Changes

← Older edit

Man/vzctl.8

25,629 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID~~ [--ostemplate name][--config name][~~--~~root ~~parameter value</~~b><~~i>~~path]~~[~~--private path][--ipadd addr][--hostname name~~...] </td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] ~~set~~snapshot CTID ~~[--save][--setmode restart|ignore][--onboot yes|no]~~[--~~bootorder~~id ~~number][--root ~~uuid</~~b><~~i~~>path][--private path][--userpasswd user:pass][--disabled yes|no</b~~>]

[--name name]

[--description ~~string~~desc][--~~ipadd addr][--ipdel addr|all][-~~skip-~~hostname ~~suspend</b~~>name</i~~>][--~~nameserver addr][~~skip-~~-searchdomain ~~config</b~~>name</i~~>]~~[--netif_add ~~</bp>~~dev~~</~~i>[,<i~~td>~~params~~</itr>~~...]][--netif_del ~~<~~/b>dev] [--ifname</b~~tr valign="top" align="left"><~~i>dev</i~~td width="11%"> ~~[--mac ~~</btd>~~hwaddr][--host_ifname ~~<itd width="7%">~~dev][--host_mac hwaddr]~~[<bp>~~--bridge ~~~~name~~vzctl</~~i>]~~[~~--mac_filter on~~</~~b>|<b~~p>~~off~~</btd>]][<btd width="2%">~~--numproc ~~</btd>~~items][--numtcpsock items~~</itd width="80%">]~~[--numothersock items][--vmguarpages ~~</bp>~~pages]~~[~~--kmemsize ~~~~bytes~~flags][snapshot-~~-tcpsndbuf ~~switch~~bytes~~CTID][--~~tcprcvbuf bytes][~~skip-~~-othersockbuf ~~resume~~bytes]~~[| --~~dgramrcvbuf bytes][-~~must-~~oomguarpages ~~resume</b~~>pages</i~~>][--~~lockedpages pages][~~skip-~~-privvmpages ~~config</b~~>pages</i~~>][--~~shmpages ~~id~~pages~~uuid]~~[--numfile ~~</~~b><i~~p>~~items~~</itd>]~~[--numflock items~~</itr>]~~[--numpty ~~</btr valign="top" align="left">~~items]~~[<btd width="11%">~~--numsiginfo ~~</btd>~~items][--dcachesize ~~</btd width="7%">~~bytes][--numiptent num]~~[<bp>~~--physpages ~~~~pages~~vzctl</~~i>]~~[~~--swappages ~~</~~b><i~~p>~~pages~~</itd>][<btd width="2%">~~--cpuunits ~~</btd>~~num][--cpulimit ~~<itd width="80%">~~num][--cpus num][--cpumask ~~</bp>~~cpus|all]~~[~~--meminfo none|~~~~mode:value~~flags][snapshot-~~-iptables ~~delete~~name~~CTID][--~~netdev_add ~~id~~ifname~~uuid]~~[--netdev_del ifname][--diskquota yes|no~~</bp>]~~[--diskspace ~~</~~b><i~~td>~~num~~</itr>]~~[--diskinodes ~~</btr valign="top" align="left">~~num]~~[<btd width="11%">~~--quotatime seconds~~</itd>][<btd width="7%">~~--quotaugidlimit num][--noatime yes|no]~~[<bp>~~--capability ~~~~capname~~vzctl</~~i>:<~~b>on</~~b>|<b~~p>~~off~~</btd>][<btd width="2%">~~--devnodes ~~</btd>~~param][--devices ~~<itd width="80%">~~param][--pci_add dev]~~[<bp>~~--pci_del dev]~~[~~--features ~~~~param~~flags</i~~>:on|off</b~~>][snapshot-~~-applyconfig ~~mount~~name~~CTID][--~~applyconfig_map ~~id~~group~~uuid][--~~ioprio ~~target~~num~~dir] </td></tr><tr valign="top" align="left">

[flags] ~~exec~~snapshot-list | CTID[-H] [~~exec2~~-o ~~CTID~~field[,field...]~~command~~[--id uuid]</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%"> vzctl</td><td width="2%"></td><td width="80%"> [~~arg~~flags] set CTID --parameter value[...] [--save] [--force][--setmode restart|ignore]</td></tr>

[flags] ~~enter~~set CTID[--~~exec ~~reset_ub~~command [arg ...]]~~ </td></tr>

[flags] ~~--help~~console | <bi>CTID[~~--version~~ttynum</bi>]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] convert CTID[--~~left:11%~~layout  ~~margin-top~~ploop[: ~~1em"~~{expanded|plain~~Utility~~|~~vzctl~~raw ~~runs on the host system (otherwise known as~~}]] </td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] exec | exec2 CTIDcommand~~, and can be used with any command~~ [arg ... ~~They affect~~]</td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [flags] ~~VERBOSE~~runscript ~~parameter in theglobal configuration file [[Man~~CTID script</~~vz.conf.5|~~i><b/p>~~vz.conf~~</btd>~~(5)]], or to~~ <b/tr>0</btr valign="top" align="left">~~if not set by~~ <btd width="11%">~~VERBOSE~~</btd> ~~parameter.~~</ptd width="7%">

vzctl</td><td width="2%"></td><td width=~~= Setting container parameters ===~~"80%">

~~set~~--help | <ib>~~CTIDparameters~~--version</~~i> [<~~b>~~--save~~</bp>~~] [~~<b/td>~~--force~~</btr>]</ptable>

~~This command sets variouscontainer parameters. If a --save flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Use --force to save theparameters even if the current kernel doesn’t supportOpenVZ. If the container is currently running, vzctlapplies these parameters to the container.~~= DESCRIPTION ==

~~The following~~Utility~~parameters can be used with~~ ~~set~~vzctl ~~command~~runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs).

Containers canbe referred to by either numeric CTID or by name (see--name option). Note that CT ID <=~~== Miscellaneous ====~~100 arereserved for OpenVZ internal purposes. A numeric ID shouldnot be more than 2147483644.

~~--onboot yes |no~~= OPTIONS ==

~~Sets whether the container willbe started during system boot. The container will not beauto-started unless this parameter is set to yes.~~== Flags ===

~~--bootorder~~These flags come before acommand, and can be used with any command. They affectlogging to console (terminal) only, and do not affect~~number~~logging to a log file.

~~Sets the boot order priorityfor this CT. The higher the number is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset~~ ~~bootorder~~--quiet ~~willstart last.~~

~~--root path~~Disables output. Note thatscripts run by vzctl are still able to produce someoutput.

~~Sets the path to root directory~~(~~VE_ROOT~~--verbose~~) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string $VEID, which will besubstituted with the numeric CT ID.~~

Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of VERBOSE parameter in theglobal configuration file [[Man/vz.conf.5|vz.conf(5)]], or to ~~--private~~0if not set by <ib>~~path~~VERBOSE</ib>parameter.

~~Sets the path to privatedirectory (VE_PRIVATE) for this~~ == Setting container~~. This is adirectory in which all the container’s files arestored. Argument can contain literal string $VEID,which will be substituted with the numeric CT ID.~~parameters ===

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><~~b>--userpasswd</b~~tr valign="top" align="left"><itd width="11%">~~user~~</itd>:<~~i>password</p~~td width="4%">

~~Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so~~ ~~--save~~set ~~flag is useless), it isapplied to the container (by modifying its~~ </~~etc~~p></~~passwd and~~td><td width="2%"></~~etc/shadow files).~~td></ptd width="83%">

~~In case~~CTID[--onboot yes|no][--bootorder number]~~container~~ [--root ~~filesystem is not mounted, it is~~ path][--private path]~~automatically mounted, then all the appropriate file changes~~[--mount_opts options]~~are applied, then it is unmounted.~~[--userpasswd user:pass</pi>][--disabled yes|no][<~~p style="margin~~b>--~~left:17%~~name  ~~margin~~name][--~~top: 1em"~~description string~~Note that~~]~~container should be created before using this option.~~[--ostemplate string</pi>][--stop-timeout seconds][<~~p style="margin~~b>--~~left:11%~~ipadd "addr][--~~disabled yes~~ipdel addr |all][--hostname name][no--nameserver addr</pi>][--searchdomain name][<~~p style="margin~~b>--~~left:17%~~netif_add "dev[,params~~Disable container start~~. To..]]~~force the start of a disabled container, use~~ [--netif_del dev|all][--ifname~~vzctl start~~dev[--~~force~~mac .hwaddr</pi>][--host_ifname dev][<~~p style="margin~~b>--~~left:11%~~host_mac "hwaddr][--~~name~~bridge  name][--mac_filter on|off</pb>]][--numproc items][<~~p style="margin~~b>--~~left:17%~~numtcpsock "items~~Add a name for a container. The~~][--numothersock ~~name~~items ~~can later be used in subsequent calls to~~][~~vzctl~~--vmguarpages  ~~in place of~~ ~~CTID~~pages][--kmemsize .bytes</pi>][--tcpsndbuf bytes][<~~p style="margin~~b>--~~left:11%~~tcprcvbuf "bytes][--~~description~~othersockbuf bytes][--dgramrcvbuf bytes~~string~~][--oomguarpages pages</pi>][--lockedpages pages][<~~p style="margin~~b>--~~left:17%~~privvmpages "pages~~Add a textual description for a~~]~~container.~~[--shmpages pages</pi>][--numfile items][<~~p style="margin~~b>--~~left:11%~~numflock "items][--~~setmode~~numpty items]~~restart~~[--numsiginfo |items][~~ignore~~--dcachesize bytes</pi>][--numiptent num][<~~p style="margin~~b>--physpages pages][--~~left:17%~~swappages "pages~~Whether to restart a container~~]~~after applying parameters that require the container to be~~[--ram bytes]~~restarted in order to take effect.~~[--swap bytes</pi>][--vm_overcommit float]~~==== Networking ====~~[--cpuunits num][--cpulimit num][<~~p style="margin~~b>--~~left:11%~~cpus "num][--~~ipadd~~cpumask  ~~addr~~cpus|auto</pb>|all][--nodemask nodes|all][<~~p style="margin~~b>--~~left~~meminfo none|mode:~~17%~~value][--iptables "name[,~~Adds IP address to a given~~...]]~~container. Note that this option is incremental, so~~[--netfilter disabled|stateless|stateful|full][--netdev_add ifname~~addr~~][--netdev_del  ~~are added to already existing ones.~~ifname</pi>][--diskquota yes|no][<~~p style="margin~~b>--~~left:11%~~diskspace "num][--~~ipdel~~diskinodes  ~~addr~~num |][~~all~~--quotatime seconds</pi>][--quotaugidlimit num][<~~p style="margin~~b>--~~left:17%~~capability "~~Removes IP address~~ ~~addr~~capname~~from a container~~:on|off[,... ~~If you want to remove all the addresses,~~]]~~use~~ [--~~ipdel all~~devnodes .param</pi>][--devices param][<~~p style="margin~~b>--~~left:11%~~pci_add "dev][--~~hostname~~pci_del dev][--features name:on|off[,...]][--applyconfig name</pi>][--applyconfig_map group][<~~p style="margin~~b>--~~left:17%~~ioprio "num~~Sets container hostname.~~][~~vzctl~~--iolimit  ~~writes it to the appropriate file inside a~~mbps]~~container (distribution~~[--iopslimit iops] [--~~dependent).~~save</pb>][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="~~margin-~~left:"><td width="11%;"></td><td width="4%"></td><td width="2%"></td><td width="83%"> This command sets various container parameters. If thecontainer is currently running, ~~--nameserver~~vzctlapplies theseparameters to the container. The following options can beused with <ib>~~addr~~set</ib>command.</td></tr></table> ==== Flags ====

~~Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use~~ --~~nameserver~~save ~~optionmultiple times in one call to vzctl, as all the nameserver values set in previous calls to vzctl areoverwritten.~~

If this flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|~~--searchdomain~~ctid.conf~~name~~(5)]].

~~Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use~~ --~~searchdomain~~force ~~optionmultiple times in one call to vzctl, as all thesearch domain values set in previous calls to vzctlare overwritten.~~

If this flag is given togetherwith --~~netif_add~~save, parameters are saved even if the currentkernel doesn’t support OpenVZ. Note this flag does notmake sense without <ib>~~ifname[~~--save</ib>,so <ib>~~mac~~--save</~~i>,host_ifname,host_mac,bridge]</i~~b>isrequired.

~~Adds a virtual Ethernet device(veth) to a given container. Here~~ <ib>~~ifname~~--reset_ub</ib> ~~is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified.~~

If this flag is given,~~--netif_del~~vzctlapplies all User Beancounter parameters from<the configuration file to a running container. This ishelpful in case configuration file is modified manually.Please note this flag is exclusive, i~~>dev_name | all~~.e. it can not becombined with any other options or flags.

~~Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--setmode restart |~~all~~ignore.

A few parameters can only beapplied by restarting the container. By default,vzctl prints a warning if such parameters aresupplied and a container is running. Use --setmoderestart together with --save flag to restart acontainer in such a case, or --setmode ignore tosuppress the warning.

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use --ifname name option. --mac XX:XX:XX:XX:XX:XX~~=== Miscellaneous ====

~~MAC address of interface inside~~--onboot yes |~~a container.~~no

Sets whether the container willbe started during system boot. The container will be startedon boot by vz initscript if either this parameter isset to ~~--host_ifname~~yes, or the container was running just beforelast reboot, and this parameter is not set to <ib>~~name~~no</ib>.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

~~interface name for virtual~~--bootorder~~interface in the host system.~~number

Sets the boot order priorityfor this CT. The higher the <bi>~~--host_mac~~number</bi>is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset <ib>~~XX:XX:XX:XX:XX:XX~~bootorder</ib>willstart last.

~~MAC address of interface in thehost system.~~--root path

Sets the path to root directory(~~--bridge~~VE_ROOT ) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string <ib>~~name~~$VEID</ib>, which will besubstituted with the numeric CT ID.

~~Bridge name. Custom network~~--private~~start scripts can use this value to automatically add theinterface to a bridge.~~path

Sets the path to privatedirectory (~~--mac_filter on~~VE_PRIVATE |) for this container. This is adirectory in which all the container’s files arestored. Argument can contain literal string ~~off~~$VEID,which will be substituted with the numeric CT ID.

~~Enables~~--mount_opts</~~disables MAC address~~b>~~filtering for the Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container. If the filtering is turned on:~~ <bri>option[,~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ option<br/i>~~• it is impossible to modify the veth MAC address frominside the Container~~...]

~~By default,~~Sets additional mount options~~this functionality is enabled~~ for ~~all veth devices existing~~container file system. Only applicable for ploop~~inside the Container~~layout, ignored otherwise.

--userpasswduser:password

~~The following~~Sets password for the given~~options sets barrier and limit for various~~ userin a container, creating the user if it does not~~beancounters~~exists. ~~Each~~ Note that this option ~~requires one or two arguments. In~~is not saved in configuration~~case of one argument,~~ file at all (so ~~vzctl~~--save ~~sets barrier and limit~~ flag is useless), it isapplied directly tothe ~~same value. In case of two colon-separated arguments~~container,by runningdistribution-specific programs inside the ~~first is a barrier, and the second~~ container. It is ~~a limit. Eachargument is either a number, a number~~ not recommended to combine this option with ~~a suffix, or a~~any other~~special value unlimited~~options.

~~Arguments are~~In case~~in items~~container was not running, ~~pages or bytes. Note that page size~~ it isautomatically started then~~architecture-specific~~all the appropriate changes are applied, then it is ~~4096 bytes on x86 and x86_64platforms~~stopped.

~~You can also~~Note that~~specify different suffixes for set parameters (exceptfor the parameters which names start with num). Forexample, vzctl set CTID --privvmpages5M:6M~~ container should ~~set privvmpages’ barrier to 5megabytes and its limit to 6 megabytes~~be created before using this option.

-~~top: 1em"~~-disabled yes~~Available~~|~~suffixes are:~~no

<~~table width~~p style="~~100~~margin-left:17%~~" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0~~;">Disable container start. Toforce the start of a disabled container, use <~~tr valign="top" align="left"~~b>vzctl start--force<~~td width="11%"~~/b>.</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">T--name, <bi>tname</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<pstyle="margin-left:17%;">~~terabytes;~~Add a name for a container. The</pi>name</tdi>can later be used in subsequent calls to<~~td width="34%"~~b>vzctl</tdb>in place of <~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i>. Note this option cannot be used without <~~td width="11%"~~b>--save</tdb>.<~~td width="6%"~~/p>

<pstyle="margin-left:11%;">G--description, <bi>gstring</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>gigabytes;</td><td width~~style="34margin-left:17%;">Add a textual description for acontainer.</~~td></tr><tr valign="top" align="left"><td width="11%"></td><td width="6%"~~p>

<pstyle="margin-left:11%;">M--ostemplate, <bi>mstring</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>megabytes;</td><td width~~style="34margin-left:17%;">Sets a new value of<~~/td~~b>OSTEMPLATE</trb>parameter in container configuration file[[Man/ctid.conf.5|ctid.conf<~~tr valign="top" align="left"~~/b>(5)]]. Requires <~~td width="11%"~~b>--save</tdb>flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.<~~td width="6%"~~/p>

<pstyle="margin-left:11%;">K--stop-timeout, <bi>kseconds</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>kilobytes;</td><td width~~style="34margin-left:17%;">Sets a time to wait forcontainer to stop on <~~/td~~b>vzctl stop</trb>before forcibly~~<tr valign="top" align="left">~~killing it, in seconds. Note this option can not be usedwithout <~~td width="11%"~~b>--save</tdb>flag.<~~td width="6%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Special valueof ~~P, p~~0means to use compiled-in default.</p~~></td><td width="5%"></td><td width="44%"~~>

~~memory pages (arch-specific).</td><td width~~=~~"34%"></td></tr></table>~~=== Networking ====

~~You can alsospecify the literal word~~ ~~unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. ~~--~~numproc~~ipadd ~~items[:items~~addr]

~~Maximum number of processes and~~Adds an IP address addr~~kernel-level threads~~to a given container. ~~Setting~~ Address can optionally have a netmaskspecified in the ~~barrier and the limit~~ CIDR notation (e.g. 10.1.2.3/25).Note that this option is incremental, so addr areadded to~~different values does not make practical sense~~already existing ones.

--~~numtcpsock~~ipdel~~items~~addr[:|<ib>~~items~~all</ib>]

~~Maximum number of TCP sockets~~Removes IP address addrfrom a container.~~This parameter limits~~ If you want to remove all the ~~number of TCP connections and~~addresses,~~thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense~~use --ipdel all.

--~~numothersock~~hostname~~items~~name~~[:items]~~

~~Maximum number of non-TCPsockets (local sockets, UDP and other types of sockets)~~Sets container hostname.~~Setting~~ vzctl writes it to the ~~barrier and the limit to different values does~~appropriate file inside a~~not make practical sense~~container (distribution-dependent).

--~~vmguarpages~~nameserver~~pages~~addr~~[:pages]~~

~~Memory allocation guarantee.~~Sets DNS server IP address for~~This parameter controls how much memory is available to~~ acontainer. ~~The barrier is the amount of memory that~~If you want to set several nameservers, youshould do it at once, so use --nameserver option~~container’s applications are guaranteed~~ multiple times in one call to ~~be able toallocate. The meaning of~~ vzctl, as all the ~~limit is currently unspecified;~~name~~it should be~~ server values set in previous calls to ~~unlimited~~vzctlareoverwritten.

A special valueof ~~--kmemsize~~inheritcan be used to auto-propagate nameservervalue(s) from the host system’s<ib>~~bytes<~~/~~i>[:bytes~~etc/resolv.conf</ib>]file.

~~Maximum amount of kernel memoryused. This parameter is related to~~ --~~numproc~~searchdomain~~. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the~~<bi>~~kmemsize~~name</bi> ~~usage under the limit.~~

Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use --~~tcpsndbuf~~searchdomainoptionmultiple times in one call to <ib>~~bytes~~vzctl</ib>[:, as all thesearch domain values set in previous calls to <ib>~~bytes~~vzctl</ib>]are overwritten.

~~Maximum size~~ A special valueof ~~TCP sendbuffers. Barrier should~~ inherit can be ~~not less than 64 KB, anddifference between barrier and limit should be equal~~ used to orauto-propagate search~~more than~~ domain value of (s) from the host system’s~~numtcpsock~~/etc/resolv.conf ~~multiplied by 2.5~~KBfile.

--~~tcprcvbuf~~netif_add~~bytes~~ifname[,mac[,host_ifname,host_mac,bridge] Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge~~bytes~~is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifname]are optional and are automatically generated if notspecified.

~~Maximum size of TCP receive~~--netif_del~~buffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ dev_name | ~~numtcpsock~~all ~~multiplied by 2.5KB.~~

Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--othersockbuf~~all~~bytes[:bytes]~~.

==== veth interface configuration ==== ~~Maximum size of other (non~~The followingoptions can be used to reconfigure the already-~~TCP)~~created~~socket send buffers~~virtual Ethernet interface. ~~If container’s processes needs~~ To select the interface to~~send very large datagrams~~configure, ~~the barrier should be setaccordingly~~use --ifname name option. ~~Increased limit is necessary for high~~ ~~performance of communications through local (UNIX~~-~~domain)sockets.~~-mac XX:XX:XX:XX:XX:XX

~~--dgramrcvbuf~~MAC address of interface inside~~bytes[:bytes]~~a container.

~~Maximum size of other (non~~-~~TCP)~~-host_ifname~~socket receive buffers. If container’s processes needsto receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and thelimit is not needed.~~name

~~--oomguarpages~~interface name for virtual~~pages[:pages]~~interface in the host system.

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the~~ ~~oomguarpages~~--host_mac ~~usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be set~~to <bi>~~unlimited~~XX:XX:XX:XX:XX:XX</bi>.

~~--lockedpages~~MAC address of interface in the~~pages[:pages]~~host system.

~~Maximum number of pages~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here~~acquired by mlock~~(2FE:FF:FF:FF:FF:FF).

--~~privvmpages~~bridge~~pages~~name~~[:pages]~~

~~Allows controlling the amountof memory allocated by the applications~~Bridge name. ~~For shared (mappedas MAP_SHARED) pages, each container really using a~~Custom network~~memory page is charged for~~ start scripts can use this value to automatically add the ~~fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped asMAP_PRIVATE), container is charged either for~~ interface to a~~fraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet~~bridge.

--mac_filter on |off ~~The barrier~~ Enables/disables MAC addressfiltering for the Container veth device andthe possibilityof configuring the ~~limit~~ MAC address of this ~~parameter control~~ device from insidethe ~~upper boundary of~~Container. If the filtering is turned on: • the ~~total size~~ veth device accepts only those packets that havea MAC address in their headers corresponding to that of ~~allocated memory. Note that~~ this ~~upperboundary does not guarantee that container will be able to~~device (excluding all broadcast and multicast packets); ~~allocate that much memory. The primary mechanism~~ • it is impossible to ~~control~~modify the veth MAC address from~~memory allocation is~~ inside the ~~--vmguarpages guarantee~~Container.

~~--shmpages~~By default,this functionality is enabled for all veth devices existing~~pages[:pages]~~inside the Container.

~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values doesnot make practical sense.~~=== VSwap limits ====

~~~~The followingoptions sets memory and swap limits for VSwap-~~-numfile~~enabled~~items[:items]~~kernels (kernel version 042stab042 or greater).

~~Maximum number of open files~~Argument is inbytes, unless otherwise specified by an optional suffix.~~In most cases the barrier and the limit should be set to the~~Available suffixes are: •T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; ~~same value. Setting the barrier to~~ • K, 0k ~~effectively~~- kilobytes; ~~disables pre~~• P, p - memory pages (arch-~~charging optimization for this beancounter in~~specific,usually 4KB); ~~the kernel~~• B, ~~which leads to~~ b - bytes (this is the ~~held value being precise but~~default). ~~could slightly degrade file open performance.~~--ram bytes

Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting --~~numflock~~physpageslimit (the barrier is set to~~items[:items]~~0).

~~Maximum number of file locks.Safety gap should be between barrier and limit.~~--swap bytes

Set swap space available to acontainer. Actually, the option is a shortcut for setting--~~numpty~~swappages~~items[:items]~~limit (the barrier is set to 0).

~~Number of pseudo~~--~~terminals~~vm_overcommit~~(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit todifferent values does not make practical sense.~~float

Set VM overcommitment value to<bi>~~--numsiginfo~~float</bi>. If set, it is used to calculate<ib>~~items~~privmmpages</ib>[:parameter in case it is not setexplicitly (see below). Default value is <ib>~~items~~0</ib>], meaningunlimited privvmpages.

~~Number of siginfo structures.~~vzctl~~Setting the barrier~~ checks if running kernel is VSwap capable, and ~~the limit~~ refuses to ~~different values doesnot make practical sense~~use these parameters otherwise. This behavior can beoverriden by using --force flag beforeparameters.

~~--dcachesize~~In VSwap mode,all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,they are calculated and set by vzctl implicitly, using the~~bytes[~~following formulae:~~bytes]~~

~~Maximum size offilesystem-related caches, such as directory entry and inode~~•~~caches~~lockedpages. ~~Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail~~barrier = oomguarpages. ~~Safety gapshould be between~~ barrier ~~and limit.~~= ram

~~--numiptent~~•lockedpages.limit = oomguarpages.limit = unlimited~~num[:num]~~

~~Number of iptables (netfilter)~~•~~entries~~vmguarpages. ~~Setting the~~ barrier ~~and the~~ = vmguarpages.limit ~~to differentvalues does not make practical sense.~~= ram + swap

~~--physpages~~•privvmpages.barrier = privvmpages.limit = (ram + swap) *vm_overcommit~~pages[:pages]~~

~~On VSwap-enabled kernels, thislimits the amount of physical memory~~ (~~RAM) available to a~~if~~container. The barrier should be set to~~ vm_overcommit is 0or not set, ~~and thelimit~~ privvmpages is set to ~~a total size of RAM that can be used used by acontainer.~~"unlimited")

~~For olderkernels, this~~ Here is an ~~accounting-only parameter, showing theusage~~ example of ~~RAM by this~~ setting container~~. Barrier should be set~~ 777 tohave 512 megabytes of~~0,~~ RAM and ~~limit should be set to unlimited.~~1 gigabyte of swap:

~~~~ vzctl set 777 --ram 512M --swap 1G --~~swappagespages[:pages]~~save</ppre>

~~The limit, if set, is used toshow a total amount of swap space available inside thecontainer. The barrier of this parameter is currentlyignored. The default value is unlimited, meaningtotal swap will be reported as 0.~~=== User Beancounter limits ====

~~Note that in~~The following~~order~~ options sets barrier and limit for ~~the value to be shown as total swap space,~~various user~~--meminfo parameter should be set to value other thannone~~beancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --ram and--swap (see above). For older kernels, these limitsare obligatory.

~~These~~Each option~~parameters control CPU usage by container~~requires one or two arguments. In case of one argument,vzctl<br/b>sets barrier and limit to the same value. Incase of two colon-~~-cpuunits~~separated arguments, the first is abarrier, and the second is a limit. Each argument is eithera number, a number with a suffix, or a special value ~~num~~unlimited</ib>.

~~CPU weight for a container.~~Arguments are~~Argument is positive non-zero number~~in items, ~~passed to and used inthe kernel fair scheduler~~pages or bytes. ~~The larger the number~~ Note that page size is~~, themore CPU time this container gets. Maximum value is 500000~~architecture-specific,~~minimal~~ it is ~~8. Number is relative to weights of all the otherrunning containers. If cpuunits are not specified,~~4096 bytes on x86 and x86_64~~default value of 1000 is used~~platforms.

You can ~~set CPU~~also~~weight~~ specify different suffixes for ~~CT0~~ User Beancounter parameters(~~host system itself~~except for those which names start with num) ~~as well (use~~ . Forexample, vzctlset ~~0 --cpuunits~~ ~~num~~CTID~~). Usually, OpenVZ initscript~~--privvmpages(5M:6M should set ~~/etc/init.d/vz~~privvmpages~~) takes care of setting this~~’ barrier to 5megabytes and its limit to 6 megabytes.

~~--cpulimit~~Available~~num[%]~~suffixes are:

~~Limit of CPU usage for the~~•~~container~~T, ~~in per cent. Note if the computer has 2 CPUs~~t - terabytes; • G, itg - gigabytes; ~~has total of 200% CPU time. Default CPU limit is~~ • M, m - megabytes; • K, 0k - kilobytes; • P, p - memory pages (~~no CPU limit~~arch-specific,usually 4KB); • B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~cpus~~numproc ~~num~~items[:items]

~~sets~~ Maximum number of ~~CPUs available~~processes andin kernel-level threads. Setting the ~~container~~barrier and the limit todifferent values does not make practical sense.

--~~cpumask~~numtcpsock ~~cpus~~items |[:<bi>~~all~~items</bi>]

~~sets list~~ Maximum number of ~~allowed CPUs for~~TCP sockets.This parameter limits the ~~container. Input format is a comma-separated list~~ number of~~decimal numbers~~ TCP connections and ~~ranges. Consecutively set bits are shown~~,~~as two hyphen-separated decimal numbers~~thus, the ~~smallest and~~number of clients the server application can~~largest bit numbers set~~ handle in parallel. Setting the ~~range. For example, if youwant~~ barrier and the ~~container~~ limit to ~~execute on CPUs 0, 1, 2, 7, you shouldpass 0-2,7. Default value is all (thecontainer can execute on any CPU)~~different values does not make practical sense.

--numothersockitems[:items]

~~This parameter~~Maximum number of non-TCP~~control output~~ sockets (local sockets, UDP and other types of ~~/proc/meminfo inside a container~~sockets). ~~ --meminfo none~~Setting the barrier and the limit to different values doesnot make practical sense.

No --vmguarpages</~~proc~~b>pages</~~meminfo virtualization(the same as on host system).~~i>[:pages]

~~--meminfo~~Memory allocation guarantee.~~mode:value~~ ~~Configure total~~ This parameter controls how much memory ~~output~~is available to a~~in a~~ container. ~~Reported free~~ The barrier is the amount of memory ~~is evaluated~~that~~accordingly~~ container’s applications are guaranteed to be able to allocate. The meaning of the ~~mode being set. Reported swap~~ limit iscurrently unspecified;~~evaluated according~~ it should be set to ~~the settings of~~ ~~--swappages~~unlimited~~parameter~~.

~~You can use thefollowing modes for mode: •~~ ~~pages~~--kmemsize:~~value~~bytes ~~- sets total memory inpages; • privvmpages~~[:~~value - sets total memoryas privvmpages * value~~bytes.]

Maximum amount of kernel memoryused. This parameter is related to -~~top: 1em"~~-numproc~~Default~~ . Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It isimportant to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the~~privvmpages:1~~kmemsizeusage under the limit.

~~Note that if~~--~~physpages~~tcpsndbuf ~~is set on a VSwap-enabled kernel, ittakes a precedence over~~ <bi>~~--meminfo~~bytes</bi>, [:<i~~.e. setting~~~~--meminfo~~bytes</bi> ~~does not take any effect.~~]

Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied by 2.5KB. --tcprcvbufbytes[:bytes]

Maximum size of TCP receivebuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of ~~--iptables~~numtcpsockmultiplied by 2.5~~name~~KB.

~~Allow to use the functionality~~--othersockbufof ~~name~~bytes ~~iptables module inside the container. Tospecify multiple~~ [:~~name~~bytes~~s, repeat --iptables for each,or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces).~~]

~~The default~~Maximum size of other (non-TCP)socket send buffers. If container’s processes needs to~~list of enabled iptables modules is specified by~~ send very large datagrams, thebarrier should be set~~IPTABLES variable in [[Man/vz~~accordingly.~~conf.5|vz.conf~~Increased limit is necessary for highperformance of communications through local (5UNIX-domain)]]sockets.

~~You can use thefollowing values for name:~~ ~~iptable_filter~~--dgramrcvbuf,<bi>~~iptable_mangle~~bytes</bi>, [:<bi>~~ipt_limit~~bytes</~~b>,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner</b~~i>.]

Maximum size of other (non-TCP)socket receive buffers. If container’s processes needsto receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and thelimit is not needed.

--~~netdev_add~~oomguarpages~~name~~pages[:pages]

~~move network device from~~ Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the oomguarpages usage isbelow thebarrier, processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be set~~host system~~ to ~~a specified container~~unlimited.

--~~netdev_del~~lockedpages~~name~~pages[:pages]

~~delete network device from a~~Maximum number of pages~~specified container~~acquired by mlock(2).

--privvmpagespages[:pages]

Allows controlling the amountof memory allocated by the applications. For shared (mappedas ~~--diskquota yes~~MAP_SHARED |) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped asnoMAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.

~~allows~~ The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able to ~~enable or disabledisk quota for a container~~allocate that much memory. ~~By default, a global value~~The primary mechanism to control~~(DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]]~~ memory allocation is ~~used.~~ ~~~~the --~~diskspace~~vmguarpages~~num[:num]~~guarantee.

~~sets soft and hard disk quotalimits, in blocks. First parameter is soft limit, second ishard limit. One block is currently equal to 1Kb. Suffixes~~G--shmpages, <bi>Mpages</bi>, [:<bi>Kpages</bi> ~~can also be specified (seeResource limits section for more info onsuffixes).~~]

~~--diskinodes~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values does~~num[:num]~~not make practical sense.

~~sets soft and hard disk quota~~--numfile~~limits, in~~ <i~~-nodes. First parameter is soft limit, second ishard limit.~~>items[:items]

Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to ~~--quotatime~~0effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise but~~seconds~~could slightly degrade file open performance.

~~sets quota grace period.~~--numflock~~Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~items[:items]

~~--quotaugidlimit~~Maximum number of file locks.~~num~~Safety gap should be between barrier and limit.

~~sets maximum number ofuser/group IDs in a container for which disk quota insidethe container will be accounted. If this value is set to~~0--numpty~~, user and group quotas inside the container willnot be accounted.~~items[:items]

Number of pseudo-terminals(PTY). Note that ifin OpenVZ each container can have not more~~you have previously set value of this parameter~~ than 255 PTYs. Setting the barrier and the limit to ~~0,changing it while the container is running will~~ different values does not ~~takeeffect~~make practical sense.

--numsiginfoitems[:items]

~~--noatime yes |~~Number of siginfo structures.Setting the barrier and the limit to different values does~~no~~not make practical sense.

~~Sets noatime flag (do not~~--dcachesize~~update inode access times) on filesystem.~~bytes[:bytes]

Maximum size offilesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.

--~~capability~~numiptent~~capname~~num[:<bi>onnum</~~b>|off</b~~i>]

~~Sets a capability for a~~Number of iptables (netfilter)~~container~~entries. ~~Note that setting capability when~~ Setting the barrier and the ~~container~~limit to different~~is running~~ values does not ~~take immediate effect; restart thecontainer in order for the changes to take effect. Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and" withthe default capability mask~~make practical sense.

~~You can use thefollowing values for capname:~~ ~~chown~~--physpages,<bi>~~dac_override~~pages</bi>, [:<bi>~~dac_read_search~~pages</~~b>, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities</b~~i>~~(7).~~]

~~WARNING:~~On VSwap-enabled kernels, this~~setting some~~ limits the amount of ~~those capabilities may have far reaching~~physical memory (RAM) available to a~~security implications, so do not do it unless you know whatyou are doing~~container. ~~Also note that setting~~ The barrier should be set to ~~setpcap:on~~0 ~~for~~, and thelimit to a total size of RAM that can be used used by acontainer ~~will most probably lead to inability to start~~it.

For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to0, and limit should be set to unlimited.

--~~devnodes~~swappages~~device~~pages[:[<bi>rpages</~~b>][w</b~~i>]~~[q]|none~~

~~Give~~ For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container ~~an access~~. The barrier should be(set to r0 ~~- read~~, ~~w - write, q - disk quotamanagement, none - no access)~~ and the limit to a ~~device designated~~total size of swap thatcan be used by ~~the special file /dev/device. Device file iscreated in~~ a container ~~by vzctl. Example: vzctlset 777 --devnodes sdb:rwq~~.

~~~~For older(pre-~~-devices~~VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value is~~b|~~~~c:major:minor|all:[r][w][q]|none~~unlimited, meaning total swap will be reported as0.

~~Give the container an access toa block or character device designated by itsmajor and minor numbers. Device file have tobe created manually.~~=== CPU fair scheduler parameters ====

Theseparameters control CPU usage by container. --cpuunits num

CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If ~~--pci_add~~cpuunitsare not specified,~~[domain:]bus:slot~~default value of 1000 is used.~~func~~

~~Give the container an access to~~You can set CPU~~a specified PCI device. All numbers are hexadecimal~~ weight for CT0 (host system itself) aswell (use vzctl~~printed by~~ set 0 --cpuunits~~lspci~~num). Usually, OpenVZ initscript(/etc/init.d/vz~~(8) in the first column~~)takes care of setting this.

--~~pci_del~~cpulimit[~~domain~~num:][<ib>~~bus~~%</~~i>:slot.func</i~~b>]

~~Delete a PCI device from~~ Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is 0(no CPU limit).

~~Note that~~~~vps~~-~~pci configuration script is executed byvzctl~~-cpus ~~then configuring PCI devices. The script isusually located at~~ <bi>~~/usr/lib[64]/vzctl/scripts/~~num</bi>.

sets number of CPUs availablein the container.

--~~features~~cpumask~~name~~cpus:|onauto|~~off~~all

~~Enable or disable~~ Sets list of allowed CPUs forthe container. Input format is a ~~specific~~comma-separated list of~~container feature~~decimal numbers and/or ranges. ~~Known features~~ Consecutively set bits are~~: sysfs~~shown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example,if~~nfs~~you want the container to execute on CPUs 0, 1, 2, 7, youshould pass ~~sit~~0-2, ~~ipip~~7, . Default value is ~~ppp~~all,(thecontainer can execute on any CPU). If used with the~~ipgre~~--nodemaskoption, value of ~~bridge, nfsd~~autoassigns allCPUs from the specified NUMA node to a container.

--nodemask nodes| all

Sets list of allowed NUMA nodesfor the container. Input format is the same as for--~~applyconfig~~cpumask. Note that --nodemask must be usedwith the <ib>~~name~~--cpumask</ib>option.

~~Read container~~ === Memory output parameters ~~fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if --save option specified save tothe container config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT, andVE_PRIVATE.~~====

ForVSwap-enabled kernels (042stab042 or greater), thisparameter is ignored. For older kernels, it controls theoutput of /proc/meminfo inside a container. --~~applyconfig_map~~meminfo none~~group</i~~>

~~Apply container configparameters selected by group. Now the only possiblevalue for group<~~No /~~i> is name<~~proc/~~b>: to restore container~~meminfo virtualization~~name based~~ (the same as on ~~NAME variable in containerconfiguration file~~host system).

--meminfomode:value Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of --swappagesparameter.</~~O priority management ====~~p>

You can use thefollowing modes for mode: • pages:value-sets total memory inpages; • privvmpages:value -~~ioprio~~sets total memoryas privvmpages* ~~priority~~value.

~~Assigns I/O priority tocontainer. Priority range is 0-7. The greaterpriority~~ Default is~~, the more time for I/O activity containerhas. By default each container has priority of~~4privvmpages:1.

=== ~~Checkpointing and restore~~ = Netfilter (iptables) control parameters ====

~~Checkpointing is a feature ofOpenVZ kernel which allows to save a complete state of arunning container, and to restore it later.~~--netfilter disabled|stateless|stateful|full

~~chkpnt<~~Restrict access tonetfilter/~~b> CTID~~iptables modules for a container. This option[replaces obsoleted --~~dumpfile~~iptables ~~name]~~.

~~This command saves a complete~~Note that~~state of a running~~ changing this parameter requires container ~~to a dump file~~restart, ~~and stops the~~so~~container. If an option~~ consider using --~~dumpfile~~setmode ~~is not set,default dump file name /vz/dump/Dump.CTID isused~~option.

The followingarguments can be used: <~~b>restore</~~b> <~~i>CTID</i~~br>~~[--dumpfile~~• disabled ~~name]~~

~~This command restores acontainer from the dump file created by the chkpntcommand.~~no modules are allowed

• stateless

~~create CTID~~all modules except NAT and~~[--ostemplate <~~conntracks are allowed (i~~>name] [--config~~.e. filter and mangle); this is the~~name] [--private path] [--root path] [--ipadd addr][--hostname name]~~default

~~Creates a new container area.This operation should be done once, before the first startof the container.~~• stateful

~~If the--config option is specified, values from exampleconfiguration file/etc/vz/conf/ve-name.conf-sample~~ all modules except NAT are~~put into the container configuration file. If this containerconfiguration file already exists, it will be removed.~~allowed

<~~p style~~table width="~~margin-left:17~~100%~~; margin-top: 1em~~"~~>You can use~~border="0" rules="none" frame="void"~~--root path</i~~ cellspacing="0" cellpadding="0"> ~~option to sets the path to themount point for the container root directory (default is~~<btr valign="top" align="left">~~VE_ROOT specified in [[Man/vz.conf.5|vz.conf(5)]] file).Argument can contain literal string~~ <btd width="22%">~~$VEID~~</btd>~~, which willbe substituted with the numeric CT ID.~~</ptd width="9%">

~~You can use~~~~--private~~• full ~~path~~</ip> ~~option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is VE_PRIVATE~~</btd>~~specified in [[Man/vz.conf.5|~~<btd width="1%">~~vz.conf~~</btd>~~(5)]] file). Argument can containliteral string~~ <~~b>$VEID, which will be substituted withthe numeric CT ID.</p~~td width="36%">

all modules are allowed</td><td width="~~margin-left:17~~32%~~; margin-top: 1em~~">~~You can use--ipadd~~</~~b> <i~~td>~~addr~~</itr> ~~option to assign an IP address toa container. Note that this option can be used multipletimes.~~</ptable>

~~You can use~~--~~hostname~~iptables name ~~option to set a host name fora container~~[,...]

~~destroy~~Note |this option isobsoleted, ~~delete~~--netfiltershould be used instead.

~~Removes a container private~~Allow to use~~area by deleting all files, directories and~~ the functionality of name iptables module inside the~~configuration file of this~~ container. Multiple comma-separated names can bespecified.

The defaultlist of enabled iptables modules is defined by the~~start~~IPTABLES variable in [[Man/vz.conf.5|~~--wait~~vz.conf(5)]~~[--force~~].

~~Mounts (if necessary) and~~You can use thefollowing values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,~~starts a container. Unless~~ ~~--wait~~ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack ~~option is~~,~~specified~~ipt_state, ~~vzctl~~ipt_helper ~~will return immediately; otherwise~~, iptable_nat,~~an attempt to wait till the default runlevel is reached will~~ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,~~be made by~~ ~~vzctl~~xt_mac, ipt_recent, ipt_owner.

~~Specify--force if you want to start a container which isdisabled (see --disabled).~~=== Network devices control parameters ====

~~Note that thiscommand can lead to execution of~~ ~~premount~~--netdev_add,<bi>~~mount~~name</~~b> and start action scripts (see ACTIONSCRIPTS</b~~i> ~~below).~~

~~stop [--fast]~~move network device from thehost system to a specified container

~~Stops and unmounts a container.Normally, halt(8) is executed inside a container;option~~ --~~fast~~netdev_del ~~makes~~ <bi>~~vzctl~~name</~~b> use <b~~i>~~reboot(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~

~~Note that this~~delete network device from a~~command can lead to execution of stop, umountand postumount action scripts (see ACTIONSCRIPTS below).~~specified container

~~restart [--wait][--force] [--fast]~~=== Disk quota parameters ====

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the~~~~start~~--diskquota yes ~~and~~ |~~stop~~no ~~options.~~

~~Note that this~~allows to enable or disabledisk quota for a container. By default, a global value~~command can lead to execution of some action scripts~~ (~~see~~~~ACTION SCRIPTS~~DISK_QUOTA) from [[Man/vz.conf.5|vz.conf ~~below~~(5)]] is used.

Note that thisparameter is ignored for ~~status~~plooplayout.

~~Shows a container status. This~~--diskspace~~is a line with five or six words, separated by spaces.~~num[:num]

~~First word isliterally~~ For ~~CTID~~simfslayout, setssoft and hard disk quota limits. First parameter is softlimit, second is hard limit.

~~Second word~~ Forploop layout, initiates the procedure of resizing theploop image file to the new size. Since there isno~~the numeric~~ soft/hard limit concept in ploop, second ~~CT ID~~num, ifspecified, is ignored.

~~Third word~~ By default,ploop resize is done online, i.e. on a mounted ploop. Thisisa preferred way of doing resize. Although, in a rare case~~showing whether this~~ a container ~~exists or not~~was using lots of disk space and should now beresized to a much smaller size, ~~it can~~ an offline resize might be~~either~~ more appropriate. In this case, make sure the container isstopped and unmounted and use additional~~exist~~--offline-resize ~~or deleted.~~option

~~Fourth word~~ Note that ploopresize is~~showing the status of the~~ NOT performed on container ~~filesystem~~start, ~~it can be~~so for~~either~~ consistency ~~mounted~~--diskspace or must be used together with~~unmounted~~--saveflag.

~~Fifth word~~Suffixes~~shows if the container is running~~G, M, ~~it can be either~~~~running~~K or can also be specified (see~~down~~Resource limitssection for more info on suffixes).If suffix is not specified, value is in kilobytes.

~~Sixth word, ifexists, is~~ ~~suspended~~--diskinodes~~. It appears if both a containerand its dump file exist (see~~ <bi>num[:~~chkpnt~~num</bi>).]

~~This command~~sets soft and hard disk quotalimits, in i-nodes. First parameter is soft limit, second is~~can also be usable from scripts~~hard limit.

Note that thisparameter is ignored for ~~mount~~plooplayout.

~~Mounts container private area.Note that this command can lead to execution of~~~~premount~~--quotatime ~~and mount action scripts (see~~<bi>~~ACTION SCRIPTS~~seconds</bi> ~~below).~~

~~umount~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.

~~Unmounts container privatearea.~~ Note that this ~~command can lead to execution ofumount and postumount action scripts (see~~parameter is ignored for ~~ACTION SCRIPTS~~ploop ~~below)~~layout.

~~Note that~~~~stop~~--quotaugidlimit ~~does~~ <bi>~~umount~~num</bi> ~~automatically.~~

Enables or disablesin-container per-user and per-group disk quotas. If thevalue is set to ~~quotaon~~0 ~~ctid~~or not set, disk quotas inside thecontainer is disabled and not accounted.

~~Turn disk quota on. Not that~~For~~mount~~simfs ~~and start<~~layout containers, non-zero value sets maximumnumber of user/~~b> does that automatically~~group IDs for which disk quota isaccounted.

For~~quotaoff~~ploop ~~ctid<~~layout containers, any non-zero value enablesdisk quota inside the container; the number of user/i>groupIDs used by disk quota is not limited by OpenVZ.

~~Turn~~ Note thatenabling or disabling in-container disk ~~quota off. Not that~~quotas requirescontainer restart, so consider using ~~umount~~--setmode ~~and stop does that automatically~~option.

~~quotainitctid~~=== Capability option ====

~~Initialize disk quota (i.e. run~~~~vzquota init~~--capability~~) with the parameters taken from the CTconfiguration file [[Man~~capname:on</~~ctid.conf.5~~b>|~~ctid.conf~~off[,~~(5)]~~...].

~~exec CTID~~Sets a capability for acontainer. Multiple comma-separated capabilities can be~~command~~specified.

~~Executes command in~~ Note thatsetting acapability when the container~~. Environment variables are~~ is running does not ~~set inside~~ take immediate effect; restart thecontainer~~. Signal handlers may differ from default settings.~~in order for~~If command is~~ the changes to take effect (consider using --setmode~~, commands are read fromstdin~~option).

~~exec2 CTID~~A container hasthe default set of capabilities, thus any operation oncapabilities is "logical AND" with the default~~command~~capability mask.

~~The same as~~ You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, ~~exec~~sys_time, sys_tty_config, ~~butreturn code is~~ mknod, lease, setveid, ve_admin.For detailed description, see capabilities(7). WARNING:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that of setting <ib>~~command~~setpcap:on</ib>fora container will most probably lead to inability to startit. ==== Device access management ====

~~runscript~~--devnodes ~~CTIDscript~~device:[r][w][q]|none

~~Run specified shell script in~~Give the container~~. Argument~~ an access(<ib>~~script~~r</ib> ~~is a file on the hostsystem which contents is~~ - read ~~by vzctl and executed in thecontext of the container. For a running container~~, ~~thecommand jumps into the container and executes the script.For a stopped container~~w - write, ~~it enters the container, mountscontainer’s root filesystem, executes the script, and~~q - disk quota~~unmounts CT root. In the latter case~~management, ~~the container is notreally started, no file systems other than root (such as~~~~/proc~~none- no access) ~~are mounted, no startup scripts are executed~~to a device designated~~etc~~by the special file /dev/device. ~~Thus the environment in which the script is running~~ Device file is~~far from normal and is only usable for very basicoperations~~created in a container by vzctl.Example:

~~enter [~~ vzctl set 777 --~~execcommand [arg ...]]~~devnodes sdb:rwq</ppre>

~~Enters into a container (givinga container’s root shell). This option is a back~~--~~door~~devices~~for host root only. The proper way to have CT root shell isto use~~ b|c:major:minor|all:[r][w][q]|~~ssh~~none~~(1).~~

~~Option~~Give the container an access toa ~~--exec~~b ~~is used to run~~ lock or <ib>~~command~~c</ib> ~~with arguments~~haracter device designated by its~~after entering into container. This is useful if command tobe run requires a terminal (so~~ <bi>~~vzctl exec~~major</bi> ~~can not beused)~~ and ~~for some reason you can not use~~ <bi>~~ssh~~minor</bi>~~(1)~~numbers. Device file have tobe created manually.

~~You need to logout manually from the shell to finish session (even if youspecified --exec).~~=== PCI device management ====

--pci_add[domain:]bus:slot.func

Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by ~~--help~~lspci(8) in the first column).

~~Prints help message with a~~--pci_del~~brief list of possible options~~[domain:]bus:slot.func

~~--version~~Delete a PCI device from thecontainer.

~~Prints~~ Note thatvps-pci configuration script is executed byvzctlthen configuring PCI devices. The script is~~version~~usually located at /usr/libexec/vzctl/scripts/.

== ~~ACTION SCRIPTS~~ == Features management ====

~~vzctlhas an ability to execute user~~-~~defined scripts when aspecific vzctl~~-features ~~command is run for a container. Thefollowing~~ <bi>~~vzctl~~name</bi> ~~commands can trigger execution ofaction scripts~~: ~~start~~on, |~~stop~~off, [<~~b>restart</~~b>,~~mount and umount~~...]

~~Action scripts~~Enable or disable a specificcontainer feature. Known features are ~~located in the~~ : sysfs</~~etc~~b>,nfs</vzb>, sit</~~conf~~b>, ipip, ppp ~~directory. There are~~,~~global and per-CT scripts. Global scripts have a literalprefix of~~ ~~vps.~~ipgre, bridge ~~and are executed for all containers.Per-CT scripts have a~~ , <ib>~~CTID~~nfsd</ib> ~~numeric prefix and are~~. A few features can~~executed for the given container only~~be specified at once, comma-separated.

~~There are 8action scripts currently defined: vps.premount, CTID.premount~~=== Apply config ====

~~Global and per~~--~~CT mount scripts~~applyconfig~~which are executed for a container before it is mounted.Scripts are executed in the host OS context, while a CT isnot yet mounted or running. Global script, if exists, isexecuted first.~~name

Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if --save~~vps~~option specified save tothe container config file.~~mount~~The following parameters are notchanged: HOSTNAME, IP_ADDRESS,<ib>OSTEMPLATE, ~~CTID~~VE_ROOT</ib>, and~~.mount~~VE_PRIVATE.

~~Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as~~ ~~.premount~~--applyconfig_map~~scripts.~~group

Apply container configparameters selected by ~~CTID~~group. Now the only possiblevalue for group is ~~.start~~name: to restore containername based on NAMEvariable in containerconfiguration file.

~~Right after vzctl<~~=== I/~~b> hasstarted a container, it executes this script in a containercontext.~~O scheduling ====

<ib>~~CTID~~--ioprio</ib><bi>~~.stop~~priority</bi>

~~Right before~~ Assigns disk I/O priority tocontainer. Priority range is ~~vzctl~~0-7 ~~has~~. The greater~~stopped a~~ priority is, the more time for I/O activity container~~, it executes this script in a~~ has. By default each containerhas priority of~~context~~4.

~~vps.umount~~--iolimit,~~CTID~~limit[~~.umount~~B|K|M|G]

~~Global and per-CT umount~~Assigns disk I/O bandwidth~~scripts which are executed~~ limit for a container ~~before it~~ . Value iseither a number with an~~unmounted~~optional suffix, or a literal string unlimited. ~~Scripts are executed in the host OS context,~~Value~~while~~ of 0 means "unlimited". By default a ~~CT is mounted~~container has no I/O limit. ~~Global script, if exists,~~ Maximum allowed limit is ~~executed~~2gigabytes per second; values exceeding the limit are~~first~~truncated.

If no suffix isprovided, the limit is assumed to be in megabytes persecond. Available suffixes are: • b, B -- bytes per second; • k, ~~vps.postumount~~K -- kilobytes per second; • m,M -- megabytes per second (default);<ibr>• ~~CTID~~g</ib>, ~~.postumount~~G-- gigabytes per second;

~~Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as~~ ~~.umount~~--iopslimit~~scripts.~~iops

~~The environment~~Assigns IOPS limit for a~~passed to all the *mount<~~container, in number of input/~~b> scripts is the standardenvironment of the parent (i.e~~output operations per second. ~~vzctl) with twoadditional variables:~~ Value is a number or a literal string ~~$VEID and $VE_CONFFILE~~unlimited.~~The first one holds the ID~~ Value of ~~the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as~~ ~~$VE_ROOT~~0~~, it needs to get those~~means "unlimited". By default a~~from global and per-CT configuration files~~container has no IOPS limit.

~~Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount.~~== Suspending and resuming ===

<~~pre~~ p style="~~margin-left:11%;~~ margin-top: 1em"> ~~# If one~~ Checkpointing is a feature of ~~these files does not exist then something~~ ~~# is really broken~~ [ OpenVZ kernel which allows to save a complete in-~~f /etc/sysconfig/vz ] || exit 1~~kernel ~~[ -f $VE_CONFFILE ] || exit 1~~ ~~# Source both files. Note the order is important.~~ ~~. /etc/vz/vz.conf~~ state of a running container, and to restore it later. ~~$VE_CONFFILE~~ ~~mount -n --bind /mnt/disk $VE_ROOT/mnt/disk~~</~~pre~~p>

suspend|chkpntCTID [--dumpfile name]

This command suspends acontainer to a dump file If an option -~~top: 1em"~~-dumpfile~~Returns 0 upon~~is~~success~~not set, ~~or an appropriate error code in case of an~~default dump file name~~error:~~/vz/dump/Dump.CTID is used.

<~~table width~~p style="~~100~~margin-left:11%;" ~~border="0" rules="none" frame="void"~~>resume|restore ~~cellspacing="0" cellpadding="0"~~CTID [--dumpfile<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>name</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">1This command restores acontainer from the dump file created by the </pb>suspend</tdb>~~<td width="7%">~~command.</tdp>~~<td width~~=== Snapshotting ===~~"78%">~~

<p~~>Failed to set a UBC parameter</td></tr><tr valign~~style="margin-top~~" align="left~~: 1em">Snapshotting is a feature based~~<td width="11%">~~on checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop device.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">2snapshot</pb> CTID[--id uuid] [--name name</tdi>][--description<~~td width="7%"~~/b> desc</tdi>] [--skip-suspend] [--skip-config]<~~td width="78%"~~/p>

<p~~>Failed to set a fair scheduler parameter</td></tr><tr valign="top" align~~style="margin-left:17%;">Creates a container snapshot,~~<td width="11%">~~i.e. saves the current container state, including its filesystem state, running processes state, and configurationfile.</~~td><td width="4%"~~p>

<p~~>3</td><td width~~style="7margin-left:17%; margin-top: 1em">If a containeris running, and --skip-suspend</tdb>option is notspecified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.<~~td width="78%"~~/p>

<p~~>Generic system error</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Unless<~~td width="11%"~~b>--skip-config</tdb>option is given, containerconfiguration file is saved to the snapshot.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">If uuid5is not specified, it is auto-generated. Options--name</pb> and --description</tdb>can be used tospecify the snapshot name and description, respectively.Name is displayed by <~~td width="7%"~~b>snapshot-list</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">snapshot-switch~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)~~CTID</pi> [--skip-resume</tdb> | --must-resume</trb>][--skip-config] <~~tr valign="top" align="left"~~b> --id <~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>6</td><td width~~style="7margin-left:17%;">Switches the container to asnapshot identified by uuid</tdi>, restoring its filesystem state, configuration (if available) and its runningstate (if available).<~~td width="78%"~~/p>

<p~~>Not enough system resources</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em"><~~td width="11%"~~b>Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!</tdb><~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">7Option</pb>--skip-resume</tdb>is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <~~td width="7%"~~b>--skip-suspend</tdb>).<~~td width="78%"~~/p>

<p~~>ENV_CREATE ioctl failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">If option<~~td width="11%"~~b>--must-resume</tdb>is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.<~~td width="4%"~~/p>

<p~~>8</td><td width~~style="7margin-left:17%; margin-top: 1em">Option option--skip-config</tdb>is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Command executed by~~ ~~vzctl exec~~snapshot-delete ~~returned non-zeroexit code~~</pi>CTID</tdi><~~/tr~~b>--id<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>9</td><td width~~style="7margin-left:17%;">Removes a specifiedsnapshot.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container is locked by another~~ ~~vzctl~~snapshot-mount~~invocation~~CTID</pi> --id</tdb> uuid</tri><~~tr valign="top" align="left"~~b>--target<~~td width="11%"~~i>directory</tdi><~~td width="4%"~~/p>

<pstyle="margin-left:17%;">10Mounts a snapshot specified byuuid to a directory. Note this mount isread-only. <pstyle="margin-left:11%;">snapshot-umount</tdb><~~td width~~i>CTID --id uuid Unmounts a specifiedsnapshot.</tdp> <~~td width~~p style="78margin-left:11%;">snapshot-listCTID [-H] [-ofield[,field...] [--id uuid]

<p~~>Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align~~style="margin-left:17%;">List container’s~~<td width="11%">~~snapshots.</~~td><td width="4%"~~p>

<p~~>11</td><td width~~style="7margin-left:17%; margin-top: 1em">You cansuppress displaying header using -H</tdb>option.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~A vzctl helper script file not found~~You can use the</pb>-o</tdb>option to display only the specified<~~/tr~~i>field<~~tr valign="top" align="left"~~/i>(s). List of available fields can be obtainedusing <~~td width="11%"~~b>-L</tdb>option.<~~td width="4%"~~/p>

~~12</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Performing container actions ===

<~~p>Permission denied</td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

<pstyle="margin-top: 1em">create13</td><td width="72%"></td>

<pstyle="margin-top: 1em">CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root path][--ipadd addr][--hostname ~~Capability setting failed~~name</pi>][--name </tdb>name</tri>][--local_uid <~~tr valign="top" align="left"~~/b>uid][--local_gid gid] </td ~~width="11%"~~></tdtr><~~td width="4%"~~/table>

<p~~>14</td><td width~~style="7margin-left:17%; margin-top: 1em">Creates a newcontainer area. This operation should be done once, beforethe first start of the container.</~~td><td width="78%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container configuration file~~ By default, anOS template denoted by DEF_OSTEMPLATE parameter of[[Man/~~ctid~~vz.conf.5|~~ctid~~vz.conf(5)]] ~~not~~is used to create a container. This can be~~found~~overwritten by </pb> --ostemplate</tdb>option.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">15By default, anew container configuration file is created from a sampleconfiguration denoted by value of </pb>CONFIGFILE</tdb>parameter of [[Man/vz.conf.5|<~~td width="7%"~~b>vz.conf</tdb>(5)]]. If the containerconfiguration file already exists, it will not bemodified.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Timeout on~~ The value of~~vzctl exec~~CONFIGFILEcan be overwritten by using the</pb>--config</tdb><~~/tr~~i>name<~~tr valign="top" align="left"~~/i>option. This option can not be~~<td width="11%">~~used if the container configuration file already exists.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">A new containercan either be created using simfs filesystem or on aploop device. The default is set by value of16VE_LAYOUT</pb> parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by --layout option. In case ploopis used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw</tdb>. Default is<~~td width="7%"~~b>expanded. Using value other than expanded</tdb>isnot recommended and is currently not supported.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Error during~~ You can use~~vzctl chkpnt~~--diskspaceand </pb>--diskinodes</~~td></tr~~b>options to~~<tr valign="top" align="left">~~specify container file system size. Note that for<~~td width="11%"~~b>ploop</tdb>layout, you will not be able to change inodesvalue later.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">IfDISKSPACE is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.conf.5|17vz.conf</pb>(5)]], --diskspace</tdb>parameter is required for <~~td width="7%"~~b>ploop</tdb>layout.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Error during~~ Suffixes~~vzctl restore~~G, </pb>M</tdb>, <~~/tr~~b>K<~~tr valign="top" align="left"~~/b>can also be specified (see<~~td width="11%"~~b>Resource limits</tdb>section for more info onsuffixes).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">18You can use--root</pb> path option to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf</tdb>(5)]] file).Argument can contain literal string <~~td width="7%"~~b>$VEID</tdb>, which willbe substituted with the numeric CT ID.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Error from~~ You can use~~setluid()~~--private ~~syscall~~path</pi>option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is <~~/td~~b>VE_PRIVATE</trb>specified in [[Man/vz.conf.5|vz.conf<~~tr valign="top" align="left"~~/b>(5)]] file). Argument can containliteral string <~~td width="11%"~~b>$VEID</tdb>, which will be substituted withthe numeric CT ID.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">20You can use</pb>--ipadd</tdb><~~td width="7%"~~i>addr</tdi>option to assign an IP address toa container. Note that this option can be used multipletimes.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Invalid command line parameter~~You can use</pb>--hostname</tdb><~~/tr~~i>name<~~tr valign="top" align="left"~~/i>option to set a host name for~~<td width="11%">~~a container.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and21--local_gid</pb> can be used to select which uidand gid respectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UID andLOCAL_GID</tdb>from global configuration file[[Man/vz.conf.5|<~~td width="7%"~~b>vz.conf(5)]] are used. An explicit --local_uid</tdb>value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid<~~td width="78%"~~/b> is ignored.

<pstyle="margin-left:17%; margin-top: 1em">~~Invalid value for command line parameter~~</pb>Warning:</tdb>use <~~/tr~~b>--local_uid<~~tr valign="top" align="left"~~/b>and <~~td width="11%"~~b>--local_gid</tdb>with care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">22destroy</pb> | delete</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.~~Container root directory (~~ ~~VE_ROOT~~start~~) not set~~CTID</pi>[--wait</tdb>] [--force</trb>] [--skip-fsck<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-remount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Mounts (if necessary) andstarts a container. Unless 23--wait</pb> option isspecified, vzctl</tdb>will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by <~~td width="7%"~~b>vzctl</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~Specify~~VE_PRIVATE~~--force~~) not~~if you want to start a container which is~~set~~disabled (see </pb> --disabled</tdb>).</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>24</td><td width~~style="7margin-left:17%; margin-top: 1em">Specify--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="78%"~~/p>

<p~~>Container template directory (TEMPLATE) notset </td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using <~~td width="11%"~~b>--skip-remount</tdb>flag.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of premount,28mount</pb> and start</tdb>action scripts (see ACTIONSCRIPTS<~~td width~~/b> below). stop</tdb> CTID[--fast<~~td width="78%"~~/b>] [--skip-umount]

<pstyle="margin-left:17%;">Stops a container and unmountsit (unless ~~Not all required UBC parameters are set~~--skip-umount is given). Normally, ~~unable to start~~halt(8) is executed inside a container; option</pb> --fast</tdb>makes <~~/tr~~b>vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that29vzctl stop</pb> is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</tdb>in[[Man/vz.conf.5|vz.conf(5)]], or per container (<~~td width="7%"~~b>STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="78%"~~/b>(5)]], see --stop-timeout).

<pstyle="margin-left:17%; margin-top: 1em">~~OS template is not specified, unable~~ Note that thiscommand can lead to ~~createcontainer~~execution of stop</pb> , <~~/td~~b>umount</trb>and <~~tr valign="top" align="left"~~b>postumountaction scripts (see <~~td width="11%"~~b>ACTIONSCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">31restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Container not~~ Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the</pb>start</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>options.</~~td><td width="4%"~~p>

<p~~>32</td><td width~~style="7margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container already running~~</pb>status</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<p~~>33</td><td width~~style="7margin-left:17%;">Shows a container status. Thisis a line with five or six words, separated by spaces.</~~td><td width="78%"~~p>

<p~~>Unable to stop container</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">First word isliterally <~~td width="11%"~~b>CTID</tdb>.<~~td width="4%"~~/p>

<p~~>34</td><td width~~style="7margin-left:17%; margin-top: 1em">Second word isthe numeric CT ID</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to add IP address to~~ Third word isshowing whether this containerexists or not, it can beeither </pb>exist</tdb>or <~~/tr~~b>deleted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">40Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~td width="7%"~~b>unmounted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container not mounted~~Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~/tr~~b>down<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">41Sixth word, ifexists, is </pb>suspended</tdb>. It appears if a dump fileexists for a stopped container (see <~~td width="7%"~~b>suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Container already mounted</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">This command~~<td width="11%">~~can also be usable from scripts.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">43</pb>mount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container~~ Mounts container private area ~~not found~~.Note that this command can lead to execution of</pb>premount</tdb>and <~~/tr~~b>mount<~~tr valign="top" align="left"~~/b>action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">44</pb>umount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container~~ Unmounts container private area ~~already exists~~. Note that this command can lead to execution of</pb>umount</tdb>and <~~/tr~~b>postumount<~~tr valign="top" align="left"~~/b>action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">46Note that</pb>stop</tdb>does <~~td width="7%"~~b>umount</tdb>automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Not enough disk space~~convert</pb><~~/td~~i>CTID</tri>[<~~tr valign="top" align="left"~~b>--layoutploop[:<~~td width="11%"~~/b>{expanded|plain|raw</tdb>}]]<~~td width="4%"~~/p>

<p~~>47</td><td width~~style="7margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Bad/broken container (~~~~/sbin/init~~compact or<bi>~~/bin/sh~~CTID</bi> ~~not found)~~</p~~></td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~>

<p~~>48</td><td width~~style="7margin-left:17%;">Compact container image. Thisonly makes sense for ploop layout.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Unable to create a new container private area~~</pb>quotaon</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">49Turn disk quota on. Not that</pb>mount</tdb>and <~~td width="7%"~~b>start</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to create a new container root area~~</pb>quotaoff</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">50Turn disk quota off. Not that</pb>umount</tdb>and <~~td width="7%"~~b>stop</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to mount container~~</pb>quotainit</~~td></tr~~b><~~tr valign="top" align="left"~~i>CTID<~~td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">51Initialize disk quota (i.e. run</pb>vzquota init</tdb>) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|<~~td width="7%"~~b>ctid.conf</tdb>(5)]].<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to unmount container~~</pb>exec</tdb><~~/tr~~i>CTIDcommand<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">Executes 52command</pi> in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If command</tdi>is <~~td width="7%"~~b>-</tdb>, commands are read fromstdin.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to delete a container~~</pb>exec2</tdb><~~/tr~~i>CTIDcommand<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">53The same as </pb>exec</tdb>, butreturn code is that of <~~td width="7%"~~i>command</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container private area not exist~~</pb>runscript</tdb><~~/tr~~i>CTIDscript<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<p~~>60</td><td width~~style="7margin-left:17%;">Run specified shell script inthe container. Argument script</tdi>is a file on the hostsystem which contents is read by vzctl and executed in the~~<td width="78%">~~context of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as~~~~~~vzquota on~~/proc ~~failed</td></tr>~~) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running is~~<tr valign="top" align="left">~~far from normal and is only usable for very basic~~<td width="11%">~~operations.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">61enter</pb> CTID</tdi>[--exec command [<~~td width="7%"~~i>arg</tdi>...]]<~~td width="78%"~~/p>

<p~~>vzquota init failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">62Option--exec</pb> is used to run command</tdi>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~td width="7%"~~b>vzctl exec</tdb>can not beused) and for some reason you can not use ssh<~~td width="78%"~~/b>(1).

<p~~>vzquota setlimit failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">You need to logout manually from the shell to finish session (even if youspecified <~~td width="11%"~~b>--exec</tdb>).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">63console</pb> CTID</tdi>[<~~td width="7%"~~i>ttynum</tdi>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum~~Parameter~~ argument is tty number (such as~~DISKSPACE~~4 ~~not set~~for </pb>tty4</tdb>), default is <~~/tr~~b>1<~~tr valign="top" align="left"~~/b>which is usedfor container’s <~~td width="11%"~~b>/dev/console</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">64Note theconsoles are persistent, meaning that: </pbr>• it can be attached to even if the container is notrunning; <~~/td~~br>• there is no automatic detachment upon the containerstop; <~~td width="7%"~~br>• detaching from the console leaves anything running inthis console as is.</~~td><td width="78%"~~p>

<p~~>Parameter DISKINODES not set</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">The followingescape sequences are recognized by <~~td width="11%"~~b>vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">66•</pb>Esc</tdb>then <~~td width="7%"~~b>.</tdb>to detach from the console.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">•~~vzquota off~~Esc ~~failed~~then </pb>!</~~td></tr~~b>to kill anything running on the~~<tr valign="top" align="left">~~console (SAK). This is helpful when one expects a login~~<td width="11%">~~prompt but there isn’t one.</~~td><td width="4%"~~p>

~~67</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Other options ===

<p~~>ugid quota not initialized</td></tr><tr valign="top" align~~style="margin-left:11%;"><~~td width="11%"~~b>--help</tdb><~~td width="4%"~~/p>

<p~~>71</td><td width~~style="7margin-left:17%;">Prints help message with abrief list of possible options.</~~td><td width="78%"~~p>

<p~~>Incorrect IP address format</td></tr><tr valign="top" align~~style="margin-left:11%;"><~~td width="11%"~~b>--version</tdb><~~td width="4%"~~/p>

<p~~>74</td><td width~~style="7margin-left:17%;">Prints vzctl</tdb>version.<~~td width="78%"~~/p>

~~Error changing password</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~ACTION SCRIPTS =~~"11%"></td><td width~~=~~"4%">~~

<pstyle="margin-left:11%; margin-top: 1em">vzctlhas an ability to execute user-defined scripts when aspecific vzctl command is run for a container. Thefollowing vzctl commands can trigger execution ofaction scripts: start, stop, restart,mount and umount. Action scriptsare located in the /etc/vz/conf/ directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps. and are executed for all containers.Per-CT scripts have a CTID. numeric prefix andare executed for the given container only. Please notescripts are executed in a host system (CT0) context, withthe exception of .start and .stop scripts,which are executed in a container context. The followingaction scripts are currently defined: vps.premount, CTID.premount Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first. vps.mount,CTID.mount Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as .premountscripts. CTID.start Right after vzctl hasstarted a container, it executes this script in a containercontext. CTID.stop Right before vzctl hasstopped a container, it executes this script in a containercontext. vps.umount,CTID.umount Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst. vps.postumount,CTID.postumount Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umountscripts. The environmentpassed to all the *mount scripts is the standardenvironment of the parent (i.e. vzctl) with twoadditional variables: $VEID and $VE_CONFFILE.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files. Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount. <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</pre> == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror: <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 1</td><td width="7%"></td><td width="78%"> Failed to set a UBC parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 2</td><td width="7%"></td><td width="78%"> Failed to set a fair scheduler parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 3</td><td width="7%"></td><td width="78%"> Generic system error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 5</td><td width="7%"></td><td width="78%"> The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 6</td><td width="7%"></td><td width="78%"> Not enough system resources</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 7</td><td width="7%"></td><td width="78%"> ENV_CREATE ioctl failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 8</td><td width="7%"></td><td width="78%"> Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 9</td><td width="7%"></td><td width="78%"> Container is locked by another vzctlinvocation </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 10</td><td width="7%"></td><td width="78%"> Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 11</td><td width="7%"></td><td width="78%"> A vzctl helper script file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 12</td><td width="7%"></td><td width="78%"> Permission denied</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 13</td><td width="7%"></td><td width="78%"> Capability setting failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 14</td><td width="7%"></td><td width="78%"> Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 15</td><td width="7%"></td><td width="78%"> Timeout on vzctl exec</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 16</td><td width="7%"></td><td width="78%"> Error during vzctl suspend</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 17</td><td width="7%"></td><td width="78%"> Error during vzctl resume</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 18</td><td width="7%"></td><td width="78%"> Error from setluid() syscall</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 20</td><td width="7%"></td><td width="78%"> Invalid command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 21</td><td width="7%"></td><td width="78%"> Invalid value for command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 22</td><td width="7%"></td><td width="78%"> Container root directory (VE_ROOT) not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 23</td><td width="7%"></td><td width="78%"> Container private directory (VE_PRIVATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 24</td><td width="7%"></td><td width="78%"> Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 28</td><td width="7%"></td><td width="78%"> Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 29</td><td width="7%"></td><td width="78%"> OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 31</td><td width="7%"></td><td width="78%"> Container not running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 32</td><td width="7%"></td><td width="78%"> Container already running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 33</td><td width="7%"></td><td width="78%"> Unable to stop container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 34</td><td width="7%"></td><td width="78%"> Unable to add IP address to container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 40</td><td width="7%"></td><td width="78%"> Container not mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 41</td><td width="7%"></td><td width="78%"> Container already mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 43</td><td width="7%"></td><td width="78%"> Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 46</td><td width="7%"></td><td width="78%"> Not enough disk space</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td><td width="7%"></td><td width="78%"> Unable to create a new container private area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 49</td><td width="7%"></td><td width="78%"> Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">

~~IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~79~~139</td>

~~Container action script returned an error~~Error saving container configuration file</td></tr>

82148</td>

~~Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~86</td><td width="7%"></td><td width="78%">~~ Error setting ~~devices~~ container IO parameters (~~--devices or--devnodes~~ioprio)~~ </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~89</td><td width="7%"></td><td width="78%">~~ ~~IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~91</td><td width="7%"></td><td width="78%">~~ ~~OS template not found~~</td></tr>

~~100~~150</td>

~~Unable to find container IP address~~Ploop image file not found</td></tr>

~~104~~151</td>

~~VE_NETDEV ioctl error~~Error creating ploop image</td></tr>

~~105~~152</td>

~~Container start disabled~~Error mounting ploop image</td></tr>

~~106~~153</td>

~~Unable to set iptables on a running container~~Error unmounting ploop image</td></tr>

~~107~~154</td>

~~Distribution-specific configuration file not found~~Error resizing ploop image</td></tr>

~~109~~155</td>

~~Unable~~ Error converting container to ~~apply a config~~ploop layout</td></tr>

~~129~~156</td>

~~Unable to set meminfo parameter~~Error creating ploop snapshot</td></tr>

~~130~~157</td>

Error ~~setting veth interface~~merging ploop snapshot</td></tr>

~~131~~158</td>

Error ~~setting container name~~deleting ploop snapshot</td></tr>

~~133~~159</td>

~~Waiting for container start failed~~Error switching ploop snapshot</td></tr>

~~139~~166</td>

Error ~~saving container configuration file~~compacting ploop image</td></tr>

~~148~~167</td>

Error ~~setting container IO parameters (ioprio)~~listing ploop snapsots</td></tr>

</table>

== FILES ==

/etc/vz/vz.conf~~ ~~/etc/vz/conf/CTID.conf ~~ ~~/etc/vz/conf/vps.{premount,mount,umount,postumount} ~~ ~~

/etc/vz/conf/CTID.{premount,mount,start,stop,umount,postumount}

~~ ~~/proc/vz/veinfo ~~ ~~/proc/vz/vzquota ~~ ~~/proc/user_beancounters ~~ ~~/proc/bc/* ~~ ~~/proc/fairsched</ppre>

== SEE ALSO ==

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools