[pve-docs.git] / pct.conf.5-opts.adoc

`arch`: `<amd64 | arm64 | armhf | i386>` ('default =' `amd64`)::

OS architecture type.

`cmode`: `<console | shell | tty>` ('default =' `tty`)::

Console mode. By default, the console command tries to open a connection to one of the available tty devices. By setting cmode to 'console' it tries to attach to /dev/console instead. If you set cmode to 'shell', it simply invokes a shell inside the container (no login).

`console`: `<boolean>` ('default =' `1`)::

Attach a console device (/dev/console) to the container.

`cores`: `<integer> (1 - 128)` ::

The number of cores assigned to the container. A container can use all available cores by default.

`cpulimit`: `<number> (0 - 128)` ('default =' `0`)::

Limit of CPU usage.
+
NOTE: If the computer has 2 CPUs, it has a total of '2' CPU time. Value '0' indicates no CPU limit.

`cpuunits`: `<integer> (0 - 500000)` ('default =' `1024`)::

CPU weight for a VM. Argument is used in the kernel fair scheduler. The larger the number is, the more CPU time this VM gets. Number is relative to the weights of all the other running VMs.
+
NOTE: You can disable fair-scheduler configuration by setting this to 0.

`description`: `<string>` ::

Container description. Only used on the configuration web interface.

`features`: `[fuse=<1|0>] [,keyctl=<1|0>] [,mount=<fstype;fstype;...>] [,nesting=<1|0>]` ::

Allow containers access to advanced features.

`fuse`=`<boolean>` ('default =' `0`);;

Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.

`keyctl`=`<boolean>` ('default =' `0`);;

For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.

`mount`=`<fstype;fstype;...>` ;;

Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc.

`nesting`=`<boolean>` ('default =' `0`);;

Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest.

`hookscript`: `<string>` ::

Script that will be exectued during various steps in the containers lifetime.

`hostname`: `<string>` ::

Set a host name for the container.

`lock`: `<backup | disk | migrate | mounted | rollback | snapshot | snapshot-delete>` ::

Lock/unlock the VM.

`memory`: `<integer> (16 - N)` ('default =' `512`)::

Amount of RAM for the VM in MB.

`mp[n]`: `[volume=]<volume> ,mp=<Path> [,acl=<1|0>] [,backup=<1|0>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` ::

Use volume as container mount point.

`acl`=`<boolean>` ;;

Explicitly enable or disable ACL support.

`backup`=`<boolean>` ;;

Whether to include the mount point in backups (only used for volume mount points).

`mp`=`<Path>` ;;

Path to the mount point as seen from inside the container.
+
NOTE: Must not contain any symlinks for security reasons.

`quota`=`<boolean>` ;;

Enable user quotas inside the container (not supported with zfs subvolumes)

`replicate`=`<boolean>` ('default =' `1`);;

Will include this volume to a storage replica job.

`ro`=`<boolean>` ;;

Read-only mount point

`shared`=`<boolean>` ('default =' `0`);;

Mark this non-volume mount point as available on all nodes.
+
WARNING: This option does not share the mount point automatically, it assumes it is shared already!

`size`=`<DiskSize>` ;;

Volume size (read only value).

`volume`=`<volume>` ;;

Volume, device or directory to mount into the container.

`nameserver`: `<string>` ::

Sets DNS server IP address for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver.

`net[n]`: `name=<string> [,bridge=<bridge>] [,firewall=<1|0>] [,gw=<GatewayIPv4>] [,gw6=<GatewayIPv6>] [,hwaddr=<XX:XX:XX:XX:XX:XX>] [,ip=<(IPv4/CIDR|dhcp|manual)>] [,ip6=<(IPv6/CIDR|auto|dhcp|manual)>] [,mtu=<integer>] [,rate=<mbps>] [,tag=<integer>] [,trunks=<vlanid[;vlanid...]>] [,type=<veth>]` ::

Specifies network interfaces for the container.

`bridge`=`<bridge>` ;;

Bridge to attach the network device to.

`firewall`=`<boolean>` ;;

Controls whether this interface's firewall rules should be used.

`gw`=`<GatewayIPv4>` ;;

Default gateway for IPv4 traffic.

`gw6`=`<GatewayIPv6>` ;;

Default gateway for IPv6 traffic.

`hwaddr`=`<XX:XX:XX:XX:XX:XX>` ;;

The interface MAC address. This is dynamically allocated by default, but you can set that statically if needed, for example to always have the same link-local IPv6 address. (lxc.network.hwaddr)

`ip`=`<(IPv4/CIDR|dhcp|manual)>` ;;

IPv4 address in CIDR format.

`ip6`=`<(IPv6/CIDR|auto|dhcp|manual)>` ;;

IPv6 address in CIDR format.

`mtu`=`<integer> (64 - N)` ;;

Maximum transfer unit of the interface. (lxc.network.mtu)

`name`=`<string>` ;;

Name of the network device as seen from inside the container. (lxc.network.name)

`rate`=`<mbps>` ;;

Apply rate limiting to the interface

`tag`=`<integer> (1 - 4094)` ;;

VLAN tag for this interface.

`trunks`=`<vlanid[;vlanid...]>` ;;

VLAN ids to pass through the interface

`type`=`<veth>` ;;

Network interface type.

`onboot`: `<boolean>` ('default =' `0`)::

Specifies whether a VM will be started during system bootup.

`ostype`: `<alpine | archlinux | centos | debian | fedora | gentoo | opensuse | ubuntu | unmanaged>` ::

OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup.

`protection`: `<boolean>` ('default =' `0`)::

Sets the protection flag of the container. This will prevent the CT or CT's disk remove/update operation.

`rootfs`: `[volume=]<volume> [,acl=<1|0>] [,quota=<1|0>] [,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>] [,size=<DiskSize>]` ::

Use volume as container root.

`acl`=`<boolean>` ;;

Explicitly enable or disable ACL support.

`quota`=`<boolean>` ;;

Enable user quotas inside the container (not supported with zfs subvolumes)

`replicate`=`<boolean>` ('default =' `1`);;

Will include this volume to a storage replica job.

`ro`=`<boolean>` ;;

Read-only mount point

`shared`=`<boolean>` ('default =' `0`);;

Mark this non-volume mount point as available on all nodes.
+
WARNING: This option does not share the mount point automatically, it assumes it is shared already!

`size`=`<DiskSize>` ;;

Volume size (read only value).

`volume`=`<volume>` ;;

Volume, device or directory to mount into the container.

`searchdomain`: `<string>` ::

Sets DNS search domains for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver.

`startup`: `[[order=]\d+] [,up=\d+] [,down=\d+] ` ::

Startup and shutdown behavior. Order is a non-negative number defining the general startup order. Shutdown in done with reverse ordering. Additionally you can set the 'up' or 'down' delay in seconds, which specifies a delay to wait before the next VM is started or stopped.

`swap`: `<integer> (0 - N)` ('default =' `512`)::

Amount of SWAP for the VM in MB.

`template`: `<boolean>` ('default =' `0`)::

Enable/disable Template.

`tty`: `<integer> (0 - 6)` ('default =' `2`)::

Specify the number of tty available to the container

`unprivileged`: `<boolean>` ('default =' `0`)::

Makes the container run as unprivileged user. (Should not be modified manually.)

`unused[n]`: `<string>` ::

Reference to unused volumes. This is used internally, and should not be modified manually.
Commit	Line	Data
	1	`arch`: `<amd64 \| arm64 \| armhf \| i386>` ('default =' `amd64`)::
	2
	3	OS architecture type.
	4
	5	`cmode`: `<console \| shell \| tty>` ('default =' `tty`)::
	6
	7	Console mode. By default, the console command tries to open a connection to one of the available tty devices. By setting cmode to 'console' it tries to attach to /dev/console instead. If you set cmode to 'shell', it simply invokes a shell inside the container (no login).
	8
	9	`console`: `<boolean>` ('default =' `1`)::
	10
	11	Attach a console device (/dev/console) to the container.
	12
	13	`cores`: `<integer> (1 - 128)` ::
	14
	15	The number of cores assigned to the container. A container can use all available cores by default.
	16
	17	`cpulimit`: `<number> (0 - 128)` ('default =' `0`)::
	18
	19	Limit of CPU usage.
	20	+
	21	NOTE: If the computer has 2 CPUs, it has a total of '2' CPU time. Value '0' indicates no CPU limit.
	22
	23	`cpuunits`: `<integer> (0 - 500000)` ('default =' `1024`)::
	24
	25	CPU weight for a VM. Argument is used in the kernel fair scheduler. The larger the number is, the more CPU time this VM gets. Number is relative to the weights of all the other running VMs.
	26	+
	27	NOTE: You can disable fair-scheduler configuration by setting this to 0.
	28
	29	`description`: `<string>` ::
	30
	31	Container description. Only used on the configuration web interface.
	32
	33	`features`: `[fuse=<1\|0>] [,keyctl=<1\|0>] [,mount=<fstype;fstype;...>] [,nesting=<1\|0>]` ::
	34
	35	Allow containers access to advanced features.
	36
	37	`fuse`=`<boolean>` ('default =' `0`);;
	38
	39	Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.
	40
	41	`keyctl`=`<boolean>` ('default =' `0`);;
	42
	43	For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.
	44
	45	`mount`=`<fstype;fstype;...>` ;;
	46
	47	Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc.
	48
	49	`nesting`=`<boolean>` ('default =' `0`);;
	50
	51	Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest.
	52
	53	`hookscript`: `<string>` ::
	54
	55	Script that will be exectued during various steps in the containers lifetime.
	56
	57	`hostname`: `<string>` ::
	58
	59	Set a host name for the container.
	60
	61	`lock`: `<backup \| disk \| migrate \| mounted \| rollback \| snapshot \| snapshot-delete>` ::
	62
	63	Lock/unlock the VM.
	64
	65	`memory`: `<integer> (16 - N)` ('default =' `512`)::
	66
	67	Amount of RAM for the VM in MB.
	68
	69	`mp[n]`: `[volume=]<volume> ,mp=<Path> [,acl=<1\|0>] [,backup=<1\|0>] [,quota=<1\|0>] [,replicate=<1\|0>] [,ro=<1\|0>] [,shared=<1\|0>] [,size=<DiskSize>]` ::
	70
	71	Use volume as container mount point.
	72
	73	`acl`=`<boolean>` ;;
	74
	75	Explicitly enable or disable ACL support.
	76
	77	`backup`=`<boolean>` ;;
	78
	79	Whether to include the mount point in backups (only used for volume mount points).
	80
	81	`mp`=`<Path>` ;;
	82
	83	Path to the mount point as seen from inside the container.
	84	+
	85	NOTE: Must not contain any symlinks for security reasons.
	86
	87	`quota`=`<boolean>` ;;
	88
	89	Enable user quotas inside the container (not supported with zfs subvolumes)
	90
	91	`replicate`=`<boolean>` ('default =' `1`);;
	92
	93	Will include this volume to a storage replica job.
	94
	95	`ro`=`<boolean>` ;;
	96
	97	Read-only mount point
	98
	99	`shared`=`<boolean>` ('default =' `0`);;
	100
	101	Mark this non-volume mount point as available on all nodes.
	102	+
	103	WARNING: This option does not share the mount point automatically, it assumes it is shared already!
	104
	105	`size`=`<DiskSize>` ;;
	106
	107	Volume size (read only value).
	108
	109	`volume`=`<volume>` ;;
	110
	111	Volume, device or directory to mount into the container.
	112
	113	`nameserver`: `<string>` ::
	114
	115	Sets DNS server IP address for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver.
	116
	117	`net[n]`: `name=<string> [,bridge=<bridge>] [,firewall=<1\|0>] [,gw=<GatewayIPv4>] [,gw6=<GatewayIPv6>] [,hwaddr=<XX:XX:XX:XX:XX:XX>] [,ip=<(IPv4/CIDR\|dhcp\|manual)>] [,ip6=<(IPv6/CIDR\|auto\|dhcp\|manual)>] [,mtu=<integer>] [,rate=<mbps>] [,tag=<integer>] [,trunks=<vlanid[;vlanid...]>] [,type=<veth>]` ::
	118
	119	Specifies network interfaces for the container.
	120
	121	`bridge`=`<bridge>` ;;
	122
	123	Bridge to attach the network device to.
	124
	125	`firewall`=`<boolean>` ;;
	126
	127	Controls whether this interface's firewall rules should be used.
	128
	129	`gw`=`<GatewayIPv4>` ;;
	130
	131	Default gateway for IPv4 traffic.
	132
	133	`gw6`=`<GatewayIPv6>` ;;
	134
	135	Default gateway for IPv6 traffic.
	136
	137	`hwaddr`=`<XX:XX:XX:XX:XX:XX>` ;;
	138
	139	The interface MAC address. This is dynamically allocated by default, but you can set that statically if needed, for example to always have the same link-local IPv6 address. (lxc.network.hwaddr)
	140
	141	`ip`=`<(IPv4/CIDR\|dhcp\|manual)>` ;;
	142
	143	IPv4 address in CIDR format.
	144
	145	`ip6`=`<(IPv6/CIDR\|auto\|dhcp\|manual)>` ;;
	146
	147	IPv6 address in CIDR format.
	148
	149	`mtu`=`<integer> (64 - N)` ;;
	150
	151	Maximum transfer unit of the interface. (lxc.network.mtu)
	152
	153	`name`=`<string>` ;;
	154
	155	Name of the network device as seen from inside the container. (lxc.network.name)
	156
	157	`rate`=`<mbps>` ;;
	158
	159	Apply rate limiting to the interface
	160
	161	`tag`=`<integer> (1 - 4094)` ;;
	162
	163	VLAN tag for this interface.
	164
	165	`trunks`=`<vlanid[;vlanid...]>` ;;
	166
	167	VLAN ids to pass through the interface
	168
	169	`type`=`<veth>` ;;
	170
	171	Network interface type.
	172
	173	`onboot`: `<boolean>` ('default =' `0`)::
	174
	175	Specifies whether a VM will be started during system bootup.
	176
	177	`ostype`: `<alpine \| archlinux \| centos \| debian \| fedora \| gentoo \| opensuse \| ubuntu \| unmanaged>` ::
	178
	179	OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup.
	180
	181	`protection`: `<boolean>` ('default =' `0`)::
	182
	183	Sets the protection flag of the container. This will prevent the CT or CT's disk remove/update operation.
	184
	185	`rootfs`: `[volume=]<volume> [,acl=<1\|0>] [,quota=<1\|0>] [,replicate=<1\|0>] [,ro=<1\|0>] [,shared=<1\|0>] [,size=<DiskSize>]` ::
	186
	187	Use volume as container root.
	188
	189	`acl`=`<boolean>` ;;
	190
	191	Explicitly enable or disable ACL support.
	192
	193	`quota`=`<boolean>` ;;
	194
	195	Enable user quotas inside the container (not supported with zfs subvolumes)
	196
	197	`replicate`=`<boolean>` ('default =' `1`);;
	198
	199	Will include this volume to a storage replica job.
	200
	201	`ro`=`<boolean>` ;;
	202
	203	Read-only mount point
	204
	205	`shared`=`<boolean>` ('default =' `0`);;
	206
	207	Mark this non-volume mount point as available on all nodes.
	208	+
	209	WARNING: This option does not share the mount point automatically, it assumes it is shared already!
	210
	211	`size`=`<DiskSize>` ;;
	212
	213	Volume size (read only value).
	214
	215	`volume`=`<volume>` ;;
	216
	217	Volume, device or directory to mount into the container.
	218
	219	`searchdomain`: `<string>` ::
	220
	221	Sets DNS search domains for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver.
	222
	223	`startup`: `[[order=]\d+] [,up=\d+] [,down=\d+] ` ::
	224
	225	Startup and shutdown behavior. Order is a non-negative number defining the general startup order. Shutdown in done with reverse ordering. Additionally you can set the 'up' or 'down' delay in seconds, which specifies a delay to wait before the next VM is started or stopped.
	226
	227	`swap`: `<integer> (0 - N)` ('default =' `512`)::
	228
	229	Amount of SWAP for the VM in MB.
	230
	231	`template`: `<boolean>` ('default =' `0`)::
	232
	233	Enable/disable Template.
	234
	235	`tty`: `<integer> (0 - 6)` ('default =' `2`)::
	236
	237	Specify the number of tty available to the container
	238
	239	`unprivileged`: `<boolean>` ('default =' `0`)::
	240
	241	Makes the container run as unprivileged user. (Should not be modified manually.)
	242
	243	`unused[n]`: `<string>` ::
	244
	245	Reference to unused volumes. This is used internally, and should not be modified manually.
	246