X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=doc%2Fconfiguration.xml;fp=doc%2Fconfiguration.xml;h=04b5ecf97556bc69f2f539a9df0403d0041d848e;hb=8cf13bb177d92c93eb73dc8939777150536c2d00;hp=0000000000000000000000000000000000000000;hpb=6bf3f95de36c804c97716b2d0bdf10680c559044;p=util-vserver.git diff --git a/doc/configuration.xml b/doc/configuration.xml new file mode 100644 index 0000000..04b5ecf --- /dev/null +++ b/doc/configuration.xml @@ -0,0 +1,1160 @@ + + + + + + + + + + + Default mtab file + + + + + /vservers + A link to the default vserver rootdirectory. + + + + + +Disable namespace usage globally. It can be overridden for a single vserver +by setting the namespace flag +there. + +In this mode the /vservers directory must have +the 'barrier' attribute. Else, common chroot(2) exploits are possible. + + + + + +Path of the vserver run reverse directory. This directory contains +symlinks named with XID numbers which point back to the configuration +directory of vservers. Under kernel 2.4 this is required for the XID +to VSERVER mapping; Under kernel 2.6 it is unused. + +NOTE: this link exists in 0.30.202+ only; in previous versions it was +a vserver specific setting. + + + + + + + /vservers/.pkg + + + The default apt.conf which is going to be used. It is overridden by +distribution specific configuration file. + + + + + + + +The Debian mirror to use with the debootstrap program + + + + +When the debootstrap package is not installed; fetch it +from this uri and install it at a temporary place. + + + + + + + +The file where output will be logged to when vshelper +is invoked from the kernel. This should point somewhere e.g. into +/var/log. + + + + + + +See vshelper/action. + + + + + + +When existing, the vshelper functionality will be disabled for all +vservers. + + + + + +When existing, the vshelper execution will be traced. + + + + + +When existing, sanity checks for the vshelper functionality will be +skipped. + + + + + + + + +A list of files which will be made visibly by vprocunhide. Wildcards are +allowed and anything ending in '/' will be processed recursively. When this file exists, +it overrides the defaults in SYSDEFAULTDIR/vprocunhide-files. The entries there must be +absolute filenames inclusive the leading '/proc'. + + + + + + + +A symlink to the TTY device where input/output will be redirected from/to +at startup via initscript. + + + + + + + Static list of excluded files. + + + + +A directory which will be used as the storage place for the +vhashify command. + + + +Points to a directory within the filesystems which are used for the +vservers. There must be not more than one of such a directory per +filesystem. + + + + + SHA1 + The used hash method. + + + + + +When existing, information from packagemanagement will not be used to +create dynamic exclude-lists. + + + + + +When existing, information from packagemanagement will be used to +create dynamic exclude-lists. This option requires that (a known) +packagemanagement is configured for the vserver; else the requested +operation will fail. Most tools assume 'on' as the default value. + + + + + + + + + + + + + + +The default, yum-related content of the /etc +directory. + + + +The master yum configuration file. It supports the @YUMETCDIR@, +@YUMCACHEDIR@ and @YUMLOGDIR@ placeholder which will be replaced at +vserver ... build time. + + + + + A directory with yum repositories. + + + +The default apt.conf which is going to be used. It overrides the +apt.conf from CONFDIR/.defaults/apps/pkgmgmt. + + + + +Script which will be executed before packages will be installed. + + + + +The configuration directory of the vserver which is going to be set up. + + + + +The pathname of the vserver binary. + + + + + + +Script which will be executed after packages are installed. + + + + +The configuration directory of the vserver which is going to be set up. + + + + +The pathname of the vserver binary. + + + + + + + +Contains files with packagenames. + + + +File which contains the name of packages. On top of file the special +keywords '--reinstall' and '--can-fail' are possible. + + + + + + +Directory with GPG pubkeys which are used to sign the packages of this +distribution. + + + + + +Default content of the /etc/apt/ directory. + + + + + +Default content of the /etc/rpm directory. + + + + + +Directory which overrides /usr/lib/rpm. + + + + +Directory with all executables and libraries which are required for +this distribution. + + + + + + + + +The configuration directory for the vserver vserver-name. + + + + +Path of the vserver root directory + + + + + +Points to a file which will contain the XID of the running vserver. When +the vserver is stopped, this can be a dangling symlink. + + + + + +[experimental; name is subject of possible change] Contains the system capabilities. See +lib/bcaps-v13.c +for possible values. + + + + +[experimental; name is subject of possible change] Contains the +context capabilities. See lib/ccaps-v13.c +for possible values. + + + + + +Overrides the global nonamespace flag and enables +namespace usage for the current vserver. + + + + + +Disables namespace usage for the current vserver. + +In this mode the /vservers directory must have +the 'barrier' attribute. Else, common chroot(2) exploits are possible. + + + + + +[experimental; name is subject of possible change] Contains the +scheduler parameters, one per line. + +The Hard CPU limit uses a mechanism called a Token Bucket. the +concept is simple: you have a bucket of a certain size which is +filled with a specified amount R of tokens each interval T until the +maximum is reached (excess tokens are spilled). At each timer tick, +a running process consumes one token from the bucket, unless the +bucket is empty. If the bucket is empty the process is put in the +hold queue. When the bucket has been refilled to at least M tokens, +all on hold processes are rescheduled. + + + + +Amount of tokens append to the bucket each interval. + + + + +The intervall between refills of amount fill_rate. This +value is express in ticks. + + + + +Initial bucket contents. + + + + +The minimum amount of tokens required to unhold processes + + + + +The bucket size. + + + + +??? + + + + + + +Contains the name of the vserver. When not given, the basename of the directory +will be assumed as this name. + + + + +The nice-level on which the vserver will be started. + + + + +Contains per line a capability. This file is used for the 2.4 kernel +only; for 2.6 use bcapabilities. + + + + +Contains the pathname of the shell which will be used by the "vserver +... enter" command. + + + + +Used to set the personality of the vserver. First line in the file +is the personality-type followed by flags (one item per line). See +/usr/include/linux/personality.h for possible +values. + + + + +Contains per line a flag. See lib/cflags-v13.c +for possible values. + + + + +The new process will believe it is process number 1. Useful to run a +real /sbin/init in a vserver. Warning: this flag should not be used +unless you know what you are doing. Often, it is better to use the +'plain' initstyle. + + + + +The new process is trapped and can't use chcontext anymore. + + + + +The new process and its children will share a common + + + + +Limit the number of process in the vserver according to +ulimit setting. Normally, ulimit is a per user thing. +With this flag, it becomes a per vserver thing. + + + + +No one can join this security context once created. + + + + +Apply the current ulimit to the whole context + + + + + + +Contains the context which shall be used for the vserver. + + + + +The fstab file for the vserver. Entries in this file will be mounted +within the network context of the host. Use the +fstab.remote file when you want that the +mounting happens in the network context of the vserver. In most cases +the 'fstab' file should be used. + + + + +The fstab file for the vserver. Entries in this file will be mounted +within the network context of the host; this means that mount will be +called as chbind <options> mount .... See +fstab also. + + + + + + + +The initial-mtab which will be used for the vserver. + + + + + +Contains the init-style. + + + + + + + + + + + The start runlevel. + + + + The start runlevel. + + + + The stop runlevel. + + + + +Contains the 'signal [wait signal]*' sequence which is used to stop +the vserver. + + + + + +The command which is used to start the vserver. Each option must be on +a separate line. + + + + + +The command which is used to wait on the vserver after it has been +started. Each option must be on a separate line. This file will be +ignored when the sync flag does not exist and the +'--sync' option was not used. + + + + + +The command which is used to stop the vserver. Each option must be on +a separate line. + + + + + +The command which is used to wait on the vserver after it has been +stopped. Each option must be on a separate line. This file will be +ignored when the sync flag does not exist and the +'--sync' option was not used. + + + + + +The command which is used to setup the init-system (e.g. to set the +runlevel in the utmp-file). Each option must be on a separate line. + + + + + +If this file is not present, all 'cmd.*-sync files will be ignored. + + + + + +A symlink to the TTY device where input/output will be redirected +from/to at startup via initscript. + + + + + +This file is used to mark group of vservers which shall be started/stopped +together by the initscript. Content is a simple string like 'default'. + + + + + +This file is used to configure vservers which must be running before +the current vserver can be started. At shutdown, the current vserver +will be stopped before its dependencies. Content of this file are +vserver ids (one name per line). + + + + + + + 30 + +The timeout in seconds which is used when synchronising vserver +startup/shutdown with the vshelper. When no set, 30 seconds will be +assumed. + + + + + restart + +The action which is going to be executed when a vshelper event +occurs. The default value is 'restart', but there can be defined own +methods by placing scripts into the +vshelper-methods directories. These scripts are +fed with the same arguments as the vshelper script. + + + + + +When existing, these scripts will be executed *instead* of the default +handler defined in 'action'. Their name must match the event which caused +the execution of vshelper; e.g. 'restart' or 'poweroff'. See +the vs_reboot() function in the kernel for more details. + + + + +The xid of the context calling the vshelper + + + + +The reboot-event. + + + + + + + +When existing, the vshelper functionality will be disabled for this +vserver. + + + + + +When existing, the vshelper execution will be traced for this vserver. + + + + + +When existing, sanity checks for the vshelper functionality will be +skipped. + + + + + + + + +See vshelper/action. + + + + + + +This directory contains configuration data required for vserver +unification. + + + + +

Static list of files which are excluded for unification. This list +supports an rsync-like syntax: when a file is prefixed by '+', it is a +candidate for unification; when there is no prefix or a '-' or a '~' it +will be excluded. Shell-wildcards are allowed for the filenames.

+

When used with vcopy, the '~' prefix prevents copying +of the file entirely (e.g. for keyfiles). With this tool, the file will +be copied instead of hardlinked when the '-' prefix is used.

+ + + + + +These are symlinks to the configuration directory +(e.g. CONFDIR/vservers/<id>) of a refserver. There may be +multiple such symlinks but they must be prefixed by 'refserver.' and +will be processed in alphanumerical order. + + + + + +A directory which will be used as the storage place for the +vhashify command. + + + +Points to a directory within the filesystems which are used for the +vservers. There must be not more than one of such a directory per +filesystem. + + + + + SHA1 + The used hash method. + + + + + +When existing, information from packagemanagement will not be used to +create dynamic exclude-lists. + + + + + +When existing, information from packagemanagement will be used to +create dynamic exclude-lists. This option requires that (a known) +packagemanagement is configured for the vserver; else the requested +operation will fail. Most tools assume 'on' as the default value. + + + + + + + + +A directory for scripts. By default, when one of these scripts will be +executed, the execution of defaultscripts (within .../.defaults/scripts) +will be skipped. To execute them nevertheless, the $DONT_SKIP_DEFAULTS +environment variable must be set by one of the in-shellcontext scripts +(the non-executable ones). + + + + +The scriptlet which will be executed before the network-interfaces are +enabled and the directories are mounted. Before executing the script, +the configuration directory will be made the working directory. + + + + +The configuration directory of the current vserver. + + + + +The name of the current vserver. + + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + +Repository of prepre-start like scripts. Before executing the script, +the configuration directory will be made the working directory. + + + See prepre-start. + + + +The configuration directory of the current vserver. + + + + +The name of the current vserver. + + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + + + +The scriptlet which will be executed after network-interfaces were +enabled and the directories mounted, but before the vserver itself has +been started. Before executing the script, the vserver root directory +will be made the working directory. + + + + +The configuration directory of the current vserver. + + + + +The name of the current vserver. + + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + +Repository of pre-start like scripts. Before executing these scripts, +the vserver root directory will be made the working directory. + + + See pre-start. + + + +The configuration directory of the current vserver. + + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + + + + +The scriptlet which will be executed after the vserver has been +started. Before executing the script, the vserver root directory +will be made the working directory. + + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + +Repository of post-start like scripts. Before executing these scripts, +the vserver root directory will be made the working directory. + + + See post-start. + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + + + + +The scriptlet which will be executed before the vserver will be +stopped. Before executing the script, the vserver root directory +will be made the working directory. + + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + +Repository of pre-stop like scripts. Before executing the script, the +vserver root directory will be made the working directory. + + + See pre-stop. + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + + + +The scriptlet which will be executed after the vserver has been +stopped, but before the directories will be umounted and the the +interfaces disabled. Before executing the script, the vserver root +directory will be made the working directory. + + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + +Repository of post-stop like scripts. Before executing the script, the +vserver root directory will be made the working directory. + + + See post-stop. + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + + + +The scriptlet which will be executed after the vserver has been stopped +completely. Before executing the script, the vserver root directory +will be made the working directory. + + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + +Repository of postpost-stop like scripts. Before executing the script, +the vserver root directory will be made the working directory. + + + See postpost-stop. + + + The configuration directory of the current vserver. + + + The name of the current vserver. + + + +The fixed value of the current action (e.g. 'prepre-start', 'post-stop'...). + + + + + + + + + + The default broadcast address. + + + The default network device. + + + The default network prefix-length. + + + The default network mask. + + + The default scope of the network interfaces. + + + + +'iface' is an arbitrary name for the interface; the value itself is +not important but may be interesting regarding interface-creation and +usage with chbind. Both happens in alphabetical order and +numbers like '00' are good names for these directories. + + + + When this file exists, this interface will be ignored. + + + + The ip which will be assigned to this interface. + + + The broadcast address. + + + The network device. + + + The network prefix-length. + + + The network mask. + + + The scope of the network interface. + + + +When this file exists, the interface will be named with the text in +this file. Without such an entry, the IP will not be shown by +ifconfig but by ip addr ls only. Such +a labeled interface is known as an "alias" also (e.g. 'eth0:foo'). + + + + +When this file exists, the interface will be assumed to exist +already. This can be used to assign primary interfaces which are +created by the host or another vserver. + + + + + + + +A directory with ulimits. Possible resources are cpu, data, fsize, +locks, memlock, nofile, nproc, rss and/or stack. This configuration +will be honored for kernel 2.4 only. + + + +A file which contains the hard- and soft-limit of the given resource +in the first line. The special keyword 'inf' is recognized. + + + + +A file which contains the hard- of the given resource in the first +line. The special keyword 'inf' is recognized. + + + + +A file which contains the soft- of the given resource in the first +line. The special keyword 'inf' is recognized. + + + + + + +A directory with resource limits. Possible resources are cpu, fsize, +data, stack, core, rss, nproc, nofile, memlock, as and locks. This +configuration will be honored for kernel 2.6 only. + + + +A file which contains the hard- and soft-limit of the given resource +in the first line. The special keyword 'inf' is recognized. + + + + +A file which contains the hard- of the given resource in the first +line. The special keyword 'inf' is recognized. + + + + +A file which contains the soft- of the given resource in the first +line. The special keyword 'inf' is recognized. + + + + +A file which contains the guaranted minimum of the given resource in +the first line. The special keyword 'inf' is recognized. + + + + + + + +The context-name of the vserver. This file is listed for completeness +only; the 'context' name is used and set internally by the util-vserver +tools and can *not* be modified. + + + + The sysname of the vserver + + + The node-/hostname of the vserver + + + The OS-release of the vserver + + + The OS-version of the vserver + + + The machine-type of the vserver + + + The NIS domainname of the vserver + + + +