Changes

← Older edit

Man/vzctl.8

32,084 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

vzctl −

~~utility to control~~ perform various operations on an OpenVZ container.

== SYNOPSIS ==

<~~p style~~table width="~~margin-left:11~~100%~~; margin-top: 1em~~"~~>vzctl~~border="0" rules="none" frame="void"~~[flags] create CTID</i~~ cellspacing="0" cellpadding="0">[<~~b>--ostemplate name] [--config</b~~tr valign="top" align="left"><~~i>name] [--private <i~~td width="11%">~~path~~</~~i>] [--root</b~~td><~~i>path] [--ipadd addr] [--hostnamename]</p~~td width="7%">

~~vzctl~~[<ib>~~flags~~vzctl</~~i>] <~~b>~~set~~</bp> ~~CTID parameters~~</itd>[<btd width="2%">~~--save~~</btd>]</ptd width="80%">

~~vzctl~~[<ib>~~flags~~vzctl</~~i>] <~~b>~~exec~~</~~b> | <b~~p>~~exec2~~</~~b> <i~~td>~~CTIDcommand~~<~~/i> [<i~~td width="2%">~~arg~~</itd> ~~...]~~</ptd width="80%">

~~vzctl~~[flags] ~~enter~~start CTID [--~~exec~~wait][<ib>~~command~~--force</ib> ] [<ib>~~arg~~--skip-fsck</ib> ~~...~~][--skip-remount] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~vzctl~~[<ib>~~flags~~vzctl</ib>] <b/p>~~runscript~~</btd> <itd width="2%">~~CTID script~~</itd></ptd width="80%">

~~vzctl~~[flags] stop CTID [--~~help~~fast | ][--~~version~~skip-umount] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] restart CTID[--wait] [--force] [-~~left:11%; margin~~-~~top: 1em"~~fast~~Utility~~][~~vzctl~~--skip-fsck ~~runs on the host system (otherwise known as~~] [--skip-remount]</td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] suspend | resumeCTID [--dumpfile name]</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

[flags] snapshot CTID[--id uuid][--name name][--description desc][--skip-suspend] [--skip-config]</td></tr><tr valign="~~margin-~~top~~: 1em~~"align="left"><td width="11%"></td>~~These flags come before acommand, and can be used with any command. They affect~~<td width="7%">~~logging to console (terminal) only, and do not affectlogging to a log file.~~vzctl</td><td width="2%"></td><td width="80%">

[flags] snapshot-switch CTID[--skip-resume | --must-resume][--skip-~~left:11%;"~~config] --~~quiet~~id uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td><td width="~~margin-left:17~~2%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="80%">

[flags] snapshot-~~left:11%;"~~delete CTID--~~verbose~~id uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ ~~VERBOSE~~vzctl ~~parameter in theglobal configuration file [[Man/vz.conf.5|vz.conf~~</~~b>(5)]], or to <b~~p>0</btd>~~if not set by~~ <btd width="2%">~~VERBOSE~~</btd> ~~parameter.~~</ptd width="80%">

[flags] snapshot-mount CTID--id uuid --target dir</td></tr><tr valign="top" align="left"><td width= ~~Setting container parameters ==~~"11%"></td><td width="7%">

~~set~~vzctl ~~CTIDparameters~~</~~i> [<b~~p>~~--save~~</btd>~~] [~~<btd width="2%">~~--force~~</btd>]</ptd width="80%">

~~This command sets variouscontainer parameters. If a~~ [flags] snapshot-~~-save~~umount ~~flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|~~<bi>~~ctid.conf~~CTID</bi>~~(5)]]. Use~~ --~~force~~id ~~to save the~~uuid</td></tr>~~parameters even if the current kernel doesn’t support~~<tr valign="top" align="left">~~OpenVZ. If the container is currently running,~~ <btd width="11%">~~vzctl~~</btd>~~applies these parameters to the container.~~</ptd width="7%">

~~The followingparameters can be used with~~ ~~set~~vzctl ~~command.~~</td><td width="2%"></td><td width="80%">

~~==== Miscellaneous ====~~[flags] snapshot-~~left:11%;"~~list CTID[-H] [-~~onboot yes~~o|field[,field...][no--iduuid]</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td><td width="~~margin-left:17~~2%;">~~Sets whether the container willbe started during system boot. The container will not beauto-started unless this parameter is set to yes~~</itd>.</ptd width="80%">

[flags] set CTID --parameter value[...] [--save] [--force][--setmode restart|ignore] </td></tr><tr valign="top" align="~~margin-~~left:"><td width="11%;"></td><td width="7%"> ~~--bootorder~~vzctl</td><itd width="2%">~~number~~</itd></ptd width="80%">

~~Sets the boot order priorityfor this CT. The higher the~~ [flags] set ~~number~~CTID ~~is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset~~ ~~bootorder~~--reset_ub ~~will~~ </td></tr>~~start last.~~<tr valign="top" align="left"><td width="11%"></ptd><td width="7%">

~~--root~~vzctl <i/p>~~path~~</itd><td width="2%"></ptd><td width="80%">

~~Sets the path to root directory~~[flags] destroy | delete |~~for this container. This is essentially a~~ mount ~~point forcontainer’s root directory. Argument can contain~~ | umount | status |~~literal string~~ ~~$VEID~~quotaon~~, which will be substituted withthe numeric CT ID. Changing this parameter is notrecommended, better edit [[Man~~| quotaoff</~~vz.conf.5~~b> |~~vz.conf~~quotainit~~(5)]] globalconfiguration file.~~CTID </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--userpasswd~~vzctl<i/p>~~user~~</itd>:<itd width="2%">~~password~~</itd></ptd width="80%">

~~Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so~~ [flags] ~~--save~~console ~~flag is useless), it is~~CTID~~applied to the container (by modifying its~~ [ttynum</~~etc~~i>]</~~passwd and~~p> </~~etc~~td></~~shadow files).~~tr><tr valign="top" align="left"><td width="11%"></ptd><td width="7%">

vzctl</td><td width="~~margin-left:17~~2%~~; margin-top: 1em~~">~~In case~~</td>~~container root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~</ptd width="80%">

[flags] convert CTID[--layout ploop[:{expanded|plain|raw}]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%~~; margin-top: 1em~~">~~Note that~~</td>~~container should be created before using this option.~~</ptd width="7%">

~~--disabled~~vzctl<i/p>~~yes~~</itd>|<itd width="2%">no</itd></ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align="~~margin-~~left~~:17%;~~">~~Disable container start. Toforce the start of a disabled container, use~~ <btd width="11%">~~vzctl start--force~~</btd>.</ptd width="7%">

~~--name~~vzctl <i/p>~~name~~</itd><td width="2%"></ptd><td width="80%">

~~Add a name for a container. The~~[~~name~~flags ~~can later be used in subsequent calls to~~] exec | ~~vzctl~~exec2 ~~in place of~~ CTIDcommand [arg...]</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--description~~vzctl</td><itd width="2%">~~string~~</itd></ptd width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Add a textual description for a~~</td>~~container.~~</ptd width="7%">

~~--setmoderestart~~vzctl|<b/p>~~ignore~~</btd><td width="2%"></ptd><td width="80%">

[flags] runscript CTID script</td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Whether to restart a container~~</td>~~after applying parameters that require the container to berestarted in order to take effect.~~</ptd width="7%">

~~==== Networking ====~~~~--ipadd~~vzctl <i/p>~~addr~~</itd><td width="2%"></ptd><td width="80%">

-~~left:17%;"~~-help~~Adds IP address to a givencontainer. Note that this option is incremental, so~~| <ib>~~addr~~--version</ib> ~~are added to already existing ones.~~</td></tr></table>

~~--ipdel addr |all~~= DESCRIPTION ==

~~Removes IP address~~ Utility<ib>~~addr~~vzctl</ib>runs on the host system (otherwise known as~~from a container. If you want to remove all the addresses~~Hardware Node,or HN) and performs direct manipulations with~~use --ipdel all~~containers (CTs).

Containers canbe referred to by either numeric CTID or by name (see--~~hostname~~nameoption). Note that CT ID <= 100 arereserved for OpenVZ internal purposes. A numeric ID shouldnot be more than <ib>~~name~~2147483644</ib>.

~~Sets container hostname.vzctl writes it to the appropriate file inside acontainer (distribution-dependent).~~= OPTIONS ==

~~--nameserveraddr~~== Flags ===

~~Sets DNS server IP address for~~These flags come before a ~~container. If you want to set several nameservers, youshould do it at once~~command, ~~so use --nameserver option~~and can be used with any command. They affect~~multiple times in one call~~ logging to ~~vzctl~~console (terminal) only, ~~as all the name~~and do not affect~~server values set in previous calls~~ logging to ~~vzctl areoverwritten~~a log file.

--~~searchdomain~~quiet<i/p>~~name~~ </ip style="margin-left:17%;">Disables output. Note thatscripts run by vzctl are still able to produce someoutput.

~~Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use~~ --~~searchdomain~~verbose ~~optionmultiple times in one call to vzctl, as all thesearch domain values set in previous calls to vzctlare overwritten.~~

Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of ~~--netif_add~~VERBOSEparameter in the~~ifname~~global configuration file [[<Man/~~i>,~~vz.conf.5|<ib>~~mac~~vz.conf</ib>(5)]],or to <ib>~~host_ifname~~0</ib>,if not set by <ib>~~host_mac~~VERBOSE</~~i>,bridge]</i~~b>parameter.

~~Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the~~ == Setting container~~, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All~~ parameters ~~except ifnameare optional and are automatically generated if notspecified.~~===

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><~~b>--netif_del</b~~tr valign="top" align="left"><itd width="11%">~~dev_name~~</itd> | <~~b>all</p~~td width="4%">

~~Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~~~all~~set.</td><td width="2%"></td><td width="83%">

CTID[--onboot yes|no][--bootorder number][--root path][--private path][--mount_opts options][--userpasswd user:pass][--disabled yes|no][--name name][--description string][--ostemplate string][--stop-timeout seconds][--ipadd addr][--ipdel addr|all][--hostname name][--nameserver addr][--searchdomain name][--netif_add dev[,params...]][--netif_del dev|all][--ifname dev[--mac hwaddr][--host_ifname dev][--host_mac hwaddr][--bridge name][--mac_filter on|off]][--numproc items][--numtcpsock items][--numothersock items][--vmguarpages pages][--kmemsize bytes][--tcpsndbuf bytes][--tcprcvbuf bytes][--othersockbuf bytes][--dgramrcvbuf bytes][--oomguarpages pages][--lockedpages pages][--privvmpages pages][--shmpages pages][--numfile items][--numflock items][--numpty items][--numsiginfo items][--dcachesize bytes][--numiptent num][--physpages pages][--swappages pages][--ram bytes][--swap bytes][--vm_overcommit float][--cpuunits num][--cpulimit num][--cpus num][--cpumask cpus|auto|all][--nodemask nodes|all][--meminfo none|mode:value][--iptables name[,...]][--netfilter disabled|stateless|stateful|full][--netdev_add ifname][--netdev_del ifname][--diskquota yes|no][--diskspace num][--diskinodes num][--quotatime seconds][--quotaugidlimit num][--capability capname:on|off[,...]][--devnodes param][--devices param][--pci_add dev][--pci_del dev][--features name:on|off[,...]][--applyconfig name][--applyconfig_map group][--ioprio num][--iolimit mbps][--iopslimit iops] [--save][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="left"><td width= ~~Veth interface configuration =~~"11%"></td><td width="4%"></td><td width="2%"></td><td width="83%">

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface~~This command sets various container parameters. ~~To select~~ If the ~~interface toconfigure~~container is currently running, ~~use~~ ~~--ifname~~vzctl applies theseparameters to the container. The following options can beused with <ib>~~name~~set</ib> ~~option~~command. <b/p>~~ --mac~~</~~b> <i~~td>~~XX:XX:XX:XX:XX:XX~~</itr></ptable>

~~MAC address of interface insidea container.~~=== Flags ====

--~~host_ifname~~save~~name</i~~>

~~interface name for virtual~~If this flag is given,~~interface~~ parameters are saved in ~~the host system~~container configuration file[[Man/ctid.conf.5|ctid.conf(5)]].

--~~host_mac~~force~~XX:XX:XX:XX:XX:XX</i~~>

~~MAC address of interface in~~ If this flag is given togetherwith --save, parameters are saved even if thecurrentkernel doesn’t support OpenVZ. Note this flag does notmake sense without --save, so --save is~~host system~~required.

--~~bridge~~reset_ub</b~~> name</i~~>

~~Bridge name~~If this flag is given,vzctl applies all User Beancounter parameters fromthe configuration file to a running container. This ishelpful in case configuration file is modified manually. ~~Custom networkstart scripts~~ Please note this flag is exclusive, i.e. it can ~~use this value to automatically add the~~not be~~interface to a bridge~~combined with any other options or flags.

--~~mac_filter~~setmode restart|<ib>~~on|off~~ignore</ib>

~~Enables/disables MAC address~~A few parameters can only be~~filtering for~~ applied by restarting the ~~Container veth device and the possibility~~container. By default,~~of configuring the MAC address of this device from inside~~vzctl prints a warning if such parameters are~~the Container~~supplied and a container is running. ~~If the filtering is turned on:~~ Use <brb>--setmode~~• the veth device accepts only those packets that have~~restart together with --save flag to restart acontainer in such a ~~MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ case, or --setmode ignore<br/b>~~• it is impossible~~ to ~~modify the veth MAC address frominside~~ suppress the ~~Container~~warning.

~~By default,this functionality is enabled for all veth devices existinginside the Container.~~=== Miscellaneous ====

--onboot yes |no

~~The followingoptions sets barrier and limit for various user~~Sets whether the container will~~beancounters~~be started during system boot. ~~Each option requires one or two arguments. In~~The container will be started~~case of one argument,~~ on boot by ~~vzctl~~vz ~~sets barrier and limit~~ initscript if either this parameter isset toyes, or the ~~same value. In case of two colon-separated arguments,~~container was running just before~~the first is a barrier~~last reboot, and ~~the second~~ this parameter is ~~a limit. Eachargument is either a number, a number with a suffix, or aspecial value~~ not set to ~~unlimited~~no.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

~~Arguments arein items, pages or bytes. Note that page size isarchitecture~~--~~specific, it is 4096 bytes on IA32~~bootorder~~platform.~~number

~~You can also~~Sets the boot order priority~~specify different suffixes~~ for this CT. The higher the <bi>~~set~~number</bi> ~~parameters (except~~is, the earlier in~~for~~ the ~~parameters which names start with num)~~boot process this container starts. ~~For~~By default this~~example~~parameter is unset, ~~vzctl set CTID --privvmpages~~which is considered to be the lowest~~5M:6M should set~~ priority, so containers with unset ~~privvmpages~~bootorder~~’ barrier to 5~~will~~megabytes and its limit to 6 megabytes~~start last.

~~Availablesuffixes are: ~~g<~~/b>, G</~~b> -- ~~gigabytes. ~~mroot, <bi>Mpath</bi> ~~-- megabytes. k, K -- kilobytes. p, P -- pages (page is 4096 bytes on x86architecture, other architectures may differ).~~

~~You can also~~Sets the path to root directory~~specify the literal word~~ (~~unlimited~~VE_ROOT ~~in place of~~ ) for this container. This is essentially a~~number~~mount point for container’s root directory. ~~In that case the corresponding value will be set to~~Argumentcan contain literal string ~~LONG_MAX~~$VEID, ~~i. e.~~ which will besubstituted with the ~~maximum possible value~~numeric CT ID.

--~~numproc~~private~~items~~path~~[:items]~~

~~Maximum number of processes and~~Sets the path to private~~kernel-level threads~~directory (VE_PRIVATE) for this container. ~~Setting~~ This is adirectory in which all the ~~barrier and~~ container’s files arestored. Argument can contain literal string $VEID,which will be substituted with the ~~limit todifferent values does not make practical sense~~numeric CT ID.

--~~numtcpsock~~mount_opts~~items~~option[:,~~items~~option...]

~~Maximum number of TCP sockets~~Sets additional mount optionsfor container file system.Only applicable for ploop~~This parameter limits the number of TCP connections and,thus~~layout, ~~the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense~~ignored otherwise.

--~~numothersock~~userpasswd~~items~~user[:~~items~~password]

~~Maximum number of non-TCP~~Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configuration~~sockets~~ file at all (~~local sockets~~so --save flag is useless), ~~UDP and other types of sockets).~~it is~~Setting~~ applied directly to the ~~barrier and~~ container, by runningdistribution-specific programs inside the ~~limit~~ container. It isnot recommended to ~~different values does~~combine this option with any other~~not make practical sense~~options.

~~--vmguarpages~~In casecontainer was not running, it is automatically started thenall the appropriate changes are applied, then it is~~pages[:pages]~~stopped.

~~Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory~~ Note thatcontainer~~’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;~~it should be ~~set to unlimited~~created before using this option.

--~~kmemsize~~disabled yes|<ib>~~bytes~~no</~~i>[:bytes</i~~b>]

~~Maximum amount of kernel memoryused~~Disable container start. ~~This parameter is related to --numproc. Each~~To~~process consumes certain amount~~ force the start of ~~kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consume~~a ~~bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill~~ disabled container~~’s applications to keep the~~, use ~~kmemsize~~vzctl start--force ~~usage under the limit~~.

--~~tcpsndbuf~~name~~bytes~~name~~[:bytes]~~

~~Maximum size of TCP sendbuffers~~Add a name for a container. ~~Barrier should be not less than 64 KB, and~~The~~difference between barrier and limit should~~ name can later be ~~equal~~ used in subsequent calls to or~~more than value of~~ ~~numtcpsock~~vzctl ~~multiplied by 2~~in place of CTID.5Note this option canKBnot be used without --save.

--~~tcprcvbuf~~description~~bytes~~string~~[:bytes]~~

~~Maximum size of TCP receive~~Add a textual description for a~~buffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied by 2.5~~KBcontainer.

--~~othersockbuf~~ostemplate~~bytes~~string Sets a new value ofOSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Requires --save flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts. --stop-timeout~~bytes~~seconds] Sets a time to wait forcontainer to stop on vzctl stop before forciblykilling it, in seconds. Note this option can not be usedwithout --save flag.

~~Maximum size~~ Special valueof ~~other (non-TCP)socket send buffers. If container’s processes needs~~ 0 means to~~send very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX~~use compiled-~~domain)sockets~~in default.

~~--dgramrcvbufbytes[:bytes]~~=== Networking ====

~~Maximum size of other (non~~-~~TCP)socket receive buffers. If container’s processes needsto receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and thelimit is not needed.~~-ipadd addr

Adds an IP address <bi>~~--oomguarpages~~addr</bi>to a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g. <ib>~~pages~~10.1.2.3/25</ib>[:).Note that this option is incremental, so ~~pages~~addr]areadded to already existing ones.

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout~~-of-~~memory guarantee. If the~~ ipdel addr |~~oomguarpages~~all ~~usage is~~~~below the barrier, processes of this container areguaranteed not to be killed in out~~Removes IP address addrfrom a container. If you want to remove all the addresses,use ~~unlimited~~--ipdel all.

--~~lockedpages~~hostname~~pages~~name~~[:pages]~~

~~Maximum number of pages~~Sets container hostname.~~acquired by~~ ~~mlock~~vzctlwrites it to the appropriate file inside acontainer (2distribution-dependent).

--~~privvmpages~~nameserver~~pages~~addr~~[:pages]~~

~~Allows controlling the amount~~Sets DNS server IP address for~~of memory allocated by the applications~~a container. ~~For shared (mapped~~If you want to set several nameservers, youas should do it at once, so use ~~MAP_SHARED~~--nameserver~~) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped as~~optionmultiple times in one call to ~~MAP_PRIVATE~~vzctl), ~~container is charged either for afraction of~~ as all the ~~size or for the full size if the allocated~~name~~address space. In the latter case, the physical pagesassociated with the allocated address space may be~~ server values set inprevious calls to vzctl are~~memory, in swap or not physically allocated yet~~overwritten.

~~The barrier and~~A special value~~the limit~~ of ~~this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will~~ inherit can be ~~able~~ used toauto-propagate nameserver~~allocate that much memory. The primary mechanism to control~~value(s) from the host system’s~~memory allocation is the~~ ~~--vmguarpages~~/etc/resolv.conf ~~guarantee~~file.

--~~shmpages~~searchdomain~~pages~~name~~[:pages]~~

~~Maximum IPC SHM segment size~~Sets DNS search domains for acontainer.If you want to set several search domains, you~~Setting~~ should do it at once, so use --searchdomain optionmultiple times in one call to vzctl, as all the ~~barrier and the limit~~ search domain values set in previous calls to ~~different values does~~vzctl~~not make practical sense~~are overwritten.

A special valueof ~~--numfile~~inheritcan be used to auto-propagate searchdomain value(s) from the host system’s<ib>~~items<~~/~~i>[:items~~etc/resolv.conf</ib>]file.

~~Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to~~ 0--netif_add ~~effectivelydisables pre-charging optimization for this beancounter inthe kernel~~ifname[,mac,host_ifname,host_mac, ~~which leads to the held value being precise butcould slightly degrade file open performance.~~bridge]

Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, <bi>mac is its MACaddress, ~~--numflock~~host_ifname</bi>is the Ethernet device name onthe host, and ~~items~~host_mac[is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge~~items~~is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifname]are optional and are automatically generated if notspecified.

~~Maximum number of file locks.~~--netif_del~~Safety gap should be between barrier and limit.~~dev_name | all

Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--numpty~~all~~items[:items]~~.

~~Number of pseudo-terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit todifferent values does not make practical sense.~~=== veth interface configuration ====

The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use --~~numsiginfo~~ifname~~items~~name[:option. --mac ~~items~~XX:XX:XX:XX:XX:XX]

~~Number~~ MAC address of ~~siginfo structures.~~interface inside~~Setting the barrier and the limit to different values doesnot make practical sense~~a container.

--~~dcachesize~~host_ifname~~bytes~~name~~[:bytes]~~

~~Maximum size of~~interface name for virtual~~filesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit~~interface in the host system.

--~~numiptent~~host_mac~~num[~~XX:XX:XX:XX:XX:~~num~~XX]

~~Number~~ MAC address of ~~iptables (netfilter)entries. Setting the barrier and~~ interface in the ~~limit to differentvalues does not make practical sense~~host system.

~~--physpages~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here~~pages[~~(FE:FF:FF:FF:FF:~~pages]~~FF).

~~This is currently anaccounting~~--~~only parameter. It shows the usage of RAM by thiscontainer. Barrier should be set to 0, and limit should beset to~~ bridge~~unlimited~~name</bi>.

~~--swappages~~Bridge name. Custom networkstart scripts can use this value to automatically add the~~pages[:pages]~~interface to a bridge.

~~The limit, if set, is used to~~--mac_filter on |~~show a total amount of swap space available inside thecontainer. The barrier of this parameter is currentlyignored. The default value is~~ ~~unlimited~~off~~, meaningtotal swap will be reported as 0.~~

~~Note that in~~Enables/disables MAC address~~order~~ filtering for the ~~value to be shown as total swap space,~~Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container. If the filtering is turned on: <bbr>~~--meminfo~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); </bbr> ~~parameter should be set~~ • it is impossible to ~~value other than~~modify the veth MAC address frominside the Container.<b/p>~~none~~ </bp style="margin-left:22%; margin-top: 1em">By default,this functionality is enabled for all veth devices existinginside the Container. ~~==== CPU fair scheduler parameters ====~~

~~Theseparameters control CPU usage by container.~~=== VSwap limits ====

~~~~The followingoptions sets memory and swap limits for VSwap-~~-cpuunits~~enabled~~num~~kernels (kernel version 042stab042 or greater).

~~CPU weight for a container.~~Argument is ~~positive non-zero number, passed to and used~~ in~~the kernel fair scheduler. The larger the number is~~bytes, ~~themore CPU time this container gets~~unless otherwise specified by an optional suffix. ~~Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If cpuunits~~ Available suffixes are ~~not specified,default value of 1000 is used.~~:

~~You can set CPU~~•~~weight for CT0 (host system itself) as well (use~~ ~~vzctl~~T, t - terabytes; ~~set 0~~ • G, g -gigabytes; • M, m -~~cpuunits~~megabytes; • K , <ib>~~num~~k</ib> - kilobytes; ~~). Usually, OpenVZ initscript~~(• P</~~etc~~b>, p</~~init.d~~b> - memory pages (arch-specific,usually 4KB); • B</vzb>, b- bytes (this is the default) ~~takes care of setting this~~. --ram bytes

Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting --~~cpulimit~~physpageslimit (the barrier is set to~~num[%]~~0).

~~Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is~~ 0--swap~~(no CPU limit).~~bytes

Set swap space available to acontainer. Actually, the option is a shortcut for setting--~~cpus~~swappages ~~num~~limit (the barrier is set to 0).

~~sets number of CPUs available~~--vm_overcommit~~in the container.~~float

Set VM overcommitment value to<bi>~~--cpumask~~float</bi> . If set, it is used to calculate<ib>~~cpus~~privmmpages</ib> |parameter in case it is not setexplicitly (see below). Default value is ~~all~~0, meaningunlimited privvmpages.

~~sets list of allowed CPUs for~~vzctl~~the container. Input format~~ checks if running kernel is ~~a comma-separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen-separated decimal numbers~~VSwap capable, ~~the smallest~~ andrefuses to~~largest bit numbers set in the range~~use these parameters otherwise. ~~For example, if youwant the container to execute on CPUs 0, 1, 2, 7, you should~~This behavior can be~~pass~~ overriden by using 0-~~2,7~~-force~~. Default value is all (the~~flag before~~container can execute on any CPU)~~parameters.

In VSwap mode,all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,they are calculated and set by vzctl implicitly, using thefollowing formulae:

~~This parameter~~•~~control output of~~ lockedpages.barrier = oomguarpages.barrier = ram</~~proc/meminfo inside a container.~~b>

~~--meminfo none~~•lockedpages.limit = oomguarpages.limit = unlimited

~~No /proc/meminfo virtualization~~•~~(the same as on host system)~~vmguarpages.barrier = vmguarpages.limit = ram + swap

~~--meminfo~~•privvmpages.barrier = privvmpages.limit = (ram + swap) *vm_overcommit~~mode:value</i~~>

~~Configure total memory output~~(if~~in a container. Reported free memory~~ vm_overcommit is ~~evaluatedaccordingly to the mode being~~ 0 or not set~~. Reported swap is~~,~~evaluated according to the settings of~~ ~~--swappages~~privvmpages~~parameter.~~is set to "unlimited")

~~You can use the~~Here is an~~following modes for mode: • pages:value - sets total memory inpages; ~~example of setting container 777 to have 512 megabytes of~~• privvmpages~~RAM and 1 gigabyte of swap:~~value - sets total memoryas privvmpages * value.~~

~~Default isprivvmpages:1.~~ vzctl set 777 --ram 512M --swap 1G --save</ppre>

==== ~~iptables control parameters~~ User Beancounter limits ====

~~--iptables name~~The followingoptions sets barrier and limit for various userbeancounters.

~~Allow to use the functionality~~Note that forof VSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set <ib>~~name~~--ram</ib> ~~iptables module inside the container. To~~and~~specify multiple~~ <ib>~~name~~--swap</ib>~~s, repeat --iptables for each~~(see above). For older kernels,these limits~~or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces)~~are obligatory.

~~The default~~Each option~~list~~ requires one or two arguments. In case of ~~enabled iptables modules is specified by the~~one argument,~~IPTABLES~~vzctl ~~variable in [[Man/vz~~sets barrier and limit to the same value.~~conf~~Incase of two colon-separated arguments, the first is abarrier, and the second is a limit.5|Each argument is eithera number, a number with a suffix, or a special value~~vz.conf~~unlimited~~(5)]]~~.

~~You can use the~~Arguments are~~following values for name: iptable_filter~~in items,pages or bytes. Note that page size is~~iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS~~architecture-specific,it is 4096 bytes on x86 and x86_64~~ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner~~platforms.

You can alsospecify different suffixes for User Beancounter parameters ~~====~~(except for those which names start with num). Forexample, vzctl set CTID --privvmpages5M:6M should set privvmpages’ barrier to 5megabytes and its limit to 6 megabytes.

~~--netdev_add name~~Availablesuffixes are:

~~move network device from the~~•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; ~~host system to a specified container~~• P, p - memory pages (arch-specific,usually 4KB); • B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~netdev_del~~numproc~~name~~items[:items]

~~delete network device from a~~Maximum number of processes and~~specified container~~kernel-level threads. Setting the barrier and the limit todifferent values does not make practical sense.

~~Disk quota parameters~~ --numtcpsock<br/b>~~--diskquota yes~~items</bi>|[:<bi>noitems</bi>]

~~allows to enable or disable~~Maximum number of TCP sockets.This parameter limits the number of TCP connections and,~~disk quota for a container. By default~~thus, ~~a global value~~the number of clients the server application can~~(DISK_QUOTA) from [[Man/vz~~handle in parallel.~~conf.5|vz.conf(5)]] is used~~Setting the barrier and the limit todifferent values does not make practical sense.

--~~diskspace~~numothersock~~num~~items[:~~num~~items]

~~sets soft and hard disk quota~~Maximum number of non-TCP~~limits~~sockets (local sockets, ~~in blocks~~UDP and other types of sockets). ~~First parameter is soft limit, second ishard~~ Setting the barrier and the limit~~. One block is currently equal~~ to ~~1Kb. Suffixes~~different values does~~G, M, K can also be specified (seeResource limits section for more info onsuffixes)~~not make practical sense.

--~~diskinodes~~vmguarpages~~num~~pages[:~~num~~pages]

~~sets soft and hard disk quota~~Memory allocation guarantee.~~limits, in i-nodes~~This parameter controls how much memory is available to acontainer. ~~First parameter~~ The barrier is ~~soft~~ the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit~~, second~~ iscurrently unspecified;~~hard limit~~it should be set to unlimited.

--~~quotatime~~kmemsize~~seconds~~bytes[:bytes]

~~sets quota grace period~~Maximum amount of kernel memoryused. This parameter is related to --numproc. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically.Very large processes may consume~~Container~~ a bit more. It is ~~permitted~~ important to ~~exceed its soft limits for~~ have a certain safety gapbetween thebarrier and the limit of this parameter: equal~~grace period, but once it has expired,~~ barrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the ~~soft limit isenforced as a hard~~ kmemsize usage under the limit.

--~~quotaugidlimit~~tcpsndbuf~~num~~bytes[:bytes]

~~sets maximum number~~ Maximum size ofTCP send~~user/group IDs in a container for which disk quota inside~~buffers. Barrier should be not less than 64 KB, and~~the container will~~ difference between barrier and limit should be ~~accounted. If this value is set~~ equal toormore than value of 0numtcpsock~~, user and group quotas inside the container will~~multiplied by 2.5~~not be accounted~~KB.

~~Note that ifyou have previously set value of this parameter to~~ 0--tcprcvbuf,~~changing it while the container is running will not takeeffect.~~bytes[:bytes]

Maximum size of TCP receivebuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied by 2.5KB.

--~~noatime yes~~othersockbuf | <bi>bytes[:nobytes</bi>]

~~Sets noatime flag~~ Maximum size of other (~~do not~~non-TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for high~~update inode access times~~performance of communications through local (UNIX-domain) ~~on filesystem~~sockets.

--dgramrcvbufbytes[:bytes]

~~--capability capname:on|off~~ ~~Sets a capability for a~~TCP)~~container~~socket receive buffers. ~~Note that setting capability when the~~ If container~~is running does not take immediate effect~~’ ~~restart the~~s processes needs~~container in order for~~ to receive very large datagrams, the ~~changes to take effect. Note acontainer has default~~ barrier should be set ~~of capabilities, thus anyoperation on capabilities is "logical~~ accordingly. The difference between the barrier and~~" with~~the~~the default capability mask~~limit is not needed.

~~You can use thefollowing values for capname:~~ ~~chown~~--oomguarpages,<bi>~~dac_override~~pages</bi>, [:<bi>~~dac_read_search~~pages</~~b>, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities</b~~i>~~(7).~~]

Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the ~~WARNING~~oomguarpages:usage is~~setting some~~ below the barrier, processes of ~~those capabilities may have far reaching~~this container are~~security implications, so do~~ guaranteed not do to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it ~~unless you know what~~should be set~~you are doing. Also note that setting~~ to ~~setpcap:on~~unlimited ~~fora container will most probably lead to inability to start~~it.

--lockedpagespages[:pages]

Maximum number of pagesacquired by ~~--devnodes device:[r][w][q]|none~~mlock(2).

~~Give the container an access(r~~ - ~~read, w~~ - ~~write, q~~privvmpages ~~- disk quotamanagement, none - no access) to a device designatedby the special file /dev/~~~~device~~pages~~. Device file iscreated in a container by vzctl. Example~~[: <bi>~~vzctlset 777 --devnodes sdb:rwq~~pages</bi>.]

~~--devices~~Allows controlling the amountof memory allocated by the applications. For shared (mapped~~b|c~~as ~~:major:minor~~MAP_SHARED</~~i>|<~~b>~~all:[r][w][q]|none~~) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it). For~~Give the container an access to~~pages (mapped asa bMAP_PRIVATE~~lock~~ ), container is charged either for afraction of the size or ~~character device designated by its~~for the full size if the allocated~~major and minor numbers~~address space. ~~Device file have to~~In the latter case, the physical pagesassociated with the allocated address space may be ~~created manually~~inmemory, in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --vmguarpages guarantee.

--~~pci_add~~shmpages [~~domain~~pages~~~~[:~~]~~~~bus:slot.func~~pages]

~~Give~~ Maximum IPC SHM segment size.Setting the barrier and the ~~container an access~~ limit todifferent values does~~a specified PCI device. All numbers are hexadecimal (asprinted by lspci(8) in the first column)~~not make practical sense.

--~~pci_del~~numfile[~~domain~~items~~~~[:~~]~~~~bus:slot.func~~items]

~~Delete a PCI device from~~ Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to 0 effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to theheld value being precise but~~container~~could slightly degrade file open performance.

~~Note that~~~~vps~~-~~pci~~-numflock ~~configuration script is executed by~~<bi>~~vzctl~~items</bi> ~~then configuring PCI devices. The script isusually located at~~ [:<bi>~~/usr/lib[64]/vzctl/scripts/~~items</bi>.]

Maximum number of file locks.Safety gap should be between barrier and limit.

--~~features~~numpty ~~name~~items~~~~[:on</bi>~~|off~~items</bi>]

~~Enable or disable a specific~~Number of pseudo-terminals(PTY). Note that in OpenVZ each container ~~feature~~can have not morethan 255 PTYs. ~~Known features are: sysfs,nfs, sit, ipip, ppp,~~Setting the barrier and the limit to~~ipgre, bridge, nfsd~~different values does not make practical sense.

--numsiginfoitems[:items]

~~--applyconfig name~~Number of siginfo structures.Setting the barrier and the limit to different values doesnot make practical sense.

~~Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if~~ --~~save~~dcachesize ~~option specified save tothe container config file. The following parameters are notchanged:~~ <bi>~~HOSTNAME~~bytes</bi>, [:<bi>~~IP_ADDRESS~~bytes</~~b>,OSTEMPLATE, VE_ROOT, andVE_PRIVATE</b~~i>.]

~~~~Maximum size offilesystem-~~-applyconfig_map~~related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gap~~group~~should be between barrier and limit.

~~Apply container configparameters selected by~~ <ib>~~group~~--numiptent</ib>~~. Now the only possiblevalue for~~ ~~group~~num ~~is name~~[: ~~to restore containername based on~~ <bi>~~NAME~~num</bi> ~~variable in containerconfiguration file.~~]~~==== I/O priority management ====~~

~~--ioprio priority~~ ~~Assigns I/O priority to~~Number of iptables (netfilter)~~container~~entries. ~~Priority range is 0-7. The greaterpriority is,~~ Setting the barrier and the ~~more time for I/O activity container~~limit to different~~has. By default each container has priority of4~~values does not make practical sense.

--physpagespages[:pages]

~~Checkpointing is~~ On VSwap-enabled kernels, thislimits the amount of physical memory (RAM) available to a ~~feature ofOpenVZ kernel which allows~~ container. The barrier should be set to 0, and thelimit to ~~save~~ a ~~complete state~~ total size of RAM that can be used used by a~~running~~ container~~, and to restore it later~~.

For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to~~chkpnt~~0 ~~CTID~~[, and limit should be set to ~~--dumpfile~~unlimited ~~name]~~.

~~This command saves a completestate of a running container to a dump file, and stops thecontainer. If an option~~ --~~dumpfile~~swappages ~~is not set,default dump file name~~ <bi>~~/vz/dump/Dump.~~pages</bi>[:~~CTID~~pages is~~used.~~]

For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to ~~restore~~0 ~~CTID~~, and the limit to a total size of swap that~~[--dumpfile name]~~can be used by a container.

~~This command restores~~ For older(pre-VSwap) kernels, the limit is used to show atotalamount of swap space available inside the container ~~from the dump file created by the~~ . Thebarrier of this parameter is ignored. The default value is~~chkpnt~~unlimited, meaning total swap will be reported as~~command~~0.

=== ~~Performing container actions~~ = CPU fair scheduler parameters ====

~~create CTID~~These~~[--ostemplate~~parameters control CPU usage by container. ~~name] [--configname] [--private path]~~ ~~[--root path] [--ipadd addr][~~--~~hostname~~cpuunits ~~name~~num]

~~Creates~~ CPU weight for a ~~new~~ container ~~area~~.~~This operation should be done once~~Argument is positive non-zero number, ~~before~~ passed to and used inthe ~~first start~~kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the ~~container~~otherrunning containers. If cpuunits are not specified,default value of 1000 is used.

~~If the~~You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~config option is specified, values from exampleconfiguration file/etc/vz/conf/ve-~~cpuunits~~name~~num). Usually, OpenVZ initscript(/etc/init.~~conf-sample~~d/vz ~~areput into the container configuration file. If~~ ) takes care of setting this ~~containerconfiguration file already exists, it will be removed~~.

~~You can use~~--~~root~~cpulimit ~~path~~num ~~option to sets the path to themount point for the container root directory (default isVE_ROOT specified in~~ [~~[Man/vz.conf.5|~~~~vz.conf~~%~~(5)]~~] ~~file).Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID.~~

~~You can use--private path option to set~~ Limit of CPU usage for the ~~path todirectory~~ container, in ~~which all~~ per cent. Note if the ~~files and directories specific to~~computer has 2 CPUs, it~~this very container are stored (default~~ has total of 200% CPU time. Default CPU limit is ~~VE_PRIVATE~~0~~specified in [[Man/vz.conf.5|vz.conf~~(5no CPU limit)~~]] file). Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID~~.

~~You can use~~--~~ipadd~~cpus ~~addr~~num ~~option to assign an IP address toa container. Note that this option can be used multipletimes.~~

~~You can use~~sets number of CPUs available~~--hostname name option to set a host name for~~a in the container.

~~destroy~~--cpumask cpus |~~delete~~auto | all

~~Removes~~ Sets list of allowed CPUs forthe container. Input format is a comma-separated list ofdecimal numbers and/or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example, ifyou want the container ~~private~~to execute on CPUs 0, 1, 2, 7, you~~area by deleting~~ should pass 0-2,7. Default value is all ~~files, directories and~~ (thecontainer can execute on any CPU). If used with the~~configuration file~~ --nodemask option, value of ~~this~~ auto assigns allCPUs from the specified NUMA node to a container.

~~start~~--nodemask [<bi>~~--wait~~nodes</bi>][| ~~--force~~all]

~~Mounts (if necessary) and~~Sets list of allowed NUMA nodes~~starts a~~ for the container. ~~Unless~~ Input format is the same as for--~~wait~~cpumask ~~option isspecified,~~ . Note that ~~vzctl~~--nodemask ~~will return immediately; otherwise~~must be used~~an attempt to wait till~~ with the ~~default runlevel is reached willbe made by~~ ~~vzctl~~--cpumaskoption.

~~Specify--force if you want to start a container which isdisabled (see --disabled).~~=== Memory output parameters ====

~~Note that~~ ForVSwap-enabled kernels (042stab042 or greater), this~~command can lead to execution~~ parameter is ignored. For older kernels, it controls theoutput of ~~premount<~~/~~b>,mount<~~proc/~~b> and start~~meminfo inside a container. ~~action scripts (see~~ <bbr>~~ACTIONSCRIPTS~~--meminfo none ~~below).~~

~~stop<~~No /~~b> [--fast<~~proc/~~b>]~~meminfo virtualization(the same as on host system).

~~Stops and unmounts a container.Normally, halt(8) is executed inside a container;option~~ --~~fast~~meminfo ~~makes~~ <bi>~~vzctl~~mode</bi> ~~use~~ :<bi>~~reboot~~value</bi>~~(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~

Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of --swappagesparameter. ~~Note that this~~You can use the~~command can lead to execution of~~ following modes for mode: • ~~stop~~pages, :value - sets total memory inpages; • ~~umount~~privvmpages:value - sets total memory~~and~~ as ~~postumount~~privvmpages ~~action scripts (see~~ * <bi>~~ACTIONSCRIPTS~~value</bi> ~~below)~~.

Default is~~restart~~privvmpages:1.

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all thestart and stop options.~~=== Netfilter (iptables) control parameters ====

-~~top: 1em"~~-netfilter disabled|stateless|stateful~~Note that thiscommand can lead to execution of some action scripts (see~~|~~ACTION SCRIPTS~~full ~~below).~~

Restrict access tonetfilter/iptables modules for a container. This optionreplaces obsoleted ~~status~~--iptables.

~~Shows a~~ Note thatchanging this parameter requires container ~~status. This~~restart, so~~is a line with five or six words, separated by spaces~~consider using --setmode option.

~~First word is~~The following~~literally~~ arguments can be used: ~~CTID~~ • disabled.

~~Second word isthe numeric CT ID.~~no modules are allowed

~~Third word isshowing whether this container exists or not, it can beeither~~ ~~exist or deleted~~• stateless.

~~Fourth word~~ all modules except NAT andconntracks are allowed (i.e. filter and mangle); this is~~showing~~ the ~~status of the container filesystem, it can beeither mounted or unmounted.~~default

~~Fifth wordshows if the container is running, it can be either~~~~running or down~~• stateful.

~~Sixth word, if~~all modules except NAT are~~exists, is suspended. It appears if both a containerand its dump file exist (see chkpnt).~~allowed

<~~p style~~table width="~~margin-left:17~~100%~~; margin-~~" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top~~: 1em~~" align="left">~~This commandcan also be usable from scripts.~~<td width="22%"></ptd><td width="9%">

~~mount~~• full</td><td width="1%"></td><td width="36%">

~~Mounts container private area.Note that this command can lead to execution of~~all modules are allowed<b/p>~~premount~~</btd> ~~and~~ <btd width="32%">~~mount~~</btd> ~~action scripts (seeACTION SCRIPTS~~</btr> ~~below).~~</ptable>

~~umount~~--iptablesname[,...]

~~Unmounts container privatearea. Note that this command can lead to execution of~~~~umount~~Note ~~and postumount action scripts (see~~this option isobsoleted, ~~ACTION SCRIPTS~~--netfilter ~~below)~~should be used instead.

~~Note that~~Allow to usethe functionality of <bi>~~stop~~name</bi> ~~does~~ iptables module inside thecontainer. Multiple comma-separated <bi>~~umount~~name</bi> ~~automatically~~s can bespecified.

The defaultlist of enabled iptables modules is defined by the~~quotaon~~IPTABLES variable in [[Man/vz.conf.5|<ib>~~ctid~~vz.conf</ib>(5)]].

~~Turn disk quota on. Not that~~You can use thefollowing values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ~~mount~~ipt_recent ~~and~~ , ~~start~~ipt_owner ~~does that automatically~~.

~~quotaoff ctid~~=== Network devices control parameters ====

~~Turn disk quota off. Not that~~~~umount~~--netdev_add ~~and~~ <bi>~~stop~~name</bi> ~~does that automatically.~~

~~quotainit~~move network device from the~~ctid~~host system to a specified container

~~Initialize disk quota (i.e. run~~~~vzquota init~~--netdev_del~~) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|~~<bi>~~ctid.conf~~name</bi>~~(5)]].~~

delete network device from aspecified container ==== Disk quota parameters ==== ~~exec~~--diskquota yes |no <i/p>~~CTIDcommand~~allows to enable or disabledisk quota for a container. By default, a global value(DISK_QUOTA</ib>) from [[Man/vz.conf.5|vz.conf(5)]] is used.

~~Executes command in acontainer. Environment variables are not set inside the~~Note that this~~container. Signal handlers may differ from default settings.If command~~ parameter is ignored for -ploop~~, commands are read fromstdin~~layout.

~~exec2~~--diskspace ~~CTIDcommand~~num[:num]

~~The same as~~ For ~~exec~~simfslayout, ~~but~~sets~~return code~~ soft and hard disk quota limits. First parameter is ~~that of command~~softlimit, second is hard limit.

For~~runscript~~ploop layout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second ~~CTIDscript~~num, ifspecified, is ignored.

~~Run specified shell script in~~By default,~~the container~~ploop resize is done online, i.e. ~~Argument script is~~ on a ~~file on the host~~mounted ploop. This~~system which contents~~ is ~~read by vzctl and executed in thecontext~~ a preferred way of ~~the container~~doing resize. ~~For~~ Although, in a ~~running container, the~~rare case~~command jumps into the~~ a container was using lots of disk space and ~~executes the script.~~should now be~~For~~ resized to a ~~stopped container, it enters the container, mountscontainer’s root filesystem~~much smaller size, ~~executes the script, and~~an offline resize might be~~unmounts CT root~~more appropriate. In ~~the latter~~ this case, make sure the container is ~~notreally started, no file systems other than root (such as~~stopped and unmounted and use additional~~/proc~~--offline-resize~~) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.~~option

Note that ploopresize is NOT performed on container start, so forconsistency ~~enter~~--diskspace [must be used together with--~~exec~~save~~command [arg ..~~flag.]]

~~Enters into a container~~ SuffixesG, M, K can also be specified (~~givinga container’s root shell). This option is a back-door~~see~~for host root only. The proper way to have CT root shell isto use~~ ~~ssh~~Resource limits(1section for more info on suffixes).If suffix is not specified, value is in kilobytes.

~~Option~~--~~exec~~diskinodes ~~is used to run~~ ~~command~~num ~~with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so~~ [:<bi>~~vzctl exec~~num</~~b> can not beused) and for some reason you can not use ssh</b~~i>~~(1).~~]

~~You need to log~~sets soft and hard disk quota~~out manually from the shell to finish session (even if you~~limits, in i-nodes. First parameter is soft limit, second is~~specified --exec)~~hard limit.

Note that thisparameter is ignored for ploop layout.

--~~help~~quotatimeseconds

~~Prints help message with~~ sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as ahard limit.~~brief list of possible options~~Note that thisparameter is ignored for ploop layout.

--~~version~~quotaugidlimitnum

~~Prints~~ Enables or disablesin-container per-user and per-group disk quotas. If thevalue is set to ~~vzctl~~0or not set, disk quotas inside the~~version~~container is disabled and not accounted.

Forsimfs layout containers, non-zero value sets maximumnumber of user/group IDs for which disk quota isaccounted.

For~~vzctl~~ploop~~has an ability to execute user~~layout containers, any non-~~defined scripts when a~~zero value enables~~specific vzctl command is run for a~~ disk quota inside the container~~. Thefollowing vzctl commands can trigger execution~~ ; the number of~~action scripts: start, stop, restart<~~user/~~b>,~~group~~mount and umount~~IDs used by disk quota is not limited by OpenVZ.

~~Action scripts~~Note that~~are located~~ enabling or disabling in ~~the /etc/vz/conf/ directory. There areglobal and per~~-~~CT scripts. Global scripts have a literal~~container disk quotas requires~~prefix of~~ container restart, so consider using ~~vps.~~--setmode ~~and are executed for all containers.Per-CT scripts have a CTID numeric prefix and areexecuted for the given container only~~option.

~~There are 8action scripts currently defined: vps.premount, CTID.premount~~=== Capability option ====

~~Global and per~~-~~CT mount scripts~~-capability~~which are executed for a container before it is mounted~~capname:on|off[,.~~Scripts are executed in the host OS context, while a CT isnot yet mounted or running~~. ~~Global script, if exists, isexecuted first~~.]

~~vps~~Sets a capability for acontainer.~~mount,~~Multiple comma-separated capabilities can be~~CTID~~specified.~~mount~~

~~Global and per-CT mount scripts~~Note that~~which are executed for~~ setting a capability when the container ~~right after it~~ isrunning does nottake immediate effect; restart the container in order for~~mounted. Otherwise they are~~ the ~~same as~~ changes to take effect (consider using ~~.premount~~--setmode~~scripts~~option).

~~CTID~~A container hasthe default set of capabilities, thus any operation oncapabilities is "logical AND" with the defaultcapability mask.~~start~~

~~Right after~~ You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, ~~vzctl~~sys_ptrace ~~has~~, sys_pacct,~~started a container~~sys_admin, sys_boot, sys_nice, ~~it executes this script in a containercontext~~sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities(7).

<ib>~~CTID~~WARNING</ib>:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting ~~.stop~~setpcap:onfora container will most probably lead to inability to startit.

~~Right before vzctl hasstopped a container, it executes this script in a containercontext.~~=== Device access management ====

~~vps.umount~~--devnodes,~~CTID~~device:[~~.umount~~r][w][q]|none

~~Global and per~~Give the container an access(r - read, w -~~CT umount~~write, q - disk quota~~scripts which are executed for~~ management, none - no access) to a ~~container before it is~~device designated~~unmounted. Scripts are executed in~~ by the ~~host OS context,while a CT is mounted~~special file /dev/device. ~~Global script, if exists,~~ Device file is ~~executedfirst~~created in a container by vzctl.Example:

~~vps.postumount,CTID.postumount~~ vzctl set 777 --devnodes sdb:rwq</ppre>

~~Global and per~~-~~CT umount~~-devices~~scripts which are executed for a container right after it isunmounted. Otherwise they are the same as~~ b|c:major:minor|all:[r][w][q]|~~.umount~~none~~scripts.~~

~~The environment~~Give the container an access to~~passed to all the~~ a *mountb ~~scripts is the standardenvironment of the parent (i.e.~~ lock or ~~vzctl~~c~~) with two~~haracter device designated by its~~additional variables:~~ <bi>~~$VEID~~major</bi> and <bi>~~$VE_CONFFILE~~minor</bi>numbers.~~The first one holds the ID of the container, and the secondone holds the full path to the container configuration~~ Device file.~~If the script needs~~ have to ~~get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files~~be created manually.

~~Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount.~~=== PCI device management ====

~~# If one ofthese files does not exist then something~~ <brb>~~# is really broken~~ --pci_add<br/b>[ -f domain</~~etc/sysconfig/vz~~ i>:] ~~|| exit 1~~ <bri>~~[ -f $VE_CONFFILE ] || exit 1~~ bus<br/i>~~# Source both files. Note the order is important.~~ :<bri>. slot</~~etc/vz/vz~~i>.~~conf~~ <bri>~~. $VE_CONFFILE~~ func<br/i>~~mount -n --bind /mnt/disk $VE_ROOT/mnt/disk~~

Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by lspci(8) in the first column).

--~~top~~pci_del[domain: ~~1em"~~]bus~~Returns 0 uponsuccess, or an appropriate error code in case of anerror~~:slot.func

<~~table width~~p style="~~100~~margin-left:22%;" ~~border="0" rules="none" frame="void"~~>Delete a PCI device from the ~~cellspacing="0" cellpadding="0"~~container. <~~tr valign~~p style="margin-left:22%; margin-top: 1em" ~~align="left"~~>Note thatvps-pci configuration script is executed by<~~td width="11%"~~b>vzctl</tdb>then configuring PCI devices. The script isusually located at <~~td width="4%"~~b>/usr/libexec/vzctl/scripts/.

~~1</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~== Features management ====

<pstyle="margin-left:11%;">~~Failed to set a UBC parameter~~--features</pb>name</tdi>:on</trb>|off<~~tr valign="top" align="left"~~/b>[<~~td width="11%"~~b>,</tdb>...]<~~td width="4%"~~/p>

<pstyle="margin-left:22%;">Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit, 2ipip</pb>, ppp</tdb>,<~~td width="7%"~~b>ipgre, bridge, nfsd</tdb>. A few features canbe specified at once, comma-separated.<~~td width="78%"~~/p>

~~Failed to set a fair scheduler parameter</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~=~~"4%">~~Apply config ====

<pstyle="margin-left:11%;">3</pb>--applyconfig</tdb><~~td width="7%"~~i>name</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>~~Generic system error~~name</pi><tt>.conf-sample</tdtt>,and apply them, if --save</trb>option specified save tothe container config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS<~~tr valign="top" align="left"~~/b>,<~~td width="11%"~~b>OSTEMPLATE, VE_ROOT</tdb>, and<~~td width="4%"~~b>VE_PRIVATE.

<pstyle="margin-left:11%;">5</pb>--applyconfig_map</tdb><~~td width="7%"~~i>group</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">Apply container configparameters selected by group~~The running kernel is not an OpenVZ kernel (or some~~. Now the only possible~~OpenVZ modules are not loaded)~~value for group</pi> is name</tdb>: to restore containername based on NAME</trb>variable in containerconfiguration file.<~~tr valign~~/p> ==== I/O scheduling ===~~"top" align~~=~~"left">~~ <~~td width~~p style="margin-left:11%;">--ioprio</tdb><~~td width="4%"~~i>priority

<pstyle="margin-left:22%;">6Assigns disk I/O priority tocontainer. Priority</pi> range is 0-7</tdb>. The greater<~~td width="7%"~~i>priority is, the more time for I/O activity containerhas. By default each container has priority</tdi>of<~~td width="78%"~~b>4.

<pstyle="margin-left:11%;">--iolimit~~Not enough system resources~~limit</pi>[B</tdb>|K</trb>|M<~~tr valign="top" align="left"~~/b>|<~~td width="11%"~~b>G</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:22%;">7Assigns disk I/O bandwidthlimit for a container. Value is either a number with anoptional suffix, or a literal string </pb>unlimited</tdb>. Valueof <~~td width="7%"~~b>0</tdb>means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.<~~td width="78%"~~/p>

<pstyle="margin-left:22%; margin-top: 1em">If no suffix isprovided, the limit is assumed to be in megabytes persecond. Available suffixes are: • ~~ENV_CREATE~~b ~~ioctl failed~~, B</pb> -- bytes per second; • k, K -- kilobytes per second; • m</tdb>, M</trb>-- megabytes per second (default);<~~tr valign="top" align="left"~~br>• <~~td width="11%"~~b>g, G</tdb>-- gigabytes per second;<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">8</pb>--iopslimit</tdb><~~td width="7%"~~i>iops</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">~~Command executed by~~ Assigns IOPS limit for acontainer, in number of input/output operations per second.Value is a number or a literal string ~~vzctl exec~~unlimited ~~returned non-zero~~.~~exit code~~Value of </pb>0</tdb>means "unlimited". By default acontainer has no IOPS limit.</trp>~~<tr valign~~===~~"top" align~~Suspending and resuming =~~"left"><td width~~=~~"11%"></td><td width~~=~~"4%">~~

<p~~>9</td><td width~~style="7%margin-top: 1em">Checkpointing is a feature ofOpenVZ kernel which allows to save a complete in-kernelstate of a running container, and to restore it later.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">suspend~~Container is locked by another~~ |~~vzctl~~chkpnt~~invocation~~</pi> CTID</tdi>[<~~/tr~~b>--dumpfile<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>name</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">This command suspends acontainer to a dump file If an option 10--dumpfile</pb>isnot set, default dump file name/tdvz/dump/Dump.<~~td width="7%"~~i>CTID</tdi>is used.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Global OpenVZ configuration file [[Man~~resume</~~vz.conf.5~~b>|~~vz.conf~~restore~~(5)]] notfound~~</pi> CTID</tdi>[<~~/tr~~b>--dumpfile<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>name</tdi>]<~~td width="4%"~~/p>

<p~~>11</td><td width~~style="7margin-left:17%;">This command restores acontainer from the dump file created by the suspend</tdb>command.<~~td width="78%"~~/p>

=== Snapshotting === <p~~>A vzctl helper script file not found</td></tr><tr valign~~style="margin-top~~" align="left~~: 1em">Snapshotting is a feature based~~<td width="11%">~~on checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop device.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">12snapshot</pb> CTID[--id uuid] [--name name</tdi>][--description<~~td width="7%"~~/b> desc</tdi>] [--skip-suspend] [--skip-config]<~~td width="78%"~~/p>

<p~~>Permission denied</td></tr><tr valign="top" align~~style="margin-left:17%;">Creates a container snapshot,~~<td width="11%">~~i.e. saves the current container state, including its filesystem state, running processes state, and configurationfile.</~~td><td width="4%"~~p>

<p~~>13</td><td width~~style="7margin-left:17%; margin-top: 1em">If a containeris running, and --skip-suspend</tdb>option is notspecified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.<~~td width="78%"~~/p>

<p~~>Capability setting failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Unless<~~td width="11%"~~b>--skip-config</tdb>option is given, containerconfiguration file is saved to the snapshot.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">If uuid14is not specified, it is auto-generated. Options--name</pb> and --description</tdb>can be used tospecify the snapshot name and description, respectively.Name is displayed by <~~td width="7%"~~b>snapshot-list</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">snapshot-switchCTID~~Container configuration file~~ [~~[Man~~--skip-resume</~~ctid.conf.5~~b> |~~ctid.conf~~--must-resume~~(5)~~]~~] notfound~~[--skip-config</pb> ] <~~/td~~b><~~/tr~~br>--id<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>15</td><td width~~style="7margin-left:17%;">Switches the container to asnapshot identified by uuid</tdi>, restoring its filesystem state, configuration (if available) and its runningstate (if available).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Timeout on~~ ~~vzctl exec~~Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!~~</td></tr>~~ <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">Option<~~td width="11%"~~b>--skip-resume</tdb>is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <~~td width="4%"~~b>--skip-suspend).

<p~~>16</td><td width~~style="7margin-left:17%; margin-top: 1em">If option--must-resume</tdb>is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.<~~td width="78%"~~/p>

<p~~>Error during vzctl chkpnt</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Option option<~~td width="11%"~~b>--skip-config</tdb>is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">snapshot-delete17CTID</pi> --id</tdb><~~td width="7%"~~i>uuid</tdi><~~td width="78%"~~/p>

<p~~>Error during vzctl restore</td></tr><tr valign="top" align~~style="margin-left:17%;">Removes a specified~~<td width="11%">~~snapshot.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">snapshot-mountCTID --id18uuid</pi> --target</tdb><~~td width="7%"~~i>directory</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error from setluid()~~Mounts a snapshot specified by</bi> ~~syscall~~uuid</pi>to a <~~/td~~i>directory</tri>. Note this mount is~~<tr valign="top" align="left"><td width="11%">~~read-only.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">snapshot-umount20CTID</pi> --id</tdb><~~td width="7%"~~i>uuid</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Invalid command line parameter~~Unmounts a specifiedsnapshot. snapshot-list</tdb>CTID</tri> [-H] [-o<~~tr valign="top" align="left"~~i>field[,field...] [--id uuid<~~td width="11%"~~/i>]</tdp> <~~td width~~p style="4margin-left:17%;">List container’ssnapshots.

<p~~>21</td><td width~~style="7margin-left:17%; margin-top: 1em">You cansuppress displaying header using -H</tdb>option.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Invalid value for command line parameter~~You can use the</pb>-o</tdb>option to display only the specified<~~/tr~~i>field<~~tr valign="top" align="left"~~/i>(s). List of available fields can be obtainedusing <~~td width="11%"~~b>-L</tdb>option.<~~td width="4%"~~/p>

~~22</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Performing container actions ===

<~~p>Container root directory (VE_ROOT) not set</td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

<pstyle="margin-top: 1em">create23</td><td width="72%"></td>

<pstyle="margin-top: 1em">CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][~~Container~~ --private ~~directory (~~ path][~~VE_PRIVATE~~--root ~~) not~~path]~~set~~[--ipadd </pb>addr][--hostname name][ --name </tdb>name</tri>][--local_uid <~~tr valign="top" align="left"~~i>uid][--local_gid gid] </td ~~width="11%"~~></tdtr></table> <~~td width~~p style="4margin-left:17%; margin-top: 1em">Creates a newcontainer area. This operation should be done once, beforethe first start of the container.

<pstyle="margin-left:17%; margin-top: 1em">By default, anOS template denoted by 24DEF_OSTEMPLATE</pb> parameter of[[Man/vz.conf.5|vz.conf</tdb>(5)]] is used to create a container. This can beoverwritten by <~~td width="7%"~~b>--ostemplate</tdb>option.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container template directory (~~By default, anew container configuration file is created from a sampleconfiguration denoted by value of ~~TEMPLATE~~CONFIGFILE~~) notset<~~parameter of [[Man/p> vz.conf.5|<~~/td~~b>vz.conf</trb>(5)]]. If the container~~<tr valign="top" align="left">~~configuration file already exists, it will not be~~<td width="11%">~~modified.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">28The value ofCONFIGFILE</pb> can be overwritten by using the--config</tdb><~~td width="7%"~~i>name</tdi>option. This option can not beused if the container configuration file already exists.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">A new containercan either be created using simfs filesystem or on a~~Not all required UBC parameters are~~ ploop device. The default is setby value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by --layout option. In case ploopis used, ~~unable to start~~one can additionally specify ploop disk imageformat after a colon. Possible ploop formats are~~container~~expanded</pb>, plain</tdb>and raw</trb>. Default is<~~tr valign="top" align="left"~~b>expanded. Using value other than <~~td width="11%"~~b>expanded</tdb>isnot recommended and is currently not supported.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">29You can use--diskspace</pb> and --diskinodes</tdb>options tospecify container file system size. Note that for<~~td width="7%"~~b>ploop</tdb>layout, you will not be able to change inodesvalue later.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">IfDISKSPACE~~OS template~~ is not specified~~, unable to create~~either in the sampleconfiguration file used for creation or in global~~container~~configuration file [[Man/vz.conf.5|</pb> vz.conf</tdb>(5)]], <~~/tr~~b>--diskspace<~~tr valign="top" align="left"~~/b>parameter is required for <~~td width="11%"~~b>ploop</tdb>layout.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">31SuffixesG</pb>, M, K</tdb>can also be specified (see<~~td width="7%"~~b>Resource limits</tdb>section for more info onsuffixes).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container not running~~You can use--root</pb> path</tdi> option to sets the path to themount point for the container root directory (default isVE_ROOT</trb>specified in [[Man/vz.conf.5|vz.conf<~~tr valign="top" align="left"~~/b>(5)]] file).Argument can contain literal string <~~td width="11%"~~b>$VEID</tdb>, which willbe substituted with the numeric CT ID.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use--private path option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is 32VE_PRIVATE</pb>specified in [[Man/vz.conf.5|vz.conf</tdb>(5)]] file). Argument can containliteral string <~~td width="7%"~~b>$VEID</tdb>, which will be substituted withthe numeric CT ID.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use~~Container already running~~--ipadd</pb><~~/td~~i>addr</tri>option to assign an IP address to~~<tr valign="top" align="left">~~a container. Note that this option can be used multiple~~<td width="11%">~~times.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">33You can use</pb>--hostname</tdb><~~td width="7%"~~i>name</tdi>option to set a host name fora container.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and~~Unable~~ --local_gid can be used to ~~stop container~~select which uid</pi>and gid</tdi> respectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UID</trb>and<~~tr valign="top" align="left"~~b>LOCAL_GIDfrom global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used. An explicit <~~td width="11%"~~b>--local_uid</tdb>value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid<~~td width="4%"~~/b> is ignored.

<pstyle="margin-left:17%; margin-top: 1em">34Warning:</pb>use --local_uid</tdb>and <~~td width="7%"~~b>--local_gid</tdb>with care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to add IP address to container~~</pb>destroy</tdb>| <~~/tr~~b>delete<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>CTID</tdi><~~td width="4%"~~/p>

<p~~>40</td><td width~~style="7margin-left:17%;">Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container not mounted~~start</pb> CTID[--wait</tdb>] [--force</trb>] [--skip-fsck<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-remount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Mounts (if necessary) andstarts a container. Unless 41--wait</pb> option isspecified, vzctl</tdb>will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by <~~td width="7%"~~b>vzctl</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container already mounted~~Specify</pb>--force</~~td></tr><tr valign="top" align="left"~~b>if you want to start a container which isdisabled (see <~~td width="11%"~~b>--disabled</tdb>).<~~td width="4%"~~/p>

<p~~>43</td><td width~~style="7margin-left:17%; margin-top: 1em">Specify--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="78%"~~/p>

<p~~>Container private area not found</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using <~~td width="11%"~~b>--skip-remount</tdb>flag.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of premount,44mount</pb> and start</tdb>action scripts (see ACTIONSCRIPTS<~~td width~~/b> below). stop</tdb> CTID[--fast<~~td width="78%"~~/b>] [--skip-umount]

<pstyle="margin-left:17%;">~~Container private area already exists~~Stops a container and unmountsit (unless --skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option--fast</trb>makes vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that46vzctl stop</pb> is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</tdb>in[[Man/vz.conf.5|vz.conf(5)]], or per container (<~~td width="7%"~~b>STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="78%"~~/b>(5)]], see --stop-timeout).

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of ~~Not enough disk space~~stop</pb>, <~~/td~~b>umount</trb>and <~~tr valign="top" align="left"~~b>postumountaction scripts (see <~~td width="11%"~~b>ACTIONSCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">47restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Bad/broken~~ Restarts a container (, i.e.stops it if it is running, and starts again. Accepts all the~~/sbin/init~~start orand ~~/bin/sh~~stop ~~not found)~~options.~~</td></tr>~~ <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">Note that thiscommand can lead to execution of some action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">48</pb>status</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Unable to create a new container private area</td></tr><tr valign="top" align~~style="margin-left:17%;">Shows a container status. This~~<td width="11%">~~is a line with five or six words, separated by spaces.</~~td><td width="4%"~~p>

<p~~>49</td><td width~~style="7margin-left:17%; margin-top: 1em">First word isliterally CTID</tdb>.<~~td width="78%"~~/p>

<p~~>Unable to create a new container root area</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Second word isthe numeric <~~td width="11%"~~i>CT ID</tdi>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">50Third word isshowing whether this container exists or not, it can beeither </pb>exist</tdb>or <~~td width="7%"~~b>deleted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to mount~~ Fourth word isshowing the status of the containerfilesystem, it can beeither </pb>mounted</tdb>or <~~/tr~~b>unmounted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">51Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~td width="7%"~~b>down</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to unmount container~~Sixth word, ifexists, is <~~/td~~b>suspended</~~tr><tr valign="top" align="left"~~b>. It appears if a dump fileexists for a stopped container (see <~~td width="11%"~~b>suspend</tdb>).<~~td width="4%"~~/p>

<p~~>52</td><td width~~style="7margin-left:17%; margin-top: 1em">This commandcan also be usable from scripts.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Unable to delete a container~~</pb>mount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">53Mounts container private area.Note that this command can lead to execution ofpremount</pb> and mount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container private area not exist~~</pb>umount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">60Unmounts container privatearea. Note that this command can lead to execution ofumount</pb> and postumount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that~~vzquota on~~stop ~~failed~~does </pb>umount</tdb>automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">61convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<p~~>vzquota init failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should be~~<td width="11%">~~set.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">62</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>vzquota setlimit failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">63</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Parameter~~ Turn disk quota on. Not that~~DISKSPACE~~mount ~~not set~~and </pb>start</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">64</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Parameter~~ Turn disk quota off. Not that~~DISKINODES~~umount ~~not set~~and </pb>stop</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">66</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Initialize disk quota (i.e. runvzquota ~~off~~init ~~failed<~~) with the parameters taken from the CTconfiguration file [[Man/p>ctid.conf.5|<~~/td~~b>ctid.conf</~~tr><tr valign="top" align="left"><td width="11%"~~b>(5)]].</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">67</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~ugid quota not initialized~~Executes </pi>command</tdi>in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If <~~/tr~~i>command<~~tr valign="top" align="left"~~/i>is <~~td width="11%"~~b>-</tdb>, commands are read fromstdin.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">71</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Incorrect IP address format~~The same as <~~/td~~b>exec</trb>, butreturn code is that of <~~tr valign="top" align="left"~~i>command<~~td width="11%"~~/i>.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">74</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error changing password~~Run specified shell script inthe container. Argument </pi>script</~~td></tr~~i>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is not~~<tr valign="top" align="left">~~really started, no file systems other than root (such as<~~td width="11%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">78enter</pb> CTID</tdi>[--exec command [<~~td width="7%"~~i>arg</tdi>...]]<~~td width="78%"~~/p>

<p~~>IP address already in use</td></tr><tr valign="top" align~~style="margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">79Option--exec</pb> is used to run command</tdi>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~td width="7%"~~b>vzctl exec</tdb>can not beused) and for some reason you can not use ssh<~~td width="78%"~~/b>(1).

<p~~>Container action script returned an error</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">You need to logout manually from the shell to finish session (even if youspecified <~~td width="11%"~~b>--exec</tdb>).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">82console</pb> CTID</tdi>[<~~td width="7%"~~i>ttynum</tdi>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Config file copying error~~Attach to a container console.Optional ttynum</pi> argument is tty number (such as4</tdb> for tty4</trb>), default is 1<~~tr valign="top" align="left"~~/b>which is usedfor container’s <~~td width="11%"~~b>/dev/console</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">86Note theconsoles are persistent, meaning that: </pbr>• it can be attached to even if the container is notrunning; <~~/td~~br>• there is no automatic detachment upon the containerstop; <~~td width="7%"~~br>• detaching from the console leaves anything running inthis console as is.</~~td><td width="78%"~~p>

<p~~>Error setting devices (~~style="margin-left:17%; margin-~~devices</b~~top: 1em"> orThe followingescape sequences are recognized by ~~--devnodes~~vzctl console~~) </td></tr>~~.~~<tr valign="top" align="left">~~Note that these sequences are only recognized at the~~<td width="11%">~~beginning of a line.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">89•</pb>Esc</tdb>then <~~td width="7%"~~b>.</tdb>to detach from the console.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">•~~IP address not available~~Esc</pb>then <~~/td~~b>!</trb>to kill anything running on the~~<tr valign="top" align="left">~~console (SAK). This is helpful when one expects a login~~<td width="11%">~~prompt but there isn’t one.</~~td><td width="4%"~~p>

~~91</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Other options ===

<p~~>OS template not found</td></tr><tr valign="top" align~~style="margin-left:11%;"><~~td width="11%"~~b>--help</tdb><~~td width="4%"~~/p>

<p~~>100</td><td width~~style="7margin-left:17%;">Prints help message with abrief list of possible options.</~~td><td width="78%"~~p>

<p~~>Unable to find container IP address</td></tr><tr valign="top" align~~style="margin-left:11%;"><~~td width="11%"~~b>--version</tdb><~~td width="4%"~~/p>

<p~~>104</td><td width~~style="7margin-left:17%;">Prints vzctl</tdb>version.<~~td width="78%"~~/p>

~~VE_NETDEV ioctl error</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~ACTION SCRIPTS =~~"11%"></td><td width~~=~~"4%">~~

<pstyle="margin-left:11%; margin-top: 1em">vzctlhas an ability to execute user-defined scripts when aspecific ~~105~~vzctl</pb> command is run for a container. Thefollowing vzctl</tdb>commands can trigger execution ofaction scripts: start, <~~td width="7%"~~b>stop, restart</tdb>,<~~td width="78%"~~b>mount and umount.

<pstyle="margin-left:11%; margin-top: 1em">~~Container start disabled~~Action scriptsare located in the /petc/vz/conf/directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of <~~/td~~b>vps.</trb>and are executed for all containers.Per-CT scripts have a <~~tr valign="top" align="left"~~i>CTID<~~td width="11%"~~b>.</tdb>numeric prefix andare executed for the given container only.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~106~~Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~td width="7%"~~b>.stop</tdb>scripts,which are executed in a container context.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Unable to set iptables on a running container~~The followingaction scripts are currently defined: </pb> vps.premount</tdb>, <~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.premount</tdb><~~td width="4%"~~/p>

<p~~>107</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Distribution-specific configuration file not found~~</pb>vps.mount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.mount</tdb><~~td width="4%"~~/p>

<p~~>109</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as .premount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to apply a config~~</pi>CTID</tdi><~~/tr~~b>.start<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>129</td><td width~~style="7margin-left:22%;">Right after vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to set meminfo parameter~~</pi>CTID</tdi><~~/tr~~b>.stop<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>130</td><td width~~style="7margin-left:22%;">Right before vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error setting veth interface~~</pb>vps.umount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.umount</tdb><~~td width="4%"~~/p>

<p~~>131</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Error setting container name~~</pb>vps.postumount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.postumount</tdb><~~td width="4%"~~/p>

<p~~>133</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">The environmentpassed to all the ~~Waiting for container start failed~~*mount</pb> scripts is the standardenvironment of the parent (i.e. vzctl</tdb>) with twoadditional variables: $VEID</trb>and $VE_CONFFILE<~~tr valign="top" align="left"~~/b>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as <~~td width="11%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~139~~Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount. <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</pre> == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror: <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 1</td>

~~Error saving container configuration file~~Failed to set a UBC parameter</td></tr>

~~148~~2</td>

~~Error setting container IO parameters (ioprio)~~Failed to set a fair scheduler parameter</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="4%">

3</td><td width="7%"></td><td width= ~~EXAMPLES~~ "78%"> Generic system error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 5</td><td width="7%"></td><td width="78%">

~~To create andstart "basic" container with ID of 1000 using~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)<i/td>~~fedora-core-5~~</itr> ~~OS template and IP address of192.168.10.200:~~ <brtr valign="top" align="left">~~vzctl create 1000 --ostemplate fedora-core-5 --config basic~~<brtd width="11%">~~vzctl set 1000 --ipadd 192.168.10.200 --save~~ <br/td>~~vzctl start 1000~~</ptd width="4%">

6</td><td width="7%"></td><td width="78%"> Not enough system resources</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 7</td><td width="7%"></td><td width="78%"> ENV_CREATE ioctl failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 8</td><td width="7%"></td><td width="78%"> Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 9</td><td width="7%"></td><td width="78%"> Container is locked by another vzctlinvocation </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 10</td><td width="7%"></td><td width="78%"> Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 11</td><td width="7%"></td><td width="78%"> A vzctl helper script file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 12</td><td width="7%"></td><td width="78%"> Permission denied</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 13</td><td width="7%"></td><td width="78%"> Capability setting failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 14</td><td width="7%"></td><td width="78%"> Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 15</td><td width="7%"></td><td width="78%"> Timeout on vzctl exec</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 16</td><td width="7%"></td><td width="78%"> Error during vzctl suspend</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 17</td><td width="7%"></td><td width="78%"> Error during vzctl resume</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 18</td><td width="7%"></td><td width="78%"> Error from setluid() syscall</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 20</td><td width="7%"></td><td width="78%"> Invalid command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 21</td><td width="7%"></td><td width="78%"> Invalid value for command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 22</td><td width="7%"></td><td width="78%"> Container root directory (VE_ROOT) not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 23</td><td width="7%"></td><td width="78%"> Container private directory (VE_PRIVATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 24</td><td width="7%"></td><td width="78%"> Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 28</td><td width="7%"></td><td width="78%"> Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 29</td><td width="7%"></td><td width="78%"> OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 31</td><td width="7%"></td><td width="78%"> Container not running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 32</td><td width="7%"></td><td width="78%"> Container already running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 33</td><td width="7%"></td><td width="78%"> Unable to stop container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 34</td><td width="7%"></td><td width="78%"> Unable to add IP address to container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 40</td><td width="7%"></td><td width="78%"> Container not mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 41</td><td width="7%"></td><td width="78%"> Container already mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 43</td><td width="7%"></td><td width="78%"> Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 46</td><td width="7%"></td><td width="78%"> Not enough disk space</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td><td width="7%"></td><td width="78%"> Unable to create a new container private area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 49</td><td width="7%"></td><td width="78%"> Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td><td width="7%"></td><td width="78%"> Error resizing ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 166</td><td width="7%"></td><td width="78%"> Error compacting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 167</td><td width="7%"></td><td width="78%"> Error listing ploop snapsots</td></tr></table> == EXAMPLES == To create andstart "basic" container with ID of 1000 usingcentos-5 OS template and IP address of192.168.10.200: <pre style="margin-left:11%; margin-top: 1em"> vzctl create 1000 --ostemplate centos-5 --config basic vzctl set 1000 --ipadd 192.168.10.200 --save vzctl start 1000</pre> To set numberof processes barrier/limit to 80/100, and PTY barrier/limitto 16/20 PTYs: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl set 1000 --numproc 80:100 -t 16:20 --save</ppre>

To execute

command ls -la in this container: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl exec 1000 /bin/ls -la</ppre> To executecommand pipe ls -l / | sort in this container: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl exec 1000 ’ls -l / | sort’</ppre> To enter thiscontainer and execute command apt-get install vim: <brpre style="margin-left:11%; margin-top: 1em"> vzctl enter 1000 --exec apt-get install vim</ppre> Note that inthe above example you will need to log out from thecontainer’s shell after apt-get finishes. To enter thiscontainer, execute command apt-get install vim andlogout after successful installation (or stay inside thecontainer if installation process failed) use&&: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl enter 1000 --exec "apt-get install vim &&logout"</ppre> To enter thiscontainer, execute command apt-get install vim andlogout independently of exit code of installation processuse ;: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl enter 1000 --exec "apt-get install vim ;logout"</ppre> Note that youneed to quote the command if you use && or;. To stop thiscontainer: <br/p> <pre style="margin-left:11%; margin-top: 1em"> vzctl stop 1000</pre> To permanentlyremove this container:

~~To permanentlyremove this container: ~~ vzctl destroy 1000</ppre>

== FILES ==

/etc/vz/vz.conf~~ ~~/etc/vz/conf/CTID.conf ~~ ~~/etc/vz/conf/vps.{premount,mount,umount,postumount} ~~ ~~

/etc/vz/conf/CTID.{premount,mount,start,stop,umount,postumount}

~~ ~~/proc/vz/veinfo ~~ ~~/proc/vz/vzquota ~~ ~~/proc/user_beancounters ~~ ~~/proc/bc/* ~~ ~~/proc/fairsched</ppre>

== SEE ALSO ==

[[Man/vzifup-post.8|vzifup-post(8)]], [[Man/vzlist.8|vzlist(8)]],

[[Man/vzmemcheck.8|vzmemcheck(8)]], [[Man/vzmigrate.8|vzmigrate(8)]], [[Man/vzpid.8|vzpid(8)]],

[[Man/vzquota.8|vzquota(8)]], [[Man/vzsplit.8|vzsplit(8)]], [[Man/vzubc.8|vzubc(8)]],

[[UBC]].

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools