="margin-left:17%;">Shows a container status. This~~<td width="11%">~~is a line with five or six words, separated by spaces.</~~td><td width="4%"~~p>

<p~~>52</td><td width~~style="7margin-left:17%; margin-top: 1em">First word isliterally CTID</tdb>.<~~td width="78%"~~/p>

<p~~>Unable to delete a container</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Second word isthe numeric <~~td width="11%"~~i>CT ID</tdi>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">53Third word isshowing whether this container exists or not, it can beeither </pb>exist</tdb>or <~~td width="7%"~~b>deleted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private area not exist~~Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~/tr~~b>unmounted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">60Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~td width="7%"~~b>down</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Sixth word, ifexists, is ~~vzquota on~~suspended ~~failed~~. It appears if a dump fileexists for a stopped container (see </pb>suspend</tdb>).</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>61</td><td width~~style="7margin-left:17%; margin-top: 1em">This commandcan also be usable from scripts.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~vzquota init~~mount ~~failed~~</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">62Mounts container private area.Note that this command can lead to execution ofpremount</pb> and mount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~vzquota setlimit~~umount ~~failed~~</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">63Unmounts container privatearea. Note that this command can lead to execution ofumount</pb> and postumount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Parameter~~ Note that~~DISKSPACE~~stop ~~not set~~does </pb>umount</tdb>automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">64convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<p~~>Parameter DISKINODES not set</td></tr><tr valign="top" align~~style="margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should be~~<td width="11%">~~set.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">66</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>vzquota off failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">67</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~ugid~~ Turn disk quota ~~not initialized~~on. Not that</pb>mount</tdb>and <~~/tr~~b>start<~~tr valign="top" align="left"><td width="11%"~~/b>does that automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">71</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Incorrect IP address format~~Turn disk quota off. Not that</pb>umount</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>does that automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">74</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error changing password~~Initialize disk quota (i.e. run</pb>vzquota init</tdb><) with the parameters taken from the CTconfiguration file [[Man/~~tr>~~ctid.conf.5|<~~tr valign="top" align="left"~~b>ctid.conf<~~td width="11%"~~/b>(5)]].</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">78</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~IP address already in use~~Executes </pi>command</tdi>in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If <~~/tr~~i>command<~~tr valign="top" align="left"~~/i>is <~~td width="11%"~~b>-</tdb>, commands are read fromstdin.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">79</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container action script returned an error~~The same as <~~/td~~b>exec</trb>, butreturn code is that of <~~tr valign="top" align="left"~~i>command<~~td width="11%"~~/i>.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">82</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Config file copying error~~Run specified shell script inthe container. Argument </pi>script</~~td></tr~~i>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is not~~<tr valign="top" align="left">~~really started, no file systems other than root (such as<~~td width="11%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">86enter</pb> CTID</tdi>[--exec command [<~~td width="7%"~~i>arg</tdi>...]]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error setting devices~~ Enters into a container (~~~~givinga container’s root shell). This option is a back-~~-devices or~~doorfor host root only. The proper way to have CT root shell isto use ~~--devnodes~~ssh(1).</p~~> </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~>

<pstyle="margin-left:17%; margin-top: 1em">Option89--exec</pb> is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec</tdb>can not beused) and for some reason you can not use ssh<~~td width="7%"~~/b>(1).</tdp> <~~td width~~p style="78margin-left:17%; margin-top: 1em">You need to logout manually from the shell to finish session (even if youspecified --exec).

<pstyle="margin-left:11%;">~~IP address not available~~</pb>console</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>ttynum</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum argument is tty number (such as4 for 91tty4</pb>), default is 1</tdb>which is usedfor container’s <~~td width="7%"~~b>/dev/console</tdb>.<~~td width="78%"~~/p>

<p~~>OS template not found</td></tr><tr valign~~style="margin-left:17%; margin-top: 1em" ~~align="left"~~>Note theconsoles are persistent, meaning that: • it can be attached to even if the container is notrunning; <~~td width="11%"~~br>• there is no automatic detachment upon the containerstop; <~~/td~~br>• detaching from the console leaves anything running inthis console as is.<~~td width="4%"~~/p>

<p~~>100</td><td width~~style="7margin-left:17%; margin-top: 1em">The followingescape sequences are recognized by vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to find container IP address~~•</pb>Esc</tdb>then <~~/tr~~b>.<~~tr valign="top" align="left"><td width="11%"~~/b>to detach from the console.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~104~~•</pb>Esc</tdb>then <~~td width="7%"~~b>!</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="78%"~~/p>

~~VE_NETDEV ioctl error</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Other options ===~~"4%">~~

<p~~>105</td><td width~~style="7margin-left:11%;">--help</tdb><~~td width="78%"~~/p>

<p~~>Container start disabled</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints help message with a~~<td width="11%">~~brief list of possible options.</~~td><td width="4%"~~p>

<p~~>106</td><td width~~style="7margin-left:11%;">--version</tdb><~~td width="78%"~~/p>

<p~~>Unable to set iptables on a running container</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints <~~td width="11%"~~b>vzctl</tdb>version.<~~td width="4%"~~/p>

~~107</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~ACTION SCRIPTS ==

<pstyle="margin-left:11%; margin-top: 1em">~~Distribution~~vzctlhas an ability to execute user-defined scripts when aspecific ~~configuration file not found~~vzctl</pb> command is run for a container. Thefollowing vzctl commands can trigger execution ofaction scripts: start, stop</tdb>, restart</trb>,<~~tr valign="top" align="left"~~b>mountand <~~td width="11%"~~b>umount</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the ~~109~~/etc/vz/conf/</pb> directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~td width="7%"~~i>CTID.</tdb>numeric prefix andare executed for the given container only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Unable to apply~~ Please notescripts are executed in a ~~config~~host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~/tr~~b>.stop<~~tr valign="top" align="left"~~/b>scripts,~~<td width="11%">~~which are executed in a container context.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">The followingaction scripts are currently defined: ~~129~~vps.premount</pb>, CTID</tdi>.premount<~~td width="7%"~~/b></tdp> <~~td width~~p style="78margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.

<pstyle="margin-left:11%;">~~Unable to set meminfo parameter~~</pb>vps.mount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.mount</tdb><~~td width="4%"~~/p>

<p~~>130</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as .premount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error setting veth interface~~</pi>CTID</tdi><~~/tr~~b>.start<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>131</td><td width~~style="7margin-left:22%;">Right after vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error setting container name~~</pi>CTID</tdi><~~/tr~~b>.stop<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>133</td><td width~~style="7margin-left:22%;">Right before vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Waiting for container start failed~~</pb>vps.umount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.umount</tdb><~~td width="4%"~~/p>

<p~~>139</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Error saving container configuration file~~</pb>vps.postumount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.postumount</tdb><~~td width="4%"~~/p>

<p~~>148</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Error setting container IO parameters~~ The environmentpassed to all the *mount scripts is the standardenvironment of the parent (~~ioprio~~i.e. vzctl)with twoadditional variables: $VEID</pb> and $VE_CONFFILE</tdb>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as $VE_ROOT</trb>, it needs to get thosefrom global and per-CT configuration files.</~~table~~p>

~~== EXAMPLES ==~~ ~~To create and~~Here is an~~start~~ example of a mount script, which makes host system&~~quot;basic&quot~~rsquo; s/mnt/disk available to container ~~with ID of 1000 using~~(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/~~fedora-core-5~~CTID ~~OS template and IP address of192~~.~~168~~mount.~~10.200:~~ <br/p>~~vzctl create 1000~~ <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -~~ostemplate fedora~~f /etc/vz/vz.conf ] || exit 1 [ -~~core~~f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -5 n -t simfs $SRC ${VE_ROOT}${DST} -~~config basic~~o $SRC<br/pre>~~vzctl set 1000~~ == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror: <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="left"><td width="11%"><br/td>~~vzctl start 1000~~<td width="4%"> 1</td><td width="7%"></td><td width="78%">

Failed to set a UBC parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 2</td><td width="7%"></td><td width="78%"> Failed to set a fair scheduler parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 3</td><td width="7%"></td><td width="78%"> Generic system error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 5</td><td width="7%"></td><td width="78%"> The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 6</td><td width="7%"></td><td width="78%"> Not enough system resources</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 7</td><td width="7%"></td><td width="78%"> ENV_CREATE ioctl failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 8</td><td width="7%"></td><td width="78%"> Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 9</td><td width="7%"></td><td width="78%"> Container is locked by another vzctlinvocation </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 10</td><td width="7%"></td><td width="78%"> Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 11</td><td width="7%"></td><td width="78%"> A vzctl helper script file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 12</td><td width="7%"></td><td width="78%"> Permission denied</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 13</td><td width="7%"></td><td width="78%"> Capability setting failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 14</td><td width="7%"></td><td width="78%"> Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 15</td><td width="7%"></td><td width="78%"> Timeout on vzctl exec</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 16</td><td width="7%"></td><td width="78%"> Error during vzctl suspend</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 17</td><td width="7%"></td><td width="78%"> Error during vzctl resume</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 18</td><td width="7%"></td><td width="78%"> Error from setluid() syscall</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 20</td><td width="7%"></td><td width="78%"> Invalid command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 21</td><td width="7%"></td><td width="78%"> Invalid value for command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 22</td><td width="7%"></td><td width="78%"> Container root directory (VE_ROOT) not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 23</td><td width="7%"></td><td width="78%"> Container private directory (VE_PRIVATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 24</td><td width="7%"></td><td width="78%"> Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 28</td><td width="7%"></td><td width="78%"> Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 29</td><td width="7%"></td><td width="78%"> OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 31</td><td width="7%"></td><td width="78%"> Container not running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 32</td><td width="7%"></td><td width="78%"> Container already running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 33</td><td width="7%"></td><td width="78%"> Unable to stop container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 34</td><td width="7%"></td><td width="78%"> Unable to add IP address to container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 40</td><td width="7%"></td><td width="78%"> Container not mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 41</td><td width="7%"></td><td width="78%"> Container already mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 43</td><td width="7%"></td><td width="78%"> Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 46</td><td width="7%"></td><td width="78%"> Not enough disk space</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td><td width="7%"></td><td width="78%"> Unable to create a new container private area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 49</td><td width="7%"></td><td width="78%"> Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td><td width="7%"></td><td width="78%"> Error resizing ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 166</td><td width="7%"></td><td width="78%"> Error compacting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 167</td><td width="7%"></td><td width="78%"> Error listing ploop snapsots</td></tr></table> == EXAMPLES == To create andstart "basic" container with ID of 1000 usingcentos-5 OS template and IP address of192.168.10.200: <pre style="margin-left:11%; margin-top: 1em"> vzctl create 1000 --ostemplate centos-5 --config basic vzctl set 1000 --ipadd 192.168.10.200 --save vzctl start 1000</pre> To set numberof processes barrier/limit to 80/100, and PTY barrier/limitto 16/20 PTYs: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl set 1000 --numproc 80:100 -t 16:20 --save</pre> <pstyle="margin-left:11%; margin-top: 1em">To executecommand ls -la in this container: <pre style="margin-left:11%; margin-top: 1em"> vzctl exec 1000 /bin/ls -la</pre>

To execute

command pipe ls -lal / | sort in this container: ~~ vzctl exec 1000 /bin/ls -la~~ ~~To executecommand pipe ls -l / | sort in this container: ~~ vzctl exec 1000 ’ls -l / | sort’</ppre> To enter thiscontainer and execute command apt-get install vim: <brpre style="margin-left:11%; margin-top: 1em"> vzctl enter 1000 --exec apt-get install vim</ppre> Note that inthe above example you will need to log out from thecontainer’s shell after apt-get finishes. To enter thiscontainer, execute command apt-get install vim andlogout after successful installation (or stay inside thecontainer if installation process failed) use&&: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl enter 1000 --exec "apt-get install vim &&logout"</ppre> To enter thiscontainer, execute command apt-get install vim andlogout independently of exit code of installation processuse ;: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl enter 1000 --exec "apt-get install vim ;logout"</ppre> Note that youneed to quote the command if you use && or;. To stop thiscontainer: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl stop 1000</pre> To permanentlyremove this container:

~~To permanentlyremove this container: ~~ vzctl destroy 1000</ppre>

== FILES ==

/etc/vz/vz.conf~~ ~~/etc/vz/conf/CTID.conf ~~ ~~/etc/vz/conf/vps.{premount,mount,umount,postumount} ~~ ~~

/etc/vz/conf/CTID.{premount,mount,start,stop,umount,postumount}

~~ ~~/proc/vz/veinfo ~~ ~~/proc/vz/vzquota ~~ ~~/proc/user_beancounters ~~ ~~/proc/bc/* ~~ ~~/proc/fairsched</ppre>

== SEE ALSO ==

[[Man/vzifup-post.8|vzifup-post(8)]], [[Man/vzlist.8|vzlist(8)]],

[[Man/vzmemcheck.8|vzmemcheck(8)]], [[Man/vzmigrate.8|vzmigrate(8)]], [[Man/vzpid.8|vzpid(8)]],

[[Man/vzquota.8|vzquota(8)]], [[Man/vzsplit.8|vzsplit(8)]], [[Man/vzubc.8|vzubc(8)]],

[[UBC]].

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools