X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=pct.adoc;h=0c901064565c203e9493458ad2b9a3b7c7c69a73;hb=d6754f0f8bf21a3213b2ac20003e9b5468c1e811;hp=0be738b59b89c33a443de654910109200cc4ac22;hpb=76aaaeab21f4e0d2f47fb7b593116a1cdb22109d;p=pve-docs.git diff --git a/pct.adoc b/pct.adoc index 0be738b..0c90106 100644 --- a/pct.adoc +++ b/pct.adoc @@ -36,28 +36,33 @@ the host system directly. The runtime costs for containers is low, usually negligible. However, there are some drawbacks that need be considered: -* Only Linux distributions can be run in containers. It is not possible to run - other Operating Systems like, for example, FreeBSD or Microsoft Windows +* Only Linux distributions can be run in Proxmox Containers. It is not possible to run + other operating systems like, for example, FreeBSD or Microsoft Windows inside a container. * For security reasons, access to host resources needs to be restricted. - Containers run in their own separate namespaces. Additionally some syscalls - are not allowed within containers. + Therefore, containers run in their own separate namespaces. Additionally some + syscalls (user space requests to the Linux kernel) are not allowed within containers. -{pve} uses https://linuxcontainers.org/[Linux Containers (LXC)] as underlying +{pve} uses https://linuxcontainers.org/lxc/introduction/[Linux Containers (LXC)] as its underlying container technology. The ``Proxmox Container Toolkit'' (`pct`) simplifies the -usage and management of LXC containers. +usage and management of LXC, by providing an interface that abstracts +complex tasks. Containers are tightly integrated with {pve}. This means that they are aware of the cluster setup, and they can use the same network and storage resources as virtual machines. You can also use the {pve} firewall, or manage containers using the HA framework. -Our primary goal is to offer an environment as one would get from a VM, but -without the additional overhead. We call this ``System Containers''. +Our primary goal is to offer an environment that provides the benefits of using a +VM, but without the additional overhead. This means that Proxmox Containers can +be categorized as ``System Containers'', rather than ``Application Containers''. -NOTE: If you want to run micro-containers, for example, 'Docker' or 'rkt', it -is best to run them inside a VM. +NOTE: If you want to run application containers, for example, 'Docker' images, it +is recommended that you run them inside a Proxmox Qemu VM. This will give you +all the advantages of application containerization, while also providing the +benefits that VMs offer, such as strong isolation from the host and the ability +to live-migrate, which otherwise isn't possible with containers. Technology Overview @@ -786,22 +791,39 @@ Reduce the memory of the container to 512MB # pct set 100 -memory 512 ---- +Destroying a container always removes it from Access Control Lists and it always +removes the firewall configuration of the container. You have to activate +'--purge', if you want to additionally remove the container from replication jobs, +backup jobs and HA resource configurations. + +---- +# pct destroy 100 --purge +---- + + Obtaining Debugging Logs ~~~~~~~~~~~~~~~~~~~~~~~~ In case `pct start` is unable to start a specific container, it might be -helpful to collect debugging output by running `lxc-start` (replace `ID` with -the container's ID): +helpful to collect debugging output by passing the `--debug` flag (replace `CTID` with +the container's CTID): + +---- +# pct start CTID --debug +---- + +Alternatively, you can use the following `lxc-start` command, which will save +the debug log to the file specified by the `-o` output option: ---- -# lxc-start -n ID -F -l DEBUG -o /tmp/lxc-ID.log +# lxc-start -n CTID -F -l DEBUG -o /tmp/lxc-CTID.log ---- This command will attempt to start the container in foreground mode, to stop -the container run `pct shutdown ID` or `pct stop ID` in a second terminal. +the container run `pct shutdown CTID` or `pct stop CTID` in a second terminal. -The collected debug log is written to `/tmp/lxc-ID.log`. +The collected debug log is written to `/tmp/lxc-CTID.log`. NOTE: If you have changed the container's configuration since the last start attempt with `pct start`, you need to run `pct start` at least once to also