Changes

← Older edit

Man/vzctl.8

25,311 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID~~ [--ostemplate name][--config name][~~--~~root ~~parameter value</~~b><~~i>~~path]~~[~~--private path][--ipadd addr][--hostname name~~...] </td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] ~~set~~snapshot CTID ~~[--save][--setmode restart|ignore][--onboot yes|no]~~[--~~bootorder~~id ~~number][--root ~~uuid</~~b><~~i~~>path][--private path][--userpasswd user:pass][--disabled yes|no</b~~>]

[--name name]

[--description ~~string~~desc][--~~ipadd addr][~~skip-~~-ipdel addr|all~~suspend][--~~hostname name][~~skip-~~-nameserver ~~config</b~~>addr][--searchdomain name</i~~>]~~[--netif_add ~~</bp>~~dev~~</~~i>[,<i~~td>~~params~~</itr>~~...]][--netif_del dev|~~<btr valign="top" align="left">~~all]~~[<btd width="11%">~~--ifname~~</~~b> dev</i~~td>[<btd width="7%">~~--mac hwaddr][--host_ifname dev]~~[<bp>~~--host_mac ~~~~hwaddr~~vzctl</~~i>]~~[~~--bridge ~~</bp>~~name~~</itd>][<~~b>--mac_filter on|<b~~td width="2%">~~off~~</btd>]]~~[--numproc items~~</itd width="80%">]~~[--numtcpsock items]~~[<bp>~~--numothersock items]~~[~~--vmguarpages ~~~~pages~~flags][snapshot-~~-kmemsize ~~switch~~bytes~~CTID][--~~tcpsndbuf bytes][-~~skip-~~tcprcvbuf ~~resume~~bytes]~~[| --~~othersockbuf bytes][--dgramrcvbuf bytes][--oomguarpages pages][-~~must-~~lockedpages ~~resume</b~~>pages</i~~>][--~~privvmpages pages][-~~skip-~~shmpages ~~config</b~~>pages</i~~>][--~~numfile ~~id~~items~~uuid]~~[--numflock items~~</ip>]~~[--numpty ~~</~~b><i~~td>~~items~~</itr>][<btr valign="top" align="left">~~--numsiginfo items]~~[<btd width="11%">~~--dcachesize ~~</~~b><i~~td>~~bytes][--numiptent ~~</btd width="7%">~~num][--physpages pages]~~[<bp>~~--swappages ~~~~pages~~vzctl</~~i>]~~[~~--cpuunits ~~</~~b><i~~p>~~num~~</itd>]~~[--cpulimit ~~</btd width="2%">~~num~~</itd>]~~[--cpus ~~</btd width="80%">~~num][--cpumask cpus|all]~~[<~~b>--meminfo none|mode:value</i~~p>][~~--iptables ~~~~name~~flags][snapshot-~~-netdev_add ~~delete~~ifname~~CTID][--~~netdev_del ~~id~~ifname~~uuid]~~[--diskquota yes~~</bp>~~|no][--diskspace ~~</btd>~~num~~</itr>][<btr valign="top" align="left">~~--diskinodes num]~~[<~~b>--quotatime <i~~td width="11%">~~seconds~~</itd>][<btd width="7%">~~--quotaugidlimit num][--noatime yes|no]~~[<bp>~~--capability ~~~~capname~~vzctl</~~i>:<~~b>on</bp>~~|off~~</btd>][<btd width="2%">~~--devnodes ~~</~~b><i~~td>~~param][--devices ~~<itd width="80%">~~param][--pci_add dev]~~[<bp>~~--pci_del dev]~~[~~--features ~~~~param~~flags</i~~>:on|off</b~~>][snapshot-~~-applyconfig ~~mount~~name~~CTID][--~~applyconfig_map ~~id~~group~~uuid][--~~ioprio ~~target~~num~~dir] </td></tr><tr valign="top" align="left">

[flags] ~~destroy~~snapshot-umount | CTID~~delete~~--id |uuid</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%"> ~~mount~~vzctl | </td><td width="2%"></td><td width="80%"> [flags] ~~umount~~snapshot-list | <bi>~~status~~CTID</bi> |[~~quotaon~~-H | ] [~~quotaoff~~-o | field[,field...][~~quotainit~~--id~~CTID~~uuid] </td></tr>

[flags] ~~exec~~set | CTID --parameter value[...] [~~exec2~~--save ] [--force<i/b>~~CTID~~]~~command~~[--setmode restart</ib> [|<ib>~~arg~~ignore</ib> ~~...~~]</td></tr>

[flags] ~~enter~~set CTID[--~~exec ~~reset_ub~~command [arg ...]]~~ </td></tr>

[flags] ~~--help~~console | <bi>CTID[~~--version~~ttynum</bi>]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] convert CTID[--~~left:11%~~layout  ~~margin-top~~ploop[: ~~1em"~~{expanded|plain~~Utility~~|~~vzctl~~raw ~~runs on the host system (otherwise known as~~}]] </td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] exec | exec2 CTIDcommand~~, and can be used with any command~~ [arg ... ~~They affect~~]</td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [flags] ~~VERBOSE~~runscript ~~parameter in theglobal configuration file [[Man~~CTID script</~~vz.conf.5|~~i><b/p>~~vz.conf~~</btd>~~(5)]], or to~~ <b/tr>0</btr valign="top" align="left">~~if not set by~~ <btd width="11%">~~VERBOSE~~</btd> ~~parameter.~~</ptd width="7%">

vzctl</td><td width="2%"></td><td width=~~= Setting container parameters ===~~"80%">

~~set~~--help | <ib>~~CTIDparameters~~--version</~~i> [<~~b>~~--save~~</bp>~~] [~~<b/td>~~--force~~</btr>]</ptable>

~~This command sets variouscontainer parameters. If a --save flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Use --force to save theparameters even if the current kernel doesn’t supportOpenVZ. If the container is currently running, vzctlapplies these parameters to the container.~~= DESCRIPTION ==

~~The following~~Utility~~parameters can be used with~~ ~~set~~vzctl ~~command~~runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs).

Containers canbe referred to by either numeric CTID or by name (see--name option). Note that CT ID <=~~== Miscellaneous ====~~100 arereserved for OpenVZ internal purposes. A numeric ID shouldnot be more than 2147483644.

~~--onboot yes |no~~= OPTIONS ==

~~Sets whether the container willbe started during system boot. The container will not beauto-started unless this parameter is set to yes.~~== Flags ===

~~--bootorder~~These flags come before acommand, and can be used with any command. They affectlogging to console (terminal) only, and do not affect~~number~~logging to a log file.

~~Sets the boot order priorityfor this CT. The higher the number is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset~~ ~~bootorder~~--quiet ~~willstart last.~~

~~--root path~~Disables output. Note thatscripts run by vzctl are still able to produce someoutput.

~~Sets the path to root directory~~(~~VE_ROOT~~--verbose~~) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string $VEID, which will besubstituted with the numeric CT ID.~~

Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of VERBOSE parameter in theglobal configuration file [[Man/vz.conf.5|vz.conf(5)]], or to ~~--private~~0if not set by <ib>~~path~~VERBOSE</ib>parameter.

~~Sets the path to privatedirectory (VE_PRIVATE) for this~~ == Setting container~~. This is adirectory in which all the container’s files arestored. Argument can contain literal string $VEID,which will be substituted with the numeric CT ID.~~parameters ===

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><~~b>--userpasswd</b~~tr valign="top" align="left"><itd width="11%">~~user~~</itd>:<~~i>password</p~~td width="4%">

~~Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so~~ ~~--save~~set ~~flag is useless), it isapplied to the container (by modifying its~~ </~~etc~~p></~~passwd and~~td><td width="2%"></~~etc/shadow files).~~td></ptd width="83%">

~~In case~~CTID[--onboot yes|no][--bootorder number]~~container~~ [--root ~~filesystem is not mounted, it is~~ path][--private path]~~automatically mounted, then all the appropriate file changes~~[--mount_opts options]~~are applied, then it is unmounted.~~[--userpasswd user:pass</pi>][--disabled yes|no][<~~p style="margin~~b>--~~left:17%~~name  ~~margin~~name][--~~top: 1em"~~description string~~Note that~~]~~container should be created before using this option.~~[--ostemplate string</pi>][--stop-timeout seconds][<~~p style="margin~~b>--~~left:11%~~ipadd "addr][--~~disabled yes~~ipdel addr |all][--hostname noname][--nameserver </pb>addr][--searchdomain name][<~~p style="margin~~b>--~~left:17%~~netif_add "dev[,params~~Disable container start~~. To..]][--netif_del dev|all]~~force the start of a disabled container, use~~ [--ifname~~vzctl start~~dev[--~~force~~mac .hwaddr</pi>][--host_ifname dev][<~~p style="margin~~b>--~~left:11%~~host_mac "hwaddr][--~~name~~bridge  name][--mac_filter on|off</pb>]][--numproc items][<~~p style="margin~~b>--~~left:17%~~numtcpsock "items~~Add a name for a container. The~~][--numothersock ~~name~~items ~~can later be used in subsequent calls to~~][~~vzctl~~--vmguarpages  ~~in place of~~ ~~CTID~~pages][--kmemsize .bytes</pi>][--tcpsndbuf bytes][--tcprcvbuf bytes<~~p style="margin~~/i>][--~~left:11%~~othersockbuf "bytes][--~~description~~dgramrcvbuf bytes][--oomguarpages pages~~string~~][--lockedpages pages</pi>][--privvmpages pages][<~~p style="margin~~b>--~~left:17%~~shmpages "pages~~Add a textual description for a~~]~~container.~~[--numfile items</pi>][--numflock items][<~~p style="margin~~b>--~~left:11%~~numpty "items][--~~setmode~~numsiginfo items]~~restart~~[--dcachesize |bytes][~~ignore~~--numiptent num</pi>][--physpages pages][<~~p style="margin~~b>--~~left:17%~~swappages "pages~~Whether to restart a container~~]~~after applying parameters that require the container to be~~[--ram bytes]~~restarted in order to take effect.~~[--swap bytes</pi>][--vm_overcommit float]~~==== Networking ====~~[--cpuunits num][--cpulimit num][<~~p style="margin~~b>--~~left:11%~~cpus "num][--~~ipadd~~cpumask  ~~addr~~cpus|auto</pb>|all][--nodemask nodes|all][<~~p style="margin~~b>--~~left~~meminfo none|mode:~~17%~~value][--iptables "~~Adds an IP address~~ ~~addr~~name~~to a given container~~[,. ~~Address can optionally have a netmaskspecified in the CIDR notation (e~~.g. ]][--netfilter disabled|stateless|stateful|full][--netdev_add ifname][--netdev_del ifname][--diskquota yes|no][--diskspace num][--diskinodes num][--quotatime seconds][--quotaugidlimit num][--capability capname:on|off[,10.1.2.3]][--devnodes param</25i>][--devices ).param]~~Note that this option is incremental, so~~ [--pci_add ~~addr~~dev ~~are~~]~~added to already existing ones.~~[--pci_del dev</pi>][--features name:on|off[,...]][<~~p style="margin~~b>--~~left:11%~~applyconfig "name][--~~ipdel~~applyconfig_map  ~~addr~~group |][~~all~~--ioprio num</pi>][--iolimit mbps][<~~p style="margin~~b>--~~left:17%~~iopslimit "~~Removes IP address~~ ~~addr~~iops] [--save]~~from a container. If you want to remove all the addresses,~~[--force] [--reset_ub]~~use~~ [--~~ipdel all~~setmode restart|ignore.] </td></tr><tr valign="top" align="left"><~~p style~~td width="~~margin-left:~~11%;"></td><td width="4%"></td><td width="2%"></td><td width="83%"> This command sets various container parameters. If thecontainer is currently running, ~~--hostname~~vzctlapplies theseparameters to the container. The following options can beused with <ib>~~name~~set</ib>command.</td></tr></table>

~~Sets container hostname.vzctl writes it to the appropriate file inside acontainer (distribution-dependent).~~=== Flags ====

--~~nameserver~~save~~addr</i~~>

~~Sets DNS server IP address fora container.~~ If ~~you want to set several nameservers~~this flag is given, ~~youshould do it at once, so use --nameserver option~~parameters are saved in container configuration file~~multiple times in one call to vzctl<~~[[Man/~~b>, as all the nameserver values set in previous calls to~~ ctid.conf.5|~~vzctl~~ctid.conf ~~areoverwritten~~(5)]].

--~~searchdomain~~force~~name</i~~>

~~Sets DNS search domains for acontainer.~~ If ~~you want to set several search domains, you~~this flag is given together~~should do it at once, so use~~ with --~~searchdomain~~save ~~option~~, parameters are saved even if the currentkernel doesn’t support OpenVZ. Note this flag does not~~multiple times in one call to~~ make sense without ~~vzctl~~--save, ~~as all thesearch domain values set in previous calls to~~ so ~~vzctl~~--saveis~~are overwritten~~required.

--~~netif_add~~reset_ub~~ifname[,mac,host_ifname,host_mac,bridge]</i~~>

~~Adds a virtual Ethernet device~~If this flag is given,~~(veth) to a given container. Here~~ <ib>~~ifname~~vzctl</ib> ~~is the~~applies all User Beancounter parameters from~~Ethernet device name in~~ the configuration file to a running container~~, mac~~ . This is ~~its MACaddress, host_ifname~~ helpful in case configuration file is ~~the Ethernet device name on~~modified manually.~~the host~~Please note this flag is exclusive, ~~and host_mac</~~i~~> is its MAC address~~. ~~MACaddresses should be in the format like XX:XX:XX:XX:XX:XX~~e.~~bridge is an optional parameter which~~ it can not be ~~used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified~~combined with any other options or flags.

--~~netif_del~~setmode restart|~~dev_name |~~ ~~all~~ignore

~~Removes virtual Ethernet device~~A few parameters can only be~~from~~ applied by restarting the container. By default,vzctl prints a warning if such parameters aresupplied and a containeris running. ~~If you want~~ Use --setmoderestart together with --save flag to ~~remove all devices~~restart acontainer in such a case, ~~use~~or ~~all~~--setmode ignoretosuppress the warning.

==== ~~veth interface configuration~~ Miscellaneous ====

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ --~~ifname~~onboot yes ~~name option.~~ |~~ --mac~~no</b~~> XX:XX:XX:XX:XX:XX</i~~>

~~MAC address of interface inside~~Sets whether the container willbe started during system boot. The container will be startedon boot by vz initscript if either this parameter isset to yes, or the container was running just beforea last reboot, and this parameter is not set to no.Default value is unset, meaning the containerwill bestarted if it was running before the last reboot.

--~~host_ifname~~bootorder~~name~~number

~~interface name~~ Sets the boot order priorityfor ~~virtual~~this CT. The higher the number is, the earlier inthe boot process this container starts. By default this~~interface in~~ parameter is unset, which is considered to be the ~~host system~~lowestpriority, so containers with unset bootorder willstart last.

--~~host_mac~~root~~XX:XX:XX:XX:XX:XX~~path

~~MAC address of interface in~~ Sets thepath to root directory~~host system~~(VE_ROOT) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string $VEID, which will besubstituted with the numeric CT ID.

--~~bridge~~private ~~name~~path

~~Bridge name~~Sets the path to privatedirectory (VE_PRIVATE) for this container. ~~Custom network~~This is a~~start scripts~~ directory in which all the container’s files arestored. Argument can ~~use this value to automatically add~~ contain literal string $VEID,which will be substituted with the~~interface to a bridge~~numeric CT ID.

--~~mac_filter on~~mount_opts |option[~~off~~,option...]

~~Enables/disables MAC address~~Sets additional mount options~~filtering~~ for ~~the Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container~~container file system. ~~If the filtering is turned on:~~ Only applicable for <brb>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ ploop<br/b>~~• it is impossible to modify the veth MAC address frominside the Container~~layout, ignored otherwise.

--~~top~~userpasswduser: ~~1em"~~password~~By default,this functionality is enabled for all veth devices existinginside the Container.~~

Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so --save flag is useless), it isapplied directly to the container, by runningdistribution-specific programs inside the container. It isnot recommended to combine this option with any otheroptions.

~~The followingoptions sets barrier and limit for various userbeancounters. Each option requires one or two arguments.~~ Incase ~~of one argument, vzctl sets barrier and limit tothe same value. In case of two colon-separated arguments~~container was not running,it is automatically started thenall the ~~first is a barrier~~appropriate changes are applied, ~~and the second~~ then it is ~~a limit. Eachargument is either a number, a number with a suffix, or aspecial value unlimited~~stopped.

~~Arguments arein items, pages or bytes.~~ Note that ~~page size isarchitecture-specific, it is 4096 bytes on x86 and x86_64platforms~~container should be created before using this option.

You can alsospecify different suffixes for set parameters (exceptfor the parameters which names start with num). Forexample, vzctl set CTID</i~~> --~~privvmpages5M:6M~~disabled yes ~~should set~~ |~~privvmpages~~no~~’ barrier to 5megabytes and its limit to 6 megabytes.

~~Available~~Disable container start. Toforce the start of a disabled container, use vzctl start~~suffixes are:~~--force.

<~~table width~~p style="~~100~~margin-left:11%;" ~~border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"~~><~~tr valign="top" align="left"~~b>--name<~~td width="11%"~~i>name</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:17%;">Add a name for a container. The<bi>Tname</bi>, can later be used in subsequent calls totvzctlin place of </pi>CTID</tdi>. Note this option cannot be used without <~~td width="5%"~~b>--save</tdb>.<~~td width="44%"~~/p>

<p~~>terabytes;</td><td width~~style="34margin-left:11%;"><~~/td~~b>--description</~~tr><tr valign="top" align="left"~~b><~~td width="11%"~~i>string</tdi><~~td width="6%"~~/p>

<p~~>G, g</td><td width~~style="5margin-left:17%;">Add a textual description for acontainer.</~~td><td width="44%"~~p>

<p~~>gigabytes;</td><td width~~style="34margin-left:11%;"><~~/td~~b>--ostemplate</~~tr><tr valign="top" align="left"~~b><~~td width="11%"~~i>string</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:17%;">Sets a new value ofMOSTEMPLATE, parameter in container configuration file[[Man/ctid.conf.5|mctid.conf(5)]]. Requires </pb>--save</tdb>flag. Useful~~<td width="5%"><~~after a change/~~td>~~upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.<~~td width="44%"~~/p>

<p~~>megabytes;</td><td width~~style="34margin-left:11%;"><~~/td~~b>--stop-timeout</~~tr><tr valign="top" align="left"~~b><~~td width="11%"~~i>seconds</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:17%;">Sets a time to wait forcontainer to stop on Kvzctl stopbefore forciblykilling it, in seconds. Note this option can not be usedwithout k--saveflag.</p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>kilobytes;</td><td width~~style="34margin-left:17%; margin-top: 1em">Special valueof <~~/td~~b>0</~~tr><tr valign="top" align="left"><td width="11%"~~b>means to use compiled-in default.</~~td><td width="6%"~~p>

~~P, p</td><td width~~=~~"5%"></td><td width~~=~~"44%">~~== Networking ====

<pstyle="margin-left:11%;">~~memory pages (arch-specific).~~</pb>--ipadd</tdb><~~td width="34%"~~i>addr</tdi></~~tr></table~~p>

~~You can alsospecify the literal word~~ Adds an IP address <bi>~~unlimited~~addr</bi> ~~in place of~~ to a given container. Address can optionally have anetmask~~number~~specified in the CIDR notation (e.g. ~~In that case the corresponding value will be set toLONG_MAX~~~~, i~~10. e1. ~~the maximum possible value~~2. 3/25~~ ~~).~~--numproc~~ Note that this option is incremental, so ~~items~~addr~~[:items]~~areadded to already existing ones.

~~Maximum number of processes andkernel~~--~~level threads. Setting the barrier and the limit to~~ipdel addr |~~different values does not make practical sense.~~all

~~--numtcpsock~~Removes IP address ~~items~~addr[:from a container. If you want to remove all the addresses,use <ib>~~items~~--ipdel all</ib>].

~~Maximum number of TCP sockets.~~--hostname~~This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense.~~name

Sets container hostname.~~--numothersock~~vzctlwrites it to the appropriate file inside a~~items[:items]~~container (distribution-dependent).

~~Maximum number of non~~--~~TCP~~nameserver~~sockets (local sockets, UDP and other types of sockets).Setting the barrier and the limit to different values doesnot make practical sense.~~addr

Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use --~~vmguarpages~~nameserveroptionmultiple times in one call to <ib>~~pages~~vzctl</ib>[:, as all the nameserver values set in previous calls to <ib>~~pages~~vzctl</ib>]areoverwritten.

~~Memory allocation guarantee.~~A special value~~This parameter controls how much memory is available~~ of inherit can be used to aauto-propagate nameserver~~container. The barrier is~~ value(s) from the ~~amount of memory thatcontainer~~host system’s ~~applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to~~ ~~unlimited~~/etc/resolv.conffile.

--~~kmemsize~~searchdomain~~bytes~~name~~[:bytes]~~

~~Maximum amount of kernel memory~~Sets DNS search domains for a~~used~~container. ~~This parameter is related~~ If you want to set several search domains, youshould do it at once, so use --~~numproc~~searchdomain~~. Each~~option~~process consumes certain amount of kernel memory - 16 KB atleast~~multiple times in one call to vzctl, ~~30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween~~ as all the ~~barrier and the limit of this parameter: equalbarrier and limit may lead~~ search domain values set in previous calls to ~~the situation where the kernelwill need to kill container’s applications to keep the~~~~kmemsize~~vzctl ~~usage under the limit~~are overwritten.

A special valueof ~~--tcpsndbuf~~inheritcan be used to auto-propagate searchdomain value(s) from the host system’s<ib>~~bytes<~~/~~i>[:bytes~~etc/resolv.conf</ib>]file.

~~Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ ~~numtcpsock~~--netif_add ~~multiplied by 2.5KB.~~ifname[,mac,host_ifname,host_mac,bridge]

Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, <bi>mac is its MACaddress, ~~--tcprcvbuf~~host_ifname</bi>is the Ethernet device name onthe host, and ~~bytes~~host_mac[is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge~~bytes~~is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifname]are optional and are automatically generated if notspecified.

~~Maximum size of TCP receive~~--netif_del~~buffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ dev_name | ~~numtcpsock~~all ~~multiplied by 2.5KB.~~

Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--othersockbuf~~all~~bytes[:bytes]~~.

~~Maximum size of other (non-TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX-domain)sockets.~~=== veth interface configuration ====

The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use --~~dgramrcvbuf~~ifname~~bytes~~name[:option. --mac ~~bytes~~XX:XX:XX:XX:XX:XX]

~~Maximum size~~ MAC address of ~~other (non-TCP)~~interface inside~~socket receive buffers. If~~ a container~~’s processes needsto receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and thelimit is not needed~~.

--~~oomguarpages~~host_ifname~~pages~~name[:<i/p>~~pages~~ </ip style="margin-left:22%;">]interface name for virtualinterface in the host system.

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the~~ ~~oomguarpages~~--host_mac ~~usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be set~~to <bi>~~unlimited~~XX:XX:XX:XX:XX:XX</bi>.

~~--lockedpages~~MAC address of interface in the~~pages[:pages]~~host system.

~~Maximum number of pages~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here~~acquired by mlock~~(2FE:FF:FF:FF:FF:FF).

--~~privvmpages~~bridge~~pages~~name~~[:pages]~~

~~Allows controlling the amountof memory allocated by the applications~~Bridge name. ~~For shared (mappedas MAP_SHARED) pages, each container really using a~~Custom network~~memory page is charged for~~ start scripts can use this value to automatically add the ~~fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped asMAP_PRIVATE), container is charged either for~~ interface to a~~fraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet~~bridge.

~~The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the~~ --~~vmguarpages~~mac_filter on |off ~~guarantee.~~

~~--shmpages<~~Enables/b>disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from inside~~pages[~~the Container. If the filtering is turned on:<ibr>~~pages~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); </ibr>]• it is impossible to modify the veth MAC address frominside the Container.

~~Maximum IPC SHM segment size.~~By default,~~Setting~~ this functionality is enabled for all veth devices existinginside the ~~barrier and the limit to different values doesnot make practical sense~~Container.

~~--numfileitems[:items]~~=== VSwap limits ====

~~Maximum number of open files.~~The following~~In most cases the barrier~~ options sets memory and ~~the limit should be set to thesame value. Setting the barrier to 0 effectivelydisables pre~~swap limits for VSwap-~~charging optimization for this beancounter in~~enabled~~the~~ kernels (kernel~~, which leads to the held value being precise butcould slightly degrade file open performance~~version 042stab042 or greater).

~~--numflock~~Argument is inbytes, unless otherwise specified by an optional suffix.~~items[~~Available suffixes are:~~items]~~

~~Maximum number of file locks~~•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • B, b - bytes (this is the default).~~Safety gap should be between barrier and limit.~~ --ram bytes

Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting --~~numpty~~physpageslimit (the barrier is set to~~items[:items]~~0).

~~Number of pseudo~~-~~terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit todifferent values does not make practical sense.~~-swap bytes

Set swap space available to acontainer. Actually, the option is a shortcut for setting--~~numsiginfo~~swappages~~items[:items]~~limit (the barrier is set to 0).

~~Number of siginfo structures.~~--vm_overcommit~~Setting the barrier and the limit to different values doesnot make practical sense.~~float

Set VM overcommitment value to<bi>~~--dcachesize~~float</bi>. If set, it is used to calculate<ib>~~bytes~~privmmpages</ib>[:parameter in case it is not setexplicitly (see below). Default value is <ib>~~bytes~~0</ib>], meaningunlimited privvmpages.

~~Maximum size of~~vzctl~~filesystem-related caches~~checks if running kernel is VSwap capable, ~~such as directory entry~~ and ~~inode~~refuses to~~caches~~use these parameters otherwise. ~~Exists as a separate parameter to impose a limit~~This behavior can be~~causing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortages~~overriden by using --force flag before~~during critical operations that should not fail. Safety gapshould be between barrier and limit~~parameters.

~~--numiptent~~In VSwap mode,all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,they are calculated and set by vzctl implicitly, using the~~num[~~following formulae:~~num]~~

~~Number of iptables (netfilter)~~•~~entries~~lockedpages. ~~Setting the~~ barrier ~~and the limit to differentvalues does not make practical sense~~= oomguarpages.barrier = ram

~~--physpages~~•lockedpages.limit = oomguarpages.limit = unlimited~~pages[:pages]~~

~~On VSwap-enabled kernels, thislimits the amount of physical memory (RAM) available to a~~•~~container~~vmguarpages. ~~The~~ barrier ~~should be set to 0~~= vmguarpages.limit = ram + swap~~, and thelimit to a total size of RAM that can be used used by acontainer.~~

~~For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to~~~~0, and~~ •privvmpages.barrier = privvmpages.limit ~~should be set to unlimited~~= (ram + swap) *vm_overcommit.

(if~~--swappages~~vm_overcommitis <ib>~~pages~~0</ib>[:or not set,<ib>~~pages~~privvmpages</ib>]is set to "unlimited")

~~The limit, if set,~~ Here is ~~used to~~an~~show a total amount~~ example of ~~swap space available inside the~~setting container~~. The barrier~~ 777 to have 512 megabytes of ~~this parameter is currentlyignored. The default value is unlimited, meaningtotal~~ RAM and 1 gigabyte of swap ~~will be reported as 0.~~:

~~Note that inorder for the value to be shown as total~~ vzctl set 777 --ram 512M --swap ~~space,~~1G --~~meminfo parameter should be set to value other thannone.~~save</ppre>

==== ~~CPU fair scheduler parameters~~ User Beancounter limits ====

~~These~~The following~~parameters control CPU usage by container~~options sets barrier and limit for various userbeancounters. ~~ --cpuunits num~~

~~CPU weight~~ Note that for ~~a container.Argument is positive non~~VSwap-~~zero number~~enabled kernels (version 042stab042 or greater) theselimits are optional, ~~passed to~~ you must only set --ram and ~~used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--swap ~~are not specified~~(see above). For older kernels,these limits~~default value of 1000 is used~~are obligatory.

~~You can set CPU~~Each optionrequires one or two arguments. In case of one argument,~~weight for CT0 (host system itself) as well (use~~ vzctl~~set 0 --cpuunits~~ ~~num)~~sets barrier and limit to the same value. Incase of two colon-separated arguments, the first is abarrier, and the second is a limit. ~~Usually~~Each argument is eithera number, ~~OpenVZ initscript~~a number with a suffix, or a special value(~~/etc/init.d/vz~~unlimited~~) takes care of setting this~~.

~~-~~Arguments arein items, pages or bytes. Note that page size isarchitecture-~~cpulimit~~specific, it is 4096 bytes on x86 and x86_64~~num[%]~~platforms.

~~Limit of CPU usage~~ You can alsospecify different suffixes for ~~the~~User Beancounter parameters~~container, in per cent~~(except for those which names start with num). ~~Note if the computer has 2 CPUs~~Forexample, itvzctl set CTID --privvmpages~~has total of 200% CPU time. Default CPU limit is~~ 5M:6M should set 0privvmpages’ barrier to 5~~(no CPU~~ megabytes and its limit)to 6 megabytes.

~~--cpus num~~Availablesuffixes are:

~~sets number of CPUs available~~•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; ~~in the container~~• P, p - memory pages (arch-specific,usually 4KB); • B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~cpumask~~numproc ~~cpus~~items |[:<bi>~~all~~items</bi>]

~~sets list~~ Maximum number of ~~allowed CPUs for~~processes and~~the container. Input format is a comma~~kernel-~~separated list ofdecimal numbers and ranges~~level threads. ~~Consecutively set bits are shownas two hyphen-separated decimal numbers,~~ Setting the ~~smallest~~ barrier and~~largest bit numbers set in the range. For example, if youwant~~ the ~~container~~ limit to ~~execute on CPUs 0, 1, 2, 7, you shouldpass 0-2,7. Default value is all (thecontainer can execute on any CPU)~~different values does not make practical sense.

--numtcpsockitems[:items]

Maximum number of TCP sockets.This parameterlimits the number of TCP connections and,~~control output~~ thus, the number of ~~/proc/meminfo inside a container~~clients the server application canhandle in parallel. ~~ ~~Setting the barrier and the limit to~~--meminfo none~~different values does not make practical sense.

No --numothersock</~~proc~~b>items</~~meminfo virtualization(the same as on host system).~~i>[:items]

~~~~Maximum number of non-~~-meminfo~~TCPsockets (local sockets, UDP and other types of sockets).Setting the barrier and the limit to different values does~~mode:value~~not make practical sense.

~~Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of~~ --~~swappages~~vmguarpages~~parameter.~~pages[:pages]

~~You can use the~~Memory allocation guarantee.~~following modes for mode: ~~This parameter controls how much memory is available to a~~• pages:value - sets total~~ container. The barrier is the amount of memory inthat~~pages~~container’ ~~ ~~s applications are guaranteed to be able to~~&bull~~allocate. The meaning of the limit is currently unspecified; ~~privvmpages:value - sets total memory~~as it should be set to ~~privvmpages~~unlimited</b~~> * value</i~~>.

-~~top: 1em"~~-kmemsize~~Default is~~<bi>bytes~~privvmpages~~[:1bytes</bi>.]

~~Note that if~~Maximum amount of kernel memoryused. This parameter is related to --~~physpages~~numproc ~~is set on a VSwap~~. Eachprocess consumes certain amount of kernel memory -~~enabled kernel~~16 KB atleast, it30-50 KB typically. Very large processes may consume~~takes~~ a ~~precedence over --meminfo, i~~bit more.~~e. setting~~It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the~~--meminfo~~kmemsize ~~does not take any effect~~usage under the limit. ~~==== iptables control parameters ====~~

--~~iptables~~tcpsndbuf~~name~~bytes[:bytes]

~~Allow~~ Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ~~use the functionality~~ormore than value of <ib>~~name~~numtcpsock</ib> ~~iptables module inside the container~~multiplied by 2. To~~specify multiple names, repeat --iptables for each,~~5~~or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces)~~KB.

~~The defaultlist of enabled iptables modules is specified by the~~~~IPTABLES~~--tcprcvbuf ~~variable in~~ bytes[~~[Man/vz.conf.5|~~:<bi>~~vz.conf~~bytes</bi>~~(5)]~~].

~~You can use the~~Maximum size of TCP receive~~following values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length~~buffers. Barrier should be not less than 64 KB,and~~ip_conntrack, ip_conntrack_ftp,~~difference between barrier and limit should be equal to ormore than value of ~~ip_conntrack_irc~~numtcpsock~~, ipt_conntrack,~~multiplied by 2.5~~ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner~~KB.

--othersockbufbytes[:bytes]

~~~~Maximum size of other (non-TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX-~~netdev_add~~domain)~~name~~sockets.

~~move network device from the~~--dgramrcvbuf~~host system to a specified container~~bytes[:bytes]

~~~~Maximum size of other (non-~~-netdev_del~~TCP)socket receive buffers. If container’s processes needsto receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and the~~name~~limit is not needed.

~~delete network device from a~~--oomguarpages~~specified container~~pages[:pages]

Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the oomguarpages usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto unlimited.

--~~diskquota yes~~lockedpages |<bi>pages[:nopages</bi>]

~~allows to enable or disable~~Maximum number of pages~~disk quota for a container. By default, a global value(DISK_QUOTA) from [[Man/vz.conf.5|~~acquired by ~~vz.conf~~mlock(52)~~]] is used~~.

--~~diskspace~~privvmpages~~num~~pages[:~~num~~pages]

~~sets soft and hard disk quota~~Allows controlling the amount~~limits, in blocks~~of memory allocated by the applications. ~~First parameter is soft limit, second ishard limit. One block is currently equal to 1Kb. Suffixes~~For shared (mappedas GMAP_SHARED) pages, each container really using amemory page is charged for the fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped asMMAP_PRIVATE), ~~K can also be specified (see~~container is charged either for a~~Resource limits section~~ fraction of the size or for ~~more info on~~the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be in~~suffixes)~~memory, in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --~~diskinodes~~vmguarpages~~num[:num]~~guarantee.

~~sets soft and hard disk quota~~--shmpages~~limits, in~~ <i~~-nodes. First parameter is soft limit, second ishard limit.~~>pages[:pages]

~~--quotatime~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values does~~seconds~~not make practical sense.

~~sets quota grace period.~~--numfile~~Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~items[:items]

Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to ~~--quotaugidlimit~~0effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise but~~num~~could slightly degrade file open performance.

~~sets maximum number ofuser/group IDs in a container for which disk quota insidethe container will be accounted. If this value is set to~~0--numflock~~, user and group quotas inside the container willnot be accounted.~~items[:items]

~~Note that ifyou have previously set value~~ Maximum number of ~~this parameter to 0,changing it while the container is running will not take~~file locks.~~effect~~Safety gap should be between barrier and limit.

--numptyitems[:items]

~~~~Number of pseudo-~~-noatime yes |~~terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit to~~no~~different values does not make practical sense.

~~Sets noatime flag (do not~~--numsiginfo~~update inode access times) on filesystem.~~items[:items]

Number of siginfo structures.Setting the barrier and the limit to different values doesnot make practical sense.

--~~capability~~dcachesize~~capname~~bytes[:<bi>onbytes</~~b>|off</b~~i>]

~~Sets~~ Maximum size offilesystem-related caches, such as directory entry and inodecaches. Exists as a ~~capability for~~ separate parameter to impose alimitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortages~~container. Note~~ during critical operations that ~~setting capability when the containeris running does~~ should not ~~take immediate effect; restart thecontainer in order for the changes to take effect~~fail. ~~Note a~~Safety gap~~container has default set of capabilities, thus anyoperation on capabilities is "logical~~ should be between barrier and~~" withthe default capability mask~~limit.

~~You can use thefollowing values for capname:~~ ~~chown~~--numiptent,<bi>~~dac_override~~num</bi>, [:<bi>~~dac_read_search~~num</~~b>, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities</b~~i>~~(7).~~]

Number of iptables (netfilter)entries. Setting the barrier and the limit to differentvalues does not make practical sense. ~~WARNING~~--physpages:~~setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting~~ <bi>pages~~setpcap~~[:onpages</bi> ~~fora container will most probably lead to inability to startit.~~]

On VSwap-enabled kernels, thislimits the amount of physical memory (RAM) available to acontainer. The barrier should be set to 0, and thelimit to a total size of RAM that can be used used by acontainer.

~~~~For olderkernels, this is an accounting-~~-devnodes~~only parameter, showing theusage of RAM by this container. Barrier should be set to~~device:[r][w][~~q0]|, and limit should be set to ~~none~~unlimited.

~~Give the container an access(r~~ - ~~read, w~~ - ~~write, q~~swappages ~~- disk quotamanagement, none - no access) to a device designatedby the special file /dev/~~~~device~~pages~~. Device file iscreated in a container by vzctl. Example~~[: <bi>~~vzctlset 777 --devnodes sdb:rwq~~pages</bi>.]

~~~~For VSwap-~~-devices~~enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should bebset to ~~|c:major:minor|all:[r][w][q]|none~~0, and the limit to a total size of swap thatcan be used by a container.

~~Give~~ For older(pre-VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container ~~an access to~~. Thebarrier of this parameter is ignored. The default value isa bunlimited~~lock or character device designated by itsmajor and minor numbers. Device file have to~~, meaning total swap will be reported as~~be created manually~~0.

==== ~~PCI device management~~ CPU fair scheduler parameters ====

Theseparameters control CPU usage by container. --~~pci_add~~cpuunits~~[domain:]bus:slot.~~~~func~~num

~~Give~~ CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container ~~an access~~ gets. Maximum value is 500000,minimal is 8. Number is relative toweights of all the other~~a specified PCI device~~running containers. ~~All numbers are hexadecimal (asprinted by~~ If ~~lspci~~cpuunits~~(8) in the first column)~~are not specified,default value of 1000 is used.

You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~pci_del~~cpuunits[~~domain~~num:]). Usually, OpenVZ initscript(<ib>~~bus<~~/~~i>:slot<~~etc/i>init.~~func~~d/vz</ib>) takes care of setting this.

~~Delete a PCI device from the~~--cpulimit~~container.~~num[%]

Limit of CPU usage for thecontainer, in per cent. Note ~~that~~if the computer has 2 CPUs, it~~vps-pci configuration script~~ has total of 200% CPU time. Default CPU limit is ~~executed by~~~~vzctl~~0 ~~then configuring PCI devices. The script isusually located at /usr/lib[64]/vzctl/scripts/~~(no CPU limit).

--cpus num

~~--features~~sets number of CPUs available~~name:on|off~~in the container.

~~Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit,~~ ~~ipip~~--cpumask, <bi>~~ppp~~cpus</bi>,|~~ipgre, bridge~~auto, | ~~nfsd~~all.

Sets list of allowed CPUs forthe container. Input format is a comma-separated list ofdecimal numbers and/or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example, ifyou want the container to execute on CPUs 0, 1, 2, 7, youshould pass 0-2,7. Default value is all (thecontainer can execute on any CPU). If used with the--nodemask option, value of auto assigns allCPUs from the specified NUMA node to a container.

--~~applyconfig~~nodemask~~name~~nodes| all

~~Read container parameters from~~Sets list of allowed NUMA nodesfor the container ~~sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>~~.~~conf-sample</tt>,~~Input format is the same as for~~and apply them, if~~ --~~save~~cpumask ~~option specified save tothe container config file~~. ~~The following parameters are notchanged:~~ Note that ~~HOSTNAME, IP_ADDRESS~~--nodemask,must be usedwith the ~~OSTEMPLATE, VE_ROOT, andVE_PRIVATE~~--cpumaskoption.

~~--applyconfig_mapgroup~~=== Memory output parameters ====

~~Apply container config~~ForVSwap-enabled kernels (042stab042 or greater), this~~parameters selected by group~~parameter is ignored. ~~Now~~ For older kernels, it controls the ~~only possiblevalue for group<~~output of /proc/~~i> is~~ meminfo inside a container. ~~name~~</bbr>~~: to restore containername based on NAME~~--meminfo none ~~variable in containerconfiguration file.~~

No /proc/meminfo virtualization(the same as on host system).</~~O priority management ====~~p>

--~~ioprio~~meminfo~~priority~~mode:value

~~Assigns I/O priority to~~Configure total memory outputin a container. ~~Priority range~~ Reported free memory is ~~0-7~~evaluatedaccordingly to the mode being set. ~~The greater~~Reported swap is~~priority is,~~ evaluated according to the ~~more time for I/O activity containerhas. By default each container has priority~~ settings of4--swappagesparameter.

You can use thefollowing modes for mode: • pages:value - sets total memory inpages; • privvmpages:value - sets total memoryas privvmpages * value.

~~Checkpointing~~ Default is ~~a feature ofOpenVZ kernel which allows to save a complete state of arunning container, and to restore it later~~privvmpages:1.

~~chkpnt CTID[--dumpfile name]~~=== Netfilter (iptables) control parameters ====

~~This command saves a completestate of a running container to a dump file, and stops thecontainer. If an option~~ --~~dumpfile~~netfilter disabled ~~is not set,default dump file name~~ |stateless</~~vz/dump/Dump.~~b>|stateful|<ib>~~CTID~~full</ib> is~~used.~~

~~restore<~~Restrict access tonetfilter/~~b> CTID~~iptables modules for a container. This option[replaces obsoleted --~~dumpfile~~iptables ~~name]~~.

~~This command restores a~~Note thatchanging this parameter requires container ~~from the dump file created by the~~ restart, soconsider using ~~chkpnt~~--setmode~~command~~option.

The followingarguments can be used: • disabled

~~create CTID[--ostemplate name] [--configname] [--private path] [--root path] [--ipadd addr][--hostname name]~~no modules are allowed

~~Creates a new container area.This operation should be done once, before the first startof the container.~~• stateless

~~If the~~all modules except NAT and~~--config option is specified, values from exampleconfiguration file/etc/vz/conf/ve-<~~conntracks are allowed (i~~>name~~.~~conf-sample areput into the container configuration file~~e. If filter and mangle); this ~~container~~is the~~configuration file already exists, it will be removed.~~default

~~You can use~~~~--root path option to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf(5)]] file).Argument can contain literal string $VEID~~• stateful~~, which willbe substituted with the numeric CT ID.~~

~~You can use--private path option to set the path todirectory in which~~ all ~~the files and directories specific tothis very container~~ modules except NAT are ~~stored (default is VE_PRIVATEspecified in [[Man/vz.conf.5|vz.conf(5)]] file). Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID.~~allowed

<~~p style~~table width="~~margin-left:17~~100%~~; margin-top: 1em~~" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~You can use~~<btr valign="top" align="left">~~--ipadd~~</btd width="22%"> ~~addr~~</itd> ~~option to assign an IP address toa container. Note that this option can be used multipletimes.~~</ptd width="9%">

~~You can use~~~~--hostname~~• full <i/p>~~name~~</itd> ~~option to set a host name fora container.~~<td width="1%"></ptd><td width="36%">

all modules are allowed<b/p>~~destroy~~</btd><td width="32%"> |<b/td>~~delete~~</btr></ptable>

~~Removes a container private~~--iptables~~area by deleting all files~~name[, ~~directories and theconfiguration file of this container~~...]

~~start~~Note ~~[--wait]~~this option is[obsoleted, --~~force~~netfilter]should be used instead.

~~Mounts (if necessary) and~~Allow to use~~starts a container. Unless~~ the functionality of <bi>~~--wait~~name</bi> ~~option is~~iptables module inside the~~specified,~~ container. Multiple comma-separated <bi>~~vzctl~~name</bi> ~~will return immediately; otherwise~~s can be~~an attempt to wait till the default runlevel is reached willbe made by vzctl~~specified.

~~Specify~~The defaultlist of enabled iptables modules is defined by the~~--force~~IPTABLES ~~if you want to start a container which isdisabled (see~~ variable in [[Man/vz.conf.5|~~--disabled~~vz.conf(5)]].

~~Note that this~~You can use thefollowing values for name: iptable_filter,~~command can lead to execution of~~ ~~premount~~iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,~~mount~~ip_nat_ftp ~~and~~ , ~~start~~ip_nat_irc ~~action scripts (see~~ , ipt_REDIRECT~~ACTION~~,~~SCRIPTS~~xt_mac, ipt_recent, ipt_owner ~~below)~~.

==== Network devices control parameters ==== ~~stop~~--netdev_add [<bi>~~--fast~~name</bi>]

~~Stops and unmounts a container.~~move network device from the~~Normally, halt(8) is executed inside~~ host system to a specified container;~~option --fast makes vzctl use reboot(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~

~~Note that thiscommand can lead to execution of~~ ~~stop, umount~~--netdev_del~~and~~ <~~b>postumount</b~~i> ~~action scripts (see ACTIONSCRIPTS~~name</bi> ~~below).~~

~~restart [--wait]~~delete network device from a~~[--force] [--fast]~~specified container

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all thestart and stop options.~~=== Disk quota parameters ====

-~~top: 1em"~~-diskquota yes~~Note that thiscommand can lead to execution of some action scripts (see~~|~~ACTION SCRIPTS~~no ~~below).~~

allows to enable or disabledisk quota for a container. By default, a global value(~~status~~DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.

~~Shows a container status. This~~Note that thisparameter is ~~a line with five or six words, separated by spaces~~ignored for ploop layout.

~~First word isliterally~~ ~~CTID~~--diskspace.num[:num]

~~Second word isthe numeric~~ For <ib>~~CT ID~~simfs</ib>layout, setssoft and hard disk quota limits. First parameter is softlimit, second is hard limit.

~~Third word isshowing whether this container exists or not, it can be~~For~~either~~ ~~exist~~ploop or layout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second <bi>~~deleted~~num</bi>, ifspecified, is ignored.

~~Fourth word~~ By default,ploop resize isdone online, i.e. on a mounted ploop. This~~showing the status~~ is a preferred way of ~~the~~ doing resize. Although, in a rare casea container ~~filesystem~~was using lots of disk space and should now beresized to a much smaller size, ~~it can~~ an offline resize might be~~either~~ more appropriate. In this case, make sure the container isstopped and unmounted and use additional~~mounted~~--offline-resize ~~or unmounted.~~option

~~Fifth word~~Note that ploop~~shows if the~~ resize is NOT performed on container ~~is running~~start, ~~it can be either~~so forconsistency ~~running~~--diskspace or must be used together with~~down~~--saveflag.

~~Sixth word~~SuffixesG, if~~exists~~M, is ~~suspended~~K~~. It appears if both a containerand its dump file exist~~ can also be specified (see ~~chkpnt~~Resource limitssection for more info on suffixes).If suffix is not specified, value is in kilobytes.

--~~top~~diskinodesnum[: ~~1em"~~num~~This commandcan also be usable from scripts.~~]

~~mount~~sets soft and hard disk quotalimits, in i-nodes. First parameter is soft limit, second ishard limit.

~~Mounts container private area.~~Note that this ~~command can lead to execution ofpremount and mount action scripts (see~~parameter is ignored for ~~ACTION SCRIPTS~~ploop ~~below)~~layout.

~~umount~~--quotatimeseconds

~~Unmounts container private~~sets quota grace period.~~area. Note that this command can lead~~ Container is permitted to ~~execution of~~exceed its soft limits for the~~umount and postumount action scripts (see~~grace period, but once it has expired, the soft limit is~~ACTION SCRIPTS below)~~enforced as a hard limit.

Note thatthisparameter is ignored for ~~stop~~ploop ~~does umount automatically~~layout.

~~quotaon~~--quotaugidlimit ~~ctid~~num

~~Turn~~ Enables or disablesin-container per-user and per-group disk ~~quota on~~quotas. ~~Not that~~If thevalue is set to ~~mount~~0 or not set, disk quotas inside thecontainer is disabled and ~~start does that automatically~~not accounted.

For~~quotaoff~~simfs ~~ctid<~~layout containers, non-zero value sets maximumnumber of user/i>group IDs for which disk quota isaccounted.

~~Turn disk quota off. Not that~~For~~umount~~ploop ~~and stop<~~layout containers, any non-zero value enablesdisk quota inside the container; the number of user/~~b> does that automatically~~groupIDs used by disk quota is not limited by OpenVZ.

Note thatenabling or disabling in-container disk quotas requirescontainer restart, so consider using ~~quotainit~~--setmode~~ctid~~option.

~~Initialize disk quota (i.e. runvzquota init) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|ctid.conf(5)]].~~=== Capability option ====

~~exec~~--capability ~~CTIDcommand~~capname:on|off[,...]

~~Executes command in~~ Sets a capability for acontainer. ~~Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If command is ~~Multiple comma-~~, commands are read from~~separated capabilities can be~~stdin~~specified.

Note thatsetting a capability when the container is running does nottake immediate effect; restart the container in order forthe changes to take effect (consider using ~~exec2~~--setmode ~~CTIDcommand~~option).

~~The same as exec~~A container hasthe default set of capabilities, ~~but~~thus any operation on~~return code~~ capabilities is ~~that of command~~"logical AND" with the defaultcapability mask.

You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,~~runscript~~mknod , lease<i/b>, setveid, ve_admin~~CTID~~.~~script~~For detailed description, see capabilities</ib>(7).

~~Run specified shell script inthe container. Argument~~ <ib>~~script~~WARNING</ib> ~~is a file on the host~~:~~system which contents is read by vzctl and executed in thecontext~~ setting some of ~~the container. For a running container, thecommand jumps into the container and executes the script.~~those capabilities may have far reaching~~For a stopped container~~security implications, so do not do it ~~enters the container, mounts~~unless you know what~~container’s root filesystem, executes the script, andunmounts CT root~~you are doing. ~~In the latter case, the container is notreally started, no file systems other than root (such as~~Also note that setting ~~/proc~~setpcap:on~~) are mounted, no startup scripts are executed~~for~~etc. Thus the environment in which the script is running is~~a container will most probably lead to inability to start~~far from normal and is only usable for very basicoperations~~it. ==== Device access management ====

~~enter~~--devnodes device:[~~--exec~~r][<ib>~~command~~w</ib> ][<ib>~~arg~~q</ib> ~~...]~~]|none

~~Enters into a~~ Give the container an access(~~giving~~r - read, w - write, q - disk quota~~a container’s root shell~~management, none - no access)~~. This option is~~ to a ~~back-door~~device designated~~for host root only~~by the special file /dev/device. ~~The proper way to have CT root shell~~ Device file is~~to use~~ created in a container by ~~ssh~~vzctl~~(1)~~.Example:

~~Option~~ vzctl set 777 --~~exec is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec can not beused) and for some reason you can not use ssh(1).~~devnodes sdb:rwq</ppre>

~~You need to logout manually from the shell to finish session (even if youspecified~~ --~~exec~~devicesb|c:major:minor|all:[r][w][q]|none).

Give the container an access toa block or character device designated by itsmajor and minor numbers. Device file have tobe created manually.

~~--help~~=== PCI device management ====

~~Prints help message with a~~--pci_add~~brief list of possible options~~[domain:]bus:slot.func

Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by ~~--version~~lspci(8) in the first column).

~~Prints~~ ~~vzctl~~--pci_del~~version~~[domain:]bus:slot.func

Delete a PCI device from thecontainer.

Note that~~vzctl~~vps-pciconfiguration script is executed by~~has an ability to execute user-defined scripts when aspecific~~ vzctl ~~command is run for a container~~then configuring PCI devices. Thescript is~~following~~ usually located at ~~vzctl<~~/~~b> commands can trigger execution ofaction scripts: start<~~usr/~~b>, stop<~~libexec/~~b>, restart<~~vzctl/~~b>,mount<~~scripts/~~b> and umount~~.

~~Action scriptsare located in the /etc/vz/conf/ directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps. and are executed for all containers.Per-CT scripts have a CTID numeric prefix and areexecuted for the given container only.~~=== Features management ====

--~~top: 1em"~~features~~Please notescripts are executed in a host system (CT0) context, withthe exception of~~ name:~~.start~~on ~~and~~ |~~.stop~~off ~~scripts~~[,~~which are executed in a container context~~...]

~~The following~~Enable or disable a specific~~action scripts~~ container feature. Known features are ~~currently defined~~: sysfs,nfs, sit, ipip<br/b>, ppp,~~vps.premount~~ipgre, <ib>~~CTID~~bridge</ib>, ~~.premount~~nfsd. A few features canbe specified at once, comma-separated.

~~Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.~~=== Apply config ====

~~vps.mount~~--applyconfig,~~CTID~~name</i~~>.mount</b~~>

~~Global~~ Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and ~~per~~apply them, if -~~CT mount scripts~~-save option specified save to~~which are executed for a~~ the container ~~right after it ismounted~~config file. ~~Otherwise they~~ The following parameters are ~~the same as~~ notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, ~~.premount~~VE_ROOT, and~~scripts~~VE_PRIVATE.

<ib>~~CTID~~--applyconfig_map</ib><bi>~~.start~~group</bi>

~~Right after~~ Apply container configparameters selected by group. Now the only possiblevalue for group is ~~vzctl~~name ~~has~~: to restore container~~started a container, it executes this script~~ name based on NAME variable in a container~~context~~configuration file.

~~CTID<~~=== I/~~i>.stop~~O scheduling ====

~~Right before~~ ~~vzctl~~--ioprio ~~hasstopped a container, it executes this script in a containercontext.~~priority

Assigns disk I/O priority tocontainer. Priority range is 0-7~~vps~~.~~umount~~The greaterpriority</bi>is,the more time for I/O activity containerhas. By default each container has ~~CTID~~priorityof4.~~umount~~ --iolimitlimit[B|K|M|G] Assigns disk I/O bandwidthlimit for a container. Value is either a number with anoptional suffix, or a literal string unlimited. Valueof 0 means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

~~Global and per-CT umount~~If no suffix is~~scripts which are executed for a container before it~~ provided, the limit isassumed to be in megabytes per~~unmounted~~second. ~~Scripts~~ Available suffixes are ~~executed in the host system context~~: • b,B -- bytes per second; ~~while a CT is mounted. Global script~~• k, ~~if exists~~K -- kilobytes per second; • m, ~~is executed~~M -- megabytes per second (default); ~~first.~~• g, G -- gigabytes per second;

~~vps.postumount~~--iopslimit,~~CTID~~iops</i~~>.postumount</b~~>

~~Global and per-CT umountscripts which are executed~~ Assigns IOPS limit for a container ~~right after it~~ , in number of input/output operations per second.Value isa number or a literal string unlimited.~~unmounted. Otherwise they are the same as~~ Value of ~~.umount~~0means "unlimited". By default a~~scripts~~container has no IOPS limit.

~~The environmentpassed to all the *mount scripts is the standardenvironment of the parent (i.e. vzctl) with twoadditional variables: $VEID~~ == Suspending and ~~$VE_CONFFILE.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files.~~resuming ===

~~Here~~ Checkpointing is ana feature of~~example~~ OpenVZ kernel which allows to save a complete in-kernelstate of a ~~mount script~~running container, ~~which makes host system’s/mnt/disk available~~ and to ~~container(s)~~restore it later. ~~Script name can either~~ be ~~/etc/vz/conf/vps.mount~~suspend or|~~/etc/vz/conf/~~chkpntCTID[~~.mount~~--dumpfile.name]

<~~pre~~ p style="margin-left:1117%; ~~margin-top: 1em~~"> # This command suspends acontainer to a dump file If ~~one of these files does not exist then something~~ ~~# is really broken~~ [ an option --f dumpfile</~~etc/sysconfig/vz ] || exit 1~~b> is ~~[ -f $VE_CONFFILE ] || exit 1~~not set, default dump file name ~~# Source both files. Note the order is important.~~ . /~~etc~~vz/vzdump/vzDump.~~conf~~ ~~. $VE_CONFFILE~~ ~~mount -n --bind~~ </~~mnt~~b>CTID</~~disk $VE_ROOT/mnt/disk~~i> is used.</~~pre~~p>

resume|restoreCTID [--dumpfile name]

~~Returns 0 upon~~This command restores a~~success, or an appropriate error code in case of an~~container from the dump file created by the suspend~~error:~~command.

~~<table width~~=~~"100%" border~~=~~"0" rules~~=~~"none" frame~~Snapshotting =~~"void"~~ ~~cellspacing~~=~~"0" cellpadding~~=~~"0"><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~

<p~~>1</td><td width~~style="7%margin-top: 1em">Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop device.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">snapshot CTID[--id ~~Failed to set a UBC parameter~~uuid</pi>] [--name</tdb> name</tri>][--description<~~tr valign="top" align="left"~~/b> desc] [--skip-suspend<~~td width="11%"~~/b>] [--skip-config</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">2Creates a container snapshot,i.e. saves the current container state, including its filesystem state, running processes state, and configurationfile.~~</td>~~ <~~td width~~p style="7margin-left:17%; margin-top: 1em">If a containeris running, and --skip-suspend</tdb>option is notspecified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.<~~td width="78%"~~/p>

<p~~>Failed to set a fair scheduler parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Unless<~~td width="11%"~~b>--skip-config</tdb>option is given, containerconfiguration file is saved to the snapshot.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">If uuid3is not specified, it is auto-generated. Options--name</pb> and --description</tdb>can be used tospecify the snapshot name and description, respectively.Name is displayed by <~~td width="7%"~~b>snapshot-list</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">snapshot-switch~~Generic system error~~CTID</pi> [--skip-resume</tdb> | --must-resume</trb>][--skip-config] <~~tr valign="top" align="left"~~br>--id <~~td width="11%"~~i>uuid</tdi><~~td width="4%"~~/p>

<p~~>5</td><td width~~style="7margin-left:17%;">Switches the container to asnapshot identified by uuid</tdi>, restoring its filesystem state, configuration (if available) and its runningstate (if available).<~~td width="78%"~~/p>

<p~~>The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em"><~~td width="11%"~~b>Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!</tdb><~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">6Option</pb>--skip-resume</tdb>is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <~~td width="7%"~~b>--skip-suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Not enough system resources</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">If option<~~td width="11%"~~b>--must-resume</tdb>is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Option option--skip-config is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is. snapshot-deleteCTID --id uuid Removes a specifiedsnapshot. snapshot-mountCTID --id uuid --targetdirectory Mounts a snapshot specified byuuid to a directory7. Note this mount isread-only. snapshot-umountCTID --id uuid</tdp> <~~td width~~p style="7margin-left:17%;">Unmounts a specifiedsnapshot.</tdp> <~~td width~~p style="78margin-left:11%;">snapshot-listCTID [-H] [-ofield[,field...] [--id uuid] List container’ssnapshots. You cansuppress displaying header using -H option.

<pstyle="margin-left:17%; margin-top: 1em">You can use the~~ENV_CREATE~~-o ~~ioctl failed~~option to display only the specified</pi>field</~~td></tr~~i>(s). List of available fields can be obtainedusing <~~tr valign="top" align="left"~~b>-L<~~td width="11%"~~/b>option.</~~td><td width="4%"~~p>

~~8</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Performing container actions ===

<~~p>Command executed by vzctl exec returned non-zero~~table width="100%" border="0" rules="none" frame="void"~~exit code</td></tr~~ cellspacing="0" cellpadding="0">

<pstyle="margin-top: 1em">create9</td><td width="72%"></td>

<pstyle="margin-top: 1em">CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root ~~Container is locked by another~~ path][~~vzctl~~--ipadd addr]~~invocation~~[--hostname name</pi>][ --name </tdb>name</tri>][<~~tr valign="top" align="left"~~b>--local_uid uid][--local_gid gid] </td ~~width="11%"~~></tdtr><~~td width="4%"~~/table>

<p~~>10</td><td width~~style="7margin-left:17%; margin-top: 1em">Creates a newcontainer area. This operation should be done once, beforethe first start of the container.</~~td><td width="78%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~Global OpenVZ configuration file~~ By default, anOS template denoted by DEF_OSTEMPLATE parameter of[[Man/vz.conf.5|vz.conf(5)]] ~~not~~is used to create a container. This can be~~found~~overwritten by </pb> --ostemplate</tdb>option.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">11By default, anew container configuration file is created from a sampleconfiguration denoted by value of </pb>CONFIGFILE</tdb>parameter of [[Man/vz.conf.5|<~~td width="7%"~~b>vz.conf</tdb>(5)]]. If the containerconfiguration file already exists, it will not bemodified.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~A vzctl helper script file not found~~The value of</pb>CONFIGFILE</tdb>can be overwritten by using the<~~/tr~~b>--config<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>name</tdi>option. This option can not beused if the container configuration file already exists.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">A new containercan either be created using simfs filesystem or on aploop device. The default is set by value of12VE_LAYOUT</pb> parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by --layout option. In case ploopis used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw</tdb>. Default is<~~td width="7%"~~b>expanded. Using value other than expanded</tdb>isnot recommended and is currently not supported.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use~~Permission denied~~--diskspace</pb>and <~~/td~~b>--diskinodes</trb>options to~~<tr valign="top" align="left">~~specify container file system size. Note that for<~~td width="11%"~~b>ploop</tdb>layout, you will not be able to change inodesvalue later.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">If13DISKSPACE</pb> is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.conf.5|vz.conf(5)]], --diskspace</tdb>parameter is required for <~~td width="7%"~~b>ploop</tdb>layout.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Suffixes~~Capability setting failed~~G</pb>, M</tdb>, <~~/tr~~b>K<~~tr valign="top" align="left"~~/b>can also be specified (see<~~td width="11%"~~b>Resource limits</tdb>section for more info onsuffixes).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">14You can use--root</pb> path option to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf</tdb>(5)]] file).Argument can contain literal string <~~td width="7%"~~b>$VEID</tdb>, which willbe substituted with the numeric CT ID.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You can use--private path~~Container configuration file~~ option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is VE_PRIVATEspecified in [[Man/~~ctid~~vz.conf.5|~~ctid~~vz.conf(5)]] ~~not~~file). Argument can contain~~found~~literal string </pb> $VEID</~~td></tr~~b>, which will be substituted with~~<tr valign="top" align="left"><td width="11%">~~the numeric CT ID.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">15You can use</pb>--ipadd</tdb><~~td width="7%"~~i>addr</tdi>option to assign an IP address toa container. Note that this option can be used multipletimes.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Timeout on~~ You can use~~vzctl exec~~--hostname</pi>name</~~td></tr~~i>option to set a host name for~~<tr valign="top" align="left"><td width="11%">~~a container.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and16--local_gid</pb> can be used to select which uidand gid respectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UID andLOCAL_GID</tdb>from global configuration file[[Man/vz.conf.5|<~~td width="7%"~~b>vz.conf(5)]] are used. An explicit --local_uid</tdb>value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid<~~td width="78%"~~/b> is ignored.

<pstyle="margin-left:17%; margin-top: 1em">~~Error during~~ ~~vzctl chkpnt~~Warning:use --local_uid</pb>and <~~/td~~b>--local_gid</trb>with care,specially when migrating containers. In all situations, the~~<tr valign="top" align="left">~~container’s files in the filesystem needs to be~~<td width="11%">~~correctly owned by the host-side users.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">17destroy</pb> | delete</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Error during vzctl restore</td></tr><tr valign="top" align~~style="margin-left:17%;">Removes a container private~~<td width="11%">~~area by deleting all files, directories and theconfiguration file of this container.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">18start</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--skip-fsck</tdb>][--skip-remount<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Error from setluid~~Mounts (if necessary)andstarts a container. Unless ~~syscall~~--wait</pb>option isspecified, <~~/td~~b>vzctl</trb>will return immediately; otherwise~~<tr valign="top" align="left">~~an attempt to wait till the default runlevel is reached willbe made by <~~td width="11%"~~b>vzctl</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">20Specify</pb>--force</tdb>if you want to start a container which isdisabled (see <~~td width="7%"~~b>--disabled</tdb>).<~~td width="78%"~~/p>

<p~~>Invalid command line parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Specify<~~td width="11%"~~b>--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="4%"~~/p>

<p~~>21</td><td width~~style="7margin-left:17%; margin-top: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using --skip-remount</tdb>flag.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Invalid value for~~ Note that thiscommand ~~line parameter~~can lead to execution of premount</pb>,mount</tdb>and start</trb>action scripts (see <~~tr valign="top" align="left"~~b>ACTIONSCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">22stop</pb> CTID</tdi>[--fast<~~td width="7%"~~/b>] [--skip-umount</tdb>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container root directory~~ Stops a container and unmountsit (unless ~~VE_ROOT~~--skip-umountis given) ~~not set~~. Normally,halt</pb>(8) is executed inside a container; option--fast</tdb>makes <~~/tr~~b>vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that23vzctl stop</pb> is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</tdb>in[[Man/vz.conf.5|vz.conf(5)]], or per container (<~~td width="7%"~~b>STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="78%"~~/b>(5)]], see --stop-timeout).

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~Note that thiscommand can lead to execution of ~~VE_PRIVATE~~stop~~) notset~~, umount</pb> and <~~/td~~b>postumount</trb>action scripts (see <~~tr valign="top" align="left"~~b>ACTIONSCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">24restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Container template directory (~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the~~TEMPLATE~~start~~) notset~~and </pb> stop</tdb>options.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>28</td><td width~~style="7margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Not all required UBC parameters are set, unable to startcontainer~~</pb> status</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<p~~>29</td><td width~~style="7margin-left:17%;">Shows a container status. Thisis a line with five or six words, separated by spaces.</~~td><td width="78%"~~p>

<p~~>OS template is not specified, unable to createcontainer </td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">First word isliterally <~~td width="11%"~~b>CTID</tdb>.<~~td width="4%"~~/p>

<p~~>31</td><td width~~style="7margin-left:17%; margin-top: 1em">Second word isthe numeric CT ID</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container~~ Third word isshowing whether this container exists or not ~~running~~, it can beeither </pb>exist</tdb>or <~~/tr~~b>deleted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">32Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~td width="7%"~~b>unmounted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container already~~ Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~/tr~~b>down<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">33Sixth word, ifexists, is </pb>suspended</tdb>. It appears if a dump fileexists for a stopped container (see <~~td width="7%"~~b>suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Unable to stop container</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">This command~~<td width="11%">~~can also be usable from scripts.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">34</pb>mount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Unable~~ Mounts container private area.Note that this command can lead to ~~add IP address to container~~execution of</pb>premount</tdb>and <~~/tr~~b>mount<~~tr valign="top" align="left"~~/b>action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">40</pb>umount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Unmounts container privatearea. Note that this command can lead to execution ofumount and ~~Container not mounted~~postumount</pb> action scripts (seeACTION SCRIPTS</tdb>below).</trp> <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">Note that<~~td width="11%"~~b>stop does umount</tdb>automatically.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">41convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<p~~>Container already mounted</td></tr><tr valign="top" align~~style="margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version~~<td width="11%">~~042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">43</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Container private area not found</td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">44</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container private area already exists~~Turn disk quota on. Not that</pb>mount</tdb>and <~~/tr~~b>start<~~tr valign="top" align="left"><td width="11%"~~/b>does that automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">46</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Turn disk quota off. Not ~~enough disk space~~that</pb>umount</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>does that automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">47</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Bad/broken container~~ Initialize disk quota (i.e. run~~/sbin/~~vzquota init or) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|~~/bin/sh~~ctid.conf ~~not found~~(5)]].</p~~></td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~>

<pstyle="margin-left:11%;">48</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Unable to create a new container private area~~Executes </pi>command</tdi>in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If <~~/tr~~i>command<~~tr valign="top" align="left"~~/i>is <~~td width="11%"~~b>-</tdb>, commands are read fromstdin.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">49</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Unable to create a new container root area~~The same as <~~/td~~b>exec</trb>, butreturn code is that of <~~tr valign="top" align="left"~~i>command<~~td width="11%"~~/i>.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">50</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<p~~>Unable to mount container</td></tr><tr valign="top" align~~style="margin-left:17%;">Run specified shell script inthe container. Argument <~~td width="11%"~~i>script</tdi>is a file on the host~~<td width="4%">~~system which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as<pb>~~51<~~/p>proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basic~~<td width="7%">~~operations.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Unable to unmount container~~enter</pb> CTID</tdi>[--exec</trb><~~tr valign="top" align="left"~~i>command[<~~td width="11%"~~i>arg</tdi>...]]<~~td width="4%"~~/p>

<p~~>52</td><td width~~style="7margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh</tdb>(1).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to delete a container~~Option--exec</pb>is used to run <~~/td~~i>command</tri>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~tr valign="top" align="left"~~b>vzctl execcan not beused) and for some reason you can not use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">You need to logout manually from the shell to finish session (even if youspecified 53--exec</pb>).</tdp> <~~td width~~p style="7margin-left:11%;">console CTID</tdi>[ttynum<~~td width="78%"~~/i>]

<pstyle="margin-left:17%;">~~Container private area not exist~~Attach to a container console.Optional ttynum</pi> argument is tty number (such as4</tdb> for tty4</trb>), default is 1<~~tr valign="top" align="left"~~/b>which is usedfor container’s <~~td width="11%"~~b>/dev/console</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">60Note theconsoles are persistent, meaning that: </pbr>• it can be attached to even if the container is notrunning; <~~/td~~br>• there is no automatic detachment upon the containerstop; <~~td width="7%"~~br>• detaching from the console leaves anything running inthis console as is.</~~td><td width="78%"~~p>

<p~~>vzquota on failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">The followingescape sequences are recognized by <~~td width="11%"~~b>vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">61•</pb>Esc</tdb>then <~~td width="7%"~~b>.</tdb>to detach from the console.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">•~~vzquota init~~Esc ~~failed~~then </pb>!</~~td></tr~~b>to kill anything running on the~~<tr valign="top" align="left">~~console (SAK). This is helpful when one expects a login~~<td width="11%">~~prompt but there isn’t one.</~~td><td width="4%"~~p>

~~62</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Other options ===

<pstyle="margin-left:11%;">~~vzquota setlimit~~--help ~~failed~~</p~~></td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~>

<p~~>63</td><td width~~style="7margin-left:17%;">Prints help message with abrief list of possible options.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Parameter~~ ~~DISKSPACE~~--version ~~not set~~</p~~></td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~>

<p~~>64</td><td width~~style="7margin-left:17%;">Prints vzctl</tdb>version.<~~td width="78%"~~/p>

~~Parameter DISKINODES not set</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~ACTION SCRIPTS =~~"11%"></td><td width~~=~~"4%">~~

<pstyle="margin-left:11%; margin-top: 1em">vzctlhas an ability to execute user-defined scripts when aspecific 66vzctl</pb> command is run for a container. Thefollowing vzctl</tdb>commands can trigger execution ofaction scripts: start, <~~td width="7%"~~b>stop, restart</tdb>,<~~td width="78%"~~b>mount and umount.

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the ~~vzquota off~~/etc/vz/conf/ ~~failed~~directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of </pb>vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.</tdb>numeric prefix andare executed for the given container only.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">67Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~td width="7%"~~b>.stop</tdb>scripts,which are executed in a container context.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~ugid quota not initialized~~The followingaction scripts are currently defined: </pb> vps.premount</tdb>, <~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.premount</tdb><~~td width="4%"~~/p>

<pstyle="margin-left:22%;">71Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.~~</td>~~ <~~td width~~p style="7margin-left:11%;">vps.mount</tdb>,<~~td width="78%"~~i>CTID.mount

<p~~>Incorrect IP address format</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as <~~td width="11%"~~b>.premount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">74</pi>CTID</tdi><~~td width="7%"~~b>.start</tdb><~~td width="78%"~~/p>

<p~~>Error changing password</td></tr><tr valign="top" align~~style="margin-left:22%;">Right after <~~td width="11%"~~b>vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">78</pi>CTID</tdi><~~td width="7%"~~b>.stop</tdb><~~td width="78%"~~/p>

Right before vzctl hasstopped a container, it executes this script in a containercontext. vps.umount,CTID.umount Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst. vps.postumount,CTID.postumount Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umountscripts. The environmentpassed to all the *mount scripts is the standardenvironment of the parent (i.e. vzctl) with twoadditional variables: $VEID and $VE_CONFFILE.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files. Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount. <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</pre> == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror: <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 1</td><td width="7%"></td><td width="78%"> Failed to set a UBC parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 2</td><td width="7%"></td><td width="78%"> Failed to set a fair scheduler parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 3</td><td width="7%"></td><td width="78%"> Generic system error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 5</td><td width="7%"></td><td width="78%"> The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 6</td><td width="7%"></td><td width="78%"> Not enough system resources</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 7</td><td width="7%"></td><td width="78%"> ENV_CREATE ioctl failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 8</td><td width="7%"></td><td width="78%"> Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 9</td><td width="7%"></td><td width="78%"> Container is locked by another vzctlinvocation </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 10</td><td width="7%"></td><td width="78%"> Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 11</td><td width="7%"></td><td width="78%"> A vzctl helper script file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 12</td><td width="7%"></td><td width="78%"> Permission denied</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 13</td><td width="7%"></td><td width="78%"> Capability setting failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 14</td><td width="7%"></td><td width="78%"> Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 15</td><td width="7%"></td><td width="78%"> Timeout on vzctl exec</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 16</td><td width="7%"></td><td width="78%"> Error during vzctl suspend</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 17</td><td width="7%"></td><td width="78%"> Error during vzctl resume</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 18</td><td width="7%"></td><td width="78%"> Error from setluid() syscall</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 20</td><td width="7%"></td><td width="78%"> Invalid command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 21</td><td width="7%"></td><td width="78%"> Invalid value for command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 22</td><td width="7%"></td><td width="78%"> Container root directory (VE_ROOT) not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 23</td><td width="7%"></td><td width="78%"> Container private directory (VE_PRIVATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 24</td><td width="7%"></td><td width="78%"> Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 28</td><td width="7%"></td><td width="78%"> Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 29</td><td width="7%"></td><td width="78%"> OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 31</td><td width="7%"></td><td width="78%"> Container not running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 32</td><td width="7%"></td><td width="78%"> Container already running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 33</td><td width="7%"></td><td width="78%"> Unable to stop container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 34</td><td width="7%"></td><td width="78%"> Unable to add IP address to container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 40</td><td width="7%"></td><td width="78%"> Container not mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 41</td><td width="7%"></td><td width="78%"> Container already mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 43</td><td width="7%"></td><td width="78%"> Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 46</td><td width="7%"></td><td width="78%"> Not enough disk space</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td><td width="7%"></td><td width="78%"> Unable to create a new container private area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 49</td><td width="7%"></td><td width="78%"> Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr>

79148</td>

~~Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~82</td><td width="7%"></td><td width="78%">~~ ~~Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~86</td><td width="7%"></td><td width="78%">~~ Error setting ~~devices~~ container IO parameters (~~--devices or--devnodes~~ioprio)~~ </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~89</td><td width="7%"></td><td width="78%">~~ ~~IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~91</td><td width="7%"></td><td width="78%">~~ ~~OS template not found~~</td></tr>

~~100~~150</td>

~~Unable to find container IP address~~Ploop image file not found</td></tr>

~~104~~151</td>

~~VE_NETDEV ioctl error~~Error creating ploop image</td></tr>

~~105~~152</td>

~~Container start disabled~~Error mounting ploop image</td></tr>

~~106~~153</td>

~~Unable to set iptables on a running container~~Error unmounting ploop image</td></tr>

~~107~~154</td>

~~Distribution-specific configuration file not found~~Error resizing ploop image</td></tr>

~~109~~155</td>

~~Unable~~ Error converting container to ~~apply a config~~ploop layout</td></tr>

~~129~~156</td>

~~Unable to set meminfo parameter~~Error creating ploop snapshot</td></tr>

~~130~~157</td>

Error ~~setting veth interface~~merging ploop snapshot</td></tr>

~~131~~158</td>

Error ~~setting container name~~deleting ploop snapshot</td></tr>

~~133~~159</td>

~~Waiting for container start failed~~Error switching ploop snapshot</td></tr>

~~139~~166</td>

Error ~~saving container configuration file~~compacting ploop image</td></tr>

~~148~~167</td>

Error ~~setting container IO parameters (ioprio)~~listing ploop snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools