]>
Commit | Line | Data |
---|---|---|
9d2e98ed | 1 | `arch`: `<amd64 | arm64 | armhf | i386 | riscv32 | riscv64>` ('default =' `amd64`):: |
71e16346 DM |
2 | |
3 | OS architecture type. | |
4 | ||
013dc89f | 5 | `cmode`: `<console | shell | tty>` ('default =' `tty`):: |
71e16346 | 6 | |
c2993fe5 | 7 | Console mode. By default, the console command tries to open a connection to one of the available tty devices. By setting cmode to 'console' it tries to attach to /dev/console instead. If you set cmode to 'shell', it simply invokes a shell inside the container (no login). |
71e16346 | 8 | |
013dc89f | 9 | `console`: `<boolean>` ('default =' `1`):: |
71e16346 DM |
10 | |
11 | Attach a console device (/dev/console) to the container. | |
12 | ||
4772952b | 13 | `cores`: `<integer> (1 - 8192)` :: |
de0983cb DM |
14 | |
15 | The number of cores assigned to the container. A container can use all available cores by default. | |
16 | ||
4772952b | 17 | `cpulimit`: `<number> (0 - 8192)` ('default =' `0`):: |
71e16346 DM |
18 | |
19 | Limit of CPU usage. | |
20 | + | |
c2993fe5 | 21 | NOTE: If the computer has 2 CPUs, it has a total of '2' CPU time. Value '0' indicates no CPU limit. |
71e16346 | 22 | |
4e7f60c2 | 23 | `cpuunits`: `<integer> (0 - 500000)` ('default =' `cgroup v1: 1024, cgroup v2: 100`):: |
71e16346 | 24 | |
4e7f60c2 | 25 | CPU weight for a container. Argument is used in the kernel fair scheduler. The larger the number is, the more CPU time this container gets. Number is relative to the weights of all the other running guests. |
71e16346 | 26 | |
739d4d64 TL |
27 | `debug`: `<boolean>` ('default =' `0`):: |
28 | ||
29 | Try to be more verbose. For now this only enables debug log-level on start. | |
30 | ||
013dc89f | 31 | `description`: `<string>` :: |
71e16346 | 32 | |
8f4d9c87 | 33 | Description for the Container. Shown in the web-interface CT's summary. This is saved as comment inside the configuration file. |
71e16346 | 34 | |
c5aa7e14 | 35 | `features`: `[force_rw_sys=<1|0>] [,fuse=<1|0>] [,keyctl=<1|0>] [,mknod=<1|0>] [,mount=<fstype;fstype;...>] [,nesting=<1|0>]` :: |
4d47f125 TL |
36 | |
37 | Allow containers access to advanced features. | |
38 | ||
c5aa7e14 TL |
39 | `force_rw_sys`=`<boolean>` ('default =' `0`);; |
40 | ||
41 | Mount /sys in unprivileged containers as `rw` instead of `mixed`. This can break networking under newer (>= v245) systemd-network use. | |
42 | ||
e2d681b3 TL |
43 | `fuse`=`<boolean>` ('default =' `0`);; |
44 | ||
45 | Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks. | |
46 | ||
4d47f125 TL |
47 | `keyctl`=`<boolean>` ('default =' `0`);; |
48 | ||
49 | For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker. | |
50 | ||
c5aa7e14 TL |
51 | `mknod`=`<boolean>` ('default =' `0`);; |
52 | ||
53 | Allow unprivileged containers to use mknod() to add certain device nodes. This requires a kernel with seccomp trap to user space support (5.3 or newer). This is experimental. | |
54 | ||
4d47f125 TL |
55 | `mount`=`<fstype;fstype;...>` ;; |
56 | ||
57 | Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc. | |
58 | ||
59 | `nesting`=`<boolean>` ('default =' `0`);; | |
60 | ||
61 | Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest. | |
62 | ||
5f26e15b TL |
63 | `hookscript`: `<string>` :: |
64 | ||
65 | Script that will be exectued during various steps in the containers lifetime. | |
66 | ||
013dc89f | 67 | `hostname`: `<string>` :: |
71e16346 DM |
68 | |
69 | Set a host name for the container. | |
70 | ||
1c532546 | 71 | `lock`: `<backup | create | destroyed | disk | fstrim | migrate | mounted | rollback | snapshot | snapshot-delete>` :: |
71e16346 | 72 | |
4e7f60c2 | 73 | Lock/unlock the container. |
71e16346 | 74 | |
013dc89f | 75 | `memory`: `<integer> (16 - N)` ('default =' `512`):: |
71e16346 | 76 | |
4e7f60c2 | 77 | Amount of RAM for the container in MB. |
71e16346 | 78 | |
7cbed89a | 79 | `mp[n]`: `[volume=]<volume> ,mp=<Path> [,acl=<1|0>] [,backup=<1|0>] [,mountoptions=<opt[;opt...]>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` :: |
71e16346 | 80 | |
d2656385 | 81 | Use volume as container mount point. Use the special syntax STORAGE_ID:SIZE_IN_GiB to allocate a new volume. |
c2993fe5 | 82 | |
013dc89f | 83 | `acl`=`<boolean>` ;; |
c2993fe5 DM |
84 | |
85 | Explicitly enable or disable ACL support. | |
86 | ||
013dc89f | 87 | `backup`=`<boolean>` ;; |
c2993fe5 | 88 | |
de0983cb | 89 | Whether to include the mount point in backups (only used for volume mount points). |
c2993fe5 | 90 | |
7cbed89a TL |
91 | `mountoptions`=`<opt[;opt...]>` ;; |
92 | ||
93 | Extra mount options for rootfs/mps. | |
94 | ||
c2993fe5 DM |
95 | `mp`=`<Path>` ;; |
96 | ||
de0983cb | 97 | Path to the mount point as seen from inside the container. |
2c0dde61 DM |
98 | + |
99 | NOTE: Must not contain any symlinks for security reasons. | |
c2993fe5 | 100 | |
013dc89f | 101 | `quota`=`<boolean>` ;; |
c2993fe5 DM |
102 | |
103 | Enable user quotas inside the container (not supported with zfs subvolumes) | |
104 | ||
5d9c884c DM |
105 | `replicate`=`<boolean>` ('default =' `1`);; |
106 | ||
107 | Will include this volume to a storage replica job. | |
108 | ||
013dc89f | 109 | `ro`=`<boolean>` ;; |
c2993fe5 | 110 | |
de0983cb DM |
111 | Read-only mount point |
112 | ||
013dc89f | 113 | `shared`=`<boolean>` ('default =' `0`);; |
de0983cb DM |
114 | |
115 | Mark this non-volume mount point as available on all nodes. | |
116 | + | |
117 | WARNING: This option does not share the mount point automatically, it assumes it is shared already! | |
c2993fe5 DM |
118 | |
119 | `size`=`<DiskSize>` ;; | |
120 | ||
121 | Volume size (read only value). | |
122 | ||
123 | `volume`=`<volume>` ;; | |
124 | ||
125 | Volume, device or directory to mount into the container. | |
71e16346 | 126 | |
013dc89f | 127 | `nameserver`: `<string>` :: |
71e16346 | 128 | |
c2993fe5 | 129 | Sets DNS server IP address for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver. |
71e16346 | 130 | |
9d2e98ed | 131 | `net[n]`: `name=<string> [,bridge=<bridge>] [,firewall=<1|0>] [,gw=<GatewayIPv4>] [,gw6=<GatewayIPv6>] [,hwaddr=<XX:XX:XX:XX:XX:XX>] [,ip=<(IPv4/CIDR|dhcp|manual)>] [,ip6=<(IPv6/CIDR|auto|dhcp|manual)>] [,link_down=<1|0>] [,mtu=<integer>] [,rate=<mbps>] [,tag=<integer>] [,trunks=<vlanid[;vlanid...]>] [,type=<veth>]` :: |
71e16346 DM |
132 | |
133 | Specifies network interfaces for the container. | |
134 | ||
c2993fe5 DM |
135 | `bridge`=`<bridge>` ;; |
136 | ||
137 | Bridge to attach the network device to. | |
138 | ||
013dc89f | 139 | `firewall`=`<boolean>` ;; |
c2993fe5 DM |
140 | |
141 | Controls whether this interface's firewall rules should be used. | |
142 | ||
143 | `gw`=`<GatewayIPv4>` ;; | |
144 | ||
145 | Default gateway for IPv4 traffic. | |
146 | ||
147 | `gw6`=`<GatewayIPv6>` ;; | |
148 | ||
149 | Default gateway for IPv6 traffic. | |
150 | ||
151 | `hwaddr`=`<XX:XX:XX:XX:XX:XX>` ;; | |
152 | ||
95895385 | 153 | A common MAC address with the I/G (Individual/Group) bit not set. |
c2993fe5 | 154 | |
2489d6df | 155 | `ip`=`<(IPv4/CIDR|dhcp|manual)>` ;; |
c2993fe5 DM |
156 | |
157 | IPv4 address in CIDR format. | |
158 | ||
2489d6df | 159 | `ip6`=`<(IPv6/CIDR|auto|dhcp|manual)>` ;; |
c2993fe5 DM |
160 | |
161 | IPv6 address in CIDR format. | |
162 | ||
9d2e98ed TL |
163 | `link_down`=`<boolean>` ;; |
164 | ||
165 | Whether this interface should be disconnected (like pulling the plug). | |
166 | ||
81a3384d | 167 | `mtu`=`<integer> (64 - 65535)` ;; |
c2993fe5 DM |
168 | |
169 | Maximum transfer unit of the interface. (lxc.network.mtu) | |
170 | ||
171 | `name`=`<string>` ;; | |
172 | ||
173 | Name of the network device as seen from inside the container. (lxc.network.name) | |
174 | ||
175 | `rate`=`<mbps>` ;; | |
176 | ||
177 | Apply rate limiting to the interface | |
178 | ||
013dc89f | 179 | `tag`=`<integer> (1 - 4094)` ;; |
c2993fe5 DM |
180 | |
181 | VLAN tag for this interface. | |
182 | ||
183 | `trunks`=`<vlanid[;vlanid...]>` ;; | |
184 | ||
185 | VLAN ids to pass through the interface | |
186 | ||
013dc89f | 187 | `type`=`<veth>` ;; |
c2993fe5 DM |
188 | |
189 | Network interface type. | |
190 | ||
013dc89f | 191 | `onboot`: `<boolean>` ('default =' `0`):: |
71e16346 | 192 | |
4e7f60c2 | 193 | Specifies whether a container will be started during system bootup. |
71e16346 | 194 | |
7af2edf9 | 195 | `ostype`: `<alpine | archlinux | centos | debian | devuan | fedora | gentoo | nixos | opensuse | ubuntu | unmanaged>` :: |
71e16346 | 196 | |
c2993fe5 | 197 | OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup. |
71e16346 | 198 | |
013dc89f | 199 | `protection`: `<boolean>` ('default =' `0`):: |
71e16346 | 200 | |
c2993fe5 | 201 | Sets the protection flag of the container. This will prevent the CT or CT's disk remove/update operation. |
71e16346 | 202 | |
7cbed89a | 203 | `rootfs`: `[volume=]<volume> [,acl=<1|0>] [,mountoptions=<opt[;opt...]>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` :: |
71e16346 DM |
204 | |
205 | Use volume as container root. | |
206 | ||
013dc89f | 207 | `acl`=`<boolean>` ;; |
c2993fe5 DM |
208 | |
209 | Explicitly enable or disable ACL support. | |
210 | ||
7cbed89a TL |
211 | `mountoptions`=`<opt[;opt...]>` ;; |
212 | ||
213 | Extra mount options for rootfs/mps. | |
214 | ||
013dc89f | 215 | `quota`=`<boolean>` ;; |
c2993fe5 DM |
216 | |
217 | Enable user quotas inside the container (not supported with zfs subvolumes) | |
218 | ||
5d9c884c DM |
219 | `replicate`=`<boolean>` ('default =' `1`);; |
220 | ||
221 | Will include this volume to a storage replica job. | |
222 | ||
013dc89f | 223 | `ro`=`<boolean>` ;; |
c2993fe5 | 224 | |
de0983cb DM |
225 | Read-only mount point |
226 | ||
013dc89f | 227 | `shared`=`<boolean>` ('default =' `0`);; |
de0983cb DM |
228 | |
229 | Mark this non-volume mount point as available on all nodes. | |
230 | + | |
231 | WARNING: This option does not share the mount point automatically, it assumes it is shared already! | |
c2993fe5 DM |
232 | |
233 | `size`=`<DiskSize>` ;; | |
234 | ||
235 | Volume size (read only value). | |
236 | ||
237 | `volume`=`<volume>` ;; | |
238 | ||
239 | Volume, device or directory to mount into the container. | |
240 | ||
013dc89f | 241 | `searchdomain`: `<string>` :: |
71e16346 | 242 | |
c2993fe5 | 243 | Sets DNS search domains for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver. |
71e16346 DM |
244 | |
245 | `startup`: `[[order=]\d+] [,up=\d+] [,down=\d+] ` :: | |
246 | ||
c2993fe5 | 247 | Startup and shutdown behavior. Order is a non-negative number defining the general startup order. Shutdown in done with reverse ordering. Additionally you can set the 'up' or 'down' delay in seconds, which specifies a delay to wait before the next VM is started or stopped. |
71e16346 | 248 | |
013dc89f | 249 | `swap`: `<integer> (0 - N)` ('default =' `512`):: |
71e16346 | 250 | |
4e7f60c2 | 251 | Amount of SWAP for the container in MB. |
71e16346 | 252 | |
5c1699e5 TL |
253 | `tags`: `<string>` :: |
254 | ||
255 | Tags of the Container. This is only meta information. | |
256 | ||
013dc89f | 257 | `template`: `<boolean>` ('default =' `0`):: |
71e16346 DM |
258 | |
259 | Enable/disable Template. | |
260 | ||
04d22a9f TL |
261 | `timezone`: `<string>` :: |
262 | ||
263 | Time zone to use in the container. If option isn't set, then nothing will be done. Can be set to 'host' to match the host time zone, or an arbitrary time zone option from /usr/share/zoneinfo/zone.tab | |
264 | ||
013dc89f | 265 | `tty`: `<integer> (0 - 6)` ('default =' `2`):: |
71e16346 DM |
266 | |
267 | Specify the number of tty available to the container | |
268 | ||
013dc89f | 269 | `unprivileged`: `<boolean>` ('default =' `0`):: |
71e16346 | 270 | |
c2993fe5 | 271 | Makes the container run as unprivileged user. (Should not be modified manually.) |
71e16346 | 272 | |
c5aa7e14 | 273 | `unused[n]`: `[volume=]<volume>` :: |
71e16346 | 274 | |
c2993fe5 | 275 | Reference to unused volumes. This is used internally, and should not be modified manually. |
71e16346 | 276 | |
c5aa7e14 TL |
277 | `volume`=`<volume>` ;; |
278 | ||
279 | The volume that is not used currently. | |
280 |