pct: cleanup Technology Overview list
[pve-docs.git] / pct.adoc
CommitLineData
0c6b782f
DM
1ifdef::manvolnum[]
2PVE({manvolnum})
3================
38fd0958 4include::attributes.txt[]
0c6b782f
DM
5
6NAME
7----
8
9pct - Tool to manage Linux Containers (LXC) on Proxmox VE
10
11
12SYNOPSYS
13--------
14
15include::pct.1-synopsis.adoc[]
16
17DESCRIPTION
18-----------
19endif::manvolnum[]
20
21ifndef::manvolnum[]
22Proxmox Container Toolkit
23=========================
38fd0958 24include::attributes.txt[]
0c6b782f
DM
25endif::manvolnum[]
26
4a2ae9ed
DM
27
28Containers are a lightweight alternative to fully virtualized
29VMs. Instead of emulating a complete Operating System (OS), containers
30simply use the OS of the host they run on. This implies that all
31containers use the same kernel, and that they can access resources
32from the host directly.
33
34This is great because containers do not waste CPU power nor memory due
35to kernel emulation. Container run-time costs are close to zero and
36usually negligible. But there are also some drawbacks you need to
37consider:
38
39* You can only run Linux based OS inside containers, i.e. it is not
a8e99754 40 possible to run FreeBSD or MS Windows inside.
4a2ae9ed 41
a8e99754 42* For security reasons, access to host resources needs to be
4a2ae9ed 43 restricted. This is done with AppArmor, SecComp filters and other
a8e99754 44 kernel features. Be prepared that some syscalls are not allowed
4a2ae9ed
DM
45 inside containers.
46
47{pve} uses https://linuxcontainers.org/[LXC] as underlying container
48technology. We consider LXC as low-level library, which provides
a8e99754 49countless options. It would be too difficult to use those tools
4a2ae9ed
DM
50directly. Instead, we provide a small wrapper called `pct`, the
51"Proxmox Container Toolkit".
52
a8e99754 53The toolkit is tightly coupled with {pve}. That means that it is aware
4a2ae9ed
DM
54of the cluster setup, and it can use the same network and storage
55resources as fully virtualized VMs. You can even use the {pve}
56firewall, or manage containers using the HA framework.
57
58Our primary goal is to offer an environment as one would get from a
59VM, but without the additional overhead. We call this "System
60Containers".
61
99d2e25b 62NOTE: If you want to run micro-containers (with docker, rkt, ...), it
70a42028 63is best to run them inside a VM.
4a2ae9ed
DM
64
65
66Security Considerations
67-----------------------
68
69Containers use the same kernel as the host, so there is a big attack
70surface for malicious users. You should consider this fact if you
71provide containers to totally untrusted people. In general, fully
a8e99754 72virtualized VMs provide better isolation.
4a2ae9ed
DM
73
74The good news is that LXC uses many kernel security features like
75AppArmor, CGroups and PID and user namespaces, which makes containers
76usage quite secure. We distinguish two types of containers:
77
5eba0743
FG
78
79Privileged Containers
4a2ae9ed
DM
80~~~~~~~~~~~~~~~~~~~~~
81
82Security is done by dropping capabilities, using mandatory access
83control (AppArmor), SecComp filters and namespaces. The LXC team
84considers this kind of container as unsafe, and they will not consider
85new container escape exploits to be security issues worthy of a CVE
86and quick fix. So you should use this kind of containers only inside a
87trusted environment, or when no untrusted task is running as root in
88the container.
89
5eba0743
FG
90
91Unprivileged Containers
4a2ae9ed
DM
92~~~~~~~~~~~~~~~~~~~~~~~
93
a8e99754 94This kind of containers use a new kernel feature called user
5eba0743 95namespaces. The root UID 0 inside the container is mapped to an
4a2ae9ed
DM
96unprivileged user outside the container. This means that most security
97issues (container escape, resource abuse, ...) in those containers
98will affect a random unprivileged user, and so would be a generic
a8e99754 99kernel security bug rather than an LXC issue. The LXC team thinks
4a2ae9ed
DM
100unprivileged containers are safe by design.
101
7fc230db
DM
102
103Configuration
104-------------
105
8c1189b6
FG
106The `/etc/pve/lxc/<CTID>.conf` file stores container configuration,
107where `<CTID>` is the numeric ID of the given container. Like all
108other files stored inside `/etc/pve/`, they get automatically
166e63d6
FG
109replicated to all other cluster nodes.
110
111NOTE: CTIDs < 100 are reserved for internal purposes, and CTIDs need to be
112unique cluster wide.
7fc230db 113
105bc8f1
DM
114.Example Container Configuration
115----
116ostype: debian
117arch: amd64
118hostname: www
119memory: 512
120swap: 512
121net0: bridge=vmbr0,hwaddr=66:64:66:64:64:36,ip=dhcp,name=eth0,type=veth
122rootfs: local:107/vm-107-disk-1.raw,size=7G
123----
124
7fc230db 125Those configuration files are simple text files, and you can edit them
8c1189b6 126using a normal text editor (`vi`, `nano`, ...). This is sometimes
55fb2a21
DM
127useful to do small corrections, but keep in mind that you need to
128restart the container to apply such changes.
129
8c1189b6 130For that reason, it is usually better to use the `pct` command to
55fb2a21
DM
131generate and modify those files, or do the whole thing using the GUI.
132Our toolkit is smart enough to instantaneously apply most changes to
105bc8f1
DM
133running containers. This feature is called "hot plug", and there is no
134need to restart the container in that case.
7fc230db 135
5eba0743 136
7fc230db
DM
137File Format
138~~~~~~~~~~~
139
140Container configuration files use a simple colon separated key/value
141format. Each line has the following format:
142
083adc34
FG
143-----
144# this is a comment
145OPTION: value
146-----
7fc230db 147
8c1189b6 148Blank lines in those files are ignored, and lines starting with a `#`
7fc230db
DM
149character are treated as comments and are also ignored.
150
151It is possible to add low-level, LXC style configuration directly, for
152example:
153
154 lxc.init_cmd: /sbin/my_own_init
155
156or
157
158 lxc.init_cmd = /sbin/my_own_init
159
160Those settings are directly passed to the LXC low-level tools.
161
5eba0743 162
105bc8f1
DM
163Snapshots
164~~~~~~~~~
165
8c1189b6 166When you create a snapshot, `pct` stores the configuration at snapshot
105bc8f1 167time into a separate snapshot section within the same configuration
8c1189b6 168file. For example, after creating a snapshot called ``testsnapshot'',
105bc8f1
DM
169your configuration file will look like this:
170
5eba0743 171.Container configuration with snapshot
105bc8f1
DM
172----
173memory: 512
174swap: 512
175parent: testsnaphot
176...
177
178[testsnaphot]
179memory: 512
180swap: 512
181snaptime: 1457170803
182...
183----
184
8c1189b6
FG
185There are a few snapshot related properties like `parent` and
186`snaptime`. The `parent` property is used to store the parent/child
187relationship between snapshots. `snaptime` is the snapshot creation
188time stamp (Unix epoch).
189
7fc230db 190
3f13c1c3
DM
191Guest Operating System Configuration
192~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
193
194We normally try to detect the operating system type inside the
195container, and then modify some files inside the container to make
196them work as expected. Here is a short list of things we do at
197container startup:
198
199set /etc/hostname:: to set the container name
200
a8e99754 201modify /etc/hosts:: to allow lookup of the local hostname
3f13c1c3
DM
202
203network setup:: pass the complete network setup to the container
204
205configure DNS:: pass information about DNS servers
206
a8e99754 207adapt the init system:: for example, fix the number of spawned getty processes
3f13c1c3
DM
208
209set the root password:: when creating a new container
210
211rewrite ssh_host_keys:: so that each container has unique keys
212
a8e99754 213randomize crontab:: so that cron does not start at the same time on all containers
3f13c1c3 214
25535d34
WB
215Changes made by {PVE} are enclosed by comment markers:
216
37638f59
DM
217----
218# --- BEGIN PVE ---
219<data>
220# --- END PVE ---
221----
25535d34 222
37638f59
DM
223Those markers will be inserted at a reasonable location in the
224file. If such a section already exists, it will be updated in place
225and will not be moved.
25535d34 226
37638f59
DM
227Modification of a file can be prevented by adding a `.pve-ignore.`
228file for it. For instance, if the file `/etc/.pve-ignore.hosts`
229exists then the `/etc/hosts` file will not be touched. This can be a
230simple empty file creatd via:
25535d34
WB
231
232 # touch /etc/.pve-ignore.hosts
233
37638f59
DM
234Most modifications are OS dependent, so they differ between different
235distributions and versions. You can completely disable modifications
8c1189b6 236by manually setting the `ostype` to `unmanaged`.
3f13c1c3
DM
237
238OS type detection is done by testing for certain files inside the
239container:
240
8c1189b6 241Ubuntu:: inspect /etc/lsb-release (`DISTRIB_ID=Ubuntu`)
3f13c1c3
DM
242
243Debian:: test /etc/debian_version
244
245Fedora:: test /etc/fedora-release
246
247RedHat or CentOS:: test /etc/redhat-release
248
249ArchLinux:: test /etc/arch-release
250
251Alpine:: test /etc/alpine-release
252
c617d721
WB
253Gentoo:: test /etc/gentoo-release
254
8c1189b6 255NOTE: Container start fails if the configured `ostype` differs from the auto
3f13c1c3
DM
256detected type.
257
5eba0743 258
a7f36905
DM
259Options
260~~~~~~~
261
262include::pct.conf.5-opts.adoc[]
263
d61bab51
DM
264
265Container Images
266----------------
267
8c1189b6
FG
268Container images, sometimes also referred to as ``templates'' or
269``appliances'', are `tar` archives which contain everything to run a
d61bab51 270container. You can think of it as a tidy container backup. Like most
8c1189b6 271modern container toolkits, `pct` uses those images when you create a
d61bab51
DM
272new container, for example:
273
274 pct create 999 local:vztmpl/debian-8.0-standard_8.0-1_amd64.tar.gz
275
276Proxmox itself ships a set of basic templates for most common
8c1189b6 277operating systems, and you can download them using the `pveam` (short
d61bab51
DM
278for {pve} Appliance Manager) command line utility. You can also
279download https://www.turnkeylinux.org/[TurnKey Linux] containers using
280that tool (or the graphical user interface).
281
3a6fa247
DM
282Our image repositories contain a list of available images, and there
283is a cron job run each day to download that list. You can trigger that
284update manually with:
285
286 pveam update
287
288After that you can view the list of available images using:
289
290 pveam available
291
8c1189b6
FG
292You can restrict this large list by specifying the `section` you are
293interested in, for example basic `system` images:
3a6fa247
DM
294
295.List available system images
296----
297# pveam available --section system
298system archlinux-base_2015-24-29-1_x86_64.tar.gz
299system centos-7-default_20160205_amd64.tar.xz
300system debian-6.0-standard_6.0-7_amd64.tar.gz
301system debian-7.0-standard_7.0-3_amd64.tar.gz
302system debian-8.0-standard_8.0-1_amd64.tar.gz
303system ubuntu-12.04-standard_12.04-1_amd64.tar.gz
304system ubuntu-14.04-standard_14.04-1_amd64.tar.gz
305system ubuntu-15.04-standard_15.04-1_amd64.tar.gz
306system ubuntu-15.10-standard_15.10-1_amd64.tar.gz
307----
308
a8e99754 309Before you can use such a template, you need to download them into one
8c1189b6 310of your storages. You can simply use storage `local` for that
3a6fa247
DM
311purpose. For clustered installations, it is preferred to use a shared
312storage so that all nodes can access those images.
313
314 pveam download local debian-8.0-standard_8.0-1_amd64.tar.gz
315
24f73a63 316You are now ready to create containers using that image, and you can
8c1189b6 317list all downloaded images on storage `local` with:
24f73a63
DM
318
319----
320# pveam list local
321local:vztmpl/debian-8.0-standard_8.0-1_amd64.tar.gz 190.20MB
322----
323
a8e99754 324The above command shows you the full {pve} volume identifiers. They include
24f73a63 325the storage name, and most other {pve} commands can use them. For
5eba0743 326example you can delete that image later with:
24f73a63
DM
327
328 pveam remove local:vztmpl/debian-8.0-standard_8.0-1_amd64.tar.gz
3a6fa247 329
d61bab51 330
70a42028
DM
331Container Storage
332-----------------
333
334Traditional containers use a very simple storage model, only allowing
335a single mount point, the root file system. This was further
8c1189b6
FG
336restricted to specific file system types like `ext4` and `nfs`.
337Additional mounts are often done by user provided scripts. This turned
a8e99754 338out to be complex and error prone, so we try to avoid that now.
70a42028
DM
339
340Our new LXC based container model is more flexible regarding
341storage. First, you can have more than a single mount point. This
342allows you to choose a suitable storage for each application. For
343example, you can use a relatively slow (and thus cheap) storage for
344the container root file system. Then you can use a second mount point
345to mount a very fast, distributed storage for your database
346application.
347
348The second big improvement is that you can use any storage type
349supported by the {pve} storage library. That means that you can store
8c1189b6
FG
350your containers on local `lvmthin` or `zfs`, shared `iSCSI` storage,
351or even on distributed storage systems like `ceph`. It also enables us
352to use advanced storage features like snapshots and clones. `vzdump`
a8e99754 353can also use the snapshot feature to provide consistent container
70a42028
DM
354backups.
355
356Last but not least, you can also mount local devices directly, or
357mount local directories using bind mounts. That way you can access
358local storage inside containers with zero overhead. Such bind mounts
a8e99754 359also provide an easy way to share data between different containers.
70a42028 360
eeecce95 361
9e44e493
DM
362Mount Points
363~~~~~~~~~~~~
eeecce95 364
01639994
FG
365The root mount point is configured with the `rootfs` property, and you can
366configure up to 10 additional mount points. The corresponding options
367are called `mp0` to `mp9`, and they can contain the following setting:
368
369include::pct-mountpoint-opts.adoc[]
370
9e44e493
DM
371Currently there are basically three types of mount points: storage backed
372mount points, bind mounts and device mounts.
373
5eba0743 374.Typical container `rootfs` configuration
4c3b5c77
DM
375----
376rootfs: thin1:base-100-disk-1,size=8G
377----
378
379
5eba0743 380Storage Backed Mount Points
4c3b5c77 381^^^^^^^^^^^^^^^^^^^^^^^^^^^
01639994 382
9e44e493 383Storage backed mount points are managed by the {pve} storage subsystem and come
eeecce95
WB
384in three different flavors:
385
5eba0743 386- Image based: these are raw images containing a single ext4 formatted file
eeecce95 387 system.
5eba0743 388- ZFS subvolumes: these are technically bind mounts, but with managed storage,
eeecce95
WB
389 and thus allow resizing and snapshotting.
390- Directories: passing `size=0` triggers a special case where instead of a raw
391 image a directory is created.
392
4c3b5c77 393
5eba0743 394Bind Mount Points
4c3b5c77 395^^^^^^^^^^^^^^^^^
01639994 396
9baca183
FG
397Bind mounts allow you to access arbitrary directories from your Proxmox VE host
398inside a container. Some potential use cases are:
399
400- Accessing your home directory in the guest
401- Accessing an USB device directory in the guest
acccc49b 402- Accessing an NFS mount from the host in the guest
9baca183 403
eeecce95 404Bind mounts are considered to not be managed by the storage subsystem, so you
9baca183 405cannot make snapshots or deal with quotas from inside the container. With
eeecce95 406unprivileged containers you might run into permission problems caused by the
9baca183
FG
407user mapping and cannot use ACLs.
408
8c1189b6 409NOTE: The contents of bind mount points are not backed up when using `vzdump`.
eeecce95 410
6b707f2c
FG
411WARNING: For security reasons, bind mounts should only be established
412using source directories especially reserved for this purpose, e.g., a
413directory hierarchy under `/mnt/bindmounts`. Never bind mount system
414directories like `/`, `/var` or `/etc` into a container - this poses a
9baca183
FG
415great security risk.
416
417NOTE: The bind mount source path must not contain any symlinks.
418
419For example, to make the directory `/mnt/bindmounts/shared` accessible in the
420container with ID `100` under the path `/shared`, use a configuration line like
8c1189b6
FG
421`mp0: /mnt/bindmounts/shared,mp=/shared` in `/etc/pve/lxc/100.conf`.
422Alternatively, use `pct set 100 -mp0 /mnt/bindmounts/shared,mp=/shared` to
9baca183 423achieve the same result.
6b707f2c 424
4c3b5c77 425
5eba0743 426Device Mount Points
4c3b5c77 427^^^^^^^^^^^^^^^^^^^
fe154a4f 428
7432d78e
FG
429Device mount points allow to mount block devices of the host directly into the
430container. Similar to bind mounts, device mounts are not managed by {PVE}'s
431storage subsystem, but the `quota` and `acl` options will be honored.
432
433NOTE: Device mount points should only be used under special circumstances. In
434most cases a storage backed mount point offers the same performance and a lot
435more features.
436
8c1189b6 437NOTE: The contents of device mount points are not backed up when using `vzdump`.
01639994 438
4c3b5c77 439
5eba0743 440FUSE Mounts
4c3b5c77 441~~~~~~~~~~~
01639994
FG
442
443WARNING: Because of existing issues in the Linux kernel's freezer
444subsystem the usage of FUSE mounts inside a container is strongly
445advised against, as containers need to be frozen for suspend or
446snapshot mode backups.
fe154a4f 447
01639994
FG
448If FUSE mounts cannot be replaced by other mounting mechanisms or storage
449technologies, it is possible to establish the FUSE mount on the Proxmox host
450and use a bind mount point to make it accessible inside the container.
451
01639994 452
5eba0743 453Using Quotas Inside Containers
04c569f6 454~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
d6ed3622 455
9e44e493
DM
456Quotas allow to set limits inside a container for the amount of disk
457space that each user can use. This only works on ext4 image based
458storage types and currently does not work with unprivileged
459containers.
d6ed3622 460
9e44e493
DM
461Activating the `quota` option causes the following mount options to be
462used for a mount point:
463`usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0`
d6ed3622 464
9e44e493
DM
465This allows quotas to be used like you would on any other system. You
466can initialize the `/aquota.user` and `/aquota.group` files by running
d6ed3622 467
9e44e493
DM
468----
469quotacheck -cmug /
470quotaon /
471----
d6ed3622 472
166e63d6
FG
473and edit the quotas via the `edquota` command. Refer to the documentation
474of the distribution running inside the container for details.
475
9e44e493
DM
476NOTE: You need to run the above commands for every mount point by passing
477the mount point's path instead of just `/`.
478
d6ed3622 479
5eba0743 480Using ACLs Inside Containers
04c569f6 481~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6c60aebf 482
5eba0743 483The standard Posix **A**ccess **C**ontrol **L**ists are also available inside containers.
6c60aebf
EK
484ACLs allow you to set more detailed file ownership than the traditional user/
485group/others model.
d6ed3622 486
04c569f6
DM
487
488Container Network
489-----------------
490
bac8c385 491You can configure up to 10 network interfaces for a single
8c1189b6 492container. The corresponding options are called `net0` to `net9`, and
bac8c385
DM
493they can contain the following setting:
494
495include::pct-network-opts.adoc[]
04c569f6
DM
496
497
51e33128
FG
498Backup and Restore
499------------------
500
5eba0743 501
2175e37b
FG
502Container Backup
503~~~~~~~~~~~~~~~~
504
8c1189b6
FG
505It is possible to use the `vzdump` tool for container backup. Please
506refer to the `vzdump` manual page for details.
507
51e33128 508
2175e37b
FG
509Restoring Container Backups
510~~~~~~~~~~~~~~~~~~~~~~~~~~~
511
8c1189b6
FG
512Restoring container backups made with `vzdump` is possible using the
513`pct restore` command. By default, `pct restore` will attempt to restore as much
2175e37b
FG
514of the backed up container configuration as possible. It is possible to override
515the backed up configuration by manually setting container options on the command
8c1189b6 516line (see the `pct` manual page for details).
2175e37b 517
8c1189b6 518NOTE: `pvesm extractconfig` can be used to view the backed up configuration
2175e37b
FG
519contained in a vzdump archive.
520
521There are two basic restore modes, only differing by their handling of mount
522points:
523
4c3b5c77 524
8c1189b6
FG
525``Simple'' Restore Mode
526^^^^^^^^^^^^^^^^^^^^^^^
2175e37b
FG
527
528If neither the `rootfs` parameter nor any of the optional `mpX` parameters
529are explicitly set, the mount point configuration from the backed up
530configuration file is restored using the following steps:
531
532. Extract mount points and their options from backup
533. Create volumes for storage backed mount points (on storage provided with the
534`storage` parameter, or default local storage if unset)
535. Extract files from backup archive
536. Add bind and device mount points to restored configuration (limited to root user)
537
538NOTE: Since bind and device mount points are never backed up, no files are
539restored in the last step, but only the configuration options. The assumption
540is that such mount points are either backed up with another mechanism (e.g.,
541NFS space that is bind mounted into many containers), or not intended to be
542backed up at all.
543
544This simple mode is also used by the container restore operations in the web
545interface.
546
4c3b5c77 547
8c1189b6
FG
548``Advanced'' Restore Mode
549^^^^^^^^^^^^^^^^^^^^^^^^^
2175e37b
FG
550
551By setting the `rootfs` parameter (and optionally, any combination of `mpX`
8c1189b6 552parameters), the `pct restore` command is automatically switched into an
2175e37b
FG
553advanced mode. This advanced mode completely ignores the `rootfs` and `mpX`
554configuration options contained in the backup archive, and instead only
555uses the options explicitly provided as parameters.
556
557This mode allows flexible configuration of mount point settings at restore time,
558for example:
559
560* Set target storages, volume sizes and other options for each mount point
561individually
562* Redistribute backed up files according to new mount point scheme
563* Restore to device and/or bind mount points (limited to root user)
564
51e33128 565
8c1189b6 566Managing Containers with `pct`
04c569f6
DM
567------------------------------
568
8c1189b6 569`pct` is the tool to manage Linux Containers on {pve}. You can create
04c569f6
DM
570and destroy containers, and control execution (start, stop, migrate,
571...). You can use pct to set parameters in the associated config file,
572like network configuration or memory limits.
573
5eba0743 574
04c569f6
DM
575CLI Usage Examples
576~~~~~~~~~~~~~~~~~~
577
578Create a container based on a Debian template (provided you have
5eba0743 579already downloaded the template via the web interface)
04c569f6
DM
580
581 pct create 100 /var/lib/vz/template/cache/debian-8.0-standard_8.0-1_amd64.tar.gz
582
583Start container 100
584
585 pct start 100
586
587Start a login session via getty
588
589 pct console 100
590
591Enter the LXC namespace and run a shell as root user
592
593 pct enter 100
594
595Display the configuration
596
597 pct config 100
598
8c1189b6 599Add a network interface called `eth0`, bridged to the host bridge `vmbr0`,
04c569f6
DM
600set the address and gateway, while it's running
601
602 pct set 100 -net0 name=eth0,bridge=vmbr0,ip=192.168.15.147/24,gw=192.168.15.1
603
604Reduce the memory of the container to 512MB
605
0585f29a
DM
606 pct set 100 -memory 512
607
04c569f6
DM
608
609Files
610------
611
8c1189b6 612`/etc/pve/lxc/<CTID>.conf`::
04c569f6
DM
613
614Configuration file for the container '<CTID>'.
615
616
0c6b782f
DM
617Container Advantages
618--------------------
619
8c1189b6 620* Simple, and fully integrated into {pve}. Setup looks similar to a normal
0c6b782f
DM
621 VM setup.
622
8c1189b6 623** Storage (ZFS, LVM, NFS, Ceph, ...)
0c6b782f 624
8c1189b6 625** Network
0c6b782f 626
8c1189b6 627** Authentication
0c6b782f 628
8c1189b6 629** Cluster
0c6b782f 630
8c1189b6 631* Fast: minimal overhead, as fast as bare metal
0c6b782f 632
8c1189b6 633* High density (perfect for idle workloads)
0c6b782f 634
8c1189b6 635* REST API
0c6b782f 636
8c1189b6 637* Direct hardware access
0c6b782f
DM
638
639
640Technology Overview
641-------------------
642
80b5819d 643* Integrated into {pve} graphical user interface (GUI)
0c6b782f 644
80b5819d 645* LXC (https://linuxcontainers.org/)
0c6b782f 646
80b5819d 647* lxcfs to provide containerized /proc file system
0c6b782f 648
80b5819d 649* AppArmor
0c6b782f 650
80b5819d 651* CRIU: for live migration (planned)
0c6b782f 652
80b5819d 653* We use latest available kernels (4.4.X)
0c6b782f 654
80b5819d 655* Image based deployment (templates)
0c6b782f 656
80b5819d 657* Container setup from host (network, DNS, storage, ...)
0c6b782f
DM
658
659
660ifdef::manvolnum[]
661include::pve-copyright.adoc[]
662endif::manvolnum[]
663
664
665
666
667
668
669