pctl set

This command is used for setting Container parameters. It has the following syntax:

pctl set < CT_ID > <option> <value> [--save]

An optional –-save switch, if specified, tells pctl to save changes into the Container configuration file /etc/vz/conf/ <CT_ID> .conf . Practically all Container settings can be changed dynamically without the necessity of Container reboot. The exceptions are –-onboot, –-quotaugidnum, --capability, --private, and --root .

The options specified in this file can be subdivided into the following categories: miscellaneous, networking, and resource management parameters.

Note: In Parallels Server Bare Metal, you can also use the pctl set command to specify a number of parameters for the server itself. Currently, these parameters include: --cpuunits , --numproc , --numtcpsock , --numothersock , --vmguarpages , --kmemsize , --tcpsndbuf , --tcprcvbuf , --othersockbuf , --dgramrcvbuf , --oomguarpages , --lockedpages , --shmpages , --privvmpages , --numfile , --numflock , --numpty , --numsiginfo , and --dcachesize . Any of these parameters can be set by indicating 0 as the value of < CT_ID > .

Miscellaneous options:

`--onboot yes\|no`	This setting requires the `–-save` switch. If you set it to “yes” than Parallels Server Bare Metal will automatically start this Container on next system startup. Note: If "yes" is specified as the value of this parameter in the `0.conf` file, all server system management parameters are set on the server boot to the values indicated in this file.
`--offline_management yes\|no`	Enabling/disabling the direct managing of the Container through a common Internet browser by means of Parallels Power Panels and the Plesk control panel (as defined by the `OFFLINE_SERVICE` parameter in the global or Container configuration file).
`--offline_service` `service_name`	Defines whether the Container can be managed by means of Parallels Power Panel or Plesk or both. Valid only if the `OFFLINE_MANAGEMENT` parameter is set to "yes". The names of the available services can be taken from the file names (excluding the `.conf` extension) in the `/etc/vzredirect.d` directory on the server.
`--userpasswd` `user` `:` `password`	This setting creates a new user with the specified password in the Container, or changes the password of an already existing user. This command modifies not the Container configuration file, but the `/etc/passwd` and `/etc/shadow` files inside the Container. In case the Container root is not mounted, it is automatically mounted to apply the changes and then unmounted.
`--noatime yes\|no`	Sets the `noatime` flag (do not update inode access times) on the Container file system. The default is `yes` for a Class 1 Container, and `no` otherwise.
`--devnodes device:r\|w\|rw\|none`	Lets the Container access the specified devices in the specified mode - read-only, write-only, or read-write - or denies any access. For example: `--devnodes hda1:rw` The device must be present in the Container `/dev` directory, otherwise, a new device is automatically created.
`--netdev_add` `name`	Moves the specified network device from the server to the Container. For example: `--netdev_add eth0`
`--netdev_del` `name`	Moves the specified network device from the given Container to the server.
`--capability` `name` `:on\|off`	Specifies capabilities inside the Container. Setting the following capabilities is allowed: `AC_OVERRIDE` , `AC_READ_SEARCH` , `CHOWN` , `FOWNER` , `FSETID` , `IPC_LOCK` , `IPC_OWNER` , `KILL` , `LEASE` , `LINUX_IMMUTABLE` , `MKNOD` , `NET_ADMIN` , `NET_BIND_SERVICE` , `NET_BROADCAST` , `NET_RAW` , `SETGID` , `SETPCAP` , `SETUID` , `SYS_ADMIN` , `SYS_BOOT` , `SYS_CHROOT` , `SYS_MODULE` , `SYS_NICE` , `SYS_PACCT` , `SYS_PTRACE` , `SYS_RAWIO` , `SYS_RESOURCE` , `SYS_TIME` , `SYS_TTY_CONFIG` .
`--features` `name` `:on\|off`	Enables/disables the support for the following functionality inside the Container: `nfs` : mounting NFS shares `ipip` : creating IPIP tunnels `sit` : using the Simple Internet Transition (SIT) mechanisms `ppp` : using the PPP protocol `ipgre` : creating IP-GRE tunnels `bridge` : using bridges to connect virtual Ethernet devices `nfsd` : running an NFS-kernel-space server
`--root` `path`	This setting does NOT move the root mount point of your Container to a new path. It simply overrides the `VE_ROOT` parameter in the Container configuration file.
`--private` `path`	This setting does NOT move the private area of your Container to a new path. It simply overrides the `VE_PRIVATE` parameter in the Container configuration file. You should use this option only if you have manually moved the Container private area to a new place and want to update the Container configuration file.
`--setmode restart\|ignore`	This option tells the utility either to restart or not restart the Container after applying any parameters requiring that the Container be rebooted for them to take effect.
`--disabled yes\|no`	If set to `yes` , disables the Container making it impossible to start the Container once it was stopped. The disabled Container can be started by passing the `--force` option to `pctl set` .
`--name`	An arbitrary name assigned to the Container. This name can be used, along with the Container ID, to refer to the Container while performing certain Container-related operations on the server. Follow the following rules while specifying the Container name: The name should contain the `A-Z` , `a-z` , `0-9` , `\` , `-` , and `_` symbols only. If the name consists of two or more words, it should be quoted (e.g. "My Container 101").
`--description`	This option allows you to set the description for the Container. Note: You are allowed to use only symbols in the 'A -z' and '0-9' ranges in your descriptions.
`--bindmount_add [` `src` `:]` `dst` `[,nosuid,noexec,nodev]`	Mounts a source directory ( `src` ) located on the server to a destination directory ( `dst` ) inside the Container. If the source directory is not specified, mounts the directory to the `/vz/root/` `CT_ID` directory. Additional options that can be used with `--bindmount_add` are the following: `noexec` . Do not allow execution of any binaries on the mounted directory. `nodev` . Do not interpret character or block special devices on the mounted directory. `nosuid` . Do not allow set-user-identifier or set-group-identifier bits to take effect.
`--bindmount_del` `dst` `\|all`	Removes the mount point created by using the `--bindmount_add` option from the Container.

Resource management settings control the amount of resources a Container can consume. If the setting has bar:lim after it than this setting requires specifying both barrier and limit values separated by colons.

`--applyconfig` `name`	This option lets you set the resource parameters for the Container not one by one, but by reading them from the Container sample configuration file. All Container sample configuration files are located in the `/etc/vz/conf` directory and are named according to the following pattern: `ve-` `<name>` `.conf-sample` , so you should specify only the `<name>` part of the corresponding sample name after the `--applyconfig` option. Note that the names of sample configuration files cannot contain spaces. The `--applyconfig` option applies all the parameters from the specified sample file to the given Container, except for the `OSTEMPLATE` , `TEMPLATES` , `VE_ROOT` , `VE_PRIVATE` , `HOSTNAME` , `IP_ADDRESS` , `TEMPLATE` , `NETIF` parameters (if they exist in the configuration sample file).
`-p, --numproc` `bar` `:` `lim`	Number of processes and threads allowed. Upon hitting this limit, the Container will not be able to start new process or thread. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`--numtcpsock` `bar` `:` `lim`	Number of TCP sockets ( `PF_INET` family, `SOCK_STREAM` type). This parameter limits the number of TCP connections and, thus, the number of clients the server application can handle in parallel. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`--numothersock` `bar` `:` `lim`	Number of socket other than TCP. Local (UNIX-domain) sockets are used for communications inside the system. UDP sockets are used for Domain Name Service (DNS) queries, for example. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`-e, --numiptent` `bar` `:` `lim`	Number of IP packet filtering entries.
`--vmguarpages` `bar` `:` `lim`	Memory allocation guarantee, in pages (one page is 4 Kb). Applications are guaranteed to be able to allocate memory while the amount of memory accounted as `privvmpages` does not exceed the configured barrier of the `vmguarpages` parameter. Above the barrier, memory allocation may fail in case of overall memory shortage. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`-k, --kmemsize` `bar` `:` `lim`	Size of unswappable kernel memory (in bytes), allocated for internal kernel structures of the processes of a particular Container. Typical amounts of kernel memory are 1650 Kb per process.
`--tcpsndbuf` `bar` `:` `lim`	Total size (in bytes) of send buffers for TCP sockets – amount of kernel memory allocated for data sent from an application to a TCP socket, but not acknowledged by the remote side yet.
`-b, --tcprcvbuf` `bar` `:` `lim`	Total size (in bytes) of receive buffers for TCP sockets. Amount of kernel memory received from the remote side but not read by the local application yet.
`--othersockbuf` `bar` `:` `lim`	Total size in bytes of UNIX-domain socket buffers, UDP and other datagram protocol send buffers.
`--dgramrcvbuf` `bar` `:` `lim`	Total size in bytes of receive buffers of UDP and other datagram protocols.
`--oomguarpages` `bar` `:` `lim`	Out-of-memory guarantee, in 4 Kb pages. Any Container process will not be killed even in case of heavy memory shortage if the current memory consumption (including both physical memory and swap) does not reach the `oomguarpages` barrier. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`-l, --lockedpages` `bar` `:` `lim`	Memory not allowed to be swapped out (locked with the `mlock()` system call), in 4-Kb pages.
`--shmpages` `bar` `:` `lim`	Total size of shared memory (including IPC, shared anonymous mappings and `tmpfs` objects), allocated by processes of a particular Container, in 4 Kb pages.
`--physpages` `bar` `:` `lim`	The total size of RAM used by processes, in 4 Kb pages. This is accounting-only parameter currently. It shows the usage of RAM by the Container. For memory pages used by several different Containers (mappings of shared libraries, for example), only a fraction of a page is charged to each Container. The sum of the `physpages` usage for all Containers corresponds to the total number of pages used in the system by all accounted users.
`--swappages` `bar` `:` `lim`	The total amount of swap space to be available to the Container, in Kb pages. In the current version of Parallels Containers, this parameter is always set to unlimited (even if you configure this parameter).
`--privvmpages` `bar` `:` `lim`	Size in 4 Kb pages of private (or potentially private) memory, allocated by Container applications. Memory that is always shared among different applications is not included in this resource parameter.
`-n, --numfile` `bar` `:` `lim`	Number of files opened by all Container processes. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`-f, --numflock` `bar` `:` `lim`	Number of file locks created by all Container processes.
`-t, --numpty` `bar` `:` `lim`	Number of pseudo-terminals. For example, `ssh` session, `screen` , `xterm` application consumes pseudo-terminal resource. In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`-i, --numsiginfo` `bar` `:` `lim`	Number of `siginfo` structures (essentially this parameter limits size of signal delivery queue). In this version of Parallels Server Bare Metal, the limit shall be set to the same value as the barrier.
`-x, --dcachesize` `bar` `:` `lim`	Total size in bytes of `dentry` and `inode` structures locked in memory. Exists as a separate parameter to impose a limit causing file operations to sense memory shortage and return an error to applications, protecting from excessive consumption of memory due to intensive file system operations.
`--cpuunits` `units`	CPU weight. This is a positive integer number that defines how much CPU time the Container can get as compared to the other virtual machines and Containers running on the server. The larger the number, the more CPU time the Container can receive. Possible values range from 8 to 500000. If this parameter is not set, the default value of 1000 is used.
`--cpulimit` `percent\|megahertz`	CPU limit, in percent or megahertz (MHz), the Container is not allowed to exceed. By default, the limit is set in percent. To set the limit in MHz, specify "m" after the value. Note : If the server has 2 processors, the total CPU time equals 200%.
`--cpus` `num`	If the server has more than one CPU installed, this option allows you to set the number of virtual CPUs to be available to the Container.
`--cpumask` `num`	CPU affinity mask. This mask defines the CPUs on the server that can be used to handle the processes running in the Container. The CPU mask can be specified as both separate CPU index numbers (1,2,3) and CPU ranges (2-4,5-7).
`--diskspace` `bar` `:` `lim`	Total size of disk space consumed by the Container, in 1 Kb blocks. When the space used by a Container hits the barrier, the Container can allocate additional disk space up to the limit during grace period specified by the `--quotatime` setting.
`--diskinodes` `bar` `:` `lim`	Total number of disk inodes (files, directories, symbolic links) a Container can allocate. When the number of inodes used by a Container hits the barrier, the Container can create additional file entries up to the limit during grace period specified by the `--quotatime` setting.
`--quotatime` `seconds`	The grace period of the disk quota. It is defined in seconds. A Container is allowed to temporary exceed barrier values for disk space and disk inodes limits for not more than the period specified with this setting. Specifying `-1` as the value of this setting makes the grace period last 'infinitely'.
`--quotaugidlimit` `num`	This parameter defines the maximum aggregate number of user IDs and group IDs for which disk quota inside the given Container will be accounted. If set to `0` , the UID and GID quota will be disabled. When managing the quotaugidlimit parameter, keep in mind the following: Enabling per-user and per-group quotas for a Container requires restarting the Container. If you delete a registered user but some files with their ID continue residing inside your Container, the current number of ugids (user and group identities) inside the Container will not decrease. If you copy an archive containing files with user and group IDs not registered inside your Container, the number of ugids inside the Container will increase by the number of these new IDs.
`--ioprio` `num`	The Container priority for disk I/O operations. The allowed range of values is 0-7. The greater the priority, the more time the Container has for writing to and reading from the disk. The default Container priority is 4.
`--iolimit` `num`	The bandwidth a Container is allowed to use for its disk input and output (I/O) operations. By default, the limit is set in megabytes per second. However, you can use the following suffixes to use other measurement units: `G` : sets the limit in gigabytes per second. `K` : sets the limit in kilobytes per second. `B` : sets the limit in bytes per second. In the current version of Parallels Containers, the maximum I/O bandwidth limit you can set for a Container is 2 GB per second.
`--rate` `dev` `:` `class` `:Kbits`	If traffic shaping is turned on, then this parameter specifies bandwidth guarantee for the Container. The format is `dev:class:Kbits` where `dev` is the network device to count traffic on, `class` is the network class (group of IP addresses) and the last parameter is traffic bandwidth.
`--ratebound yes\|no`	If set to “yes”, the bandwidth guarantee is also the limit for the Container and the Container cannot borrow the bandwidth from the `TOTALRATE` bandwidth pool.
`--meminfo none\|pages:` `num` `\|` `privvmpages:` `num`	Customizes the output of the `/proc/meminfo` virtual file inside the Container and sets it to one of the following modes: Non-virtualized ( `--meminfo none` ). In this case running the `cat /proc/meminfo` command inside the Container will display the information about physical memory on the server (total, used, free, shared, etc.), in kilobytes. Virtualized in pages ( `--meminfo pages:` `num` ). Setting the `/proc/meminfo` output to this mode allows you to manually specify the amount of total memory to be displayed while running the `cat /proc/meminfo` command inside the Container. Virtualized in privvmpages ( `--meminfo privvmpages:` `num` ). Setting the `/proc/meminfo` output to this mode also allows you to arbitrarily specify the amount of total memory to be displayed while running the `cat /proc/meminfo` command inside the Container. As distinct from the previous mode, the amount of memory shown in this mode is calculated on the basis of the value of the `PRIVVMPAGES` parameter set in the Container configuration file.
`--reset_ub`	Resets the current values of all system parameters of the server to the ones set in the `0.conf` file.
`--physpages`	The amount of RAM that can be used by the processes of a Container, in 4-KB pages.
`--swappages`	The amount of swap space that can be used by the Container for swapping out memory once the RAM is exceeded, in 4-KB pages.
`--vm_overcommit`	Memory overcommit factor that defines the memory allocation limit for a Container. The limit is calculated as `(PHYSPAGES + SWAP) *` `factor`

Network related settings allow you to set the hostname, the domain to search when a not fully qualified domain name is used, the DNS server address and the IP addresses that Container can use as well as to indicate those iptables modules that can be loaded to the Container:

`--hostname` `name`	Sets the hostname to the specified name.
`--ipadd` `addr`	Adds an IP address to a list of IP addresses the Container can use and brings up the network interface with this address inside the Container. If used with the `--ifname` option, adds an IP address to the specified Container virtual network adapter.
`--ipadd` `addr` `/` `net_mask`	Assigns the IP address and network mask to the Container. Note: You can assign network masks to Containers operating in the `venet0` networking mode only if the `USE_VENET_MASK` parameter in the Parallels Containers configuration file is set to `yes` .
`--ipdel` `addr` `\|all`	Allows you to revoke IP address from the Container. If “all” is used instead of IP address than all IP addresses will be revoked. If used with the `--ifname` option, deletes an IP address from the specified Container virtual network adapter.
`--ext_ipadd` `addr`	Assigns the external IP address to the Container. External IP addresses are considered valid IP addresses by the `venet0` adapter, though they are not set as alias addresses inside Containers and are not announced via Address Resolution Protocol (ARP). You can assign the same external IP address to several Containers, irrespective of whether they reside on the same or different Hardware Nodes.
`--ext_ipdel` `addr` `\|all`	Removes the external IP address from the Container. To delete all external IP addresses assigned to the Container, specify `--ext_ipdel all` .
`--nameserver` `addr`	The DNS server IP address for the Container. If used with the `--ifname` option, sets the DNS server for the specified Container virtual network adapter.
`--searchdomain` `domain`	The DNS search domain for the Container. More than one domain may be specified.
`--iptables` `module`	Only those `iptables` modules will be loaded to the given Container which are indicated. The list of `iptables` modules are loaded to a Container is determined by the list of `iptables` modules loaded on the server at the moment of the Container startup.
`--netif_add` `name` `[,` `mac` `,` `host_mac` `]`	Creates a new `veth` virtual network adapter and assigns the name of `name` to the Ethernet interface inside the Container. Along with the Ethernet interface name inside the Container, you can set the following parameters when creating the `veth` adapter: `mac` : the MAC address to be assigned to the `veth` Ethernet interface inside the Container. `host_mac` : the MAC address to be assigned to the `veth` Ethernet interface on the server. Only the Ethernet interface name ( `name` ) is mandatory; all the other parameters, if not specified, are automatically generated by Parallels Server Bare Metal during the `veth` adapter creation.
`--netif_del` `name`	Removes the `veth` virtual network adapter with the specified name from the Container.
`--ifname` `name`	Specifies the name of the `veth` virtual network adapter whose settings are to be configured. This option can be used along with one of the following options: `--ipadd` , `--ipdel` , `--nameserver` , `--gw` , `--network` , `--dhcp` , `--mac` , `--host_mac` .
`--mac` `MAC_Address`	The MAC address to be assigned to the `veth` virtual Ethernet interface inside the Container. Should be used along with the `--ifname` option.
`--host_mac` `MAC_Address`	The MAC address to be assigned to the `veth` virtual Ethernet interface on the server. Should be used along with the `--ifname` option.
`--host_ifname` `name`	The name to be assigned to the `veth` virtual Ethernet interface on the server. Should be used along with the `--ifname` option.
`--network` `network_ID`	Connects the `veth` virtual network adapter to the bridge associated with the specified network ID. Should be used along with the `--ifname` option. You can also use this option to disconnect the `veth` virtual network adapter from the bridge. To this effect, you should specify `""` after the option.
`--dhcp yes\|no`	Defines the IP assignment type for the `veth` virtual network adapter: `yes` enables the dynamic IP address allocation for the Container. `no` turns off the dynamic IP address allocation for the Container. Should be used along with the `--ifname` option.
`--gw` `addr`	Set the default gateway for the `veth` virtual network adapter. Should be used along with the `--ifname` option.

Top of page

Feedback