Changes

← Older edit

Man/vzctl.8

16,065 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] snapshot CTID

[--id uuid]

[--name name]

[--description desc][--skip-suspend] [--skip-config] </td></tr>

[flags] snapshot-switch CTID[--skip-resume |--must-resume][~~snapshot~~-~~delete~~ -skip-config] --id uuid</td></tr>

[flags] snapshot-~~list~~delete CTID--id uuid</td></tr>

[flags] ~~set~~snapshot-mount CTID ~~--parameter value~~~~[...] [~~--~~save~~id~~] [~~<bi>~~--force~~uuid</bi>][--~~setmode restart~~target|<bi>~~ignore~~dir</bi>] </td></tr>

[flags] ~~convert~~snapshot-list CTID[-~~-layout ploop~~H] [:-o{<bi>field[,~~expanded~~field</bi>|...][~~plain~~--id|<bi>~~raw~~uuid</bi>}]] </td></tr>

[flags] ~~exec~~set | CTID --parameter value[...] [~~exec2~~--save ] [--force<i/b>~~CTID~~]~~command~~[--setmode restart</ib> [|<ib>~~arg~~ignore</ib> ~~...~~]</td></tr>

[flags] ~~enter~~set CTID[--~~exec ~~reset_ub~~command [arg ...]]~~ </td></tr>

[flags] ~~--help~~console | <bi>CTID[~~--version~~ttynum</bi>]</td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] convert CTID[--~~left:11%~~layout  ~~margin-top~~ploop[: ~~1em"~~{expanded|plain~~Utility~~|~~vzctl~~raw ~~runs on the host system (otherwise known as~~}]] </td></tr>~~Hardware Node, or HN) and performs direct manipulations with~~<tr valign="top" align="left">~~containers (CTs).~~<td width="11%"></ptd><td width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] compact CTID</td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width=~~= Flags ===~~"80%">

~~These~~ [flags ~~come before a~~] exec | exec2 CTIDcommand~~, and can be used with any command~~ [arg ... ~~They affect~~]</td></tr>~~logging to console (terminal) only, and do not affect~~<tr valign="top" align="left">~~logging to a log file.~~<td width="11%"></ptd><td width="7%">

~~--quiet~~vzctl</td><td width="2%"></td><td width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align="~~margin-~~left~~:17~~"><td width="11%;">~~Disables output. Note that~~</td>~~scripts run by vzctl are still able to produce someoutput.~~</ptd width="7%">

~~--verbose~~vzctl</td><td width="2%"></td><td width="80%">

~~Increments logging level upfrom the default. Can be used multiple times. Default valueis set to the value of~~ [<bi>~~VERBOSE~~flags</bi> ~~parameter in theglobal configuration file [[Man/vz.conf.5|~~] ~~vz.conf~~runscript~~(5)]], or to~~ <bi>0CTID script</bi>~~if not set by~~ <b/p>~~VERBOSE~~</btd> ~~parameter.~~ ~~=== Setting container parameters ===~~ ~~<table width="100%" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"~~tr>

~~set~~vzctl</td>

<td width="8380%"> --help | --version</td></tr></table>

== DESCRIPTION == ~~CTID~~Utility[~~--onboot yes~~vzctl~~|no~~runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs).</bp>][p style="margin-left:11%; margin-~~bootorder </b~~top: 1em">Containers canbe referred to by either numeric ~~number~~CTID]or by name (see[--~~root ~~name~~path]~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes. A numeric ID should[not be more than ~~--private ~~2147483644.<i/p>~~path]~~[== OPTIONS == === Flags === <bp style="margin-top: 1em">~~--userpasswd ~~These flags come before acommand, and can be used with any command. They affectlogging to console (terminal) only, and do not affectlogging to a log file.</bp> <~~i>user~~p style="margin-left:<i11%;">~~pass]~~[--~~disabled yes~~quiet|<b/p>~~no]~~[p style="margin-~~-name&nbsp~~left:17%;~~</b~~">~~name~~Disables output. Note thatscripts run by vzctl are still able to produce someoutput.</ip>][--~~description ~~verbose<i/p>~~string~~ </ip style="margin-left:17%;">]Increments logging level upfrom the default. Can be used multiple times. Default value[is set to the value of ~~--ipadd <~~VERBOSEparameter in theglobal configuration file [[Man/vz.conf.5|<ib>~~addr~~vz.conf</ib>(5)][], or to ~~--ipdel ~~0if not set by <ib>~~addr~~VERBOSE</~~i>|<~~b>~~all~~parameter.</bp>]~~[--hostname name]~~[=== Setting container parameters === <~~b>--nameserver </b~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><~~i>addr</i~~tr valign="top" align="left">][<btd width="11%">~~--searchdomain ~~</btd><itd width="4%">~~name~~ </ip style="margin-top: 1em">][~~--netif_add ~~set<i/p>~~dev~~</itd>[,<itd width="2%">~~params~~</itd>~~...]]~~[<btd width="83%">~~--netif_del ~~ </bp style="margin-top: 1em">~~dev~~CTID~~|all]~~[--~~ifname~~onboot yes |<ib>~~dev~~no</ib>][--~~mac~~bootorder ~~hwaddr~~number][--~~host_ifname~~root ~~dev~~path][--~~host_mac~~private ~~hwaddr~~path][--~~bridge~~mount_opts ~~name~~options][--~~mac_filter~~userpasswd on|<bi>~~off~~user</bi>:pass]][--~~numproc~~disabled yes|<ib>~~items~~no</ib>][--~~numtcpsock~~name ~~items~~name][--~~numothersock~~description ~~items~~string][--~~vmguarpages~~ostemplate ~~pages~~string][--~~kmemsize~~stop-timeout ~~bytes~~seconds][--~~tcpsndbuf~~ipadd ~~bytes~~addr][--~~tcprcvbuf~~ipdel ~~bytes~~addr|all][--~~othersockbuf~~hostname ~~bytes~~name][--~~dgramrcvbuf~~nameserver ~~bytes~~addr][--~~oomguarpages~~searchdomain ~~pages~~name][--~~lockedpages~~netif_add ~~pages~~dev][~~--privvmpages ~~,~~pages~~params...]][--~~shmpages~~netif_del ~~pages~~dev|all][--~~numfile ~~ifname~~items~~dev][--~~numflock~~mac ~~items~~hwaddr][--~~numpty~~host_ifname ~~items~~dev][--~~numsiginfo~~host_mac ~~items~~hwaddr][--~~dcachesize~~bridge ~~bytes~~name][--~~numiptent~~mac_filter on|<ib>~~num~~off</ib>]][--~~physpages~~numproc ~~pages~~items][--~~swappages~~numtcpsock ~~pages~~items][--~~ram~~numothersock ~~bytes~~items][--~~swap~~vmguarpages ~~bytes~~pages][--~~cpuunits~~kmemsize ~~num~~bytes][--~~cpulimit~~tcpsndbuf ~~num~~bytes][--~~cpus~~tcprcvbuf ~~num~~bytes][--~~cpumask~~othersockbuf ~~cpus~~bytes~~|all]~~][--~~meminfo~~dgramrcvbuf ~~none~~|~~mode:value~~bytes][--~~iptables~~oomguarpages ~~name~~pages][--~~netdev_add~~lockedpages ~~ifname~~pages][--~~netdev_del~~privvmpages ~~ifname~~pages][--~~diskquota~~shmpages ~~yes~~|<bi>nopages</bi>][--~~diskspace~~numfile ~~num~~items][--~~diskinodes~~numflock ~~num~~items][--~~quotatime~~numpty ~~seconds~~items][--~~quotaugidlimit~~numsiginfo ~~num~~items][--~~noatime~~dcachesize ~~yes~~|<bi>nobytes</bi>][--~~capability~~numiptent ~~capname~~num:][on--physpages |<bi>~~off~~pages</bi>][--~~devnodes~~swappages ~~param~~pages][--~~devices~~ram ~~param~~bytes][--~~pci_add~~swap ~~dev~~bytes][--~~pci_del~~vm_overcommit ~~dev~~float][--~~features~~cpuunits ~~param~~num:][on--cpulimit |<bi>~~off~~num</bi>][--~~applyconfig~~cpus ~~name~~num][--~~applyconfig_map~~cpumask ~~group~~cpus|auto|all][--~~ioprio~~nodemask ~~num~~nodes~~] [~~|~~--save~~all][--~~force~~meminfo none|mode:value][--~~setmode~~iptables ~~restart~~|<bi>~~ignore~~name[],</pb> ...]][<~~/td~~b>--netfilter disabled</trb>|<~~tr valign="top" align="left"~~b>stateless<~~td width="11%"~~/b>|stateful</tdb>|<~~td width="4%"~~b>full</tdb>][<~~td width="2%"~~b>--netdev_add <~~/td~~i>ifname<~~td width="83%"~~/i>] [<pb>~~This command sets various container parameters.~~--netdev_del </pb><~~/td~~i>ifname</tri>][--diskquota yes</~~table~~b> |<~~p style="margin-left:17%; margin-top: 1em"~~b>no~~If a~~][--~~save~~diskspace  ~~flag is given, parameters are saved incontainer configuration file [[Man/ctid.conf.5|<b~~~~ctid.conf~~num</bi>~~(5)~~]~~]. Use~~[--~~force~~diskinodes  ~~to save the parameters even if the current~~num]~~kernel doesn~~[--quotatime&~~rsquo~~nbsp;~~t support OpenVZ.~~</pb> <~~p style="margin-left:17%; margin-top: 1em"~~i>seconds~~If the~~]~~container is currently running,~~ [~~vzctl~~--quotaugidlimit  ~~applies theseparameters to the container.~~num</pi>] [<~~p style="margin~~b>--~~left:17%~~capability  ~~margin-top: 1em"~~~~Note that a fewparameters can only be applied by restarting the container.By default,~~ <bi>~~vzctl~~capname</bi> ~~warns if such parameters arepresent and a container is running. Use~~ :~~--setmoderestart~~on ~~to restart a container in such a case, or~~|~~--setmode ignore~~off ~~to suppress the above mentionedwarning.~~[,</pb>...]] ~~The followingparameters can be used with~~ [~~set<~~--devnodes  ~~command.~~param</pi>] ~~==== Miscellaneous ====~~ [<~~p style="margin~~b>--~~left:11%~~devices "<bi>~~--onboot yes~~param</bi> |][no--pci_add </pi>dev] [<~~p style="margin~~b>--~~left:17%~~pci_del "~~Sets whether the container willbe started during system boot. The container will not be~~dev]~~auto-started unless this parameter is set to~~ [~~yes~~--features .name</pi> :<~~p style="margin-left:11%;"~~b>on~~--bootorder~~|off<i/b>~~number~~[</ib>,</pb>...]] [<~~p style="margin~~b>--~~left:17%~~applyconfig "~~Sets the boot order priorityfor this CT. The higher the~~ ~~number~~name ~~is, the earlier in~~]~~the boot process this container starts. By default thisparameter is unset, which is considered to be the lowestpriority, so containers with unset~~ [~~bootorder~~--applyconfig_map  ~~willstart last.~~</pi>group] ~~~~[--~~root~~ioprio  ~~path~~num][</pb> ~~~~Sets the path to root directory~~(<bi>~~VE_ROOT~~mbps][~~) for this container. This is essentially amount point for container~~--iopslimit&~~rsquo~~nbsp;~~s root directory. Argumentcan contain literal string~~ iops] [~~$VEID~~--save~~, which will be~~]~~substituted with the numeric CT ID.[--force] [--reset_ub][--setmode restart|ignore] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"></td><td width="2%"></td><td width="83%">

This command sets various container parameters. If thecontainer is currently running, ~~--private~~vzctlapplies theseparameters to the container. The following options can beused with <ib>~~path~~set</ib>command.</td></tr></table>

~~Sets the path to privatedirectory (VE_PRIVATE) for this container. This is adirectory in which all the container’s files arestored. Argument can contain literal string $VEID,which will be substituted with the numeric CT ID.~~=== Flags ====

--~~userpasswd~~save~~user:password</i~~>

~~Sets password for the~~ If this flag is given~~user in a container~~, ~~creating the user if it does notexists. Note that this option is not~~ parameters are saved in container configurationfile~~file at all (so~~ [[Man/ctid.conf.5|~~--save~~ctid.conf ~~flag is useless), it isapplied to the container~~ (~~by modifying its /etc/passwd and/etc/shadow files~~5)]].

-~~top: 1em"~~-force~~In casecontainer root filesystem is not mounted, it isautomatically mounted, then all the appropriate file changesare applied, then it is unmounted.~~

If this flag is given togetherwith --~~top: 1em"~~save, parameters are saved even if the currentkernel doesn’t support OpenVZ. Note ~~that~~this flag does not~~container should be created before using this option~~make sense without --save, so --save isrequired.

--~~disabled yes |no~~reset_ub

~~Disable container start. To~~If this flag is given,~~force the start of a disabled container, use~~ vzctl ~~start--force~~applies all User Beancounter parameters fromthe configuration file to a running container. This ishelpful in case configuration file is modified manually.Please note this flag is exclusive, i.e. it can not becombined with any other options or flags.

--~~name~~setmode restart |<ib>~~name~~ignore</ib>

~~Add~~ A few parameters can only beapplied by restarting the container. By default,vzctl prints a ~~name for~~ warning if such parameters aresupplied and a containeris running. ~~The~~Use <ib>~~name~~--setmoderestart</ib> ~~can later be used in subsequent calls to~~together with ~~vzctl~~--save flag to restart acontainer in ~~place of~~ such a case, or <ib>~~CTID~~--setmode ignore</ib>tosuppress the warning.

~~--descriptionstring~~=== Miscellaneous ====

~~Add a textual description for a~~--onboot yes |~~container.~~no

Sets whether the container willbe started during system boot. The container will be startedon boot by vz initscript if either this parameter isset to yes, or the container was running just beforelast reboot, and this parameter is not set to no.Default value is unset, meaning the container will bestarted if it was running before the last reboot.

--~~ipadd~~bootorder ~~addr~~number

~~Adds an IP address~~ Sets the boot order priorityfor this CT. The higher the ~~addr~~numberis, the earlier in~~to a given~~ the boot process this containerstarts. ~~Address can optionally have a netmask~~By default this~~specified in~~ parameter is unset, which is considered to be the ~~CIDR notation (e.g.~~ lowestpriority, so containers with unset bootorder10willstart last.~~1.2.3~~</25p> --root).~~Note that this option is incremental, so~~ ~~addr~~path ~~areadded to already existing ones.~~

Sets the path to root directory(~~--ipdel~~VE_ROOT ~~addr |~~) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string ~~all~~$VEID, which will besubstituted with the numeric CT ID.

~~Removes IP address~~ <ib>~~addr~~--private</ib>~~from a container. If you want to remove all the addresses,use~~ <bi>~~--ipdel all~~path</bi>.

Sets the path to privatedirectory (~~--hostname~~VE_PRIVATE) for this container. This is adirectory in which all the container’s files arestored. Argument can contain literal string <ib>~~name~~$VEID</ib>,which will be substituted with the numeric CT ID.

~~Sets container hostname.~~--mount_optsoption[~~vzctl~~, ~~writes it to the appropriate file inside acontainer (distribution-dependent)~~option...]

Sets additional mount optionsfor container file system. Only applicable for ~~--nameserver~~ploop~~addr~~layout, ignored otherwise.

~~Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use~~ --~~nameserver~~userpasswd ~~optionmultiple times in one call to~~ <bi>~~vzctl~~user</bi>~~, as all the nameserver values set in previous calls to~~ :<bi>~~vzctl~~password</bi> ~~areoverwritten.~~

Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so --~~searchdomain~~saveflag is useless), it isapplied directly to the container, by runningdistribution-specific programs inside the container. It isnot recommended to combine this option with any other~~name~~options.

~~Sets DNS search domains for a~~In casecontainer~~. If you want to set several search domains~~was not running, ~~youshould do~~ it ~~at once, so use --searchdomain option~~is automatically started then~~multiple times in one call to vzctl, as~~ all theappropriate changes are applied, then it is~~search domain values set in previous calls to vzctlare overwritten~~stopped.

~~--netif_add~~Note that~~ifname[,mac,host_ifname,host_mac,bridge]~~container should be created before using this option.

~~Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container,~~ <ib>~~mac~~--disabled yes</ib> ~~is its MAC~~|~~address,~~ <ib>~~host_ifname~~no</ib> ~~is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified.~~

Disable container start. Toforce the start of a disabled container, use vzctl start--~~netif_deldev_name | all~~force.

~~Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~~~all~~--name.name

Add a name for a container. Thename can later be used in subsequent calls tovzctl in place of CTID. Note this option cannot be used without --save.

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ --~~ifname~~description</b~~> name option. <br~~>~~--mac~~ ~~XX:XX:XX:XX:XX:XX~~string

~~MAC address of interface inside~~Add a textual description for aa container.

--~~host_ifname~~ostemplate~~name~~string Sets a new value ofOSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Requires --save flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses the value of OSTEMPLATE to rundistribution-specific scripts.

~~interface name for virtual~~--stop-timeout~~interface in the host system.~~seconds

Sets a time to wait forcontainer to stop on ~~--host_mac~~vzctl stopbefore forciblykilling it, in seconds. Note this option can not be usedwithout <ib>~~XX:XX:XX:XX:XX:XX~~--save</ib>flag.

~~MAC address~~ Special valueof ~~interface~~ 0 means to use compiled-in ~~thehost system~~default.

~~If you want anindependent communication with the Container through thebridge, you should specify a multicast MAC address here(FE:FF:FF:FF:FF:FF).~~=== Networking ====

--~~bridge~~ipadd ~~name~~addr

~~Bridge name~~Adds an IP address addrto a given container. ~~Custom network~~Address can optionally have a netmask~~start scripts can use~~ specified in the CIDR notation (e.g. 10.1.2.3/25).Note that this ~~value to automatically add the~~option is incremental, so addr are~~interface~~ added to ~~a bridge~~already existing ones.

--~~mac_filter on~~ipdel addr |~~off~~all

~~Enables~~Removes IP address addr</~~disables MAC addressfiltering for the Container veth device and the possibility~~i>~~of configuring the MAC address of this device~~ from ~~insidethe Container~~a container. If you want to remove all the ~~filtering is turned on:~~ addresses,use <brb>~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding~~ --ipdel all ~~broadcast and multicast packets);~~ <br/b>~~• it is impossible to modify the veth MAC address frominside the Container~~.

--~~top: 1em"~~hostname~~By default,this functionality is enabled for all veth devices existinginside the Container.~~name

Sets container hostname.vzctl writes it to the appropriate file inside acontainer (distribution-dependent).

~~The followingoptions sets memory and swap limits for VSwap~~--~~enabled~~nameserver~~kernels (kernel version 042stab042 or greater).~~addr

~~Argument is in~~Sets DNS server IP address for~~bytes~~a container. If you want to set several nameservers, ~~unless otherwise specified by an optional suffix.Available suffixes are:~~you~~•T~~should do it at once, so use <~~b>t</~~b> - ~~terabytes; • G, g~~ - ~~gigabytes; • M~~nameserver~~, m - megabytes; ~~option~~•~~ multiple times in one call to Kvzctl, ~~k - kilobytes; ~~as all the name~~•~~ server values set in previous calls to Pvzctl~~, p - memory pages (arch-specific,usually 4KB); ~~are~~• B, b - bytes~~overwritten. ~~ --ram bytes~~

~~Sets physical memory~~ A special valueof inherit can be used to auto-propagate nameservervalue(~~RAM~~s)~~available to a container. Actually,~~ from the ~~option is a shortcut~~host system’s~~for setting~~ ~~--physpages~~/etc/resolv.conf ~~limit (the barrier is set to~~0)file.

--~~swap~~searchdomain ~~bytes~~name

~~Set swap space available to~~ Sets DNS search domains for acontainer. ~~Actually~~If you want to set several search domains, ~~the option is a shortcut for setting~~youshould do it at once, so use --~~swappages~~searchdomain ~~limit (~~optionmultiple times in one call to vzctl, as all the ~~barrier is~~ search domain values set in previous calls to 0)vzctlare overwritten.

~~Here is an~~A special value~~example~~ of ~~setting container 777~~ inherit can be used to ~~have 512 megabytes of~~auto-propagate searchdomain value(s) from the host system’s~~RAM and 1 gigabyte of swap:~~/etc/resolv.conf file.

<~~pre~~ p style="margin-left:11%;"> ~~vzctl set 777~~ --~~ram 512M --swap 1G --save~~netif_addifname[,mac,host_ifname,host_mac,bridge]</~~pre~~p>

Adds a virtual Ethernet device(veth) to a given container. Here ifname is theEthernet device name in the container, mac is its MACaddress, host_ifname is the Ethernet device name onthe host, and host_mac is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified. --netif_deldev_name | all

~~The following~~Removes virtual Ethernet device~~options sets barrier and limit for various user~~from a container. If you want to remove all devices, use~~beancounters~~all.

~~Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --ram and--swap (see above). For older kernels, these limitsare obligatory.~~=== veth interface configuration ====

~~Each option~~The followingoptions can be used to reconfigure the already-created~~requires one or two arguments~~virtual Ethernet interface. ~~In case of one argument~~To select the interface toconfigure,use ~~vzctl~~--ifname ~~sets barrier and limit to the same value~~name option. In ~~case of two colon~~-~~separated arguments, the first is abarrier, and the second is a limit. Each argument is eithera number, a number with a suffix, or a special value~~-mac~~unlimited~~XX:XX:XX:XX:XX:XX</bi> MAC address of interface insidea container.

~~Arguments arein items, pages or bytes. Note that page size isarchitecture~~--~~specific, it is 4096 bytes on x86 and x86_64~~host_ifname~~platforms.~~name

~~You can alsospecify different suffixes for User Beancounter parameters(except~~ interface name for ~~those which names start with num). Forexample, vzctl set CTID --privvmpages5M:6M should set privvmpages’ barrier to 5~~virtual~~megabytes and its limit to 6 megabytes~~interface in the host system.

--~~top: 1em"~~host_mac~~Availablesuffixes are~~XX:XX:XX:XX:XX:XX

~~•T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; ~~MAC address of interface in the~~• P, p - memory pages (arch-specific,usually 4KB); • B, b - bytes~~host system.

~~You can also~~If you want an~~specify~~ independent communication with the ~~literal word unlimited in place of anumber. In that case~~ Container through the ~~corresponding value will be set toLONG_MAX~~bridge, ~~i. e. the maximum possible value. ~~you should specify a multicast MAC address here~~--numproc items[~~(FE:FF:FF:FF:FF:~~items]~~FF).

~~Maximum number of processes andkernel~~-~~level threads. Setting the barrier and the limit todifferent values does not make practical sense.~~-bridge name

~~--numtcpsock~~Bridge name. Custom networkstart scripts can use this value to automatically add the~~items[:items]~~interface to a bridge.

~~Maximum number of TCP sockets.~~--mac_filter on |~~This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel. Setting the barrier and the limit todifferent values does not make practical sense.~~off

~~--numothersock<~~Enables/b>disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from inside~~items[~~the Container. If the filtering is turned on:<ibr>~~items~~• the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); </ibr>]• it is impossible to modify the veth MAC address frominside the Container.

~~Maximum number of non-TCP~~By default,~~sockets (local sockets, UDP and other types of sockets).~~this functionality is enabled for all veth devices existing~~Setting~~ inside the ~~barrier and the limit to different values doesnot make practical sense~~Container.

~~--vmguarpagespages[:pages]~~=== VSwap limits ====

~~Memory allocation guarantee.This parameter controls how much memory is available to a~~The following~~container. The barrier is the amount of~~ options sets memory ~~that~~and swap limits for VSwap-enabled~~container’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to unlimited~~kernels (kernel version 042stab042 or greater).

~~--kmemsize~~Argument is in~~~~bytes~~[~~, unless otherwise specified by an optional suffix.Available suffixes are:~~bytes]~~

~~Maximum amount of kernel memory~~•~~used. This parameter is related to~~ T, t-terabytes; • G, g -~~numproc~~gigabytes; • M~~. Each~~, m - megabytes; ~~process consumes certain amount of kernel memory~~ • K, k - ~~16 KB at~~kilobytes; ~~least~~• P, 30p - memory pages (arch-~~50 KB typically. Very large processes may consume~~specific,~~a bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernel~~usually 4KB); ~~will need to kill container~~&~~rsquo~~bull;~~s applications to keep~~ B, b - bytes (this is thedefault).~~kmemsize~~ --ram ~~usage under the limit.~~bytes

Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting --~~tcpsndbuf~~physpageslimit (the barrier is set to~~bytes[:bytes]~~0).

~~Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of~~ ~~numtcpsock~~--swap ~~multiplied by 2.5KB.~~bytes

Set swap space available to acontainer. Actually, the option is a shortcut for setting--swappages limit (the barrier is set to 0). --~~tcprcvbuf~~vm_overcommit~~bytes~~float[ Set VM overcommitment value to~~bytes~~float]. If set, it is used to calculateprivmmpages parameter in case it is not setexplicitly (see below). Default value is 0, meaningunlimited privvmpages. vzctlchecks if running kernel is VSwap capable, and refuses touse these parameters otherwise. This behavior can beoverriden by using --force flag beforeparameters.

~~Maximum size of TCP receive~~In VSwap mode,~~buffers~~all beancounters other than RAM and swap become optional. ~~Barrier should be~~ Note though that if some optional beancounters are not ~~less than 64 KB~~set, ~~anddifference between barrier~~ they are calculated and ~~limit should be equal to ormore than value of numtcpsock multiplied~~ set by ~~2.5~~vzctl implicitly, using the~~KB.~~following formulae:

~~--othersockbuf~~•lockedpages.barrier = oomguarpages.barrier = ram~~bytes[:bytes]~~

~~Maximum size of other (non-TCP)socket send buffers. If container~~&~~rsquo~~bull;~~s processes needs tosend very large datagrams, the barrier should be setaccordingly~~lockedpages. ~~Increased~~ limit ~~is necessary for highperformance of communications through local (UNIX-domain)sockets~~= oomguarpages.limit = unlimited

~~--dgramrcvbuf~~•vmguarpages.barrier = vmguarpages.limit = ram + swap~~bytes[:bytes]~~

~~Maximum size of other (non-TCP)socket receive buffers. If container~~&~~rsquo~~bull;~~s processes needsto receive very large datagrams, the~~ privvmpages.barrier ~~should be setaccordingly~~= privvmpages. ~~The difference between the barrier and the~~limit = (ram + swap) *~~limit is not needed.~~vm_overcommit

(if~~--oomguarpages~~vm_overcommitis <ib>~~pages~~0</ib>[:or not set,<ib>~~pages~~privvmpages</ib>]is set to "unlimited")

~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amount~~Here is anexample of ~~memory and swap space used by the~~ setting container~~’sprocesses. The barrier~~ 777 to have 512 megabytes of ~~this parameter is theout-~~RAM and 1 gigabyte of~~-memory guarantee. If the oomguarpages~~swap:</bp> ~~usage isbelow the barrier, processes of this container areguaranteed not to be killed in out~~<pre style="margin-~~of-memory situations. Themeaning of limit is currently unspecified~~left:11%; ~~it should be~~ "> vzctl set~~to unlimited~~777 --ram 512M --swap 1G --save</~~b>.</p~~pre>

~~--lockedpagespages[:pages]~~=== User Beancounter limits ====

~~Maximum number of pages~~The following~~acquired by mlock(2)~~options sets barrier and limit for various userbeancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --~~privvmpages~~ramand<ib>~~pages~~--swap</ib>~~[:pages]~~(see above). For older kernels, these limitsare obligatory.

~~Allows controlling the amount~~Each optionrequires one or two arguments. In case of ~~memory allocated by the applications. For shared (mapped~~one argument,as ~~MAP_SHARED~~vzctl~~) pages, each container really using a~~sets barrier and limit to the same value. In~~memory page is charged for the fraction~~ case of two colon-separated arguments, the ~~page~~first is a~~(depending on~~ barrier, and the ~~number of others using it)~~second is a limit. ~~For~~Each argument is either~~"potentially private" pages (mapped as~~a number, a number with a suffix, or a special value~~MAP_PRIVATE~~unlimited~~), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet~~.

~~The barrier and~~Arguments are~~the limit of this parameter control the upper boundary ofthe total size of allocated memory~~in items, pages or bytes. Note that ~~this upper~~page size is~~boundary does not guarantee that container will be able to~~architecture-specific, it is 4096 bytes on x86 and x86_64~~allocate that much memory. The primary mechanism to controlmemory allocation is the --vmguarpages guarantee~~platforms.

You can alsospecify different suffixes for User Beancounter parameters(except for those which names start with ~~--shmpages~~num). Forexample, vzctl set ~~pages~~CTID[--privvmpages5M:6M should set <ib>~~pages~~privvmpages</ib>]’ barrier to 5megabytes and its limit to 6 megabytes.

~~Maximum IPC SHM segment size.~~Available~~Setting the barrier and the limit to different values does~~suffixes are: •T, t - terabytes; • G, g - gigabytes; • M, m - megabytes; • K, k - kilobytes; ~~not make practical sense~~• P, p - memory pages (arch-specific,usually 4KB); • B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~numfile~~numprocitems[:items]

Maximum number of ~~open files.In most cases the barrier~~ processes and ~~the limit should be set to thesame value~~kernel-level threads. Setting the barrier ~~to 0 effectivelydisables pre-charging optimization for this beancounter in~~and the ~~kernel, which leads~~ limit to ~~the held value being precise butcould slightly degrade file open performance~~different values does not make practical sense.

--~~numflock~~numtcpsock

items[:items]

Maximum number of ~~file locks~~TCP sockets.~~Safety gap should be between barrier~~ This parameter limits the number of TCP connections and ~~limit.~~ ~~--numptyitems[:items]~~,~~Number~~ thus, the number of ~~pseudo-terminals~~clients the server application can~~(PTY). Note that~~ handle in ~~OpenVZ each container can have not morethan 255 PTYs~~parallel. Setting the barrier and the limit to

different values does not make practical sense.

--~~numsiginfo~~numothersock

items[:items]

~~Number~~ Maximum number of ~~siginfo structures~~non-TCPsockets (local sockets, UDP and other types of sockets).

Setting the barrier and the limit to different values does

not make practical sense.

--~~dcachesize~~vmguarpagespages[:pages] Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be set to unlimited. --kmemsize

bytes[:bytes]

Maximum ~~size~~ amount ofkernel memory~~filesystem-related caches, such as directory entry and inodecaches~~used. ~~Exists as a separate~~ This parameter is related to ~~impose a limit~~--numproc. Each~~causing file operations to sense~~ process consumes certain amount of kernel memory ~~shortage and return~~- 16 KB at~~an errno to applications~~least, ~~protecting from memory shortages~~30-50 KB typically. Very large processes may consume~~during critical operations that should not fail~~a bit more. ~~Safety~~ It is important to have a certain safety gap~~should be~~ between the barrier and the limit of this parameter: equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep thekmemsize usage under the limit.

--~~numiptent~~tcpsndbuf~~num~~bytes[:~~num~~bytes]

~~Number~~ Maximum size of ~~iptables (netfilter)~~TCP send~~entries~~buffers. ~~Setting the~~ Barrier should be not less than 64 KB, anddifference between barrier and ~~the~~ limit should be equal to ~~different~~or~~values does not make practical sense~~more than value of numtcpsock multiplied by 2.5KB.

--~~physpages~~tcprcvbuf~~pages~~bytes[:~~pages~~bytes]

~~On VSwap-enabled kernels, thislimits the amount~~ Maximum size of ~~physical memory (RAM) available to a~~TCP receive~~container~~buffers. ~~The~~ Barrier should be not less than 64 KB, anddifference between barrier and limit should be ~~set~~ equal to ormore than value of 0numtcpsock~~, and thelimit to a total size of RAM that can be used used~~ multiplied by a2.5~~container~~KB.

~~For olderkernels, this is an accounting~~--~~only parameter, showing theusage of RAM by this container. Barrier should be set to~~othersockbuf<bi>0bytes</bi>~~, and limit should be set to~~ [:<bi>~~unlimited~~bytes</bi>.]

~~~~Maximum size of other (non-TCP)socket send buffers. If container’s processes needs tosend very large datagrams, the barrier should be setaccordingly. Increased limit is necessary for highperformance of communications through local (UNIX-~~swappages~~domain)~~pages[:pages]~~sockets.

~~For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to~~ 0--dgramrcvbuf~~, and the limit to a total size of swap thatcan be used by a container.~~bytes[:bytes]

~~For older~~Maximum size of other (~~pre~~non-~~VSwap~~TCP) ~~kernels~~socket receive buffers. If container’s processes needsto receive very large datagrams, the ~~limit is used to show a total~~barrier should be set~~amount of swap space available inside the container~~accordingly. Thedifference between the barrier and the~~barrier of this parameter~~ limit is ~~ignored. The default value isunlimited, meaning total swap will be reported as~~0not needed.

--oomguarpagespages[:pages]

~~These~~Guarantees against OOM kill.Under this beancounter the kernel accounts the total amount~~parameters control CPU usage~~ of memory and swap space used by the container’sprocesses. The barrier of this parameter is theout-of-memory guarantee. If the oomguarpages<br/b>usage isbelow the barrier, processes of this container areguaranteed not to be killed in out-of-~~cpuunits~~memory situations. Themeaning of limit is currently unspecified; it should be setto ~~num~~unlimited</ib>.

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--lockedpages ~~are not specified,default value of 1000 is used.~~pages[:pages]

~~You can set CPU~~Maximum number of pages~~weight for CT0 (host system itself) as well (use~~ acquired by ~~vzctlset 0 --cpuunits~~mlock ~~num). Usually, OpenVZ initscript~~(~~/etc/init.d/vz~~2) ~~takes care of setting this~~.

--~~cpulimit~~privvmpages~~num~~pages[:<bi>%pages</bi>]

~~Limit~~ Allows controlling the amountof ~~CPU usage for~~ memory allocated by theapplications. For shared (mappedas MAP_SHARED) pages, each container~~, in per cent. Note if~~ really using amemory page is charged for the fraction of the ~~computer has 2 CPUs, it~~page~~has total~~ (depending on the number of ~~200% CPU time~~others using it). ~~Default CPU limit is~~ For"potentially private" pages (mapped as0MAP_PRIVATE), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be in~~(no CPU limit)~~memory, in swap or not physically allocated yet.

The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the --~~cpus~~vmguarpages ~~num~~guarantee.

~~sets number of CPUs available~~--shmpages~~in the container.~~pages[:pages]

~~--cpumask cpus |~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values does~~all~~not make practical sense.

~~sets list of allowed CPUs forthe container. Input format is a comma~~-~~separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen~~-~~separated decimal numbers, the smallest and~~numfile~~largest bit numbers set in the range. For example, if youwant the container to execute on CPUs 0, 1, 2, 7, you shouldpass~~ <bi>~~0-2,7~~items</bi>~~. Default value is~~ [:<bi>~~all~~items</bi> ~~(thecontainer can execute on any CPU).~~]

Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to 0 effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise butcould slightly degrade file open performance.

~~ForVSwap~~--~~enabled kernels (042stab042 or greater), this~~numflock~~parameter is ignored. For older kernels, it controls theoutput of /proc~~items</~~meminfo inside a container. <b~~i>[:<bri>~~--meminfo none~~items</bi>]

~~No /proc/meminfo virtualization~~Maximum number of file locks.~~(the same as on host system)~~Safety gap should be between barrier and limit.

--~~meminfo~~numpty~~mode~~items[:~~value~~items]

~~Configure total memory output~~Number of pseudo-terminals(PTY). Note that in a OpenVZ each containercan have not morethan 255 PTYs. ~~Reported free memory is evaluatedaccordingly to~~ Setting the barrier and the ~~mode being set. Reported swap isevaluated according~~ limit to ~~the settings of --swappagesparameter~~different values does not make practical sense.

~~You can use thefollowing modes for mode: •~~ ~~pages~~--numsiginfo:~~value~~items ~~- sets total memory inpages; • privvmpages~~[:~~value - sets total memoryas privvmpages * value~~items.]

~~Default is~~Number of siginfo structures.~~privvmpages:1~~Setting the barrier and the limit to different values doesnot make practical sense.

--dcachesizebytes[:bytes]

~~--iptablesname~~ ~~Allow to use the functionality~~Maximum size of ~~name iptables module inside the container. Tospecify multiple names, repeat~~ filesystem-~~-iptables for each~~related caches,such as directory entry and inode~~or use space-separated list~~ caches. Exists as a separate parameter to impose a limitcausing file operations to sense memory shortage and returnan ~~argument (enclosed in~~errno to applications, protecting from memory shortagesduring critical operations that should not fail. Safety gap~~single or double quotes to protect spaces)~~should be between barrier and limit.

~~The defaultlist of enabled iptables modules is specified by the~~~~IPTABLES~~--numiptent ~~variable in~~ num[~~[Man/vz.conf.5|~~:<bi>~~vz.conf~~num</bi>~~(5)]~~].

~~You can use~~ Number of iptables (netfilter)entries. Setting the barrier and thelimit to different~~following~~ values ~~for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner~~does not make practical sense.

--physpagespages[:pages]

On VSwap-enabled kernels, thislimits the amount of physical memory (RAM) available to acontainer. The barrier should be set to ~~--netdev_add~~0, and the~~name~~limit to a total size of RAM that can be used used by acontainer.

~~move network device from~~ For olderkernels, this is an accounting-only parameter, showing the~~host system~~ usage of RAM by this container. Barrier should be set to ~~a specified container~~0, and limit should be set to unlimited.

--~~netdev_del~~swappages~~name~~pages[:pages]

~~delete network device from~~ For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to 0, and the limit to atotal size of swap that~~specified~~ can be used by a container.

For older(pre-VSwap) kernels, the limit is used to show a totalamount of swap space available inside the container. Thebarrier of this parameter is ignored. The default value isunlimited, meaning total swap will be reported as0.

~~--diskquota yes |no~~=== CPU fair scheduler parameters ====

~~allows to enable or disable~~These~~disk quota for a~~ parameters control CPU usage by container. ~~By default, a global value~~(~~DISK_QUOTA~~ --cpuunits~~) from [[Man/vz.conf.5|~~<bi>~~vz.conf~~num</bi>~~(5)]] is used.~~

~~Note that~~ CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time thiscontainer gets. Maximum value is 500000,~~parameter~~ minimal is 8. Number is ~~ignored for~~ relative to weights of all the otherrunning containers. If ~~ploop~~cpuunits ~~layout~~are not specified,default value of 1000 is used.

You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~diskspace~~cpuunitsnum[:). Usually, OpenVZ initscript(<ib>~~num~~/etc/init.d/vz</ib>]) takes care of setting this.

~~For~~ ~~simfs~~--cpulimit ~~layout, setssoft and hard disk quota limits, in blocks. First parameteris soft limit, second is hard limit. One block is currentlyequal to 1Kb.~~num[%]

~~For~~Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is ~~ploop~~0 ~~layout, sets the size of the ploop image file,in kilobytes~~(no CPU limit).

~~Suffixes~~G--cpus, <bi>Mnum</~~b>, K can also be specified (seeResource limits</b~~i> ~~section for more info onsuffixes).~~

~~--diskinodes~~sets number of CPUs available~~num[:num]~~in the container.

~~sets soft and hard disk quotalimits, in~~ --cpumask cpus</i~~-nodes. First parameter is soft limit, second is~~> |~~hard limit.~~auto | all

~~Note that this~~Sets list of allowed CPUs forthe container. Input format is a comma-separated list ofdecimal numbers and/or ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example, ifyou want the container to execute on CPUs 0, 1, 2, 7, you~~parameter~~ should pass 0-2,7. Default value is ~~ignored for~~ ~~ploop~~all (thecontainer can execute on any CPU). If used with the--nodemask option, value of auto ~~layout~~assigns allCPUs from the specified NUMA node to a container.

--~~quotatime~~nodemask~~seconds~~nodes| all

~~sets quota grace period~~Sets list of allowed NUMA nodesfor the container.~~Container~~ Input format is ~~permitted to exceed its soft limits~~ the same as for ~~thegrace period, but once it has expired,~~ --cpumask. Note that --nodemask must be usedwith the ~~soft limit isenforced as a hard limit~~--cpumask option.

~~Note that thisparameter is ignored for ploop layout.~~=== Memory output parameters ====

ForVSwap-enabled kernels (042stab042 or greater), thisparameter is ignored. For older kernels, it controls theoutput of /proc/meminfo inside a container. --~~quotaugidlimit~~meminfo none~~num</i~~>

~~sets maximum number ofuser~~No /proc/~~group IDs in a container for which disk quota insidethe container will be accounted. If this value is set to~~meminfo virtualization~~0, user and group quotas inside~~ (the ~~container willnot be accounted~~same as on host system).

~~Note that ifyou have previously set value of this parameter to~~ 0--meminfo,~~changing it while the container is running will not takeeffect.~~mode:value

Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of --swappagesparameter.

You can use thefollowing modes for mode: • pages:value-~~-noatime yes~~sets total memory inpages; • privvmpages |:value - sets total memoryas noprivvmpages* value.

~~Sets noatime flag (do not~~Default is~~update inode access times) on filesystem~~privvmpages:1.

==== ~~Capability option~~ Netfilter (iptables) control parameters ====

--~~capability~~netfilter disabled|<ib>~~capname~~stateless</ib>:|onstateful|~~off~~full

~~Sets a capability~~ Restrict access tonetfilter/iptables modules for acontainer. ~~Note that setting capability when the containeris running does not take immediate effect; restart thecontainer in order for the changes to take effect. Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and" with~~This option~~the default capability mask~~replaces obsoleted --iptables.

~~You can use the~~Note that~~following values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct~~changing this parameter requires container restart,soconsider using ~~sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin.For detailed description, see capabilities~~--setmode~~(7)~~option.

The followingarguments can be used: ~~WARNING~~</bbr>:~~setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting setpcap:on~~• disabled ~~fora container will most probably lead to inability to startit.~~

no modules are allowed

~~--devnodesdevice:[r][w][q]|none~~• stateless

~~Give the container an access~~all modules except NAT andconntracks are allowed (~~r - read, w - write, q - disk quotamanagement, none - no access) to a device designatedby the special file /dev/<~~i~~>device~~. ~~Device file~~ e. filter and mangle); this isthe~~created in a container by vzctl. Example:~~default

<~~pre~~ p style="margin-left:22%;"> ~~vzctl set 777 --devnodes sdb:rwq~~• stateful</~~pre~~p>

~~--devices~~all modules except NAT are~~b|c:major:minor|all:[r][w][q]|none~~allowed

<~~p style~~table width="~~margin-left:22~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~Give the container an access to~~a <~~b>block or c</b~~tr valign="top" align="left">~~haracter device designated by its~~<~~i>major and <i~~td width="22%">~~minor~~</itd> ~~numbers. Device file have tobe created manually.~~</ptd width="9%">

• full</td><td width="1%"></td><td width=~~== PCI device management ====~~"36%">

all modules are allowed<b/p>~~--pci_add~~</btd>[<itd width="32%">~~domain~~</itd>~~:]bus~~</~~i>:slot.func</i~~tr></ptable>

~~Give the container an access to~~--iptables~~a specified PCI device. All numbers are hexadecimal (asprinted by~~ name[~~lspci~~,~~(8) in the first column)~~...]

~~--pci_del~~Notethis option is[obsoleted, <ib>~~domain~~--netfilter</~~i>:]bus:slot</i~~b>should be used instead.~~func~~

~~Delete a PCI device from~~ Allow to usethe functionality of name iptables module inside thecontainer. Multiple comma-separated names can bespecified.

~~Note that~~The default~~vps-pci configuration script~~ list of enabled iptables modules is ~~executed~~ defined bythe~~vzctl~~IPTABLES ~~then configuring PCI devices~~variable in [[Man/vz. ~~The script isusually located at~~ conf.5|~~/usr/lib[64]/vzctl/scripts/~~vz.conf(5)]].

You can use thefollowing values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner.

~~--featuresname:on|off~~=== Network devices control parameters ====

~~Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit, ipip,~~ ~~ppp~~--netdev_add,<bi>~~ipgre~~name</~~b>, bridge, nfsd</b~~i>.

move network device from thehost system to a specified container

--~~applyconfig~~netdev_del

name

~~Read container parameters~~ delete network device froma~~the container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if --save option~~ specified ~~save tothe~~ container ~~config file. The following parameters are notchanged: HOSTNAME, IP_ADDRESS,OSTEMPLATE, VE_ROOT, andVE_PRIVATE.~~

~~--applyconfig_mapgroup~~=== Disk quota parameters ====

~~Apply container configparameters selected by group. Now the only possiblevalue for group is~~ ~~name~~--diskquota yes~~: to restore container~~|~~name based on~~ ~~NAME~~no ~~variable in containerconfiguration file.~~

allows to enable or disabledisk quota for a container. By default, a global value(DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.</~~O priority management ====~~p>

Note that thisparameter is ignored for ~~--ioprio~~ploop~~priority~~layout.

~~Assigns I/O priority tocontainer. Priority range is~~ 0-7-diskspace~~. The greater~~~~priority~~num ~~is, the more time for I/O activity containerhas. By default each container has~~ [:~~priority~~num of~~4.~~]

For simfs layout, setssoft and ~~restore ===~~hard disk quota limits. First parameter is softlimit, second is hard limit.

~~Checkpointing is a feature~~ Forploop layout, initiates the procedure ofresizing the~~OpenVZ kernel which allows~~ ploop image file to ~~save a complete state of a~~the new size. Since there is nosoft/hard limit concept in ploop, second num, if~~running container~~specified, ~~and to restore it later~~is ignored.

~~chkpnt <~~By default,ploop resize is done online, i~~>CTID~~.e. on a mounted ploop. Thisis a preferred way of doing resize. Although, in a rare casea container was using lots of disk space and should now beresized to a much smaller size, an offline resize might bemore appropriate. In this case, make sure the container isstopped and unmounted and use additional[--~~dumpfile~~offline-resize ~~name]~~option

~~This command saves a complete~~Note that ploop~~state of a running~~ resize is NOT performed on container ~~to a dump file~~start, ~~and stops the~~so for~~container. If an option~~ consistency --~~dumpfile~~diskspace ~~is not set,~~must be used together with~~default dump file name~~ ~~/vz/dump/Dump.~~--save~~CTID isused~~flag.

Suffixes~~restore~~G , <ib>~~CTID~~M</ib>[, ~~--dumpfile~~K can also be specified (see<ib>~~name~~Resource limits</ib>]section for more info on suffixes).If suffix is not specified, value is in kilobytes.

~~This command restores acontainer from the dump file created by the~~ ~~chkpnt~~--diskinodes~~command.~~num[:num]

sets soft and hard disk quotalimits, in i-nodes. First parameter is soft limit, second ishard limit.

~~Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if thecontainer is running, it’s in-memory state (as incheckpointing).~~ Note that ~~snapshot functionality~~ thisparameter is ~~onlyworking~~ ignored for ~~containers on~~ ploop ~~device~~ layout.

~~snapshot |snapshot-create CTID [~~--idquotatime~~uuid~~seconds]

~~Creates a container snapshot~~sets quota grace period.~~If uuid~~ Container is ~~not specified~~permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit is ~~auto-generated. If acontainer is running, it’s checkpointed and thenrestored. If~~ enforced as a ~~container is not running, only file systemstate is saved~~hard limit.

~~snapshot-switch~~Note that this~~CTID~~ parameter is ignored for ~~--id~~ploop ~~uuid~~layout.

~~Switches the container to a~~--quotaugidlimit~~snapshot identified by~~ ~~uuid~~num~~. Note that the current~~ Enables or disablesin-container ~~state~~ per-user and ~~its file system state is lost!~~ per-group disk quotas. If ~~given~~the~~snapshot contains CT memory dump~~value is set to 0 or not set, it disk quotas inside thecontainer is ~~restored~~disabled and not accounted. Forsimfs layout containers, ~~otherwise~~non-zero value sets maximumit number of user/group IDs for which disk quota is ~~stopped~~accounted.

For~~snapshot-delete~~plooplayout containers, any non-zero value enables~~CTID<~~disk quota inside the container; the number of user/~~i> --id uuid~~groupIDs used by disk quota is not limited by OpenVZ.

~~Removes a specified~~Note that~~snapshot~~enabling or disabling in-container disk quotas requirescontainer restart, so consider using --setmodeoption.

~~snapshot-listCTID~~=== Capability option ====

~~Lists all snapshots. Active~~--capability~~snapshot is marked with~~ capname:*on ~~sign~~|off[,...]

Sets a capability for acontainer ~~actions ===~~. Multiple comma-separated capabilities can bespecified.

<~~table width~~p style="~~100~~margin-left:22%; margin-top: 1em" ~~border="0" rules="none" frame="void"~~>Note that ~~cellspacing="0" cellpadding="0">~~setting a capability when the container is running does not~~<tr valign="top" align="left">~~take immediate effect; restart the container in order forthe changes to take effect (consider using <~~td width="11%"~~b>--setmode</tdb>option).<~~td width="9%"~~/p>

~~create~~A container hasthe default set of capabilities, thus any operation oncapabilities is "logical AND" with the defaultcapability mask.</p~~></td><td width="2%"></td><td width="78%"~~>

You can use thefollowing values for ~~CTID~~capname: chown,[~~--ostemplate ~~dac_override, dac_read_search, <ib>~~name~~fowner</ib>],[~~--config ~~fsetid, <ib>~~name~~kill</ib>][, ~~--layout simfs~~setgid|, ~~ploop~~setuid[,:setpcap{, ~~expanded~~linux_immutable|,~~plain~~net_bind_service|, ~~raw~~net_broadcast~~}]]~~,[~~--diskspace ~~net_admin, net_raw, <ib>~~kbytes~~ipc_lock</ib>],[~~--private ~~ipc_owner, sys_module, <ib>~~path~~sys_rawio</ib>],[~~--root ~~sys_chroot, sys_ptrace, <ib>~~path~~sys_pacct</ib>],[~~--ipadd ~~sys_admin, sys_boot, <ib>~~addr~~sys_nice</ib>],[~~--hostname ~~sys_resource, sys_time, <ib>~~name~~sys_tty_config</ib>],[~~--name ~~mknod, <ib>~~name~~lease</ib>, ]setveid</pb>, ve_admin</tdb>.For detailed description, see capabilities</trb>(7).</~~table~~p>

~~Creates a new~~WARNING:setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know what~~container area~~you are doing. ~~This operation should be done once, before~~Also note that setting setpcap:on for~~the first~~ a container will most probably lead to inability to start ~~of the container~~it.

~~By default, anOS template denoted by DEF_OSTEMPLATE parameter of[[Man/vz.conf.5|vz.conf(5)]] is used to create a container. This can beoverwritten by --ostemplate option.~~=== Device access management ====

--~~top: 1em"~~devnodes~~By default, anew container configuration file is created from a sampleconfiguration denoted by value of~~ device:[~~CONFIGFILE~~r~~parameter of~~ ][w][~~Man~~q</~~vz.conf.5~~b>]|~~vz.conf~~none~~(5)]]. If the containerconfiguration file already exists, it will not bemodified.~~

~~The value of~~Give the container an access(~~CONFIGFILE~~r ~~can be overwritten by using the~~- read, w-write, q -~~config~~disk quotamanagement, none - no access) to a device designatedby the special file /dev/~~name~~device ~~option~~. ~~This option can not be~~Device file is~~used if the~~ created in a container ~~configuration file already exists~~by vzctl.Example:

~~A new containercan either be created using simfs filesystem or on aploop device. The default is~~ vzctl set ~~by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by ~~777 --~~layout option. In case ploopis used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw. Default isexpanded. Using raw is not recommended and isnot supported.~~devnodes sdb:rwq</ppre>

~~You can use~~--~~diskspace~~devicesb|c ~~option to specify container file systemsize. Suffixes~~ :major:minor|all:[Gr, ][Mw, ][Kq ~~can also bespecified (see~~ ]|~~Resource limits~~none ~~section for more infoon suffixes).~~

~~You can use~~Give the container an access toa ~~--root~~b lock or <ib>~~path~~c</ib> ~~option to sets the path to themount point for the container root directory (default is~~haracter device designated by its<bi>~~VE_ROOT~~major</bi> ~~specified in [[Man/vz.conf.5|~~and <bi>~~vz.conf~~minor</bi>~~(5)]]~~ numbers. Device file).~~Argument can contain literal string $VEID, which will~~have tobe ~~substituted with the numeric CT ID~~created manually.

~~You can use--private path option to set the path todirectory in which all the files and directories specific tothis very container are stored (default is VE_PRIVATEspecified in [[Man/vz.conf.5|vz.conf(5)]] file). Argument can containliteral string $VEID, which will be substituted withthe numeric CT ID.~~=== PCI device management ====

~~You can use~~--~~ipadd~~pci_add [domain:]bus:~~addr~~slot ~~option to assign an IP address toa container. Note that this option can be used multipletimes~~.func

~~You can use~~Give the container an access toa specified PCI device. All numbers are hexadecimal (asprinted by ~~--hostname~~lspci ~~name option to set a host name fora container~~(8) in the first column).

~~destroy~~--pci_del | [domain:]bus:<bi>~~delete~~slot</bi>.~~CTID~~func

~~Removes~~ Delete a ~~container privatearea by deleting all files, directories and~~ PCI device from the~~configuration file of this~~ container.

Note that~~start~~vps-pci ~~CTID~~configuration script is executed by[~~--wait~~vzctl~~] [~~then configuring PCI devices. The script isusually located at ~~--force~~/usr/libexec/vzctl/scripts/].

~~Mounts (if necessary) andstarts a container. Unless --wait option isspecified, vzctl will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by vzctl.~~=== Features management ====

~~Specify~~--~~force~~features ~~if you want to start a container which isdisabled (see~~ name:~~--disabled~~on|off[,)...]

~~Note that this~~Enable or disable a specific~~command can lead to execution of~~ container feature. Known features are: ~~premount~~sysfs,~~mount~~nfs ~~and~~ , ~~start~~sit ~~action scripts (see~~ , ~~ACTION~~ipip, ppp,~~SCRIPTS~~ipgre ~~below)~~, bridge, nfsd. A few features canbe specified at once, comma-separated.

~~stop CTID[--fast]~~=== Apply config ====

~~Stops and unmounts a container.Normally, halt(8) is executed inside a container;option~~ --~~fast~~applyconfig ~~makes~~ <bi>~~vzctl~~name</~~b> use <b~~i>~~reboot(2)syscall instead which is faster but can lead to uncleancontainer shutdown.~~

Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-~~top: 1em"~~sample</tt>~~Note that this~~,~~command can lead~~ and apply them, if --save option specified save to ~~execution of~~ the container config file. The following parameters are notchanged: ~~stop~~HOSTNAME, ~~umount~~IP_ADDRESS,~~and~~ ~~postumount~~OSTEMPLATE ~~action scripts (see~~ , ~~ACTION~~VE_ROOT, and~~SCRIPTS~~VE_PRIVATE ~~below)~~.

~~restart~~--applyconfig_map ~~CTID~~group~~[--wait] [--force] [--fast]~~

~~Restarts a~~ Apply container, configparameters selected by group.e.Now the only possible~~stops it if it~~ value for group is ~~running, and starts again. Accepts all the~~~~start~~name ~~and~~ : to restore containername based on ~~stop~~NAME ~~options~~variable in containerconfiguration file.

~~Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS<~~=== I/~~b> below).~~O scheduling ====

~~status~~--ioprio ~~CTID~~priority

~~Shows a~~ Assigns disk I/O priority tocontainer ~~status~~. ~~This~~Priority range is 0-7. The greaterpriority is ~~a line with five or six words~~, ~~separated by spaces~~the more time for I/O activity containerhas. By default each container has priority of4.

-~~top: 1em"~~-iolimit~~First word isliterally~~ limit[B|K|M|~~CTID~~G.]

~~Second word~~ Assigns disk I/O bandwidthlimit for a container. Value iseither a number with an~~the numeric~~ optional suffix, or a literal string unlimited. Valueof <ib>~~CT ID~~0</ib>means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

~~Third word~~ If no suffix is~~showing whether this container exists or not~~provided, ~~it can~~ the limit is assumed to bein megabytes persecond. Available suffixes are: ~~either~~ • ~~exist~~b or , ~~deleted~~B.-- bytes per second; • k, K -- kilobytes per second; • m, M -- megabytes per second (default); • g, G -- gigabytes per second;

~~Fourth word isshowing the status of the container filesystem, it can beeither~~ ~~mounted~~--iopslimit or <bi>~~unmounted~~iops</bi>.

~~Fifth word~~Assigns IOPS limit for a~~shows if the~~ container ~~is running~~, ~~it can be either~~in number of input/output operations per second.Value is a number or a literal string ~~running~~unlimited or .Value of ~~down~~0means "unlimited". By default acontainer has no IOPS limit.

~~Sixth word, ifexists, is suspended. It appears if both a container~~== Suspending and ~~its dump file exist (see chkpnt).~~resuming ===

~~This command~~Checkpointing is a feature ofOpenVZ kernel which allows to save a complete in-kernel~~can also be usable from scripts~~state of a running container, and to restore it later.

~~mount~~suspend |chkpntCTID[--dumpfile name]

~~Mounts~~ This command suspends acontainer ~~private area.Note that this command can lead~~ to ~~execution of~~a dump file If an option ~~premount~~--dumpfile ~~and~~ isnot set, default dump file name~~mount~~/vz/dump/Dump. ~~action scripts (see~~<bi>~~ACTION SCRIPTS~~CTID</bi> ~~below)~~is used.

~~umount~~resume |restoreCTID[--dumpfile name]

~~Unmounts container privatearea. Note that this~~ This command ~~can lead to execution of~~restores acontainer from the dump file created by the ~~umount and postumount~~suspend ~~action scripts (seeACTION SCRIPTS below)~~command.

~~Note thatstop does umount automatically.~~== Snapshotting ===

~~convert CTID~~Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, if the~~[~~container is running, it’s in-~~-layout~~memory state (as incheckpointing). Note that snapshot functionality is onlyworking for containers on ploop~~[:{expanded|plain|raw}]]~~device.

~~Convert CT private area to~~snapshot CTID~~reside on a ploop device (available in kernel version~~[--id uuid] [--name name]~~042stab052.8 and greater). Conversion should be performed~~[--description desc] ~~when a container is stopped, plus disk space quota should beset.~~[--skip-suspend] [--skip-config]

~~quotaon <~~Creates a container snapshot,i~~>CTID~~.e. saves the current container state, including its filesystem state, running processes state, and configurationfile.

~~Turn disk quota on. Not that~~If a containeris running, and ~~mount~~--skip-suspend option is notspecified, a container is checkpointed and then restored,and ~~start does that automatically~~CT memory dump becomes the part of snapshot.

Unless~~quotaoff~~--skip-config ~~CTID~~option is given, containerconfiguration file is saved to the snapshot.

~~Turn disk quota off~~If uuidis not specified, it is auto-generated. ~~Not that~~Options~~umount~~--name and ~~stop~~--description can be used tospecify the snapshot name and description, respectively.Name is displayed by snapshot-list ~~does that automatically~~.

~~quotainit~~snapshot-switchCTID [--skip-resume | --must-resume][--skip-config] --id uuid

~~Initialize disk quota (i.e. run~~Switches the container to asnapshot identified by <bi>~~vzquota init~~uuid</bi>, restoring its filesystem state, configuration (if available) ~~with the parameters taken from the CT~~and its running~~configuration file [[Man/ctid.conf.5|ctid.conf~~state (5if available)]].

~~exec~~Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!</b~~> CTIDcommand</i~~>

~~Executes~~ Option<ib>~~command~~--skip-resume</ib> is used to ignore a CT memory dump filein asnapshot, as a result the container~~. Environment variables are not set inside the~~will end up being~~container. Signal handlers may differ from default settings.~~in a stopped state (same as if a snapshot has been takenIf with --skip-suspend<i/b>~~command~~).</ip> is If option--must-resumeis set, absense of a memory dump istreated as an error, ~~commands are read~~ and the inability to restore fromthe~~stdin~~memory dump is treated as an error rather than warning.

Option option~~exec2~~--skip-config <is used to ignore the CT configurationfile in a snapshot, i~~>CTID~~.e. the current configuration file will~~command~~be left as is.

~~The same as~~ ~~exec~~snapshot-delete~~, butreturn code is that of~~ ~~command~~CTID --id uuid.

~~runscript CTID~~Removes a specified~~script~~snapshot.

~~Run specified shell script in~~snapshot-mount~~the container. Argument~~ ~~script~~CTID ~~is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as~~--id uuid</~~proc~~i> --target~~) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.~~directory

~~enter CTID~~Mounts a snapshot specified by~~[--exec~~ ~~command~~uuid [to a ~~arg~~directory .Note this mount isread-only.~~.]]~~

~~Enters into a container (givinga container’s root shell). This option is a back~~snapshot-~~door~~umount~~for host root only. The proper way to have CT root shell isto use~~ CTID ~~ssh~~--id~~(1).~~uuid

~~Option--exec is used to run command with argumentsafter entering into container. This is useful if command tobe run requires~~ Unmounts a ~~terminal (so vzctl exec can not be~~specified~~used) and for some reason you can not use ssh(1)~~snapshot.

snapshot-~~top: 1em"~~list~~You need to logout manually from the shell to finish session (even if you~~CTID [-H] [-o~~specified~~ field[,field...] [--~~exec~~id).uuid]

~~console CTID~~List container’ssnapshots.

~~Attach to the container’sconsole. Note that the console is persistent, meaning it~~ You can~~be attached to even if the container is not running, andthere is no automatic detachment when the container isstopped~~suppress displaying header using -H option.

~~Type Esc~~You can use the~~then~~ .-o option to ~~detach from~~ display only the ~~console. Type Esc~~specified~~then~~ <bi>,field</bi> ~~to detach without killing anything~~(s). ~~Note that~~List of available fields can be obtained~~these sequences are only recognized after~~ using ~~Enter~~-Loption.

=== ~~Other options~~ Performing container actions ===

<~~p style~~table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="~~margin-~~left:"><td width="11%;">~~--help~~</btd></ptd width="9%">

create</td><td width="2%;">~~Prints help message with a~~</td>~~brief list of possible options.~~</ptd width="78%">

CTID[--~~version~~ostemplate name</pi>][--config name][<~~p style="margin~~b>--~~left~~layout simfs|ploop[:~~17%~~{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private path][--root path][--ipadd addr][--hostname name][--name "name~~Prints~~ ][~~vzctl~~--local_uid uid]~~version.~~[--local_gid gid] </td></tr></table>

Creates a newcontainer area. This operation should be done once, beforethe first start of the container.

By default, anOS template denoted by ~~vzctl~~DEF_OSTEMPLATEparameter of~~has an ability to execute user-defined scripts when aspecific~~ [[Man/vz.conf.5|~~vzctl~~vz.conf ~~command~~ (5)]] is ~~run for~~ used to create a container. ~~Thefollowing vzctl commands~~ This can ~~trigger execution of~~be~~action scripts:~~ overwritten by ~~start, stop, restart,mount and umount~~--ostemplateoption.

~~Action scripts~~By default, a~~are located in the~~ new container configuration file is created from a sampleconfiguration denoted by value of ~~/etc/vz/conf/~~CONFIGFILE ~~directory~~parameter of [[Man/vz. ~~There areglobal and per-CT scripts~~conf. ~~Global scripts have a literalprefix of~~ 5|~~vps~~vz.conf ~~and are executed for all containers~~(5)]].If the container~~Per-CT scripts have a CTID numeric prefix and are~~configuration file already exists, it will not be~~executed for the given container only~~modified.

~~Please note~~The value of~~scripts are executed in a host system (CT0) context, withthe exception of~~ ~~.start~~CONFIGFILE ~~and~~ can be overwritten by using the~~.stop~~--config ~~scripts,~~name option. This option can not be~~which are executed in a~~ used if the container ~~context~~configuration file already exists.

A new containercan either be created using simfs filesystem or on aploop device. The ~~following~~default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and can be~~action scripts are currently defined:~~ overwritten by --layout option. In case ploop<br/b>~~vps~~is used, one can additionally specify ploop disk imageformat after a colon.~~premount~~Possible ploop formats areexpanded, <ib>~~CTID~~plain</ib>and raw.~~premount~~Default isexpanded. Using value other than expanded isnot recommended and is currently not supported.

~~Global~~ You can use--diskspace and ~~per~~-~~CT mount scripts~~-diskinodes options to~~which are executed for a~~ specify container ~~before it is mounted~~file system size.Note that for~~Scripts are executed in the host system context~~ploop layout, ~~while a CT~~is you will not ~~yet mounted or running. Global script, if exists, is~~be able to change inodes~~executed first~~value later.

If~~vps~~DISKSPACE is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.~~mount~~conf.5|vz.conf(5)]],<ib>~~CTID~~--diskspace</ib>parameter is required for ~~.mount~~plooplayout.

~~Global and per-CT mount scripts~~Suffixes~~which are executed for a container right after it is~~G, M, K can also be specified (see~~mounted. Otherwise they are the same as~~ ~~.premount~~Resource limitssection for more info on~~scripts~~suffixes).

You can use--root~~CTID~~pathoption to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.~~start~~conf(5)]] file).Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID.

~~Right after~~ You can use~~vzctl~~--private ~~has~~path option to set the path to~~started a~~ directory in which all the files and directories specific tothis very containerare stored (default is VE_PRIVATEspecified in [[Man/vz.conf.5|vz.conf(5)]] file). Argument can containliteral string $VEID, ~~it executes this script in a container~~which will be substituted with~~context~~the numeric CT ID.

You can use<ib>~~CTID~~--ipadd</ib><bi>~~.stop~~addr</bi>option to assign an IP address toa container. Note that this option can be used multipletimes.

~~Right before~~ You can use~~vzctl~~--hostname ~~has~~name option to set a host name for~~stopped~~ a container~~, it executes this script in a containercontext~~.

When runningwith an upstream Linux Kernel that supports user namespaces(>= 3.8), the parameters --local_uid and~~vps.umount~~--local_gid,can be used to select which uidand ~~CTID~~gidrespectively will be used as a base user inthe host system. Note that user namespaces provide a 1:1mapping between container users and host users. If theseoptions are not specified, the values LOCAL_UIDandLOCAL_GID from global configuration file[[Man/vz.conf.5|vz.conf(5)]] are used.~~umount~~An explicit --local_uidvalue of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case,--local_gid is ignored.

~~Global~~ Warning:use --local_uid and ~~per~~--~~CT umount~~local_gid with care,specially when migrating containers. In all situations, the~~scripts which are executed for a~~ container ~~before it is~~’s files in the filesystem needs to be~~unmounted. Scripts are executed in~~ correctly owned by the host ~~system context,while a CT is mounted. Global script, if exists, is executedfirst~~-side users.

~~vps.postumount~~destroy,| <ib>~~CTID~~delete</ib><bi>~~.postumount~~CTID</bi>

~~Global and per-CT umountscripts which are executed for~~ Removes a container ~~right after it is~~private~~unmounted. Otherwise they are~~ area by deleting all files, directories and the ~~same as .umountscripts~~configuration file of this container.

~~The environmentpassed to all the~~ *mountstart ~~scripts is the standard~~CTID~~environment of the parent (i.e.~~ [~~vzctl~~--wait~~) with twoadditional variables:~~ ] [~~$VEID~~--force ~~and~~ ] [~~$VE_CONFFILE~~--skip-fsck.]~~The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as~~ [~~$VE_ROOT~~--skip-remount~~, it needs to get thosefrom global and per-CT configuration files.~~]

~~Here is an~~Mounts (if necessary) and~~example of~~ starts a ~~mount script, which makes host system’s/mnt/disk available to~~ container~~(s)~~. ~~Script name can either~~be Unless ~~/etc/vz/conf/vps.mount~~--wait oroption isspecified, ~~/etc/vz/conf/~~vzctl~~CTID~~will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by ~~.mount~~vzctl.

<~~pre~~ p style="margin-left:1117%; margin-top: 1em"> ~~# If one of these files does not exist then something~~Specify # --force if you want to start a container which is ~~really broken~~ [ disabled (see -~~f /etc/sysconfig/vz ] || exit 1~~ [ -~~f $VE_CONFFILE ] || exit 1~~ ~~# Source both files. Note the order is important.~~ . disabled</~~etc/vz/vz~~b>).~~conf~~ ~~. $VE_CONFFILE~~ ~~SRC=/mnt/disk~~ ~~DST=/mnt/disk~~ ~~mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC~~</~~pre~~p>

Specify--skip-fsck to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).

~~Returns 0 upon~~By default, if~~success~~a container to be started happens to be already mounted, ~~or an appropriate error code in case of an~~itis unmounted and mounted again. This behavior can be turned~~error:~~off by using --skip-remount flag.

<~~table width~~p style="~~100~~margin-left:17%; margin-top: 1em" ~~border="0" rules="none" frame="void"~~>Note that this ~~cellspacing="0" cellpadding="0"~~command can lead to execution of premount,<~~tr valign="top" align="left"~~b>mountand <~~td width="11%"~~b>start</tdb> action scripts (see ACTIONSCRIPTS below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">1stop</pb> CTID</tdi>[--fast<~~td width="7%"~~/b>] [--skip-umount</tdb>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Failed to set~~ Stops a ~~UBC parameter~~container and unmountsit (unless --skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option--fast</trb>makes vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that2vzctl stop</pb> is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fast is given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT</tdb>in[[Man/vz.conf.5|vz.conf(5)]], or per container (<~~td width="7%"~~b>STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="78%"~~/b>(5)]], see --stop-timeout).

<pstyle="margin-left:17%; margin-top: 1em">~~Failed~~ Note that thiscommand can lead to ~~set a fair scheduler parameter~~execution of stop</pb>, <~~/td~~b>umount</trb>and <~~tr valign="top" align="left"~~b>postumountaction scripts (see <~~td width="11%"~~b>ACTIONSCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">3restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Generic system error~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the</pb>start</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>options.</~~td><td width="4%"~~p>

<p~~>5</td><td width~~style="7margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)~~</pb>status</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<p~~>6</td><td width~~style="7margin-left:17%;">Shows a container status. Thisis a line with five or six words, separated by spaces.</~~td><td width="78%"~~p>

<p~~>Not enough system resources</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">First word isliterally <~~td width="11%"~~b>CTID</tdb>.<~~td width="4%"~~/p>

<p~~>7</td><td width~~style="7margin-left:17%; margin-top: 1em">Second word isthe numeric CT ID</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Third word isshowing whether this container exists or not, it can beeither ~~ENV_CREATE~~exist ~~ioctl failed~~or </pb>deleted</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">8Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~td width="7%"~~b>unmounted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Command executed by~~ Fifth wordshows if the container is running, it can be either~~vzctl exec~~running ~~returned non-zeroexit code~~or </pb>down</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">9Sixth word, ifexists, is </pb>suspended</tdb>. It appears if a dump fileexists for a stopped container (see <~~td width="7%"~~b>suspend</tdb>).<~~td width="78%"~~/p>

<p~~>Container is locked by another vzctlinvocation </td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">This command~~<td width="11%">~~can also be usable from scripts.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">10</pb>mount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Global OpenVZ configuration file [[Man/vz~~Mounts container private area.~~conf.5|~~Note that this command can lead to execution of~~vz.conf~~premount~~(5)]] notfound~~and </pb> mount</~~td></tr~~b>action scripts (see<~~tr valign="top" align="left"~~b>ACTION SCRIPTS<~~td width="11%"~~/b>below).</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">11</pb>umount</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~A vzctl helper script file not found~~Unmounts container privatearea. Note that this command can lead to execution of</pb>umount</tdb>and <~~/tr~~b>postumount<~~tr valign="top" align="left"~~/b>action scripts (see<~~td width="11%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">12Note that</pb>stop</tdb>does <~~td width="7%"~~b>umount</tdb>automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Permission denied~~convert</pb><~~/td~~i>CTID</tri>[<~~tr valign="top" align="left"~~b>--layoutploop[:{<~~td width="11%"~~b>expanded|plain|raw}]]</tdp> <~~td width~~p style="4margin-left:17%;">Convert CT private area toreside on a ploop device (available in kernel version042stab052.8 and greater). Conversion should be performedwhen a container is stopped, plus disk space quota should beset.

<pstyle="margin-left:11%;">13</pb>compact</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<p~~>Capability setting failed</td></tr><tr valign="top" align~~style="margin-left:17%;">Compact container image. This~~<td width="11%">~~only makes sense for ploop layout.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">14</pb>quotaon</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container configuration file [[Man/ctid~~Turn disk quota on.~~conf.5|~~Not that~~ctid.conf~~mount~~(5)]] notfound~~and </pb> start</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">15</pb>quotaoff</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Timeout on~~ Turn disk quota off. Not that~~vzctl exec~~umountand </pb>stop</tdb>does that automatically.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">16</pb>quotainit</tdb><~~td width="7%"~~i>CTID</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error during~~ Initialize disk quota (i.e. run~~vzctl chkpnt~~vzquota init<) with the parameters taken from the CTconfiguration file [[Man/p>ctid.conf.5|<~~/td~~b>ctid.conf</~~tr><tr valign="top" align="left"><td width="11%"~~b>(5)]].</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">17</pb>exec</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error during~~ Executes <bi>~~vzctl restore~~command</bi>in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If </pi>command</tdi>is <~~/tr~~b>-<~~tr valign="top" align="left"~~/b>, commands are read from~~<td width="11%">~~stdin.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">18</pb>exec2</tdb><~~td width="7%"~~i>CTIDcommand</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Error from~~ The same as ~~setluid()~~exec ~~syscall~~, butreturn code is that of </pi>command</tdi>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:11%;">20</pb>runscript</tdb><~~td width="7%"~~i>CTIDscript</tdi><~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Invalid command line parameter~~Run specified shell script inthe container. Argument </pi>script</~~td></tr~~i>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is not~~<tr valign="top" align="left">~~really started, no file systems other than root (such as<~~td width="11%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">enter 21CTID</pi>[--exec command [arg...]]</tdp> <~~td width~~p style="7margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh</tdb>(1). <~~td width~~p style="78margin-left:17%; margin-top: 1em">Option--exec is used to run command with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so vzctl exec can not beused) and for some reason you can not use ssh(1).

<p~~>Invalid value for command line parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">You need to logout manually from the shell to finish session (even if youspecified <~~td width="11%"~~b>--exec</tdb>).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">22console</pb> CTID</tdi>[<~~td width="7%"~~i>ttynum</tdi>]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum~~Container root directory~~ argument is tty number (such as~~VE_ROOT~~4~~) not set~~for </pb>tty4</tdb>), default is <~~/tr~~b>1<~~tr valign="top" align="left"~~/b>which is usedfor container’s <~~td width="11%"~~b>/dev/console</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">23Note theconsoles are persistent, meaning that: </pbr>• it can be attached to even if the container is notrunning; <~~/td~~br>• there is no automatic detachment upon the containerstop; <~~td width="7%"~~br>• detaching from the console leaves anything running inthis console as is.</~~td><td width="78%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~The followingescape sequences are recognized by ~~VE_PRIVATE~~vzctl console~~) not~~.~~set~~Note that these sequences are only recognized at thebeginning of a line. ~~</td></tr>~~ <~~tr valign~~p style="margin-left:17%; margin-top~~" align="left~~: 1em">•<~~td width="11%"~~b>Esc then .</tdb>to detach from the console.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">24•</pb>Esc</tdb>then <~~td width="7%"~~b>!</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="78%"~~/p>

~~Container template directory (TEMPLATE) notset </td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Other options ===~~"4%">~~

<p~~>28</td><td width~~style="7margin-left:11%;">--help</tdb><~~td width="78%"~~/p>

<p~~>Not all required UBC parameters are set, unable to startcontainer </td></tr><tr valign="top" align~~style="margin-left:17%;">Prints help message with a~~<td width="11%">~~brief list of possible options.</~~td><td width="4%"~~p>

<p~~>29</td><td width~~style="7margin-left:11%;">--version</tdb><~~td width="78%"~~/p>

<p~~>OS template is not specified, unable to createcontainer </td></tr><tr valign="top" align~~style="margin-left:17%;">Prints <~~td width="11%"~~b>vzctl</tdb>version.<~~td width="4%"~~/p>

~~31</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~ACTION SCRIPTS ==

<pstyle="margin-left:11%; margin-top: 1em">~~Container not running~~vzctl</pb>has an ability to execute user-defined scripts when aspecific vzctl</tdb> command is run for a container. Thefollowing vzctl</trb>commands can trigger execution ofaction scripts: start, stop<~~tr valign="top" align="left"~~/b>, restart,<~~td width="11%"~~b>mount and umount</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the 32/etc/vz/conf/</pb> directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~td width="7%"~~i>CTID.</tdb>numeric prefix andare executed for the given container only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Container already running~~Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~/tr~~b>.stop<~~tr valign="top" align="left"~~/b>scripts,~~<td width="11%">~~which are executed in a container context.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">33The followingaction scripts are currently defined: vps.premount</pb>, CTID</tdi><~~td width="7%"~~b>.premount</tdb><~~td width="78%"~~/p>

<p~~>Unable to stop container</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container before it is mounted.~~<td width="11%">~~Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">34vps.mount</pb>,CTID</tdi><~~td width="7%"~~b>.mount</tdb><~~td width="78%"~~/p>

<p~~>Unable to add IP address to container</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as <~~td width="11%"~~b>.premount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">40</pi>CTID</tdi><~~td width="7%"~~b>.start</tdb><~~td width="78%"~~/p>

<p~~>Container not mounted</td></tr><tr valign="top" align~~style="margin-left:22%;">Right after <~~td width="11%"~~b>vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">41</pi>CTID</tdi><~~td width="7%"~~b>.stop</tdb><~~td width="78%"~~/p>

<p~~>Container already mounted</td></tr><tr valign="top" align~~style="margin-left:22%;">Right before <~~td width="11%"~~b>vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">43vps.umount</pb>,CTID</tdi><~~td width="7%"~~b>.umount</tdb><~~td width="78%"~~/p>

<p~~>Container private area not found</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it is~~<td width="11%">~~unmounted. Scripts are executed in the host system context,while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">44vps.postumount</pb>,CTID</tdi><~~td width="7%"~~b>.postumount</tdb><~~td width="78%"~~/p>

<p~~>Container private area already exists</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as <~~td width="11%"~~b>.umount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">The environmentpassed to all the *mount46scripts is the standardenvironment of the parent (i.e. vzctl</pb>) with twoadditional variables: $VEID and $VE_CONFFILE</tdb>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as <~~td width="7%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Not enough~~ Here is anexample of a mount script, which makes host system’s/mnt/disk ~~space~~available to container(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount. <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /tdetc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /etc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</pre> == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror:</trp> <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><tr valign="top" align="left">

471</td>

~~Bad/broken container (/sbin/init or/bin/sh not found)~~Failed to set a UBC parameter</td></tr>

482</td>

~~Unable~~ Failed to ~~create~~ set a ~~new container private area~~fair scheduler parameter</td></tr>

493</td>

~~Unable to create a new container root area~~Generic system error</td></tr>

505</td>

~~Unable to mount container~~The running kernel is not an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr>

516</td>

~~Unable to unmount container~~Not enough system resources</td></tr>

527</td>

~~Unable to delete a container~~ENV_CREATE ioctl failed</td></tr>

538</td>

~~Container private area not exist~~Command executed by vzctl exec returned non-zeroexit code</td></tr>

609</td>

Container is locked by another ~~vzquota on~~vzctl ~~failed~~invocation</td></tr>

6110</td>

Global OpenVZ configuration file [[Man/vz.conf.5|~~vzquota init~~vz.conf ~~failed~~(5)]] notfound</td></tr>

6211</td>

~~vzquota setlimit failed~~A vzctl helper script file not found</td></tr>

6312</td>

~~Parameter DISKSPACE not set~~Permission denied</td></tr>

6413</td>

~~Parameter DISKINODES not set~~Capability setting failed</td></tr>

6514</td>

~~Error setting second-level~~ Container configuration file [[Man/ctid.conf.5|ctid.conf(~~ugid~~5) ~~quota~~]] notfound</td></tr>

6615</td>

Timeout on ~~vzquota off~~vzctl exec ~~failed~~</td></tr>

6716</td>

~~ugid quota not initialized~~Error during vzctl suspend</td></tr>

7117</td>

~~Incorrect IP address format~~Error during vzctl resume</td></tr>

7418</td>

Error ~~changing password~~from setluid() syscall</td></tr>

7820</td>

~~IP address already in use~~Invalid command line parameter</td></tr>

7921</td>

~~Container action script returned an error~~Invalid value for command line parameter</td></tr>

8222</td>

~~Config file copying error~~Container root directory (VE_ROOT) not set</td></tr>

8623</td>

~~Error setting devices~~ Container private directory (~~--devices~~VE_PRIVATE or) not~~--devnodes)~~set </td></tr>

8924</td>

~~IP address~~ Container template directory (TEMPLATE) not ~~available~~set</td></tr>

9128</td>

~~OS template not found~~Not all required UBC parameters are set, unable to startcontainer</td></tr>

~~100~~29</td>

~~Unable~~ OS template is not specified, unable to ~~find~~ createcontainer ~~IP address~~</td></tr>

~~104~~31</td>

~~VE_NETDEV ioctl error~~Container not running</td></tr>

~~105~~32</td>

Container ~~start disabled~~already running</td></tr>

~~106~~33</td>

Unable to ~~set iptables on a running~~ stop container</td></tr>

~~107~~34</td>

~~Distribution-specific configuration file not found~~Unable to add IP address to container</td></tr>

~~109~~40</td>

~~Unable to apply a config~~Container not mounted</td></tr>

~~129~~41</td>

~~Unable to set meminfo parameter~~Container already mounted</td></tr>

~~130~~43</td>

~~Error setting veth interface~~Container private area not found</td></tr>

~~131~~44</td>

~~Error setting container name~~Container private area already exists</td></tr>

~~133~~46</td>

~~Waiting for container start failed~~Not enough disk space</td></tr>

~~139~~47</td>

~~Error saving~~ Bad/broken container ~~configuration file~~(/sbin/init or/bin/sh not found)</td></tr>

~~148~~48</td>

~~Error setting~~ Unable to create a new container ~~IO parameters (ioprio)~~private area</td></tr>

~~150~~49</td>

~~Ploop image file not found~~Unable to create a new container root area</td></tr>

~~151~~50</td>

~~Error creating ploop image~~Unable to mount container</td></tr>

~~152~~51</td>

~~Error mounting ploop image~~Unable to unmount container</td></tr>

~~153~~52</td>

~~Error unmounting ploop image~~Unable to delete a container</td></tr>

~~154~~53</td>

Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td><td width="7%"></td><td width="78%"> Error resizing ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr>

~~158~~166</td>

Error ~~deleting~~ compacting ploop ~~snapshot~~image</td></tr>

~~159~~167</td>

Error ~~switching~~ listing ploop ~~snapshot~~snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools