Changes

← Older edit

Man/vzctl.8

16,065 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID --parameter value [...]~~~~</td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] snapshot CTID

[--id uuid]

[--name name]

[--description desc][--skip-suspend] [--skip-config] </td></tr>

[flags] snapshot-switch CTID[--skip-resume |--must-resume][~~snapshot~~-~~delete~~ -skip-config] --id uuid</td></tr>

[flags] snapshot-~~list~~delete CTID--id uuid</td></tr>

[flags] ~~set~~snapshot-mount CTID ~~--parameter value[...]~~ [--~~save~~id~~] [~~<bi>~~--force~~uuid</bi>][--~~setmode restart~~target|<bi>~~ignore~~dir</bi>] </td></tr>

[flags] ~~convert~~snapshot-list CTID[-~~-layout ploop~~H] [:-o{<bi>field[,~~expanded~~field</bi>|...][~~plain~~--id|<bi>~~raw~~uuid</bi>}]] </td></tr>

[flags] ~~exec~~set | CTID --parameter value[...] [~~exec2~~--save ] [--force<i/b>~~CTID~~]~~command~~[--setmode restart</ib> [|<ib>~~arg~~ignore</ib> ~~...~~]</td></tr>

[flags] ~~enter~~set CTID[--~~exec ~~reset_ub~~command [arg ...]]~~ </td></tr>

[flags] ~~--help~~console | <bi>CTID[~~--version~~ttynum</bi>]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] convert CTID[--~~left:11%~~layout  ~~margin-top~~ploop[: ~~1em"~~{expanded|plain~~Utility~~|~~vzctl~~raw ~~runs on the host system (otherwise known as~~}]] </td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] exec | exec2 CTIDcommand~~, and can be used with any command~~ [arg ... ~~They affect~~]</td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [<bi>~~VERBOSE~~flags</bi> ~~parameter in theglobal configuration file [[Man/vz.conf.5|~~] ~~vz.conf~~runscript~~(5)]], or to~~ <bi>0CTID script</bi>~~if not set by~~ <b/p>~~VERBOSE~~</btd> ~~parameter.~~ ~~=== Setting container parameters ===~~ ~~<table width="100%" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"~~tr>

~~set~~vzctl</td>

<td width="8380%"> --help | --version</td></tr></table> == DESCRIPTION ==

~~CTID~~Utility[~~--onboot yes~~vzctl~~|no]~~runs on the host system (otherwise known as~~[--bootorder number]~~Hardware Node, or HN) and performs direct manipulations with~~[--root ~~containers (CTs).</bp>~~path][--private path]~~[<~~b>-~~p style="margin-~~userpasswd user~~left:~~pass][--disabled&nbsp~~11%;~~yes|no][~~margin-~~-name </b~~top: 1em">~~name]~~Containers can~~[--description ~~be referred to by either numeric ~~string][--ipadd addr][--ipdel addr|all][--hostname ~~CTID</~~b><~~i>or by name~~][--nameserver addr]~~(see[--~~searchdomain ~~name~~][--netif_add ~~~~dev[,params.~~option).~~.]][--netif_del~~Note that CT ID &~~nbsp~~lt;~~dev|all]~~= 100 are~~[--ifname dev~~reserved for OpenVZ internal purposes. A numeric ID should[not be more than ~~--mac ~~2147483644~~hwaddr~~.</ip>]~~[--host_ifname dev][--host_mac hwaddr]~~== OPTIONS ==~~[--bridge name][--mac_filter on|off]]~~=== Flags ===~~[--numproc items]~~[p style="margin-~~-numtcpsock items</i~~top: 1em">]These flags come before a~~[--numothersock items]~~command, and can be used with any command. They affect~~[--vmguarpages pages]~~logging to console (terminal) only, and do not affect~~[--kmemsize ~~logging to a log file.</bp>~~bytes][--tcpsndbuf bytes]~~[p style="margin-~~-tcprcvbuf&nbsp~~left:11%;~~</b~~">~~bytes]~~[--~~othersockbuf ~~quiet~~bytes~~</ip>]~~[--dgramrcvbuf bytes]~~[p style="margin-~~-oomguarpages&nbsp~~left:17%;~~</b~~">~~pages]~~Disables output. Note that~~[--lockedpages pages]~~scripts run by vzctl are still able to produce some~~[--privvmpages ~~output.</bp>~~pages][--shmpages pages]~~[p style="margin-~~-numfile&nbsp~~left:11%;~~items</i~~">][--~~numflock ~~verbose~~items~~</ip>]~~[--numpty items]~~[p style="margin-~~-numsiginfo&nbsp~~left:17%;~~</b~~">~~items]~~Increments logging level up~~[--dcachesize bytes][--numiptent num][--physpages pages][--swappages pages][--ram bytes][--swap bytes]~~from the default. Can be used multiple times. Default value~~[--cpuunits num][--cpulimit num][--cpus num][--cpumask cpus|all][--meminfo none|mode:~~is set to the value~~]~~[of ~~--iptables ~~VERBOSE~~name]~~parameter in theglobal configuration file [~~--netdev_add ifname]~~[~~--netdev_del <~~Man/~~b>ifname][--diskquota yes~~vz.conf.5|~~no][--diskspace ~~vz.conf~~num~~(5)]~~[--diskinodes num~~][, or to ~~--quotatime ~~0~~seconds]~~[if not set by ~~--quotaugidlimit ~~VERBOSE~~num~~parameter.</ip>]~~[--noatime yes|no][--capability capname:on|off]~~=== Setting container parameters ===~~[--devnodes param]~~[<~~b>--devices param]~~table width="100%" border="0" rules="none" frame="void"~~[--pci_add dev][--pci_del dev][--features param:on|off][--applyconfig name][--applyconfig_map group][--ioprio num] [--save][--force][--setmode restart|ignore] </td></tr~~ cellspacing="0" cellpadding="0">

set</td>

<pstyle="margin-top: 1em">~~This command sets various container parameters.~~CTID</pi>[--onboot yes</tdb>|no</trb>][--bootorder number</~~table~~i>][--root path][<~~p style="margin~~b>--~~left:17%~~private  ~~margin~~path][--~~top: 1em"~~mount_opts options~~If a~~][--~~save~~userpasswd  ~~flag is given, parameters are saved in~~user:pass]~~container configuration file~~ [~~[Man~~--disabled yes</~~ctid.conf.5~~b>|~~ctid.conf~~no~~(5)~~][--name name]~~. Use~~[--~~force~~description  ~~to save the parameters even if the current~~string]~~kernel doesn~~[--ostemplate&~~rsquo~~nbsp;~~t support OpenVZ.~~</pb>string][--stop-timeout seconds][<~~p style="margin~~b>--~~left:17%~~ipadd  ~~margin~~addr][--~~top: 1em"~~ipdel addr|all~~If the~~]~~container is currently running,~~ [~~vzctl~~--hostname  ~~applies these~~name]~~parameters to the container.~~[--nameserver addr</pi>][--searchdomain name][<~~p style="margin~~b>--~~left:17%~~netif_add  ~~margin~~dev[,params...]][--~~top: 1em"~~netif_del dev|all~~Note that a few~~]~~parameters can only be applied by restarting the container.~~[--ifname dev~~By default,~~ [~~vzctl~~--mac  ~~warns if such parameters are~~hwaddr]~~present and a container is running. Use~~ [--~~setmode~~host_ifname dev]~~restart~~[--host_mac  ~~to restart a container in such a case, or~~hwaddr][--~~setmode ignore~~bridge  ~~to suppress the above mentioned~~name]~~warning.~~[--mac_filter on|off</pb>]][--numproc items][<~~p style="margin~~b>--~~left:17%~~numtcpsock  ~~margin~~items][--~~top: 1em"~~numothersock items~~The following~~]~~parameters can be used with~~ [~~set~~--vmguarpages  ~~command.~~pages</pi>][--kmemsize bytes]~~==== Miscellaneous ====~~[--tcpsndbuf bytes][--tcprcvbuf bytes][<~~p style="margin~~b>--~~left:11%~~othersockbuf "bytes][--~~onboot yes~~dgramrcvbuf  |bytes][no--oomguarpages pages</pi>][--lockedpages pages][<~~p style="margin~~b>--~~left:17%~~privvmpages "pages~~Sets whether the container will~~]~~be started during system boot. The container will not be~~[--shmpages pages]~~auto~~[--~~started unless this parameter is set to~~ numfile items][~~yes~~--numflock .items</pi>][--numpty items][<~~p style="margin~~b>--~~left:11%~~numsiginfo "items][--~~bootorder~~dcachesize bytes][--numiptent num~~number~~][--physpages pages</pi>][--swappages pages][<~~p style="margin~~b>--~~left:17%~~ram "bytes~~Sets the boot order priority~~]~~for this CT. The higher the~~ [--swap ~~number~~bytes ~~is, the earlier in~~]~~the boot process this container starts. By default this~~[--vm_overcommit float]~~parameter is unset, which is considered to be the lowest~~[--cpuunits num]~~priority, so containers with unset~~ [~~bootorder~~--cpulimit  ~~will~~num]~~start last.~~[--cpus num</pi>][--cpumask cpus|auto|all][<~~p style="margin~~b>--~~left:11%~~nodemask "nodes|all][--~~root~~meminfo none |~~path~~mode:value</pi>][--iptables name[,...]][<~~p style="margin~~b>--~~left:17%~~netfilter "disabled|stateless|stateful|full~~Sets the path to root directory~~]([~~VE_ROOT~~--netdev_add ~~) for this container. This is essentially a~~ifname]~~mount point for container~~[--netdev_del&~~rsquo~~nbsp;~~s root directory. Argument~~ifname]~~can contain literal string~~ [--diskquota yes|~~$VEID~~no~~, which will be~~]~~substituted with the numeric CT ID.~~[--diskspace num</pi>][--diskinodes num][<~~p style="margin~~b>--~~left:11%~~quotatime "seconds][--~~private~~quotaugidlimit num][--capability ~~path~~capname:on</pb>|off[,...]][--devnodes param][<~~p style="margin~~b>--~~left:17%~~devices "param~~Sets the path to private~~]~~directory (~~[~~VE_PRIVATE~~--pci_add ~~) for this container. This is a~~dev]~~directory in which all the container~~[--pci_del&~~rsquo~~nbsp;~~s files are~~dev]~~stored. Argument can contain literal string~~ [--features name:on|~~$VEID~~off[,...]]~~which will be substituted with the numeric CT ID.~~[--applyconfig name</pi>][--applyconfig_map group][<~~p style="margin~~b>--~~left:11%~~ioprio "num][--~~userpasswd~~iolimit ~~user~~mbps:][--iopslimit ~~password~~iops] [--save</pb>][--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%;">~~Sets password for the givenuser in a~~ This command sets various container~~, creating~~ parameters. If the ~~user if it does notexists. Note that this option~~ container is ~~not saved in configurationfile at all (so~~ currently running, ~~--save~~vzctl ~~flag is useless), it is~~applies these~~applied~~ parameters to the container ~~(by modifying its~~ . The following options can beused with set</~~etc~~b> command.</~~passwd and~~p></~~etc~~td></~~shadow files).~~tr></ptable>

~~In casecontainer root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~=== Flags ====

-~~top: 1em"~~-save~~Note thatcontainer should be created before using this option.~~

~~--disabled yes<~~If this flag is given,parameters are saved in container configuration file[[Man/b> ctid.conf.5|noctid.conf(5)]].

~~Disable container start. Toforce the start of a disabled container, use~~ ~~vzctl start~~--force.

If this flag is given togetherwith --~~name~~save , parameters are saved even if the currentkernel doesn’t support OpenVZ. Note this flag does notmake sense without --save, so <ib>~~name~~--save</ib>isrequired.

~~Add a name for a container. Thename can later be used in subsequent calls to~~~~vzctl~~--reset_ub ~~in place of CTID.~~

If this flag is given,~~--description~~vzctlapplies all User Beancounter parameters from<the configuration file to a running container. This ishelpful in case configuration file is modified manually.Please note this flag is exclusive, i~~>string~~.e. it can not becombined with any other options or flags.

~~Add a textual description for a~~--setmode restart |~~container.~~ignore

A few parameters can only beapplied by restarting the container. By default,vzctl prints a warning if such parameters aresupplied and a container is running. Use --setmoderestart together with --save flag to restart acontainer in such a case, or --setmode ignore tosuppress the warning.

~~--ipadd addr~~=== Miscellaneous ====

~~Adds an IP address~~ <ib>~~addr~~--onboot yes</ib>|~~to a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g.~~ ~~10.1.2.3/25~~no).~~Note that this option is incremental, so addr areadded to already existing ones.~~

Sets whether the container willbe started during system boot. The container will be startedon boot by ~~--ipdel~~vz initscript if either this parameter isset to <ib>~~addr~~yes</ib> |, or the container was running just beforelast reboot, and this parameter is not set to ~~all~~no.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

~~Removes IP address~~ <ib>~~addr~~--bootorder</ib>~~from a container. If you want to remove all the addresses,use~~ <bi>~~--ipdel all~~number</bi>.

Sets the boot order priorityfor this CT. The higher the number is, the earlier inthe boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset bootorder willstart last. --~~hostname~~root~~name~~path

Sets the path to root directory(VE_ROOT) for this container ~~hostname~~.This is essentially amount point for container’s root directory. Argumentcan contain literal string ~~vzctl~~$VEID ~~writes it to~~ , which will besubstituted with the ~~appropriate file inside acontainer (distribution-dependent)~~numeric CT ID.

--~~nameserver~~private~~addr~~path

Sets ~~DNS server IP address fora container. If you want~~ the path to ~~set several nameservers, you~~private~~should do it at once, so use~~ directory (~~--nameserver~~VE_PRIVATE ~~option~~) for this container. This is a~~multiple times~~ directory in ~~one call to vzctl, as~~ which all the ~~name~~container’s files are~~server values set in previous calls to~~ stored. Argument can contain literal string ~~vzctl~~$VEID ~~are~~,~~overwritten~~which will be substituted with the numeric CT ID.

--~~searchdomain~~mount_opts~~name~~option[,option...]

Sets ~~DNS search domains~~ additional mount optionsfor acontainerfile system. ~~If you want to set several search domains, youshould do it at once, so use~~ Only applicable for ~~--searchdomain~~ploop ~~optionmultiple times in one call to vzctl~~layout, ~~as all thesearch domain values set in previous calls to vzctlare overwritten~~ignored otherwise.

--~~netif_add~~userpasswd~~ifname[~~user,:~~mac,host_ifname,host_mac,bridge]~~password

~~Adds a virtual Ethernet device~~Sets password for the given~~(veth) to~~ user in a ~~given~~ container, creating the user if it does notexists. ~~Here ifname~~ Note that this option is ~~the~~not saved in configuration~~Ethernet device name in the container,~~ file at all (so <ib>~~mac~~--save</ib> flag is ~~its MACaddress~~useless), ~~host_ifname~~ it is ~~the Ethernet device name on~~applied directly to the ~~host~~container, ~~and host_mac is its MAC address. MAC~~by running~~addresses should be in~~ distribution-specific programs inside the ~~format like XX:XX:XX:XX:XX:XX~~container.~~bridge~~ It is ~~an optional parameter which can be used incustom network start scripts to automatically add theinterface~~ not recommended to ~~a bridge. All parameters except ifnameare optional and are automatically generated if not~~combine this option with any other~~specified~~options.

~~--netif_del~~In casecontainer was not running, it is automatically started then~~dev_name | ~~all~~~~the appropriate changes are applied, then it isstopped.

~~Removes virtual Ethernet device~~Note that~~from a~~ containershould be created before using this option. ~~If you want to remove all devices, use~~ ~~all~~--disabled yes |no.

Disable container start. Toforce the start of a disabled container, use vzctl start--force.

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ --~~ifname~~name name~~ option. --mac XX:XX:XX:XX:XX:XX~~

~~MAC address~~ Add a name for a container. Thename can later be used in subsequent calls tovzctl in place of ~~interface inside~~CTID. Note this option can~~a container~~not be used without --save.

--~~host_ifname~~description~~name~~string

~~interface name~~ Add a textual description for ~~virtual~~a~~interface in the host system~~container.

--~~host_mac~~ostemplate~~XX:XX:XX:XX:XX:XX~~string

~~MAC address~~ Sets a new value of ~~interface~~ OSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Requires --save flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses thevalue of OSTEMPLATE to run~~host system~~distribution-specific scripts.

--stop-~~top: 1em"~~timeout~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here(FE:FF:FF:FF:FF:FF).~~seconds

Sets a time to wait forcontainer to stop on ~~--bridge~~vzctl stop before forciblykilling it, in seconds. Note this option can not be usedwithout <ib>~~name~~--save</ib>flag.

~~Bridge name. Custom networkstart scripts can use this~~ Special value ~~to automatically add theinterface~~ of 0 means to ~~a bridge~~use compiled-in default.

~~--mac_filter on |off~~=== Networking ====

~~Enables~~--ipadd</~~disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container. If the filtering is turned on:~~ b> <bri>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets);~~ addr<br/i>~~• it is impossible to modify the veth MAC address frominside the Container.~~

~~By default,~~Adds an IP address addrto a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g. 10.1.2.3/25).Note that this ~~functionality~~ option is ~~enabled for all veth devices~~ incremental, so addr areadded to already existing~~inside the Container~~ones.

--ipdel addr |all

~~The following~~Removes IP address addrfrom a container. If you want to remove all the addresses,~~options sets memory and swap limits for VSwap~~use --~~enabledkernels (kernel version 042stab042 or greater)~~ipdel all.

--~~top: 1em"~~hostname~~Argument is inbytes, unless otherwise specified by an optional suffix.Available suffixes are:~~name

~~•~~Sets container hostname.Tvzctl~~, t - terabytes; ~~writes it to the appropriate file inside a~~• G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; • P, p - memory pages~~ container (~~arch~~distribution-~~specific,usually 4KB~~dependent)~~; • B, b - bytes~~. ~~ --ram bytes~~

~~Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting~~ --~~physpages~~nameserver ~~limit (the barrier is set to0).~~addr

Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use --~~swap~~nameserver optionmultiple times in one call to <ib>~~bytes~~vzctl</ib>~~~~ ~~Set swap space available to acontainer. Actually~~, as all the ~~option is a shortcut for setting~~nameserver values set in previous calls to ~~--swappages~~vzctl ~~limit (the barrier is set to 0)~~areoverwritten.

~~Here is an~~A special value~~example~~ of ~~setting container 777~~ inherit can be used to ~~have 512 megabytes of~~auto-propagate nameservervalue(s) from the host system’s~~RAM and 1 gigabyte of swap:~~/etc/resolv.conf file.

<~~pre~~ p style="margin-left:11%;"> ~~vzctl set 777~~ --~~ram 512M --swap 1G --save~~searchdomainname</~~pre~~p>

Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use --searchdomain optionmultiple times in one call to vzctl, as all thesearch domain values set in previous calls to vzctlare overwritten.

~~The following~~A special value~~options sets barrier and limit for various user~~of inherit can be used to auto-propagate search~~beancounters~~domain value(s) from the host system’s/etc/resolv.conf file.

~~Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set~~ --~~ram~~netif_add ~~and~~<bi>ifname[,mac,host_ifname,~~--swap~~host_mac</bi> ~~(see above). For older kernels~~, ~~these limitsare obligatory.~~bridge]

~~Each option~~Adds a virtual Ethernet device~~requires one or two arguments~~(veth) to a given container. ~~In case of one argument~~Here ifname is theEthernet device name in the container,mac is its MACaddress, <bi>~~vzctl~~host_ifname</bi> ~~sets barrier and limit to~~ is the ~~same value. In~~Ethernet device name on~~case of two colon-separated arguments~~the host, ~~the first~~ and host_mac is aits MAC address. MAC~~barrier, and~~ addresses should be in the ~~second is a limit~~format like XX:XX:XX:XX:XX:XX. ~~Each argument~~ bridge is ~~either~~an optional parameter which can be used incustom network start scripts to automatically add theinterface to a ~~number, a number with a suffix, or a special value~~bridge. All parameters except <bi>~~unlimited~~ifname</bi>are optional and are automatically generated if notspecified.

~~Arguments arein items, pages or bytes. Note that page size isarchitecture~~--~~specific, it is 4096 bytes on x86 and x86_64~~netif_del~~platforms.~~dev_name | all

~~You can also~~Removes virtual Ethernet device~~specify different suffixes for User Beancounter parameters(except for those which names start with num)~~from a container. ~~Forexample~~If you want to remove all devices, ~~vzctl set CTID --privvmpages~~use~~5M:6M should set~~ ~~privvmpages~~all~~’ barrier to 5megabytes and its limit to 6 megabytes~~.

~~Availablesuffixes are:~~=== veth interface configuration ====

~~•~~The following~~T, t~~ options can be used to reconfigure the already- ~~terabytes; ~~createdvirtual Ethernet interface. To select the interface to~~• G~~configure, use ~~g~~ - ~~gigabytes; • M~~-ifname, <bi>mname</bi> ~~- megabytes; • K,~~ option. ~~k - kilobytes;~~ ~~• P, p~~ - ~~memory pages (arch~~-~~specific,usually 4KB); • B~~mac, <bi>bXX:XX:XX:XX:XX:XX</bi> ~~- bytes.~~

~~You can also~~MAC address of interface inside~~specify the literal word unlimited in place of~~ a~~number~~container. ~~In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --numproc items[:items]~~

~~Maximum number of processes andkernel~~--~~level threads. Setting the barrier and the limit to~~host_ifname~~different values does not make practical sense.~~name

~~--numtcpsock~~interface name for virtual~~items[:items]~~interface in the host system.

~~Maximum number of TCP sockets.~~--host_mac~~This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense.~~XX:XX:XX:XX:XX:XX

~~--numothersock~~MAC address of interface in the~~items[:items]~~host system.

~~Maximum number of non-TCPsockets (local sockets, UDP and other types of sockets).~~If you want an~~Setting~~ independent communication with the ~~barrier and~~ Container through the ~~limit to different values doesnot make practical sense~~bridge, you should specify a multicast MAC address here(FE:FF:FF:FF:FF:FF).

--~~vmguarpages~~bridge~~pages~~name~~[:pages]~~

~~Memory allocation guarantee~~Bridge name.Custom network~~This parameter controls how much memory is available~~ start scripts can use this value to a~~container. The barrier is~~ automatically add the ~~amount of memory thatcontainer’s applications are guaranteed~~ interface to ~~be able toallocate. The meaning of the limit is currently unspecified;it should be set to unlimited~~a bridge.

--~~kmemsize~~mac_filter on|<ib>~~bytes~~off</~~i>[:bytes</i~~b>]

~~Maximum amount~~ Enables/disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of ~~kernel memory~~this device from inside~~used~~the Container. ~~This parameter~~ If the filtering is ~~related to --numproc~~turned on: </bbr>~~. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consume~~• the veth device accepts only those packets that havea ~~bit more. It is important~~ MAC address in their headers corresponding to ~~have a certain safety gapbetween the barrier and the limit~~ that of this ~~parameter: equalbarrier~~ device (excluding all broadcast and ~~limit may lead to the situation where the kernel~~multicast packets); ~~will need to kill container~~&~~rsquo~~bull;~~s applications~~ it is impossible to ~~keep~~ modify theveth MAC address from~~kmemsize usage under~~ inside the ~~limit~~Container.

~~--tcpsndbuf~~By default,this functionality is enabled for all veth devices existing~~bytes[:bytes]~~inside the Container.

~~Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied by 2.5KB.~~=== VSwap limits ====

~~~~The followingoptions sets memory and swap limits for VSwap-~~-tcprcvbuf~~enabled~~bytes[:bytes]~~kernels (kernel version 042stab042 or greater).

~~Maximum size of TCP receive~~Argument is in~~buffers. Barrier should be not less than 64 KB~~bytes, ~~anddifference between barrier and limit should be equal to ormore than value of numtcpsock multiplied~~ unless otherwise specified by 2an optional suffix.5~~KB.~~Available suffixes are:

•T, t - terabytes; • G, g - gigabytes; • M, m-megabytes; • K, k -~~othersockbuf~~kilobytes; • P, p - memory pages (arch-specific,usually 4KB); • B, <ib>b- bytes(this is the default). --ram</ib>[:bytes]

~~Maximum size of other~~ Sets physical memory (~~non-TCP~~RAM)~~socket send buffers~~available to a container. ~~If container’s processes needs tosend very large datagrams~~Actually, the ~~barrier should be set~~option is a shortcut~~accordingly. Increased~~ for setting --physpages limit (the barrier is ~~necessary for high~~set to~~performance of communications through local (UNIX-domain~~0)~~sockets~~.

--~~dgramrcvbuf~~swapbytes[ Set swap space available to acontainer. Actually, the option is a shortcut for setting--swappages limit (the barrier is set to 0). --vm_overcommit~~bytes~~float]

~~Maximum size of other (non-TCP)~~Set VM overcommitment value to~~socket receive buffers~~float. If ~~container’s processes needs~~set, it is used to calculate~~to receive very large datagrams, the barrier should be~~ privmmpages parameter in case it is not set~~accordingly~~explicitly (see below). ~~The difference between the barrier and the~~Default value is 0, meaning~~limit is not needed~~unlimited privvmpages.

~~--oomguarpages~~vzctlchecks if running kernel is VSwap capable, and refuses touse these parameters otherwise. This behavior can beoverriden by using <ib>~~pages~~--force</ib>~~[:pages]~~flag beforeparameters.

~~Guarantees against OOM kill.~~In VSwap mode,~~Under this beancounter the kernel accounts the total amountof memory~~ all beancounters other than RAM and swap ~~space used by the container’sprocesses~~become optional. ~~The barrier of this parameter is theout-of-memory guarantee. If the oomguarpages usage isbelow the barrier, processes of this container~~ Note though that if some optional beancounters are~~guaranteed~~ not ~~to be killed in out-of-memory situations. The~~set,~~meaning of limit is currently unspecified; it should be~~ they are calculated and setby vzctl implicitly, using the~~to unlimited.~~following formulae:

--•lockedpages.barrier = oomguarpages.barrier = ram~~pages[:pages]~~

~~Maximum number of pagesacquired by~~ ~~mlock~~•lockedpages.limit = oomguarpages.limit = unlimited~~(2).~~

~~--privvmpages~~•vmguarpages.barrier = vmguarpages.limit = ram + swap~~pages[:pages]~~

~~Allows controlling the amountof memory allocated by the applications. For shared (mapped~~as ~~MAP_SHARED) pages, each container really using amemory page is charged for the fraction of the page~~•privvmpages.barrier = privvmpages.limit = (~~depending on the number of others using it~~ram + swap)~~. For~~*~~"potentially private" pages (mapped asMAP_PRIVATE~~vm_overcommit~~), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.~~

~~The barrier and~~(if~~the limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does~~ vm_overcommit is 0 or not ~~guarantee that container will be able to~~set,~~allocate that much memory. The primary mechanism to controlmemory allocation is the~~ ~~--vmguarpages~~privvmpages ~~guarantee.~~is set to "unlimited")

~~--shmpages~~Here is anexample of setting container 777 to have 512 megabytes of~~pages[~~RAM and 1 gigabyte of swap:~~pages]~~

~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values doesnot make practical sense.~~ vzctl set 777 --ram 512M --swap 1G --save</ppre>

~~--numfileitems[:items]~~=== User Beancounter limits ====

~~Maximum number of open files.~~The following~~In most cases the~~ options sets barrier and ~~the~~ limit ~~should be set to thesame value. Setting the barrier to 0 effectivelydisables pre-charging optimization~~ for ~~this beancounter inthe kernel, which leads to the held value being precise but~~various user~~could slightly degrade file open performance~~beancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --~~numflock~~ramand<ib>~~items~~--swap</ib>~~[:items]~~(see above). For older kernels, these limitsare obligatory.

~~Maximum number~~ Each optionrequires one or two arguments. In case of ~~file locks~~one argument,vzctl sets barrier and limit to the same value.Incase of two colon-separated arguments, the first is a~~Safety gap should be between~~ barrier , and the second is a limit. Each argument is eithera number, a number with a suffix, or a special valueunlimited.

~~-~~Arguments arein items, pages or bytes. Note that page size isarchitecture-~~numpty~~specific, it is 4096 bytes on x86 and x86_64~~items[:items]~~platforms.

You can alsospecify different suffixes for User Beancounter parameters(except for those which names start with num). Forexample, vzctl set CTID --privvmpages5M:6M should set privvmpages’ barrier to 5megabytes and its limit to 6 megabytes. Availablesuffixes are: ~~Number of pseudo~~•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k -~~terminals~~kilobytes; • P, p - memory pages (~~PTY~~arch-specific,usually 4KB); • B, b - bytes. ~~Note~~ You can alsospecify the literal word unlimited in place of anumber. In that ~~in OpenVZ each container can have not more~~case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --numproc items[:items] Maximum number of processes and~~than 255 PTYs~~kernel-level threads. Setting the barrier and the limit to

different values does not make practical sense.

--~~numsiginfo~~numtcpsock

items[:items]

~~Number~~ Maximum number of ~~siginfo structures~~TCP sockets.This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit to different values doesnot make practical sense.~~~~ ~~--dcachesizebytes[:bytes]~~

~~Maximum size offilesystem~~--~~related caches, such as directory entry and inode~~numothersock~~caches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gapshould be between barrier and limit.~~items[:items]

~~~~Maximum number of non-~~-numiptent~~TCPsockets (local sockets, UDP and other types of sockets).Setting the barrier and the limit to different values does~~num[:num]~~not make practical sense.

~~Number of iptables (netfilter)entries. Setting the barrier and the limit to differentvalues does not make practical sense.~~ --~~physpages~~vmguarpages

pages[:pages]

~~On VSwap-enabled kernels, this~~Memory allocation guarantee.~~limits the amount of physical~~ This parameter controls how much memory ~~(RAM)~~ is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to 0unlimited~~, and thelimit to a total size of RAM that can be used used by acontainer~~.

~~For olderkernels, this is an accounting~~--~~only parameter, showing theusage of RAM by this container. Barrier should be set to~~kmemsize<bi>0bytes</bi>~~, and limit should be set to~~ [:<bi>~~unlimited~~bytes</bi>.]

Maximum amount of kernel memoryused. This parameter is related to --~~swappages~~numproc. Each~~pages[~~process consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter:equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the<ib>~~pages~~kmemsize</ib>]usage under the limit.

~~For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to~~ 0--tcpsndbuf~~, and the limit to a total size of swap thatcan be used by a container.~~bytes[:bytes]

~~For older~~Maximum size of TCP send~~(pre-VSwap) kernels~~buffers. Barrier should be not less than 64 KB, ~~the~~ anddifference between barrier and limit ~~is used~~ should be equal to ~~show a total~~or~~amount~~ more than value of ~~swap space available inside the container. Thebarrier of this parameter is ignored. The default value is~~~~unlimited~~numtcpsock~~, meaning total swap will be reported as~~multiplied by 2.50KB.

--tcprcvbufbytes[:bytes]

~~These~~Maximum size of TCP receive~~parameters control CPU usage by container~~buffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of ~~ --cpuunits~~numtcpsock ~~num~~multiplied by 2.5KB.

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--othersockbuf ~~are not specified,default value of 1000 is used.~~bytes[:bytes]

~~You can set CPUweight for CT0~~ Maximum size of other (~~host system itself~~non-TCP) ~~as well (use vzctl~~socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be set ~~0 --cpuunits num)~~accordingly. ~~Usually, OpenVZ initscript~~Increased limit is necessary for highperformance of communications through local (~~/etc/init.d/vz~~UNIX-domain) ~~takes care of setting this~~sockets.

--~~cpulimit~~dgramrcvbuf~~num~~bytes[:<bi>%bytes</bi>]

~~Limit~~ Maximum size of ~~CPU usage for the~~other (non-TCP)socket receive buffers. If container’s processes needsto receive very large datagrams, ~~in per cent~~the barrier should be setaccordingly. ~~Note if~~ The difference between the barrier and the ~~computer has 2 CPUs, ithas total of 200% CPU time. Default CPU~~ limit is ~~0(no CPU limit)~~not needed.

--~~cpus~~oomguarpages ~~num~~pages[:pages]

~~sets number~~ Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof ~~CPUs available~~in memory and swap space used by the container’sprocesses.~~~~The barrier of this parameter is the ~~~~memory guarantee. If the ~~--cpumask~~oomguarpages ~~cpus |~~usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto ~~all~~unlimited.

~~sets list of allowed CPUs forthe container. Input format is a comma~~-~~separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen~~-~~separated decimal numbers, the smallest and~~lockedpages~~largest bit numbers set in the range. For example, if youwant the container to execute on CPUs 0, 1, 2, 7, you shouldpass~~ <bi>~~0-2,7~~pages</bi>~~. Default value is~~ [:<bi>~~all~~pages</bi> ~~(thecontainer can execute on any CPU).~~]

Maximum number of pagesacquired by mlock(2).

~~ForVSwap~~--~~enabled kernels (042stab042 or greater), this~~privvmpages~~parameter is ignored. For older kernels, it controls theoutput of /proc~~pages</~~meminfo inside a container. <b~~i>[:<bri>~~--meminfo none~~pages</bi>]

No Allows controlling the amountof memory allocated by the applications. For shared (mappedas MAP_SHARED</~~proc/meminfo virtualization~~b>) pages, each container really using amemory page is charged for the fraction of the page(depending on the ~~same~~ number of others using it). For"potentially private" pages (mapped as ~~on host system~~MAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --~~meminfo~~vmguarpages~~mode:value~~guarantee.

~~Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of~~ --~~swappages~~shmpages~~parameter.~~pages[:pages]

~~You can use~~ Maximum IPC SHM segment size.Setting thebarrier and the limit to different values does~~following modes for mode: • pages:value - sets total memory inpages; • privvmpages:value - sets total memoryas privvmpages * value~~not make practical sense.

-~~top: 1em"~~-numfile~~Default is~~<bi>items~~privvmpages~~[:1items</bi>.]

~~==== iptables control parameters ====~~ Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to ~~--iptables~~0effectivelydisables pre-charging optimization for this beancounter in~~name~~the kernel, which leads to the held value being precise butcould slightly degrade file open performance.

~~Allow to use the functionality~~--numflockof ~~name~~items ~~iptables module inside the container. Tospecify multiple~~ [:~~name~~items~~s, repeat --iptables for each,or use space-separated list as an argument (enclosed insingle or double quotes to protect spaces).~~]

~~The defaultlist~~ Maximum number of ~~enabled iptables modules is specified by the~~file locks.~~IPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]]~~Safety gap should be between barrier and limit.

~~You can use thefollowing values for name:~~ ~~iptable_filter~~--numpty,<bi>~~iptable_mangle~~items</bi>, [:<bi>~~ipt_limit~~items</~~b>,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner</b~~i>.]

Number of pseudo-terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the barrier and the limit todifferent values does not make practical sense.

--~~netdev_add~~numsiginfo~~name~~items[:items]

~~move network device from~~ Number of siginfo structures.Setting the barrier and thelimit to different values does~~host system to a specified container~~not make practical sense.

--~~netdev_del~~dcachesize~~name~~bytes[:bytes]

~~delete network device~~ Maximum size offilesystem-related caches, such as directory entry and inodecaches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, protecting from amemory shortagesduring critical operations that should not fail. Safety gap~~specified container~~should be between barrier and limit.

--numiptentnum[:num]

~~--diskquota yes |~~Number of iptables (netfilter)entries. Setting the barrier and the limit to different~~no~~values does not make practical sense.

~~allows to enable or disabledisk quota for a container. By default, a global value~~(~~DISK_QUOTA~~--physpages~~) from~~ pages[~~[Man/vz.conf.5|~~:<bi>~~vz.conf~~pages</bi>~~(5)]~~] ~~is used.~~

~~Note that~~ On VSwap-enabled kernels, this~~parameter is ignored for~~ limits the amount of physical memory (RAM) available to acontainer. The barrier should be set to ~~ploop~~0 ~~layout~~, and thelimit to a total size of RAM that can be used used by acontainer.

For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to~~--diskspace~~0, and limit should be set to <ib>~~num~~unlimited</~~i>[:num</i~~b>].

~~For~~ ~~simfs~~--swappages ~~layout, setssoft and hard disk quota limits, in blocks. First parameteris soft limit, second is hard limit. One block is currentlyequal to 1Kb.~~pages[:pages]

ForVSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to ~~ploop~~0 ~~layout~~, ~~sets~~ and the limit to a total size of ~~the ploop image file,~~swap that~~in kilobytes~~can be used by a container.

~~Suffixes~~For older~~G~~(pre-VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value isMunlimited, ~~K can also~~ meaning total swap will be ~~specified (seeResource limits section for more info on~~reported as~~suffixes)~~0.

~~--diskinodesnum[:num]~~=== CPU fair scheduler parameters ====

~~sets soft and hard disk quota~~These~~limits, in i-nodes~~parameters control CPU usage by container. ~~First parameter is soft limit, second is~~ ~~hard limit.~~--cpuunits num

~~Note that~~ CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time thiscontainer gets. Maximum value is 500000,~~parameter~~ minimal is 8. Number is ~~ignored for~~ relative to weights of all the otherrunning containers. If ~~ploop~~cpuunits ~~layout~~are not specified,default value of 1000 is used.

You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~quotatime~~cpuunits~~seconds~~num). Usually, OpenVZ initscript(/etc/init.d/vz) takes care of setting this.

~~sets quota grace period.~~--cpulimit~~Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a hard limit.~~num[%]

Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is 0(no CPU limit). ~~Note that thisparameter is ignored for~~ ~~ploop~~--cpus ~~layout~~num sets number of CPUs availablein the container.

--~~quotaugidlimit~~cpumask~~num~~cpus |auto | all

~~sets maximum number~~ Sets list ofallowed CPUs for~~user~~the container. Input format is a comma-separated list ofdecimal numbers and/~~group IDs~~ or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in a the range. For example, ifyou want the container ~~for which disk quota inside~~to execute on CPUs 0, 1, 2, 7, youshould pass 0-2,7. Default value is all (the container ~~will be accounted~~can execute on any CPU). If ~~this value is set to~~used with the0--nodemaskoption, ~~user and group quotas inside~~ value of auto assigns allCPUs from the specified NUMA node to a container ~~willnot be accounted~~.

-~~top: 1em"~~-nodemask nodes~~Note that ifyou have previously set value of this parameter to~~ | 0all,~~changing it while the container is running will not takeeffect.~~

Sets list of allowed NUMA nodesfor the container. Input format is the same as for--cpumask. Note that --nodemask must be usedwith the --cpumask option ~~====~~.

~~--noatime yes |no~~=== Memory output parameters ====

~~Sets noatime flag~~ ForVSwap-enabled kernels (~~do not~~042stab042 or greater), this~~update inode access times) on filesystem~~parameter is ignored. For older kernels, it controls theoutput of /proc/meminfo inside a container. --meminfo none

No /proc/meminfo virtualization(the same as on host system).

--~~capability~~meminfo~~capname~~mode:<bi>onvalue</~~b>|off</b~~i>

~~Sets a capability for~~ Configure total memory outputin acontainer. ~~Note that setting capability when the container~~Reported free memory is ~~running does not take immediate effect; restart the~~evaluated~~container in order for~~ accordingly to the ~~changes to take effect~~mode being set. ~~Note a~~Reported swap is~~container has default set~~ evaluated according to the settings of ~~capabilities, thus any~~--swappages~~operation on capabilities is "logical and" withthe default capability mask~~parameter.

You can use the

following ~~values~~ modes for ~~capname~~mode: <bbr>~~chown,~~• ~~dac_override~~pages, :<bi>~~dac_read_search~~value</bi>~~, fowner,~~- sets total memory inpages; <~~b>fsetid, kill</b~~br>~~, setgid, setuid,~~• ~~setpcap~~privvmpages, :<bi>~~linux_immutable~~value</bi>,- sets total memoryas ~~net_bind_service~~privvmpages, * <bi>~~net_broadcast~~value</~~b>,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities</b~~i>~~(7)~~.

~~WARNING:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know what~~Default is~~you are doing. Also note that setting~~ ~~setpcap~~privvmpages:on1 ~~fora container will most probably lead to inability to start~~it.

==== ~~Device access management~~ Netfilter (iptables) control parameters ====

--~~devnodes~~netfilter disabled~~device:[~~|rstateless~~][w][~~|qstateful]|~~none~~full

~~Give the container an~~ Restrict accessto~~(r<~~netfilter/~~b> - read, w - write, q - disk quotamanagement, none - no access) to~~ iptables modules for a ~~device designatedby the special file /dev/device~~container. ~~Device file is~~This option~~created in a container by~~ replaces obsoleted ~~vzctl~~--iptables. ~~Example:~~

<~~pre~~ p style="margin-left:22%;margin-top: 1em"> ~~vzctl set 777~~ Note thatchanging this parameter requires container restart, soconsider using --~~devnodes sdb:rwq~~setmode option.</~~pre~~p>

~~--devices~~The following~~b|c~~arguments can be used:~~major:minor|~~~~all~~</bbr>~~:[r][w][q]|none~~• disabled

~~Give the container an access toa block or character device designated by itsmajor and minor numbers. Device file have tobe created manually.~~no modules are allowed

• stateless

~~--pci_add~~all modules except NAT and[<conntracks are allowed (i~~>domain:]bus:slot~~.~~func~~e. filter and mangle); this is thedefault

~~Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by~~ ~~lspci~~• stateful~~(8) in the first column).~~

~~--pci_del~~all modules except NAT are~~[domain:]bus:slot.func~~allowed

<~~p style~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="~~margin-~~left:"><td width="22%;">~~Delete a PCI device from the~~</td>~~container.~~</ptd width="9%">

~~Note that~~~~vps-pci~~• full ~~configuration script is executed by~~<b/p>~~vzctl~~</btd> ~~then configuring PCI devices. The script isusually located at~~ <btd width="1%">~~/usr/lib[64]/vzctl/scripts/~~</btd>.</ptd width="36%">

all modules are allowed</td><td width=~~=== Features management ====~~"32%"></td></tr></table>

--~~features~~iptablesname:[~~on|off~~,...]

~~Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit,~~ ~~ipip~~Note~~, ppp,~~this option is~~ipgre, bridge~~obsoleted, ~~nfsd~~--netfiltershould be used instead.

Allow to usethe functionality of name iptables module inside thecontainer. Multiple comma-separated names can bespecified. The defaultlist of enabled iptables modules is defined by theIPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]].

You can use thefollowing values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,~~--applyconfig~~ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,<ib>xt_mac, ipt_recent, ~~name~~ipt_owner</ib>.

~~Read container~~ === Network devices control parameters ~~fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if --save option specified save tothe container config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT, andVE_PRIVATE.~~====

--~~applyconfig_map~~netdev_add~~group~~name

~~Apply container configparameters selected by group. Now~~ move network device from the ~~only possiblevalue for group is name:~~ host system to ~~restore~~ a specified container~~name based on NAME variable in containerconfiguration file.~~

--netdev_delname</~~O priority management ====~~p>

~~--ioprio~~delete network device from a~~priority~~specified container

~~Assigns I/O priority tocontainer. Priority range is 0-7. The greaterpriority is, the more time for I/O activity containerhas. By default each container has priority of4.~~=== Disk quota parameters ====

--diskquota yes |no

~~Checkpointing is a feature ofOpenVZ kernel which~~ allows to ~~save~~ enable or disabledisk quota for a ~~complete state of~~ container. By default, aglobal value~~running container, and to restore it later~~(DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.

~~chkpnt CTID~~Note that this[parameter is ignored for ~~--dumpfile~~ploop ~~name]~~layout.

~~This command saves a completestate of a running container to a dump file, and stops thecontainer. If an option~~ --~~dumpfile~~diskspace ~~is not set,default dump file name~~ <bi>~~/vz/dump/Dump.~~num</bi>[:~~CTID~~num is~~used.~~]

For ~~restore~~simfs ~~CTID~~layout, setssoft and hard disk quota limits. First parameter is soft~~[--dumpfile name]~~limit, second is hard limit.

~~This command restores a~~For~~container from~~ ploop layout, initiates the ~~dump~~ procedure of resizing theploop image file ~~created by~~ to the new size. Since there is nosoft/hard limit concept in ploop, second <bi>~~chkpnt~~num</bi>, if~~command~~specified, is ignored.

By default,ploop resize is done online, i.e. on a mounted ploop. Thisis a preferred way of doing resize. Although, in a rare casea container was using lots of disk space and should now beresized to a much smaller size, an offline resize might bemore appropriate. In this case, make sure the container isstopped and unmounted and use additional--offline-resize option

~~Snapshotting~~ Note that ploopresize is ~~a feature based~~NOT performed on ~~checkpointing and ploop shapshots. It allows to save acomplete state of~~ container ~~file system. Plus~~start, ~~if the~~so for~~container is running, it’s in~~consistency --~~memory state (as in~~diskspace must be used together with~~checkpointing). Note that snapshot functionality is onlyworking for containers on ploop device~~--save flag.

Suffixes~~snapshot~~G |, ~~snapshot-create~~M , <ib>~~CTID~~K</ib> [can also be specified (see~~--id~~Resource limitssection for more info on suffixes).~~uuid]~~If suffix is not specified, value is in kilobytes.

~~Creates a container snapshot.~~--diskinodesIf ~~uuid~~num ~~is not specified, it is auto-generated. If acontainer is running, it’s checkpointed and thenrestored. If a container is not running, only file systemstate is saved.~~[:num]

~~snapshot-switch~~sets soft and hard disk quota<limits, in i~~>CTID ~~-~~-id uuid~~nodes. First parameter is soft limit, second ishard limit.

~~Switches the container to a~~Note that this~~snapshot identified by~~ parameter is ignored for <ib>~~uuid~~ploop</ib>~~. Note that the currentcontainer state and its file system state is lost! If givensnapshot contains CT memory dump, it is restored, otherwiseit is stopped~~layout.

~~snapshot~~-~~delete~~-quotatime~~CTID --id uuid~~seconds

~~Removes~~ sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit isenforced as a ~~specifiedsnapshot~~hard limit.

Note that thisparameter is ignored for ploop layout. ~~snapshot~~-~~list~~-quotaugidlimit~~CTID~~num

~~Lists all snapshots~~Enables or disablesin-container per-user and per-group disk quotas. ~~Active~~If the~~snapshot~~ value is ~~marked with~~ set to *0 ~~sign~~or not set, disk quotas inside thecontainer is disabled and not accounted.

Forsimfs layout containers, non-zero value sets maximumnumber of user/group IDs for which disk quota isaccounted.

<~~table width~~p style="~~100~~margin-left:22%~~" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"><tr valign="~~; margin-top~~" align="left~~: 1em">For<~~td width="11%"~~b>ploop</tdb>layout containers, any non-zero value enablesdisk quota inside the container; the number of user/groupIDs used by disk quota is not limited by OpenVZ.<~~td width="9%"~~/p>

Note thatenabling or disabling in-container disk quotas requirescontainer restart, so consider using ~~create~~--setmodeoption.</p~~></td><td width="2%"></td><td width="78%"~~>

~~CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--private path][--root path][--ipadd addr][--hostname name][--name name] </td></tr></table>~~=== Capability option ====

-~~top~~-capabilitycapname: ~~1em"~~on|off[,~~Creates a newcontainer area~~. ~~This operation should be done once, beforethe first start of the container~~..]

~~By default, an~~Sets a capability for a~~OS template denoted by DEF_OSTEMPLATE parameter of[[Man/vz.conf.5|vz.conf(5)]] is used to create a~~ container. ~~This~~ Multiple comma-separated capabilities can be~~overwritten by --ostemplate option~~specified.

~~By default,~~ Note thatsetting acapability when the container is running does not~~new~~ take immediate effect; restart the container ~~configuration file is created from a sample~~in order for~~configuration denoted by value of~~ the changes to take effect (consider using ~~CONFIGFILE~~--setmode~~parameter of [[Man/vz.conf.5|vz.conf(5~~option)~~]]. If the containerconfiguration file already exists, it will not bemodified~~.

~~The value~~ A container hasthe default set ofcapabilities, thus any operation on~~CONFIGFILE can be overwritten by using~~ capabilities is "logical AND" with thedefault~~--config name option. This option can not beused if the container configuration file already exists~~capability mask.

~~A new container~~You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,~~can either be created using~~ ~~simfs~~setpcap, linux_immutable ~~filesystem or on a~~,~~ploop~~net_bind_service ~~device. The default is set by value of~~, net_broadcast,~~VE_LAYOUT~~net_admin ~~parameter of [[Man~~, net_raw</~~vz.conf.5|~~b>, ~~vz.conf~~ipc_lock~~(5)]] and can be~~,~~overwritten by~~ ~~--layout~~ipc_owner, sys_module ~~option. In case~~ , ~~ploop~~sys_rawio,~~is used~~sys_chroot, sys_ptrace, sys_pacct, ~~one can additionally specify ploop disk imageformat after a colon. Possible ploop formats are~~sys_admin, sys_boot, sys_nice,~~expanded~~sys_resource, ~~plain~~sys_time ~~and~~ , ~~raw~~sys_tty_config~~. Default is~~,~~expanded~~mknod, lease, setveid, ve_admin. ~~Using~~ For detailed description, see ~~raw~~capabilities ~~is not recommended and isnot supported~~(7).

~~You can use~~~~--diskspace~~WARNING ~~option to specify container file system~~:setting some of those capabilities may have far reaching~~size. Suffixes G, M~~security implications, ~~K can also be~~so do not do it unless you know what~~specified (see~~ you are doing. Also note that setting ~~Resource limits~~setpcap:on ~~section~~ for ~~more infoon suffixes)~~a container will most probably lead to inability to startit.

~~You can use--root path option to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf(5)]] file).Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID.~~=== Device access management ====

~~You can use~~--~~private~~devnodes ~~path~~device ~~option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is~~ :[~~VE_PRIVATE~~r~~specified in~~ ][w][~~Man/vz.conf.5|~~~~vz.conf~~q~~(5)~~]~~] file). Argument can containliteral string~~ |~~$VEID~~none~~, which will be substituted withthe numeric CT ID.~~

~~You can use~~Give the container an access(r-read, w -~~ipadd~~write, q - disk quotamanagement, none - no access) to a device designatedby the special file /dev/~~addr~~device ~~option to assign an IP address to~~. Device file iscreated in a containerby vzctl. ~~Note that this option can be used multipletimes.~~Example:

~~You can use~~ vzctl set 777 --~~hostname name option to set a host name fora container.~~devnodes sdb:rwq</ppre>

~~destroy~~--devicesb | ~~delete~~c:major:~~CTID~~minor|all:[r][w][q]|none

~~Removes a~~ Give the container ~~private~~an access to~~area~~ a block or character device designated by ~~deleting all files, directories~~ itsmajor and ~~the~~minor numbers. Device file have to~~configuration file of this container~~be created manually.

~~start CTID[--wait] [--force]~~=== PCI device management ====

~~Mounts (if necessary) andstarts a container. Unless~~ --~~wait~~pci_add ~~option isspecified,~~ [domain:]<bi>~~vzctl~~bus</bi> ~~will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by~~ :<bi>~~vzctl~~slot</bi>.func

~~Specify~~Give the container an access to~~--force if you want to start~~ a ~~container which is~~specified PCI device. All numbers are hexadecimal (as~~disabled (see~~ printed by ~~--disabled~~lspci(8) in the first column).

~~Note that thiscommand can lead to execution of~~ ~~premount~~--pci_del,[<bi>~~mount~~domain</bi> ~~and~~ :]<bi>~~start~~bus</bi> ~~action scripts (see~~ :<bi>~~ACTIONSCRIPTS~~slot</bi> ~~below)~~.func

~~stop CTID~~Delete a PCI device from the~~[--fast]~~container.

~~Stops and unmounts a container.~~Note that~~Normally,~~ ~~halt~~vps-pci~~(8)~~ configuration script is executed ~~inside a container;~~by~~option~~ ~~--fast~~vzctl ~~makes~~ then configuring PCI devices. The script isusually located at /usr/libexec/vzctl</~~b> use reboot~~scripts/~~(2)syscall instead which is faster but can lead to uncleancontainer shutdown~~.

~~Note that thiscommand can lead to execution of stop, umountand postumount action scripts (see ACTIONSCRIPTS below).~~=== Features management ====

~~restart~~--features ~~CTID~~name[:~~--wait~~on~~] [~~|~~--force~~off] [~~--fast~~,...]

~~Restarts~~ Enable or disable a specificcontainerfeature. Known features are: sysfs, ~~i.e.stops it if it is running~~nfs, sit, ipip, ppp, ~~and starts again. Accepts all the~~~~start~~ipgre ~~and~~ , ~~stop~~bridge ~~options~~, nfsd. A few features canbe specified at once, comma-separated.

~~Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS below).~~=== Apply config ====

~~status~~--applyconfig ~~CTID~~name

~~Shows a~~ Read container ~~status~~parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if --save option specified save tothe container config file. ~~This~~The following parameters are notchanged: HOSTNAME, IP_ADDRESS,~~is a line with five or six words~~OSTEMPLATE, VE_ROOT, ~~separated by spaces~~andVE_PRIVATE.

~~First word isliterally~~ ~~CTID~~--applyconfig_map.group

~~Second word is~~Apply container configparameters selected by group. Now the ~~numeric~~ only possiblevalue for ~~CT ID~~groupis name: to restore containername based on NAME variable in containerconfiguration file.

~~Third word isshowing whether this container exists or not, it can beeither exist<~~=== I/~~b> or deleted.~~O scheduling ====

--iopriopriority ~~Fourth word~~ Assigns disk I/O priority tocontainer. Priority range is0-7. The greater~~showing~~ priority is, the ~~status~~ more time for I/O activity containerhas. By default each container has priority of ~~the container filesystem, it can beeither~~ ~~mounted~~4. --iolimitlimit[B or |~~unmounted~~K.|M|G]

~~Fifth word~~Assigns disk I/O bandwidth~~shows if the~~ limit for a container . Value is ~~running, it can be~~ eithera number with anoptional suffix, or a literal string ~~running~~unlimited or . Valueof ~~down~~0means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

~~Sixth word~~If no suffix isprovided, ifthe limit is assumed to be in megabytes per~~exists~~second. Available suffixes are: • b, B -- bytes per second; • k, is ~~suspended~~K~~. It appears if both a container~~-- kilobytes per second; ~~and its dump file exist~~ • m, M -- megabytes per second (~~see~~ default); • g, ~~chkpnt~~G).-- gigabytes per second;

-~~top: 1em"~~-iopslimit~~This commandcan also be usable from scripts.~~iops

Assigns IOPS limit for acontainer, in number of input/output operations per second.Value is a number or a literal string ~~mount~~unlimited .Value of <ib>~~CTID~~0</ib>means "unlimited". By default acontainer has no IOPS limit.

~~Mounts container private area.Note that this command can lead to execution ofpremount~~ == Suspending and ~~mount action scripts (seeACTION SCRIPTS below).~~resuming ===

~~umount CTID~~Checkpointing is a feature ofOpenVZ kernel which allows to save a complete in-kernelstate of a running container, and to restore it later.

~~Unmounts container privatearea. Note that this command can lead to execution of~~~~umount~~suspend ~~and~~ |~~postumount~~chkpnt ~~action scripts (see~~CTID [~~ACTION SCRIPTS~~--dumpfile ~~below).~~name]

~~Note that~~This command suspends acontainer to a dump file If an option ~~stop~~--dumpfile ~~does~~ isnot set, default dump file name~~umount~~/vz/dump/Dump. ~~automatically~~CTID is used.

~~convert~~resume |<ib>~~CTID~~restore</ib>[<bi>~~--layoutploop~~CTID</bi>[:--dumpfile{<bi>~~expanded~~name</~~b>|plain|raw</b~~i>}]]

~~Convert CT private area toreside on~~ This command restores a ~~ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a~~ container ~~is stopped, plus disk space quota should be~~from the dump file created by the suspend~~set~~command.

~~quotaon CTID~~== Snapshotting ===

~~Turn disk quota~~ Snapshotting is a feature basedoncheckpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing). ~~Not~~ Note thatsnapshot functionality is only~~mount and start does that automatically~~working for containers on ploop device.

~~quotaoff~~snapshot CTID[--id uuid] [--name name][--description desc] [--skip-suspend] [--skip-config]

~~Turn disk quota off~~Creates a container snapshot,i. ~~Not that~~e. saves the current container state, including its file~~umount~~ system state, running processes state, and ~~stop does that automatically~~configurationfile.

If a containeris running, and ~~quotainit~~--skip-suspendoption is notspecified, a container is checkpointed and then restored,~~CTID~~and CT memory dump becomes the part of snapshot.

~~Initialize disk quota (i.e. run~~Unless~~vzquota init~~--skip-config~~) with the parameters taken from the CT~~option is given, containerconfiguration file ~~[[Man/ctid.conf.5|ctid.conf(5)]]~~is saved to the snapshot.

If uuidis not specified, it is auto-generated. Options~~exec~~--name and <ib>--description~~CTID~~can be used tospecify the snapshot name and description, respectively.~~command~~Name is displayed by snapshot-list</ib>.

~~Executes~~ <ib>~~command~~snapshot-switch</ib> ~~in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.~~If ~~command~~CTID is [--skip-resume | --must-resume][--skip-config~~, commands are read from~~] ~~stdin.~~--id uuid

Switches the container to asnapshot identified by <bi>~~exec2~~uuid</~~b> <~~i>~~CTID~~, restoring its file~~command~~system state, configuration (if available) and its runningstate (if available).

~~The same as~~ ~~exec, but~~Note thatthe current state of a container (including its file system~~return code~~ state and its configuration file) is ~~that of command~~lost!</ib>.

Option~~runscript~~--skip-resume is used to ignore a CT memory dump filein a snapshot, as a result the container will end up beingin a stopped state (same as if a snapshot has been takenwith <ib>~~CTIDscript~~--skip-suspend</ib>).

~~Run specified shell script in~~If option~~the container. Argument~~ <ib>~~script~~--must-resume</ib> is set, absense of a ~~file on the hostsystem which contents~~ memory dump is ~~read by vzctl and executed in thecontext of the container. For a running container~~treated as an error, ~~thecommand jumps into the container~~ and ~~executes~~ the ~~script.For a stopped container, it enters~~ inability to restore from the ~~container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container~~ memory dump is ~~notreally started, no file systems other~~ treated as an error rather than ~~root (such as/proc) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations~~warning.

~~enter CTID~~Option option[--~~exec~~skip-config ~~command</~~is used to ignore the CT configurationfile in a snapshot, i~~> [arg~~ .e.the current configuration file willbe left as is.]]

~~Enters into a container (givinga container’s root shell). This option is a back~~snapshot-~~door~~delete~~for host root only. The proper way to have CT root shell isto use~~ CTID ~~ssh~~--id~~(1).~~uuid

Removes a specifiedsnapshot. ~~Option~~snapshot-mountCTID --~~exec~~id ~~is used to run~~ ~~command~~uuid ~~with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so~~ ~~vzctl exec~~--target ~~can not beused) and for some reason you can not use~~ <bi>~~ssh~~directory</bi>~~(1).~~

~~You need to log~~Mounts a snapshot specified by~~out manually from the shell~~ uuid to ~~finish session (even if youspecified~~ a <bi>~~--exec~~directory</bi>). Note this mount isread-only.

~~console~~snapshot-umount CTID --id uuid

~~Attach to the container’s~~Unmounts a specified~~console. Note that the console is persistent, meaning it canbe attached to even if the container is not running, andthere is no automatic detachment when the container isstopped~~snapshot.

~~Type~~ ~~Esc~~snapshot-list~~then~~ CTID [.-H ~~to detach from the console. Type~~ ] [~~Esc~~-o~~then~~ <bi>field[,field</bi> ~~to detach without killing anything~~. ~~Note thatthese sequences are only recognized after~~ ..] [~~Enter~~--id.uuid]

List container’ssnapshots.

You cansuppress displaying header using -~~-help~~Hoption.

~~Prints help message with a~~You can use the~~brief list~~ -o option to display only the specifiedfield(s). List of ~~possible options~~available fields can be obtainedusing -L option.

~~--version~~== Performing container actions ===

<~~p style~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="~~margin-~~left~~:17%;~~">~~Prints~~ <btd width="11%">~~vzctl~~</btd>~~version.~~</ptd width="9%">

create</td><td width= ~~ACTION SCRIPTS =~~"2%"></td><td width="78%">

CTID[--ostemplate  ~~margin~~name][--config name][--~~top~~layout simfs|ploop[: ~~1em"~~{expanded|plain|raw}]][~~vzctl~~--diskspace kbytes]~~has an ability to execute user~~[--~~defined scripts when a~~diskinodes num]~~specific~~ [~~vzctl~~--private  ~~command is run for a container. The~~path]~~following~~ [~~vzctl~~--root  ~~commands can trigger execution of~~path]~~action scripts:~~ [~~start~~--ipadd , addr][~~stop~~--hostname , name][~~restart~~--name ,name][~~mount~~--local_uid  ~~and~~ uid][~~umount~~--local_gid .gid] </td></tr></table>

~~Action scripts~~Creates a new~~are located in the /etc/vz/conf/ directory~~container area. ~~There are~~This operation should be done once, before~~global and per-CT scripts. Global scripts have a literalprefix~~ the first start of ~~vps. and are executed for all containers.Per-CT scripts have a CTID numeric prefix and areexecuted for~~ the ~~given~~ container ~~only~~.

~~Please notescripts are executed in a host system (CT0) context~~By default, ~~with~~an~~the exception of~~ OS template denoted by ~~.start~~DEF_OSTEMPLATE ~~and~~ parameter of[[Man/vz.conf.5|vz.~~stop~~conf ~~scripts,which are executed in~~ (5)]] is used to create a container ~~context~~. This can beoverwritten by --ostemplate option.

~~The following~~By default, a~~action scripts are currently defined:~~ new container configuration file is created from a sampleconfiguration denoted by value of ~~ vps.premount~~CONFIGFILE~~, CTID<~~parameter of [[Man/i>vz.conf.5|vz.~~premount~~conf(5)]]. If the containerconfiguration file already exists, it will not bemodified.

~~Global and per-CT mount scripts~~The value of~~which are executed for a container before it is mounted.Scripts are executed in~~ CONFIGFILE can be overwritten by using the ~~host system context, while a CT~~is --config name option. This option can not ~~yet mounted or running. Global script,~~ beused if the container configuration file already exists~~, isexecuted first~~.

A new containercan either be created using simfs filesystem or on aploop device. The default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|~~vps~~vz.~~mount~~conf(5)]] and can beoverwritten by --layout option. In case ploopis used,one can additionally specify ploop disk imageformat after a colon. Possible ploop formats are<ib>~~CTID~~expanded</ib>, plain and raw. Default isexpanded.~~mount~~Using value other than expandedisnot recommended and is currently not supported.

~~Global~~ You can use--diskspace and ~~per~~--~~CT mount scripts~~diskinodes options to~~which are executed~~ specify container file system size. Note that for ~~a container right after it ismounted. Otherwise they are the same as~~ ~~.premount~~plooplayout, you will not be able to change inodes~~scripts~~value later.

If<ib>~~CTID~~DISKSPACE</ib>is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.conf.5|vz.~~start~~conf(5)]], --diskspaceparameter is required for plooplayout.

~~Right after~~ Suffixes~~vzctl~~G ~~has~~, M, K can also be specified (see~~started a container, it executes this script in a container~~Resource limits section for more info on~~context~~suffixes).

You can use--root~~CTID~~pathoption to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.~~stop~~conf(5)]] file).Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID.

~~Right before~~ You can use~~vzctl~~--private ~~has~~path option to set the path to~~stopped a~~ directory in which all the files and directories specific tothis very containerare stored (default is VE_PRIVATEspecified in [[Man/vz.conf.5|vz.conf(5)]] file). Argument can containliteral string $VEID, ~~it executes this script in a container~~which will be substituted with~~context~~the numeric CT ID.

You can use~~vps.umount~~--ipadd,~~CTID~~addr~~~~option to assign an IP address toa container. Note that this option can be used multipletimes.~~umount~~

~~Global and per~~You can use--~~CT umount~~hostname name option to set a host name for~~scripts which are executed for~~ a container ~~before it is~~. When runningwith an upstream Linux Kernel that supports user namespaces~~unmounted~~(>= 3. ~~Scripts are executed~~ 8), the parameters --local_uid and--local_gid can be used to select which uidand gid respectively will be used as a base user in the host system ~~context~~. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified,the values LOCAL_UID and~~while~~ LOCAL_GID from global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used. An explicit --local_uidvalue of 0 will disable user namespace support, and run thecontainer as a ~~CT is mounted~~privileged user. ~~Global script, if exists~~In this case, --local_gid is ~~executedfirst~~ignored.

~~vps.postumount~~Warning:,use <ib>~~CTID~~--local_uid</ib>and ~~.postumount~~--local_gidwith care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.

~~Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as~~ ~~.umount~~destroy | delete~~scripts.~~CTID

~~The environment~~Removes a container private~~passed to~~ area by deleting all ~~the *mount scripts is the standardenvironment of the parent (i.e. vzctl) with twoadditional variables: $VEID and $VE_CONFFILE.The first one holds the ID of the container~~files, directories and the ~~secondone holds the full path to the container~~ configuration file.~~If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files~~of this container.

~~Here is anexample of a mount script, which makes host system’s~~start</~~mnt~~b> CTID</~~disk available to container(s). Script name can either~~i>be [~~/etc/vz/conf/vps.mount~~--wait or] [~~/etc/vz/conf/~~--force] [<ib>~~CTID~~--skip-fsck</ib>][~~.mount~~--skip-remount.]

<~~pre~~ p style="margin-left:1117%; ~~margin-top: 1em~~"> ~~# If one of these files does not exist then something~~Mounts (if necessary) and # starts a container. Unless --wait option is ~~really broken~~ ~~[ -f~~ specified, vzctl</~~etc/sysconfig/vz ] || exit 1~~b> will return immediately; otherwise ~~[ -f $VE_CONFFILE ] || exit 1~~ ~~# Source both files. Note~~ an attempt to wait till the ~~order~~ default runlevel is ~~important.~~reached will . be made by vzctl</~~etc/vz/vz~~b>.~~conf~~ ~~. $VE_CONFFILE~~ ~~SRC=/mnt/disk~~ ~~DST=/mnt/disk~~ ~~mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC~~</~~pre~~p>

Specify--force if you want to start a container which isdisabled (see --disabled).

~~Returns 0 upon~~Specify~~success, or an appropriate error code in case of an~~--skip-fsck to skip fsck for ploop-based container~~error:~~filesystem (this option is used by vz initscript).

<~~table width~~p style="~~100~~margin-left:17%; margin-top: 1em" ~~border="0" rules="none" frame="void"~~>By default, if ~~cellspacing="0" cellpadding="0">~~a container to be started happens to be already mounted, it~~<tr valign="top" align="left">~~is unmounted and mounted again. This behavior can be turnedoff by using <~~td width="11%"~~b>--skip-remount</tdb>flag.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of 1premount</pb>,mount</tdb>and <~~td width="7%"~~b>start</tdb> action scripts (see ACTIONSCRIPTS<~~td width="78%"~~/b> below).

<pstyle="margin-left:11%;">~~Failed to set a UBC parameter~~stop</pb><~~/td~~i>CTID</tri>[--fast<~~tr valign="top" align="left"~~/b>] [<~~td width="11%"~~b>--skip-umount</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">2Stops a container and unmountsit (unless --skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option<~~td width="7%"~~b>--fast makes vzctl use reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note thatvzctl stop is not asyncronous, in other words vzctlwaits for container’s init to exit (unless~~Failed~~ --fast is given), which can take up to ~~set~~ a ~~fair scheduler parameter~~few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</pb> in[[Man/vz.conf.5|vz.conf</tdb>(5)]], or per container (STOP_TIMEOUT</trb>in[[Man/ctid.conf.5|<~~tr valign="top" align="left"~~b>ctid.conf(5)]], see <~~td width="11%"~~b>--stop-timeout</tdb>).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">3Note that thiscommand can lead to execution of stop</pb>, umount</tdb>and <~~td width="7%"~~b>postumount</tdb> action scripts (see ACTIONSCRIPTS below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Generic system error~~restart</pb> CTID[--wait</tdb>] [--force</trb>] [--fast<~~tr valign="top" align="left"~~/b>][<~~td width="11%"~~b>--skip-fsck</tdb>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">5Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the</pb>start</tdb>and <~~td width="7%"~~b>stop</tdb>options.<~~td width="78%"~~/p>

<p~~>The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Note that thiscommand can lead to execution of some action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">6</pb>status</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Not enough system resources</td></tr><tr valign="top" align~~style="margin-left:17%;">Shows a container status. This~~<td width="11%">~~is a line with five or six words, separated by spaces.</~~td><td width="4%"~~p>

<p~~>7</td><td width~~style="7margin-left:17%; margin-top: 1em">First word isliterally CTID</tdb>.<~~td width="78%"~~/p>

<p~~>ENV_CREATE ioctl failed</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">Second word isthe numeric <~~td width="11%"~~i>CT ID</tdi>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">8Third word isshowing whether this container exists or not, it can beeither </pb>exist</tdb>or <~~td width="7%"~~b>deleted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Command executed by~~ Fourth word isshowing the status of the container filesystem, it can beeither ~~vzctl exec~~mounted ~~returned non-zeroexit code~~or </pb>unmounted</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">9Fifth wordshows if the container is running, it can be either</pb>running</tdb>or <~~td width="7%"~~b>down</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container~~ Sixth word, ifexists, is ~~locked by another~~ ~~vzctl~~suspended. It appears if a dump file~~invocation~~exists for a stopped container (see </pb> suspend</tdb>).</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>10</td><td width~~style="7margin-left:17%; margin-top: 1em">This commandcan also be usable from scripts.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Global OpenVZ configuration file [[Man/vz.conf.5|~~~~vz.conf~~mount~~(5)]] notfound~~</pi> CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">11Mounts container private area.Note that this command can lead to execution ofpremount</pb> and mount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~A vzctl helper script file not found~~</pb>umount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">12Unmounts container privatearea. Note that this command can lead to execution ofumount</pb> and postumount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Permission denied~~Note that</pb>stop</tdb>does <~~/tr~~b>umount<~~tr valign="top" align="left"><td width="11%"~~/b>automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">13convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<p~~>Capability setting failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version~~<td width="11%">~~042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">14</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound </td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">15</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Timeout~~ Turn disk quota on . Not that~~vzctl exec~~mountand </pb>start</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">16</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error during~~ Turn disk quota off. Not that~~vzctl chkpnt~~umountand </pb>stop</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">17</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error during~~ Initialize disk quota (i.e. run~~vzctl restore~~vzquota init<) with the parameters taken from the CTconfiguration file [[Man/p>ctid.conf.5|<~~/td~~b>ctid.conf</~~tr><tr valign="top" align="left"><td width="11%"~~b>(5)]].</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">18</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error from~~ Executes <bi>~~setluid()~~command</bi> ~~syscall~~in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If </pi>command</tdi>is <~~/tr~~b>-<~~tr valign="top" align="left"~~/b>, commands are read from~~<td width="11%">~~stdin.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">20</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Invalid command line parameter~~The same as </pb>exec</~~td></tr~~b>, butreturn code is that of <~~tr valign="top" align="left"~~i>command<~~td width="11%"~~/i>.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">21</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<p~~>Invalid value for command line parameter</td></tr><tr valign="top" align~~style="margin-left:17%;">Run specified shell script inthe container. Argument <~~td width="11%"~~i>script</tdi>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, and~~<td width="4%">~~unmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as<pb>~~22<~~/p>proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basic~~<td width="7%">~~operations.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Container root directory (~~~~VE_ROOT~~enter~~) not set~~CTID</pi>[--exec</tdb><~~/tr~~i>command<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>arg</tdi>...]]<~~td width="4%"~~/p>

<p~~>23</td><td width~~style="7margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh</tdb>(1).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~Option~~VE_PRIVATE~~--exec~~) notset~~is used to run </pi> command</tdi>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~/tr~~b>vzctl exec<~~tr valign="top" align="left"~~/b>can not beused) and for some reason you can not use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<p~~>24</td><td width~~style="7margin-left:17%; margin-top: 1em">You need to logout manually from the shell to finish session (even if youspecified --exec</tdb>).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container template directory (~~~~TEMPLATE~~console~~) notset~~</pi> CTID</~~td></tr><tr valign="top" align="left"~~i>[<~~td width="11%"~~i>ttynum</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum argument is tty number (such as4 for 28tty4</pb>), default is 1</tdb>which is usedfor container’s <~~td width="7%"~~b>/dev/console</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Not all required UBC parameters~~ Note theconsoles are ~~set~~persistent, ~~unable~~ meaning that: • it can be attached to ~~start~~even if the container is not~~container~~running; </pbr> • there is no automatic detachment upon the containerstop; <~~/td></tr~~br>~~<tr valign="top" align="left">~~• detaching from the console leaves anything running in~~<td width="11%">~~this console as is.</~~td><td width="4%"~~p>

<p~~>29</td><td width~~style="7margin-left:17%; margin-top: 1em">The followingescape sequences are recognized by vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~OS template is not specified, unable to create~~•~~container~~</pb> Esc</tdb>then <~~/tr~~b>.<~~tr valign="top" align="left"><td width="11%"~~/b>to detach from the console.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">31•</pb>Esc</tdb>then <~~td width="7%"~~b>!</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="78%"~~/p>

~~Container not running</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Other options ===~~"4%">~~

<p~~>32</td><td width~~style="7margin-left:11%;">--help</tdb><~~td width="78%"~~/p>

<p~~>Container already running</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints help message with a~~<td width="11%">~~brief list of possible options.</~~td><td width="4%"~~p>

<p~~>33</td><td width~~style="7margin-left:11%;">--version</tdb><~~td width="78%"~~/p>

<p~~>Unable to stop container</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints <~~td width="11%"~~b>vzctl</tdb>version.<~~td width="4%"~~/p>

~~34</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~ACTION SCRIPTS ==

<pstyle="margin-left:11%; margin-top: 1em">~~Unable to add IP address~~ vzctlhas an ability to execute user-defined scripts when aspecific vzctl command is run for a container. Thefollowing vzctl commands can trigger execution ofaction scripts: start</pb>, stop</tdb>, restart</trb>,<~~tr valign="top" align="left"~~b>mountand <~~td width="11%"~~b>umount</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the 40/etc/vz/conf/</pb> directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~td width="7%"~~i>CTID.</tdb>numeric prefix andare executed for the given container only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Container not mounted~~Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~/tr~~b>.stop<~~tr valign="top" align="left"~~/b>scripts,~~<td width="11%">~~which are executed in a container context.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">41The followingaction scripts are currently defined: vps.premount</pb>, CTID</tdi><~~td width="7%"~~b>.premount</tdb><~~td width="78%"~~/p>

<p~~>Container already mounted</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scripts~~<td width="11%">~~which are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">43vps.mount</pb>,CTID</tdi><~~td width="7%"~~b>.mount</tdb><~~td width="78%"~~/p>

<p~~>Container private area not found</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as <~~td width="11%"~~b>.premount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">44</pi>CTID</tdi><~~td width="7%"~~b>.start</tdb><~~td width="78%"~~/p>

<p~~>Container private area already exists</td></tr><tr valign="top" align~~style="margin-left:22%;">Right after <~~td width="11%"~~b>vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">46</pi>CTID</tdi><~~td width="7%"~~b>.stop</tdb><~~td width="78%"~~/p>

<p~~>Not enough disk space</td></tr><tr valign="top" align~~style="margin-left:22%;">Right before <~~td width="11%"~~b>vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">47vps.umount</pb>,CTID</tdi><~~td width="7%"~~b>.umount</tdb><~~td width="78%"~~/p>

<p~~>Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,~~<td width="11%">~~while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">48vps.postumount</pb>,CTID</tdi><~~td width="7%"~~b>.postumount</tdb><~~td width="78%"~~/p>

<p~~>Unable to create a new container private area</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as <~~td width="11%"~~b>.umount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">The environmentpassed to all the *mount49scripts is the standardenvironment of the parent (i.e. vzctl</pb>) with twoadditional variables: $VEID and $VE_CONFFILE</tdb>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as <~~td width="7%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Unable~~ Here is anexample of a mount script, which makes host system’s/mnt/disk available to ~~create a new~~ container ~~root area~~(s). Script name can eitherbe /etc/pvz/conf/vps.mount or/etc/vz/conf/</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"~~/i><~~td width="11%"~~b>.mount</tdb>.<~~td width="4%"~~/p>

<ppre style="margin-left:11%; margin-top: 1em">~~50<~~ # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/~~p><~~mnt/~~td>~~disk~~<td width~~ DST=~~"7%"><~~/~~td>~~mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC<~~td width="78%"~~/pre>

== EXIT STATUS == <pstyle="margin-left:11%; margin-top: 1em">~~Unable to mount container~~Returns 0 uponsuccess, or an appropriate error code in case of anerror: <~~/td></tr~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

511</td>

~~Unable~~ Failed to ~~unmount container~~set a UBC parameter</td></tr>

522</td>

~~Unable~~ Failed to ~~delete~~ set a ~~container~~fair scheduler parameter</td></tr>

533</td>

~~Container private area not exist~~Generic system error</td></tr>

605</td>

~~vzquota on failed~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr>

616</td>

~~vzquota init failed~~Not enough system resources</td></tr>

627</td>

~~vzquota setlimit~~ENV_CREATE ioctl failed</td></tr>

638</td>

~~Parameter~~ Command executed by ~~DISKSPACE~~vzctl exec ~~not set~~returned non-zeroexit code</td></tr>

649</td>

~~Parameter~~ Container is locked by another ~~DISKINODES~~vzctl ~~not set~~invocation</td></tr>

6510</td>

~~Error setting second-level~~ Global OpenVZ configuration file [[Man/vz.conf.5|vz.conf(~~ugid~~5) ~~quota~~]] notfound</td></tr>

6611</td>

~~vzquota off failed~~A vzctl helper script file not found</td></tr>

6712</td>

~~ugid quota not initialized~~Permission denied</td></tr>

7113</td>

~~Incorrect IP address format~~Capability setting failed</td></tr>

7414</td>

~~Error changing password~~Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound</td></tr>

7815</td>

~~IP address already in use~~Timeout on vzctl exec</td></tr>

7916</td>

~~Container action script returned an error~~Error during vzctl suspend</td></tr>

8217</td>

~~Config file copying error~~Error during vzctl resume</td></tr>

8618</td>

Error ~~setting devices (~~from ~~--devices~~setluid() or~~--devnodes)~~syscall </td></tr>

8920</td>

~~IP address not available~~Invalid command line parameter</td></tr>

9121</td>

~~OS template not found~~Invalid value for command line parameter</td></tr>

~~100~~22</td>

~~Unable to find container IP address~~Container root directory (VE_ROOT) not set</td></tr>

~~104~~23</td>

Container private directory (~~VE_NETDEV~~VE_PRIVATE ~~ioctl error~~) notset</td></tr>

~~105~~24</td>

Container ~~start disabled~~template directory (TEMPLATE) notset</td></tr>

~~106~~28</td>

~~Unable~~ Not all required UBC parameters are set, unable to ~~set iptables on a running~~ startcontainer</td></tr>

~~107~~29</td>

~~Distribution-specific configuration file~~ OS template is not ~~found~~specified, unable to createcontainer</td></tr>

~~109~~31</td>

~~Unable to apply a config~~Container not running</td></tr>

~~129~~32</td>

~~Unable to set meminfo parameter~~Container already running</td></tr>

~~130~~33</td>

~~Error setting veth interface~~Unable to stop container</td></tr>

~~131~~34</td>

~~Error setting~~ Unable to add IP address to container ~~name~~</td></tr>

~~133~~40</td>

~~Waiting for container start failed~~Container not mounted</td></tr>

~~139~~41</td>

~~Error saving container configuration file~~Container already mounted</td></tr>

~~148~~43</td>

~~Error setting container IO parameters (ioprio)~~Container private area not found</td></tr>

~~150~~44</td>

~~Ploop image file not found~~Container private area already exists</td></tr>

~~151~~46</td>

~~Error creating ploop image~~Not enough disk space</td></tr>

~~152~~47</td>

~~Error mounting ploop image~~Bad/broken container (/sbin/init or/bin/sh not found)</td></tr>

~~153~~48</td>

~~Error unmounting ploop image~~Unable to create a new container private area</td></tr>

~~154~~49</td>

Unable to create a new container root area</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td><td width="7%"></td><td width="78%"> Error resizing ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr>

~~158~~166</td>

Error ~~deleting~~ compacting ploop ~~snapshot~~image</td></tr>

~~159~~167</td>

Error ~~switching~~ listing ploop ~~snapshot~~snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools