Changes

← Older edit

Man/vzctl.8

16,263 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID --parameter value [...]~~~~</td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] snapshot CTID

[--id uuid]

[--name name]

[--description desc][--skip-suspend] [--skip-config] </td></tr>

[flags] snapshot-switch CTID[--skip-resume |--must-resume][~~snapshot~~-~~delete~~ -skip-config] --id uuid</td></tr>

[flags] snapshot-~~list~~delete CTID--id uuid</td></tr>

[flags] ~~set~~snapshot-mount CTID ~~--parameter value[...]~~ [--~~save~~id~~] [~~<bi>~~--force~~uuid</bi>][--~~setmode restart~~target|<bi>~~ignore~~dir</bi>] </td></tr>

[flags] ~~convert~~snapshot-list CTID[-~~-layout ploop~~H] [:-o{<bi>field[,~~expanded~~field</bi>|...][~~plain~~--id|<bi>~~raw~~uuid</bi>}]] </td></tr>

[flags] ~~exec~~set | CTID --parameter value[...] [~~exec2~~--save ] [--force<i/b>~~CTID~~]~~command~~[--setmode restart</ib> [|<ib>~~arg~~ignore</ib> ~~...~~]</td></tr>

[flags] ~~enter~~set CTID[--~~exec ~~reset_ub~~command [arg ...]]~~ </td></tr>

[flags] ~~--help~~console | <bi>CTID[~~--version~~ttynum</bi>]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] convert CTID[--~~left:11%~~layout  ~~margin-top~~ploop[: ~~1em"~~{expanded|plain~~Utility~~|~~vzctl~~raw ~~runs on the host system (otherwise known as~~}]] </td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] exec | exec2 CTIDcommand~~, and can be used with any command~~ [arg ... ~~They affect~~]</td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [<bi>~~VERBOSE~~flags</bi> ~~parameter in theglobal configuration file [[Man/vz.conf.5|~~] ~~vz.conf~~runscript~~(5)]], or to~~ <bi>0CTID script</bi>~~if not set by~~ <b/p>~~VERBOSE~~</btd> ~~parameter.~~ ~~=== Setting container parameters ===~~ ~~<table width="100%" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"~~tr>

~~set~~vzctl</td>

<td width="8380%"> --help | --version</td></tr></table> == DESCRIPTION ==

~~CTID~~Utility[~~--onboot yes~~vzctl~~|no]~~runs on the host system (otherwise known as~~[--bootorder number]~~Hardware Node, or HN) and performs direct manipulations with~~[--root ~~containers (CTs).</bp>~~path][--private path]~~[<~~b>-~~p style="margin-~~userpasswd user~~left:~~pass][--disabled&nbsp~~11%;~~yes|no][~~margin-~~-name </b~~top: 1em">~~name]~~Containers can~~[--description ~~be referred to by either numeric ~~string][--ipadd addr][--ipdel addr|all][--hostname ~~CTID</~~b><~~i>or by name~~][--nameserver addr]~~(see[--~~searchdomain ~~name~~][--netif_add ~~~~dev[,params.~~option).~~.]][--netif_del~~Note that CT ID &~~nbsp~~lt;~~dev|all]~~= 100 are~~[--ifname dev~~reserved for OpenVZ internal purposes. A numeric ID should[not be more than ~~--mac ~~2147483644~~hwaddr~~.</ip>]~~[--host_ifname dev][--host_mac hwaddr]~~== OPTIONS ==~~[--bridge name][--mac_filter on|off]]~~=== Flags ===~~[--numproc items]~~[p style="margin-~~-numtcpsock items</i~~top: 1em">]These flags come before a~~[--numothersock items]~~command, and can be used with any command. They affect~~[--vmguarpages pages]~~logging to console (terminal) only, and do not affect~~[--kmemsize ~~logging to a log file.</bp>~~bytes][--tcpsndbuf bytes]~~[p style="margin-~~-tcprcvbuf&nbsp~~left:11%;~~</b~~">~~bytes]~~[--~~othersockbuf ~~quiet~~bytes~~</ip>]~~[--dgramrcvbuf bytes]~~[p style="margin-~~-oomguarpages&nbsp~~left:17%;~~</b~~">~~pages]~~Disables output. Note that~~[--lockedpages pages]~~scripts run by vzctl are still able to produce some~~[--privvmpages ~~output.</bp>~~pages][--shmpages pages]~~[p style="margin-~~-numfile&nbsp~~left:11%;~~items</i~~">][--~~numflock ~~verbose~~items~~</ip>]~~[--numpty items]~~[p style="margin-~~-numsiginfo&nbsp~~left:17%;~~</b~~">~~items]~~Increments logging level up~~[--dcachesize bytes][--numiptent num][--physpages pages][--swappages pages][--ram bytes][--swap bytes]~~from the default. Can be used multiple times. Default value~~[--cpuunits num][--cpulimit num][--cpus num][--cpumask cpus|all][--meminfo none|mode:~~is set to the value~~]~~[of ~~--iptables ~~VERBOSE~~name]~~parameter in theglobal configuration file [~~--netdev_add ifname]~~[~~--netdev_del <~~Man/~~b>ifname][--diskquota yes~~vz.conf.5|~~no][--diskspace ~~vz.conf~~num~~(5)]~~[--diskinodes num~~][, or to ~~--quotatime ~~0~~seconds]~~[if not set by ~~--quotaugidlimit ~~VERBOSE~~num~~parameter.</ip>]~~[--noatime yes|no][--capability capname:on|off]~~=== Setting container parameters ===~~[--devnodes param]~~[<~~b>--devices param]~~table width="100%" border="0" rules="none" frame="void"~~[--pci_add dev][--pci_del dev][--features param:on|off][--applyconfig name][--applyconfig_map group][--ioprio num] [--save][--force][--setmode restart|ignore] </td></tr~~ cellspacing="0" cellpadding="0">

set</td>

<pstyle="margin-top: 1em">~~This command sets various container parameters.~~CTID</pi>[--onboot yes</tdb>|no</trb>][--bootorder number</~~table~~i>][--root path][<~~p style="margin~~b>--~~left:17%~~private  ~~margin~~path][--~~top: 1em"~~mount_opts options~~If a~~][--~~save~~userpasswd  ~~flag is given, parameters are saved in~~user:pass]~~container configuration file~~ [~~[Man~~--disabled yes</~~ctid.conf.5~~b>|~~ctid.conf~~no~~(5)~~][--name name]~~. Use~~[--~~force~~description  ~~to save the parameters even if the current~~string]~~kernel doesn~~[--ostemplate&~~rsquo~~nbsp;~~t support OpenVZ.~~</pb>string][--stop-timeout seconds][<~~p style="margin~~b>--~~left:17%~~ipadd  ~~margin~~addr][--~~top: 1em"~~ipdel addr|all~~If the~~]~~container is currently running,~~ [~~vzctl~~--hostname  ~~applies these~~name]~~parameters to the container.~~[--nameserver addr</pi>][--searchdomain name][<~~p style="margin~~b>--~~left:17%~~netif_add  ~~margin~~dev[,params...]][--~~top: 1em"~~netif_del dev|all~~Note that a few~~]~~parameters can only be applied by restarting the container.~~[--ifname dev~~By default,~~ [~~vzctl~~--mac  ~~warns if such parameters are~~hwaddr]~~present and a container is running. Use~~ [--~~setmode~~host_ifname dev]~~restart~~[--host_mac  ~~to restart a container in such a case, or~~hwaddr][--~~setmode ignore~~bridge  ~~to suppress the above mentioned~~name]~~warning.~~[--mac_filter on|off</pb>]][--numproc items][<~~p style="margin~~b>--~~left:17%~~numtcpsock  ~~margin~~items][--~~top: 1em"~~numothersock items~~The following~~]~~parameters can be used with~~ [~~set~~--vmguarpages  ~~command.~~pages</pi>][--kmemsize bytes]~~==== Miscellaneous ====~~[--tcpsndbuf bytes][--tcprcvbuf bytes][<~~p style="margin~~b>--~~left:11%~~othersockbuf "bytes][--~~onboot yes~~dgramrcvbuf  |bytes][no--oomguarpages pages</pi>][--lockedpages pages][<~~p style="margin~~b>--~~left:17%~~privvmpages "pages~~Sets whether the container will~~]~~be started during system boot. The container will not be~~[--shmpages pages]~~auto~~[--~~started unless this parameter is set to~~ numfile items][~~yes~~--numflock .items</pi>][--numpty items][<~~p style="margin~~b>--~~left:11%~~numsiginfo "items][--~~bootorder~~dcachesize bytes][--numiptent num~~number~~][--physpages pages</pi>][--swappages pages][<~~p style="margin~~b>--~~left:17%~~ram "bytes~~Sets the boot order priority~~]~~for this CT. The higher the~~ [--swap ~~number~~bytes ~~is, the earlier in~~]~~the boot process this container starts. By default this~~[--vm_overcommit float]~~parameter is unset, which is considered to be the lowest~~[--cpuunits num]~~priority, so containers with unset~~ [~~bootorder~~--cpulimit  ~~will~~num]~~start last.~~[--cpus num</pi>][--cpumask cpus|auto|all][<~~p style="margin~~b>--~~left:11%~~nodemask "nodes|all][--~~root~~meminfo none |~~path~~mode:value</pi>][--iptables name[,...]][<~~p style="margin~~b>--~~left:17%~~netfilter "disabled|stateless|stateful|full~~Sets the path to root directory~~]([~~VE_ROOT~~--netdev_add ~~) for this container. This is essentially a~~ifname]~~mount point for container~~[--netdev_del&~~rsquo~~nbsp;~~s root directory. Argument~~ifname]~~can contain literal string~~ [--diskquota yes|~~$VEID~~no~~, which will be~~]~~substituted with the numeric CT ID.~~[--diskspace num</pi>][--diskinodes num][<~~p style="margin~~b>--~~left:11%~~quotatime "seconds][--~~private~~quotaugidlimit num][--capability ~~path~~capname:on</pb>|off[,...]][--devnodes param][<~~p style="margin~~b>--~~left:17%~~devices "param~~Sets the path to private~~]~~directory (~~[~~VE_PRIVATE~~--pci_add ~~) for this container. This is a~~dev]~~directory in which all the container~~[--pci_del&~~rsquo~~nbsp;~~s files are~~dev]~~stored. Argument can contain literal string~~ [--features name:on|~~$VEID~~off[,...]]~~which will be substituted with the numeric CT ID.~~[--applyconfig name</pi>][--applyconfig_map group][<~~p style="margin~~b>--~~left:11%~~ioprio "num][--~~userpasswd~~iolimit ~~user~~mbps:][--iopslimit ~~password~~iops] [--save</pb>][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%;">~~Sets password for the givenuser in a~~ This command sets various container~~, creating~~ parameters. If the ~~user if it does notexists. Note that this option~~ container is ~~not saved in configurationfile at all (so~~ currently running, ~~--save~~vzctl ~~flag is useless), it is~~applies these~~applied~~ parameters to the container ~~(by modifying its~~ . The following options can beused with set</~~etc~~b> command.</~~passwd and~~p></~~etc~~td></~~shadow files).~~tr></ptable>

~~In casecontainer root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~=== Flags ====

-~~top: 1em"~~-save~~Note thatcontainer should be created before using this option.~~

~~--disabled yes<~~If this flag is given,parameters are saved in container configuration file[[Man/b> ctid.conf.5|noctid.conf(5)]].

~~Disable container start. Toforce the start of a disabled container, use~~ ~~vzctl start~~--force.

If this flag is given togetherwith --~~name~~save , parameters are saved even if the currentkernel doesn’t support OpenVZ. Note this flag does notmake sense without --save, so <ib>~~name~~--save</ib>isrequired.

~~Add a name for a container. Thename can later be used in subsequent calls to~~~~vzctl~~--reset_ub ~~in place of CTID.~~

If this flag is given,~~--description~~vzctlapplies all User Beancounter parameters from<the configuration file to a running container. This ishelpful in case configuration file is modified manually.Please note this flag is exclusive, i~~>string~~.e. it can not becombined with any other options or flags.

~~Add a textual description for a~~--setmode restart |~~container.~~ignore

A few parameters can only beapplied by restarting the container. By default,vzctl prints a warning if such parameters aresupplied and a container is running. Use --setmoderestart together with --save flag to restart acontainer in such a case, or --setmode ignore tosuppress the warning.

~~--ipadd addr~~=== Miscellaneous ====

~~Adds an IP address~~ <ib>~~addr~~--onboot yes</ib>|~~to a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g.~~ ~~10.1.2.3/25~~no).~~Note that this option is incremental, so addr areadded to already existing ones.~~

Sets whether the container willbe started during system boot. The container will be startedon boot by ~~--ipdel~~vz initscript if either this parameter isset to <ib>~~addr~~yes</ib> |, or the container was running just beforelast reboot, and this parameter is not set to ~~all~~no.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

~~Removes IP address~~ <ib>~~addr~~--bootorder</ib>~~from a container. If you want to remove all the addresses,use~~ <bi>~~--ipdel all~~number</bi>.

Sets the boot order priorityfor this CT. The higher the number is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset bootorder willstart last. --~~hostname~~root~~name~~path

Sets the path to root directory(VE_ROOT) for this container ~~hostname~~.This is essentially amount point for container’s root directory. Argumentcan contain literal string ~~vzctl~~$VEID ~~writes it to~~ , which will besubstituted with the ~~appropriate file inside acontainer (distribution-dependent)~~numeric CT ID.

--~~nameserver~~private~~addr~~path

Sets ~~DNS server IP address fora container. If you want~~ the path to ~~set several nameservers, you~~private~~should do it at once, so use~~ directory (~~--nameserver~~VE_PRIVATE ~~option~~) for this container. This is a~~multiple times~~ directory in ~~one call to vzctl, as~~ which all the ~~name~~container’s files are~~server values set in previous calls to~~ stored. Argument can contain literal string ~~vzctl~~$VEID ~~are~~,~~overwritten~~which will be substituted with the numeric CT ID.

--~~searchdomain~~mount_opts~~name~~option[,option...]

Sets ~~DNS search domains~~ additional mount optionsfor acontainerfile system. ~~If you want to set several search domains, youshould do it at once, so use~~ Only applicable for ~~--searchdomain~~ploop ~~optionmultiple times in one call to vzctl~~layout, ~~as all thesearch domain values set in previous calls to vzctlare overwritten~~ignored otherwise.

--~~netif_add~~userpasswd~~ifname[~~user,:~~mac,host_ifname,host_mac,bridge]~~password

~~Adds a virtual Ethernet device~~Sets password for the given~~(veth) to~~ user in a ~~given~~ container, creating the user if it does notexists. ~~Here ifname~~ Note that this option is ~~the~~not saved in configuration~~Ethernet device name in the container,~~ file at all (so <ib>~~mac~~--save</ib> flag is ~~its MACaddress~~useless), ~~host_ifname~~ it is ~~the Ethernet device name on~~applied directly to the ~~host~~container, ~~and host_mac is its MAC address. MAC~~by running~~addresses should be in~~ distribution-specific programs inside the ~~format like XX:XX:XX:XX:XX:XX~~container.~~bridge~~ It is ~~an optional parameter which can be used incustom network start scripts to automatically add theinterface~~ not recommended to ~~a bridge. All parameters except ifnameare optional and are automatically generated if not~~combine this option with any other~~specified~~options.

~~--netif_del~~In casecontainer was not running, it is automatically started then~~dev_name | ~~all~~~~the appropriate changes are applied, then it isstopped.

~~Removes virtual Ethernet device~~Note that~~from a~~ container~~. If you want to remove all devices, useall~~should be created before using this option.

--disabled yes |no

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface~~Disable container start. To ~~select~~ force the ~~interface toconfigure~~start of a disabled container, use vzctl start--~~ifname~~force ~~name option~~. ~~ --mac XX:XX:XX:XX:XX:XX~~

~~MAC address of interface insidea container.~~--name name

Add a name for a container. Thename can later be used in subsequent calls to~~--host_ifname~~vzctlin place of ~~name~~CTID. Note this option cannot be used without --save.

~~interface name for virtual~~--description~~interface in the host system.~~string

~~--host_mac~~Add a textual description for a~~XX:XX:XX:XX:XX:XX~~container.

~~MAC address of interface in the~~--ostemplate~~host system.~~string

Sets a new value of~~--bridge~~OSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf (5)]]. Requires <ib>~~name~~--save</ib>flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.

~~Bridge name. Custom network~~--stop-timeout~~start scripts can use this value to automatically add theinterface to a bridge.~~seconds

Sets a time to wait forcontainer to stop on ~~--mac_filter on~~vzctl stop |before forciblykilling it, in seconds. Note this option can not be usedwithout ~~off~~--saveflag.

~~Enables/disables MAC addressfiltering for the Container veth device and the possibility~~Special valueof ~~configuring the MAC address of this device from insidethe Container. If the filtering is turned on:~~ <brb>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ 0<br/b>~~• it is impossible~~ means to ~~modify the veth MAC address frominside the Container~~use compiled-in default.

~~By default,this functionality is enabled for all veth devices existinginside the Container.~~=== Networking ====

--ipadd addr

~~The following~~Adds an IP address addr~~options sets memory and swap limits for VSwap-enabled~~to a given container. Address can optionally have a netmask~~kernels~~ specified in the CIDR notation (~~kernel version 042stab042 or greater~~e.g. 10.1.2.3/25).Note that this option is incremental, so addr areadded to already existing ones.

-~~top: 1em"~~-ipdel addr~~Argument is in~~|~~bytes, unless otherwise specified by an optional suffix.Available suffixes are:~~all

~~•~~Removes IP address <bi>Taddr</~~b>, t - terabytes; <br~~i>~~• G~~from a container. If you want to remove all the addresses, ~~g - gigabytes; •~~ use <~~b>M, m</~~b> - ~~megabytes; • K, k~~ - ~~kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • B~~ipdel all~~, b - bytes~~. ~~ --ram bytes~~

~~Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting~~ --~~physpages~~hostname ~~limit (the barrier is set to0).~~name

Sets container hostname.~~--swap~~vzctl ~~bytes~~writes it to the appropriate file inside acontainer (distribution-dependent).

~~Set swap space available to acontainer. Actually, the option is a shortcut for setting~~--~~swappages~~nameserver ~~limit (the barrier is set to 0).~~addr

~~Here is an~~Sets DNS server IP address for~~example of setting~~ a container ~~777~~ . If you want to set several nameservers, youshould do it at once, so use --nameserver optionmultiple times in one call to ~~have 512 megabytes of~~vzctl, as all the nameserver values set in previous calls to vzctl are~~RAM and 1 gigabyte of swap:~~overwritten.

<~~pre~~ p style="margin-left:1117%;margin-top: 1em"> ~~vzctl set 777~~ A special valueof inherit can be used to auto-~~-ram 512M --swap 1G --save~~propagate nameservervalue(s) from the host system’s/etc/resolv.conf file.</~~pre~~p>

--searchdomainname

Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use --~~top: 1em"~~searchdomain optionmultiple times in one call to vzctl~~The following~~, as all the~~options sets barrier and limit for various user~~search domain values set in previous calls to vzctl~~beancounters~~are overwritten.

~~Note that for~~A special value~~VSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set~~ of ~~--ram~~inherit ~~and~~can be used to auto-propagate searchdomain value(s) from the host system’s~~--swap~~/etc/resolv.conf ~~(see above). For older kernels, these limitsare obligatory~~file.

~~Each optionrequires one or two arguments. In case of one argument,~~~~vzctl~~--netif_add ~~sets barrier and limit to the same value. Incase of two colon-separated arguments~~ifname[, ~~the first is abarrier~~mac, ~~and the second is a limit. Each argument is eithera number~~host_ifname, ~~a number with a suffix~~host_mac, ~~or a special value~~<bi>~~unlimited~~bridge]</bi>.

~~Arguments are~~Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in ~~items~~the container, ~~pages or bytes. Note that page size~~ mac isits MAC~~architecture-specific~~address, it host_ifname is ~~4096 bytes~~ the Ethernet device name on ~~x86~~ the host, and ~~x86_64~~host_mac is its MAC address. MAC~~platforms~~addresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified. --netif_deldev_name | all

~~You can also~~Removes virtual Ethernet device~~specify different suffixes for User Beancounter parameters(except for those which names start with num)~~from a container. ~~Forexample~~If you want to remove all devices, ~~vzctl set CTID --privvmpages~~use~~5M:6M should set~~ ~~privvmpages~~all~~’ barrier to 5megabytes and its limit to 6 megabytes~~.

~~Availablesuffixes are:~~=== veth interface configuration ====

~~•~~The following~~T, t~~ options can be used to reconfigure the already- ~~terabytes; ~~createdvirtual Ethernet interface. To select the interface to~~• G~~configure, use g--ifname ~~- gigabytes;~~ <bri>~~• M~~name</~~b>, <b~~i>moption. ~~- megabytes;~~ ~~• K~~--mac, <bi>kXX:XX:XX:XX:XX:XX</bi> ~~- kilobytes;~~ <br/p>~~•~~ <~~b>P, ~~p~~ - memory pages (arch~~style="margin-~~specific,usually 4KB)~~left:22%; ~~<br~~">MAC address of interface inside~~• B, b - bytes~~a container.

~~You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value.~~ ~~ ~~--~~numproc~~host_ifname ~~items[:items~~name]

~~Maximum number of processes and~~interface name for virtual~~kernel-level threads. Setting~~ interface in the ~~barrier and the limit todifferent values does not make practical sense~~host system.

--~~numtcpsock~~host_mac~~items[~~XX:XX:XX:XX:XX:~~items~~XX]

~~Maximum number~~ MAC address of ~~TCP sockets.This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle~~ interface in ~~parallel. Setting the barrier and~~ the ~~limit todifferent values does not make practical sense~~host system.

~~--numothersock~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here~~items[~~(FE:FF:FF:FF:FF:~~items]~~FF).

~~Maximum number of non~~-~~TCPsockets (local sockets, UDP and other types of sockets).Setting the barrier and the limit to different values doesnot make practical sense.~~-bridge name

~~--vmguarpages~~Bridge name. Custom networkstart scripts can use this value to automatically add the~~pages[:pages]~~interface to a bridge.

~~Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;~~--mac_filter on |~~it should be set to~~ ~~unlimited~~off.

~~--kmemsize<~~Enables/b>disables MAC address~~bytes[:bytes]~~filtering for the Container veth device and the possibility ~~Maximum amount~~ of ~~kernel memory~~configuring the MAC address of this device from inside~~used~~the Container. ~~This parameter~~ If the filtering is ~~related to~~ turned on: <bbr>~~--numproc. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consume~~• the veth device accepts only those packets that havea ~~bit more. It is important~~ MAC address in their headers corresponding to ~~have a certain safety gapbetween the barrier and the limit~~ that of this ~~parameter: equalbarrier~~ device (excluding all broadcast and ~~limit may lead to the situation where the kernel~~multicast packets); ~~will need to kill container~~&~~rsquo~~bull;~~s applications~~ it is impossible to ~~keep~~ modify theveth MAC address from~~kmemsize usage under~~ inside the ~~limit~~Container.

~~--tcpsndbuf~~By default,this functionality is enabled for all veth devices existing~~bytes[:bytes]~~inside the Container.

~~Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied by 2.5KB.~~=== VSwap limits ====

~~~~The followingoptions sets memory and swap limits for VSwap-~~-tcprcvbuf~~enabled~~bytes[:bytes]~~kernels (kernel version 042stab042 or greater).

~~Maximum size of TCP receive~~Argument is in~~buffers. Barrier should be not less than 64 KB~~bytes, ~~anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied~~ unless otherwise specified by 2an optional suffix.5~~KB.~~Available suffixes are:

•T, t - terabytes; • G, g - gigabytes; • M, m-megabytes; • K, k -~~othersockbuf~~kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • B, <ib>b- bytes(this is the default). --ram</ib>[:bytes]

~~Maximum size of other~~ Sets physical memory (~~non-TCP~~RAM)~~socket send buffers~~available to a container. ~~If container’s processes needs tosend very large datagrams~~Actually, the ~~barrier should be set~~option is a shortcut~~accordingly. Increased~~ for setting --physpages limit (the barrier is ~~necessary for high~~set to~~performance of communications through local (UNIX-domain~~0)~~sockets~~.

--~~dgramrcvbuf~~swapbytes~~[:bytes]~~

~~Maximum size of other~~ Set swap space available to acontainer. Actually, the option is a shortcut for setting--swappages limit (~~non~~the barrier is set to 0). --vm_overcommitfloat Set VM overcommitment value tofloat. If set, it is used to calculateprivmmpages parameter in case it is not setexplicitly (see below). Default value is 0, meaning~~socket receive buffers~~unlimited privvmpages. ~~If container&rsquo~~ vzctlchecks if running kernel is VSwap capable, and refuses to ~~receive very large datagrams~~use these parameters otherwise. This behavior can beoverriden by using --force flag beforeparameters. In VSwap mode, ~~the barrier should be~~ all beancounters other than RAM and swap become optional.Note though that if some optional beancounters are not set,~~accordingly. The difference between the barrier~~ they are calculated and set by vzctl implicitly, using the~~limit is not needed.~~following formulae:

--•lockedpages.barrier = oomguarpages.barrier = ram~~pages[:pages]~~

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof memory and swap space used by the container~~&~~rsquo~~bull;s~~processes~~lockedpages. ~~The barrier of this parameter is theout-of-memory guarantee. If the ~~limit = oomguarpages~~ usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-memory situations~~. ~~Themeaning of~~ limit ~~is currently unspecified; it should be setto ~~= unlimited.

~~--lockedpages~~•vmguarpages.barrier = vmguarpages.limit = ram + swap~~pages[:pages]~~

~~Maximum number of pagesacquired by~~ ~~mlock~~•privvmpages.barrier = privvmpages.limit = (ram + swap) *vm_overcommit~~(2).~~

(if~~--privvmpages~~vm_overcommitis <ib>~~pages~~0</ib>[:or not set,<ib>~~pages~~privvmpages</ib>]is set to "unlimited")

~~Allows controlling the amount~~Here is anexample of ~~memory allocated by the applications. For shared (mappedas MAP_SHARED) pages, each~~ setting container ~~really using amemory page is charged for the fraction~~ 777 to have 512 megabytes of ~~the page(depending on the number~~ RAM and 1 gigabyte of ~~others using it). For"potentially private" pages (mapped asMAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in~~ swap ~~or not physically allocated yet.~~:

~~The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the ~~ vzctl set 777 --ram 512M --swap 1G --~~vmguarpages guarantee.~~save</ppre>

~~--shmpagespages[:pages]~~=== User Beancounter limits ====

~~Maximum IPC SHM segment size.~~The following~~Setting the~~ options sets barrier and ~~the~~ limit ~~to different values does~~for various user~~not make practical sense~~beancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --~~numfile~~ramand<ib>~~items~~--swap</ib>~~[:items]~~(see above). For older kernels, these limitsare obligatory.

~~Maximum number~~ Each optionrequires one or two arguments. In case of ~~open files.~~one argument,~~In most cases the~~ vzctl sets barrier and ~~the~~ limit ~~should be set~~ to thesame value. ~~Setting~~ Incase of two colon-separated arguments, the first is abarrier to , and the second is a limit. Each argument is eithera number, a number with a suffix, or a special value0unlimited ~~effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise butcould slightly degrade file open performance~~.

~~-~~Arguments arein items, pages or bytes. Note that page size isarchitecture-~~numflock~~specific, it is 4096 bytes on x86 and x86_64~~items[:items]~~platforms.

~~Maximum number of file locks~~You can alsospecify different suffixes for User Beancounter parameters(except for those which names start with num).For~~Safety gap~~ example, vzctl set CTID --privvmpages5M:6M should ~~be between~~ set privvmpages’ barrier to 5megabytes and its limitto 6 megabytes.

~~--numpty~~Available~~items[~~suffixes are:~~items]~~

~~Number of pseudo~~•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k -~~terminals~~kilobytes; • P, p - memory pages (~~PTY~~arch-specific,usually 4KB); • B, b - bytes. ~~Note~~ You can alsospecify the literal word unlimited in place of anumber. In that ~~in OpenVZ each container~~ case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --numproc items[:items] Maximum number of processes andkernel-level threads. Setting the barrier and the limit todifferent values does not make practical sense. --numtcpsockitems[:items] Maximum number of TCP sockets.This parameter limits the number of TCP connections and,thus, the number of clients the server application can ~~have not morethan 255 PTYs~~handle in parallel. Setting the barrier and the limit to

different values does not make practical sense.

--~~numsiginfo~~numothersock

items[:items]

~~Number~~ Maximum number of ~~siginfo structures~~non-TCPsockets (local sockets, UDP and other types of sockets).

Setting the barrier and the limit to different values does

not make practical sense.

--~~dcachesize~~vmguarpagespages[:pages] Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to unlimited. --kmemsize

bytes[:bytes]

Maximum ~~size~~ amount ofkernel memory~~filesystem-related caches, such as directory entry and inodecaches~~used. ~~Exists as a separate~~ This parameter is related to ~~impose a limit~~--numproc. Each~~causing file operations to sense~~ process consumes certain amount of kernel memory ~~shortage and return~~- 16 KB at~~an errno to applications~~least, ~~protecting from memory shortages~~30-50 KB typically. Very large processes may consume~~during critical operations that should not fail~~a bit more. ~~Safety~~ It is important to have a certain safety gap~~should be~~ between the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep thekmemsize usage under the limit.

--~~numiptent~~tcpsndbuf~~num~~bytes[:~~num~~bytes]

~~Number~~ Maximum size of ~~iptables (netfilter)~~TCP send~~entries~~buffers. ~~Setting the~~ Barrier should be not less than 64 KB, anddifference between barrier and ~~the~~ limit should be equal to ~~different~~or~~values does not make practical sense~~more than value of numtcpsock multiplied by 2.5KB.

--~~physpages~~tcprcvbuf~~pages~~bytes[:~~pages~~bytes]

~~On VSwap-enabled kernels, thislimits the amount~~ Maximum size of ~~physical memory (RAM) available to a~~TCP receive~~container~~buffers. ~~The~~ Barrier should be not less than 64 KB, anddifference between barrier and limit should be ~~set~~ equal to ormore than value of 0numtcpsock~~, and thelimit to a total size of RAM that can be used used~~ multiplied by a2.5~~container~~KB.

~~For olderkernels, this is an accounting~~--~~only parameter, showing theusage of RAM by this container. Barrier should be set to~~othersockbuf<bi>0bytes</bi>~~, and limit should be set to~~ [:<bi>~~unlimited~~bytes</bi>.]

~~~~Maximum size of other (non-TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX-~~swappages~~domain)~~pages[:pages]~~sockets.

~~For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to~~ 0--dgramrcvbuf~~, and the limit to a total size of swap thatcan be used by a container.~~bytes[:bytes]

~~For older~~Maximum size of other (~~pre~~non-~~VSwap~~TCP) ~~kernels~~socket receive buffers. If container’s processes needsto receive very large datagrams, the ~~limit is used to show a total~~barrier should be set~~amount of swap space available inside the container~~accordingly. Thedifference between the barrier and the~~barrier of this parameter~~ limit is ~~ignored. The default value isunlimited, meaning total swap will be reported as~~0not needed.

--oomguarpagespages[:pages]

~~These~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amount~~parameters control CPU usage~~ of memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the oomguarpages<br/b>usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-~~cpuunits~~memory situations. Themeaning of limit is currently unspecified; it should be setto ~~num~~unlimited</ib>.

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--lockedpages ~~are not specified,default value of 1000 is used.~~pages[:pages]

~~You can set CPU~~Maximum number of pages~~weight for CT0 (host system itself) as well (use~~ acquired by ~~vzctlset 0 --cpuunits~~mlock ~~num). Usually, OpenVZ initscript~~(~~/etc/init.d/vz~~2) ~~takes care of setting this~~.

--~~cpulimit~~privvmpages~~num~~pages[:<bi>%pages</bi>]

~~Limit~~ Allows controlling the amountof ~~CPU usage for~~ memory allocated by theapplications. For shared (mappedas MAP_SHARED) pages, each container~~, in per cent. Note if~~ really using amemory page is charged for the fraction of the ~~computer has 2 CPUs, it~~page~~has total~~ (depending on the number of ~~200% CPU time~~others using it). ~~Default CPU limit is~~ For"potentially private" pages (mapped as0MAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be in~~(no CPU limit)~~memory, in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --~~cpus~~vmguarpages ~~num~~guarantee.

~~sets number of CPUs available~~--shmpages~~in the container.~~pages[:pages]

~~--cpumask cpus |~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values does~~all~~not make practical sense.

~~sets list of allowed CPUs forthe container. Input format is a comma~~-~~separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen~~-~~separated decimal numbers, the smallest and~~numfile~~largest bit numbers set in the range. For example, if youwant the container to execute on CPUs 0, 1, 2, 7, you shouldpass~~ <bi>~~0-2,7~~items</bi>~~. Default value is~~ [:<bi>~~all~~items</bi> ~~(thecontainer can execute on any CPU).~~]

~~==== Memory output parameters ====~~ ~~For~~Maximum number of open files.~~VSwap-enabled kernels (042stab042 or greater), this~~In most cases the barrier and the limit should be set to the~~parameter is ignored~~same value. ~~For older kernels, it controls~~ Setting the~~output of /proc/meminfo inside a container.~~ barrier to 0<br/b>effectivelydisables pre-~~-meminfo none~~charging optimization for this beancounter inthe kernel, which leads to the held value being precise butcould slightly degrade file open performance.

No --numflock</~~proc~~b>items</~~meminfo virtualization(the same as on host system).~~i>[:items]

~~--meminfo~~Maximum number of file locks.~~mode:value~~Safety gap should be between barrier and limit.

~~Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of~~ --~~swappages~~numpty~~parameter.~~items[:items]

~~You can use thefollowing modes for mode: ~~Number of pseudo-terminals~~• pages:value - sets total memory~~ (PTY). Note that inOpenVZ each container can have not more~~pages; ~~than 255 PTYs. Setting the barrier and the limit to~~• privvmpages:value - sets total memoryas privvmpages * value~~different values does not make practical sense.

--~~top: 1em"~~numsiginfo~~Default is~~<bi>items~~privvmpages~~[:1items</bi>] Number of siginfo structures.Setting the barrier and the limit to different values doesnot make practical sense.

--dcachesizebytes[:bytes]

~~~~Maximum size offilesystem-~~-iptables~~related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gap~~name~~should be between barrier and limit.

~~Allow to use the functionality~~--numiptentof ~~name~~num ~~iptables module inside the container. Tospecify multiple~~ [:~~name~~num~~s, repeat --iptables for each,or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces).~~]

~~The defaultlist~~ Number of ~~enabled~~ iptables ~~modules is specified by~~ (netfilter)entries. Setting the barrier and thelimit to different~~IPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]]~~values does not make practical sense.

~~You can use thefollowing values for name:~~ ~~iptable_filter~~--physpages,<bi>~~iptable_mangle~~pages</bi>, [:<bi>~~ipt_limit~~pages</~~b>,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner</b~~i>.]

On VSwap-enabled kernels, thislimits the amount of physical memory (RAM) available to acontainer. The barrier should be set to 0, and thelimit to a total size of RAM that can be used used by acontainer.

For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to~~--netdev_add~~0, and limit should be set to <ib>~~name~~unlimited</ib>.

~~move network device from the~~--swappages~~host system to a specified container~~pages[:pages]

For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to ~~--netdev_del~~0, and the limit to a total size of swap that~~name~~can be used by a container.

~~delete network device from~~ For older(pre-VSwap) kernels, the limit is used to show atotal~~specified~~ amount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value isunlimited, meaning total swap will be reported as0.

==== ~~Disk quota~~ CPU fair scheduler parameters ====

Theseparameters control CPU usage by container. --~~diskquota yes~~cpuunits |<bi>nonum</bi>

~~allows to enable or disabledisk quota~~ CPU weight for a container. ~~By default~~Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, ~~a global~~ themore CPU time this container gets. Maximum valueis 500000,~~(DISK_QUOTA) from [[Man/vz~~minimal is 8.~~conf~~Number is relative to weights of all the otherrunning containers.5|If ~~vz.conf~~cpuunits~~(5)]]~~ are not specified,default value of 1000 is used.

~~Note that this~~You can set CPU~~parameter is ignored~~ weight for CT0 (host system itself) as well (use ~~ploop~~vzctlset 0 --cpuunits ~~layout~~num). Usually, OpenVZ initscript(/etc/init.d/vz) takes care of setting this.

--~~diskspace~~cpulimitnum[:<ib>~~num~~%</ib>]

~~For~~ Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is ~~simfs~~0 ~~layout, setssoft and hard disk quota limits, in blocks. First parameteris soft limit, second is hard~~ (no CPU limit~~. One block is currentlyequal to 1Kb~~).

~~For~~~~ploop~~--cpus ~~layout, sets the size of the ploop image file,in kilobytes.~~num

~~Suffixes~~sets number of CPUs available~~G, M, K can also be specified (seeResource limits section for more info onsuffixes)~~in the container.

--~~diskinodes~~cpumask~~num~~cpus[:|<ib>auto | ~~num~~all</ib>]

~~sets soft~~ Sets list of allowed CPUs forthe container. Input format is a comma-separated list ofdecimal numbers and ~~hard disk quota~~/or ranges. Consecutively set bits are~~limits~~shown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in ithe range. For example, ifyou want the container to execute on CPUs 0, 1, 2, 7, youshould pass 0-~~nodes~~2,7. ~~First parameter~~ Default value is ~~soft limit~~all (thecontainer can execute on any CPU). If used with the--nodemask option, ~~second is~~value of auto assigns all~~hard limit~~CPUs from the specified NUMA node to a container.

--~~top: 1em"~~nodemask nodes~~Note that thisparameter is ignored for~~ | ~~ploop~~all ~~layout.~~

Sets list of allowed NUMA nodesfor the container. Input format is the same as for--~~quotatime~~cpumask. Note that --nodemask must be usedwith the <ib>~~seconds~~--cpumask</ib>option.

~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~=== Memory output parameters ====

~~Note that~~ ForVSwap-enabled kernels (042stab042 or greater), thisparameter is ignored ~~for~~ . For older kernels, it controls theoutput of /proc/meminfo inside a container. ~~ploop~~ --meminfo none ~~layout~~ No /proc/meminfo virtualization(the same as on host system). --meminfomode:value

Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of --~~quotaugidlimit~~swappages~~num~~parameter.

~~sets maximum number of~~You can use the~~user~~following modes for mode</~~group IDs~~ i>: • pages:value - sets total memory in ~~a container for which disk quota insidethe container will be accounted. If this~~ pages; • privvmpages:value ~~is set to~~ - sets total memoryas 0privvmpages~~, user and group quotas inside the container willnot be accounted~~* value.

~~Note that if~~Default is~~you have previously set value of this parameter to~~ 0privvmpages:1,~~changing it while the container is running will not takeeffect~~.

==== ~~Mount option~~ Netfilter (iptables) control parameters ====

--~~noatime yes~~netfilter disabled |nostateless|stateful|full

~~Sets noatime flag (do not~~Restrict access to~~update inode access times) on filesystem~~netfilter/iptables modules for a container. This optionreplaces obsoleted --iptables.

Note thatchanging this parameter requires container restart, soconsider using --setmode option ~~====~~.

~~--capability~~The following~~capname~~arguments can be used:~~on|~~<bbr>~~off~~• disabled

~~Sets a capability for acontainer. Note that setting capability when the containeris running does not take immediate effect; restart thecontainer in order for the changes to take effect. Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and" withthe default capability mask.~~no modules are allowed

~~You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see~~ ~~capabilities~~• stateless~~(7).~~

~~WARNING:~~all modules except NAT and~~setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou~~ conntracks are ~~doing~~allowed (i.e. ~~Also note that setting setpcap:on for~~filter and mangle); this is the~~a container will most probably lead to inability to startit.~~default

• stateful

~~--devnodes~~all modules except NAT are~~device:[r][w][q]|none~~allowed

<~~p style~~table width="~~margin-left:22~~100%;"~~>Give the container an access~~border="0" rules="none" frame="void"~~(r</b~~ cellspacing="0" cellpadding="0"> ~~- read, w - write, q - disk quotamanagement,~~ <btr valign="top" align="left">~~none - no access) to a device designatedby the special file /dev/~~<itd width="22%">~~device~~</itd>~~. Device file iscreated in a container by~~ <~~b>vzctl. Example:</p~~td width="9%">

<~~pre style~~p>• full</td><td width="~~margin-left:22~~1%;"> ~~vzctl set 777 --devnodes sdb:rwq~~</~~pre~~td><td width="36%">

--devicesb|c:major:minor|<b~~>allmodules are allowed</bp>~~:[r~~</btd>][<btd width="32%">w</~~b>][<b~~td>q</btr>~~]|none~~</~~b></ptable>

~~Give the container an access to~~a b--iptables~~lock or character device designated by its~~~~major~~name ~~and~~ [<ib>~~minor~~,</ib> ~~numbers~~. ~~Device file have tobe created manually~~..]

Note this option isobsoleted, --netfilter should be used instead.

~~--pci_add~~Allow to use[the functionality of ~~domain~~name:]iptables module inside thecontainer. Multiple comma-separated ~~bus:slot~~names can bespecified.~~func~~

~~Give~~ The defaultlist of enabled iptables modules is defined by the ~~container an access toa specified PCI device~~IPTABLES variable in [[Man/vz. ~~All numbers are hexadecimal (asprinted by~~ conf.5|~~lspci~~vz.conf(~~8) in the first column~~5)]].

You can use thefollowing values for name: iptable_filter,iptable_mangle, ipt_limit,~~--pci_del~~ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,[<ib>ip_nat_ftp, ip_nat_irc, ~~domain~~ipt_REDIRECT</ib>:],<ib>~~bus~~xt_mac</ib>:, <ib>~~slot~~ipt_recent</ib>., <ib>~~func~~ipt_owner</ib>.

~~Delete a PCI device from thecontainer.~~=== Network devices control parameters ====

~~Note that~~~~vps~~-~~pci~~-netdev_add ~~configuration script is executed by~~<bi>~~vzctl~~name</bi> ~~then configuring PCI devices. The script isusually located at~~ <b/p>~~/usr/lib[64]/vzctl/scripts/~~ </bp style="margin-left:22%;">.move network device from thehost system to a specified container

--netdev_delname

~~--features~~delete network device from a~~name:on|off~~specified container

~~Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit, ipip, ppp,ipgre, bridge, nfsd.~~=== Disk quota parameters ====

--diskquota yes |no

allows to enable or disabledisk quota for a container. By default, a global value(~~--applyconfig~~DISK_QUOTA) from [[Man/vz.conf.5|<ib>~~name~~vz.conf</ib>(5)]] is used.

Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve~~margin-~~</tt>name<tt>.conf-sample</tt>,and apply them, if --save option specified save tothe container config file. The following parameters are notchanged~~top: ~~HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT</b~~1em">~~, and~~Note that thisparameter is ignored for ~~VE_PRIVATEplooplayout.

--~~applyconfig_map~~diskspace~~group~~num[:num]

~~Apply container configparameters selected by group. Now the only possiblevalue for group is~~ For ~~name~~simfs~~: to restore container~~layout, sets~~name based on NAME variable in container~~soft and hard disk quota limits. First parameter is soft~~configuration file~~limit, second is hard limit.

Forploop layout, initiates the procedure of resizing theploop image file to the new size. Since there is nosoft/hard limit concept in ploop, second num, ifspecified, is ignored.</~~O priority management ====~~p>

By default,ploop resize is done online, i.e. on a mounted ploop. Thisis a preferred way of doing resize. Although, in a rare casea container was using lots of disk space and should now beresized to a much smaller size, an offline resize might bemore appropriate. In this case, make sure the container isstopped and unmounted and use additional--~~ioprio~~offline-resize~~priority~~option

~~Assigns I/O priority to~~Note that ploopresize is NOT performed on container~~. Priority range is~~ start, so forconsistency 0-7-diskspace~~. The greaterpriority is, the more time for I/O activity containerhas. By default each container has priority of~~must be used together with4--saveflag.

SuffixesG, M, K can also be specified (seeResource limits section for more info on suffixes).If suffix is not specified, value is in kilobytes.

~~Checkpointing is a feature of~~--diskinodes~~OpenVZ kernel which allows to save a complete state of arunning container, and to restore it later.~~num[:num]

~~chkpnt <~~sets soft and hard disk quotalimits, in i~~>CTID~~-nodes. First parameter is soft limit, second is~~[--dumpfile name]~~hard limit.

~~This command saves a complete~~Note that this~~state of a running container to a dump file, and stops thecontainer. If an option --dumpfile~~ parameter is ~~not set,default dump file name~~ ignored for ~~/vz/dump/Dump.~~ploop~~CTID isused~~layout.

~~restore CTID~~[--~~dumpfile~~quotatime ~~name~~seconds]

~~This command restores a~~sets quota grace period.~~container from~~ Container is permitted to exceed its soft limits for the ~~dump file created by~~ grace period, but once it has expired, the ~~chkpnt~~soft limit is~~command~~enforced as a hard limit.

Note that thisparameter is ignored for ploop layout.

~~Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in~~--~~memory state (as in~~quotaugidlimit~~checkpointing). Note that snapshot functionality is onlyworking for containers on ploop device.~~num

~~snapshot |~~Enables or disables~~snapshot~~in-container per-user and per-~~create~~group disk quotas. If thevalue is set to ~~CTID [--id~~0or not set, disk quotas inside the~~uuid]~~container is disabled and not accounted.

~~Creates a container snapshot.~~ForIf <ib>~~uuid~~simfs</ib> ~~is not specified~~layout containers, ~~it is auto~~non-~~generated. If a~~zero value sets maximum~~container is running, it’s checkpointed and thenrestored. If a container~~ number of user/group IDs for which disk quota is ~~not running, only file systemstate is saved~~accounted.

For~~snapshot-switch~~plooplayout containers, any non-zero value enables~~CTID<~~disk quota inside the container; the number of user/~~i> --id uuid~~groupIDs used by disk quota is not limited by OpenVZ.

~~Switches the~~ Note thatenabling or disabling in-container ~~to a~~disk quotas requires~~snapshot identified by~~ container restart, so consider using <ib>~~uuid~~--setmode</ib>~~. Note that the currentcontainer state and its file system state is lost! If givensnapshot contains CT memory dump, it is restored, otherwiseit is stopped~~option.

~~snapshot-deleteCTID --id uuid~~=== Capability option ====

~~Removes a specified~~--capability~~snapshot~~capname:on|off[,...]

~~snapshot~~Sets a capability for acontainer. Multiple comma-~~list~~separated capabilities can be~~CTID~~specified.

~~Lists all snapshots. Active~~Note that~~snapshot~~ setting a capability when the container is ~~marked with~~ running does nottake immediate effect; restart the container in order forthe changes to take effect (consider using *--setmode ~~sign~~option).

A container ~~actions ===~~hasthe default set of capabilities, thus any operation oncapabilities is "logical AND" with the defaultcapability mask.

<~~table width~~p style="~~100~~margin-left:22%; margin-top: 1em" ~~border="0" rules="none" frame="void"~~>You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct, ~~cellspacing="0" cellpadding="0"~~sys_admin, sys_boot, sys_nice,<~~tr valign="top" align="left"~~b>sys_resource, sys_time, sys_tty_config,<~~td width="11%"~~b>mknod, lease, setveid, ve_admin</tdb>.For detailed description, see capabilities(7).<~~td width="9%"~~/p>

~~create~~WARNING:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting </pb>setpcap:on</tdb>fora container will most probably lead to inability to start~~<td width="2%">~~it.</~~td><td width="78%"~~p>

~~CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--private path][--root path][--ipadd addr][--hostname name][--name name] </td></tr></table>~~=== Device access management ====

-~~top~~-devnodesdevice: ~~1em"~~[r][w][q]|none~~Creates a newcontainer area. This operation should be done once, beforethe first start of the container.~~

~~By default,~~ Give the container anaccess~~OS template denoted by~~ (r - read, w - write, ~~DEF_OSTEMPLATE~~q ~~parameter of~~- disk quota~~[[Man/vz.conf.5|~~management, ~~vz.conf~~none(5- no access)~~]] is used~~ to ~~create~~ a ~~container~~device designatedby the special file /dev/device. ~~This can be~~Device file is~~overwritten~~ created in a container by ~~--ostemplate~~vzctl ~~option~~.Example:

vzctl set 777 --~~top~~devnodes sdb: ~~1em">By default, anew container configuration file is created from a sampleconfiguration denoted by value of CONFIGFILEparameter of [[Man/vz.conf.5|vz.conf(5)]]. If the containerconfiguration file already exists, it will not bemodified.~~rwq</ppre>

~~The value of~~~~CONFIGFILE~~--devicesb ~~can be overwritten by using the~~|~~--config~~c :major~~name~~:minor ~~option. This option can not beused if the container configuration file already exists.~~|all:[r][w][q]|none

~~A new~~ Give the containeran access to~~can either be created using~~ a ~~simfs~~b ~~filesystem~~ lock or ~~on a~~~~ploop~~c haracter device~~. The default is set~~ designated by ~~value of~~its<~~b>VE_LAYOUT parameter of [[Man/vz.conf.5|<b~~i>~~vz.conf~~major</bi>~~(5)]]~~ and ~~can beoverwritten by --layout option. In case~~ <bi>~~ploop~~minor</bi>~~is used, one can additionally specify ploop disk imageformat after a colon~~numbers. ~~Possible ploop formats are~~Device file have to~~expanded, plain and raw. Default isexpanded. Using raw is not recommended and isnot supported~~be created manually.

~~You can use--diskspace option to specify container file systemsize. Suffixes G, M, K can also bespecified (see Resource limits section for more infoon suffixes).~~=== PCI device management ====

~~You can use~~--~~root~~pci_add [~~path~~domain ~~option to sets the path to themount point for the container root directory (default is~~:]<bi>~~VE_ROOT~~bus</bi> ~~specified in [[Man/vz.conf.5|~~:<bi>~~vz.conf~~slot</bi>~~(5)]] file)~~.~~Argument can contain literal string~~ <bi>~~$VEID~~func</bi>~~, which willbe substituted with the numeric CT ID.~~

~~You can use--private path option to set~~ Give the ~~path~~ container an access to~~directory in which all the files and directories specific tothis very container~~ a specified PCI device. All numbers are ~~stored~~ hexadecimal (~~default is VE_PRIVATE~~as~~specified in [[Man/vz.conf.5|~~printed by ~~vz.conf~~lspci(58)~~]] file~~in the first column)~~. Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID~~.

~~You can use~~--~~ipadd~~pci_del [domain:]bus:~~addr~~slot ~~option to assign an IP address toa container. Note that this option can be used multipletimes~~.func

~~You can use--hostname name option to set~~ Delete a ~~host name for~~PCI device from thea container.

Note that~~destroy~~vps-pci | configuration script is executed by~~delete~~vzctlthen configuring PCI devices. The script isusually located at <ib>~~CTID~~/usr/libexec/vzctl/scripts/</ib>.

~~Removes a container privatearea by deleting all files, directories and theconfiguration file of this container.~~=== Features management ====

~~start~~--features ~~CTID~~name[:on|~~--wait~~off] [~~--force~~,...]

~~Mounts (if necessary) and~~Enable or disable a specific~~starts a~~ containerfeature. ~~Unless~~ Known features are: ~~--wait~~sysfs ~~option is~~,~~specified~~nfs, sit, ipip, ~~vzctl~~ppp ~~will return immediately; otherwise~~,~~an attempt to wait till the default runlevel is reached willbe made by~~ ~~vzctl~~ipgre, bridge, nfsd. A few features canbe specified at once, comma-separated.

~~Specify--force if you want to start a container which isdisabled (see --disabled).~~=== Apply config ====

~~Note that thiscommand can lead to execution of~~ ~~premount~~--applyconfig,<bi>~~mount~~name</~~b> and start action scripts (see ACTIONSCRIPTS</b~~i> ~~below).~~

Read container parameters fromthe container sample configuration file<btt>~~stop~~/etc/vz/conf/ve-</btt> ~~CTID~~name<tt>.conf-sample</tt>,[and apply them, if --~~fast~~save option specified save tothe container config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT, andVE_PRIVATE].

~~Stops and unmounts a container.Normally, halt(8) is executed inside a container;option~~ --~~fast~~applyconfig_map ~~makes~~ <bi>~~vzctl~~group</~~b> use <b~~i>~~reboot(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~

~~Note that this~~Apply container config~~command can lead to execution of~~ parameters selected by <bi>~~stop~~group</bi>, . Now the only possiblevalue for <bi>~~umount~~group</bi>~~and~~ is ~~postumount~~name ~~action scripts (see~~ : to restore containername based on ~~ACTIONSCRIPTS~~NAME ~~below)~~variable in containerconfiguration file.

~~restart<~~=== I/~~b> CTID[--wait] [--force] [--fast]~~O scheduling ====

~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the~~~~start~~--ioprio ~~and~~ <bi>~~stop~~priority</bi> ~~options.~~

Assigns disk I/O priority tocontainer. Priority range is 0-~~top: 1em"~~7~~Note that this~~. The greater~~command can lead to execution~~ priority is, the more time for I/O activity containerhas. By default each container has priority of ~~some action scripts (see~~~~ACTION SCRIPTS~~4 ~~below)~~.

~~status~~--iolimit ~~CTID~~limit[B|K|M|G]

~~Shows~~ Assigns disk I/O bandwidthlimit for a container ~~status~~. ~~This~~Value is either a ~~line~~ number with ~~five~~ anoptional suffix, or ~~six words, separated by spaces~~a literal string unlimited. Valueof 0 means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

~~First word~~ If no suffix is~~literally~~ provided, the limit is assumed to be in megabytes persecond. Available suffixes are: • ~~CTID~~b., B -- bytes per second; • k, K -- kilobytes per second; • m, M -- megabytes per second (default); • g, G -- gigabytes per second;

--~~top: 1em"~~iopslimit~~Second word isthe numeric~~ ~~CT ID~~iops.

~~Third word is~~Assigns IOPS limit for a~~showing whether this~~ container ~~exists or not~~, ~~it can be~~in number of input/output operations per second.~~either~~ Value is a number or a literal string ~~exist~~unlimited or .Value of ~~deleted~~0means "unlimited". By default acontainer has no IOPS limit.

~~Fourth word isshowing the status of the container filesystem, it can beeither mounted or unmounted.~~== Suspending and resuming ===

Checkpointing is a feature ofOpenVZ kernel which allows to save a complete in-kernelstate of a running container, and to restore it later. suspend|chkpntCTID [--dumpfile name] ~~Fifth word~~This command suspends a~~shows if the~~ container to a dump file If an option --dumpfile is ~~running~~not set, ~~it can be either~~default dump file name~~running~~/vz/dump/Dump. or <bi>~~down~~CTID</bi>is used.

~~Sixth word, ifexists, is~~ ~~suspended~~resume|restore~~. It appears if both a containerand its dump file exist (see~~ CTID [~~chkpnt~~--dumpfile).name]

This commandrestores a~~can also be usable~~ container from ~~scripts~~the dump file created by the suspendcommand.

~~mount CTID~~== Snapshotting ===

~~Mounts container private area~~Snapshotting is a feature basedon checkpointing and ploop shapshots.It allows to save a~~Note that this command can lead to execution~~ complete state ofcontainer file system. Plus, if the~~premount and mount action scripts~~ container is running, it’s in-memory state (~~see~~as in~~ACTION SCRIPTS below~~checkpointing). Note that snapshot functionality is onlyworking for containers on ploop device.

~~umount~~snapshot CTID[--id uuid] [--name name][--description desc] [--skip-suspend] [--skip-config]

~~Unmounts~~ Creates a container ~~private~~snapshot,~~area~~i. ~~Note that this command can lead to execution of~~e. saves the current container state, including its file~~umount~~ system state, running processes state, and ~~postumount action scripts (see~~configuration~~ACTION SCRIPTS below)~~file.

~~Note that~~If a containeris running, and ~~stop~~--skip-suspend ~~does umount automatically~~option is notspecified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.

~~convert CTID~~Unless[--~~layoutploop~~skip-config~~[:{expanded|plain|raw}]]~~option is given, containerconfiguration file is saved to the snapshot.

~~Convert CT private area to~~If uuid~~reside on a ploop device (available in kernel version~~is not specified, it is auto-generated. Options~~042stab052.8~~ --name and ~~greater). Conversion should~~ --description can be ~~performed~~used to~~when a container is stopped~~specify the snapshot name and description, ~~plus disk space quota should be~~respectively.~~set~~Name is displayed by snapshot-list. snapshot-switchCTID [--skip-resume | --must-resume][--skip-config] --id uuid

~~quotaon~~ Switches the container to asnapshot identified by ~~CTID~~uuid, restoring its filesystem state, configuration (if available) and its runningstate (if available).

~~Turn disk quota on. Not that~~~~mount~~ Note thatthe current state of a container (including its file systemstate and ~~start~~its configuration file) is lost! ~~does that automatically.~~

Option~~quotaoff~~--skip-resume is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <ib>~~CTID~~--skip-suspend</ib>).

~~Turn disk quota off. Not that~~If option~~umount~~--must-resume is set, absense of a memory dump istreated as an error, and ~~stop does that automatically~~the inability to restore from thememory dump is treated as an error rather than warning.

Option option~~quotainit~~--skip-configis used to ignore the CT configuration<file in a snapshot, i~~>CTID~~.e. the current configuration file willbe left as is.

~~Initialize disk quota (i.e. run~~~~vzquota init~~snapshot-delete~~) with the parameters taken from the CTconfiguration file [[Man~~CTID</~~ctid.conf.5|~~i> ~~ctid.conf~~--id~~(5)]].~~uuid

~~exec CTID~~Removes a specified~~command~~snapshot.

~~Executes~~ snapshot-mount~~command~~CTID ~~in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.~~If --id ~~command~~uuid is --target~~, commands are read fromstdin.~~directory

Mounts a snapshot specified by<bi>~~exec2~~uuid</bi> to a ~~CTIDcommand~~directory. Note this mount isread-only.

~~The same as~~ ~~exec~~snapshot-umount~~, butreturn code is that of~~ ~~command~~CTID --id uuid.

~~runscript CTID~~Unmounts a specified~~script~~snapshot.

~~Run specified shell script in~~snapshot-list~~the container. Argument~~ ~~script~~CTID ~~is a file on the host~~[-H] [-o~~system which contents is read by vzctl and executed in thecontext of the container~~field[,field. ~~For a running container, thecommand jumps into the container and executes the script~~.~~For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root~~. ~~In the latter case, the container is notreally started, no file systems other than root (such as~~] [--id</~~proc~~b> uuid</bi>~~) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.~~]

~~enter CTID~~List container’s~~[--exec command [arg ..~~snapshots.]]

~~Enters into a container (givinga container’s root shell). This option is a back-door~~You can~~for host root only. The proper way to have CT root shell isto use~~ suppress displaying header using ~~ssh~~-H~~(1)~~option.

~~Option~~You can use the-~~-exec~~o ~~is used~~ option to ~~run~~ display only the specified~~command~~field ~~with argumentsafter entering into container~~(s). ~~This is useful if command tobe run requires a terminal (so vzctl exec~~ List of available fields can ~~not~~ beobtained~~used) and for some reason you can not use~~ using ~~ssh~~-L~~(1)~~option.

~~You need to logout manually from the shell to finish session (even if youspecified --exec).~~== Performing container actions ===

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><btr valign="top" align="left">~~console~~</btd width="11%"> ~~CTID~~</itd></ptd width="9%">

create</td><td width="2%;">~~Attach to the container’sconsole. Note that the console is persistent, meaning it canbe attached to even if the container is not running, andthere is no automatic detachment when the container is~~</td>~~stopped.~~</ptd width="78%">

CTID[--ostemplate  ~~margin~~name][--~~top~~config name][--layout simfs|ploop[: ~~1em"~~{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num~~Type~~ ][~~Esc~~--private path]~~then~~ [.--root  ~~to detach from the console. Type~~ path][~~Esc~~--ipadd addr]~~then~~ [,--hostname  ~~to detach without killing anything. Note that~~name]~~these sequences are only recognized after~~ [~~Enter~~--name name][--local_uid uid][.--local_gid gid] </td></tr></table>

Creates a newcontainer area. This operation should be done once, beforethe first start of the container.

By default, anOS template denoted by DEF_OSTEMPLATE parameter of[[Man/vz.conf.5|vz.conf(5)]] is used to create a container. This can beoverwritten by --~~help~~ostemplateoption. ~~Prints help message with~~ By default, anew container configuration file is created from asampleconfiguration denoted by value of CONFIGFILEparameter of [[Man/vz.conf.5|vz.conf(5)]]. If the containerconfiguration file already exists, it will not bemodified. ~~brief list~~ The value of ~~possible options~~CONFIGFILE can be overwritten by using the--config name option. This option can not beused if the container configuration file already exists.

A new containercan either be created using simfs filesystem or on aploop device. The default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by --~~version~~layout option. In case ploopis used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw. Default isexpanded. Using value other than expandedisnot recommended and is currently not supported.

~~Prints~~ You can use--diskspace and --diskinodes options tospecify container file system size. Note that for~~vzctl~~plooplayout, you will not be able to change inodes~~version~~value later.

IfDISKSPACE is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.conf.5|vz.conf(5)]], --diskspaceparameter is required for ploop layout.

~~vzctlhas an ability to execute user-defined scripts when aspecific vzctl command is run for a container. The~~Suffixes~~following~~ ~~vzctl commands can trigger execution ofaction scripts: start~~G, ~~stop~~M, ~~restart~~K,can also be specified (see~~mount and umount~~Resource limitssection for more info onsuffixes).

~~Action scripts~~You can use~~are located in the~~ --root</~~etc/vz/conf~~b> path option to sets the path to themount point for the container root directory (default isVE_ROOT ~~directory~~specified in [[Man/vz. ~~There areglobal and per-CT scripts~~conf. ~~Global scripts have a literalprefix of~~ 5|~~vps~~vz.conf ~~and are executed for all containers~~(5)]] file).~~Per-CT scripts have a~~ Argument can contain literal string <ib>~~CTID~~$VEID</ib> ~~numeric prefix and are~~, which will~~executed for~~ be substituted with the ~~given container only~~numeric CT ID.

~~Please note~~You can use~~scripts~~ --private path option to set the path todirectory in which all the files and directories specific tothis very container are ~~executed in a host system~~ stored (~~CT0) context, with~~default is VE_PRIVATE~~the exception of~~ specified in [[Man/vz.conf.5|vz.~~start~~conf ~~and~~ (5)]] file). Argument can containliteral string ~~.stop~~$VEID ~~scripts~~,which will be substituted with~~which are executed in a container context~~the numeric CT ID.

~~The following~~You can use~~action scripts are currently defined:~~ ~~ vps.premount~~--ipadd, ~~CTID~~addr~~~~option to assign an IP address toa container. Note that this option can be used multipletimes.~~premount~~

~~Global and per~~You can use--~~CT mount scripts~~hostname name option to set a host name for~~which are executed for~~ a container ~~before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first~~.

When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and~~vps.mount~~--local_gid,can be used to select which uidand ~~CTID~~gidrespectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UIDandLOCAL_GID from global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used.~~mount~~An explicit --local_uidvalue of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid is ignored.

~~Global~~ Warning:use --local_uid and ~~per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as~~ ~~.premount~~--local_gidwith care,~~scripts~~specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.

<ib>~~CTID~~destroy</ib>| ~~.start~~deleteCTID

~~Right after vzctl hasstarted~~ Removes a containerprivatearea by deleting all files, ~~it executes~~ directories and theconfiguration file of this ~~script in a~~ container~~context~~.

startCTID[--wait] [--force] [--skip-fsck][~~.stop~~--skip-remount]

~~Right before~~ Mounts (if necessary) andstarts a container. Unless --wait option isspecified, vzctl will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by vzctl ~~has~~.~~stopped a container, it executes this script in~~ Specify--force if you want to start a containerwhich is~~context~~disabled (see --disabled).

Specify~~vps.umount~~--skip-fsck,to skip fsck for ploop-based container~~CTID~~filesystem (this option is used by vz initscript).~~umount~~

~~Global and per-CT umount~~By default, if~~scripts which are executed for~~ a container ~~before~~ to be started happens to be already mounted, it isunmounted~~. Scripts are executed in the host system context,while a CT is~~ and mountedagain. ~~Global script, if exists, is executed~~This behavior can be turned~~first~~off by using --skip-remount flag.

Note that thiscommand can lead to execution of ~~vps.postumount~~premount,<ib>mount and ~~CTID~~start</ib>action scripts (see ~~.postumount~~ACTIONSCRIPTSbelow).

~~Global and per~~stop CTID[--~~CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as~~ fast] [.--skip-umount~~scripts.~~]

~~The environment~~Stops a container and unmounts~~passed to all the~~ it (unless *mount--skip-umount ~~scripts~~ is ~~the standard~~given). Normally,~~environment of the parent (i.e.~~ ~~vzctl~~halt(8) ~~with two~~is executed inside a container; option~~additional variables:~~ ~~$VEID~~--fast ~~and~~ makes ~~$VE_CONFFILE~~vzctl.~~The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as~~ use ~~$VE_ROOT~~reboot~~, it needs~~ (2)syscall instead which is faster but can lead to ~~get those~~unclean~~from global and per-CT configuration files~~container shutdown.

~~Here~~ Note thatvzctl stop is annot asyncronous, in other words vzctl~~example of a mount script, which makes host system~~waits for container’sinit to exit (unless--fast</~~mnt/disk available~~ b> is given), which can take up to ~~container(s)~~a few minutes. ~~Script name~~ Default wait timeout is 120 seconds; it can ~~either~~be changedbe globally, by setting STOP_TIMEOUT</~~etc~~b> in[[Man/vz/.conf~~/vps~~.~~mount~~5|vz.conf (5)]], orper container (STOP_TIMEOUT</~~etc/vz~~b> in[[Man/ctid.conf/.5|~~CTID~~ctid.conf</ib>(5)]], see ~~.mount~~--stop-timeout).

<~~pre~~ p style="margin-left:1117%; margin-top: 1em"> ~~# If one of these files does not exist then something~~ ~~# is really broken~~ ~~[ -f /etc/sysconfig/vz ] || exit 1~~ ~~[ -f $VE_CONFFILE ] || exit 1~~ ~~# Source both files.~~ Note ~~the order is important.~~that this . command can lead to execution of stop</~~etc~~b>, umount</~~vz/vz.conf~~b> ~~. $VE_CONFFILE~~ ~~SRC=~~and postumount</~~mnt/disk~~b> action scripts (see ACTION ~~DST=~~SCRIPTS</~~mnt/disk~~ ~~mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC~~b> below).</~~pre~~p>

restart CTID[--wait] [--force] [--fast][--skip-fsck]

~~Returns 0 upon~~Restarts a container, i.e.~~success~~stops it if it is running, ~~or an appropriate error code in case of an~~and starts again. Accepts all the~~error:~~start and stop options.

<~~table width~~p style="~~100~~margin-left:17%~~" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0~~; margin-top: 1em">Note that this~~<tr valign="top" align="left">~~command can lead to execution of some action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">1</pb>status</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Failed to set a UBC parameter</td></tr><tr valign="top" align~~style="margin-left:17%;">Shows a container status. This~~<td width="11%">~~is a line with five or six words, separated by spaces.</~~td><td width="4%"~~p>

<p~~>2</td><td width~~style="7margin-left:17%; margin-top: 1em">First word isliterally CTID</tdb>.<~~td width="78%"~~/p>

<p~~>Failed to set a fair scheduler parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Second word isthe numeric <~~td width="11%"~~i>CT ID</tdi>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">3Third word isshowing whether this container exists or not, it can beeither </pb>exist</tdb>or <~~td width="7%"~~b>deleted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Generic system error~~Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~/tr~~b>unmounted<~~tr valign="top" align="left"><td width="11%"~~/b>.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">5Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~td width="7%"~~b>down</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~The running kernel~~ Sixth word, ifexists, is ~~not an OpenVZ kernel (or someOpenVZ modules are not loaded)~~<~~/p></td~~b>suspended</trb>. It appears if a dump fileexists for a stopped container (see <~~tr valign="top" align="left"~~b>suspend<~~td width="11%"~~/b>).</~~td><td width="4%"~~p>

<p~~>6</td><td width~~style="7margin-left:17%; margin-top: 1em">This commandcan also be usable from scripts.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Not enough system resources~~</pb>mount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">7Mounts container private area.Note that this command can lead to execution ofpremount</pb> and mount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~ENV_CREATE~~umount ~~ioctl failed~~</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">8Unmounts container privatearea. Note that this command can lead to execution ofumount</pb> and postumount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Command executed by~~ Note that~~vzctl exec~~stop ~~returned non-zeroexit code~~does </pb>umount</tdb>automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">9convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<p~~>Container is locked by another vzctlinvocation </td></tr><tr valign="top" align~~style="margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version~~<td width="11%">~~042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">10</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(5)]] notfound </td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">11</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~A vzctl helper script file not found~~Turn disk quota on. Not that</pb>mount</tdb>and <~~/tr~~b>start<~~tr valign="top" align="left"><td width="11%"~~/b>does that automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">12</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Permission denied~~Turn disk quota off. Not that</pb>umount</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>does that automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">13</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Capability setting failed~~Initialize disk quota (i.e. run</pb>vzquota init</tdb><) with the parameters taken from the CTconfiguration file [[Man/~~tr>~~ctid.conf.5|<~~tr valign="top" align="left"~~b>ctid.conf<~~td width="11%"~~/b>(5)]].</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">14</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container configuration file [[Man/ctid.conf.5|~~Executes <bi>~~ctid.conf~~command</bi>~~(5)]]~~ in acontainer. Environment variables are notset inside thecontainer. Signal handlers may differ from default settings.~~found~~If </pi> command</tdi>is <~~/tr~~b>-<~~tr valign="top" align="left"~~/b>, commands are read from~~<td width="11%">~~stdin.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">15</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Timeout on~~ The same as ~~vzctl~~ exec, butreturn code is that of </pi>command</tdi>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">16</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<p~~>Error during vzctl chkpnt</td></tr><tr valign="top" align~~style="margin-left:17%;">Run specified shell script inthe container. Argument <~~td width="11%"~~i>script</tdi>is a file on the hostsystem which contents is read by vzctl and executed in the~~<td width="4%">~~context of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as<pb>~~17<~~/p>proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basic~~<td width="7%">~~operations.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl restore~~enterCTID</pi>[--exec</tdb><~~/tr~~i>command<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>arg</tdi>...]]<~~td width="4%"~~/p>

<p~~>18</td><td width~~style="7margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh</tdb>(1).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Error from~~ Option~~setluid()~~--exec ~~syscall~~is used to run </pi>command</tdi>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~/tr~~b>vzctl exec<~~tr valign="top" align="left"~~/b>can not beused) and for some reason you can not use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<p~~>20</td><td width~~style="7margin-left:17%; margin-top: 1em">You need to logout manually from the shell to finish session (even if youspecified --exec</tdb>).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Invalid command line parameter~~</pb>console</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>ttynum</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum argument is tty number (such as4 for 21tty4</pb>), default is 1</tdb>which is usedfor container’s <~~td width="7%"~~b>/dev/console</tdb>.<~~td width="78%"~~/p>

<p~~>Invalid value for command line parameter</td></tr><tr valign~~style="margin-left:17%; margin-top: 1em" ~~align="left"~~>Note theconsoles are persistent, meaning that: • it can be attached to even if the container is notrunning; <~~td width="11%"~~br>• there is no automatic detachment upon the containerstop; <~~/td~~br>• detaching from the console leaves anything running inthis console as is.<~~td width="4%"~~/p>

<p~~>22</td><td width~~style="7margin-left:17%; margin-top: 1em">The followingescape sequences are recognized by vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container root directory (~~•~~VE_ROOT~~Esc~~) not set~~then </pb>.</tdb>to detach from the console.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">23•</pb>Esc</tdb>then <~~td width="7%"~~b>!</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="78%"~~/p>

~~Container private directory (VE_PRIVATE) notset </td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Other options ===~~"4%">~~

<p~~>24</td><td width~~style="7margin-left:11%;">--help</tdb><~~td width="78%"~~/p>

<p~~>Container template directory (TEMPLATE) notset </td></tr><tr valign="top" align~~style="margin-left:17%;">Prints help message with a~~<td width="11%">~~brief list of possible options.</~~td><td width="4%"~~p>

<p~~>28</td><td width~~style="7margin-left:11%;">--version</tdb><~~td width="78%"~~/p>

<p~~>Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align~~style="margin-left:17%;">Prints <~~td width="11%"~~b>vzctl</tdb>version.<~~td width="4%"~~/p>

~~29</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~ACTION SCRIPTS ==

<pstyle="margin-left:11%; margin-top: 1em">vzctl~~OS template is not specified, unable~~ has an ability to ~~create~~execute user-defined scripts when aspecific vzctl command is run for a container. Thefollowing vzctl</pb> commands can trigger execution ofaction scripts: start, stop</tdb>, restart</trb>,<~~tr valign="top" align="left"~~b>mountand <~~td width="11%"~~b>umount</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the 31/etc/vz/conf/</pb> directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~td width="7%"~~i>CTID.</tdb>numeric prefix andare executed for the given container only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Container not running~~Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~/tr~~b>.stop<~~tr valign="top" align="left"~~/b>scripts,~~<td width="11%">~~which are executed in a container context.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">32The followingaction scripts are currently defined: vps.premount</pb>, CTID</tdi><~~td width="7%"~~b>.premount</tdb><~~td width="78%"~~/p>

<p~~>Container already running</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container before it is mounted.~~<td width="11%">~~Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">33vps.mount</pb>,CTID</tdi><~~td width="7%"~~b>.mount</tdb><~~td width="78%"~~/p>

<p~~>Unable to stop container</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as <~~td width="11%"~~b>.premount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">34</pi>CTID</tdi><~~td width="7%"~~b>.start</tdb><~~td width="78%"~~/p>

<p~~>Unable to add IP address to container</td></tr><tr valign="top" align~~style="margin-left:22%;">Right after <~~td width="11%"~~b>vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">40</pi>CTID</tdi><~~td width="7%"~~b>.stop</tdb><~~td width="78%"~~/p>

<p~~>Container not mounted</td></tr><tr valign="top" align~~style="margin-left:22%;">Right before <~~td width="11%"~~b>vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">41vps.umount</pb>,CTID</tdi><~~td width="7%"~~b>.umount</tdb><~~td width="78%"~~/p>

<p~~>Container already mounted</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it is~~<td width="11%">~~unmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">43vps.postumount</pb>,CTID</tdi><~~td width="7%"~~b>.postumount</tdb><~~td width="78%"~~/p>

<p~~>Container private area not found</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as <~~td width="11%"~~b>.umount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">The environmentpassed to all the *mount44scripts is the standardenvironment of the parent (i.e. vzctl</pb>) with twoadditional variables: $VEID and $VE_CONFFILE</tdb>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as <~~td width="7%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Container private area already exists~~Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name can eitherbe /petc/vz/conf/vps.mount or/etc/vz/conf/</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.mount</tdb>.<~~td width="4%"~~/p>

<ppre style="margin-left:11%; margin-top: 1em">~~46<~~ # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/~~p><~~mnt/~~td>~~disk~~<td width~~ DST=~~"7%"><~~/~~td>~~mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC<~~td width="78%"~~/pre>

== EXIT STATUS == <pstyle="margin-left:11%; margin-top: 1em">~~Not enough disk space~~Returns 0 uponsuccess, or an appropriate error code in case of anerror: <~~/td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

471</td>

~~Bad/broken container (/sbin/init or/bin/sh not found)~~Failed to set a UBC parameter</td></tr>

482</td>

~~Unable~~ Failed to ~~create~~ set a ~~new container private area~~fair scheduler parameter</td></tr>

493</td>

~~Unable to create a new container root area~~Generic system error</td></tr>

505</td>

~~Unable to mount container~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr>

516</td>

~~Unable to unmount container~~Not enough system resources</td></tr>

527</td>

~~Unable to delete a container~~ENV_CREATE ioctl failed</td></tr>

538</td>

~~Container private area not exist~~Command executed by vzctl exec returned non-zeroexit code</td></tr>

609</td>

Container is locked by another ~~vzquota on~~vzctl ~~failed~~invocation</td></tr>

6110</td>

Global OpenVZ configuration file [[Man/vz.conf.5|~~vzquota init~~vz.conf ~~failed~~(5)]] notfound</td></tr>

6211</td>

~~vzquota setlimit failed~~A vzctl helper script file not found</td></tr>

6312</td>

~~Parameter DISKSPACE not set~~Permission denied</td></tr>

6413</td>

~~Parameter DISKINODES not set~~Capability setting failed</td></tr>

6514</td>

~~Error setting second-level~~ Container configuration file [[Man/ctid.conf.5|ctid.conf(~~ugid~~5) ~~quota~~]] notfound</td></tr>

6615</td>

Timeout on ~~vzquota off~~vzctl exec ~~failed~~</td></tr>

6716</td>

~~ugid quota not initialized~~Error during vzctl suspend</td></tr>

7117</td>

~~Incorrect IP address format~~Error during vzctl resume</td></tr>

7418</td>

Error ~~changing password~~from setluid() syscall</td></tr>

7820</td>

~~IP address already in use~~Invalid command line parameter</td></tr>

7921</td>

~~Container action script returned an error~~Invalid value for command line parameter</td></tr>

8222</td>

~~Config file copying error~~Container root directory (VE_ROOT) not set</td></tr>

8623</td>

~~Error setting devices~~ Container private directory (~~--devices~~VE_PRIVATE or) not~~--devnodes)~~set </td></tr>

8924</td>

~~IP address~~ Container template directory (TEMPLATE) not ~~available~~set</td></tr>

9128</td>

~~OS template not found~~Not all required UBC parameters are set, unable to startcontainer</td></tr>

~~100~~29</td>

~~Unable~~ OS template is not specified, unable to ~~find~~ createcontainer ~~IP address~~</td></tr>

~~104~~31</td>

~~VE_NETDEV ioctl error~~Container not running</td></tr>

~~105~~32</td>

Container ~~start disabled~~already running</td></tr>

~~106~~33</td>

Unable to ~~set iptables on a running~~ stop container</td></tr>

~~107~~34</td>

~~Distribution-specific configuration file not found~~Unable to add IP address to container</td></tr>

~~109~~40</td>

~~Unable to apply a config~~Container not mounted</td></tr>

~~129~~41</td>

~~Unable to set meminfo parameter~~Container already mounted</td></tr>

~~130~~43</td>

~~Error setting veth interface~~Container private area not found</td></tr>

~~131~~44</td>

~~Error setting container name~~Container private area already exists</td></tr>

~~133~~46</td>

~~Waiting for container start failed~~Not enough disk space</td></tr>

~~139~~47</td>

~~Error saving~~ Bad/broken container ~~configuration file~~(/sbin/init or/bin/sh not found)</td></tr>

~~148~~48</td>

~~Error setting~~ Unable to create a new container ~~IO parameters (ioprio)~~private area</td></tr>

~~150~~49</td>

~~Ploop image file not found~~Unable to create a new container root area</td></tr>

~~151~~50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td>

~~Error creating ploop image~~Unable to delete a container</td></tr>

~~152~~53</td>

~~Error mounting ploop image~~Container private area not exist</td></tr>

~~153~~60</td>

~~Error unmounting ploop image~~vzquota on failed</td></tr>

~~154~~61</td>

vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td><td width="7%"></td><td width="78%"> Error resizing ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr>

~~158~~166</td>

Error ~~deleting~~ compacting ploop ~~snapshot~~image</td></tr>

~~159~~167</td>

Error ~~switching~~ listing ploop ~~snapshot~~snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

OpenVZ Virtuozzo Containers Wiki β

Changes

Man/vzctl.8

OpenVZ Virtuozzo Containers Wiki ^β