Changes

← Older edit

Man/vzctl.8

16,260 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID --parameter value [...]~~~~</td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] snapshot CTID

[--id uuid]

[--name name]

[--description desc][--skip-suspend] [--skip-config] </td></tr>

[flags] snapshot-switch CTID[--skip-resume |--must-resume][~~snapshot~~-~~delete~~ -skip-config] --id uuid</td></tr>

[flags] snapshot-~~list~~delete CTID--id uuid</td></tr>

[flags] ~~set~~snapshot-mount CTID ~~--parameter value[...]~~ [--~~save~~id~~] [~~<bi>~~--force~~uuid</bi>][--~~setmode restart~~target|<bi>~~ignore~~dir</bi>] </td></tr>

[flags] ~~convert~~snapshot-list CTID[-~~-layout ploop~~H] [:-o{<bi>field[,~~expanded~~field</bi>|...][~~plain~~--id|<bi>~~raw~~uuid</bi>}]] </td></tr>

[flags] ~~exec~~set | CTID --parameter value[...] [~~exec2~~--save ] [--force<i/b>~~CTID~~]~~command~~[--setmode restart</ib> [|<ib>~~arg~~ignore</ib> ~~...~~]</td></tr>

[flags] ~~enter~~set CTID[--~~exec ~~reset_ub~~command [arg ...]]~~ </td></tr>

[flags] ~~--help~~console | <bi>CTID[~~--version~~ttynum</bi>]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] convert CTID[--~~left:11%~~layout  ~~margin-top~~ploop[: ~~1em"~~{expanded|plain~~Utility~~|~~vzctl~~raw ~~runs on the host system (otherwise known as~~}]] </td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] exec | exec2 CTIDcommand~~, and can be used with any command~~ [arg ... ~~They affect~~]</td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [<bi>~~VERBOSE~~flags</bi> ~~parameter in theglobal configuration file [[Man/vz.conf.5|~~] ~~vz.conf~~runscript~~(5)]], or to~~ <bi>0CTID script</bi>~~if not set by~~ <b/p>~~VERBOSE~~</btd> ~~parameter.~~ ~~=== Setting container parameters ===~~ ~~<table width="100%" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"~~tr>

~~set~~vzctl</td>

<td width="8380%"> --help | --version</td></tr></table> == DESCRIPTION ==

~~CTID~~Utility[~~--onboot yes~~vzctl~~|no]~~runs on the host system (otherwise known as~~[--bootorder number]~~Hardware Node, or HN) and performs direct manipulations with~~[--root ~~containers (CTs).</bp>~~path][--private path]~~[<~~b>-~~p style="margin-~~userpasswd user~~left:~~pass][--disabled&nbsp~~11%;~~yes|no][~~margin-~~-name </b~~top: 1em">~~name]~~Containers can~~[--description ~~be referred to by either numeric ~~string][--ipadd addr][--ipdel addr|all][--hostname ~~CTID</~~b><~~i>or by name~~][--nameserver addr]~~(see[--~~searchdomain ~~name~~][--netif_add ~~~~dev[,params.~~option).~~.]][--netif_del~~Note that CT ID &~~nbsp~~lt;~~dev|all]~~= 100 are~~[--ifname dev~~reserved for OpenVZ internal purposes. A numeric ID should[not be more than ~~--mac ~~2147483644~~hwaddr~~.</ip>]~~[--host_ifname dev][--host_mac hwaddr]~~== OPTIONS ==~~[--bridge name][--mac_filter on|off]]~~=== Flags ===~~[--numproc items]~~[p style="margin-~~-numtcpsock items</i~~top: 1em">]These flags come before a~~[--numothersock items]~~command, and can be used with any command. They affect~~[--vmguarpages pages]~~logging to console (terminal) only, and do not affect~~[--kmemsize ~~logging to a log file.</bp>~~bytes][--tcpsndbuf bytes]~~[p style="margin-~~-tcprcvbuf&nbsp~~left:11%;~~</b~~">~~bytes]~~[--~~othersockbuf ~~quiet~~bytes~~</ip>]~~[--dgramrcvbuf bytes]~~[p style="margin-~~-oomguarpages&nbsp~~left:17%;~~</b~~">~~pages]~~Disables output. Note that~~[--lockedpages pages]~~scripts run by vzctl are still able to produce some~~[--privvmpages ~~output.</bp>~~pages][--shmpages pages]~~[p style="margin-~~-numfile&nbsp~~left:11%;~~items</i~~">][--~~numflock ~~verbose~~items~~</ip>]~~[--numpty items]~~[p style="margin-~~-numsiginfo&nbsp~~left:17%;~~</b~~">~~items]~~Increments logging level up~~[--dcachesize bytes][--numiptent num][--physpages pages][--swappages pages][--ram bytes][--swap bytes]~~from the default. Can be used multiple times. Default value~~[--cpuunits num][--cpulimit num][--cpus num][--cpumask cpus|all][--meminfo none|mode:~~is set to the value~~]~~[of ~~--iptables ~~VERBOSE~~name]~~parameter in theglobal configuration file [~~--netdev_add ifname]~~[~~--netdev_del <~~Man/~~b>ifname][--diskquota yes~~vz.conf.5|~~no][--diskspace ~~vz.conf~~num~~(5)]~~[--diskinodes num~~][, or to ~~--quotatime ~~0~~seconds]~~[if not set by ~~--quotaugidlimit ~~VERBOSE~~num~~parameter.</ip>]~~[--noatime yes|no][--capability capname:on|off]~~=== Setting container parameters ===~~[--devnodes param]~~[<~~b>--devices param]~~table width="100%" border="0" rules="none" frame="void"~~[--pci_add dev][--pci_del dev][--features param:on|off][--applyconfig name][--applyconfig_map group][--ioprio num] [--save][--force][--setmode restart|ignore] </td></tr~~ cellspacing="0" cellpadding="0">

set</td>

<pstyle="margin-top: 1em">~~This command sets various container parameters.~~CTID</pi>[--onboot yes</tdb>|no</trb>][--bootorder number</~~table~~i>][--root path][<~~p style="margin~~b>--~~left:17%~~private  ~~margin~~path][--~~top: 1em"~~mount_opts options~~If a~~][--~~save~~userpasswd  ~~flag is given, parameters are saved in~~user:pass]~~container configuration file~~ [~~[Man~~--disabled yes</~~ctid.conf.5~~b>|~~ctid.conf~~no~~(5)~~][--name name]~~. Use~~[--~~force~~description  ~~to save the parameters even if the current~~string]~~kernel doesn~~[--ostemplate&~~rsquo~~nbsp;~~t support OpenVZ.~~</pb>string][--stop-timeout seconds][<~~p style="margin~~b>--~~left:17%~~ipadd  ~~margin~~addr][--~~top: 1em"~~ipdel addr|all~~If the~~]~~container is currently running,~~ [~~vzctl~~--hostname  ~~applies these~~name]~~parameters to the container.~~[--nameserver addr</pi>][--searchdomain name][<~~p style="margin~~b>--~~left:17%~~netif_add  ~~margin~~dev[,params...]][--~~top: 1em"~~netif_del dev|all~~Note that a few~~]~~parameters can only be applied by restarting the container.~~[--ifname dev~~By default,~~ [~~vzctl~~--mac  ~~warns if such parameters are~~hwaddr]~~present and a container is running. Use~~ [--~~setmode~~host_ifname dev]~~restart~~[--host_mac  ~~to restart a container in such a case, or~~hwaddr][--~~setmode ignore~~bridge  ~~to suppress the above mentioned~~name]~~warning.~~[--mac_filter on|off</pb>]][--numproc items][<~~p style="margin~~b>--~~left:17%~~numtcpsock  ~~margin~~items][--~~top: 1em"~~numothersock items~~The following~~]~~parameters can be used with~~ [~~set~~--vmguarpages  ~~command.~~pages</pi>][--kmemsize bytes]~~==== Miscellaneous ====~~[--tcpsndbuf bytes][--tcprcvbuf bytes][<~~p style="margin~~b>--~~left:11%~~othersockbuf "bytes][--~~onboot yes~~dgramrcvbuf  |bytes][no--oomguarpages pages</pi>][--lockedpages pages][<~~p style="margin~~b>--~~left:17%~~privvmpages "pages~~Sets whether the container will~~]~~be started during system boot. The container will not be~~[--shmpages pages]~~auto~~[--~~started unless this parameter is set to~~ numfile items][~~yes~~--numflock .items</pi>][--numpty items][<~~p style="margin~~b>--~~left:11%~~numsiginfo "items][--~~bootorder~~dcachesize bytes][--numiptent num~~number~~][--physpages pages</pi>][--swappages pages][<~~p style="margin~~b>--~~left:17%~~ram "bytes~~Sets the boot order priority~~]~~for this CT. The higher the~~ [--swap ~~number~~bytes ~~is, the earlier in~~]~~the boot process this container starts. By default this~~[--vm_overcommit float]~~parameter is unset, which is considered to be the lowest~~[--cpuunits num]~~priority, so containers with unset~~ [~~bootorder~~--cpulimit  ~~will~~num]~~start last.~~[--cpus num</pi>][--cpumask cpus|auto|all][<~~p style="margin~~b>--~~left:11%~~nodemask "nodes|all][--~~root~~meminfo none |~~path~~mode:value</pi>][--iptables name[,...]][<~~p style="margin~~b>--~~left:17%~~netfilter "disabled|stateless|stateful|full~~Sets the path to root directory~~]([~~VE_ROOT~~--netdev_add ~~) for this container. This is essentially a~~ifname]~~mount point for container~~[--netdev_del&~~rsquo~~nbsp;~~s root directory. Argument~~ifname]~~can contain literal string~~ [--diskquota yes|~~$VEID~~no~~, which will be~~]~~substituted with the numeric CT ID.~~[--diskspace num</pi>][--diskinodes num][<~~p style="margin~~b>--~~left:11%~~quotatime "seconds][--~~private~~quotaugidlimit num][--capability ~~path~~capname:on</pb>|off[,...]][--devnodes param][<~~p style="margin~~b>--~~left:17%~~devices "param~~Sets the path to private~~]~~directory (~~[~~VE_PRIVATE~~--pci_add ~~) for this container. This is a~~dev]~~directory in which all the container~~[--pci_del&~~rsquo~~nbsp;~~s files are~~dev]~~stored. Argument can contain literal string~~ [--features name:on|~~$VEID~~off[,...]]~~which will be substituted with the numeric CT ID.~~[--applyconfig name</pi>][--applyconfig_map group][<~~p style="margin~~b>--~~left:11%~~ioprio "num][--~~userpasswd~~iolimit ~~user~~mbps:][--iopslimit ~~password~~iops] [--save</pb>][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%;">~~Sets password for the givenuser in a~~ This command sets various container~~, creating~~ parameters. If the ~~user if it does notexists. Note that this option~~ container is ~~not saved in configurationfile at all (so~~ currently running, ~~--save~~vzctl ~~flag is useless), it is~~applies these~~applied~~ parameters to the container ~~(by modifying its~~ . The following options can beused with set</~~etc~~b> command.</~~passwd and~~p></~~etc~~td></~~shadow files).~~tr></ptable>

~~In casecontainer root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~=== Flags ====

-~~top: 1em"~~-save~~Note thatcontainer should be created before using this option.~~

~~--disabled yes<~~If this flag is given,parameters are saved in container configuration file[[Man/b> ctid.conf.5|noctid.conf(5)]].

~~Disable container start. Toforce the start of a disabled container, use~~ ~~vzctl start~~--force.

If this flag is given togetherwith --~~name~~save , parameters are saved even if the currentkernel doesn’t support OpenVZ. Note this flag does notmake sense without --save, so <ib>~~name~~--save</ib>isrequired.

~~Add a name for a container. Thename can later be used in subsequent calls to~~~~vzctl~~--reset_ub ~~in place of CTID.~~

If this flag is given,~~--description~~vzctlapplies all User Beancounter parameters from<the configuration file to a running container. This ishelpful in case configuration file is modified manually.Please note this flag is exclusive, i~~>string~~.e. it can not becombined with any other options or flags.

~~Add a textual description for a~~--setmode restart |~~container.~~ignore

A few parameters can only beapplied by restarting the container. By default,vzctl prints a warning if such parameters aresupplied and a container is running. Use --setmoderestart together with --save flag to restart acontainer in such a case, or --setmode ignore tosuppress the warning.

~~--ipadd addr~~=== Miscellaneous ====

~~Adds an IP address~~ <ib>~~addr~~--onboot yes</ib>|~~to a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g.~~ ~~10.1.2.3/25~~no).~~Note that this option is incremental, so addr areadded to already existing ones.~~

Sets whether the container willbe started during system boot. The container will be startedon boot by ~~--ipdel~~vz initscript if either this parameter isset to <ib>~~addr~~yes</ib> |, or the container was running just beforelast reboot, and this parameter is not set to ~~all~~no.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

~~Removes IP address~~ <ib>~~addr~~--bootorder</ib>~~from a container. If you want to remove all the addresses,use~~ <bi>~~--ipdel all~~number</bi>.

Sets the boot order priorityfor this CT. The higher the number is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset bootorder willstart last. --~~hostname~~root~~name~~path

Sets the path to root directory(VE_ROOT) for this container ~~hostname~~.This is essentially amount point for container’s root directory. Argumentcan contain literal string ~~vzctl~~$VEID ~~writes it to~~ , which will besubstituted with the ~~appropriate file inside acontainer (distribution-dependent)~~numeric CT ID.

--~~nameserver~~private~~addr~~path

Sets ~~DNS server IP address fora container. If you want~~ the path to ~~set several nameservers, you~~private~~should do it at once, so use~~ directory (~~--nameserver~~VE_PRIVATE ~~option~~) for this container. This is a~~multiple times~~ directory in ~~one call to vzctl, as~~ which all the ~~name~~container’s files are~~server values set in previous calls to~~ stored. Argument can contain literal string ~~vzctl~~$VEID ~~are~~,~~overwritten~~which will be substituted with the numeric CT ID.

--~~searchdomain~~mount_opts~~name~~option[,option...]

Sets ~~DNS search domains~~ additional mount optionsfor acontainerfile system. ~~If you want to set several search domains, youshould do it at once, so use~~ Only applicable for ~~--searchdomain~~ploop ~~optionmultiple times in one call to vzctl~~layout, ~~as all thesearch domain values set in previous calls to vzctlare overwritten~~ignored otherwise.

--~~netif_add~~userpasswd~~ifname[~~user,:~~mac,host_ifname,host_mac,bridge]~~password

~~Adds a virtual Ethernet device~~Sets password for the given~~(veth) to~~ user in a ~~given~~ container, creating the user if it does notexists. ~~Here ifname~~ Note that this option is ~~the~~not saved in configuration~~Ethernet device name in the container,~~ file at all (so <ib>~~mac~~--save</ib> flag is ~~its MACaddress~~useless), ~~host_ifname~~ it is ~~the Ethernet device name on~~applied directly to the ~~host~~container, ~~and host_mac is its MAC address. MAC~~by running~~addresses should be in~~ distribution-specific programs inside the ~~format like XX:XX:XX:XX:XX:XX~~container.~~bridge~~ It is ~~an optional parameter which can be used incustom network start scripts to automatically add theinterface~~ not recommended to ~~a bridge. All parameters except ifnameare optional and are automatically generated if not~~combine this option with any other~~specified~~options.

~~--netif_del~~In casecontainer was not running, it is automatically started then~~dev_name | ~~all~~~~the appropriate changes are applied, then it isstopped.

~~Removes virtual Ethernet device~~Note that~~from a~~ container~~. If you want to remove all devices, useall~~should be created before using this option.

--disabled yes |no

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface~~Disable container start. To ~~select~~ force the ~~interface toconfigure~~start of a disabled container, use vzctl start--~~ifname~~force ~~name option~~. ~~ --mac XX:XX:XX:XX:XX:XX~~

~~MAC address of interface insidea container.~~--name name

Add a name for a container. Thename can later be used in subsequent calls to~~--host_ifname~~vzctlin place of ~~name~~CTID. Note this option cannot be used without --save.

~~interface name for virtual~~--description~~interface in the host system.~~string

~~--host_mac~~Add a textual description for a~~XX:XX:XX:XX:XX:XX~~container.

~~MAC address of interface in the~~--ostemplate~~host system.~~string

Sets a new value of~~--bridge~~OSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf (5)]]. Requires <ib>~~name~~--save</ib>flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.

~~Bridge name. Custom network~~--stop-timeout~~start scripts can use this value to automatically add theinterface to a bridge.~~seconds

Sets a time to wait forcontainer to stop on ~~--mac_filter on~~vzctl stop |before forciblykilling it, in seconds. Note this option can not be usedwithout ~~off~~--saveflag.

~~Enables/disables MAC addressfiltering for the Container veth device and the possibility~~Special valueof ~~configuring the MAC address of this device from insidethe Container. If the filtering is turned on:~~ <brb>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ 0<br/b>~~• it is impossible~~ means to ~~modify the veth MAC address frominside the Container~~use compiled-in default.

~~By default,this functionality is enabled for all veth devices existinginside the Container.~~=== Networking ====

--ipadd addr

~~The following~~Adds an IP address addr~~options sets memory and swap limits for VSwap-enabled~~to a given container. Address can optionally have a netmask~~kernels~~ specified in the CIDR notation (~~kernel version 042stab042 or greater~~e.g. 10.1.2.3/25).Note that this option is incremental, so addr areadded to already existing ones.

-~~top: 1em"~~-ipdel addr~~Argument is in~~|~~bytes, unless otherwise specified by an optional suffix.Available suffixes are:~~all

~~•~~Removes IP address <bi>Taddr</~~b>, t - terabytes; <br~~i>~~• G~~from a container. If you want to remove all the addresses, ~~g - gigabytes; •~~ use <~~b>M, m</~~b> - ~~megabytes; • K, k~~ - ~~kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • B~~ipdel all~~, b - bytes~~. ~~ --ram bytes~~

~~Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting~~ --~~physpages~~hostname ~~limit (the barrier is set to0).~~name

Sets container hostname.~~--swap~~vzctl ~~bytes~~writes it to the appropriate file inside acontainer (distribution-dependent).

~~Set swap space available to acontainer. Actually, the option is a shortcut for setting~~--~~swappages~~nameserver ~~limit (the barrier is set to 0).~~addr

~~Here is an~~Sets DNS server IP address for~~example of setting~~ a container ~~777~~ . If you want to set several nameservers, youshould do it at once, so use --nameserver optionmultiple times in one call to ~~have 512 megabytes of~~vzctl, as all the nameserver values set in previous calls to vzctl are~~RAM and 1 gigabyte of swap:~~overwritten.

<~~pre~~ p style="margin-left:1117%;margin-top: 1em"> ~~vzctl set 777~~ A special valueof inherit can be used to auto-~~-ram 512M --swap 1G --save~~propagate nameservervalue(s) from the host system’s/etc/resolv.conf file.</~~pre~~p>

--searchdomainname

Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use --~~top: 1em"~~searchdomain optionmultiple times in one call to vzctl~~The following~~, as all the~~options sets barrier and limit for various user~~search domain values set in previous calls to vzctl~~beancounters~~are overwritten.

~~Note that for~~A special value~~VSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set~~ of ~~--ram~~inherit ~~and~~can be used to auto-propagate searchdomain value(s) from the host system’s~~--swap~~/etc/resolv.conf ~~(see above). For older kernels, these limitsare obligatory~~file.

~~Each optionrequires one or two arguments. In case of one argument,~~~~vzctl~~--netif_add ~~sets barrier and limit to the same value. Incase of two colon-separated arguments~~ifname[, ~~the first is abarrier~~mac, ~~and the second is a limit. Each argument is eithera number~~host_ifname, ~~a number with a suffix~~host_mac, ~~or a special value~~<bi>~~unlimited~~bridge]</bi>.

~~Arguments are~~Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in ~~items~~the container, ~~pages or bytes. Note that page size~~ mac isits MAC~~architecture-specific~~address, it host_ifname is ~~4096 bytes~~ the Ethernet device name on ~~x86~~ the host, and ~~x86_64~~host_mac is its MAC address. MAC~~platforms~~addresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified. --netif_deldev_name | all

~~You can also~~Removes virtual Ethernet device~~specify different suffixes for set parameters (exceptfor the parameters which names start with num)~~from a container. ~~Forexample~~If you want to remove all devices, ~~vzctl set CTID --privvmpages~~use~~5M:6M should set~~ ~~privvmpages~~all~~’ barrier to 5megabytes and its limit to 6 megabytes~~.

~~Availablesuffixes are:~~=== veth interface configuration ====

~~•~~The following~~T, t~~ options can be used to reconfigure the already- ~~terabytes; ~~createdvirtual Ethernet interface. To select the interface to~~• G~~configure, use ~~g~~ - ~~gigabytes; • M~~-ifname, <bi>mname</bi> ~~- megabytes; • K,~~ option. ~~k - kilobytes;~~ ~~• P, p~~ - ~~memory pages (arch~~-~~specific,usually 4KB); • B~~mac, <bi>bXX:XX:XX:XX:XX:XX</bi> ~~- bytes.~~

~~You can also~~MAC address of interface inside~~specify the literal word unlimited in place of~~ a~~number~~container. ~~In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --numproc items[:items]~~

~~Maximum number of processes andkernel~~--~~level threads. Setting the barrier and the limit to~~host_ifname~~different values does not make practical sense.~~name

~~--numtcpsock~~interface name for virtual~~items[:items]~~interface in the host system.

~~Maximum number of TCP sockets.~~--host_mac~~This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense.~~XX:XX:XX:XX:XX:XX

~~--numothersock~~MAC address of interface in the~~items[:items]~~host system.

~~Maximum number of non-TCPsockets (local sockets, UDP and other types of sockets).~~If you want an~~Setting~~ independent communication with the ~~barrier and~~ Container through the ~~limit to different values doesnot make practical sense~~bridge, you should specify a multicast MAC address here(FE:FF:FF:FF:FF:FF).

--~~vmguarpages~~bridge~~pages~~name~~[:pages]~~

~~Memory allocation guarantee~~Bridge name.Custom network~~This parameter controls how much memory is available~~ start scripts can use this value to a~~container. The barrier is~~ automatically add the ~~amount of memory thatcontainer’s applications are guaranteed~~ interface to ~~be able toallocate. The meaning of the limit is currently unspecified;it should be set to unlimited~~a bridge.

--~~kmemsize~~mac_filter on|<ib>~~bytes~~off</~~i>[:bytes</i~~b>]

~~Maximum amount~~ Enables/disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of ~~kernel memory~~this device from inside~~used~~the Container. ~~This parameter~~ If the filtering is ~~related to~~ turned on: <bbr>~~--numproc. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consume~~• the veth device accepts only those packets that havea ~~bit more. It is important~~ MAC address in their headers corresponding to ~~have a certain safety gapbetween the barrier and the limit~~ that of this ~~parameter: equalbarrier~~ device (excluding all broadcast and ~~limit may lead to the situation where the kernel~~multicast packets); ~~will need to kill container~~&~~rsquo~~bull;~~s applications~~ it is impossible to ~~keep~~ modify theveth MAC address frominside the Container.<b/p>~~kmemsize~~ </bp style="margin-left:22%; margin-top: 1em"> ~~usage under~~ By default,this functionality is enabled for all veth devices existinginside the ~~limit~~Container.

~~--tcpsndbufbytes[:bytes]~~=== VSwap limits ====

~~Maximum size of TCP send~~The following~~buffers. Barrier should be not less than 64 KB,~~ options sets memory andswap limits for VSwap-enabled~~difference between barrier and limit should be equal to~~ kernels (kernel version 042stab042 or~~more than value of numtcpsock multiplied by 2.5~~KBgreater).

~~--tcprcvbuf~~Argument is in~~~~bytes~~[~~, unless otherwise specified by an optional suffix.Available suffixes are:~~bytes]~~

•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • B, b - bytes (this is the default). --ram bytes ~~Maximum size of TCP receive~~Sets physical memory (RAM)~~buffers~~available to a container. ~~Barrier should be not less than 64 KB~~Actually, ~~and~~the option is a shortcut~~difference between~~ for setting --physpages limit (the barrier ~~and limit should be equal~~ is set to or~~more than value of~~ 0). ~~numtcpsock~~--swap ~~multiplied by 2.5KB.~~bytes

Set swap space available to acontainer. Actually, the option is a shortcut for setting--~~othersockbuf~~swappages~~bytes[:bytes]~~limit (the barrier is set to 0).

~~Maximum size of other (non~~-~~TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX~~-~~domain)~~vm_overcommit~~sockets.~~float

Set VM overcommitment value to<bi>~~--dgramrcvbuf~~float</bi>. If set, it is used to calculate<ib>~~bytes~~privmmpages</ib>[:parameter in case it is not setexplicitly (see below). Default value is <ib>~~bytes~~0</ib>], meaningunlimited privvmpages.

~~Maximum size of other (non-TCP)~~vzctlchecks if running kernel is VSwap capable, and refuses to~~socket receive buffers~~use these parameters otherwise. ~~If container’s processes needsto receive very large datagrams, the barrier should~~ This behavior can be ~~setaccordingly. The difference between the barrier and the~~overriden by using --force flag before~~limit is not needed~~parameters.

~~--oomguarpages~~In VSwap mode,all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,they are calculated and set by vzctl implicitly, using the~~pages[~~following formulae:~~pages]~~

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container~~&~~rsquo~~bull;s~~processes~~lockedpages. ~~The~~ barrier ~~of this parameter is theout-of-memory guarantee~~= oomguarpages. ~~If the oomguarpages usage isbelow the~~ barrier~~, processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto unlimited~~= ram.

--•lockedpages.limit = oomguarpages.limit = unlimited~~pages[:pages]~~

~~Maximum number of pagesacquired by~~ ~~mlock~~•vmguarpages.barrier = vmguarpages.limit = ram + swap~~(2).~~

--•privvmpages.barrier = privvmpages.limit = (ram + swap) *vm_overcommit~~pages[:pages]~~

~~Allows controlling the amountof memory allocated by the applications. For shared~~ (~~mapped~~ifas ~~MAP_SHARED~~vm_overcommit~~) pages, each container really using amemory page~~ is ~~charged for the fraction of the page(depending on the number of others using it). For"potentially private" pages (mapped as~~~~MAP_PRIVATE~~0~~), container is charged either for afraction of the size~~ or ~~for the full size if the allocatedaddress space. In the latter case~~not set, ~~the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.~~privvmpages is set to "unlimited")

~~The barrier and~~Here is an~~the limit~~ example of ~~this parameter control the upper boundary~~ setting container 777 to have 512 megabytes of~~the total size~~ RAM and 1 gigabyte of ~~allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --vmguarpages guarantee.~~swap:

~~~~ vzctl set 777 --ram 512M --swap 1G --~~shmpagespages[:pages]~~save</ppre>

~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values doesnot make practical sense.~~=== User Beancounter limits ====

~~--numfile~~The followingoptions sets barrier and limit for various user~~items[:items]~~beancounters.

~~Maximum number of open files.~~Note that forVSwap-enabled kernels (version 042stab042 or greater) these~~In most cases the barrier and the limit should be~~ limits are optional, you must only set ~~to thesame value. Setting the barrier to~~ 0--ram ~~effectively~~and~~disables pre~~--~~charging optimization for this beancounter inthe kernel~~swap (see above). For older kernels, ~~which leads to the held value being precise but~~these limits~~could slightly degrade file open performance~~are obligatory.

Each optionrequires one or two arguments. In case of one argument,~~--numflock~~vzctlsets barrier and limit to the same value. Incase of two colon-separated arguments, the first is abarrier, and the second is a limit. Each argument is eithera number, a number with a suffix, or a special value<ib>~~items~~unlimited</~~i>[:items</i~~b>].

~~Maximum number of file locks~~Arguments arein items, pages or bytes.Note that page size is~~Safety gap should be between barrier~~ architecture-specific, it is 4096 bytes on x86 and ~~limit~~x86_64platforms.

You can alsospecify different suffixes for User Beancounter parameters(except for those which names start with ~~--numpty~~num). Forexample, vzctl set ~~items~~CTID[--privvmpages5M:6M should set <ib>~~items~~privvmpages</ib>]’ barrier to 5megabytes and its limit to 6 megabytes.

~~Number of pseudo-terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit to~~Available~~different values does not make practical sense.~~suffixes are:

•T, t - terabytes; • G, g - gigabytes; • M, m-megabytes; • K, k -~~numsiginfo~~kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • <ib>~~items~~B</ib>[:, <ib>~~items~~b</ib>]- bytes.

~~Number~~ You can alsospecify the literal word unlimited in place of ~~siginfo structures~~anumber.~~Setting~~ In that case the ~~barrier and the limit~~ corresponding value will be set to ~~different values doesnot make practical sense~~LONG_MAX, i. e. the maximum possible value. --numproc items[:items]

~~-~~Maximum number of processes andkernel-~~dcachesize~~level threads. Setting the barrier and the limit to~~bytes[:bytes]~~different values does not make practical sense.

~~Maximum size offilesystem~~--~~related caches, such as directory entry and inode~~numtcpsock~~caches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.~~items[:items]

Maximum number of TCP sockets.This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense. --~~numiptent~~numothersock~~num~~items[:~~num~~items]

~~Number~~ Maximum number of ~~iptables~~ non-TCPsockets (~~netfilter~~local sockets, UDP and other types of sockets).~~entries.~~ Setting the barrier and the limit to differentvalues does not make practical sense.

--~~physpages~~vmguarpages

pages[:pages]

~~On VSwap-enabled kernels, this~~Memory allocation guarantee.~~limits the amount of physical~~ This parameter controls how much memory ~~(RAM)~~ is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to 0unlimited~~, and thelimit to a total size of RAM that can be used used by acontainer~~.

~~For olderkernels, this is an accounting~~--~~only parameter, showing theusage of RAM by this container. Barrier should be set to~~kmemsize<bi>0bytes</bi>~~, and limit should be set to~~ [:<bi>~~unlimited~~bytes</bi>.]

Maximum amount of kernel memoryused. This parameter is related to --~~swappages~~numproc. Each~~pages[~~process consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter:equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the<ib>~~pages~~kmemsize</ib>]usage under the limit.

~~For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to~~ 0--tcpsndbuf~~, and the limit to a total size of swap thatcan be used by a container.~~bytes[:bytes]

~~For older~~Maximum size of TCP send~~(pre-VSwap) kernels~~buffers. Barrier should be not less than 64 KB, ~~the~~ anddifference between barrier and limit ~~is used~~ should be equal to ~~show a total~~or~~amount~~ more than value of ~~swap space available inside the container. Thebarrier of this parameter is ignored. The default value is~~~~unlimited~~numtcpsock~~, meaning total swap will be reported as~~multiplied by 2.50KB.

--tcprcvbufbytes[:bytes]

~~These~~Maximum size of TCP receive~~parameters control CPU usage by container~~buffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of ~~ --cpuunits~~numtcpsock ~~num~~multiplied by 2.5KB.

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--othersockbuf ~~are not specified,default value of 1000 is used.~~bytes[:bytes]

~~You can set CPUweight for CT0~~ Maximum size of other (~~host system itself~~non-TCP) ~~as well (use vzctl~~socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be set ~~0 --cpuunits num)~~accordingly. ~~Usually, OpenVZ initscript~~Increased limit is necessary for highperformance of communications through local (~~/etc/init.d/vz~~UNIX-domain) ~~takes care of setting this~~sockets.

--~~cpulimit~~dgramrcvbuf~~num~~bytes[:<bi>%bytes</bi>]

~~Limit~~ Maximum size of ~~CPU usage for the~~other (non-TCP)socket receive buffers. If container’s processes needsto receive very large datagrams, ~~in per cent~~the barrier should be setaccordingly. ~~Note if~~ The difference between the barrier and the ~~computer has 2 CPUs, ithas total of 200% CPU time. Default CPU~~ limit is ~~0(no CPU limit)~~not needed.

--~~cpus~~oomguarpages ~~num~~pages[:pages]

~~sets number~~ Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of ~~CPUs available~~-memory guarantee. If the oomguarpages usage isin below the barrier, processes of this containerareguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto unlimited.

--~~cpumask~~lockedpages ~~cpus~~pages |[:<bi>~~all~~pages</bi>]

~~sets list~~ Maximum number of ~~allowed CPUs for~~pages~~the container. Input format is a comma-separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen-separated decimal numbers, the smallest andlargest bit numbers set in the range. For example, if youwant the container to execute on CPUs 0, 1, 2, 7, you shouldpass~~ acquired by ~~0-2,7. Default value is all~~mlock (~~thecontainer can execute on any CPU~~2).

--privvmpagespages[:pages]

Allows controlling the amountof memory allocated by the applications. Forshared (mapped~~VSwap-enabled kernels (042stab042 or greater~~as MAP_SHARED)pages, ~~this~~each container really using a~~parameter~~ memory page is ~~ignored. For older kernels, it controls~~ charged for the fraction of thepage~~output~~ (depending on the number of ~~/proc/meminfo inside a container~~others using it). For"potentially private" pages (mapped as~~ --meminfo none~~MAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.

~~No /proc/meminfo virtualization~~The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to control(memory allocation is the ~~same as on host system)~~--vmguarpages guarantee.

--~~meminfo~~shmpages~~mode~~pages[:~~value~~pages]

~~Configure total memory outputin a container~~Maximum IPC SHM segment size. ~~Reported free memory is evaluatedaccordingly to~~ Setting the barrier and the ~~mode being set. Reported swap isevaluated according~~ limit to ~~the settings of --swappages~~different values does~~parameter~~not make practical sense.

~~You can use thefollowing modes for mode: •~~ ~~pages~~--numfile:~~value~~items ~~- sets total memory inpages; • privvmpages~~[:~~value - sets total memoryas privvmpages * value~~items.]

~~Default is~~Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to ~~privvmpages:1~~0effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise butcould slightly degrade file open performance.

--numflockitems[:items]

~~--iptables~~Maximum number of file locks.~~name~~Safety gap should be between barrier and limit.

~~Allow to use the functionality~~--numptyof ~~name~~items ~~iptables module inside the container. Tospecify multiple~~ [:~~name~~items~~s, repeat --iptables for each,or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces).~~]

~~The defaultlist~~ Number of ~~enabled iptables modules is specified by the~~pseudo-terminals~~IPTABLES variable~~ (PTY). Note that in ~~[[Man/vz~~OpenVZ each container can have not morethan 255 PTYs.~~conf.5|vz.conf(5)]]~~Setting the barrier and the limit todifferent values does not make practical sense.

~~You can use thefollowing values for name:~~ ~~iptable_filter~~--numsiginfo,<bi>~~iptable_mangle~~items</bi>, [:<bi>~~ipt_limit~~items</~~b>,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner</b~~i>.]

Number of siginfo structures.Setting the barrier and the limit to different values doesnot make practical sense.

--~~netdev_add~~dcachesize~~name~~bytes[:bytes]

~~move network device from the~~Maximum size offilesystem-related caches, such as directory entry and inode~~host system~~ caches. Exists as a separate parameter to impose a ~~specified container~~limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.

--~~netdev_del~~numiptent~~name~~num[:num]

~~delete network device from a~~Number of iptables (netfilter)~~specified container~~entries. Setting the barrier and the limit to differentvalues does not make practical sense.

--physpagespages[:pages]

~~~~On VSwap-~~-diskquota yes |~~enabled kernels, thislimits the amount of physical memory (RAM) available to acontainer. The barrier should be set to no0, and thelimit to a total size of RAM that can be used used by acontainer.

~~allows to enable or disable~~For olderkernels, this is an accounting-only parameter, showing the~~disk quota for a~~ usage of RAM by this container. ~~By default, a global value~~Barrier should be set to(~~DISK_QUOTA~~0~~) from [[Man/vz.conf.5|~~, and limit should be set to ~~vz.conf~~unlimited~~(5)]] is used~~.

~~Note that thisparameter is ignored for~~ ~~ploop~~--swappages ~~layout.~~pages[:pages]

For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to ~~--diskspace~~0, and the limit to a total size of swap that~~num[:num]~~can be used by a container.

For older(pre-VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value is~~simfs~~unlimited ~~layout, setssoft and hard disk quota limits~~, ~~in blocks. First parameter~~meaning total swap will be reported as~~is soft limit, second is hard limit. One block is currentlyequal to 1Kb~~0.

~~Forploop layout, sets the size of the ploop image file,in kilobytes.~~=== CPU fair scheduler parameters ====

~~Suffixes~~Theseparameters control CPU usage by container. G</bbr>~~, M~~--cpuunits, <bi>Knum</bi> ~~can also be specified (seeResource limits section for more info onsuffixes).~~

CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If ~~--diskinodes~~cpuunitsare not specified,~~num[:num]~~default value of 1000 is used.

~~sets soft and hard disk quota~~You can set CPUweight for CT0 (host system itself) as well (use vzctl~~limits, in~~ set 0 --cpuunits num</i~~-nodes~~>). ~~First parameter is soft limit~~Usually, ~~second is~~OpenVZ initscript~~hard limit~~(/etc/init.d/vz) takes care of setting this.

--~~top: 1em"~~cpulimit~~Note that thisparameter is ignored for~~ num[~~ploop~~% ~~layout.~~]

Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is ~~--quotatime~~0~~seconds~~(no CPU limit).

~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~--cpus num

~~Note that this~~sets number of CPUs available~~parameter is ignored for ploop layout~~in the container.

--~~quotaugidlimit~~cpumask~~num~~cpus |auto | all

~~sets maximum number~~ Sets list ofallowed CPUs for~~user~~the container. Input format is a comma-separated list ofdecimal numbers and/~~group IDs~~ or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in a the range. For example, ifyou want the container ~~for which disk quota inside~~to execute on CPUs 0, 1, 2, 7, youshould pass 0-2,7. Default value is all (the container ~~will be accounted~~can execute on any CPU). If ~~this value is set to~~used with the0--nodemaskoption, ~~user and group quotas inside~~ value of auto assigns allCPUs from the specified NUMA node to a container ~~willnot be accounted~~.

-~~top: 1em"~~-nodemask nodes~~Note that ifyou have previously set value of this parameter to~~ | 0all,~~changing it while the container is running will not takeeffect.~~

Sets list of allowed NUMA nodesfor the container. Input format is the same as for--cpumask. Note that --nodemask must be usedwith the --cpumask option ~~====~~.

~~--noatime yes |no~~=== Memory output parameters ====

~~Sets noatime flag~~ ForVSwap-enabled kernels (~~do not~~042stab042 or greater), thisparameter is ignored. For older kernels, it controls the~~update inode access times) on filesystem~~output of /proc/meminfo inside a container. --meminfo none No /proc/meminfo virtualization(the same as on host system).

--~~capability~~meminfo~~capname~~mode:<bi>onvalue</~~b>|off</b~~i>

~~Sets a capability for~~ Configure total memory outputin acontainer. ~~Note that setting capability when the container~~Reported free memory is ~~running does not take immediate effect; restart the~~evaluated~~container in order for~~ accordingly to the ~~changes to take effect~~mode being set. ~~Note a~~Reported swap is~~container has default set~~ evaluated according to the settings of ~~capabilities, thus any~~--swappages~~operation on capabilities is "logical and" withthe default capability mask~~parameter.

You can use the

following ~~values~~ modes for ~~capname~~mode: <~~b>chown</b~~br>,• ~~dac_override~~pages, :<bi>~~dac_read_search~~value</~~b>, fowner</b~~i>,- sets total memory inpages; <~~b>fsetid, kill, setgid, setuid</b~~br>,• ~~setpcap~~privvmpages, :<bi>~~linux_immutable~~value</bi>,- sets total memoryas ~~net_bind_service~~privvmpages, * <bi>~~net_broadcast~~value</bi>,~~net_admin, net_raw, ipc_lock~~.</bp>,~~ipc_owner, sys_module, sys_rawio,~~<~~b>sys_chroot, sys_ptrace, sys_pacct</b~~p style="margin-left:22%; margin-top: 1em">,Default is~~sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities~~privvmpages:1~~(7)~~.

~~WARNING:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting setpcap:on fora container will most probably lead to inability to startit.~~=== Netfilter (iptables) control parameters ====

--netfilter disabled|stateless|stateful|full

Restrict access tonetfilter/iptables modules for a container. This optionreplaces obsoleted --~~devnodesdevice:[r][w][q]|none~~iptables.

~~Give the~~ Note thatchanging this parameter requires container ~~an access~~restart, so~~(r - read, w - write, q~~consider using - ~~disk quotamanagement, none~~ - ~~no access) to a device designatedby the special file /dev/device. Device file iscreated in a container by vzctl~~setmodeoption. ~~Example:~~

<~~pre~~ p style="margin-left:22%;margin-top: 1em"> ~~vzctl set 777 --devnodes sdb~~The followingarguments can be used:~~rwq~~ • disabled</~~pre~~p>

~~--devicesb|c:major:minor|all:[r][w][q]|none~~no modules are allowed

~~Give the container an access to~~a b• stateless~~lock or character device designated by itsmajor and minor numbers. Device file have tobe created manually.~~

all modules except NAT andconntracks are allowed (i.e. filter and mangle); this is thedefault

~~--pci_add~~• stateful~~[domain:]bus:slot.func</i~~>

~~Give the container an access toa specified PCI device. All numbers~~ all modules except NAT are ~~hexadecimal (asprinted by lspci(8) in the first column).~~allowed

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><~~b>--pci_del</b~~tr valign="top" align="left">[<itd width="22%">~~domain~~</itd>:]<~~i>bus:slot.func</p~~td width="9%">

• full</td><td width="~~margin-left:22~~1%;">~~Delete a PCI device from the~~</td>~~container.~~</ptd width="36%">

~~Note that~~all modules are allowed<b/p>~~vps-pci~~</btd> ~~configuration script is executed by~~<btd width="32%">~~vzctl~~</btd> ~~then configuring PCI devices. The script isusually located at~~ <~~b>/usr~~/~~lib[64]/vzctl/scripts/</b~~tr>.</ptable>

--iptablesname[,...]

~~--features~~Notethis option is~~name:~~obsoleted, ~~on|off~~--netfiltershould be used instead.

~~Enable or disable a specific~~Allow to use~~container feature. Known features are:~~ the functionality of <bi>~~sysfs~~name</bi>,iptables module inside thecontainer. Multiple comma-separated <~~b>nfs, sit, ipip</b~~i>~~, ppp~~name</bi>,s can be~~ipgre, bridge, nfsd~~specified.

The defaultlist of enabled iptables modules is defined by theIPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]].

You can use thefollowing values for name: ~~--applyconfig~~iptable_filter,<ib>~~name~~iptable_mangle</ib>, ipt_limit</pb>,ipt_multiport, ipt_tos, ipt_TOS,<~~p style="margin-left:22%;"~~b>ipt_REJECT, ipt_TCPMSS, ipt_tcpmss~~Read container parameters fromthe container sample configuration file~~,<ttb>ipt_ttl</~~etc~~b>, ipt_LOG</vzb>, ipt_length</~~conf~~b>,ip_conntrack</~~ve-~~b>, ip_conntrack_ftp</ttb>,<ib>~~name~~ip_conntrack_irc</ib>, <ttb>~~.conf-sample~~ipt_conntrack</ttb>,~~and apply them~~ipt_state, ipt_helper, if ~~--save~~iptable_nat ~~option specified save to~~,~~the container config file. The following parameters are notchanged:~~ ~~HOSTNAME~~ip_nat_ftp, ip_nat_irc, ~~IP_ADDRESS~~ipt_REDIRECT,~~OSTEMPLATE~~xt_mac, ~~VE_ROOT~~ipt_recent, ~~and~~~~VE_PRIVATE~~ipt_owner.

~~--applyconfig_mapgroup~~=== Network devices control parameters ====

~~Apply container configparameters selected by~~ <ib>~~group~~--netdev_add</ib>~~. Now the only possiblevalue for~~ ~~group~~name ~~is name: to restore containername based on NAME variable in containerconfiguration file.~~

move network device from thehost system to a specified container</~~O priority management ====~~p>

--~~ioprio~~netdev_del~~priority~~name

~~Assigns I/O priority to~~delete network device from aspecified container~~. Priority range is 0-7. The greaterpriority is, the more time for I/O activity containerhas. By default each container has priority of4.~~

=== ~~Checkpointing and restore~~ = Disk quota parameters ====

~~Checkpointing is a feature of~~--diskquota yes |~~OpenVZ kernel which allows to save a complete state of arunning container, and to restore it later.~~no

allows to enable or disabledisk quota for a container. By default, a global value(~~chkpnt~~DISK_QUOTA ~~CTID<~~) from [[Man/i>[vz.conf.5|~~--dumpfile~~vz.conf ~~name~~(5)]]is used.

~~This command saves a complete~~Note that this~~state of a running container to a dump file, and stops thecontainer. If an option --dumpfile~~ parameter is ~~not set,default dump file name~~ ignored for ~~/vz/dump/Dump.~~ploop~~CTID isused~~layout.

~~restore~~--diskspace ~~CTID~~num[~~--dumpfile~~ :~~name~~num]

~~This command restores acontainer from the dump file created by the~~ For ~~chkpnt~~simfslayout, setssoft and hard disk quota limits. First parameter is soft~~command~~limit, second is hard limit.

Forploop layout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second num, ifspecified, is ignored.

~~Snapshotting~~ By default,ploop resize is done online, i.e. on a ~~feature basedon checkpointing and~~ mounted ploop ~~shapshots~~. ~~It allows to save~~ Thisis a~~complete state~~ preferred way of ~~container file system~~doing resize. ~~Plus~~Although, ~~if the~~in a rare casea container ~~is running~~was using lots of disk space and should now beresized to a much smaller size, ~~it’s in-memory state (as in~~an offline resize might be~~checkpointing)~~more appropriate. ~~Note that snapshot functionality~~ In this case, make sure the container is ~~onlyworking for containers on ploop device.~~stopped and unmounted and use additional--offline-resize option

~~snapshot |~~Note that ploopresize is NOT performed on container start, so forconsistency ~~snapshot~~-~~create~~-diskspace ~~CTID [~~must be used together with--idsave~~uuid]~~flag.

~~Creates a container snapshot.~~SuffixesIf <ib>~~uuid~~G</ib> ~~is not specified~~, ~~it is auto-generated. If acontainer is running~~M, ~~it’s checkpointed and then~~K can also be specified (see~~restored~~Resource limits section for more info on suffixes). If ~~a container~~ suffix is not ~~running~~specified, ~~only file systemstate~~ value is ~~saved~~in kilobytes.

~~snapshot~~-~~switch~~-diskinodes~~CTID~~num ~~--id~~ [:~~uuid~~num]

~~Switches the container to a~~sets soft and hard disk quota~~snapshot identified by <~~limits, in i~~>uuid~~-nodes. ~~Note that the currentcontainer state and its file system state~~ First parameter is ~~lost! If givensnapshot contains CT memory dump~~soft limit, it second is ~~restored, otherwiseit is stopped~~hard limit.

~~snapshot-delete~~Note that this~~CTID~~ parameter is ignored for ~~--id~~ploop ~~uuid~~layout.

~~Removes a specified~~--quotatime~~snapshot.~~seconds

~~snapshot-list~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit is~~CTID~~enforced as a hard limit.

~~Lists all snapshots. Active~~Note that this~~snapshot~~ parameter is ~~marked with~~ ignored for *ploop ~~sign~~layout.

--quotaugidlimitnum

<~~table width~~p style="~~100~~margin-left:22%~~" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0~~;">Enables or disables~~<tr valign="top" align="left">~~in-container per-user and per-group disk quotas. If thevalue is set to <~~td width="11%"~~b>0</tdb>or not set, disk quotas inside thecontainer is disabled and not accounted.<~~td width="9%"~~/p>

For~~create~~simfs<layout containers, non-zero value sets maximumnumber of user/~~p></td>~~group IDs for which disk quota is~~<td width="2%">~~accounted.</~~td><td width="78%"~~p>

~~CTID~~For[~~--ostemplate name][--config ~~ploop~~name][--~~layout~~ simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][~~containers, any non-~~-private path]~~zero value enables~~[--root&nbsp~~disk quota inside the container;~~path<~~the number of user/~~i>]~~group~~[--ipadd addr][--hostname name][--name name]~~IDs used by disk quota is not limited by OpenVZ.</p~~> </td></tr></table~~>

~~Creates a new~~Note thatenabling or disabling in-container disk quotas requirescontainer ~~area. This operation should be done once~~restart, ~~before~~so consider using --setmode~~the first start of the container~~option.

~~By default, anOS template denoted by DEF_OSTEMPLATE parameter of[[Man/vz.conf.5|vz.conf(5)]] is used to create a container. This can beoverwritten by --ostemplate~~ === Capability option~~.~~====

~~By default, anew container configuration file is created from a sampleconfiguration denoted by value of~~ ~~CONFIGFILE~~--capability~~parameter of [[Man~~capname:on</~~vz.conf.5~~b>|~~vz.conf~~off[,~~(5)]]~~. ~~If the containerconfiguration file already exists, it will not bemodified~~..]

~~The value of~~Sets a capability for a~~CONFIGFILE can be overwritten by using the-~~container. Multiple comma-~~config name option. This option~~ separated capabilities can ~~not~~ be~~used if the container configuration file already exists~~specified.

~~A new container~~Note that~~can either be created using simfs filesystem or on~~ setting acapability when the container is running does not~~ploop device. The default is set by value of~~take immediate effect; restart the container in order for~~VE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf~~the changes to take effect (~~5)]] and can beoverwritten by~~ consider using --~~layout~~setmode option~~. In case ploopis used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw. Default isexpanded. Using raw is not recommended and isnot supported~~).

~~You can use--diskspace option to specify~~ A container ~~file system~~has~~size. Suffixes G~~the default set of capabilities, ~~M, K can also be~~thus any operation on~~specified (see Resource limits section for more info~~capabilities is "logical AND" with the default~~on suffixes)~~capability mask.

You can usethefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,~~--root~~ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace , <ib>~~path~~sys_pacct</ib> ~~option to sets the path to the~~,~~mount point for the container root directory (default is~~sys_admin, sys_boot, sys_nice,~~VE_ROOT~~sys_resource ~~specified in [[Man~~, sys_time</~~vz.conf.5|~~b>, ~~vz.conf~~sys_tty_config~~(5)]] file).~~,~~Argument can contain literal string~~ ~~$VEID~~mknod, lease, setveid, ~~which will~~ve_admin.~~be substituted with the numeric CT ID~~For detailed description, see capabilities(7).

~~You can use~~~~--private~~WARNING ~~path option to set the path to~~:setting some of those capabilities may have far reaching~~directory in which all the files and directories specific to~~security implications, so do not do it unless you know what~~this very container~~ you are ~~stored (default is VE_PRIVATEspecified in [[Man/vz.conf~~doing.5|Also note that setting ~~vz.conf~~setpcap:on~~(5)]] file). Argument can contain~~for~~literal string $VEID, which~~ a container will ~~be substituted with~~most probably lead to inability to start~~the numeric CT ID~~it.

~~You can use--ipadd addr option to assign an IP address toa container. Note that this option can be used multipletimes.~~=== Device access management ====

~~You can use~~--~~hostname~~devnodes ~~name~~device ~~option to set a host name fora container.~~:[r][w][q]|none

Give the container an access(r - read, w - write, ~~destroy~~q | - disk quotamanagement, ~~delete~~none- no access) to a device designatedby the special file /dev/~~CTID~~device. Device file iscreated in a container by vzctl. Example:

~~Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.~~ vzctl set 777 --devnodes sdb:rwq</ppre>

~~start~~--devicesb|c :~~CTID~~major:minor|all:[r][~~--wait~~w] [~~--force~~q]|none

~~Mounts (if necessary) and~~Give the container an access to~~starts~~ a ~~container. Unless~~ ~~--wait~~b ~~option isspecified,~~ lock or ~~vzctl~~c ~~will return immediately; otherwise~~haracter device designated by its~~an attempt to wait till the default runlevel is reached willbe made by~~ <bi>major and ~~vzctl~~minor</bi>numbers. Device file have tobe created manually.

~~Specify--force if you want to start a container which isdisabled (see --disabled).~~=== PCI device management ====

~~Note that thiscommand can lead to execution of~~ ~~premount~~--pci_add,[<bi>~~mount~~domain</bi> ~~and~~ :]<bi>~~start~~bus</bi> ~~action scripts (see~~ :<bi>~~ACTIONSCRIPTS~~slot</bi> ~~below)~~.func

~~stop CTID~~Give the container an access toa specified PCI device. All numbers are hexadecimal (as[printed by ~~--fast~~lspci](8) in the first column).

~~Stops and unmounts a container.Normally,~~ ~~halt~~--pci_del~~(8) is executed inside a container;option~~ [<bi>~~--fast~~domain</bi> ~~makes~~ :]<bi>~~vzctl~~bus</bi> ~~use~~ :<bi>~~reboot~~slot</bi>~~(2)syscall instead which is faster but can lead to uncleancontainer shutdown~~.func

~~Note that this~~Delete a PCI device from the~~command can lead to execution of stop, umountand postumount action scripts (see ACTIONSCRIPTS below)~~container.

Note that~~restart~~vps-pci ~~CTID~~configuration script is executed by[~~--wait~~vzctl~~] [~~then configuring PCI devices. The script isusually located at ~~--force<~~/~~b>] [--fast~~usr/libexec/vzctl/scripts/].

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all thestart and stop options.~~=== Features management ====

-~~top~~-featuresname: ~~1em"~~on|off~~Note that thiscommand can lead to execution of some action scripts (see~~[~~ACTION SCRIPTS~~, ~~below)~~...]

Enable or disable a specificcontainer feature. Known features are: ~~status~~sysfs ,<ib>nfs, sit, ipip, ppp,ipgre, ~~CTID~~bridge</ib>, nfsd. A few features canbe specified at once, comma-separated.

~~Shows a container status. Thisis a line with five or six words, separated by spaces.~~=== Apply config ====

~~First word isliterally~~ ~~CTID~~--applyconfig.name

~~Second word is~~Read container parameters fromthe ~~numeric~~ container sample configuration file<tt>/etc/vz/conf/ve-</tt>~~CT ID~~name<tt>.conf-sample</tt>,and apply them, if --save option specified save tothe container config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT, andVE_PRIVATE. ~~Third word isshowing whether this container exists or not, it can beeither~~ ~~exist~~--applyconfig_map or <bi>~~deleted~~group</bi>.

~~Fourth word is~~Apply container config~~showing~~ parameters selected by group. Now the ~~status of the container filesystem, it can be~~only possible~~either~~ value for group is ~~mounted~~name or : to restore containername based on ~~unmounted~~NAMEvariable in containerconfiguration file.

~~Fifth wordshows if the container is running, it can be eitherrunning<~~=== I/~~b> or down.~~O scheduling ====

~~Sixth word, ifexists, is~~ ~~suspended~~--ioprio~~. It appears if both a containerand its dump file exist (see~~ <bi>~~chkpnt~~priority</bi>).

Assigns disk I/O priority tocontainer. Priority range is 0-~~top: 1em"~~7. The greaterpriority is, the more time for I/O activity containerhas. By default each container has priority~~This command~~of~~can also be usable from scripts~~4.

~~mount~~--iolimit ~~CTID~~limit[B|K|M|G]

~~Mounts~~ Assigns disk I/O bandwidthlimit for a container ~~private area~~.Value is either a number with an~~Note that this command can lead to execution of~~optional suffix, or a literal string ~~premount~~unlimited ~~and~~ . Valueof ~~mount~~0 ~~action scripts (see~~means "unlimited". By default a~~ACTION SCRIPTS<~~container has no I/~~b> below)~~O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

If no suffix isprovided, the limit is assumed to be in megabytes persecond. Available suffixes are: • b, B -- bytes per second; • k, K -- kilobytes per second; • ~~umount~~m , <ib>M -- megabytes per second (default); • g, ~~CTID~~G</ib>-- gigabytes per second;

~~Unmounts container privatearea. Note that this command can lead to execution of~~~~umount~~--iopslimit ~~and postumount action scripts (see~~<bi>~~ACTION SCRIPTS~~iops</bi> ~~below).~~

~~Note that~~Assigns IOPS limit for acontainer, in number of input/output operations per second.Value is a number or a literal string ~~stop~~unlimited ~~does~~ .Value of ~~umount~~0 ~~automatically~~means "unlimited". By default acontainer has no IOPS limit.

~~convert CTID[--layoutploop[:{expanded|plain|raw}]]~~== Suspending and resuming ===

~~Convert CT private area~~ Checkpointing is a feature ofOpenVZ kernel which allows to~~reside on~~ save a ~~ploop device (available~~ complete in -kernel ~~version042stab052.8 and greater). Conversion should be performedwhen~~ state of a running container ~~is stopped~~, ~~plus disk space quota should beset~~and to restore it later.

~~quotaon~~suspend |chkpntCTID[--dumpfile name]

~~Turn disk quota on. Not that~~This command suspends acontainer to a dump file If an option ~~mount~~--dumpfile ~~and~~ isnot set, default dump file name~~start~~/vz/dump/Dump. ~~does that automatically~~CTID is used.

~~quotaoff~~resume |restoreCTID[--dumpfile name]

~~Turn disk quota off. Not that~~This command restores acontainer from the dump file created by the ~~umount~~suspend ~~and stop does that automatically~~command.

~~quotainitCTID~~== Snapshotting ===

Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop device. ~~Initialize disk quota (~~snapshot CTID[--id uuid] [--name name</i~~.e. run~~>][~~vzquota init~~--description~~) with the parameters taken from the CT~~desc] ~~configuration file~~ [--skip-suspend] [~~Man~~--skip-config</~~ctid~~b>] Creates a container snapshot,i.~~conf~~e. saves the current container state, including its filesystem state, running processes state, and configurationfile.5| If a containeris running, and ~~ctid.conf~~--skip-suspend~~(5)]]~~option is notspecified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.

Unless~~exec~~--skip-config ~~CTID~~option is given, container~~command~~configuration file is saved to the snapshot.

~~Executes~~ If ~~command~~uuid ~~in acontainer. Environment variables are~~ is not ~~set inside thecontainer. Signal handlers may differ from default settings~~specified, it is auto-generated.OptionsIf <ib>~~command~~--name</ib> is and --descriptioncan be used tospecify the snapshot name and description, ~~commands are read from~~respectively.~~stdin~~Name is displayed by snapshot-list.

~~exec2~~snapshot-switch CTID [--skip-resume | --must-resume]~~command~~[--skip-config] --id uuid

~~The same as exec, but~~Switches the container to a~~return code is that of~~ snapshot identified by ~~command~~uuid, restoring its filesystem state, configuration (if available) and its runningstate (if available).

~~runscript~~Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!</b~~> CTIDscript</i~~>

~~Run specified shell script in~~Option~~the container. Argument~~ <ib>~~script~~--skip-resume</ib> is used to ignore a CT memory dump file ~~on the hostsystem which contents is read by vzctl and executed~~ in ~~thecontext of the container. For~~ a ~~running container~~snapshot, ~~thecommand jumps into~~ as a result the container ~~and executes the script.~~will end up being~~For~~ in a stopped ~~container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root~~ state (~~such~~ same asif a snapshot has been takenwith ~~/proc~~--skip-suspend) ~~are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations~~.

~~enter CTID~~If option[--~~exec~~must-resume ~~command [arg ..~~is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.]]

~~Enters into a container (givinga container’s root shell). This~~ Option option ~~is a back-doorfor host root only. The proper way to have CT root shell isto use~~ ~~ssh~~--skip-config~~(1)~~is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is.

~~Option~~snapshot-~~-exec~~delete ~~is used to run~~ ~~command~~CTID ~~with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so~~ ~~vzctl exec~~--id ~~can not beused) and for some reason you can not use~~ <bi>~~ssh~~uuid</bi>~~(1).~~

~~You need to log~~Removes a specified~~out manually from the shell to finish session (even if youspecified --exec)~~snapshot.

~~console~~snapshot-mount CTID --id uuid --targetdirectory

~~Attach~~ Mounts a snapshot specified byuuid to ~~the container’sconsole~~a directory. Note ~~that the console is persistent, meaning it canbe attached to even if the container is not running, andthere is no automatic detachment when the container~~ this mount is~~stopped~~read-only.

~~Type~~ ~~Esc~~snapshot-umount~~then~~ <bi>.CTID</bi> ~~to detach from the console. Type~~ ~~Esc~~--id~~then~~ <bi>,uuid</~~b> to detach without killing anything. Note thatthese sequences are only recognized after Enter</b~~i>.

Unmounts a specifiedsnapshot.

snapshot-listCTID [-H] [-ofield[,field...] [-~~help~~-iduuid]

~~Prints help message with a~~List container’s~~brief list of possible options~~snapshots.

You cansuppress displaying header using -~~-version~~Hoption.

~~Prints~~ You can use the~~vzctl~~-ooption to display only the specifiedfield(s). List of available fields can be obtained~~version~~using -L option.

== ~~ACTION SCRIPTS~~ = Performing container actions ===

<~~p style~~table width="~~margin-left:11~~100%~~; margin-top: 1em~~"~~>vzctl~~border="0" rules="none" frame="void"~~has an ability to execute user-defined scripts when aspecific <b~~ cellspacing="0" cellpadding="0">~~vzctl command is run for a container. Thefollowing~~ <btr valign="top" align="left">~~vzctl commands can trigger execution ofaction scripts:~~ <btd width="11%">~~start~~</btd>~~, stop, restart,~~<~~b>mount and umount.</p~~td width="9%">

~~Action scriptsare located in the~~ ~~/etc/vz/conf/~~create ~~directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of~~ <b/p>~~vps.~~</btd> ~~and are executed for all containers.Per-CT scripts have a~~ <itd width="2%">~~CTID~~</itd> ~~numeric prefix and areexecuted for the given container only.~~</ptd width="78%">

CTID[--ostemplate name][--config  ~~margin~~name][--~~top~~layout simfs|ploop[: ~~1em"~~{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root path][--ipadd addr~~Please note~~]~~scripts are executed in a host system (CT0) context, with~~[--hostname name]~~the exception of~~ [~~.start~~--name  ~~and~~ name][~~.stop~~--local_uid  ~~scripts,~~uid]~~which are executed in a container context.~~[--local_gid gid] </td></tr></table>

~~The following~~Creates a new~~action scripts are currently defined: vps~~container area.~~premount~~This operation should be done once, ~~CTID~~beforethe first start of the container.~~premount~~

~~Global and per-CT mount scripts~~By default, anOS template denoted by DEF_OSTEMPLATE parameter of~~which are executed for~~ [[Man/vz.conf.5|vz.conf(5)]] is used to create a container ~~before it is mounted~~.This can be~~Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first~~overwritten by --ostemplate option.

By default, anew container configuration file is created from a sampleconfiguration denoted by value of ~~vps.mount~~CONFIGFILE,~~CTID<~~parameter of [[Man/i>vz.conf.5|vz.~~mount~~conf(5)]]. If the containerconfiguration file already exists, it will not bemodified.

~~Global and per-CT mount scripts~~The value of~~which are executed for a container right after it is~~CONFIGFILE can be overwritten by using the~~mounted. Otherwise they are the same as~~ ~~.premount~~--configname option. This option can not be~~scripts~~used if the container configuration file already exists.

A new containercan either be created using <ib>simfs filesystem or on aploop device. The default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by --layout option. In case ~~CTID~~ploop</ib>is used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw. Default isexpanded.~~start~~Using value other than expandedisnot recommended and is currently not supported.

~~Right after~~ You can use~~vzctl~~--diskspace ~~has~~and --diskinodes options to~~started a~~ specify containerfile system size. Note that forploop layout, ~~it executes this script in a container~~you will not be able to change inodes~~context~~value later.

If<ib>~~CTID~~DISKSPACE</ib>is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.conf.5|vz.~~stop~~conf(5)]], --diskspaceparameter is required for plooplayout.

~~Right before~~ Suffixes~~vzctl~~G ~~has~~, M, K can also be specified (see~~stopped a container, it executes this script in a container~~Resource limits section for more info on~~context~~suffixes).

You can use--root path option to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf~~vps~~(5)]] file).~~umount~~Argument can contain literal string $VEID,which willbe substituted with the numeric CT ID. You can use--private ~~CTID~~pathoption to set the path todirectory in which all the files and directories specific tothis very container are stored (default is VE_PRIVATEspecified in [[Man/vz.conf.5|vz.conf(5)]] file).~~umount~~Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID. You can use--ipadd addr option to assign an IP address toa container. Note that this option can be used multipletimes.

~~Global and per~~You can use-~~CT umountscripts which are executed for~~ -hostname name option to set a ~~container before it isunmounted. Scripts are executed in the~~ host ~~system context,~~name for~~while~~ a ~~CT is mounted. Global script, if exists, is executedfirst~~container.

When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and~~vps.postumount~~--local_gid,can be used to select which uidand ~~CTID~~gidrespectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UIDandLOCAL_GID from global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used.~~postumount~~An explicit --local_uidvalue of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid is ignored.

~~Global~~ Warning:use --local_uid and ~~per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as~~ ~~.umount~~--local_gidwith care,~~scripts~~specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.

~~The environmentpassed to all the~~ *mountdestroy ~~scripts is the standardenvironment of the parent (i.e.~~ | ~~vzctl~~delete~~) with twoadditional variables:~~ <bi>~~$VEID~~CTID</~~b> and $VE_CONFFILE</b~~i>.~~The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files.~~

~~Here is an~~Removes a container private~~example of a mount script~~area by deleting all files, ~~which makes host system’s~~directories and the~~/mnt/disk available to~~ configuration file of this container~~(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount~~.

<~~pre~~ p style="margin-left:11%; ~~margin-top: 1em~~"> ~~# If one of these files does not exist then something~~start CTID ~~# is really broken~~ [ --f wait</~~etc~~b>] [--force</~~sysconfig/vz~~ b>] ~~|| exit 1~~ [ --~~f $VE_CONFFILE~~ skip-fsck] ~~|| exit 1~~ ~~# Source both files. Note the order is important.~~ ~~. /etc/vz/vz.conf~~ ~~. $VE_CONFFILE~~ ~~SRC=/mnt/disk~~ ~~DST=/mnt/disk~~ ~~mount~~ [-n -~~t simfs $SRC ${VE_ROOT}${DST}~~ skip-~~o $SRC~~remount]</~~pre~~p>

Mounts (if necessary) andstarts a container. Unless --wait option isspecified, vzctl will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by vzctl. ~~Returns 0 upon~~Specify~~success, or an appropriate error code in case of an~~--force if you want to start a container which is~~error:~~disabled (see --disabled).

<~~table width~~p style="~~100~~margin-left:17%~~" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"><tr valign="~~; margin-top~~" align="left~~: 1em">Specify<~~td width="11%"~~b>--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="4%"~~/p>

<p~~>1</td><td width~~style="7margin-left:17%; margin-top: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using --skip-remount</tdb>flag.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Failed~~ Note that thiscommand can lead to ~~set a UBC parameter~~execution of premount</pb>,mount</tdb>and start</trb>action scripts (see <~~tr valign="top" align="left"~~b>ACTIONSCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">2stop</pb> CTID</tdi>[--fast<~~td width="7%"~~/b>] [--skip-umount</tdb>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Failed to set~~ Stops a ~~fair scheduler parameter~~container and unmountsit (unless --skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option--fast</trb>makes vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that3vzctl stop</pb> is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</tdb>in[[Man/vz.conf.5|vz.conf(5)]], or per container (<~~td width="7%"~~b>STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="78%"~~/b>(5)]], see --stop-timeout).

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of ~~Generic system error~~stop</pb>, <~~/td~~b>umount</trb>and <~~tr valign="top" align="left"~~b>postumountaction scripts (see <~~td width="11%"~~b>ACTIONSCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">5restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~The~~ Restarts a container, i.e.stops it if it is running ~~kernel is not an OpenVZ kernel (or some~~, and starts again. Accepts all the~~OpenVZ modules are not loaded)~~</pb>start</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>options.</~~td><td width="4%"~~p>

<p~~>6</td><td width~~style="7margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Not enough system resources~~</pb>status</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<p~~>7</td><td width~~style="7margin-left:17%;">Shows a container status. Thisis a line with five or six words, separated by spaces.</~~td><td width="78%"~~p>

<p~~>ENV_CREATE ioctl failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">First word isliterally <~~td width="11%"~~b>CTID</tdb>.<~~td width="4%"~~/p>

<p~~>8</td><td width~~style="7margin-left:17%; margin-top: 1em">Second word isthe numeric CT ID</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Command executed by~~ Third word isshowing whether this container exists or not, it can beeither ~~vzctl exec~~exist ~~returned non-zeroexit code~~or </pb>deleted</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">9Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~td width="7%"~~b>unmounted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container~~ Fifth wordshows if the container is ~~locked by another~~ running, it can be either~~vzctl~~running~~invocation~~or </pb> down</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">10Sixth word, ifexists, is </pb>suspended</tdb>. It appears if a dump fileexists for a stopped container (see <~~td width="7%"~~b>suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">This command~~<td width="11%">~~can also be usable from scripts.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">11</pb>mount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~A vzctl helper script file not found~~Mounts container private area.Note that this command can lead to execution of</pb>premount</tdb>and <~~/tr~~b>mount<~~tr valign="top" align="left"~~/b>action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">12</pb>umount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Permission denied~~Unmounts container privatearea. Note that this command can lead to execution of</pb>umount</tdb>and <~~/tr~~b>postumount<~~tr valign="top" align="left"~~/b>action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">13Note that</pb>stop</tdb>does <~~td width="7%"~~b>umount</tdb>automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Capability setting failed~~convert</pb><~~/td~~i>CTID</tri>[<~~tr valign="top" align="left"~~b>--layoutploop[:<~~td width="11%"~~/b>{expanded|plain|raw</tdb>}]]<~~td width="4%"~~/p>

<p~~>14</td><td width~~style="7margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container configuration file [[Man/ctid.conf.5|~~~~ctid.conf~~compact~~(5)]] notfound~~</pi> CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>15</td><td width~~style="7margin-left:17%;">Compact container image. Thisonly makes sense for ploop layout.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Timeout on~~ ~~vzctl exec~~quotaon</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">16Turn disk quota on. Not that</pb>mount</tdb>and <~~td width="7%"~~b>start</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl chkpnt~~quotaoff</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">17Turn disk quota off. Not that</pb>umount</tdb>and <~~td width="7%"~~b>stop</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl restore~~quotainit</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">18Initialize disk quota (i.e. run</pb>vzquota init</tdb>) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|<~~td width="7%"~~b>ctid.conf</tdb>(5)]].<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error from~~ ~~setluid()~~exec ~~syscall~~</pi>CTIDcommand</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">Executes 20command</pi> in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If command</tdi>is <~~td width="7%"~~b>-</tdb>, commands are read fromstdin.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Invalid command line parameter~~</pb>exec2</tdb><~~/tr~~i>CTIDcommand<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">21The same as </pb>exec</tdb>, butreturn code is that of <~~td width="7%"~~i>command</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Invalid value for command line parameter~~</pb>runscript</tdb><~~/tr~~i>CTIDscript<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">22Run specified shell script inthe container. Argument </pi>script</tdi>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as<~~td width="7%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container root directory (~~~~VE_ROOT~~enter~~) not set~~CTID</pi>[--exec</tdb><~~/tr~~i>command<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>arg</tdi>...]]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use 23ssh</pb>(1).</tdp> <~~td width~~p style="7margin-left:17%; margin-top: 1em">Option--exec</tdb>is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec can not beused) and for some reason you can not use <~~td width="78%"~~b>ssh(1).

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory~~ You need to logout manually from the shell to finish session (even if youspecified ~~VE_PRIVATE~~--exec) ~~notset~~.</p~~> </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~>

<pstyle="margin-left:11%;">24console</pb> CTID</tdi>[<~~td width="7%"~~i>ttynum</tdi>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum~~Container template directory~~ argument is tty number (such as~~TEMPLATE~~4~~) notset~~for </pb> tty4</tdb>), default is <~~/tr~~b>1<~~tr valign="top" align="left"~~/b>which is usedfor container’s <~~td width="11%"~~b>/dev/console</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">28Note theconsoles are persistent, meaning that: </pbr>• it can be attached to even if the container is notrunning; <~~/td~~br>• there is no automatic detachment upon the containerstop; <~~td width="7%"~~br>• detaching from the console leaves anything running inthis console as is.</~~td><td width="78%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~Not all required UBC parameters~~ The followingescape sequences are ~~set, unable to startcontainer~~recognized by </pb> vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.</trp> <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">•<~~td width="11%"~~b>Esc then .</tdb>to detach from the console.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">29•</pb>Esc</tdb>then <~~td width="7%"~~b>!</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="78%"~~/p>

~~OS template is not specified, unable to createcontainer </td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Other options ===~~"4%">~~

<p~~>31</td><td width~~style="7margin-left:11%;">--help</tdb><~~td width="78%"~~/p>

<p~~>Container not running</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints help message with a~~<td width="11%">~~brief list of possible options.</~~td><td width="4%"~~p>

<p~~>32</td><td width~~style="7margin-left:11%;">--version</tdb><~~td width="78%"~~/p>

<p~~>Container already running</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints <~~td width="11%"~~b>vzctl</tdb>version.<~~td width="4%"~~/p>

~~33</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~ACTION SCRIPTS ==

<pstyle="margin-left:11%; margin-top: 1em">~~Unable~~ vzctlhas an ability to ~~stop~~ execute user-defined scripts when aspecific vzctl command is run for a container. Thefollowing vzctl</pb> commands can trigger execution ofaction scripts: start, stop</tdb>, restart</trb>,<~~tr valign="top" align="left"~~b>mountand <~~td width="11%"~~b>umount</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the 34/etc/vz/conf/</pb> directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~td width="7%"~~i>CTID.</tdb>numeric prefix andare executed for the given container only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Unable to add IP address to container~~Please notescripts are executed in a host system (CT0) context, withthe exception of .start</pb> and .stop</tdb>scripts,which are executed in a container context.</trp> <~~tr valign~~p style="margin-left:11%; margin-top: 1em" ~~align="left"~~>The followingaction scripts are currently defined: vps.premount, CTID<~~td width="11%"~~b>.premount</tdb><~~td width="4%"~~/p>

<p~~>40</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container not mounted~~</pb>vps.mount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.mount</tdb><~~td width="4%"~~/p>

<p~~>41</td><td width~~style="7margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as .premount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container already mounted~~</pi>CTID</tdi><~~/tr~~b>.start<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>43</td><td width~~style="7margin-left:22%;">Right after vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container private area not found~~</pi>CTID</tdi><~~/tr~~b>.stop<~~tr valign="top" align="left"><td width="11%"~~/b></~~td><td width="4%"~~p>

<p~~>44</td><td width~~style="7margin-left:22%;">Right before vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container private area already exists~~</pb>vps.umount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.umount</tdb><~~td width="4%"~~/p>

<p~~>46</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Not enough disk space~~</pb>vps.postumount</tdb>,<~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.postumount</tdb><~~td width="4%"~~/p>

<p~~>47</td><td width~~style="7margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as .umount</tdb>scripts.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Bad/broken container (~~The environmentpassed to all the ~~/sbin/init~~*mount orscripts is the standardenvironment of the parent (i.e. ~~/bin/sh~~vzctl ~~not found~~)with twoadditional variables: $VEID</pb>and <~~/td~~b>$VE_CONFFILE</trb>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.~~<tr valign="top" align="left">~~If the script needs to get other CT configurationparameters, such as <~~td width="11%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">48Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /petc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount.</tdp> <~~td width~~pre style="7margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</tdpre> == EXIT STATUS == <~~td width~~p style="78margin-left:11%; margin-top: 1em">Returns 0 uponsuccess, or an appropriate error code in case of anerror:

<~~p>Unable to create a new container private area</td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

491</td>

~~Unable~~ Failed to ~~create~~ set a ~~new container root area~~UBC parameter</td></tr>

502</td>

~~Unable~~ Failed to ~~mount container~~set a fair scheduler parameter</td></tr>

513</td>

~~Unable to unmount container~~Generic system error</td></tr>

525</td>

~~Unable to delete a container~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr>

536</td>

~~Container private area not exist~~Not enough system resources</td></tr>

607</td>

~~vzquota on~~ENV_CREATE ioctl failed</td></tr>

618</td>

Command executed by ~~vzquota init~~vzctl exec ~~failed~~returned non-zeroexit code</td></tr>

629</td>

Container is locked by another ~~vzquota setlimit~~vzctl ~~failed~~invocation</td></tr>

6310</td>

~~Parameter~~ Global OpenVZ configuration file [[Man/vz.conf.5|~~DISKSPACE~~vz.conf (5)]] not ~~set~~found</td></tr>

6411</td>

~~Parameter DISKINODES~~ A vzctl helper script file not ~~set~~found</td></tr>

6512</td>

~~Error setting second-level (ugid) quota~~Permission denied</td></tr>

6613</td>

~~vzquota off~~ Capability setting failed</td></tr>

6714</td>

~~ugid quota~~ Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] not ~~initialized~~found</td></tr>

7115</td>

~~Incorrect IP address format~~Timeout on vzctl exec</td></tr>

7416</td>

Error ~~changing password~~during vzctl suspend</td></tr>

7817</td>

~~IP address already in use~~Error during vzctl resume</td></tr>

7918</td>

~~Container action script returned an error~~Error from setluid() syscall</td></tr>

8220</td>

~~Config file copying error~~Invalid command line parameter</td></tr>

8621</td>

~~Error setting devices (--devices or--devnodes)~~Invalid value for command line parameter </td></tr>

8922</td>

~~IP address~~ Container root directory (VE_ROOT) not ~~available~~set</td></tr>

9123</td>

~~OS template~~ Container private directory (VE_PRIVATE) not ~~found~~set</td></tr>

~~100~~24</td>

~~Unable to find container IP address~~Container template directory (TEMPLATE) notset</td></tr>

~~104~~28</td>

~~VE_NETDEV ioctl error~~Not all required UBC parameters are set, unable to startcontainer</td></tr>

~~105~~29</td>

~~Container start disabled~~OS template is not specified, unable to createcontainer</td></tr>

~~106~~31</td>

~~Unable to set iptables on a~~ Container not running ~~container~~</td></tr>

~~107~~32</td>

~~Distribution-specific configuration file not found~~Container already running</td></tr>

~~109~~33</td>

Unable to ~~apply a config~~stop container</td></tr>

~~129~~34</td>

Unable to ~~set meminfo parameter~~add IP address to container</td></tr>

~~130~~40</td>

~~Error setting veth interface~~Container not mounted</td></tr>

~~131~~41</td>

~~Error setting container name~~Container already mounted</td></tr>

~~133~~43</td>

~~Waiting for container start failed~~Container private area not found</td></tr>

~~139~~44</td>

~~Error saving container configuration file~~Container private area already exists</td></tr>

~~148~~46</td>

~~Error setting container IO parameters (ioprio)~~Not enough disk space</td></tr>

~~150~~47</td><td width="7%"></td><td width="78%"> Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 48</td>

~~Ploop image file not found~~Unable to create a new container private area</td></tr>

~~151~~49</td>

~~Error creating ploop image~~Unable to create a new container root area</td></tr>

~~152~~50</td>

~~Error mounting ploop image~~Unable to mount container</td></tr>

~~153~~51</td>

~~Error unmounting ploop image~~Unable to unmount container</td></tr>

~~154~~52</td>

Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td><td width="7%"></td><td width="78%"> Error resizing ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr>

~~158~~166</td>

Error ~~deleting~~ compacting ploop ~~snapshot~~image</td></tr>

~~159~~167</td>

Error ~~switching~~ listing ploop ~~snapshot~~snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools