Changes

← Older edit

Man/vzctl.8

30,342 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

vzctl −

~~utility to control~~ perform various operations on an OpenVZ container.

== SYNOPSIS ==

<~~p style~~table width="~~margin-left:11~~100%~~; margin-top: 1em~~"~~>vzctl~~border="0" rules="none" frame="void"~~[flags] create CTID</i~~ cellspacing="0" cellpadding="0">[<~~b>--ostemplate name] [--config</b~~tr valign="top" align="left"><~~i>name] [--private <i~~td width="11%">~~path~~</~~i>] [--root</b~~td><~~i>path] [--ipadd addr] [--hostnamename]</p~~td width="7%">

~~vzctl~~[<ib>~~flags~~vzctl</~~i>] <~~b>~~set~~</bp> ~~CTID parameters~~</itd>[<btd width="2%">~~--save~~</btd>]</ptd width="80%">

~~vzctl~~[<ib>~~flags~~vzctl</~~i>] <~~b>~~exec~~</~~b> | <b~~p>~~exec2~~</~~b> <i~~td>~~CTIDcommand~~<~~/i> [<i~~td width="2%">~~arg~~</itd> ~~...]~~</ptd width="80%">

~~vzctl~~[flags] ~~enter~~start CTID [--~~exec~~wait][<ib>~~command~~--force</ib> ] [<ib>~~arg~~--skip-fsck</ib> ~~...~~][--skip-remount] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~vzctl~~[<ib>~~flags~~vzctl</ib>] <b/p>~~runscript~~</btd> <itd width="2%">~~CTID script~~</itd></ptd width="80%">

[flags] stop CTID [-~~left:11%; margin~~-~~top: 1em"~~fast~~vzctl~~][--~~help~~skip-umount | ] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%"> ~~--version~~vzctl</td><td width="2%"></td><td width="80%">

[flags] restart CTID[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr><tr valign="top" align= ~~DESCRIPTION~~ "left"><td width="11%"></td><td width="7%">

~~Utility~~vzctl ~~runs on the host system (otherwise known as~~</td>~~Hardware Node, or HN) and performs direct manipulations with~~<td width="2%"></td>~~containers (CTs).~~</ptd width="80%">

~~Containers can~~[flags] suspend | resume~~be referred to by either numeric~~ CTID ~~or by name (see~~[--dumpfile name</bi>]</td></tr> ~~option). Note that CT ID <~~<tr valign="top" align= ~~100 are~~"left">~~reserved for OpenVZ internal purposes.~~<td width="11%"></ptd><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~OPTIONS ==~~"80%">

[flags] snapshot CTID[--id uuid][--name name][--description desc][--skip-suspend] [--skip-config]</td></tr><tr valign="top" align="left"><td width= ~~Flags ==~~"11%"></td><td width="7%">

vzctl</td><td width="~~margin-top: 1em~~2%">~~These flags come before acommand, and can be used with any command. They affectlogging to console (terminal) only, and do not affect~~</td>~~logging to a log file.~~</ptd width="80%">

[flags] snapshot-switch CTID[--skip-resume | --must-resume][--skip-~~left:11%;"~~config] --~~quiet~~id uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td><td width="~~margin-left:17~~2%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="80%">

[flags] snapshot-~~left:11%;"~~delete CTID--~~verbose~~id uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ ~~VERBOSE~~vzctl ~~parameter in theglobal configuration file [[Man/vz.conf.5|vz.conf~~</~~b>(5)]], or to <b~~p>0</btd>~~if not set by~~ <btd width="2%">~~VERBOSE~~</btd> ~~parameter.~~</ptd width="80%">

[flags] snapshot-mount CTID--id uuid --target dir</td></tr><tr valign="top" align="left"><td width= ~~Setting container parameters ==~~"11%"></td><td width="7%">

~~set~~vzctl ~~CTIDparameters~~</~~i> [<b~~p>~~--save~~</btd>~~] [~~<btd width="2%">~~--force~~</btd>]</ptd width="80%">

~~This command sets variouscontainer parameters. If a~~ [flags] snapshot-~~-save~~umount ~~flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|~~<bi>~~ctid.conf~~CTID</bi>~~(5)]]. Use~~ --~~force~~id ~~to save the~~uuid</td></tr>~~parameters even if the current kernel doesn’t support~~<tr valign="top" align="left">~~OpenVZ. If the container is currently running,~~ <btd width="11%">~~vzctl~~</btd>~~applies these parameters to the container.~~</ptd width="7%">

~~The followingparameters can be used with~~ ~~set~~vzctl ~~command.~~</td><td width="2%"></td><td width="80%">

[flags] snapshot-list CTID[-H] [-o field[,field...][--id uuid]</td></tr><tr valign="top" align="left"><td width="11%"></td><td width= ~~Miscellaneous ====~~"7%">

~~--onboot yes~~vzctl |</td><btd width="2%">no</btd></ptd width="80%">

[flags] set CTID --~~left:17%;"~~parameter value~~Sets whether the container willbe started during system boot~~[.. ~~The container will not be~~.] [--save] [--force]~~auto~~[--~~started unless this parameter is set to~~ setmode restart|~~yes~~ignore.] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--bootorder~~vzctl</td><itd width="2%">~~number~~</itd></ptd width="80%">

~~Sets the boot order priorityfor this CT. The higher the~~ [flags] set ~~number~~CTID ~~is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset~~ ~~bootorder~~--reset_ub ~~will~~ </td></tr>~~start last.~~<tr valign="top" align="left"><td width="11%"></ptd><td width="7%">

~~--root~~vzctl <i/p>~~path~~</itd><td width="2%"></ptd><td width="80%">

~~Sets the path to root directory~~[flags] destroy | delete |~~for this container. This is essentially a~~ mount ~~point forcontainer’s root directory. Argument can contain~~ | umount | status |~~literal string~~ ~~$VEID~~quotaon~~, which will be substituted withthe numeric CT ID. Changing this parameter is notrecommended, better edit [[Man~~| quotaoff</~~vz.conf.5~~b> |~~vz.conf~~quotainit~~(5)]] globalconfiguration file.~~CTID </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--userpasswd~~vzctl<i/p>~~user~~</itd>:<itd width="2%">~~password~~</itd></ptd width="80%">

~~Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so~~ [flags] ~~--save~~console ~~flag is useless), it is~~CTID~~applied to the container (by modifying its~~ [ttynum</~~etc~~i>]</~~passwd and~~p> </~~etc~~td></~~shadow files).~~tr><tr valign="top" align="left"><td width="11%"></ptd><td width="7%">

vzctl</td><td width="~~margin-left:17~~2%~~; margin-top: 1em~~">~~In case~~</td>~~container root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~</ptd width="80%">

[flags] convert CTID[--layout ploop[:{expanded|plain|raw}]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%~~; margin-top: 1em~~">~~Note that~~</td>~~container should be created before using this option.~~</ptd width="7%">

~~--disabled yes~~vzctl |</td><btd width="2%">no</btd></ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align="~~margin-~~left~~:17%;~~">~~Disable container start. Toforce the start of a disabled container, use~~ <btd width="11%">~~vzctl start--force~~</btd>.</ptd width="7%">

~~--name~~vzctl <i/p>~~name~~</itd><td width="2%"></ptd><td width="80%">

~~Add a name for a container. The~~[~~name~~flags ~~can later be used in subsequent calls to~~] exec | ~~vzctl~~exec2 ~~in place of~~ CTIDcommand [arg...]</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

~~--description~~vzctl</td><itd width="2%">~~string~~</itd></ptd width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Add a textual description for a~~</td>~~container.~~</ptd width="7%">

~~--setmoderestart~~vzctl|<b/p>~~ignore~~</btd><td width="2%"></ptd><td width="80%">

[flags] runscript CTID script</td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Whether to restart a container~~</td>~~after applying parameters that require the container to berestarted in order to take effect.~~</ptd width="7%">

vzctl</td><td width="2%"></td><td width=~~== Networking ====~~"80%">

-~~left:11%;"~~-help| --~~ipadd~~version <i/p>~~addr~~</itd></ptr></table>

~~Adds IP address to a givencontainer. Note that this option is incremental, soaddr are added to already existing ones.~~= DESCRIPTION ==

Utility~~--ipdel~~vzctl ~~addr |~~runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations with~~all~~containers (CTs).

~~Removes IP address~~ Containers canbe referred to by either numeric ~~addr~~CTIDor by name (see--name option). Note that CT ID <= 100 are~~from a container~~reserved for OpenVZ internal purposes. ~~If you want to remove all the addresses,~~A numeric ID should~~use~~ not be more than ~~--ipdel all~~2147483644.

~~--hostnamename~~= OPTIONS ==

~~Sets container hostname.vzctl writes it to the appropriate file inside acontainer (distribution-dependent).~~== Flags ===

~~--nameserver~~These flags come before acommand, and can be used with any command. They affectlogging to console (terminal) only, and do not affect~~addr~~logging to a log file.

~~Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use~~ --~~nameserver~~quiet ~~optionmultiple times in one call to vzctl, as all the nameserver values set in previous calls to vzctl areoverwritten.~~

Disables output. Note thatscripts run by vzctl are still able to produce someoutput. --~~searchdomain~~verbose~~name</i~~>

~~Sets DNS search domains for a~~Increments logging level up~~container~~from the default. ~~If you want~~ Can be used multiple times. Default valueis set to ~~set several search domains, you~~the value of VERBOSE parameter in the~~should do it at once, so use~~ global configuration file [[Man/vz.conf.5|~~--searchdomain~~vz.conf ~~optionmultiple times in one call~~ (5)]], or to ~~vzctl~~0~~, as all thesearch domain values~~ if not set ~~in previous calls to~~ by ~~vzctl~~VERBOSE~~are overwritten~~parameter.

~~--netif_addifname[,mac,host_ifname,host_mac,bridge]~~== Setting container parameters ===

<~~p style~~table width="~~margin-left:17~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~Adds a virtual Ethernet device(veth) to a given container. Here~~ <itr valign="top" align="left">~~ifname is theEthernet device name in the container,~~ <itd width="11%">~~mac~~</itd> ~~is its MACaddress,~~ <itd width="4%">~~host_ifname~~ </ip style="margin-top: 1em"> ~~is the Ethernet device name onthe host, and~~ <ib>~~host_mac~~set</ib> ~~is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.~~<i/p>~~bridge~~</itd> ~~is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except~~ <itd width="2%">~~ifname~~</itd>~~are optional and are automatically generated if notspecified.~~</ptd width="83%">

CTID[--onboot yes|no][--bootorder number][--root path][--private path][--mount_opts options][--userpasswd user:~~11%~~pass][--disabled yes|no][--name name][--description string][--ostemplate string][--stop-timeout seconds][--ipadd addr][--ipdel addr|all][--hostname name][--nameserver addr][--searchdomain name][--netif_add "dev[,params...]][--netif_del dev|all][--ifname dev[--mac hwaddr][--host_ifname dev][--host_mac hwaddr][--bridge ~~dev_name~~name][--mac_filter on|off]][--numproc items][--numtcpsock items][--numothersock items][--vmguarpages pages][--kmemsize bytes][--tcpsndbuf bytes][--tcprcvbuf bytes][--othersockbuf bytes][--dgramrcvbuf bytes][--oomguarpages pages][--lockedpages pages][--privvmpages pages][--shmpages pages][--numfile items][--numflock items][--numpty items][--numsiginfo items][--dcachesize bytes][--numiptent num][--physpages pages][--swappages pages][--ram bytes][--swap bytes][--vm_overcommit float][--cpuunits num][--cpulimit num][--cpus num][--cpumask cpus|auto | all][--nodemask nodes|all][--meminfo none|mode:value][--iptables name[,...]][--netfilter disabled|stateless|stateful|full][--netdev_add ifname][--netdev_del ifname][--diskquota yes|no][--diskspace num][--diskinodes num][--quotatime seconds][--quotaugidlimit num][--capability capname:on|off[,...]][--devnodes param][--devices param][--pci_add dev][--pci_del dev][--features name:on|off[,...]][--applyconfig name][--applyconfig_map group][--ioprio num][--iolimit mbps][--iopslimit iops] [--save][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%">

~~Removes virtual Ethernet devicefrom a~~ This command sets various containerparameters. If ~~you want~~ thecontainer is currently running, vzctl applies theseparameters to ~~remove all devices, use~~the container. The following options can beused with ~~all~~setcommand.</td></tr></table>

==== ~~veth interface configuration~~ Flags ====

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ --~~ifname name~~save</~~i> option. <~~b~~> --mac XX:XX:XX:XX:XX:XX</i~~>

~~MAC address of interface inside~~If this flag is given,a parameters are saved in containerconfiguration file[[Man/ctid.conf.5|ctid.conf(5)]].

--~~host_ifname~~force~~name</i~~>

~~interface name for virtual~~If this flag is given together~~interface in~~ with --save, parameters are saved even if the ~~host system~~currentkernel doesn’t support OpenVZ. Note this flag does notmake sense without --save, so --save isrequired.

--~~host_mac~~reset_ub~~XX:XX:XX:XX:XX:XX</i~~>

~~MAC address of interface~~ If this flag is given,vzctl applies all User Beancounter parameters fromthe configuration file to a running container. This ishelpful in ~~the~~case configuration file is modified manually.Please note this flag is exclusive, i.e. it can not be~~host system~~combined with any other options or flags.

--~~bridge~~setmode restart |<ib>~~name~~ignore</ib>

~~Bridge name~~A few parameters can only beapplied by restarting the container. By default,vzctl prints a warning if such parameters aresupplied and a container is running. ~~Custom network~~Use --setmode~~start scripts can use this value~~ restart together with --save flag to ~~automatically add the~~restart a~~interface~~ container in such a case, or --setmode ignore to ~~a bridge~~suppress the warning.

~~--mac_filter on |off~~=== Miscellaneous ====

~~Enables~~--onboot yes</~~disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from inside~~b> |~~the Container. If the filtering is turned on:~~ <brb>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ no<br/b>~~• it is impossible to modify the veth MAC address frominside the Container.~~

~~By default~~Sets whether the container willbe started during system boot. The container will be startedon boot by vz initscript if either this parameter isset to yes,or the container was running just beforelast reboot, and this ~~functionality~~ parameter is ~~enabled for all veth devices existing~~not set to no.Default value is unset, meaning the container will be~~inside~~ started if it was running before the ~~Container~~last reboot.

--bootordernumber

~~The following~~Sets the boot order priority~~options sets barrier and limit~~ for ~~various userbeancounters~~this CT. ~~Each option requires one or two arguments. Incase of one argument,~~ The higher the <bi>~~vzctl~~number</bi> ~~sets barrier and limit to~~is, the earlier inthe ~~same value~~boot process this container starts. ~~In case of two colon-separated arguments,~~By default this~~the first~~ parameter is ~~a barrier~~unset, ~~and~~ which is considered to be the ~~second is a limit. Each~~lowest~~argument is either a number~~priority, ~~a number~~ so containers with ~~a suffix, or aspecial value~~ unset ~~unlimited~~bootorderwillstart last.

~~Arguments arein items, pages or bytes. Note that page size isarchitecture~~--~~specific, it is 4096 bytes on x86 and x86_64platforms.~~root path

~~You can also~~Sets the path to root directory~~specify different suffixes for set parameters~~ (~~exceptfor the parameters which names start with~~ ~~num~~VE_ROOT)for this container. ~~For~~This is essentially a~~example, vzctl set CTID --privvmpages~~mount point for container’s root directory. Argument~~5M:6M should set~~ can contain literal string ~~privvmpages~~$VEID~~’ barrier to 5~~, which will be~~megabytes and its limit to 6 megabytes~~substituted with the numeric CT ID.

-~~top: 1em"~~-private~~Availablesuffixes are:~~path

<~~table width~~p style="~~100~~margin-left:17%;" ~~border="0" rules="none" frame="void"~~>Sets the path to private ~~cellspacing="0" cellpadding="0"~~directory (VE_PRIVATE<~~tr valign="top" align="left"~~/b>) for this container. This is adirectory in which all the container’s files arestored. Argument can contain literal string <~~td width="11%"~~b>$VEID</tdb>,which will be substituted with the numeric CT ID.<~~td width="6%"~~/p>

<pstyle="margin-left:11%;">T--mount_opts, <bi>toption</bi>[</pb>,</tdb><~~td width="5%"~~i>option</tdi>...]<~~td width="44%"~~/p>

<p~~>terabytes;</td><td width~~style="34margin-left:17%;">Sets additional mount optionsfor container file system. Only applicable for <~~/td~~b>ploop</~~tr><tr valign="top" align="left"~~b>~~<td width="11%">~~layout, ignored otherwise.</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">G--userpasswd, <bi>guser</bi>:</pi>password</~~td><td width="5%"~~i></~~td><td width="44%"~~p>

<p~~>gigabytes;</td><td width~~style="34margin-left:17%;">Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so <~~/td~~b>--save</trb>flag is useless), it isapplied directly to the container, by running~~<tr valign="top" align="left">~~distribution-specific programs inside the container. It isnot recommended to combine this option with any other~~<td width="11%">~~options.</~~td><td width="6%"~~p>

<p~~>M, m</td><td width~~style="5margin-left:17%; margin-top: 1em">In casecontainer was not running, it is automatically started thenall the appropriate changes are applied, then it isstopped.</~~td><td width="44%"~~p>

<p~~>megabytes;</td><td width~~style="34margin-left:17%">~~</td></tr><tr valign="~~; margin-top~~" align="left~~: 1em">Note that~~<td width="11%">~~container should be created before using this option.</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">K--disabled yes, |kno</p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>kilobytes;</td><td width~~style="34margin-left:17%;">Disable container start. Toforce the start of a disabled container, use <~~/td~~b>vzctl start--force</~~tr><tr valign="top" align="left"><td width="11%"~~b>.</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">P--name, <bi>pname</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<pstyle="margin-left:17%;">~~memory pages (arch-specific)~~Add a name for a container.The</pi>name</tdi>can later be used in subsequent calls to<~~td width="34%"~~b>vzctl</tdb> in place of CTID</tri>. Note this option cannot be used without --save.</~~table~~p>

~~You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value.~~ ~~ ~~--~~numproc~~description ~~items[:items~~string]

~~Maximum number of processes and~~Add a textual description for a~~kernel-level threads. Setting the barrier and the limit todifferent values does not make practical sense~~container.

--~~numtcpsock~~ostemplate~~items~~string~~[:items]~~

~~Maximum number~~ Sets a new value of ~~TCP sockets~~OSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]].Requires --save flag. Useful~~This parameter limits the number~~ after a change/upgrade of ~~TCP connections and,~~a distribution running inside~~thus~~container, as vzctl uses the ~~number~~ value of ~~clients the server application canhandle in parallel. Setting the barrier and the limit~~ OSTEMPLATE torun~~different values does not make practical sense~~distribution-specific scripts.

--~~numothersock~~stop-timeout~~items~~seconds~~[:items]~~

~~Maximum number of non-TCP~~Sets a time to wait forcontainer to stop on vzctl stop before forcibly~~sockets (local sockets~~killing it, ~~UDP and other types of sockets)~~in seconds.Note this option can not be used~~Setting the barrier and the limit to different values doesnot make practical sense~~without --save flag.

Special valueof ~~--vmguarpages~~0~~pages[:pages]~~means to use compiled-in default.

~~Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to unlimited.~~=== Networking ====

--~~kmemsize~~ipadd~~bytes~~addr~~[:bytes]~~

~~Maximum amount of kernel memoryused. This parameter is related to~~ Adds an IP address <bi>~~--numproc~~addr</bi>~~. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consume~~to a ~~bit more~~given container. ~~It is important to~~ Address can optionally have a ~~certain safety gap~~netmask~~between~~ specified in the ~~barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the~~CIDR notation (e.g. ~~kmemsize~~10.1.2.3/25 ~~usage under the limit~~).Note that this option is incremental, so addr areadded to already existing ones.

--~~tcpsndbuf~~ipdel~~bytes~~addr[:|<ib>~~bytes~~all</ib>]

~~Maximum size of TCP send~~Removes IP address addr~~buffers~~from a container. ~~Barrier should be not less than 64 KB~~If you want to remove all the addresses, ~~anddifference between barrier and limit should be equal to ormore than value of~~ use ~~numtcpsock~~--ipdel all ~~multiplied by 2.5~~KB.

--~~tcprcvbuf~~hostname~~bytes~~name[ Sets container hostname.<ib>~~bytes~~vzctl</ib>]writes it to the appropriate file inside acontainer (distribution-dependent).

~~Maximum size of TCP receivebuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ ~~numtcpsock~~--nameserver ~~multiplied by 2.5KB.~~addr

Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use --~~othersockbuf~~nameserveroptionmultiple times in one call to <ib>~~bytes~~vzctl</ib>[:, as all the nameserver values set in previous calls to <ib>~~bytes~~vzctl</ib>]areoverwritten.

~~Maximum size~~ A special valueof ~~other~~ inherit can be used to auto-propagate nameservervalue(~~non-TCP~~s)~~socket send buffers. If container~~from the host system’s ~~processes needs tosend very large datagrams, the barrier should be setaccordingly~~/etc/resolv. ~~Increased limit is necessary for highperformance of communications through local (UNIX-domain)sockets~~conf file.

--~~dgramrcvbuf~~searchdomain~~bytes~~name~~[:bytes]~~

~~Maximum size of other (non-TCP)~~Sets DNS search domains for a~~socket receive buffers~~container. If ~~container’s processes needs~~you want to set several search domains, youshould do it at once, so use --searchdomain optionmultiple times in one call to ~~receive very large datagrams~~vzctl, as all the ~~barrier should be~~ search domain values setin previous calls to vzctl~~accordingly. The difference between the barrier and thelimit is not needed~~are overwritten.

A special valueof ~~--oomguarpages~~inheritcan be used to auto-propagate searchdomain value(s) from the host system’s<ib>~~pages<~~/~~i>[:pages~~etc/resolv.conf</ib>]file.

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout~~-of-~~memory guarantee. If the~~ netif_add~~oomguarpages~~ifname[,mac,host_ifname,host_mac</bi> ~~usage isbelow the barrier~~, ~~processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be set~~to <bi>~~unlimited~~bridge]</bi>.

Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified. --~~lockedpages~~netif_del~~pages~~dev_name[:| <ib>~~pages~~all</ib>]

~~Maximum number of pages~~Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~acquired by~~ ~~mlock~~all~~(2)~~.

~~--privvmpagespages[:pages]~~=== veth interface configuration ====

~~Allows controlling~~ The followingoptions can be used to reconfigure the ~~amount~~already-created~~of memory allocated by~~ virtual Ethernet interface. To select the ~~applications. For shared (mapped~~interface toas configure, use ~~MAP_SHARED~~--ifname~~) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it)~~name option. ~~For"potentially private" pages (mapped as~~ --mac~~MAP_PRIVATE~~XX:XX:XX:XX:XX:XX</bi>~~), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.~~

~~The barrier andthe limit of this parameter control the upper boundary ofthe total size~~ MAC address of ~~allocated memory. Note that this upper~~interface inside~~boundary does not guarantee that~~ a container ~~will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --vmguarpages guarantee~~.

--~~shmpages~~host_ifname~~pages~~name~~[:pages]~~

~~Maximum IPC SHM segment size.~~interface name for virtual~~Setting~~ interface in the ~~barrier and the limit to different values doesnot make practical sense~~host system.

--~~numfile~~host_mac~~items[~~XX:XX:XX:XX:XX:~~items~~XX]

~~Maximum number~~ MAC address of ~~open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to 0 effectivelydisables pre-charging optimization for this beancounter~~ interface in~~the kernel, which leads to~~ the ~~held value being precise butcould slightly degrade file open performance~~host system.

~~--numflock~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here~~items[~~(FE:FF:FF:FF:FF:~~items]~~FF).

~~Maximum number of file locks.Safety gap should be between barrier and limit.~~--bridge name

~~--numpty~~Bridge name. Custom networkstart scripts can use this value to automatically add the~~items[:items]~~interface to a bridge.

~~Number of pseudo~~--~~terminals~~mac_filter on |~~(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit todifferent values does not make practical sense.~~off

~~--numsiginfo<~~Enables/b>disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from inside~~items[~~the Container. If the filtering is turned on:<ibr>~~items~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); </ibr>]• it is impossible to modify the veth MAC address frominside the Container.

~~Number of siginfo structures.~~By default,~~Setting~~ this functionality is enabled for all veth devices existinginside the ~~barrier and the limit to different values doesnot make practical sense~~Container.

~~--dcachesizebytes[:bytes]~~=== VSwap limits ====

~~Maximum size offilesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limit~~The following~~causing file operations to sense~~ options sets memory ~~shortage~~ and ~~return~~swap limits for VSwap-enabled~~an errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit~~kernels (kernel version 042stab042 or greater).

~~--numiptent~~Argument is inbytes, unless otherwise specified by an optional suffix.~~num[~~Available suffixes are:~~num]~~

~~Number of iptables~~ •T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; • P, p - memory pages (~~netfilter~~arch-specific,usually 4KB); ~~entries~~• B, b - bytes (this is the default). ~~Setting the barrier and the limit to differentvalues does not make practical sense.~~ --ram bytes

Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting --physpageslimit (the barrier is set to~~pages[:pages]~~0).

~~On VSwap~~--~~enabled kernels, thislimits the amount of physical memory (RAM) available to acontainer. The barrier should be set to~~ swap0bytes</bi>~~, and thelimit to a total size of RAM that can be used used by acontainer.~~

~~For older~~Set swap space available to a~~kernels~~container. Actually, ~~this~~ the option is ~~an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to~~a shortcut for setting0--swappages~~, and~~ limit ~~should be~~ (the barrier is set to ~~unlimited~~0).

--~~swappages~~vm_overcommit~~pages~~float~~[:pages]~~

~~The limit, if~~ Set VM overcommitment value tofloat. If set, it is used tocalculate~~show a total amount of swap space available inside thecontainer. The barrier of this~~ privmmpages parameter in case it is ~~currently~~not set~~ignored~~explicitly (see below). ~~The default~~ Default value is ~~unlimited~~0, meaning~~total swap will be reported as 0~~unlimited privvmpages.

~~Note that inorder for the value to be shown as total swap space,~~~~--meminfo~~vzctl ~~parameter should~~ checks if running kernel is VSwap capable, and refuses touse these parameters otherwise. This behavior can be ~~set to value other than~~overriden by using ~~none~~--forceflag beforeparameters.

In VSwap mode,all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,they are calculated and set by vzctl implicitly, using thefollowing formulae:

~~Theseparameters control CPU usage by container.~~ ~~ ~~•~~--cpuunits~~lockedpages.barrier = oomguarpages.barrier = ram</b~~> num</i~~>

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, the~~•~~more CPU time this container gets~~lockedpages. ~~Maximum value is 500000,minimal is 8~~limit = oomguarpages. ~~Number is relative to weights of all the otherrunning containers. If cpuunits~~limit = unlimited ~~are not specified,default value of 1000 is used.~~

~~You can set CPUweight for CT0 (host system itself) as well (use~~ ~~vzctl~~•~~set 0 --cpuunits num)~~vmguarpages. ~~Usually, OpenVZ initscript(/etc/init~~barrier = vmguarpages.~~d/vz~~limit = ram + swap~~) takes care of setting this.~~

~~--cpulimit~~•privvmpages.barrier = privvmpages.limit = (ram + swap) *~~num[%~~vm_overcommit]

~~Limit of CPU usage for thecontainer, in per cent. Note~~ (if ~~the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit~~ vm_overcommit is 0or not set,~~(no CPU limit~~privvmpages is set to "unlimited").

~~--cpus num~~Here is anexample of setting container 777 to have 512 megabytes ofRAM and 1 gigabyte of swap:

~~sets number of CPUs availablein the container.~~ vzctl set 777 --ram 512M --swap 1G --save</ppre>

~~--cpumask cpus |all~~=== User Beancounter limits ====

The followingoptions sets ~~list of allowed CPUs~~ barrier and limit forvarious user~~the container. Input format is a comma-separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen-separated decimal numbers, the smallest andlargest bit numbers set in the range. For example, if youwant the container to execute on CPUs 0, 1, 2, 7, you shouldpass 0-2,7. Default value is all (thecontainer can execute on any CPU)~~beancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --ram and--swap (see above). For older kernels, these limitsare obligatory.

~~This parameter~~Each option~~control output~~ requires one or two arguments. In case of ~~/proc/meminfo inside a container.~~ one argument,vzctl<br/b>sets barrier and limit to the same value. Incase of two colon-~~-meminfo none~~separated arguments, the first is abarrier, and the second is a limit. Each argument is eithera number, a number with a suffix, or a special valueunlimited.

~~No /proc/meminfo virtualization~~Arguments are~~(the same as~~ in items, pages or bytes. Note that page size isarchitecture-specific, it is 4096 bytes on ~~host system)~~x86 and x86_64platforms.

You can alsospecify different suffixes for User Beancounter parameters(except for those which names start with ~~--meminfo~~num). Forexample, vzctl set ~~mode~~CTID--privvmpages5M:6M should set <ib>~~value~~privvmpages</ib>’ barrier to 5megabytes and its limit to 6 megabytes.

~~Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of --swappages~~Available~~parameter.~~suffixes are:

~~You can use the~~•T, t - terabytes; ~~following modes for~~ • <ib>~~mode~~G</ib>: , g - gigabytes; • ~~pages~~M:, <ib>~~value~~m</ib> - ~~sets total memory in~~megabytes; ~~pages~~• K, k - kilobytes; • ~~privvmpages~~P:, <ib>~~value~~p</ib> - ~~sets total~~ memorypages (arch-specific,usually 4KB); as • ~~privvmpages~~B * , <ib>~~value~~b</ib>- bytes.

~~Default is~~You can alsospecify the literal word ~~privvmpages:1~~unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i.e. the maximum possible value. --numproc items[:items]

~~Note that if~~Maximum number of processes and~~--physpages is set on a VSwap-enabled~~ kernel~~, ittakes a precedence over ~~-~~-meminfo, i.e~~level threads. ~~setting~~Setting the barrier and the limit to~~--meminfo~~ different values does not ~~take any effect~~make practical sense.

--numtcpsockitems[:items]

~~--iptables~~Maximum number of TCP sockets.This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit to~~name~~different values does not make practical sense.

~~Allow to use the functionality~~--numothersockof ~~name~~items ~~iptables module inside the container. Tospecify multiple~~ [:~~name~~items~~s, repeat --iptables for each,or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces).~~]

~~The default~~Maximum number of non-TCP~~list~~ sockets (local sockets, UDP and other types of ~~enabled iptables modules is specified by~~ sockets).Setting the barrier and thelimit to different values does~~IPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]]~~not make practical sense.

~~You can use thefollowing values for name:~~ ~~iptable_filter~~--vmguarpages,<bi>~~iptable_mangle~~pages</bi>, [:<bi>~~ipt_limit~~pages</~~b>,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner</b~~i>.]

~~==== Network devices control parameters ====~~ Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to ~~--netdev_add~~unlimited~~name~~.

~~move network device from the~~--kmemsize~~host system to a specified container~~bytes[:bytes]

Maximum amount of kernel memoryused. This parameter is related to --~~netdev_del~~numproc. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the<ib>~~name~~kmemsize</ib>usage under the limit.

~~delete network device from a~~--tcpsndbuf~~specified container~~bytes[:bytes]

Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied by 2.5KB.

--~~diskquota yes~~tcprcvbuf |<bi>bytes[:nobytes</bi>]

~~allows~~ Maximum size of TCP receivebuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ~~enable~~ or ~~disabledisk quota for a container. By default, a global~~ more than value(of ~~DISK_QUOTA~~numtcpsock~~) from [[Man/vz.conf~~multiplied by 2.5~~|vz.conf(5)]] is used~~KB.

--~~diskspace~~othersockbuf~~num~~bytes[:~~num~~bytes]

~~sets soft and hard disk quotalimits, in blocks. First parameter is soft limit, second is~~Maximum size of other (non-TCP)~~hard limit~~socket send buffers. ~~One block is currently equal~~ If container’s processes needs to ~~1Kb. SuffixesG~~send very large datagrams, ~~M, K can also~~ the barrier should be ~~specified (see~~set~~Resource limits section~~ accordingly. Increased limit is necessary for ~~more info on~~high~~suffixes~~performance of communications through local (UNIX-domain)sockets.

--~~diskinodes~~dgramrcvbuf~~num~~bytes[:~~num~~bytes]

~~sets soft and hard disk quota~~Maximum size of other (non-TCP)socket receive buffers. If container’s processes needs~~limits~~to receive very large datagrams, ~~in i-nodes~~the barrier should be setaccordingly. ~~First parameter is soft~~ The difference between the barrier and thelimit~~, second~~ is~~hard limit~~not needed.

--~~quotatime~~oomguarpages~~seconds~~pages[:pages]

~~sets quota grace period~~Guarantees against OOM kill.~~Container~~ Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is ~~permitted to exceed its soft limits for~~ the~~grace period~~out-of-memory guarantee. If the oomguarpages usage isbelow the barrier, ~~but once it has expired, the soft~~ processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit iscurrently unspecified; it should be set~~enforced as a hard limit~~to unlimited.

--~~quotaugidlimit~~lockedpages~~num~~pages[:pages]

~~sets maximum~~ Maximum number ofpages~~user/group IDs in a container for which disk quota insidethe container will be accounted. If this value is set to~~acquired by 0mlock~~, user and group quotas inside the container willnot be accounted~~(2).

~~Note that ifyou have previously set value of this parameter to~~ 0--privvmpages,~~changing it while the container is running will not takeeffect.~~pages[:pages]

Allows controlling the amountof memory allocated by the applications. For shared (mappedas MAP_SHARED) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped asMAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --~~noatime yes |no~~vmguarpagesguarantee.

~~Sets noatime flag (do not~~--shmpages~~update inode access times) on filesystem.~~pages[:pages]

Maximum IPC SHM segment size.Setting the barrier and the limit to different values doesnot make practical sense.

--~~capability~~numfile~~capname~~items[:<bi>onitems</~~b>|off</b~~i>]

~~Sets a capability for a~~Maximum number of open files.~~container. Note that setting capability when~~ In most cases the barrier and the limit should be set to the ~~containeris running does not take immediate effect; restart~~ same value. Setting thebarrier to 0 effectively~~container~~ disables pre-charging optimization for this beancounter in ~~order for~~ the ~~changes~~ kernel, which leads to ~~take effect. Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and" with~~the held value being precise but~~the default capability mask~~could slightly degrade file open performance.

~~You can use thefollowing values for capname:~~ ~~chown~~--numflock,<bi>~~dac_override~~items</bi>, [:<bi>~~dac_read_search~~items</~~b>, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities</b~~i>~~(7).~~]

Maximum number of file locks.Safety gap should be between barrier and limit. ~~WARNING~~--numpty:~~setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting~~ <bi>items~~setpcap~~[:onitems</bi> ~~fora container will most probably lead to inability to startit.~~]

Number of pseudo-terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit todifferent values does not make practical sense.

--~~devnodes~~numsiginfo~~device~~items[:[<bi>ritems</~~b>][w</b~~i>]~~[q]|none~~

~~Give~~ Number of siginfo structures.Setting the ~~container an access(r - read, w - write, q - disk quotamanagement, none - no access)~~ barrier and the limit to ~~a device designatedby the special file /dev/device. Device file iscreated in a container by vzctl. Example: vzctl~~different values does~~set 777 --devnodes sdb:rwq~~not make practical sense.

--~~devices~~bdcachesize~~|c:~~~~major~~bytes[:~~minor~~bytes</i~~>|all:[r][w][q</b~~>]~~|none~~

~~Give the container an access~~ Maximum size offilesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter toimpose a ~~block or character device designated by its~~limit~~major~~ causing file operations to sense memory shortage and ~~minor numbers~~returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. ~~Device file have to~~Safety gapshould be ~~created manually~~between barrier and limit.

--numiptentnum[:num]

~~--pci_add~~Number of iptables (netfilter)entries. Setting the barrier and the limit to different~~[domain:]bus:slot~~values does not make practical sense.~~func~~

~~Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by~~ ~~lspci~~--physpages~~(8) in the first column).~~pages[:pages]

On VSwap-enabled kernels, thislimits the amount of physical memory (RAM) available to acontainer. The barrier should be set to ~~--pci_del~~0, and thelimit to a total size of RAM that can be used used by a~~[domain:]bus:slot~~container.~~func~~

~~Delete a PCI device from~~ For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to0, and limit should be set to unlimited.

~~Note that~~~~vps~~-~~pci~~-swappages ~~configuration script is executed by~~<bi>~~vzctl~~pages</bi> ~~then configuring PCI devices. The script isusually located at~~ [:<bi>~~/usr/lib[64]/vzctl/scripts/~~pages</bi>.]

For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to 0, and the limit to a total size of swap thatcan be used by a container.

~~~~For older(pre-~~-features~~VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value is~~name:~~~~on|off~~unlimited, meaning total swap will be reported as0.

~~Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit, ipip, ppp,ipgre, bridge, nfsd.~~=== CPU fair scheduler parameters ====

Theseparameters control CPU usage by container. --cpuunits num

~~--applyconfigname~~ ~~Read~~ CPU weight for a container ~~parameters from~~.~~the container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf~~Argument is positive non-~~sample</tt>~~zero number,passed to and ~~apply them, if --save option specified save to~~used inthe ~~container config file~~kernel fair scheduler. The ~~following parameters are not~~larger the number is, the~~changed: HOSTNAME, IP_ADDRESS~~more CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If ~~OSTEMPLATE, VE_ROOT~~cpuunitsare not specified, ~~andVE_PRIVATE~~default value of 1000 is used.

You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~applyconfig_map~~cpuunits~~group~~num). Usually, OpenVZ initscript(/etc/init.d/vz) takes care of setting this.

~~Apply container configparameters selected by~~ <ib>~~group~~--cpulimit</ib>~~. Now the only possiblevalue for~~ ~~group~~num is [~~name~~%~~: to restore containername based on NAME variable in containerconfiguration file.~~]

Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is 0(no CPU limit).</~~O priority management ====~~p>

--~~ioprio~~cpus~~priority~~num

~~Assigns I/O priority tocontainer. Priority range is 0-7. The greater~~sets number of CPUs available~~priority is,~~ in the ~~more time for I/O activity~~ container~~has. By default each container has priority of4~~.

--cpumask cpus |auto | all

~~Checkpointing~~ Sets list of allowed CPUs forthe container. Input format is a ~~feature~~ comma-separated list of~~OpenVZ kernel which allows~~ decimal numbers and/or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example, ifyou want the container to ~~save a complete state of a~~execute on CPUs 0, 1, 2, 7, youshould pass 0-2,7. Default value is all (the~~running~~ containercan execute on any CPU). If used with the--nodemask option, ~~and~~ value of auto assigns allCPUs from the specified NUMA node to ~~restore it later~~a container.

~~chkpnt~~--nodemask ~~CTID~~nodes[| ~~--dumpfile~~all ~~name]~~

~~This command saves a complete~~Sets list of allowed NUMA nodes~~state of a running~~ for the container ~~to a dump file, and stops~~ . Input format is thesame as for~~container. If an option~~ --~~dumpfile~~cpumask ~~is not set,default dump file name~~ . Note that ~~/vz/dump/Dump.~~--nodemaskmust be usedwith the <ib>~~CTID~~--cpumask</ib> is~~used~~option.

~~restore CTID[--dumpfile name]~~=== Memory output parameters ====

~~This command restores~~ ForVSwap-enabled kernels (042stab042 or greater), thisparameter is ignored. For older kernels, it controls theoutput of /proc/meminfo inside acontainer ~~from the dump file created by the~~ . ~~chkpnt~~ --meminfo none~~command.~~

No /proc/meminfo virtualization(the same as on host system).

~~create CTID[--ostemplate name] [--configname] [~~--~~private~~meminfo</b~~> path] <br~~>~~[--root path~~~~] [--ipadd~~mode</~~b> <~~i>~~addr][--hostname~~ :~~name~~value]

~~Creates~~ Configure total memory outputin a ~~new~~ container ~~area~~.Reported free memory is evaluated~~This operation should be done once, before~~ accordingly to the ~~first start~~mode being set. Reported swap isevaluated according to the settings of ~~the container~~--swappagesparameter.

If You can use thefollowing modes for <bi>~~--config~~mode</bi>: ~~option is specified, values from exampleconfiguration file~~• ~~/etc/vz/conf/ve-~~pages:~~name~~value~~.conf~~-~~sample are~~sets total memory in~~put into the container configuration file. If this containerconfiguration file already exists, it will be removed.~~pages; </pbr> ~~You can use~~~~--root~~privvmpages :~~path~~value ~~option to~~ - sets ~~the path to themount point for the container root directory (default is~~total memoryas ~~VE_ROOT~~privvmpages ~~specified in [[Man/vz.conf.5|~~* <bi>~~vz.conf~~value</bi>~~(5)]] file).Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID~~.

~~You can use--private path option to set the path todirectory in which all the files and directories specific tothis very container are stored (default~~ Default is ~~VE_PRIVATEspecified in [[Man/vz.conf.5|~~~~vz.conf~~privvmpages:1~~(5)]] file). Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID~~.

~~You can use--ipadd addr option to assign an IP address toa container. Note that this option can be used multipletimes.~~=== Netfilter (iptables) control parameters ====

~~You can use~~--~~hostname~~netfilter disabled|stateless |<ib>~~name~~stateful</ib>|full ~~option to set a host name fora container.~~

~~destroy<~~Restrict access tonetfilter/~~b> |~~iptables modules for a container. This optionreplaces obsoleted ~~delete~~--iptables.

~~Removes a~~ Note thatchanging this parameter requires container ~~privatearea by deleting all files~~restart, ~~directories and the~~so~~configuration file of this container~~consider using --setmode option.

The followingarguments can be used: ~~start [~~<bbr>~~--wait][--force~~• disabled]

~~Mounts (if necessary) andstarts a container. Unless --wait~~no modules are allowed</bp> ~~option isspecified,~~ <bp style="margin-left:22%;">~~vzctl~~ ~~will return immediately~~• ~~otherwisean attempt to wait till the default runlevel is reached willbe made by vzctl~~stateless.

~~Specify~~all modules except NAT and~~--force if you want to start a container which~~ conntracks are allowed (i.e. filter and mangle); this isthe~~disabled (see --disabled).~~default

~~Note that thiscommand can lead to execution of~~ ~~premount,mount and start action scripts (see ACTIONSCRIPTS~~• stateful ~~below).~~

~~stop [--fast]~~all modules except NAT areallowed

<~~p style~~table width="~~margin-left:17~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~Stops and unmounts a container.Normally,~~ <btr valign="top" align="left">~~halt(8) is executed inside a container;option~~ <~~b>--fast</b~~td width="22%"> ~~makes vzctl~~</btd> ~~use reboot(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~</ptd width="9%">

~~Note that thiscommand can lead to execution of~~ ~~stop~~• full, <b/p>~~umount~~</btd>~~and~~ <btd width="1%">~~postumount~~</~~b> action scripts (see <b~~td>~~ACTIONSCRIPTS~~<~~/b> below).</p~~td width="36%">

all modules are allowed</td><td width="~~margin-left:11~~32%;"><b/td>~~restart~~</btr></ptable>

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the~~~~start~~--iptables ~~and~~ name[~~stop~~, ~~options~~...]

Note ~~that~~ thisoption is~~command can lead to execution of some action scripts (see~~obsoleted, ~~ACTION SCRIPTS~~--netfilter ~~below)~~should be used instead.

Allow to usethe functionality of <bi>~~status~~name</bi>iptables module inside thecontainer. Multiple comma-separated names can bespecified.

~~Shows a container status. This~~The defaultlist of enabled iptables modules is ~~a line with five or six words, separated~~ defined by ~~spaces~~theIPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]].

~~First word is~~You can use the~~literally~~ following values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ~~CTID~~ipt_owner.

~~Second word isthe numeric CT ID.~~=== Network devices control parameters ====

~~Third word isshowing whether this container exists or not, it can beeither~~ ~~exist~~--netdev_add or <bi>~~deleted~~name</bi>.

move network device from thehost system to a specified container ~~Fourth word isshowing the status of the container filesystem, it can beeither~~ ~~mounted~~--netdev_del or <bi>~~unmounted~~name</bi>.

~~Fifth word~~delete network device from a~~shows if the~~ specified container ~~is running, it can be eitherrunning or down.~~

~~Sixth word, ifexists, is suspended. It appears if both a containerand its dump file exist (see chkpnt).~~=== Disk quota parameters ====

-~~top: 1em"~~-diskquota yes~~This command~~|~~can also be usable from scripts.~~no

allows to enable or disabledisk quota for a container. By default, a global value(~~mount~~DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.

~~Mounts container private area.~~Note that this ~~command can lead to execution ofpremount and mount action scripts (see~~parameter is ignored for ~~ACTION SCRIPTS~~ploop ~~below)~~layout.

~~umount~~--diskspacenum[:num]

~~Unmounts container privatearea. Note that this command can lead to execution of~~For ~~umount~~simfs layout, setssoft and ~~postumount action scripts (see~~hard disk quota limits. First parameter is soft~~ACTION SCRIPTS below)~~limit, second is hard limit.

~~Note that~~For~~stop~~ploop ~~does~~ layout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second <bi>~~umount~~num</bi> ~~automatically~~, ifspecified, is ignored.

By default,ploop resize is done online, i.e. on a mounted ploop. Thisis a preferred way of doing resize. Although, in a rare casea container was using lots of disk space and should now beresized to a much smaller size, an offline resize might bemore appropriate. In this case, make sure the container isstopped and unmounted and use additional~~quotaon~~--offline-resize ~~ctid~~option

~~Turn disk quota~~ Note that ploopresize is NOT performed on~~. Not that~~container start, so forconsistency ~~mount~~--diskspace ~~and~~ must be used together with~~start~~--save ~~does that automatically~~flag.

Suffixes~~quotaoff~~G , <ib>M, K can also be specified (see~~ctid~~Resource limits</ib>section for more info on suffixes).If suffix is not specified, value is in kilobytes.

~~Turn disk quota off. Not that~~~~umount~~--diskinodes ~~and~~ <bi>num[:~~stop~~num</bi> ~~does that automatically.~~]

~~quotainit~~sets soft and hard disk quota<limits, in i~~>ctid~~-nodes. First parameter is soft limit, second ishard limit.

~~Initialize disk quota (i.e. run~~Note that thisparameter is ignored for ~~vzquota init~~ploop~~) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|ctid.conf(5)]]~~layout.

~~exec~~--quotatime ~~CTIDcommand~~seconds

~~Executes command in a~~sets quota grace period.~~container. Environment variables are not set inside~~ Container is permitted to exceed its soft limits for the~~container. Signal handlers may differ from default settings.If command~~ grace period, but once it has expired, the soft limit is ~~-, commands are read fromstdin~~enforced as a hard limit.

Note that thisparameter is ignored for ~~exec2~~ploop ~~CTIDcommand~~layout.

~~The same as~~ ~~exec~~--quotaugidlimit~~, butreturn code is that of~~ ~~command~~num.

Enables or disablesin-container per-user and per-group disk quotas. If thevalue is set to ~~runscript~~0 ~~CTID~~or not set, disk quotas inside the~~script~~container is disabled and not accounted.

~~Run specified shell script inthe container. Argument script is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container.~~ For ~~a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as~~~~/proc~~simfs~~) are mounted~~layout containers, ~~no startup scripts are executed~~non-zero value sets maximum~~etc. Thus the environment in~~ number of user/group IDs for which ~~the script is running isfar from normal and~~ disk quota is ~~only usable for very basicoperations~~accounted.

For~~enter~~ploop ~~[~~layout containers, any non-~~-exec<~~zero value enablesdisk quota inside the container; the number of user/b>group~~command [arg ..~~IDs used by disk quota is not limited by OpenVZ.]]

~~Enters into a~~ Note thatenabling or disabling in-container ~~(giving~~disk quotas requiresa container~~’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use~~ restart, so consider using ~~ssh~~--setmode~~(1)~~option.

~~Option--exec is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec can not beused) and for some reason you can not use ssh(1).~~=== Capability option ====

~~You need to logout manually from the shell to finish session (even if youspecified~~ --~~exec~~capabilitycapname:on)|off[,...]

Sets a capability for acontainer. Multiple comma-separated capabilities can bespecified.

Note thatsetting a capability when the container is running does nottake immediate effect; restart the container in order forthe changes to take effect (consider using --~~help~~setmodeoption).

~~Prints help message~~ A container hasthe default set of capabilities, thus any operation oncapabilities is "logical AND" with athe default~~brief list of possible options~~capability mask.

You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill~~--version~~, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice</pb>,sys_resource, sys_time, sys_tty_config,<~~p style="margin-left:17%;"~~b>mknod, lease, setveid~~Prints~~ , ~~vzctl~~ve_admin.~~version~~For detailed description, see capabilities(7). ~~== ACTION SCRIPTS ==~~

~~vzctl~~WARNING:setting some of those capabilities may have far reaching~~has an ability to execute user-defined scripts when a~~security implications, so do not do it unless you know what~~specific~~ you are doing. Also note that setting ~~vzctl~~setpcap:on ~~command is run~~ for a container~~. Thefollowing vzctl commands can trigger execution ofaction scripts: ~~will most probably lead to inability to start~~, stop, restart,mount and umount~~it.

~~Action scriptsare located in the /etc/vz/conf/ directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps. and are executed for all containers.Per-CT scripts have a CTID numeric prefix and areexecuted for the given container only.~~=== Device access management ====

-~~top: 1em"~~-devnodes~~There are 8action scripts currently defined~~device: [r][<brb>~~vps.premount~~w, ][<ib>~~CTID~~q</ib>]|~~.premount~~none

~~Global and per~~Give the container an access(r - read, w -~~CT mount scripts~~write, q - disk quota~~which are executed for~~ management, none - no access) to a ~~container before it is mounted.~~device designated~~Scripts are executed in~~ by the ~~host OS context, while a CT isnot yet mounted or running~~special file /dev/device. ~~Global script, if exists,~~ Device file is~~executed first~~created in a container by vzctl.Example:

~~vps.mount,CTID.mount~~ vzctl set 777 --devnodes sdb:rwq</ppre>

~~Global and per~~-~~CT mount scripts~~-devices~~which are executed for a container right after it ismounted. Otherwise they are the same as~~ b|c:major:minor|all:[r][w][q]|~~.premount~~none~~scripts.~~

Give the container an access toa block or character device designated by its~~CTID~~majorand <bi>~~.start~~minor</bi>numbers. Device file have tobe created manually.

~~Right after vzctl hasstarted a container, it executes this script in a containercontext.~~=== PCI device management ====

--pci_add[~~CTID~~domain:]<bi>bus:slot.~~stop~~func</bi>

~~Right before~~ Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by ~~vzctl~~lspci ~~has~~(8) in the first column).~~stopped a container, it executes this script in a containercontext~~--pci_del[domain:]bus:slot.func

~~vps.umount,~~Delete a PCI device from the~~CTID~~container.~~umount~~

~~Global and per~~Note thatvps-~~CT umountscripts which are executed for a container before it~~ pci configuration script is~~unmounted. Scripts are~~ executed ~~in the host OS context,~~by~~while a CT is mounted~~vzctl then configuring PCI devices. ~~Global~~ The script~~, if exists,~~ is ~~executedfirst~~usually located at /usr/libexec/vzctl/scripts/.

~~vps.postumount,CTID.postumount~~=== Features management ====

~~Global and per~~-~~CT umount~~-features~~scripts which are executed for a container right after it isunmounted. Otherwise they are the same as~~ name:on|off[~~.umount~~,~~scripts~~...]

~~The environment~~Enable or disable a specific~~passed to all the~~ container feature. Known features are: *mountsysfs ~~scripts is the standard~~,~~environment of the parent (i.e.~~ ~~vzctl~~nfs, sit~~) with twoadditional variables:~~ , ~~$VEID~~ipip ~~and~~ , ~~$VE_CONFFILE~~ppp.~~The first one holds the ID of the container~~, ~~and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters~~ipgre, ~~such as~~ ~~$VE_ROOT~~bridge, ~~it needs to get those~~nfsd. A few features can~~from global and per~~be specified at once, comma-~~CT configuration files~~separated.

~~Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount.~~=== Apply config ====

<~~pre~~ p style="margin-left:11%; ~~margin-top: 1em~~"> ~~# If one of these files does not exist then something~~ ~~# is really broken~~ [ -~~f /etc/sysconfig/vz ] || exit 1~~ [ -~~f $VE_CONFFILE ] || exit 1~~ ~~# Source both files. Note the order is important.~~ . applyconfig</~~etc/vz/vz.conf~~b> ~~. $VE_CONFFILE~~ ~~mount -n --bind~~ name</~~mnt/disk $VE_ROOT/mnt/disk~~i></~~pre~~p>

Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if --save option specified save tothe container config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT, andVE_PRIVATE.

--~~top: 1em"~~applyconfig_map~~Returns 0 uponsuccess, or an appropriate error code in case of anerror:~~group

<~~table width~~p style="~~100~~margin-left:22%;" ~~border="0" rules="none" frame="void"~~>Apply container config ~~cellspacing="0" cellpadding="0"~~parameters selected by group. Now the only possiblevalue for <~~tr valign="top" align="left"~~i>group is name: to restore containername based on <~~td width="11%"~~b>NAME</tdb>variable in containerconfiguration file.<~~td width="4%"~~/p>

~~1<~~==== I/~~p></td><td width~~O scheduling ===~~"7%"></td><td width~~=~~"78%">~~

<pstyle="margin-left:11%;">~~Failed to set a UBC parameter~~</pb>--ioprio</~~td></tr~~b><~~tr valign="top" align="left"~~i>priority<~~td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:22%;">2Assigns disk I/O priority tocontainer. Priority</pi> range is 0-7</tdb>. The greater<~~td width="7%"~~i>priority is, the more time for I/O activity containerhas. By default each container has priority</tdi>of<~~td width="78%"~~b>4.

<pstyle="margin-left:11%;">--iolimit~~Failed to set a fair scheduler parameter~~limit</pi>[B</tdb>|K</trb>|M<~~tr valign="top" align="left"~~/b>|<~~td width="11%"~~b>G</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:22%;">3Assigns disk I/O bandwidthlimit for a container. Value is either a number with anoptional suffix, or a literal string </pb>unlimited</tdb>. Valueof <~~td width="7%"~~b>0</tdb>means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.<~~td width="78%"~~/p>

<pstyle="margin-left:22%; margin-top: 1em">If no suffix isprovided, the ~~Generic system error~~limit</pi> is assumed to be in megabytes persecond. Available suffixes are: • b</tdb>, B</trb> -- bytes per second; • k, K -- kilobytes per second; <~~tr valign="top" align="left"~~br>• <~~td width="11%"~~b>m, M</tdb> -- megabytes per second (default); • <~~td width="4%"~~b>g, G -- gigabytes per second;

<pstyle="margin-left:11%;">5</pb>--iopslimit</tdb><~~td width="7%"~~i>iops</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:22%;">~~The running kernel~~ Assigns IOPS limit for acontainer, in number of input/output operations per second.Value is ~~not an OpenVZ kernel (~~a number or ~~someOpenVZ modules are not loaded)~~a literal string <~~/p></td~~b>unlimited</~~tr><tr valign="top" align="left"~~b>.Value of <~~td width="11%"~~b>0</tdb>means "unlimited". By default acontainer has no IOPS limit.<~~td width="4%"~~/p>

~~6</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Suspending and resuming ===

<p~~>Not enough system resources</td></tr><tr valign~~style="margin-top~~" align="left~~: 1em">Checkpointing is a feature ofOpenVZ kernel which allows to save a complete in-kernel~~<td width="11%">~~state of a running container, and to restore it later.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">suspend|chkpntCTID [--dumpfile 7name</pi>]</tdp> <~~td width~~p style="7margin-left:17%;">This command suspends acontainer to a dump file If an option --dumpfile</tdb>isnot set, default dump file name<~~td width="78%"~~b>/vz/dump/Dump.CTID is used.

<pstyle="margin-left:11%;">~~ENV_CREATE~~resume ~~ioctl failed~~|restore</pb>CTID</tdi>[<~~/tr~~b>--dumpfile<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>name</tdi>]<~~td width="4%"~~/p>

<p~~>8</td><td width~~style="7margin-left:17%;">This command restores acontainer from the dump file created by the suspend</tdb>command.<~~td width="78%"~~/p>

~~Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Snapshotting ===~~"4%">~~

<p~~>9</td><td width~~style="7%margin-top: 1em">Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop device.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container is locked by another~~ ~~vzctl~~snapshot CTID~~invocation~~[--id uuid</pi>] [ --name</tdb>name</tri>][--description <~~tr valign="top" align="left"~~i>desc] [--skip-suspend<~~td width="11%"~~/b>] [--skip-config</tdb>]<~~td width="4%"~~/p>

<p~~>10</td><td width~~style="7margin-left:17%;">Creates a container snapshot,i.e. saves the current container state, including its filesystem state, running processes state, and configurationfile.</~~td><td width="78%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~Global OpenVZ configuration file [[Man/vz.conf.5|~~If a containeris running, and ~~vz.conf~~--skip-suspend~~(5)]]~~ option is not~~found~~specified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot. ~~</td></tr>~~ <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">Unless<~~td width="11%"~~b>--skip-config</tdb>option is given, containerconfiguration file is saved to the snapshot.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">If uuid11is not specified, it is auto-generated. Options--name</pb> and --description</tdb>can be used tospecify the snapshot name and description, respectively.Name is displayed by <~~td width="7%"~~b>snapshot-list</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">snapshot-switch~~A vzctl helper script file not found~~CTID</pi> [--skip-resume</tdb> | --must-resume</trb>][--skip-config] <~~tr valign="top" align="left"~~br>--id <~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>12</td><td width~~style="7margin-left:17%;">Switches the container to asnapshot identified by uuid</tdi>, restoring its filesystem state, configuration (if available) and its runningstate (if available).<~~td width="78%"~~/p>

<p~~>Permission denied</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em"><~~td width="11%"~~b>Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!</tdb><~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">13Option</pb>--skip-resume</tdb>is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <~~td width="7%"~~b>--skip-suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Capability setting failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">If option<~~td width="11%"~~b>--must-resume</tdb>is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.<~~td width="4%"~~/p>

<p~~>14</td><td width~~style="7margin-left:17%; margin-top: 1em">Option option--skip-config</tdb>is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container configuration file [[Man/ctid.conf.5|~~~~ctid.conf~~snapshot-delete~~(5)]] notfound~~</pi> CTID</tdi><~~/tr~~b>--id<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>15</td><td width~~style="7margin-left:17%;">Removes a specifiedsnapshot.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Timeout on~~ ~~vzctl exec~~snapshot-mountCTID</pi> --id</tdb> uuid</tri><~~tr valign="top" align="left"~~b>--target<~~td width="11%"~~i>directory</tdi><~~td width="4%"~~/p>

<pstyle="margin-left:17%;">16Mounts a snapshot specified by</pi>uuid</tdi>to a <~~td width="7%"~~i>directory</tdi>. Note this mount isread-only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl chkpnt~~snapshot-umount</pi>CTID</tdi><~~/tr~~b>--id<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>17</td><td width~~style="7margin-left:17%;">Unmounts a specifiedsnapshot.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl restore~~snapshot-listCTID</pi> [-H</tdb>] [-o</trb><~~tr valign="top" align="left"~~i>field[,field...] [--id<~~td width="11%"~~i>uuid</tdi>]<~~td width="4%"~~/p>

<p~~>18</td><td width~~style="7margin-left:17%;">List container’ssnapshots.</~~td><td width="78%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~Error from~~ You cansuppress displaying header using ~~setluid()~~-H ~~syscall~~option. <~~/td~~p style="margin-left:17%; margin-top: 1em">You can use the-o</trb>option to display only the specified<~~tr valign="top" align="left"~~i>field(s). List of available fields can be obtainedusing <~~td width="11%"~~b>-L</tdb>option.<~~td width="4%"~~/p>

~~20</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Performing container actions ===

<~~p>Invalid command line parameter</td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

<pstyle="margin-top: 1em">create21</td><td width="72%"></td>

<pstyle="margin-top: 1em">CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root path][--ipadd ~~Invalid value for command line parameter~~addr</pi>][--hostname name][--name </tdb>name</tri>][<~~tr valign="top" align="left"~~b>--local_uid uid][--local_gid gid] </td ~~width="11%"~~></tdtr><~~td width~~/table> Creates a newcontainer area. This operation should be done once, beforethe first start of the container.

<pstyle="margin-left:17%; margin-top: 1em">By default, anOS template denoted by 22DEF_OSTEMPLATE</pb> parameter of[[Man/vz.conf.5|vz.conf</tdb>(5)]] is used to create a container. This can beoverwritten by <~~td width="7%"~~b>--ostemplate</tdb>option.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container root directory (~~By default, anew container configuration file is created from a sampleconfiguration denoted by value of ~~VE_ROOT~~CONFIGFILE~~) not set<~~parameter of [[Man/p>vz.conf.5|<~~/td~~b>vz.conf</trb>(5)]]. If the container~~<tr valign="top" align="left">~~configuration file already exists, it will not be~~<td width="11%">~~modified.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">23The value ofCONFIGFILE</pb> can be overwritten by using the--config</tdb><~~td width="7%"~~i>name</tdi>option. This option can not beused if the container configuration file already exists.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~A new containercan either be created using ~~VE_PRIVATE~~simfs~~) not~~filesystem or on aploop device. The default is setby value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf</pb>(5)]] and can beoverwritten by --layout</tdb>option. In case ploop</trb>is used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and <~~tr valign="top" align="left"~~b>raw. Default is<~~td width="11%"~~b>expanded. Using value other than expanded</tdb>isnot recommended and is currently not supported.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">24You can use--diskspace</pb> and --diskinodes</tdb>options tospecify container file system size. Note that for<~~td width="7%"~~b>ploop</tdb>layout, you will not be able to change inodesvalue later.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container template directory (~~If~~TEMPLATE~~DISKSPACE) is notspecified either in the sample~~set~~configuration file used for creation or in globalconfiguration file [[Man/vz.conf.5|</pb> vz.conf</tdb>(5)]], <~~/tr~~b>--diskspace<~~tr valign="top" align="left"~~/b>parameter is required for <~~td width="11%"~~b>ploop</tdb>layout.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">28SuffixesG</pb>, M, K</tdb>can also be specified (see<~~td width="7%"~~b>Resource limits</tdb>section for more info onsuffixes).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use~~Not all required UBC parameters are set, unable~~ --root path option to sets the path to ~~start~~themount point for the containerroot directory (default is</pb> VE_ROOT</tdb>specified in [[Man/vz.conf.5|<~~/tr~~b>vz.conf<~~tr valign="top" align="left"~~/b>(5)]] file).Argument can contain literal string <~~td width="11%"~~b>$VEID</tdb>, which willbe substituted with the numeric CT ID.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use--private path option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is 29VE_PRIVATE</pb>specified in [[Man/vz.conf.5|vz.conf</tdb>(5)]] file). Argument can containliteral string <~~td width="7%"~~b>$VEID</tdb>, which will be substituted withthe numeric CT ID.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~OS template is not specified, unable to create~~You can use~~container~~--ipadd</pb> <~~/td~~i>addr</tri>option to assign an IP address to~~<tr valign="top" align="left">~~a container. Note that this option can be used multiple~~<td width="11%">~~times.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">31You can use</pb>--hostname</tdb><~~td width="7%"~~i>name</tdi>option to set a host name fora container.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container not~~ When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and--local_gid</pb> can be used to select which uidand gid</tdi> respectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UID</trb>and<~~tr valign="top" align="left"~~b>LOCAL_GIDfrom global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used. An explicit <~~td width="11%"~~b>--local_uid</tdb>value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid is ignored.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">32Warning:</pb>use --local_uid</tdb>and <~~td width="7%"~~b>--local_gid</tdb>with care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container already running~~</pb>destroy</tdb>| <~~/tr~~b>delete<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>CTID</tdi><~~td width="4%"~~/p>

<p~~>33</td><td width~~style="7margin-left:17%;">Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Unable to stop container~~start</pb> CTID[--wait</tdb>] [--force</trb>] [--skip-fsck<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-remount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Mounts (if necessary) andstarts a container. Unless 34--wait</pb> option isspecified, vzctl</tdb>will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by <~~td width="7%"~~b>vzctl</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to add IP address to container~~Specify</pb>--force</~~td></tr~~b>if you want to start a container which isdisabled (see <~~tr valign="top" align="left"~~b>--disabled<~~td width="11%"~~/b>).</~~td><td width="4%"~~p>

<p~~>40</td><td width~~style="7margin-left:17%; margin-top: 1em">Specify--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="78%"~~/p>

<p~~>Container not mounted</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using <~~td width="11%"~~b>--skip-remount</tdb>flag.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of 41premount</pb>,mount</tdb>and <~~td width="7%"~~b>start</tdb> action scripts (see ACTIONSCRIPTS<~~td width="78%"~~/b> below).

<pstyle="margin-left:11%;">~~Container already mounted~~stop</pb><~~/td~~i>CTID</tri>[--fast<~~tr valign="top" align="left"~~/b>] [<~~td width="11%"~~b>--skip-umount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Stops a container and unmountsit (unless 43--skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option<~~td width="7%"~~b>--fast makes vzctl use reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that~~Container private area~~ vzctl stop is not ~~found~~asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast</pb> is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT in[[Man/vz.conf.5|vz.conf</tdb>(5)]], or per container (STOP_TIMEOUT</trb>in[[Man/ctid.conf.5|<~~tr valign="top" align="left"~~b>ctid.conf(5)]], see <~~td width="11%"~~b>--stop-timeout</tdb>).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">44Note that thiscommand can lead to execution of stop</pb>, umount</tdb>and <~~td width="7%"~~b>postumount</tdb> action scripts (see ACTIONSCRIPTS below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container private area already exists~~restart</pb> CTID[--wait</tdb>] [--force</trb>] [--fast<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-fsck</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">46Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the</pb>start</tdb>and <~~td width="7%"~~b>stop</tdb>options.<~~td width="78%"~~/p>

<p~~>Not enough disk space</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Note that thiscommand can lead to execution of some action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">47</pb>status</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align~~style="margin-left:17%;">Shows a container status. This~~<td width="11%">~~is a line with five or six words, separated by spaces.</~~td><td width="4%"~~p>

<p~~>48</td><td width~~style="7margin-left:17%; margin-top: 1em">First word isliterally CTID</tdb>.<~~td width="78%"~~/p>

<p~~>Unable to create a new container private area</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Second word isthe numeric <~~td width="11%"~~i>CT ID</tdi>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">49Third word isshowing whether this container exists or not, it can beeither </pb>exist</tdb>or <~~td width="7%"~~b>deleted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to create a new~~ Fourth word isshowing the status of the container ~~root area~~filesystem, it can beeither </pb>mounted</tdb>or <~~/tr~~b>unmounted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">50Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~td width="7%"~~b>down</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to mount container~~Sixth word, ifexists, is <~~/td~~b>suspended</~~tr><tr valign="top" align="left"~~b>. It appears if a dump fileexists for a stopped container (see <~~td width="11%"~~b>suspend</tdb>).<~~td width="4%"~~/p>

<p~~>51</td><td width~~style="7margin-left:17%; margin-top: 1em">This commandcan also be usable from scripts.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Unable to unmount container~~</pb>mount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">52Mounts container private area.Note that this command can lead to execution ofpremount</pb> and mount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to delete a container~~</pb>umount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">53Unmounts container privatearea. Note that this command can lead to execution ofumount</pb> and postumount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private area not exist~~Note that</pb>stop</tdb>does <~~/tr~~b>umount<~~tr valign="top" align="left"><td width="11%"~~/b>automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">60convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<p~~>vzquota on failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should be~~<td width="11%">~~set.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">61</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>vzquota init failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">62</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Turn disk quota on. Not that~~vzquota setlimit~~mount ~~failed~~and </pb>start</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">63</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Parameter~~ Turn disk quota off. Not that~~DISKSPACE~~umount ~~not set~~and </pb>stop</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">64</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Parameter~~ Initialize disk quota (i.e. run~~DISKINODES~~vzquota init ~~not set<~~) with the parameters taken from the CTconfiguration file [[Man/p>ctid.conf.5|<~~/td~~b>ctid.conf</~~tr><tr valign="top" align="left"><td width="11%"~~b>(5)]].</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">66</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Executes <bi>~~vzquota off~~command</bi> ~~failed~~in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If </pi>command</tdi>is <~~/tr~~b>-<~~tr valign="top" align="left"~~/b>, commands are read from~~<td width="11%">~~stdin.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">67</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~ugid quota not initialized~~The same as <~~/td~~b>exec</trb>, butreturn code is that of <~~tr valign="top" align="left"~~i>command<~~td width="11%"~~/i>.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">71</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Incorrect IP address format~~Run specified shell script inthe container. Argument </pi>script</~~td></tr~~i>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is not~~<tr valign="top" align="left">~~really started, no file systems other than root (such as<~~td width="11%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">74enter</pb> CTID</tdi>[--exec command [<~~td width="7%"~~i>arg</tdi>...]]<~~td width="78%"~~/p>

Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh(1). Option--exec is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec can not beused) and for some reason you can not use ssh(1). You need to logout manually from the shell to finish session (even if youspecified --exec). console CTID[ttynum] Attach to a container console.Optional ttynum argument is tty number (such as4 for tty4), default is 1 which is usedfor container’s /dev/console. Note theconsoles are persistent, meaning that: • it can be attached to even if the container is notrunning; • there is no automatic detachment upon the containerstop; • detaching from the console leaves anything running inthis console as is. The followingescape sequences are recognized by vzctl console.Note that these sequences are only recognized at thebeginning of a line. •Esc then . to detach from the console. •Esc then ! to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one. === Other options === --help Prints help message with abrief list of possible options. --version Prints vzctlversion. == ACTION SCRIPTS == vzctlhas an ability to execute user-defined scripts when aspecific vzctl command is run for a container. Thefollowing vzctl commands can trigger execution ofaction scripts: start, stop, restart,mount and umount. Action scriptsare located in the /etc/vz/conf/ directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps. and are executed for all containers.Per-CT scripts have a CTID. numeric prefix andare executed for the given container only. Please notescripts are executed in a host system (CT0) context, withthe exception of .start and .stop scripts,which are executed in a container context. The followingaction scripts are currently defined: vps.premount, CTID.premount Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first. vps.mount,CTID.mount Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as .premountscripts. CTID.start Right after vzctl hasstarted a container, it executes this script in a containercontext. CTID.stop Right before vzctl hasstopped a container, it executes this script in a containercontext. vps.umount,CTID.umount Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst. vps.postumount,CTID.postumount Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umountscripts. The environmentpassed to all the *mount scripts is the standardenvironment of the parent (i.e. vzctl) with twoadditional variables: $VEID and $VE_CONFFILE.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files. Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount. <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</pre> == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror: <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 1</td><td width="7%"></td><td width="78%"> Failed to set a UBC parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 2</td><td width="7%"></td><td width="78%"> Failed to set a fair scheduler parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 3</td><td width="7%"></td><td width="78%"> Generic system error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 5</td><td width="7%"></td><td width="78%"> The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 6</td><td width="7%"></td><td width="78%"> Not enough system resources</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 7</td><td width="7%"></td><td width="78%"> ENV_CREATE ioctl failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 8</td><td width="7%"></td><td width="78%"> Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 9</td><td width="7%"></td><td width="78%"> Container is locked by another vzctlinvocation </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 10</td><td width="7%"></td><td width="78%"> Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 11</td><td width="7%"></td><td width="78%"> A vzctl helper script file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 12</td><td width="7%"></td><td width="78%"> Permission denied</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 13</td><td width="7%"></td><td width="78%"> Capability setting failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 14</td><td width="7%"></td><td width="78%"> Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 15</td><td width="7%"></td><td width="78%"> Timeout on vzctl exec</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 16</td><td width="7%"></td><td width="78%"> Error during vzctl suspend</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 17</td><td width="7%"></td><td width="78%"> Error during vzctl resume</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 18</td><td width="7%"></td><td width="78%"> Error from setluid() syscall</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 20</td><td width="7%"></td><td width="78%"> Invalid command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 21</td><td width="7%"></td><td width="78%"> Invalid value for command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 22</td><td width="7%"></td><td width="78%"> Container root directory (VE_ROOT) not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 23</td><td width="7%"></td><td width="78%"> Container private directory (VE_PRIVATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 24</td><td width="7%"></td><td width="78%"> Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 28</td><td width="7%"></td><td width="78%"> Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 29</td><td width="7%"></td><td width="78%"> OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 31</td><td width="7%"></td><td width="78%"> Container not running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 32</td><td width="7%"></td><td width="78%"> Container already running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 33</td><td width="7%"></td><td width="78%"> Unable to stop container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 34</td><td width="7%"></td><td width="78%"> Unable to add IP address to container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 40</td><td width="7%"></td><td width="78%"> Container not mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 41</td><td width="7%"></td><td width="78%"> Container already mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 43</td><td width="7%"></td><td width="78%"> Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 46</td><td width="7%"></td><td width="78%"> Not enough disk space</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td><td width="7%"></td><td width="78%"> Unable to create a new container private area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 49</td><td width="7%"></td><td width="78%"> Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td>

78133</td>

~~IP address already in use~~Waiting for container start failed</td></tr>

79139</td>

~~Container action script returned an error~~Error saving container configuration file</td></tr>

82148</td>

~~Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~86</td><td width="7%"></td><td width="78%">~~ Error setting ~~devices~~ container IO parameters (~~--devices or--devnodes~~ioprio)~~ </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~89</td><td width="7%"></td><td width="78%">~~ ~~IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~91</td><td width="7%"></td><td width="78%">~~ ~~OS template not found~~</td></tr>

~~100~~150</td>

~~Unable to find container IP address~~Ploop image file not found</td></tr>

~~104~~151</td>

~~VE_NETDEV ioctl error~~Error creating ploop image</td></tr>

~~105~~152</td>

~~Container start disabled~~Error mounting ploop image</td></tr>

~~106~~153</td>

~~Unable to set iptables on a running container~~Error unmounting ploop image</td></tr>

~~107~~154</td>

~~Distribution-specific configuration file not found~~Error resizing ploop image</td></tr>

~~109~~155</td>

~~Unable~~ Error converting container to ~~apply a config~~ploop layout</td></tr>

~~129~~156</td>

~~Unable to set meminfo parameter~~Error creating ploop snapshot</td></tr>

~~130~~157</td>

Error ~~setting veth interface~~merging ploop snapshot</td></tr>

~~131~~158</td>

Error ~~setting container name~~deleting ploop snapshot</td></tr>

~~133~~159</td>

~~Waiting for container start failed~~Error switching ploop snapshot</td></tr>

~~139~~166</td>

Error ~~saving container configuration file~~compacting ploop image</td></tr>

~~148~~167</td>

Error ~~setting container IO parameters (ioprio)~~listing ploop snapsots</td></tr>

</table>

== FILES ==

/etc/vz/vz.conf~~ ~~/etc/vz/conf/CTID.conf ~~ ~~/etc/vz/conf/vps.{premount,mount,umount,postumount} ~~ ~~

/etc/vz/conf/CTID.{premount,mount,start,stop,umount,postumount}

~~ ~~/proc/vz/veinfo ~~ ~~/proc/vz/vzquota ~~ ~~/proc/user_beancounters ~~ ~~/proc/bc/* ~~ ~~/proc/fairsched</ppre>

== SEE ALSO ==

[[Man/vzifup-post.8|vzifup-post(8)]], [[Man/vzlist.8|vzlist(8)]],

[[Man/vzmemcheck.8|vzmemcheck(8)]], [[Man/vzmigrate.8|vzmigrate(8)]], [[Man/vzpid.8|vzpid(8)]],

[[Man/vzquota.8|vzquota(8)]], [[Man/vzsplit.8|vzsplit(8)]], [[Man/vzubc.8|vzubc(8)]],

[[UBC]].

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools