Changes

← Older edit

Man/vzctl.8

22,795 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID~~ [--ostemplate name][--config name][~~--~~root ~~parameter value</~~b><~~i>~~path]~~[~~--private path][--ipadd addr][--hostname name~~...] </td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] ~~set~~snapshot CTID ~~[--save][--setmode restart|ignore][--onboot yes|no]~~[--~~bootorder~~id ~~number][--root ~~uuid</~~b><~~i~~>path][--private path][--userpasswd user:pass][--disabled yes|no</b~~>]

[--name name]

[--description ~~string~~desc][--~~ipadd ~~skip-suspend</b~~>addr</i~~>][--~~ipdel ~~skip-config]<i/p>~~addr~~</itd>~~|all~~</btr>][<btr valign="top" align="left">~~--hostname ~~</btd width="11%">~~name~~</itd>][<btd width="7%">~~--nameserver addr]~~[<bp>~~--searchdomain ~~~~name~~vzctl</~~i>]~~[~~--netif_add ~~</~~b><i~~p>~~dev~~</itd>[,<itd width="2%">~~params~~</itd>~~...]][--netif_del dev|all~~</btd width="80%">]~~[--ifname dev[--mac ~~<ip>~~hwaddr]~~[~~--host_ifname ~~~~dev~~flags][snapshot-~~-host_mac ~~switch~~hwaddr~~CTID][--~~bridge name][~~skip-~~-mac_filter on~~resume|~~off]][~~--~~numproc ~~must-resume</b~~>items</i~~>][--~~numtcpsock ~~skip-config</b~~>items</i~~>][--~~numothersock ~~id~~items~~uuid][<b/p>~~--vmguarpages ~~</btd>~~pages~~</itr>][<~~b>--kmemsize </b~~tr valign="top" align="left"><itd width="11%">~~bytes~~</itd>][<btd width="7%">~~--tcpsndbuf bytes]~~[<bp>~~--tcprcvbuf ~~~~bytes~~vzctl</~~i>]~~[~~--othersockbuf ~~</bp>~~bytes~~</itd>][<btd width="2%">~~--dgramrcvbuf ~~</btd><~~i>bytes</i~~td width="80%">][<~~b>--oomguarpages </b~~p>[~~pages~~flags][snapshot-~~-lockedpages ~~delete~~pages~~CTID][--~~privvmpages ~~id~~pages~~uuid][<b/p>~~--shmpages ~~</btd>~~pages~~</itr>][<btr valign="top" align="left">~~--numfile ~~</btd width="11%">~~items~~</itd>][<btd width="7%">~~--numflock items]~~[<bp>~~--numpty ~~~~items~~vzctl</~~i>]~~[~~--numsiginfo ~~</bp>~~items~~</itd>][<btd width="2%">~~--dcachesize ~~</btd><itd width="80%">~~bytes~~ </ip>][~~--numiptent ~~~~num~~flags][snapshot-~~-physpages ~~mount~~pages~~CTID][--~~swappages ~~id~~pages~~uuid][--~~ram ~~target~~bytes][--swap ~~dir</~~b><~~i>~~bytes~~</ip>]~~[--cpuunits ~~</btd>~~num~~</itr>][<btr valign="top" align="left">~~--cpulimit ~~</btd width="11%">~~num~~</itd>][<~~b>--cpus </b~~td width="7%"> <~~i>num</i~~p>][~~--cpumask ~~vzctl~~cpus~~</ip>~~|all~~</btd>][<btd width="2%">~~--meminfo none~~</btd>|<itd width="80%">~~mode:value~~ </ip>][~~--iptables ~~~~name~~flags][snapshot-~~-netdev_add ~~umount~~ifname~~CTID][--~~netdev_del ~~id~~ifname~~uuid]~~[--diskquota yes~~</bp>~~|no~~</btd>]~~[--diskspace ~~</btr>~~num][--diskinodes ~~<itr valign="top" align="left">~~num]~~[<btd width="11%">~~--quotatime ~~</btd>~~seconds][--quotaugidlimit ~~<itd width="7%">~~num][--noatime yes|no]~~[<bp>~~--capability ~~~~capname~~vzctl</~~i>:<~~b>on</bp>~~|off~~</btd>][<btd width="2%">~~--devnodes ~~</btd><itd width="80%">~~param]~~[<bp>~~--devices param]~~[~~--pci_add ~~~~dev~~flags][snapshot-~~-pci_del ~~list~~dev~~CTID][-~~-features param:on|off~~H][-~~-applyconfig ~~o~~name~~field][~~--applyconfig_map ~~,~~group~~field...][--~~ioprio ~~id~~num~~uuid] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%">

vzctl</td>

[flags] ~~exec | exec2~~set CTID~~command~~ [<ib>~~arg~~--reset_ub</ib> ~~...]~~</td></tr>

[flags] ~~runscript~~console CTID ~~script~~[ttynum]</td></tr>

[flags] convert CTID[--~~help~~layout ploop[:{expanded|plain | ~~--version~~raw}]]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] compact CTID</td></tr><tr valign="top" align="~~margin-~~left~~:11%; margin-top: 1em~~">~~Utility~~<btd width="11%">~~vzctl~~</btd> ~~runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs).~~</ptd width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] exec | exec2 CTIDcommand [arg ...]</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] enter CTID[--exec command~~, and can be used with any command~~ [arg ... ~~They affect~~]] </td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] runscript CTID script</td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ ~~VERBOSE~~--help ~~parameter in theglobal configuration file [[Man/vz.conf.5~~|~~vz.conf~~--version~~(5)]], or to~~ <b/p>0~~if not set by <b~~td>~~VERBOSE~~</btr> ~~parameter.~~</ptable>

==~~= Setting container parameters~~ DESCRIPTION == Utilityvzctl runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs).

~~set~~ Containers canbe referred to by either numeric CTID~~parameters~~ [or by name (see--~~save~~name~~] [~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes. A numeric ID shouldnot be more than ~~--force~~2147483644].

~~This command sets variouscontainer parameters. If a --save flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Use --force to save theparameters even if the current kernel doesn’t supportOpenVZ. If the container is currently running, vzctlapplies these parameters to the container.~~= OPTIONS ==

~~The followingparameters can be used with set command.~~== Flags ===

These flags come before acommand, and can be used with any command. They affectlogging to console (terminal) only, and do not affectlogging to a log file.

--~~onboot yes |no~~quiet

~~Sets whether the container willbe started during system boot~~Disables output. ~~The container will not be~~Note that~~auto-started unless this parameter is set~~ scripts run by vzctl are still able to ~~yes~~produce someoutput.

--~~bootorder~~verbose~~number</i~~>

~~Sets~~ Increments logging level upfrom the ~~boot order priority~~default. Can be used multiple times. Default value~~for this CT. The higher~~ is set to the value of <ib>~~number~~VERBOSE</ib> ~~is,~~ parameter in the ~~earlier inthe boot process this container starts~~global configuration file [[Man/vz.conf.5|vz. ~~By default thisparameter is unset~~conf(5)]], ~~which is considered~~ or to ~~be the lowest~~0~~priority, so containers with unset~~ if not set by ~~bootorder~~VERBOSE ~~willstart last~~parameter.

~~--root path~~== Setting container parameters ===

<~~p style~~table width="~~margin-left:17~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~Sets the path to root directory~~(<btr valign="top" align="left">~~VE_ROOT) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string~~ <btd width="11%">~~$VEID~~</btd>~~, which will besubstituted with the numeric CT ID.~~</ptd width="4%">

~~--private~~set</td><itd width="2%">~~path~~</itd></ptd width="83%">

CTID[--onboot yes|no][--bootorder number][--root "~~Sets the~~ path to ][--private path][--mount_opts options][--userpasswd user:pass][--disabled yes|no][--name name][--description string][--ostemplate string][--stop-timeout seconds][--ipadd addr][--ipdel addr|all][--hostname name][--nameserver addr]~~directory (~~[~~VE_PRIVATE~~--searchdomain ~~) for this container~~name][--netif_add dev[,params. ~~This is a~~..]]~~directory in which~~ [--netif_del dev|all ~~the container~~][--ifname dev[--mac hwaddr][--host_ifname dev][--host_mac hwaddr][--bridge name][--mac_filter on|off]][--numproc&~~rsquo~~nbsp;~~s files are~~items]~~stored. Argument can contain literal string~~ [~~$VEID~~--numtcpsock ,items]~~which will be substituted with the numeric CT ID.~~[--numothersock items</pi>][--vmguarpages pages][<~~p style="margin~~b>--~~left:11%~~kmemsize "bytes][--~~userpasswd~~tcpsndbuf bytes][--tcprcvbuf ~~user~~bytes:][--othersockbuf ~~password~~bytes][--dgramrcvbuf </pb>bytes][--oomguarpages pages][<~~p style="margin~~b>--~~left:17%~~lockedpages "pages~~Sets password for the given~~]~~user in a container, creating the user if it does not~~[--privvmpages pages]~~exists. Note that this option is not saved in configuration~~[--shmpages pages]~~file at all (so~~ [--~~save~~numfile  ~~flag is useless), it is~~items]~~applied to the container (by modifying its~~ [--numflock </~~etc~~b>items</~~passwd and~~i>][--numpty items</~~etc~~i>][--numsiginfo </~~shadow files).~~b>items][--dcachesize bytes</pi>][--numiptent num][<~~p style="margin~~b>--~~left:17%~~physpages  ~~margin~~pages][--~~top: 1em"~~swappages pages~~In case~~]~~container root filesystem is not mounted, it is~~[--ram bytes]~~automatically mounted, then all the appropriate file changes~~[--swap bytes]~~are applied, then it is unmounted.~~[--vm_overcommit float</pi>][--cpuunits num][<~~p style="margin~~b>--~~left:17%~~cpulimit  ~~margin~~num][-~~top: 1em"~~-cpus num~~Note that~~]~~container should be created before using this option.~~[--cpumask cpus|auto|all</pb>][--nodemask nodes|all][<~~p style="margin~~b>--~~left~~meminfo none|mode:~~11%~~value][--iptables "name[,...]][--netfilter disabled ~~yes~~ |stateless|stateful|full][no--netdev_add ifname</pi>][--netdev_del ifname][--diskquota yes|no<~~p style="margin~~/b>][--~~left:17%~~diskspace "num~~Disable container start. To~~]~~force the start of a disabled container, use~~ [--diskinodes ~~vzctl start~~num][--~~force~~quotatime .seconds</pi>][--quotaugidlimit num][<~~p style="margin~~b>--~~left~~capability capname:~~11%~~on|off[,...]][--devnodes "param][--~~name~~devices  ~~name~~param][--pci_add dev</pi>][--pci_del dev][<~~p style="margin~~b>--~~left:17%~~features "~~Add a~~ name ~~for a container~~:on|off[,... ~~The~~]][--applyconfig name ~~can later be used in subsequent calls to~~][~~vzctl~~--applyconfig_map  ~~in place of~~ ~~CTID~~group][--ioprio .num</pi>][--iolimit mbps][<~~p style="margin~~b>--~~left:11%~~iopslimit "iops] [--save][--force] [--~~description~~reset_ub][<ib>--setmode restart|~~string~~ignore</ib>] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%">

~~Add a textual description for a~~This command sets various container parameters. If thecontaineris currently running, vzctl applies theseparameters to the container. The following options can beused with set command.</td></tr></table>

~~--setmoderestart|ignore~~=== Flags ====

~~Whether to restart a containerafter applying parameters that require the container to berestarted in order to take effect.~~--save

If this flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]].

--~~ipadd~~force</b~~> addr</i~~>

~~Adds an IP address~~ If this flag is given togetherwith <ib>~~addr~~--save</ib>, parameters are saved even if the current~~to a given container~~kernel doesn’t support OpenVZ. ~~Address can optionally have a netmask~~Note this flag does not~~specified in the CIDR notation (e.g.~~ make sense without ~~10.1.2.3/25~~--save).~~Note that this option is incremental~~, so <ib>~~addr~~--save</ib> ~~are~~is~~added to already existing ones~~required.

--~~ipdel addr |all~~reset_ub

~~Removes IP address~~ If this flag is given,<ib>~~addr~~vzctl</ib>applies all User Beancounter parameters from~~from~~ the configuration file to a running container. ~~If you want to remove all the addresses~~This ishelpful in case configuration file is modified manually.Please note this flag is exclusive,i.e. it can not be~~use --ipdel all~~combined with any other options or flags.

--~~hostname~~setmode restart|<ib>~~name~~ignore</ib>

~~Sets~~ A few parameters can only beapplied by restarting the container ~~hostname~~.By default,vzctl ~~writes it~~ prints a warning if such parameters aresupplied and a container is running. Use --setmoderestart together with --save flag to ~~the appropriate file inside~~ restart acontainer ~~(distribution~~in such a case, or -~~dependent)~~-setmode ignore tosuppress the warning.

~~--nameserveraddr~~=== Miscellaneous ====

~~Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use~~ --~~nameserver~~onboot yes ~~option~~|~~multiple times in one call to~~ ~~vzctl~~no~~, as all the nameserver values set in previous calls to vzctl areoverwritten.~~

Sets whether the container willbe started during system boot. The container will be startedon boot by vz initscript if either this parameter isset to ~~--searchdomain~~yes, or the container was running just beforelast reboot, and this parameter is not set to <ib>~~name~~no</ib>.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

~~Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use~~ --~~searchdomain~~bootorder ~~optionmultiple times in one call to~~ <bi>~~vzctl~~number</bi>~~, as all thesearch domain values set in previous calls to vzctlare overwritten.~~

~~--netif_add~~Sets the boot order priorityfor this CT. The higher the ~~ifname[~~numberis,~~mac~~the earlier inthe boot process this container starts. By default thisparameter is unset,~~host_ifname~~which is considered to be the lowestpriority,so containers with unset <ib>~~host_mac~~bootorder</~~i>,bridge]</i~~b>willstart last.

~~Adds a virtual Ethernet device(veth) to a given container. Here~~ <~~i>ifname is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and <i~~b>~~host_mac~~--root</~~i> is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge</i~~b> ~~is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except~~ ~~ifname~~path~~are optional and are automatically generated if notspecified.~~

Sets the path to root directory(~~--netif_del~~VE_ROOT) for this container. This is essentially a~~dev_name |~~ mount point for container’s root directory. Argumentcan contain literal string ~~all~~$VEID, which will besubstituted with the numeric CT ID.

~~Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~~~all~~--private.path

Sets the path to privatedirectory (VE_PRIVATE) for this container. This is adirectory in which all the container’s files arestored. Argument can contain literal string $VEID,which will be substituted with the numeric CT ID.

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ --~~ifname~~mount_opts ~~name~~option ~~option.~~ [~~ --mac~~, ~~XX:XX:XX:XX:XX:XX~~option...]

~~MAC address of interface inside~~Sets additional mount optionsa for containerfile system. Only applicable for plooplayout, ignored otherwise.

--~~host_ifname~~userpasswd~~name~~user:password

~~interface name~~ Sets password for ~~virtual~~the givenuser in a container, creating the user if it does not~~interface~~ exists. Note that this option is not saved in configurationfile at all (so --save flag is useless), it isapplied directly to the container, by runningdistribution-specific programs inside the container. It isnot recommended to combine this option with any otheroptions. In casecontainer was not running, it is automatically started thenall the ~~host system~~appropriate changes are applied, then it isstopped.

~~--host_mac~~Note that~~XX:XX:XX:XX:XX:XX~~container should be created before using this option.

~~MAC address of interface in the~~--disabled yes |~~host system.~~no

Disable container start. Toforce the start of a disabled container, use vzctl start--~~bridge~~force ~~name~~.

~~Bridge~~ --name~~. Custom networkstart scripts can use this value to automatically add theinterface to a bridge.~~ name

Add a name for a container. Thename can later be used in subsequent calls to~~--mac_filter on~~vzctl |in place of CTID. Note this option cannot be used without ~~off~~--save.

~~Enables~~--description</~~disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from inside~~b>~~the Container. If the filtering is turned on:~~ <bri>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ string<br/i>~~• it is impossible to modify the veth MAC address frominside the Container.~~

~~By default,this functionality is enabled~~ Add a textual description for ~~all veth devices existing~~a~~inside the Container~~container.

--ostemplatestring

~~The following~~Sets a new value of~~options sets memory and swap limits for VSwap-enabled~~OSTEMPLATE parameter in container configuration file~~kernels~~ [[Man/ctid.conf.5|ctid.conf(~~kernel version 042stab042 or greater~~5)]]. Requires --save flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.

--stop-~~top: 1em"~~timeout~~Argument is inbytes, with an optional suffix. Available suffixes are:~~seconds

<~~table width~~p style="~~100~~margin-left:17%;" ~~border="0" rules="none" frame="void"~~>Sets a time to wait for ~~cellspacing="0" cellpadding="0"~~container to stop on vzctl stop<~~tr valign="top" align="left"~~/b>before forciblykilling it, in seconds. Note this option can not be usedwithout <~~td width="11%"~~b>--save</tdb>flag.<~~td width="6%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Special valueof ~~T, t~~0means to use compiled-in default.</p~~></td><td width="5%"></td><td width="44%"~~>

~~terabytes;</td><td width~~=~~"34%"></td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Networking ====~~"6%">~~

<pstyle="margin-left:11%;">G--ipadd, <bi>gaddr</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<pstyle="margin-left:17%;">~~gigabytes;~~Adds an IP address </pi>addr</tdi>to a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g. <~~td width="34%"~~b><10.1.2.3/~~td>~~25</trb>).Note that this option is incremental, so <~~tr valign="top" align="left"><td width="11%"~~i>addr</tdi>areadded to already existing ones.<~~td width="6%"~~/p>

<pstyle="margin-left:11%;">M--ipdel, <bi>maddr</bi>|</pb>all</~~td><td width="5%"~~b></~~td><td width="44%"~~p>

<p~~>megabytes;</td><td width~~style="34margin-left:17%;">Removes IP address <~~/td~~i>addr</tri>~~<tr valign="top" align="left">~~from a container. If you want to remove all the addresses,use <~~td width="11%"~~b>--ipdel all</tdb>.<~~td width="6%"~~/p>

<pstyle="margin-left:11%;">K--hostname, <bi>kname</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>kilobytes;</td><td width~~style="34margin-left:17%;">Sets container hostname.<~~/td~~b>vzctl</~~tr><tr valign="top" align="left"~~b>writes it to the appropriate file inside a~~<td width="11%">~~container (distribution-dependent).</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">P--nameserver, <bi>paddr</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<pstyle="margin-left:17%;">~~memory pages (arch-specific)~~Sets DNS server IP address fora container.If you want to set several nameservers, youshould do it at once, so use </pb>--nameserver</tdb>optionmultiple times in one call to vzctl<~~td width="34%"~~/b>, as all the nameserver values set in previous calls to <~~/td~~b>vzctl</trb>areoverwritten.</~~table~~p>

A special valueof ~~--ram~~inherit can be used to auto-propagate nameservervalue(s) from the host system’s<ib>~~bytes~~/etc/resolv.conf</ib>file.

~~Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting~~ --~~physpages~~searchdomain ~~limit (the barrier is set to0).~~name

Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use --~~swap~~searchdomain optionmultiple times in one call to <ib>~~bytes~~vzctl</ib>, as all thesearch domain values set in previous calls to vzctlare overwritten.

~~Set swap space available~~ A special valueof inherit can be used to aauto-propagate search~~container. Actually,~~ domain value(s) from the ~~option is a shortcut for setting~~host system’s~~--swappages~~/etc/resolv.conf ~~limit (the barrier is set to 0)~~file.

--~~top: 1em"~~netif_add~~Here is anexample of setting container 777 to have 512 megabytes ofRAM and 1 gigabyte of swap:~~ifname[,mac,host_ifname,host_mac,bridge]

<~~pre~~ p style="margin-left:1117%;"> ~~vzctl set 777 --ram 512M --swap 1G --save~~Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified.</~~pre~~p>

--netif_deldev_name | all Removes virtual Ethernet devicefrom a container. If you want to remove all devices, useall. == ~~User Beancounter limits~~ == veth interface configuration ====

The following

options ~~sets barrier and limit for various user~~can be used to reconfigure the already-created~~beancounters~~virtual Ethernet interface.To select the interface toconfigure, use --ifname name option. --mac XX:XX:XX:XX:XX:XX

~~Note that for~~MAC address of interface inside~~VSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --ram and--swap (see above). For older kernels, these limits areobligatory~~a container.

~~Each optionrequires one or two arguments. In case of one argument,~~~~vzctl~~--host_ifname ~~sets barrier and limit to the same value. Incase of two colon-separated arguments, the first is abarrier, and the second is a limit. Each argument is eithera number, a number with a suffix, or a special value~~<bi>~~unlimited~~name</bi>.

~~Arguments are~~interface name for virtualinterface in ~~items, pages or bytes. Note that page size isarchitecture-specific, it is 4096 bytes on x86 and x86_64platforms~~the host system.

~~You can alsospecify different suffixes for~~ ~~set parameters (exceptfor the parameters which names start with num~~--host_mac~~). Forexample, vzctl set~~ ~~CTID~~XX:XX:XX:XX:XX:XX ~~--privvmpages5M:6M should set privvmpages’ barrier to 5megabytes and its limit to 6 megabytes.~~

~~Available~~MAC address of interface in the~~suffixes are:~~host system.

<~~table width~~p style="~~100~~margin-left:22%; margin-top: 1em" ~~border="0" rules="none" frame="void"~~>If you want an ~~cellspacing="0" cellpadding="0">~~independent communication with the Container through the~~<tr valign="top" align="left">~~bridge, you should specify a multicast MAC address here~~<td width="11%">~~(FE:FF:FF:FF:FF:FF).</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">T--bridge, <bi>tname</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>terabytes;</td><td width~~style="34margin-left:22%;">Bridge name. Custom network~~</td></tr>~~start scripts can use this value to automatically add the~~<tr valign="top" align="left"><td width="11%">~~interface to a bridge.</~~td><td width="6%"~~p>

<pstyle="margin-left:11%;">G--mac_filter on, |goff</p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>gigabytes~~style="margin-left:22%;~~</p~~"><Enables/~~td>~~disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container. If the filtering is turned on: <~~td width="34%"~~br>• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); <~~/td~~br>• it is impossible to modify the veth MAC address frominside the Container.</trp> <~~tr valign~~p style="margin-left:22%; margin-top~~" align="left~~: 1em">By default,this functionality is enabled for all veth devices existing~~<td width="11%">~~inside the Container.</~~td><td width="6%"~~p>

~~M, m</td><td width~~=~~"5%"></td><td width~~=~~"44%">~~== VSwap limits ====

<p~~>megabytes;</td><td width~~style="34margin-left:11%; margin-top: 1em">The following~~</td></tr>~~options sets memory and swap limits for VSwap-enabled~~<tr valign="top" align="left"><td width="11%">~~kernels (kernel version 042stab042 or greater).</~~td><td width="6%"~~p>

<p~~>K, k</td><td width~~style="5margin-left:11%; margin-top: 1em">Argument is inbytes, unless otherwise specified by an optional suffix.Available suffixes are:</~~td><td width="44%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k- kilobytes; • P, p></tdb>- memory pages (arch-specific,usually 4KB); <~~td width="34%"~~br>• B</tdb>, b</trb>- bytes (this is the default).<~~tr valign="top" align="left"~~b> --ram<~~td width="11%"~~/b> bytes</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:22%;">~~P~~Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting p--physpageslimit (the barrier is set to0).</p~~></td><td width="5%"></td><td width="44%"~~>

<pstyle="margin-left:11%;">~~memory pages (arch-specific).~~</pb>--swap</tdb><~~td width="34%"~~i>bytes</tdi></~~tr></table~~p>

Set swap space available to acontainer. Actually, the option is a shortcut for setting--swappages limit (the barrier is set to 0). ~~You can alsospecify the literal word~~ ~~unlimited~~--vm_overcommit ~~in place of anumber~~float Set VM overcommitment value tofloat. ~~In that case the corresponding value will be~~ If set , it is used tocalculate~~LONG_MAX~~privmmpages~~, i~~parameter in case it is not setexplicitly (see below). ~~e. the maximum possible~~ Default value. is 0<br/b>, meaningunlimited privvmpages. ~~items~~vzctl</ib>[:checks if running kernel is VSwap capable, and refuses touse these parameters otherwise. This behavior can beoverriden by using <ib>~~items~~--force</ib>]flag beforeparameters.

~~Maximum number of processes~~ In VSwap mode,all beancounters other than RAM andswap become optional.Note though that if some optional beancounters are not set,~~kernel-level threads. Setting the barrier~~ they are calculated and set by vzctl implicitly, using the ~~limit todifferent values does not make practical sense.~~following formulae:

~~--numtcpsock~~•lockedpages.barrier = oomguarpages.barrier = ram~~items[:items]~~

~~Maximum number of TCP sockets.This parameter limits the number of TCP connections and,thus, the number of clients the server application can~~•~~handle in parallel~~lockedpages. ~~Setting the barrier and the~~ limit to~~different values does not make practical sense~~= oomguarpages.limit = unlimited

~~--numothersock~~•vmguarpages.barrier = vmguarpages.limit = ram + swap~~items[:items]~~

~~Maximum number of non-TCP~~•~~sockets (local sockets, UDP and other types of sockets)~~privvmpages.~~Setting the~~ barrier ~~and the~~ = privvmpages.limit ~~to different values does~~= (ram + swap) *~~not make practical sense.~~vm_overcommit

(if~~--vmguarpages~~vm_overcommitis <ib>~~pages~~0</ib>[:or not set,<ib>~~pages~~privvmpages</ib>]is set to "unlimited")

~~Memory allocation guarantee.This parameter controls how much memory~~ Here is ~~available to a~~an~~container. The barrier is the amount~~ example of ~~memory that~~setting container~~’s applications are guaranteed to be able~~ 777 tohave 512 megabytes of~~allocate. The meaning~~ RAM and 1 gigabyte of ~~the limit is currently unspecified;it should be set to unlimited.~~swap:

~~~~ vzctl set 777 --ram 512M --swap 1G --~~kmemsizebytes[:bytes]~~save</ppre>

~~Maximum amount of kernel memoryused. This parameter is related to --numproc. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep thekmemsize usage under the limit.~~=== User Beancounter limits ====

~~--tcpsndbuf~~The followingoptions sets barrier and limit for various user~~bytes[:bytes]~~beancounters.

~~Maximum size~~ Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --ram and--swap (see above). For older kernels, these limitsare obligatory. Each optionrequires one or two arguments. In case of ~~TCP send~~one argument,~~buffers~~vzctl sets barrier and limit to the same value. ~~Barrier should be not less than 64 KB~~Incase of two colon-separated arguments, ~~and~~the first is a~~difference between~~ barrier , and the second is a limit ~~should be equal to~~ . Each argument is eithera number, a number with a suffix, ora special value~~more than value of~~ ~~numtcpsock~~unlimited ~~multiplied by 2.5~~KB.

~~--tcprcvbuf~~Arguments are~~~~in items, pages or bytes~~[:~~. Note that page size isarchitecture-specific, it is 4096 bytes~~]~~on x86 and x86_64platforms.

~~Maximum size of TCP receive~~You can also~~buffers~~specify different suffixes for User Beancounter parameters(except for those which names start with num). ~~Barrier should be not less than 64 KB~~Forexample, ~~and~~vzctl set CTID --privvmpages~~difference between barrier and limit~~ 5M:6M should ~~be equal to ormore than value of~~ set ~~numtcpsock~~privvmpages ~~multiplied by 2.~~’ barrier to 5KBmegabytes and its limit to 6 megabytes.

~~--othersockbuf~~Available~~bytes[~~suffixes are:~~bytes]~~

~~Maximum size of other (non~~•T, t -~~TCP)~~terabytes; ~~socket send buffers. If container~~&~~rsquo~~bull; G, g - gigabytes;~~s processes needs to~~ ~~send very large datagrams~~• M, ~~the barrier should be set~~m - megabytes; ~~accordingly. Increased limit is necessary for high~~• K, k - kilobytes; ~~performance of communications through local~~ • P, p - memory pages (~~UNIX~~arch-~~domain~~specific,usually 4KB); ~~sockets~~• B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~dgramrcvbuf~~numproc~~bytes~~items[:~~bytes~~items]

Maximum ~~size~~ number of ~~other (non-TCP)socket receive buffers. If container’s~~ processes ~~needs~~and~~to receive very large datagrams, the barrier should be setaccordingly~~kernel-level threads. ~~The difference between~~ Setting the barrier and thelimit to~~limit is~~ different values does not ~~needed~~make practical sense.

--~~oomguarpages~~numtcpsock~~pages~~items[:~~pages~~items]

~~Guarantees against OOM kill~~Maximum number of TCP sockets.~~Under this beancounter the kernel accounts~~ This parameter limits the ~~total amount~~number of ~~memory~~ TCP connections and ~~swap space used by~~ ,thus, the ~~container’sprocesses. The barrier~~ number of ~~this parameter is~~ clients theserver application can~~out-of-memory guarantee~~handle in parallel. If Setting the ~~oomguarpages usage isbelow~~ barrier and the ~~barrier, processes of this container are~~limit to~~guaranteed~~ different values does not ~~to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto unlimited~~make practical sense.

--~~lockedpages~~numothersock~~pages~~items[:~~pages~~items]

Maximum number of ~~pages~~non-TCP~~acquired by mlock~~sockets (2local sockets, UDP and other types of sockets).Setting the barrier and the limit to different values doesnot make practical sense.

--~~privvmpages~~vmguarpages

pages[:pages]

~~Allows controlling~~ Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amountof memory ~~allocated by the~~ thatcontainer’s applicationsare guaranteed to be able toallocate. ~~For shared (mapped~~The meaning of the limit is currently unspecified;as it should be set to ~~MAP_SHARED~~unlimited~~) pages, each container really using a~~.~~memory page is charged for the fraction of the page(depending on the number of others using it). For&quot~~~~MAP_PRIVATE~~--kmemsize~~), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.~~bytes[:bytes]

Maximum amount of kernel memoryused. This parameter is related to -~~top: 1em"~~-numproc~~The~~ . Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier andthe limit of this parameter ~~control~~ : equalbarrier and limit may lead to the ~~upper boundary of~~situation where the ~~total size of allocated memory. Note that this upper~~kernel~~boundary does not guarantee that container~~ will ~~be able~~ need to~~allocate that much memory. The primary mechanism~~ kill container’s applications to ~~control~~keep the~~memory allocation is the~~ ~~--vmguarpages~~kmemsize ~~guarantee~~usage under the limit.

--~~shmpages~~tcpsndbuf~~pages~~bytes[:~~pages~~bytes]

Maximum ~~IPC SHM segment~~ sizeof TCP sendbuffers.Barrier should be not less than 64 KB, and~~Setting the~~ difference between barrier and ~~the~~ limit should be equal to ~~different values does~~ormore than value of numtcpsock multiplied by 2.5~~not make practical sense~~KB.

--~~numfile~~tcprcvbuf~~items~~bytes[:~~items~~bytes]

Maximum ~~number~~ size of ~~open files~~TCP receivebuffers.Barrier should be not less than 64 KB, and~~In most cases the~~ difference between barrier and ~~the~~ limit should be ~~set~~ equal to ~~the~~or~~same~~ more than value~~. Setting the barrier to~~ of 0numtcpsock ~~effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise but~~multiplied by 2.5~~could slightly degrade file open performance~~KB.

--~~numflock~~othersockbuf~~items~~bytes[:~~items~~bytes]

Maximum ~~number~~ size of ~~file locks~~other (non-TCP)socket send buffers.If container’s processes needs to~~Safety gap~~ send very large datagrams, the barrier should be ~~between barrier and~~ setaccordingly. Increased limitis necessary for highperformance of communications through local (UNIX-domain)sockets.

--~~numpty~~dgramrcvbuf~~items~~bytes[:~~items~~bytes]

~~Number~~ Maximum size of ~~pseudo~~other (non-~~terminals~~TCP)~~(PTY)~~socket receive buffers. ~~Note that in OpenVZ each~~ If container ~~can have not more~~’s processes needsto receive very large datagrams, the barrier should be set~~than 255 PTYs~~accordingly. ~~Setting~~ The difference between the barrier and the limit to~~different values does~~ is not ~~make practical sense~~needed.

--~~numsiginfo~~oomguarpages~~items~~pages[:~~items~~pages]

~~Number~~ Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of ~~siginfo structures~~-memory guarantee.If the oomguarpages usage is~~Setting~~ below the barrier ~~and the~~ , processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto ~~different values doesnot make practical sense~~unlimited.

--~~dcachesize~~lockedpages~~bytes~~pages[:~~bytes~~pages]

Maximum ~~size~~ number ofpages~~filesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit~~acquired by mlock(2).

--~~numiptentnum[:num]~~ ~~Number of iptables (netfilter)entries. Setting the barrier and the limit to differentvalues does not make practical sense.~~ ~~--physpages~~privvmpages

pages[:pages]

~~On VSwap-enabled kernels, thislimits~~ Allows controlling the amount of ~~physical~~ memory allocated by the applications. For shared (~~RAM~~mappedas MAP_SHARED) ~~available to~~ pages, each container really using a~~container~~memory page is charged for the fraction of the page(depending on the number of others using it). ~~The barrier should be set to~~ For"potentially private" pages (mapped as0MAP_PRIVATE), ~~and~~ container is charged either for afraction of the size or for thefull size if the allocated~~limit to a total size of RAM that can~~ address space. In the latter case, the physical pagesassociated with the allocated address space may be ~~used used by a~~in~~container~~memory, in swap or not physically allocated yet.

~~For older~~The barrier and~~kernels,~~ the limit of this ~~is an accounting-only~~ parameter~~, showing~~ control theupper boundary of~~usage~~ the total size of ~~RAM by~~ allocated memory. Note that this upperboundary does not guarantee that container~~. Barrier should~~ will be ~~set~~ able to~~0, and limit should be set~~ allocate that much memory. The primary mechanism to controlmemory allocation is the ~~unlimited~~--vmguarpagesguarantee.

--~~swappages~~shmpages

pages[:pages]

~~For VSwap-enabled kernels~~Maximum IPC SHM segment size.~~(042stab042 or greater), this parameter limits~~ Setting the ~~amount of~~barrier and the limit to different values does~~swap space available to a container~~not make practical sense. ~~The barrier should be~~ ~~set to~~ 0--numfile~~, and the limit to a total size of swap thatcan be used by a container.~~items[:items]

~~For older~~Maximum number of open files.~~(pre-VSwap) kernels,~~ In most cases the barrier and the limit ~~is used~~ should be set to ~~show a total~~the~~amount of swap space available inside~~ same value. Setting the ~~container. The~~barrier ~~of this parameter is ignored. The default value is~~to ~~unlimited~~0effectivelydisables pre-charging optimization for this beancounter inthe kernel, ~~meaning total swap will be reported as~~which leads to the held value being precise but0could slightly degrade file open performance.

--numflockitems[:items]

~~These~~Maximum number of file locks.~~parameters control CPU usage by container~~Safety gap should be between barrier and limit. ~~ --cpuunits num~~

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--numpty ~~are not specified,default value of 1000 is used.~~items[:items]

~~You can set CPU~~Number of pseudo-terminals~~weight for CT0 (host system itself) as well~~ (~~use vzctlset 0 --cpuunits num~~PTY). ~~Usually,~~ Note that in OpenVZ ~~initscript~~each container can have not more~~(/etc/init~~than 255 PTYs.~~d/vz) takes care of setting this~~Setting the barrier and the limit todifferent values does not make practical sense.

--~~cpulimit~~numsiginfo~~num~~items[:<bi>%items</bi>]

~~Limit~~ Number of ~~CPU usage for~~ siginfo structures.Setting the~~container, in per cent. Note if~~ barrier and the ~~computer has 2 CPUs, ithas total of 200% CPU time. Default CPU~~ limit ~~is 0~~to different values does~~(no CPU limit)~~not make practical sense.

--~~cpus~~dcachesize ~~num~~bytes[:bytes]

~~sets number~~ Maximum size of ~~CPUs availablein the container~~filesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.

--~~cpumask~~numiptent ~~cpus~~num |[:<bi>~~all~~num</bi>]

~~sets list~~ Number of ~~allowed CPUs for~~iptables (netfilter)~~the container~~entries. ~~Input format is a comma-separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen-separated decimal numbers,~~ Setting the ~~smallest~~ barrier and~~largest bit numbers set in~~ the ~~range. For example, if youwant the container~~ limit to ~~execute on CPUs 0, 1, 2, 7, you shouldpass 0-2,7. Default value is all (the~~different~~container can execute on any CPU)~~values does not make practical sense.

--physpagespages[:pages]

~~For~~On VSwap-enabled kernels ~~(042stab042 or greater)~~, this~~parameter is ignored. For older kernels, it controls~~ limits the~~output~~ amount of ~~/proc/meminfo inside~~ physical memory (RAM) available to a container. The barrier should be set to ~~ --meminfo none~~0, and thelimit to a total size of RAM that can be used used by acontainer.

No For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to0</~~proc~~b>, and limit should be set to unlimited</~~meminfo virtualization(the same as on host system)~~b>.

--~~meminfo~~swappages~~mode~~pages[:~~value~~pages]

~~Configure total memory output~~For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofin swap space available to a container. ~~Reported free memory is evaluated~~The barrier should be~~accordingly to the mode being~~ set~~. Reported swap isevaluated according~~ to ~~the settings of~~ ~~--swappages~~0, and the limit to a total size of swap that~~parameter~~can be used by a container.

~~You can use~~ For older(pre-VSwap) kernels, thelimit is used to show a total~~following modes for mode: ~~amount of swap space available inside the container. The~~• pages:~~barrier of this parameter is ignored. The default value~~ - sets total memory inpages; ~~is~~•~~ ~~privvmpages~~unlimited~~:value - sets~~ , meaning total ~~memory~~swap will be reported as~~as privvmpages * value~~0.

~~Default isprivvmpages:1.~~=== CPU fair scheduler parameters ====

Theseparameters control ~~parameters ====~~CPU usage by container. --cpuunits num

CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If ~~--iptables~~cpuunitsare not specified,~~name~~default value of 1000 is used.

~~Allow to~~ You can set CPUweight for CT0 (host system itself) as well (use ~~the functionality~~vzctlof set 0 --cpuunits ~~name~~num ~~iptables module inside the container~~). ToUsually, OpenVZ initscript~~specify multiple~~ (<ib>~~name~~/etc/init.d/vz</ib>~~s, repeat --iptables for each,or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces~~)takes care of setting this.

~~The defaultlist of enabled iptables modules is specified by the~~~~IPTABLES~~--cpulimit ~~variable in~~ num[~~[Man/vz.conf.5|~~~~vz.conf~~%~~(5)]~~].

~~You can use~~ Limit of CPU usage for the~~following values for name: iptable_filter,iptable_mangle~~container, ~~ipt_limit~~in per cent. Note if the computer has 2 CPUs,ithas total of 200% CPU time. Default CPU limit is ~~ipt_multiport, ipt_tos~~0~~, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner~~(no CPU limit).

--cpus num

~~--netdev_add~~sets number of CPUs available~~name~~in the container.

~~move network device from the~~--cpumask cpus |~~host system to a specified container~~auto | all

Sets list of allowed CPUs forthe container. Input format is a comma-separated list ofdecimal numbers and/or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example, ifyou want the container to execute on CPUs 0, 1, 2, 7, youshould pass 0-2,7. Default value is all (thecontainer can execute on any CPU). If used with the--~~netdev_del~~nodemaskoption, value of <ib>~~name~~auto</ib>assigns allCPUs from the specified NUMA node to a container.

~~delete network device from a~~--nodemask nodes~~specified container~~| all

Sets list of allowed NUMA nodesfor the container. Input format is the same as for--cpumask. Note that --nodemask must be usedwith the --cpumask option.

~~--diskquota yes |no~~=== Memory output parameters ====

~~allows to enable~~ ForVSwap-enabled kernels (042stab042 or ~~disable~~greater), this~~disk quota for a container~~parameter is ignored. ~~By default~~For older kernels, ~~a global value~~it controls the~~(DISK_QUOTA<~~output of /~~b>) from [[Man~~proc/vzmeminfo inside a container.~~conf.5|~~~~vz.conf~~ --meminfo none~~(5)]] is used.~~

~~--diskspace<~~No /proc/b>meminfo virtualization~~num[:num]~~(the same as on host system).

~~sets soft and hard disk quotalimits, in blocks. First parameter is soft limit, second ishard limit. One block is currently equal to 1Kb. Suffixes~~G--meminfo, <bi>Mmode</bi>, :<bi>Kvalue</bi> ~~can also be specified (seeResource limits section for more info onsuffixes).~~

Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of --~~diskinodes~~swappages~~num[:num]~~parameter.

You can use thefollowing modes for mode: • pages:value - sets ~~soft and hard disk quota~~total memory in~~limits, in~~ pages; • privvmpages:value -~~nodes. First parameter is soft limit, second is~~sets total memory~~hard limit~~as privvmpages * value.

Default is~~--quotatime~~privvmpages:1~~seconds~~.

~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~=== Netfilter (iptables) control parameters ====

--~~quotaugidlimit~~netfilter disabled|<ib>stateless|stateful|~~num~~full</ib>

~~sets maximum number of~~Restrict access to~~user~~netfilter/~~group IDs in~~ iptables modules for a container ~~for which disk quota insidethe container will be accounted~~. ~~If this value is set to~~This optionreplaces obsoleted 0--iptables~~, user and group quotas inside the container willnot be accounted~~.

Note that if~~you have previously set value of~~ changing this parameter to requires container restart, soconsider using 0--setmode,~~changing it while the container is running will not takeeffect~~option.

The followingarguments can be used: • disabled

--noatime yes |~~no~~modules are allowed

~~Sets noatime flag (do notupdate inode access times) on filesystem.~~• stateless

all modules except NAT andconntracks are allowed (i.e. filter and mangle); this is thedefault

~~--capabilitycapname:on|off~~• stateful

~~Sets a capability for a~~all modules except NAT are~~container. Note that setting capability when the containeris running does not take immediate effect; restart thecontainer in order for the changes to take effect. Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and" withthe default capability mask.~~allowed

<~~p style~~table width="~~margin-left:22~~100%~~; margin-top: 1em~~"~~>You can use the~~border="0" rules="none" frame="void"~~following values for <i~~ cellspacing="0" cellpadding="0">~~capname: chown,~~<btr valign="top" align="left">~~dac_override, dac_read_search, fowner,~~<btd width="22%">~~fsetid~~</btd>~~, kill, setgid, setuid,~~<~~b>setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities(7).</p~~td width="9%">

~~WARNING~~• full:~~setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know what~~</td>~~you are doing. Also note that setting~~ <btd width="1%">~~setpcap:on~~</btd> ~~fora container will most probably lead to inability to startit.~~</ptd width="36%">

all modules are allowed</td><td width=~~=== Device access management ====~~"32%"></td></tr></table>

--~~devnodes~~iptables~~device~~name:[r,...]~~[w][q]|none~~

~~Give the container an access~~(rNote ~~- read, w - write~~this option isobsoleted, <~~b>q</~~b> - ~~disk quotamanagement, none~~ - ~~no access) to a device designatedby the special file /dev/device. Device file iscreated in a container by vzctl~~netfiltershould be used instead. ~~Example:~~

<~~pre~~ p style="margin-left:22%;margin-top: 1em"> ~~vzctl set 777~~ Allow to usethe functionality of name iptables module inside thecontainer. Multiple comma-~~-devnodes sdb:rwq~~separated names can bespecified.</~~pre~~p>

~~--devices~~The defaultlist of enabled iptables modules is defined by the~~b|~~cIPTABLES~~:major<~~variable in [[Man/~~i>:minor~~vz.conf.5|~~all:[r~~vz.conf(5)]~~[w][q~~]~~|none~~.

~~Give~~ You can use the ~~container an access to~~a following values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper~~lock or~~ , ciptable_nat~~haracter device designated by its~~,<ib>ip_nat_ftp, ~~major~~ip_nat_irc</ib> ~~and~~ , <ib>~~minor~~ipt_REDIRECT</ib> ~~numbers. Device file have to~~,~~be created manually~~xt_mac, ipt_recent, ipt_owner.

==== ~~PCI device management~~ Network devices control parameters ====

--~~pci_add~~netdev_add[~~domain:]bus:slot.func~~name

~~Give~~ move network device from the ~~container an access~~ host system toa specified ~~PCI device. All numbers are hexadecimal (asprinted by lspci(8) in the first column).~~container

--~~pci_del~~netdev_del[~~domain~~name:]<i/p>~~bus~~ <~~/i>~~p style="margin-left:~~slot.func</i~~22%;">delete network device from aspecified container

~~Delete a PCI device from thecontainer.~~=== Disk quota parameters ====

~~Note that~~~~vps~~-~~pci configuration script is executed byvzctl~~-diskquota yes ~~then configuring PCI devices. The script is~~|~~usually located at~~ ~~/usr/lib[64]/vzctl/scripts/~~no.

allows to enable or disabledisk quota for a container. By default, a global value(DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.

~~--features~~Note that this~~name:on|~~parameter is ignored for ~~off~~plooplayout.

~~Enable or disable a specificcontainer feature. Known features are:~~ ~~sysfs~~--diskspace,<bi>~~nfs~~num</bi>~~, sit,~~ [:<bi>~~ipip~~num</~~b>, ppp,ipgre, bridge, nfsd</b~~i>.]

For simfs layout, setssoft and hard disk quota limits. First parameter is softlimit, second is hard limit.

For~~--applyconfig~~plooplayout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second ~~name~~num, ifspecified, is ignored.

~~Read container parameters from~~By default,~~the container sample configuration file~~ploop resize is done online, i.e. on a mounted ploop. This~~<tt>/etc/vz/conf/ve-</tt>name<tt>~~is a preferred way of doing resize.~~conf-sample</tt>~~Although,in a rare casea container was using lots of disk space and ~~apply them~~should now beresized to a much smaller size, ~~if --save option specified save to~~an offline resize might bemore appropriate. In this case, make sure the container ~~config file. The following parameters are not~~is~~changed: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT,~~ stopped and unmounted anduse additional~~VE_PRIVATE~~--offline-resize.option

Note that ploopresize is NOT performed on container start, so forconsistency --~~applyconfig_map~~diskspacemust be used together with<ib>~~group~~--save</ib>flag.

~~Apply container config~~Suffixes~~parameters selected by~~ <ib>~~group~~G</ib>~~. Now the only possiblevalue for~~ , <ib>~~group~~M</ib> is , ~~name~~K~~: to restore container~~can also be specified (see~~name based on~~ ~~NAME~~Resource limits ~~variable~~ section for more info on suffixes).If suffix is not specified, value is in ~~containerconfiguration file~~kilobytes.

--diskinodesnum[:num]</~~O priority management ====~~p>

~~~~sets soft and hard disk quotalimits, in i-~~-ioprio~~nodes. First parameter is soft limit, second is~~priority~~hard limit.

~~Assigns I/O priority tocontainer. Priority range is 0-7. The greater~~Note that this~~priority~~ parameter is~~, the more time~~ ignored for ~~I/O activity containerhas. By default each container has priority of~~4plooplayout.

--quotatimeseconds

~~Checkpointing~~ sets quota grace period.Container is ~~a feature ofOpenVZ kernel which allows~~ permitted to ~~save a complete state of a~~exceed its soft limits for the~~running container~~grace period, ~~and to restore~~ but once it ~~later~~has expired, the soft limit isenforced as a hard limit. ~~chkpnt CTID~~Note that this[parameter is ignored for ~~--dumpfile~~ploop ~~name]~~layout.

~~This command saves a completestate of a running container to a dump file, and stops thecontainer. If an option~~ --~~dumpfile~~quotaugidlimit ~~is not set,default dump file name /vz/dump/Dump.~~~~CTID~~num is~~used.~~

~~restore CTID~~Enables or disables~~[~~in-container per-user and per-~~dumpfile~~group disk quotas. If thevalue is set to ~~name~~0</ib>]or not set, disk quotas inside thecontainer is disabled and not accounted.

~~This command restores a~~For~~container from the dump file created by the~~ ~~chkpnt~~simfslayout containers, non-zero value sets maximum~~command~~number of user/group IDs for which disk quota isaccounted.

Forploop layout containers, any non-zero value enablesdisk quota inside the container ~~actions ===~~; the number of user/groupIDs used by disk quota is not limited by OpenVZ.

~~create CTID~~Note that~~[--ostemplate name] [--configname] [-~~enabling or disabling in-~~private path] ~~container disk quotas requires[container restart, so consider using --~~root~~setmode ~~path] [--ipadd addr][--hostname name]~~option.

~~Creates a new container area.This operation should be done once, before the first startof the container.~~=== Capability option ====

~~If the~~--~~config~~capability ~~option is specified, values from exampleconfiguration file~~capname:~~/etc/vz/conf/ve-~~on|<ib>~~name~~off</ib>[~~.conf-sample~~, ~~areput into the container configuration file~~. ~~If this containerconfiguration file already exists, it will be removed~~..]

~~You can use--root path option to sets the path to the~~Sets a capability for a~~mount point for the~~ container ~~root directory (default isVE_ROOT specified in [[Man/vz~~.~~conf.5|vz.conf(5)]] file).Argument~~ Multiple comma-separated capabilities can ~~contain literal string $VEID, which will~~be~~be substituted with the numeric CT ID~~specified.

~~You can use~~Note that~~--private path option to set~~ setting a capability when the ~~path to~~container is running does not~~directory~~ take immediate effect; restart the container in ~~which all~~ order forthe ~~files and directories specific~~ changes to~~this very container are stored~~ take effect (~~default is~~ consider using ~~VE_PRIVATE~~--setmode~~specified in [[Man/vz.conf.5|vz.conf(5~~option)~~]] file). Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID~~.

~~You can use~~A container has~~--ipadd addr option to assign an IP address to~~the default set of capabilities, thus any operation on~~a container. Note that this option can be used multiple~~capabilities is "logical AND" with the default~~times~~capability mask.

You can usethefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, ~~--hostname~~sys_tty_config,mknod, lease, setveid , <ib>~~name~~ve_admin</ib> ~~option to set a host name for~~.~~a container~~For detailed description, see capabilities(7).

~~destroy~~WARNING |:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting ~~delete~~setpcap:onfora container will most probably lead to inability to startit.

~~Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.~~=== Device access management ====

~~start~~--devnodes device:[~~--wait~~r][w][~~--force~~q]|none

~~Mounts~~ Give the container an access(~~if necessary) andstarts a container. Unless~~ r-read, w -~~wait~~write, q ~~option is~~- disk quota~~specified~~management, ~~vzctl~~none ~~will return immediately; otherwise~~- no access) to a device designated~~an attempt to wait till~~ by the ~~default runlevel~~ special file /dev/device. Device file is ~~reached willbe made~~ created in a container by vzctl.Example:

~~Specify~~ vzctl set 777 --~~force if you want to start a container which isdisabled (see --disabled).~~devnodes sdb:rwq</ppre>

-~~top~~-devicesb|c: ~~1em"~~major:minor|all~~Note that thiscommand can lead to execution of~~ :[~~premount~~r,][~~mount~~w ~~and~~ ][~~start~~q ~~action scripts (see~~ ]|~~ACTIONSCRIPTS~~none ~~below).~~

Give the container an access toa ~~stop~~b [lock or ~~--fast~~c]haracter device designated by itsmajor and minor numbers. Device file have tobe created manually.

~~Stops and unmounts a container.Normally, halt(8) is executed inside a container;option --fast makes vzctl use reboot(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~=== PCI device management ====

~~Note that thiscommand can lead to execution of~~ ~~stop~~--pci_add, [<bi>~~umount~~domain</bi>~~and~~ :]<bi>~~postumount~~bus</bi> ~~action scripts (see~~ :<bi>~~ACTIONSCRIPTS~~slot</bi> ~~below)~~.func

~~restart [--wait]~~Give the container an access toa specified PCI device. All numbers are hexadecimal (as~~[--force] [~~printed by ~~--fast~~lspci](8) in the first column).

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the~~~~start~~--pci_del ~~and~~ [domain:]bus:<bi>~~stop~~slot</bi> ~~options~~.func

~~Note that this~~Delete a PCI device from the~~command can lead to execution of some action scripts (seeACTION SCRIPTS below)~~container.

Note that~~status~~vps-pciconfiguration script is executed byvzctl then configuring PCI devices. The script isusually located at /usr/libexec/vzctl/scripts/.

~~Shows a container status. Thisis a line with five or six words, separated by spaces.~~=== Features management ====

-~~top~~-featuresname: ~~1em"~~on|off~~First word isliterally~~ [~~CTID~~,...]

Enable or disable a specificcontainer feature. Known features are: ~~1em"~~sysfs,nfs, sit, ipip, ppp~~Second word is~~,~~the numeric~~ <ib>~~CT ID~~ipgre</ib>, bridge, nfsd. A few features canbe specified at once, comma-separated.

~~Third word isshowing whether this container exists or not, it can beeither exist or deleted.~~=== Apply config ====

~~Fourth word isshowing the status of the container filesystem, it can beeither~~ ~~mounted~~--applyconfig or <bi>~~unmounted~~name</bi>.

Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-~~top: 1em"~~sample</tt>~~Fifth word~~,~~shows~~ and apply them, if --save option specified save tothe container ~~is running~~config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS, ~~it can be either~~~~running~~OSTEMPLATE, VE_ROOT or , and~~down~~VE_PRIVATE.

~~Sixth word, ifexists, is~~ ~~suspended~~--applyconfig_map~~. It appears if both a containerand its dump file exist (see~~ <bi>~~chkpnt~~group</bi>).

Apply container configparameters selected by group. Now the only possiblevalue for group is name: ~~1em"~~to restore containername based on NAME~~This command~~variable in container~~can also be usable from scripts~~configuration file.

~~mount<~~=== I/~~b>~~O scheduling ====

~~Mounts container private area.Note that this command can lead to execution of~~~~premount~~--ioprio ~~and mount action scripts (see~~<bi>~~ACTION SCRIPTS~~priority</bi> ~~below).~~

Assigns disk I/O priority tocontainer. Priority range is 0-7. The greaterpriority is, the more time for I/O activity containerhas. By default each container has priority of4. ~~umount~~--iolimitlimit[B|K|M|G]

~~Unmounts~~ Assigns disk I/O bandwidthlimit for a container ~~privatearea~~. ~~Note that this command can lead to execution of~~Value is either a number with anoptional suffix, or a literal string ~~umount~~unlimited ~~and~~ . Valueof ~~postumount~~0 ~~action scripts (see~~means "unlimited". By default a~~ACTION SCRIPTS<~~container has no I/~~b> below)~~O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

~~Note that~~If no suffix isprovided, the limit is assumed to be in megabytes persecond. Available suffixes are: • ~~stop~~b ~~does~~ , ~~umount~~B ~~automatically.~~-- bytes per second; • k, K -- kilobytes per second; • m, M -- megabytes per second (default); • g, G -- gigabytes per second;

~~quotaon~~--iopslimit ~~ctid~~iops

~~Turn disk quota on~~Assigns IOPS limit for acontainer, in number of input/output operations per second. ~~Not that~~Value is a number or a literal string ~~mount~~unlimited ~~and~~ .Value of ~~start~~0 ~~does that automatically~~means "unlimited". By default acontainer has no IOPS limit.

~~quotaoff ctid~~== Suspending and resuming ===

~~Turn disk quota off. Not that~~Checkpointing is a feature of~~umount~~ OpenVZ kernel which allows to save a complete in-kernelstate of a running container, and ~~stop does that automatically~~to restore it later.

~~quotainit~~suspend|chkpnt~~ctid~~CTID [--dumpfile name]

~~Initialize disk quota (i.e. run~~This command suspends acontainer to a dump file If an option ~~vzquota init~~--dumpfile~~) with the parameters taken from the CT~~is~~configuration~~ not set, default dump file ~~[[Man~~name/vz/dump/~~ctid~~Dump.~~conf.5|~~~~ctid.conf~~CTID</bi>~~(5)]]~~is used.

~~exec~~resume |restoreCTID~~command~~[--dumpfile name]

~~Executes ~~This command~~ in~~ restores acontainer~~. Environment variables are not set inside~~ from the dump file created by the~~container. Signal handlers may differ from default settings.If command is~~ -suspend~~, commands are read fromstdin~~command.

~~exec2 CTIDcommand~~== Snapshotting ===

~~The same as exec~~Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, ~~but~~if the~~return code~~ container is running, it’s in-memory state (as incheckpointing). Note that ~~of command~~snapshot functionality is onlyworking for containers on ploop device.

~~runscript~~snapshot CTID[--id uuid] [--name name]~~script~~[--description desc] [--skip-suspend] [--skip-config]

~~Run specified shell script inthe container. Argument script is~~ Creates a ~~file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running~~ containersnapshot, ~~thecommand jumps into the container and executes the script~~i.~~For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root~~e. ~~In the latter case,~~ saves the current container ~~is notreally started~~state, no including its file ~~systems other than root (such as/proc) are mounted~~system state, ~~no startup scripts are executedetc. Thus the environment in which the script is~~ running is~~far from normal~~ processes state, and ~~is only usable for very basic~~configuration~~operations~~file.

If a containeris running, and ~~enter [~~--~~exec~~skip-suspendoption is not~~command [arg ..~~specified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.]]

~~Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell is~~Unless~~to use~~ ~~ssh~~--skip-config~~(1)~~option is given, containerconfiguration file is saved to the snapshot.

~~Option~~If <bi>~~--exec~~uuid</bi> is not specified, it is ~~used to run~~ auto-generated. Options<ib>~~command~~--name</ib> ~~with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so~~ and ~~vzctl exec~~--description can ~~not~~ beused to~~used)~~ specify the snapshot name and ~~for some reason you can not use~~ description, respectively.Name is displayed by ~~ssh~~snapshot-list~~(1)~~.

snapshot-~~top: 1em"~~switch~~You need to logout manually from the shell to finish session (even if you~~CTID [--skip-resume | --must-resume]~~specified~~ [--skip-config] --~~exec~~id).uuid

Switches the container to asnapshot identified by uuid, restoring its filesystem state, configuration (if available) and its runningstate (if available).

~~--help~~Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!

~~Prints help message with~~ Option--skip-resume is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if asnapshot has been taken~~brief list of possible options~~with --skip-suspend).

If option--~~version~~must-resumeis set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.

~~Prints~~ Option option~~vzctl~~--skip-configis used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file will~~version~~be left as is.

snapshot-deleteCTID --id uuid

~~vzctlhas an ability to execute user-defined scripts when~~ Removes aspecified~~specific vzctl command is run for a container. Thefollowing vzctl commands can trigger execution ofaction scripts: start, stop, restart,mount and umount~~snapshot.

~~Action scriptsare located in the~~ snapshot-mount</~~etc~~b>CTID</~~vz/conf~~i> --id uuid</bi> ~~directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of~~ ~~vps.~~--target ~~and are executed for all containers.Per-CT scripts have a~~ ~~CTID~~directory ~~numeric prefix and areexecuted for the given container only.~~

~~Please notescripts are executed in~~ Mounts a ~~host system (CT0) context, with~~snapshot specified by~~the exception of~~ <bi>~~.start~~uuid</bi> ~~and~~ to a <bi>~~.stop~~directory</bi> ~~scripts,~~. Note this mount is~~which are executed in a container context~~read-only.

~~The followingaction scripts are currently defined:~~ ~~ vps.premount~~snapshot-umount, CTID~~.premount~~--id uuid

~~Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while~~ Unmounts a CT~~is not yet mounted or running. Global script, if exists, is~~specified~~executed first~~snapshot.

~~vps.mount~~snapshot-list,CTID[-H] [-ofield[,field...~~mount~~] [--iduuid]

~~Global and per-CT mount scriptswhich are executed for a~~ List container ~~right after it ismounted. Otherwise they are the same as .premount~~’s~~scripts~~snapshots.

You cansuppress displaying header using <ib>~~CTID~~-H</~~i><~~b>option.~~start~~

~~Right after~~ You can use the~~vzctl~~-o ~~has~~option to display only the specified~~started a container, it executes this script in a container~~field(s). List of available fields can be obtained~~context~~using -L option.

~~CTID.stop~~== Performing container actions ===

<~~p style~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="~~margin-~~left~~:22%;~~">~~Right before~~ <btd width="11%">~~vzctl~~</btd> ~~hasstopped a container, it executes this script in a containercontext.~~</ptd width="9%">

~~vps.umount~~create,<i/p>~~CTID~~</itd><btd width="2%">~~.umount~~</btd></ptd width="78%">

CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root path][--ipadd addr][--hostname name][--name name][--local_uid uid][--local_gid gid] </td></tr></table> ~~Global and per~~Creates a newcontainer area. This operation should be done once, beforethe first start of the container. By default, anOS template denoted by DEF_OSTEMPLATE parameter of~~scripts which are executed for~~ [[Man/vz.conf.5|vz.conf(5)]] is used to create a container ~~before it is~~. This can be~~unmounted~~overwritten by --ostemplate option. ~~Scripts are executed in the host system context~~ By default,a~~while~~ new container configuration file is created from a ~~CT is mounted~~sampleconfiguration denoted by value of CONFIGFILEparameter of [[Man/vz.conf.5|vz.conf(5)]]. ~~Global script, if~~ If the containerconfiguration file already exists, ~~is executed~~it will not be~~first~~modified.

The value of~~vps.postumount~~CONFIGFILE,can be overwritten by using the<ib>~~CTID~~--config</ib><bi>~~.postumount~~name</bi>option. This option can not beused if the container configuration file already exists.

~~Global~~ A new containercan either be created using simfs filesystem or on aploop device. The default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and ~~per~~can beoverwritten by --~~CT umount~~layout option. In case ploop~~scripts which are executed for a container right after it~~ isused, one can additionally specify ploop disk image~~unmounted~~format after a colon. ~~Otherwise they~~ Possible ploop formats are ~~the same as~~ expanded, plain and raw. Default isexpanded.~~umount~~Using value other than expandedis~~scripts~~not recommended and is currently not supported.

~~The environment~~You can use~~passed to all the~~ *mount scripts is the standard~~environment of the parent (i.e. vzctl) with twoadditional variables: $VEID~~--diskspace and ~~$VE_CONFFILE~~--diskinodes.~~The first one holds the ID of the container, and the second~~options to~~one holds the full path to the~~ specify container ~~configuration~~ filesystem size.Note that for~~If the script needs to get other CT configurationparameters, such as~~ ~~$VE_ROOT~~plooplayout, ~~it needs~~ you will not be able to ~~get those~~change inodes~~from global and per-CT configuration files~~value later.

~~Here is anexample of a mount script, which makes host system’s~~If~~/mnt/disk available to container(s). Script name can either~~be ~~/etc/vz/conf/vps.mount~~DISKSPACE is not specified either in the sampleconfiguration file used for creation orin globalconfiguration file [[Man/vz.conf.5|~~/etc/~~vz/.conf/(5)]], <ib>~~CTID~~--diskspace</ib>parameter is required for ~~.mount~~plooplayout.

<~~pre~~ p style="margin-left:1117%; margin-top: 1em"> ~~# If one of these files does not exist then something~~Suffixes ~~# is really broken~~ ~~[ -f~~ G</~~etc~~b>, M</~~sysconfig~~b>, K</~~vz ] || exit 1~~b> can also be specified (see ~~[ -f $VE_CONFFILE ] || exit 1~~ ~~# Source both files. Note the order is important.~~ . Resource limits</~~etc/vz/vz.conf~~b> section for more info on suffixes). ~~$VE_CONFFILE~~ ~~SRC=/mnt/disk~~ ~~DST=/mnt/disk~~ ~~mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC~~</~~pre~~p>

You can use--root path option to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf(5)]] file).Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID.

~~Returns 0 upon~~You can use~~success~~--private path option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is VE_PRIVATEspecified in [[Man/vz.conf.5|vz.conf(5)]] file). Argument can containliteral string $VEID, ~~or an appropriate error code in case of an~~which will be substituted with~~error:~~the numeric CT ID.

<~~table width~~p style="~~100~~margin-left:17%; margin-top: 1em" ~~border="0" rules="none" frame="void"~~>You can use ~~cellspacing="0" cellpadding="0"~~--ipadd<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>addr</tdi>option to assign an IP address toa container. Note that this option can be used multipletimes.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">1You can use</pb>--hostname</tdb><~~td width="7%"~~i>name</tdi>option to set a host name fora container.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters ~~Failed~~ --local_uid and--local_gid can be used to ~~set a UBC parameter~~select which uid</pi>and gid</tdi>respectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UID</trb>and<~~tr valign="top" align="left"~~b>LOCAL_GIDfrom global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used. An explicit <~~td width="11%"~~b>--local_uid</tdb>value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid<~~td width="4%"~~/b> is ignored.

<pstyle="margin-left:17%; margin-top: 1em">2Warning:</pb>use --local_uid</tdb>and <~~td width="7%"~~b>--local_gid</tdb>with care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Failed to set a fair scheduler parameter~~</pb>destroy</tdb>| <~~/tr~~b>delete<~~tr valign="top" align="left"~~/b><~~td width="11%"~~i>CTID</tdi><~~td width="4%"~~/p>

<p~~>3</td><td width~~style="7margin-left:17%;">Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Generic system error~~start</pb> CTID[--wait</tdb>] [--force</trb>] [--skip-fsck<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-remount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Mounts (if necessary) andstarts a container. Unless --wait option isspecified, vzctl will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by 5vzctl</pb>.</tdp> <~~td width~~p style="7margin-left:17%; margin-top: 1em">Specify--force</tdb>if you want to start a container which isdisabled (see <~~td width="78%"~~b>--disabled).

<p~~>The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Specify<~~td width="11%"~~b>--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="4%"~~/p>

<p~~>6</td><td width~~style="7margin-left:17%; margin-top: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using --skip-remount</tdb>flag.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Not enough system resources~~Note that thiscommand can lead to execution of premount</pb>,mount</tdb>and start</trb>action scripts (see <~~tr valign="top" align="left"~~b>ACTIONSCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">7stop</pb> CTID</tdi>[--fast<~~td width="7%"~~/b>] [--skip-umount</tdb>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Stops a container and unmountsit (unless ~~ENV_CREATE~~--skip-umount ~~ioctl failed~~is given). Normally,halt</pb>(8) is executed inside a container; option--fast</tdb>makes <~~/tr~~b>vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that8vzctl stop</pb> is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</tdb>in[[Man/vz.conf.5|vz.conf(5)]], or per container (<~~td width="7%"~~b>STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="78%"~~/b>(5)]], see --stop-timeout).

<pstyle="margin-left:17%; margin-top: 1em">~~Command executed by~~ Note that thiscommand can lead to execution of ~~vzctl exec~~stop ~~returned non-zeroexit code~~, umount</pb>and <~~/td~~b>postumount</trb>action scripts (see <~~tr valign="top" align="left"~~b>ACTIONSCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">9restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Container~~ Restarts a container, i.e.stops it if it is ~~locked by another~~ running, and starts again. Accepts all the~~vzctl~~start~~invocation~~and </pb> stop</tdb>options.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>10</td><td width~~style="7margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Global OpenVZ configuration file [[Man/vz.conf.5|~~~~vz.conf~~status~~(5)]] notfound~~</pi> CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>11</td><td width~~style="7margin-left:17%;">Shows a container status. Thisis a line with five or six words, separated by spaces.</~~td><td width="78%"~~p>

<p~~>A vzctl helper script file not found</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">First word isliterally <~~td width="11%"~~b>CTID</tdb>.<~~td width="4%"~~/p>

<p~~>12</td><td width~~style="7margin-left:17%; margin-top: 1em">Second word isthe numeric CT ID</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Permission denied~~Third word isshowing whether this container exists or not, it can beeither </pb>exist</tdb>or <~~/tr~~b>deleted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">13Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~td width="7%"~~b>unmounted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Capability setting failed~~Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~/tr~~b>down<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">14Sixth word, ifexists, is </pb>suspended</tdb>. It appears if a dump fileexists for a stopped container (see <~~td width="7%"~~b>suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">This command~~<td width="11%">~~can also be usable from scripts.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">15</pb>mount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Timeout on~~ Mounts container private area.Note that this command can lead to execution of~~vzctl exec~~premountand </pb>mount</~~td></tr~~b>action scripts (see<~~tr valign="top" align="left"~~b>ACTION SCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">16</pb>umount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error during~~ Unmounts container privatearea. Note that this command can lead to execution of~~vzctl chkpnt~~umountand </pb>postumount</~~td></tr~~b>action scripts (see<~~tr valign="top" align="left"~~b>ACTION SCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">17Note that</pb>stop</tdb>does <~~td width="7%"~~b>umount</tdb>automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl restore~~convertCTID</pi>[--layoutploop[:</tdb>{expanded</trb>|plain<~~tr valign="top" align="left"~~/b>|<~~td width="11%"~~b>raw</tdb>}]]<~~td width="4%"~~/p>

<p~~>18</td><td width~~style="7margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Error from~~ ~~setluid()~~compact ~~syscall~~</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>20</td><td width~~style="7margin-left:17%;">Compact container image. Thisonly makes sense for ploop layout.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Invalid command line parameter~~</pb>quotaon</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">21Turn disk quota on. Not that</pb>mount</tdb>and <~~td width="7%"~~b>start</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Invalid value for command line parameter~~</pb>quotaoff</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">22Turn disk quota off. Not that</pb>umount</tdb>and <~~td width="7%"~~b>stop</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container root directory (~~~~VE_ROOT~~quotainit~~) not set~~</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">23Initialize disk quota (i.e. run</pb>vzquota init</tdb>) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|<~~td width="7%"~~b>ctid.conf</tdb>(5)]].<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container private directory (~~~~VE_PRIVATE~~exec~~) notset~~</pi> CTIDcommand</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">Executes 24command</pi> in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If command</tdi>is <~~td width="7%"~~b>-</tdb>, commands are read fromstdin.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container template directory (~~~~TEMPLATE~~exec2~~) notset~~</pi> CTIDcommand</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">28The same as </pb>exec</tdb>, butreturn code is that of <~~td width="7%"~~i>command</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Not all required UBC parameters are set, unable to startcontainer~~</pb> runscript</tdb><~~/tr~~i>CTIDscript<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">29Run specified shell script inthe container. Argument </pi>script</tdi>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as<~~td width="7%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~OS template is not specified, unable to createcontainer~~enter</pb> CTID</tdi>[--exec</trb> command<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>arg</tdi>...]]<~~td width="4%"~~/p>

<p~~>31</td><td width~~style="7margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh</tdb>(1).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container not running~~Option--exec</pb>is used to run <~~/td~~i>command</tri>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~tr valign="top" align="left"~~b>vzctl execcan not beused) and for some reason you can not use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<p~~>32</td><td width~~style="7margin-left:17%; margin-top: 1em">You need to logout manually from the shell to finish session (even if youspecified --exec</tdb>).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container already running~~</pb>console</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>ttynum</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum argument is tty number (such as4 for 33tty4</pb>), default is 1</tdb>which is usedfor container’s <~~td width="7%"~~b>/dev/console</tdb>.<~~td width="78%"~~/p>

<p~~>Unable to stop container</td></tr><tr valign~~style="margin-left:17%; margin-top: 1em" ~~align="left"~~>Note theconsoles are persistent, meaning that: • it can be attached to even if the container is notrunning; <~~td width="11%"~~br>• there is no automatic detachment upon the containerstop; <~~/td~~br>• detaching from the console leaves anything running inthis console as is.<~~td width="4%"~~/p>

<p~~>34</td><td width~~style="7margin-left:17%; margin-top: 1em">The followingescape sequences are recognized by vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Unable to add IP address to container~~•Esc</pb> then .</tdb>to detach from the console.</trp> <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">•<~~td width="11%"~~b>Esc then !</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="4%"~~/p>

~~40</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~= Other options ===

<p~~>Container not mounted</td></tr><tr valign="top" align~~style="margin-left:11%;"><~~td width="11%"~~b>--help</tdb><~~td width="4%"~~/p>

<p~~>41</td><td width~~style="7margin-left:17%;">Prints help message with abrief list of possible options.</~~td><td width="78%"~~p>

<p~~>Container already mounted</td></tr><tr valign="top" align~~style="margin-left:11%;"><~~td width="11%"~~b>--version</tdb><~~td width="4%"~~/p>

<p~~>43</td><td width~~style="7margin-left:17%;">Prints vzctl</tdb>version.<~~td width="78%"~~/p>

~~Container private area not found</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~ACTION SCRIPTS =~~"11%"></td><td width~~=~~"4%">~~

<pstyle="margin-left:11%; margin-top: 1em">vzctlhas an ability to execute user-defined scripts when aspecific 44vzctl</pb> command is run for a container. Thefollowing vzctl</tdb>commands can trigger execution ofaction scripts: start, <~~td width="7%"~~b>stop, restart</tdb>,<~~td width="78%"~~b>mount and umount.

<pstyle="margin-left:11%; margin-top: 1em">~~Container private area already exists~~Action scriptsare located in the /petc/vz/conf/directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of <~~/td~~b>vps.</trb>and are executed for all containers.Per-CT scripts have a <~~tr valign="top" align="left"~~i>CTID<~~td width="11%"~~b>.</tdb>numeric prefix andare executed for the given container only.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">46Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~td width="7%"~~b>.stop</tdb>scripts,which are executed in a container context.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Not enough disk space~~The followingaction scripts are currently defined: </pb> vps.premount</tdb>, <~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.premount</tdb><~~td width="4%"~~/p>

<p~~>47</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Bad/broken container (~~~~/sbin/init~~vps.mount or,<bi>~~/bin/sh~~CTID</bi> ~~not found)~~</pb>.mount</tdb></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>48</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as .premount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to create a new container private area~~</pi>CTID</tdi><~~/tr~~b>.start<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>49</td><td width~~style="7margin-left:22%;">Right after vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to create a new container root area~~</pi>CTID</tdi><~~/tr~~b>.stop<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>50</td><td width~~style="7margin-left:22%;">Right before vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Unable to mount container~~</pb>vps.umount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.umount</tdb><~~td width="4%"~~/p>

<p~~>51</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Unable to unmount container~~</pb>vps.postumount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.postumount</tdb><~~td width="4%"~~/p>

<p~~>52</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Unable~~ The environmentpassed to ~~delete a container~~all the *mount</pb> scripts is the standardenvironment of the parent (i.e. vzctl</tdb>) with twoadditional variables: $VEID</trb> and $VE_CONFFILE<~~tr valign="top" align="left"~~/b>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as <~~td width="11%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID53.mount</pb>.</tdp> <~~td width~~pre style="7margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</tdpre>~~<td width~~== EXIT STATUS ==~~"78%">~~

<pstyle="margin-left:11%; margin-top: 1em">~~Container private area not exist~~Returns 0 uponsuccess, or an appropriate error code in case of anerror: <~~/td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

601</td>

~~vzquota on failed~~Failed to set a UBC parameter</td></tr>

612</td>

~~vzquota init failed~~Failed to set a fair scheduler parameter</td></tr>

623</td>

~~vzquota setlimit failed~~Generic system error</td></tr>

635</td>

~~Parameter DISKSPACE~~ The running kernel is not ~~set~~an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr>

646</td>

~~Parameter DISKINODES not set~~Not enough system resources</td></tr>

667</td>

~~vzquota off~~ENV_CREATE ioctl failed</td></tr>

678</td>

~~ugid quota not initialized~~Command executed by vzctl exec returned non-zeroexit code</td></tr>

719</td>

~~Incorrect IP address format~~Container is locked by another vzctlinvocation</td></tr>

7410</td>

~~Error changing password~~Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound</td></tr>

11</td><td width="7%"></td><td width="78%"> A vzctl helper script file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 12</td>

~~IP address already in use~~Permission denied</td></tr>

7913</td>

~~Container action script returned an error~~Capability setting failed</td></tr>

8214</td>

~~Config~~ Container configuration file ~~copying error~~[[Man/ctid.conf.5|ctid.conf(5)]] notfound</td></tr>

8615</td>

~~Error setting devices (~~Timeout on ~~--devices~~vzctl exec or~~--devnodes)~~ </td></tr>

8916</td>

~~IP address not available~~Error during vzctl suspend</td></tr>

<td width="4%"> 17</td><td width="7%"></td><td width="78%"> Error during vzctl resume</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 18</td><td width="7%"></td><td width="78%"> Error from setluid() syscall</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 20</td><td width="7%"></td><td width="78%"> Invalid command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 21</td><td width="7%"></td><td width="78%"> Invalid value for command line parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 22</td><td width="7%"></td><td width="78%"> Container root directory (VE_ROOT) not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 23</td><td width="7%"></td><td width="78%"> Container private directory (VE_PRIVATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 24</td><td width="7%"></td><td width="78%"> Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 28</td><td width="7%"></td><td width="78%"> Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 29</td><td width="7%"></td><td width="78%"> OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 31</td><td width="7%"></td><td width="78%"> Container not running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 32</td><td width="7%"></td><td width="78%"> Container already running</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 33</td><td width="7%"></td><td width="78%"> Unable to stop container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 34</td><td width="7%"></td><td width="78%"> Unable to add IP address to container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 40</td><td width="7%"></td><td width="78%"> Container not mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 41</td><td width="7%"></td><td width="78%"> Container already mounted</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 43</td><td width="7%"></td><td width="78%"> Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 46</td><td width="7%"></td><td width="78%"> Not enough disk space</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td><td width="7%"></td><td width="78%"> Unable to create a new container private area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 49</td><td width="7%"></td><td width="78%"> Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr>

~~100~~150</td>

~~Unable to find container IP address~~Ploop image file not found</td></tr>

~~104~~151</td>

~~VE_NETDEV ioctl error~~Error creating ploop image</td></tr>

~~105~~152</td>

~~Container start disabled~~Error mounting ploop image</td></tr>

~~106~~153</td>

~~Unable to set iptables on a running container~~Error unmounting ploop image</td></tr>

~~107~~154</td>

~~Distribution-specific configuration file not found~~Error resizing ploop image</td></tr>

~~109~~155</td>

~~Unable~~ Error converting container to ~~apply a config~~ploop layout</td></tr>

~~129~~156</td>

~~Unable to set meminfo parameter~~Error creating ploop snapshot</td></tr>

~~130~~157</td>

Error ~~setting veth interface~~merging ploop snapshot</td></tr>

~~131~~158</td>

Error ~~setting container name~~deleting ploop snapshot</td></tr>

~~133~~159</td>

~~Waiting for container start failed~~Error switching ploop snapshot</td></tr>

~~139~~166</td>

Error ~~saving container configuration file~~compacting ploop image</td></tr>

~~148~~167</td>

Error ~~setting container IO parameters (ioprio)~~listing ploop snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools