blob: 8c5b33093b94c52e203ec7e94daecc8f91c59891 [file] [log] [blame] [view] [raw]
.\" $Id: vzctl.8,v 1.131.10.18 2006/04/05 14:26:53 igor Exp $
.TH vzctl 8 "10 Aug 2005" "OpenVZ" "Virtual Private Server"
.SH NAME
vzctl \- utility to control Virtual Private Server.
.SH SYNOPSIS
vzctl \fB[flags]\fR \fBcreate\fR \fIvpsid\fR
\fB--ostemplate\fR \fIname\fR] [\fB--config\fR \fIname\fR]
[\fB--private\fR \fIpath\fR] [\fB--root\fR \fIpath\fR] [\fB--ipadd\fR \fIaddr\fR] [\fB--hostname\fR \fIname\fR]
.PP
vzctl \fB[flags]\fR \fBset\fR \fIvpsid\fR [\fIparameters\fR] [\fB--save\fR]
.PP
vzctl \fB[flags]\fR \fBdestroy\fR | \fBmount\fR | \fBumount\fR |
\fBstart\fR | \fBstop\fR | \fBrestart\fR |
\fBstatus\fR | \fBenter\fR \fIvpsid\fR
.PP
vzctl \fB[flags]\fR \fBexec\fR | \fBexec2\fR \fIvpsid\fR
\fIcommand\fR [\fIarg\fR ...]
.PP
vzctl \fBrunscript\fR \fIve_id\fR <\fBscript\fR>
.PP
vzctl \fB--help\fR | \fB--version\fR
.SH DESCRIPTION
Utility \fBvzctl\fR runs on Hardware Node (HN) and performs direct
manipulations with virtual private server (VPS).
.PP
Virtual Private Servers can be referred to by numeric \fIvpsid\fR. Note
that VPS ID <= 100 are reserved for OpenVZ internal purposes.
.SH OPTIONS
.SS Flags
These flags can be used with almost any option.
.IP \fB--quiet\fR 4
Disables logging to log file and screen.
.IP \fB--verbose\fR 4
Sets logging level to maximum value.
.SS Setting VPS parameters
.IP "\fBset\fR \fIvpsid\fR [\fIparameters\fR] [\fB--save\fR]" 4
This command sets various VPS parameters. If flag \fB--save\fR is given,
parameters are saved in VPS configuration file \fBvps.conf\fR(5).
If VPS is currently running, \fBvzctl\fR applies these parameters to VPS.
The following options can be used with \fBset\fR command.
.TP
\fBMiscellaneous parameters\fR
.TP
\fB--onboot\fR \fIyes\fR|\fIno\fR
Sets whether this VPS will be started during system boot up. VPS will not be
auto-started during system boot up unless this parameter is set to \fIyes\fR.
.TP
\fB--root\fR \fIpath\fR
Sets the path to root directory for this VPS. This is essentially a mount
point for VPS root. Value must contain string \fI$VEID\fR, which will
be substituted with numeric VPS ID. Changing this parameter is not
recommended, better edit \fBvz\fR(5) global configuration file.
.TP
\fB--userpasswd\fR \fIuser\fR:\fIpassword\fR
Sets password for given user in VPS, creating the user if it does not exists.
Note that this option is not saved in configuration file at all (so
\fB--save\fR flag is useless), it is applied to VPS (by modifying its
\fB\f(CR/etc/passwd\fR and \fB\f(CR/etc/shadow\fR files).
In case VPS root is not mounted, it is automatically mounted, then all
appropriate file changes are applied, then it is unmounted.
Note that VPS area should be created before using this option.
.TP
\fB--disabled\fR \fIyes\fR|\fIno\fR
Disable VPS start. For force start disabled VPS option \fI--force\fR can be used.
.TP
\fBNetwork related parameters\fR
.TP
\fB--ipadd\fR \fIaddr\fR
Adds IP address to given VPS. Note that this option is incremental, so
\fIaddr\fR are added to already existing ones.
.TP
\fB--ipdel\fR \fIaddr\fR | \fBall\fR
Removes IP address \fIaddr\fR from VPS. If you want to remove all addresses,
use \fB--ipdel all\fR.
.TP
\fB--hostname\fR \fIname\fR
Sets VPS hostname. \fBvzctl\fR writes it to the appropriate file inside a VPS
(distribution-dependent).
.TP
\fB--nameserver\fR \fIaddr\fR
Sets DNS server IP address for VPS. If you want to set several nameservers,
you should do it at once, so use \fB--nameserver\fR option multiple times
in one call to \fBvzctl\fR, as all the name server values set in previous
calls to \fBvzctl\fR gets overwritten.
.TP
\fB--searchdomain\fR \fIname\fR
Sets DNS search domains for VPS. If you want to set several search domains,
you should do it at once, so use \fB--searchdomain\fR option multiple times
in one call to \fBvzctl\fR, as all the search domain values set in previous
calls to \fBvzctl\fR gets overwritten.
.TP
\fBResource limits\fR
The following options sets barrier and limit for various user beancounters.
Each option requires one or two arguments. In case of one argument,
\fBvzctl\fR sets barrier and limit to the same value. In case of
two colon-separated arguments, the first is a barrier,
and the second is a limit.
Arguments are in items, pages or bytes. Note that page size
is architecture-specific, it is 4096 bytes on IA32 platform.
You can also specify different suffixes for \fBset\fR parameters
(except for the parameters which names start with \fBnum\fR).
For example, \fBvzctl set\fR \fIVPSID\fR \fB--privvmpages 5M:6M\fR
should set \fBprivvmpages\fR' barrier to 5 megabytes and its limit
to 6 megabytes.
Available suffixes are:
.br
\fBg\fR, \fBG\fR -- gigabytes.
.br
\fBm\fR, \fBM\fR -- megabytes.
.br
\fBk\fR, \fBK\fR -- kilobytes.
.br
\fBp\fR, \fBP\fR -- pages (page is 4096 bytes on x86 architecture,
other architectures may differ).
.TP
\fB--numproc\fR \fIitems\fR[:\fIitems\fR]
Maximum number of processes and kernel-level threads.
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--numtcpsock\fR \fIitems\fR[:\fIitems\fR]
Maximum number of TCP sockets. This parameter limits the number of TCP
connections and, thus, the number of clients the server application can
handle in parallel.
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--numothersock\fR \fIitems\fR[:\fIitems\fR]
Maximum number of non-TCP sockets (local sockets, UDP and other types
of sockets).
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--vmguarpages\fR \fIpages\fR[:\fIpages\fR]
Memory allocation guarantee. This parameter controls how much memory is
available to VPS. The barrier is the amount
of memory that VPS's applications are guaranteed to be able to allocate.
The meaning of the limit is currently unspecified; it should be set to
2,147,483,647.
.TP
\fB--kmemsize\fR \fIbytes\fR[:\fIbytes\fR]
Maximum amount of kernel memory used. This parameter is related to
\fB--numproc\fR. Each process consumes certain amount of kernel memory -
16 KB at leas, 30-50 KB typically. Very large processes may consume
a bit more. It is important to have a certain safety gap between the
barrier and the limit of this parameter: equal barrier and limit may
lead to the situation where the kernel will need to kill VPS applications
to keep the \fBkmemsize\fR usage under the limit.
.TP
\fB--tcpsndbuf\fR \fIbytes\fR[:\fIbytes\fR]
Maximum size of TCP send buffers.
Barrier should be not less than 64 KB, and difference between
barrier and limit should be equal to or more than value of
\fBnumtcpsock\fR multiplied by 2.5 KB.
.TP
\fB--tcprcvbuf\fR \fIbytes\fR[:\fIbytes\fR]
Maximum size of TCP receive buffers.
Barrier should be not less than 64 KB, and difference between
barrier and limit should be equal to or more than value of
\fBnumtcpsock\fR multiplied by 2.5 KB.
.TP
\fB--othersockbuf\fR \fIbytes\fR[:\fIbytes\fR]
Maximum size of other (non-TCP) socket send buffers. If VPS processes needs
to send very large datagrams, the barrier should be set accordingly.
Increased limit is necessary for high performance of communications through
local (UNIX-domain) sockets.
.TP
\fB--dgramrcvbuf\fR \fIbytes\fR[:\fIbytes\fR]
Maximum size of other (non-TCP) socket receive buffers. If VPS processes
needs to send very large datagrams, the barrier should be set accordingly.
The difference between the barrier and the limit is not needed.
.TP
\fB--oomguarpages\fR \fIpages\fR[:\fIpages\fR]
Guarantees against OOM kill. Under this beancounter the kernel accounts the
total amount of memory and swap space used by the VPS processes. The barrier
of this parameter is the out-of-memory guarantee. If the oomguarpages usage
is below the barrier, processes of this VPS are guaranteed not to be killed
in out-of-memory situations. The meaning of limit is currently unspecified;
it should be set to 2,147,483,647.
.TP
\fB--lockedpages\fR \fIpages\fR[:\fIpages\fR]
Maximum number of pages acquired by \fBmlock\fR(2).
.TP
\fB--privvmpages\fR \fIpages\fR[:\fIpages\fR]
Allows controlling the amount of memory allocated by the applications.
For shared (mapped as \fBMAP_SHARED\fR) pages, each VPS really using a memory
page is charged for the fraction of the page (depending on the number of
others using it). For "potentially private" pages (mapped as
\fBMAP_PRIVATE\fR), VPS is charged either for a fraction of the size or for
the full size if the allocated address space. It the latter case, the physical
pages associated with the allocated address space may be in memory, in swap
or not physically allocated yet.
The barrier and the limit of this parameter
control the upper boundary of the total size of allocated memory. Note that
this upper boundary does not guarantee that VPS will be able to allocate that
much memory. The primary mechanism to control memory allocation is
the \fB--vmguarpages\fR guarantee.
.TP
\fB--shmpages\fR \fIpages\fR[:\fIpages\fR]
Maximum IPC SHM segment size.
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--numfile\fR \fIitems\fR[:\fIitems\fR]
Maximum number of open files.
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--numflock\fR \fIitems\fR[:\fIitems\fR]
Maximum number of file locks. Safety gap should be between barrier and limit.
.TP
\fB--numpty\fR \fIitems\fR[:\fIitems\fR]
Number of pseudo-terminals (PTY). Note that in OpenVZ each VPS can have
not more than 255 PTYs. Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--numsiginfo\fR \fIitems\fR[:\fIitems\fR]
Number of siginfo structures.
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--dcachesize\fR \fIbytes\fR[:\fIbytes\fR]
Maximum size of filesystem-related caches, such as directory entry
and inode caches. Exists as a separate parameter to impose a limit
causing file operations to sense memory shortage and return an errno
to applications, protecting from memory shortages during critical
operations that should not fail.
Safety gap should be between barrier and limit.
.TP
\fB--numiptent\fR \fInum\fR[:\fInum\fR]
Number of iptables (netfilter) entries.
Setting the barrier and
the limit to different values does not make practical sense.
.TP
\fB--physpages\fR \fIpages\fR[:\fIpages\fR]
This is currently an accounting-only parameter. It shows the usage of RAM
by this VPS. Barrier should be set to 0, and limit should be set to
2,147,483,647.
.TP
\fBCPU fair scheduler parameters\fR
These parameters control CPU usage by VPS.
.TP
\fB--cpuunits\fR \fInum\fR
CPU weight for VPS. Argument is positive non-zero number, which passed to
and used in kernel fair scheduler. The larger the number is, the more CPU time
this VPS get. Maximum value is 500000, minimal is 8. Number is relative to
weights of all the other running VPSs. If cpuunits not specified default value
1000 ia used.
You can set CPU weight for VPS0 (hardware node itself) as well
(use \fBvzctl set 0 --cpuunits \fInum\fR).
.TP
\fB--cpulimit\fR \fInum\fR
Limit of CPU usage for the VPS, in per cent.
Note if the computer has 2 CPUs, it has total of 200% CPU time. Default CPU
limit is 0 (no CPU limit).
.TP
\fBIptables control parameters\fR
.TP
.IP "\fB--iptables\fR \fIname\fR"
Restrict access to iptable modules inside VPS (by default all iptables modules that loaded in host system are accessible inside VPS)
You can use the following values for \fIname\fR:
\fIiptable_filter\fR, \fIiptable_mangle\fR, \fIipt_limit\fR,
\fIipt_multiport\fR, \fIipt_tos\fR, \fIipt_TOS\fR, \fIipt_REJECT\fR,
\fIipt_TCPMSS\fR, \fIipt_tcpmss\fR, \fIipt_ttl\fR, \fIipt_LOG\fR,
\fIipt_length\fR, \fIip_conntrack\fR, \fIip_conntrack_ftp\fR,
\fIip_conntrack_irc\fR, \fIipt_conntrack\fR, \fIipt_state\fR,
\fIipt_helper\fR, \fIiptable_nat\fR, \fIip_nat_ftp\fR, \fIip_nat_irc\fR,
\fIipt_REDIRECT\fR.
.TP
\fBNetwork devices control parameters\fR
.IP "\fB--netdev_add\fR \fIname\fR"
move network device from VPS0 to specified VPS
.IP "\fB--netdev_del\fR \fIname\fR"
delete network device from specified VPS
.TP
\fBDisk quota parameters\fR
.TP
\fB--diskspace\fR \fInum\fR[:\fInum\fR]
sets soft and hard disk quotas, in blocks. First parameter is soft quota,
second is hard quota. One block is currently equal to 1Kb.
.TP
\fB--diskinodes\fR \fInum\fR[:\fInum\fR]
sets soft and hard disk quotas, in i-nodes. First parameter is soft quota,
second is hard quota.
.TP
\fB--quotatime\fR \fIseconds\fR
sets soft overusage time limit for disk quota (also known as grace period).
.TP
\fB--quotaugidlimit\fR \fInum\fR
sets maximum number of user/group IDs in VPS for which disk quota in VPS
will be accounted If this value is set to \fI0\fR, user and group
quotas will not be accounted inside VPS.
Note that if you have previously set value of this parameter to \fI0\fR,
changing it while VPS is running will not take effect.
.TP
\fBMount option\fR
.TP
\fB--noatime\fR \fByes\fR|\fBno\fR
Sets noatime flag (do not update inode access times) on file system.
.TP
\fBCapability option\fR
.TP
\fB--capability\fR \fIcapname\fR:\fBon\fR|\fBoff\fR
Sets capability inside VPS. Note that setting capability when VPS is running
does not take immediate effect; restart VPS in order for changes to take
effect. VPS has default set of capability, any operations on capability is
logical and with default capability mask.
You can use the following values for \fIcapname\fR:
\fBchown\fR, \fBdac_override\fR, \fBdac_read_search\fR, \fBfowner\fR,
\fBfsetid\fR, \fBkill\fR, \fBsetgid\fR, \fBsetuid\fR,
\fBsetpcap\fR, \fBlinux_immutable\fR, \fBnet_bind_service\fR,
\fBnet_broadcast\fR, \fBnet_admin\fR, \fBnet_raw\fR,
\fBipc_lock\fR, \fBipc_owner\fR, \fBsys_module\fR, \fBsys_rawio\fR,
\fBsys_chroot\fR, \fBsys_ptrace\fR, \fBsys_pacct\fR,
\fBsys_admin\fR, \fBsys_boot\fR, \fBsys_nice\fR, \fBsys_resource\fR,
\fBsys_time\fR, \fBsys_tty_config\fR, \fBmknod\fR, \fBlease\fR,
\fBsetveid\fR, \fBve_admin\fR
.TP
\fBDevice access management\fR
.TP
\fB--devnodes\fR \fIdevice\fR:\fBr|w|rw|none\fR
Give access (\fBr\fR - read, \fBw\fR - write, \fBrw\fR - read write, \fBnone\fR - no access) to special file /dev/\fIdevice\fR from VPS.
.TP
\fBApply config\fR
.TP
\fB--applyconfig\fR \fIname\fR
Read VPS parameters from VPS sample configuration file
\f(CW\fB/etc/sysconfig/vz-scripts/ve-\fIname\fR\f(CW\fB.conf-sample\fR, and
apply them, if --save option specified save to VPS config file. These parameters
are not changed (\fBHOSTNAME\fR \fBIP_ADDRESS\fR \fBOSTEMPLATE\fR \fBVE_ROOT\fR \fBVE_PRIVATE\fR)
.SS Checkpoint/Restore
.TP
CPT is an extension of Virtuozzo kernel which allows to save full state of running VPS and to restore it later.
.TP
\fBchkpnt\fR <\fIvpsid\fR> \fB[--dumpfile <name>]\fR
This command saves all the state of running VPS to dump file and stop the VPS.
if option \fB--dumpfile\fR is not set default path \fB/vz/dump/Dump.VPSID\fR
is used.
.TP
\fBrestore\fR <\fIvpsid\fR> \fB[--dumpfile <name>]\fR
This command restore VPS from dump file created by \fBchkpnt\fR command.
.SS Performing VPS actions
.IP "\fBcreate\fR \fIvpsid\fR \fB--ostemlate\fR \fIname\fR] [\fB--config\fR \fIname\fR] [\fB--private\fR \fIpath\fR] [\fB--root\fR \fIpath\fR]" 4
Creates VPS area. This operation should be done once, before the first
startup of VPS.
If the \fB--config\fR \fIname\fR option is specified, values from
example configuration file
\f(CW\fB/etc/sysconfig/vz-scripts/ve-\fIname\fR\f(CW\fB.conf-sample\fR
are put into VPS configuration file. If VPS configuration file already exists,
it will be removed.
You can use \fB--root\fR \fIpath\fR option to sets the path to the mount
point for VPS root directory (default is \fBVE_ROOT\fR specified in
\fBvz\fR(5) file). Argument can contain string \fI$VEID\fR, which will
be substituted with numeric VPS ID.
You can use \fB--private\fR \fIpath\fR option to set the path to directory
in which all the files and directories specific to this very VPS are stored
(default is \fBVE_PRIVATE\fR specified in \fBvz\fR(5) file). Argument can
contain string \fI$VEID\fR, which will be substituted with numeric VPS ID.
.IP \fBdestroy\fR 4
Removes VPS private area by deleting all files, directories and configuration
file of this VPS.
.IP \fBstart\fR 4
Mounts (if necessary) and starts VPS.
.IP \fBstop\fR 4
Stops and unmounts VPS.
.IP \fBrestart\fR 4
Restart VPS, stop if running and start.
.IP \fBstatus\fR 4
Shows VPS status. Basically this is a line with five words separated by spaces.
First word is literally \fBVPS\fR. Second word is \fIVPS ID\fR.
Third word is showing whether VPS exists or not,
it can be either \fIexist\fR or \fIdeleted\fR.
Fourth word is showing the status of VPS filesystem,
it can be either \fImounted\fR or \fIunmounted\fR.
Fifth word shows if VPS is running,
it can be either \fIrunning\fR or \fIdown\fR.
This command can also be usable from scripts.
.IP \fBmount\fR 4
Mounts VPS private area.
.IP \fBumount\fR 4
Unmounts VPS private area. Note that \fBstop\fR does \fBumount\fR automatically.
.IP "\fBexec\fR \fIvpsid\fR \fIcommand\fR" 4
Executes \fIcommand\fR in VPS. Environment variables are not set inside VPS.
Signal handlers may differ from default settings. If \fIcommand\fR is \fI-\fR,
commands are read from stdin.
.IP "\fBexec2\fR \fIvpsid\fR \fIcommand\fR" 4
The same as \fBexec\fR, but return code is that of \fIcommand\fR.
.IP \fBrunscript\fR 4
Run specified shell script in VPS, if VPS is not runnning it will be started.
.IP \fBenter\fR 4
Enters into VPS. This option is a back-door for host root only.
.SS Other options
.IP \fB--help\fR 4
Prints help message with a brief list of possible options.
.IP \fB--version\fR 4
Prints \fBvzctl\fR version.
.SH DIAGNOSTICS
Returns 0 upon success.
.SH EXAMPLES
To create and start "basic" VPS with ID 1000 using \fIfedora-3\fR ostemplate, and IP address 192.168.10.200:
.br
\f(CR vzctl create 1000 --ostemplate fedora-3 --config vps.basic
.br
\f(CR vzctl set 1000 --ipadd 192.168.10.200 --save
.br
\f(CR vzctl start 1000
.br
\fR
To set number of processes barrier/limit to 80/100 processes and
PTY barrier/limit to 16/20 PTYs:
.br
\f(CR vzctl set 1000 --numproc 80:100 -t 16:20 --save
\fR
.P
To execute command \fBls -la\fR in this VPS:
.br
\f(CR vzctl exec 1000 /bin/ls -la
\fR
.P
To execute command pipe \fBls -l / | sort\fR in this VPS:
.br
\f(CR vzctl exec 1000 'ls -l / | sort'
\fR
.P
To stop this VPS:
.br
\f(CR vzctl stop 1000
\fR
.P
To permanently remove this VPS:
.br
\f(CR vzctl destroy 1000
\fR
.SH FILES
.ad l
\f(CR
/etc/sysconfig/vz
.br
/etc/sysconfig/vz-scripts/vpsid.conf
.br
/proc/vz/veinfo
.br
/proc/vz/vzquota
.br
/proc/user_beancounters
.br
/proc/fairsched\fR
.SH SEE ALSO
.BR vz (5),
.BR vps.conf (5),
.BR vzquota (8),
.SH LICENSE
Copyright (C) 2000-2005, SWsoft. Licensed under QPL.