| Server IP : 103.161.17.216 / Your IP : 216.73.216.59 Web Server : nginx/1.18.0 System : Linux tipsysaigoncharming 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 7.4.3-4ubuntu2.29 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /snap/lxd/current/share/lxd-documentation/reference/instance_options/ |
Upload File : |
<!doctype html>
<html class="no-js" lang="en" data-content_root="../../">
<head><meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta property="og:title" content="Instance options" />
<meta property="og:type" content="website" />
<meta property="og:url" content="/reference/instance_options/" />
<meta property="og:site_name" content="LXD documentation" />
<meta property="og:description" content="Instance options are configuration options that are directly related to the instance. See Configure instance options for instructions on how to set the instance options. The key/value configuration..." />
<meta property="og:image" content="https://documentation.ubuntu.com/lxd/latest/_static/lxd_tag.png" />
<meta property="og:image:alt" content="LXD documentation" />
<meta name="description" content="Instance options are configuration options that are directly related to the instance. See Configure instance options for instructions on how to set the instance options. The key/value configuration..." />
<meta property="article:modified_time" content="2026-02-13T13:16:52+00:00" /><link rel="index" title="Index" href="../../genindex/"><link rel="search" title="Search" href="../../search/"><link rel="next" title="Devices" href="../devices/"><link rel="prev" title="Instance properties" href="../instance_properties/">
<link rel="canonical" href="/reference/instance_options/">
<link rel="shortcut icon" href="../../_static/favicon.ico"><!-- Generated with Sphinx 7.4.7 and Furo 2025.12.19 -->
<title>Instance options - LXD documentation</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=d111a655" />
<link rel="stylesheet" type="text/css" href="../../_static/styles/furo.css?v=7bdb33bb" />
<link rel="stylesheet" type="text/css" href="../../_static/copybutton.css?v=76b2166b" />
<link rel="stylesheet" type="text/css" href="../../_static/config-options.css" />
<link rel="stylesheet" type="text/css" href="../../_static/related-links.css" />
<link rel="stylesheet" type="text/css" href="../../_static/terminal.css" />
<link rel="stylesheet" type="text/css" href="../../_static/youtube.css" />
<link rel="stylesheet" type="text/css" href="../../_static/sphinx-design.min.css?v=95c83b7e" />
<link rel="stylesheet" type="text/css" href="../../_static/styles/furo-extensions.css?v=8dab3a3b" />
<link rel="stylesheet" type="text/css" href="../../_static/lxd_custom.css?v=bfbf4da2" />
<link rel="stylesheet" type="text/css" href="../../_static/cookie-banner.css?v=b74831ab" />
<link rel="stylesheet" type="text/css" href="../../_static/custom.css?v=e189117a" />
<link rel="stylesheet" type="text/css" href="../../_static/header.css?v=a8078839" />
<link rel="stylesheet" type="text/css" href="../../_static/github_issue_links.css?v=3d761185" />
<link rel="stylesheet" type="text/css" href="../../_static/furo_colors.css?v=825fec6f" />
</head>
<body>
<header id="header" class="p-navigation">
<!-- Google Tag Manager -->
<script>
(function(w, d, s, l, i) {
w[l] = w[l] || [];
w[l].push({
'gtm.start': new Date().getTime(),
event: 'gtm.js'
});
var f = d.getElementsByTagName(s)[0];
var j = d.createElement(s);
var dl = '';
if (l != 'dataLayer') {
dl = '&l=' + l;
}
j.async = true;
j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
f.parentNode.insertBefore(j, f);
})(window, document, 'script', 'dataLayer', 'GTM-KNX3CJC');
</script>
<div class="p-navigation__nav" role="menubar">
<ul class="p-navigation__links" role="menu">
<li>
<a class="p-logo" href="https://canonical.com/lxd" aria-current="page">
<img src="../../_static/lxd_tag.png" alt="Logo" class="p-logo-image">
<div class="p-logo-text p-heading--4">LXD
</div>
</a>
</li>
<li class="nav-ubuntu-com">
<a href="https://canonical.com/lxd" class="p-navigation__link">canonical.com/lxd</a>
</li>
<li class="nav-dropdown">
<a href="#" class="p-navigation__link nav-more-links"
id="more-resources-toggle"
aria-haspopup="true"
aria-expanded="false">
More resources
</a>
<ul class="more-links-dropdown" aria-labelledby="more-resources-toggle">
<li>
<a href="https://discourse.ubuntu.com/c/lxd/" class="p-navigation__sub-link p-dropdown__link">Discourse</a>
</li>
<li>
<a href="https://matrix.to/#/#documentation:ubuntu.com" class="p-navigation__sub-link p-dropdown__link">Matrix</a>
</li>
<li>
<a href="https://github.com/canonical/lxd" class="p-navigation__sub-link p-dropdown__link">GitHub</a>
</li>
</ul>
</li>
</ul>
</div>
</header>
<script>
document.body.dataset.theme = localStorage.getItem("theme") || "auto";
</script>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
<symbol id="svg-toc" viewBox="0 0 24 24">
<title>Contents</title>
<svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024">
<path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/>
</svg>
</symbol>
<symbol id="svg-menu" viewBox="0 0 24 24">
<title>Menu</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu">
<line x1="3" y1="12" x2="21" y2="12"></line>
<line x1="3" y1="6" x2="21" y2="6"></line>
<line x1="3" y1="18" x2="21" y2="18"></line>
</svg>
</symbol>
<symbol id="svg-arrow-right" viewBox="0 0 24 24">
<title>Expand</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right">
<polyline points="9 18 15 12 9 6"></polyline>
</svg>
</symbol>
<symbol id="svg-sun" viewBox="0 0 24 24">
<title>Light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="feather-sun">
<circle cx="12" cy="12" r="5"></circle>
<line x1="12" y1="1" x2="12" y2="3"></line>
<line x1="12" y1="21" x2="12" y2="23"></line>
<line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
<line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
<line x1="1" y1="12" x2="3" y2="12"></line>
<line x1="21" y1="12" x2="23" y2="12"></line>
<line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
<line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
</svg>
</symbol>
<symbol id="svg-moon" viewBox="0 0 24 24">
<title>Dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" />
</svg>
</symbol>
<symbol id="svg-sun-with-moon" viewBox="0 0 24 24">
<title>Auto light/dark, in light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
class="icon-custom-derived-from-feather-sun-and-tabler-moon">
<path style="opacity: 50%" d="M 5.411 14.504 C 5.471 14.504 5.532 14.504 5.591 14.504 C 3.639 16.319 4.383 19.569 6.931 20.352 C 7.693 20.586 8.512 20.551 9.25 20.252 C 8.023 23.207 4.056 23.725 2.11 21.184 C 0.166 18.642 1.702 14.949 4.874 14.536 C 5.051 14.512 5.231 14.5 5.411 14.5 L 5.411 14.504 Z"/>
<line x1="14.5" y1="3.25" x2="14.5" y2="1.25"/>
<line x1="14.5" y1="15.85" x2="14.5" y2="17.85"/>
<line x1="10.044" y1="5.094" x2="8.63" y2="3.68"/>
<line x1="19" y1="14.05" x2="20.414" y2="15.464"/>
<line x1="8.2" y1="9.55" x2="6.2" y2="9.55"/>
<line x1="20.8" y1="9.55" x2="22.8" y2="9.55"/>
<line x1="10.044" y1="14.006" x2="8.63" y2="15.42"/>
<line x1="19" y1="5.05" x2="20.414" y2="3.636"/>
<circle cx="14.5" cy="9.55" r="3.6"/>
</svg>
</symbol>
<symbol id="svg-moon-with-sun" viewBox="0 0 24 24">
<title>Auto light/dark, in dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
class="icon-custom-derived-from-feather-sun-and-tabler-moon">
<path d="M 8.282 7.007 C 8.385 7.007 8.494 7.007 8.595 7.007 C 5.18 10.184 6.481 15.869 10.942 17.24 C 12.275 17.648 13.706 17.589 15 17.066 C 12.851 22.236 5.91 23.143 2.505 18.696 C -0.897 14.249 1.791 7.786 7.342 7.063 C 7.652 7.021 7.965 7 8.282 7 L 8.282 7.007 Z"/>
<line style="opacity: 50%" x1="18" y1="3.705" x2="18" y2="2.5"/>
<line style="opacity: 50%" x1="18" y1="11.295" x2="18" y2="12.5"/>
<line style="opacity: 50%" x1="15.316" y1="4.816" x2="14.464" y2="3.964"/>
<line style="opacity: 50%" x1="20.711" y1="10.212" x2="21.563" y2="11.063"/>
<line style="opacity: 50%" x1="14.205" y1="7.5" x2="13.001" y2="7.5"/>
<line style="opacity: 50%" x1="21.795" y1="7.5" x2="23" y2="7.5"/>
<line style="opacity: 50%" x1="15.316" y1="10.184" x2="14.464" y2="11.036"/>
<line style="opacity: 50%" x1="20.711" y1="4.789" x2="21.563" y2="3.937"/>
<circle style="opacity: 50%" cx="18" cy="7.5" r="2.169"/>
</svg>
</symbol>
<symbol id="svg-pencil" viewBox="0 0 24 24">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-pencil-code">
<path d="M4 20h4l10.5 -10.5a2.828 2.828 0 1 0 -4 -4l-10.5 10.5v4" />
<path d="M13.5 6.5l4 4" />
<path d="M20 21l2 -2l-2 -2" />
<path d="M17 17l-2 2l2 2" />
</svg>
</symbol>
<symbol id="svg-eye" viewBox="0 0 24 24">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-eye-code">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M10 12a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
<path
d="M11.11 17.958c-3.209 -.307 -5.91 -2.293 -8.11 -5.958c2.4 -4 5.4 -6 9 -6c3.6 0 6.6 2 9 6c-.21 .352 -.427 .688 -.647 1.008" />
<path d="M20 21l2 -2l-2 -2" />
<path d="M17 17l-2 2l2 2" />
</svg>
</symbol>
</svg>
<input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation" aria-label="Toggle site navigation sidebar">
<input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc" aria-label="Toggle table of contents sidebar">
<label class="overlay sidebar-overlay" for="__navigation"></label>
<label class="overlay toc-overlay" for="__toc"></label>
<a class="skip-to-content muted-link" href="#furo-main-content">Skip to content</a>
<div class="page">
<header class="mobile-header">
<div class="header-left">
<label class="nav-overlay-icon" for="__navigation">
<span class="icon"><svg><use href="#svg-menu"></use></svg></span>
</label>
</div>
<div class="header-center">
<a href="../../"><div class="brand">LXD documentation</div></a>
</div>
<div class="header-right">
<div class="theme-toggle-container theme-toggle-header">
<button class="theme-toggle" aria-label="Toggle Light / Dark / Auto color theme">
<svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
<svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-header-icon" for="__toc">
<span class="icon"><svg><use href="#svg-toc"></use></svg></span>
</label>
</div>
</header>
<aside class="sidebar-drawer">
<div class="sidebar-container">
<div class="sidebar-sticky"><a class="sidebar-brand" href="../../">
<span class="sidebar-brand-text">LXD documentation</span>
</a><form class="sidebar-search-container" method="get" action="../../search/" role="search">
<input class="sidebar-search" placeholder="Search" name="q" aria-label="Search">
<input type="submit" value="Go">
<input type="hidden" name="check_keywords" value="yes">
<input type="hidden" name="area" value="default">
</form>
<div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../">LXD</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tutorial/first_steps/">Tutorial</a></li>
<li class="toctree-l1 has-children"><a class="reference internal" href="../../howto/">How-to guides</a><input aria-label="Toggle navigation of How-to guides" class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../getting_started/">Getting started</a><input aria-label="Toggle navigation of Getting started" class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" role="switch" type="checkbox"/><label for="toctree-checkbox-2"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../installing/">Install LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/initialize/">Initialize LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/access_ui/">Access the UI</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/access_documentation/">Access documentation locally</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../operation/">LXD server and client</a><input aria-label="Toggle navigation of LXD server and client" class="toctree-checkbox" id="toctree-checkbox-3" name="toctree-checkbox-3" role="switch" type="checkbox"/><label for="toctree-checkbox-3"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/server_expose/">Expose LXD to the network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/server_configure/">Configure the LXD server</a></li>
<li class="toctree-l3 has-children"><a class="reference internal" href="../../howto/oidc/">Configure single sign-on with OIDC</a><input aria-label="Toggle navigation of Configure single sign-on with OIDC" class="toctree-checkbox" id="toctree-checkbox-4" name="toctree-checkbox-4" role="switch" type="checkbox"/><label for="toctree-checkbox-4"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_auth0/">How to configure Auth0</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_ory/">How to configure Ory Hydra</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_keycloak/">How to configure Keycloak</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_entra_id/">How to configure Entra ID</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../remotes/">Add remote servers</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/lxc_alias/">Add command aliases</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../instances/">Instances</a><input aria-label="Toggle navigation of Instances" class="toctree-checkbox" id="toctree-checkbox-5" name="toctree-checkbox-5" role="switch" type="checkbox"/><label for="toctree-checkbox-5"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_create/">Create instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_configure/">Configure instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_manage/">Manage instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../profiles/">Use profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_troubleshoot/">Troubleshoot errors</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_ubuntu_pro_attach/">Auto attach Ubuntu Pro</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_access_files/">Access files</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_console/">Access the console</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../instance-exec/">Run commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-init/">Use cloud-init</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_routed_nic_vm/">Add a routed NIC to a VM</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_backup/">Back up instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_migrate/">Migrate instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/import_machines_to_instances/">Import existing machines</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/container_gpu_passthrough_with_docker/">Pass NVIDIA GPUs</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../images/">Images</a><input aria-label="Toggle navigation of Images" class="toctree-checkbox" id="toctree-checkbox-6" name="toctree-checkbox-6" role="switch" type="checkbox"/><label for="toctree-checkbox-6"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_remote/">Use remote images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_manage/">Manage images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_profiles/">Associate profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_copy/">Copy and import images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_create/">Create images</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../projects/">Projects</a><input aria-label="Toggle navigation of Projects" class="toctree-checkbox" id="toctree-checkbox-7" name="toctree-checkbox-7" role="switch" type="checkbox"/><label for="toctree-checkbox-7"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/projects_create/">Create and configure</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/projects_work/">Work with projects</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/projects_confine/">Confine users to projects</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../storage/">Storage</a><input aria-label="Toggle navigation of Storage" class="toctree-checkbox" id="toctree-checkbox-8" name="toctree-checkbox-8" role="switch" type="checkbox"/><label for="toctree-checkbox-8"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_pools/">Manage pools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_volumes/">Manage volumes</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_buckets/">Manage buckets</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_create_instance/">Create an instance in a pool</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_backup_volume/">Back up a volume</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_move_volume/">Move or copy a volume</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_csi/">Use the LXD CSI driver with Kubernetes</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../networks/">Networking</a><input aria-label="Toggle navigation of Networking" class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" role="switch" type="checkbox"/><label for="toctree-checkbox-9"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_create/">Create a network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_configure/">Configure a network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bgp/">Configure as BGP server</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_acls/">Configure network ACLs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_forwards/">Configure forwards</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_zones/">Configure network zones</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_firewalld/">Configure your firewall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_resolved/">Integrate with resolved</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_ovn_setup/">Set up OVN</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_load_balancers/">Configure load balancers</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_ovn_peers/">Configure peer routing</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_ipam/">Display IPAM information</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../clustering/">Clustering</a><input aria-label="Toggle navigation of Clustering" class="toctree-checkbox" id="toctree-checkbox-10" name="toctree-checkbox-10" role="switch" type="checkbox"/><label for="toctree-checkbox-10"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_form/">Form a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_manage/">Manage a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_config_networks/">Configure networks</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_config_storage/">Configure storage</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_manage_instance/">Manage instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_groups/">Set up cluster groups</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_placement_groups/">Use placement groups</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_recover/">Recover a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_vip/">Set up a highly available virtual IP</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../production-setup/">Production setup</a><input aria-label="Toggle navigation of Production setup" class="toctree-checkbox" id="toctree-checkbox-11" name="toctree-checkbox-11" role="switch" type="checkbox"/><label for="toctree-checkbox-11"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/benchmark_performance/">Benchmark performance</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_increase_bandwidth/">Increase bandwidth</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../metrics/">Monitor metrics</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/logs_loki/">Send logs to Loki</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/grafana/">Set up Grafana</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../backup/">Back up a server</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/disaster_recovery/">Recover instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/disaster_recovery_replication/">Disaster recovery with storage replication</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/snap/">Manage the snap</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/security_harden/">Harden security</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../howto/troubleshoot/">Troubleshooting</a><input aria-label="Toggle navigation of Troubleshooting" class="toctree-checkbox" id="toctree-checkbox-12" name="toctree-checkbox-12" role="switch" type="checkbox"/><label for="toctree-checkbox-12"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_firewalld/">Configure your firewall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_troubleshoot/">Troubleshoot instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/dqlite_troubleshoot/">Troubleshoot Dqlite</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../debugging/">Debug LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../faq/">Frequently asked</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../support/">Get support</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../contributing/">Contribute to LXD</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/auth_bearer/">How to authenticate to the LXD API using bearer tokens</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/devlxd_authenticate/">How to authenticate to the DevLXD API</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="../../explanation/">Explanation</a><input aria-label="Toggle navigation of Explanation" class="toctree-checkbox" id="toctree-checkbox-13" name="toctree-checkbox-13" role="switch" type="checkbox"/><label for="toctree-checkbox-13"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/lxd_lxc/"><code class="docutils literal notranslate"><span class="pre">lxd</span></code> and <code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/instances/">Containers and VMs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../image-handling/">Local and remote images</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/storage/">Storage pools, volumes, and buckets</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/networks/">Networking setups</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../database/">The LXD Dqlite database</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/lxc_show_info/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code> <code class="docutils literal notranslate"><span class="pre">show</span></code> and <code class="docutils literal notranslate"><span class="pre">info</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../authentication/">Remote API authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/authorization/">Remote API authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/projects/">Instances grouping with projects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/clusters/">Clusters</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/performance_tuning/">Performance tuning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/security/">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/bpf/">Privilege delegation using BPF Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/csi/">The LXD CSI driver</a></li>
</ul>
</li>
<li class="toctree-l1 current has-children"><a class="reference internal" href="../">Reference</a><input aria-label="Toggle navigation of Reference" checked="" class="toctree-checkbox" id="toctree-checkbox-14" name="toctree-checkbox-14" role="switch" type="checkbox"/><label for="toctree-checkbox-14"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../requirements/">Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../architectures/">Architectures</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../release-notes/">Release notes</a><input aria-label="Toggle navigation of Release notes" class="toctree-checkbox" id="toctree-checkbox-15" name="toctree-checkbox-15" role="switch" type="checkbox"/><label for="toctree-checkbox-15"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../release-notes/release-notes-6.7/">LXD 6.7</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release-notes/release-notes-6.6/">LXD 6.6</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../releases-snap/">Releases and snap</a></li>
<li class="toctree-l2"><a class="reference internal" href="../remote_image_servers/">Remote image servers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../image_format/">Image format</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../guest-os-compatibility/">Guest OS compatibility</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../container-environment/">Container environment</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../config-options/">Configuration option index</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../server/">Server configuration</a></li>
<li class="toctree-l2 current has-children"><a class="reference internal" href="../../explanation/instance_config/">Instance configuration</a><input aria-label="Toggle navigation of Instance configuration" checked="" class="toctree-checkbox" id="toctree-checkbox-16" name="toctree-checkbox-16" role="switch" type="checkbox"/><label for="toctree-checkbox-16"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../instance_properties/">Instance properties</a></li>
<li class="toctree-l3 current current-page"><a class="current reference internal" href="#">Instance options</a></li>
<li class="toctree-l3 has-children"><a class="reference internal" href="../devices/">Devices</a><input aria-label="Toggle navigation of Devices" class="toctree-checkbox" id="toctree-checkbox-17" name="toctree-checkbox-17" role="switch" type="checkbox"/><label for="toctree-checkbox-17"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l4"><a class="reference internal" href="../standard_devices/">Standard devices</a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_none/">Type: <code class="docutils literal notranslate"><span class="pre">none</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_nic/">Type: <code class="docutils literal notranslate"><span class="pre">nic</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_disk/">Type: <code class="docutils literal notranslate"><span class="pre">disk</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_unix_char/">Type: <code class="docutils literal notranslate"><span class="pre">unix-char</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_unix_block/">Type: <code class="docutils literal notranslate"><span class="pre">unix-block</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_usb/">Type: <code class="docutils literal notranslate"><span class="pre">usb</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_gpu/">Type: <code class="docutils literal notranslate"><span class="pre">gpu</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_infiniband/">Type: <code class="docutils literal notranslate"><span class="pre">infiniband</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_proxy/">Type: <code class="docutils literal notranslate"><span class="pre">proxy</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_unix_hotplug/">Type: <code class="docutils literal notranslate"><span class="pre">unix-hotplug</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_tpm/">Type: <code class="docutils literal notranslate"><span class="pre">tpm</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_pci/">Type: <code class="docutils literal notranslate"><span class="pre">pci</span></code></a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../instance_units/">Units for storage and network limits</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../preseed_yaml_fields/">Preseed YAML file fields</a></li>
<li class="toctree-l2"><a class="reference internal" href="../projects/">Project configuration</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../storage_drivers/">Storage drivers</a><input aria-label="Toggle navigation of Storage drivers" class="toctree-checkbox" id="toctree-checkbox-18" name="toctree-checkbox-18" role="switch" type="checkbox"/><label for="toctree-checkbox-18"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../storage_dir/">Directory - <code class="docutils literal notranslate"><span class="pre">dir</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_btrfs/">Btrfs - <code class="docutils literal notranslate"><span class="pre">btrfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_lvm/">LVM - <code class="docutils literal notranslate"><span class="pre">lvm</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_zfs/">ZFS - <code class="docutils literal notranslate"><span class="pre">zfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_ceph/">Ceph RBD - <code class="docutils literal notranslate"><span class="pre">ceph</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_powerflex/">Dell PowerFlex - <code class="docutils literal notranslate"><span class="pre">powerflex</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_pure/">Pure Storage - <code class="docutils literal notranslate"><span class="pre">pure</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_alletra/">HPE Alletra - <code class="docutils literal notranslate"><span class="pre">alletra</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_cephfs/">CephFS - <code class="docutils literal notranslate"><span class="pre">cephfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_cephobject/">Ceph Object - <code class="docutils literal notranslate"><span class="pre">cephobject</span></code></a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../networks/">Networks</a><input aria-label="Toggle navigation of Networks" class="toctree-checkbox" id="toctree-checkbox-19" name="toctree-checkbox-19" role="switch" type="checkbox"/><label for="toctree-checkbox-19"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../network_bridge/">Bridge network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_ovn/">OVN network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_macvlan/">Macvlan network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_physical/">Physical network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_sriov/">SR-IOV network</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../cluster_member_config/">Cluster configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../placement_groups/">Placement group configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../server_settings/">Production server settings</a></li>
<li class="toctree-l2"><a class="reference internal" href="../provided_metrics/">Provided metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="../permissions/">Permissions</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../restapi_landing/">REST API</a><input aria-label="Toggle navigation of REST API" class="toctree-checkbox" id="toctree-checkbox-20" name="toctree-checkbox-20" role="switch" type="checkbox"/><label for="toctree-checkbox-20"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../rest-api/">Main API documentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../api/">Main API specification</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../api-extensions/">Main API extensions</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../events/">Events API documentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../dev-lxd/">Instance API</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../driver_csi/">LXD CSI driver reference</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../manpages/">Man pages</a><input aria-label="Toggle navigation of Man pages" class="toctree-checkbox" id="toctree-checkbox-21" name="toctree-checkbox-21" role="switch" type="checkbox"/><label for="toctree-checkbox-21"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../manpages/lxc/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../internals/">Internals</a><input aria-label="Toggle navigation of Internals" class="toctree-checkbox" id="toctree-checkbox-22" name="toctree-checkbox-22" role="switch" type="checkbox"/><label for="toctree-checkbox-22"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../environment/">Environment variables</a></li>
<li class="toctree-l3"><a class="reference internal" href="../uefi_variables/">UEFI variables for VMs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../daemon-behavior/">Daemon behavior</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../syscall-interception/">System call interception</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../userns-idmap/">User namespace setup</a></li>
<li class="toctree-l3"><a class="reference internal" href="../ovn-internals/">OVN implementation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../vm_live_migration_internals/">VM live migration implementation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../dqlite-internals/">Dqlite</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference external" href="https://github.com/canonical/lxd">Project repository</a></li>
<li class="toctree-l2"><a class="reference external" href="https://images.lxd.canonical.com">Image server</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
</aside>
<div class="main">
<div class="content">
<div class="article-container">
<a href="#" class="back-to-top muted-link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path>
</svg>
<span>Back to top</span>
</a>
<div class="content-icon-container">
<div class="edit-this-page">
<a class="muted-link" href="https://github.com/canonical/lxd/edit/main/doc/reference/instance_options.md" title="Contribute to this page">
<svg><use href="#svg-pencil"></use></svg>
<span class="visually-hidden">Contribute to this page</span>
</a>
</div><div class="theme-toggle-container theme-toggle-content">
<button class="theme-toggle" aria-label="Toggle Light / Dark / Auto color theme">
<svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
<svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-content-icon" for="__toc">
<span class="icon"><svg><use href="#svg-toc"></use></svg></span>
</label>
</div>
<article role="main" id="furo-main-content">
<section id="instance-options">
<span id="id1"></span><h1>Instance options<a class="headerlink" href="#instance-options" title="Link to this heading">¶</a></h1>
<p>Instance options are configuration options that are directly related to the instance.</p>
<p>See <a class="reference internal" href="../../howto/instances_configure/#instances-configure-options"><span class="std std-ref">Configure instance options</span></a> for instructions on how to set the instance options.</p>
<p>The key/value configuration is namespaced.
The following options are available:</p>
<ul class="simple">
<li><p><a class="reference internal" href="#instance-options-misc"><span class="std std-ref">Miscellaneous options</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-boot"><span class="std std-ref">Boot-related options</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-cloud-init"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">cloud-init</span></code> configuration</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-limits"><span class="std std-ref">Resource limits</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-migration"><span class="std std-ref">Migration options</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-placement"><span class="std std-ref">Placement options</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-nvidia"><span class="std std-ref">NVIDIA and CUDA configuration</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-raw"><span class="std std-ref">Raw instance configuration overrides</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-security"><span class="std std-ref">Security policies</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-snapshots"><span class="std std-ref">Snapshot scheduling and configuration</span></a></p></li>
<li><p><a class="reference internal" href="#instance-options-volatile"><span class="std std-ref">Volatile internal data</span></a></p></li>
</ul>
<p>Note that while a type is defined for each option, all values are stored as strings and should be exported over the REST API as strings (which makes it possible to support any extra values without breaking backward compatibility).</p>
<section id="miscellaneous-options">
<span id="instance-options-misc"></span><h2>Miscellaneous options<a class="headerlink" href="#miscellaneous-options" title="Link to this heading">¶</a></h2>
<p>In addition to the configuration options listed in the following sections, these instance options are supported:</p>
<div class="configoption docutils container" id="instance-miscellaneous:agent.nic_config">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">agent.nic_config</span></code></span><span class="shortdesc"><p>Whether to use the name and MTU of the default network interfaces</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:agent.nic_config"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">agent.nic_config</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>When set to true, the name and MTU of the default network interfaces inside the virtual machine will match those of the instance devices.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:cluster.evacuate">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">cluster.evacuate</span></code></span><span class="shortdesc"><p>What to do when evacuating the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:cluster.evacuate"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">cluster.evacuate</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">auto</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The <code class="docutils literal notranslate"><span class="pre">cluster.evacuate</span></code> provides control over how instances are handled when a cluster member is being evacuated.</p>
<p>Available Modes:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">auto</span></code> <em>(default)</em>: The system will automatically decide the best evacuation method based on the instance’s type and configured devices:</p>
<ul>
<li><p>If any device is not suitable for migration, the instance will not be migrated (only stopped).</p></li>
<li><p>Live migration will be used only for virtual machines with the <code class="docutils literal notranslate"><span class="pre">migration.stateful</span></code> setting enabled and for which all its devices can be migrated as well.</p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">live-migrate</span></code>: Eligible instances are live-migrated to another node. This means the instance remains running and operational during the migration process, ensuring minimal disruption.
Note: Live migration is supported for virtual machines only.
If no target member is available, an instance is skipped.
If a live migration attempt fails, the evacuation operation fails.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">migrate</span></code>: In this mode, instances are migrated to another node in the cluster. The migration process will not be live, meaning there will be a brief downtime for the instance during the migration.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">stop</span></code>: Instances are not migrated. Instead, they are stopped on the current node.</p></li>
</ul>
<p>See <a class="reference internal" href="../../howto/cluster_manage/#cluster-evacuate"><span class="std std-ref">Evacuate a cluster member</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:environment.*">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">environment.*</span></code></span><span class="shortdesc"><p>Free-form environment key/value</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:environment.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">environment.*</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Extra environment variables to set on boot (for containers) and during exec.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:linux.kernel_modules">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">linux.kernel_modules</span></code></span><span class="shortdesc"><p>Kernel modules to load or allow loading</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:linux.kernel_modules"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">linux.kernel_modules</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify the kernel modules as a comma-separated list.</p>
<p>The modules are loaded before the instance starts, or they can be loaded by a privileged user if <a class="configref reference internal" href="#instance-miscellaneous:linux.kernel_modules.load"><code class="docutils literal notranslate"><span class="pre">linux.kernel_modules.load</span></code></a> is set to <code class="docutils literal notranslate"><span class="pre">ondemand</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:linux.kernel_modules.load">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">linux.kernel_modules.load</span></code></span><span class="shortdesc"><p>How to load kernel modules</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:linux.kernel_modules.load"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">linux.kernel_modules.load</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">boot</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>This option specifies how to load the kernel modules that are specified in <a class="configref reference internal" href="#instance-miscellaneous:linux.kernel_modules"><code class="docutils literal notranslate"><span class="pre">linux.kernel_modules</span></code></a>.
Possible values are <code class="docutils literal notranslate"><span class="pre">boot</span></code> (load the modules when booting the container) and <code class="docutils literal notranslate"><span class="pre">ondemand</span></code> (intercept the <code class="docutils literal notranslate"><span class="pre">finit_modules()</span></code> syscall and allow a privileged user in the container’s user namespace to load the modules).</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:linux.sysctl.*">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">linux.sysctl.*</span></code></span><span class="shortdesc"><p>Override for the corresponding <code class="docutils literal notranslate"><span class="pre">sysctl</span></code> setting in the container</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:linux.sysctl.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">linux.sysctl.*</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:ubuntu_pro.guest_attach">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">ubuntu_pro.guest_attach</span></code></span><span class="shortdesc"><p>Whether to auto-attach Ubuntu Pro.</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:ubuntu_pro.guest_attach"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">ubuntu_pro.guest_attach</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Indicate whether the guest should auto-attach Ubuntu Pro at start up.</p>
<p>See <a class="reference internal" href="../../howto/instances_ubuntu_pro_attach/#instances-ubuntu-pro-attach"><span class="std std-ref">How to configure Ubuntu Pro guest attachment</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:user.*">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">user.*</span></code></span><span class="shortdesc"><p>Free-form user key/value storage</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:user.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">user.*</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>User keys can be used in search.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-miscellaneous:environment.*">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">environment.*</span></code></span><span class="shortdesc"><p>Environment variables for the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-miscellaneous:environment.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">environment.*</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes (exec)</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>You can export key/value environment variables to the instance.
These are then set for <a class="reference internal" href="../manpages/lxc/exec/#lxc-exec-md"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">lxc</span> <span class="pre">exec</span></code></span></a>.</p>
</div>
</div>
</section>
<section id="boot-related-options">
<span id="instance-options-boot"></span><h2>Boot-related options<a class="headerlink" href="#boot-related-options" title="Link to this heading">¶</a></h2>
<p>The following instance options control the boot-related behavior of the instance:</p>
<div class="configoption docutils container" id="instance-boot:boot.autostart">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.autostart</span></code></span><span class="shortdesc"><p>Whether to always start the instance when LXD starts</p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.autostart"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.autostart</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>If set to <code class="docutils literal notranslate"><span class="pre">true</span></code>, the instance will always be auto-started, unless <code class="docutils literal notranslate"><span class="pre">security.protection.start</span></code> is also enabled.
If set to <code class="docutils literal notranslate"><span class="pre">false</span></code>, the instance will not be started on LXD start up.
If this option is not set, the instance will be restored to its last known state.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-boot:boot.autostart.delay">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.autostart.delay</span></code></span><span class="shortdesc"><p>Delay after starting the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.autostart.delay"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.autostart.delay</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">0</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The number of seconds to wait after the instance started before starting the next one.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-boot:boot.autostart.priority">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.autostart.priority</span></code></span><span class="shortdesc"><p>What order to start the instances in</p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.autostart.priority"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.autostart.priority</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">0</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The instance with the highest value is started first.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-boot:boot.debug_edk2">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.debug_edk2</span></code></span><span class="shortdesc"><p>Enable debug version of the <code class="docutils literal notranslate"><span class="pre">edk2</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.debug_edk2"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.debug_edk2</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The instance should use a debug version of the <code class="docutils literal notranslate"><span class="pre">edk2</span></code>.
A log file can be found in <code class="docutils literal notranslate"><span class="pre">$LXD_DIR/logs/<instance_name>/edk2.log</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-boot:boot.host_shutdown_timeout">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.host_shutdown_timeout</span></code></span><span class="shortdesc"><p>How long to wait for the instance to shut down</p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.host_shutdown_timeout"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.host_shutdown_timeout</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">30</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Number of seconds to wait for the instance to shut down before it is force-stopped.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-boot:boot.mode">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.mode</span></code></span><span class="shortdesc"><p>Boot firmware mode for the VM (uefi-secureboot, uefi-nosecureboot or bios)</p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.mode"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.mode</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">uefi-secureboot</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The <code class="docutils literal notranslate"><span class="pre">uefi-secureboot</span></code> mode uses UEFI firmware with secure boot enabled.
The <code class="docutils literal notranslate"><span class="pre">uefi-nosecureboot</span></code> mode uses UEFI firmware with secure boot disabled.
The <code class="docutils literal notranslate"><span class="pre">bios</span></code> mode is supported only on <code class="docutils literal notranslate"><span class="pre">x86_64</span></code> (<code class="docutils literal notranslate"><span class="pre">amd64</span></code>).</p>
</div>
</div>
<div class="configoption docutils container" id="instance-boot:boot.stop.priority">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">boot.stop.priority</span></code></span><span class="shortdesc"><p>What order to shut down the instances in</p>
</span><span class="anchor"><a class="reference external" href="#instance-boot:boot.stop.priority"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">boot.stop.priority</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">0</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The instance with the highest value is shut down first.</p>
</div>
</div>
</section>
<section id="cloud-init-configuration">
<span id="instance-options-cloud-init"></span><h2><code class="docutils literal notranslate"><span class="pre">cloud-init</span></code> configuration<a class="headerlink" href="#cloud-init-configuration" title="Link to this heading">¶</a></h2>
<p>The following instance options control the <a class="reference internal" href="../../cloud-init/#cloud-init"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">cloud-init</span></code></span></a> configuration of the instance:</p>
<div class="configoption docutils container" id="instance-cloud-init:cloud-init.network-config">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">cloud-init.network-config</span></code></span><span class="shortdesc"><p>Network configuration for <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:cloud-init.network-config"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">cloud-init.network-config</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">DHCP</span> <span class="pre">on</span> <span class="pre">eth0</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The content is used as seed value for <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-cloud-init:cloud-init.ssh-keys.KEYNAME">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">cloud-init.ssh-keys.KEYNAME</span></code></span><span class="shortdesc"><p>Additional SSH key to be injected on the instance by <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:cloud-init.ssh-keys.KEYNAME"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">cloud-init.ssh-keys.KEYNAME</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Represents an additional SSH public key to be merged into existing <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code> seed data
and injected into an instance. Has the format <code class="docutils literal notranslate"><span class="pre">{user}:{key}</span></code>, where {user} is a Linux username and
{key} can be either a pure SSH public key or an import ID for a key hosted elsewhere.
// For example: <code class="docutils literal notranslate"><span class="pre">root:gh:githubUser</span></code>, <code class="docutils literal notranslate"><span class="pre">myUser:ssh-keyAlg</span> <span class="pre">publicKeyHash</span></code></p>
</div>
</div>
<div class="configoption docutils container" id="instance-cloud-init:cloud-init.user-data">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">cloud-init.user-data</span></code></span><span class="shortdesc"><p>User data for <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:cloud-init.user-data"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">cloud-init.user-data</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">#cloud-config</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The content is used as seed value for <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-cloud-init:cloud-init.vendor-data">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">cloud-init.vendor-data</span></code></span><span class="shortdesc"><p>Vendor data for <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:cloud-init.vendor-data"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">cloud-init.vendor-data</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">#cloud-config</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The content is used as seed value for <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-cloud-init:user.network-config">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">user.network-config</span></code></span><span class="shortdesc"><p>Legacy version of <code class="docutils literal notranslate"><span class="pre">cloud-init.network-config</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:user.network-config"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">user.network-config</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">DHCP</span> <span class="pre">on</span> <span class="pre">eth0</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-cloud-init:user.user-data">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">user.user-data</span></code></span><span class="shortdesc"><p>Legacy version of <code class="docutils literal notranslate"><span class="pre">cloud-init.user-data</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:user.user-data"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">user.user-data</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">#cloud-config</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-cloud-init:user.vendor-data">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">user.vendor-data</span></code></span><span class="shortdesc"><p>Legacy version of <code class="docutils literal notranslate"><span class="pre">cloud-init.vendor-data</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-cloud-init:user.vendor-data"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">user.vendor-data</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">#cloud-config</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>If supported by image</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<p>Support for these options depends on the image that is used and is not guaranteed.</p>
<p>If you specify both <code class="docutils literal notranslate"><span class="pre">cloud-init.user-data</span></code> and <code class="docutils literal notranslate"><span class="pre">cloud-init.vendor-data</span></code>, the content of both options is merged.
Therefore, make sure that the <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code> configuration you specify in those options does not contain the same keys.</p>
</section>
<section id="resource-limits">
<span id="instance-options-limits"></span><h2>Resource limits<a class="headerlink" href="#resource-limits" title="Link to this heading">¶</a></h2>
<p>The following instance options specify resource limits for the instance:</p>
<div class="configoption docutils container" id="instance-resource-limits:limits.cpu">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></span><span class="shortdesc"><p>Which CPUs to expose to the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.cpu"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p>1 (VMs)</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>A number or a specific range of CPUs to expose to the instance.</p>
<p>See <a class="reference internal" href="#instance-options-limits-cpu"><span class="std std-ref">CPU pinning</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.cpu.allowance">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></span><span class="shortdesc"><p>How much of the CPU can be used</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.cpu.allowance"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p>100%</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>To control how much of the CPU can be used, specify either a percentage (<code class="docutils literal notranslate"><span class="pre">50%</span></code>) for a soft limit
or a chunk of time (<code class="docutils literal notranslate"><span class="pre">25ms/100ms</span></code>) for a hard limit.</p>
<p>See <a class="reference internal" href="#instance-options-limits-cpu-container"><span class="std std-ref">Allowance and priority (container only)</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.cpu.nodes">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.cpu.nodes</span></code></span><span class="shortdesc"><p>Which NUMA nodes to place the instance CPUs on</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.cpu.nodes"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.cpu.nodes</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>A comma-separated list of NUMA node IDs or ranges to place the instance CPUs on.</p>
<p>See <a class="reference internal" href="#instance-options-limits-cpu-container"><span class="std std-ref">Allowance and priority (container only)</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.cpu.pin_strategy">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.cpu.pin_strategy</span></code></span><span class="shortdesc"><p>VM CPU auto pinning strategy</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.cpu.pin_strategy"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.cpu.pin_strategy</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">none</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify the strategy for VM CPU auto pinning.
Possible values: <code class="docutils literal notranslate"><span class="pre">none</span></code> (disables CPU auto pinning) and <code class="docutils literal notranslate"><span class="pre">auto</span></code> (enables CPU auto pinning).</p>
<p>See <a class="reference internal" href="#instance-options-limits-cpu-vm"><span class="std std-ref">CPU limits for virtual machines</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.cpu.priority">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.cpu.priority</span></code></span><span class="shortdesc"><p>CPU scheduling priority compared to other instances</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.cpu.priority"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.cpu.priority</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">10</span></code> (maximum)</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>When overcommitting resources, specify the CPU scheduling priority compared to other instances that share the same CPUs.
Specify an integer between 0 and 10.</p>
<p>See <a class="reference internal" href="#instance-options-limits-cpu-container"><span class="std std-ref">Allowance and priority (container only)</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.disk.priority">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.disk.priority</span></code></span><span class="shortdesc"><p>Priority of the instance’s I/O requests</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.disk.priority"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.disk.priority</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">5</span></code> (medium)</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Controls how much priority to give to the instance’s I/O requests when under load.</p>
<p>Specify an integer between 0 and 10.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.hugepages.1GB">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.hugepages.1GB</span></code></span><span class="shortdesc"><p>Limit for the number of 1 GB huge pages</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.hugepages.1GB"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.hugepages.1GB</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Fixed value (in bytes) to limit the number of 1 GB huge pages.
Various suffixes are supported (see <a class="reference internal" href="../instance_units/#instances-limit-units"><span class="std std-ref">Units for storage and network limits</span></a>).</p>
<p>See <a class="reference internal" href="#instance-options-limits-hugepages"><span class="std std-ref">Huge page limits</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.hugepages.1MB">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.hugepages.1MB</span></code></span><span class="shortdesc"><p>Limit for the number of 1 MB huge pages</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.hugepages.1MB"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.hugepages.1MB</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Fixed value (in bytes) to limit the number of 1 MB huge pages.
Various suffixes are supported (see <a class="reference internal" href="../instance_units/#instances-limit-units"><span class="std std-ref">Units for storage and network limits</span></a>).</p>
<p>See <a class="reference internal" href="#instance-options-limits-hugepages"><span class="std std-ref">Huge page limits</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.hugepages.2MB">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.hugepages.2MB</span></code></span><span class="shortdesc"><p>Limit for the number of 2 MB huge pages</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.hugepages.2MB"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.hugepages.2MB</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Fixed value (in bytes) to limit the number of 2 MB huge pages.
Various suffixes are supported (see <a class="reference internal" href="../instance_units/#instances-limit-units"><span class="std std-ref">Units for storage and network limits</span></a>).</p>
<p>See <a class="reference internal" href="#instance-options-limits-hugepages"><span class="std std-ref">Huge page limits</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.hugepages.64KB">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.hugepages.64KB</span></code></span><span class="shortdesc"><p>Limit for the number of 64 KB huge pages</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.hugepages.64KB"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.hugepages.64KB</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Fixed value (in bytes) to limit the number of 64 KB huge pages.
Various suffixes are supported (see <a class="reference internal" href="../instance_units/#instances-limit-units"><span class="std std-ref">Units for storage and network limits</span></a>).</p>
<p>See <a class="reference internal" href="#instance-options-limits-hugepages"><span class="std std-ref">Huge page limits</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.max_bus_ports">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.max_bus_ports</span></code></span><span class="shortdesc"><p>Limit of allowed PCI/PCIe devices</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.max_bus_ports"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.max_bus_ports</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">8</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Total number of user configurable PCI/PCIe devices that can be attached to the VM.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.memory">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></span><span class="shortdesc"><p>Usage limit for the host’s memory</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.memory"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.memory</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">1GiB</span></code> (VMs)</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Percentage of the host’s memory or a fixed value in bytes.
Various suffixes are supported.</p>
<p>See <a class="reference internal" href="../instance_units/#instances-limit-units"><span class="std std-ref">Units for storage and network limits</span></a> for details.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.memory.enforce">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.memory.enforce</span></code></span><span class="shortdesc"><p>Whether the memory limit is <code class="docutils literal notranslate"><span class="pre">hard</span></code> or <code class="docutils literal notranslate"><span class="pre">soft</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.memory.enforce"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.memory.enforce</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">hard</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>If the instance’s memory limit is <code class="docutils literal notranslate"><span class="pre">hard</span></code>, the instance cannot exceed its limit.
If it is <code class="docutils literal notranslate"><span class="pre">soft</span></code>, the instance can exceed its memory limit when extra host memory is available.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.memory.hugepages">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.memory.hugepages</span></code></span><span class="shortdesc"><p>Whether to back the instance using huge pages</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.memory.hugepages"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.memory.hugepages</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>If this option is set to <code class="docutils literal notranslate"><span class="pre">false</span></code>, regular system memory is used.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.memory.swap">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.memory.swap</span></code></span><span class="shortdesc"><p>Whether to encourage/discourage swapping less used pages for this instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.memory.swap"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.memory.swap</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.memory.swap.priority">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.memory.swap.priority</span></code></span><span class="shortdesc"><p>Prevents the instance from being swapped to disk</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.memory.swap.priority"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.memory.swap.priority</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">10</span></code> (maximum)</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify an integer between 0 and 10.
The higher the value, the less likely the instance is to be swapped to disk.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.processes">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.processes</span></code></span><span class="shortdesc"><p>Maximum number of processes that can run in the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.processes"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.processes</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p>empty</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>If left empty, no limit is set.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-resource-limits:limits.kernel.*">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">limits.kernel.*</span></code></span><span class="shortdesc"><p>Kernel resources per instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-resource-limits:limits.kernel.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">limits.kernel.*</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>You can set kernel limits on an instance, for example, you can limit the number of open files.
See <a class="reference internal" href="#instance-options-limits-kernel"><span class="std std-ref">Kernel resource limits</span></a> for more information.</p>
</div>
</div>
<section id="cpu-limits">
<h3>CPU limits<a class="headerlink" href="#cpu-limits" title="Link to this heading">¶</a></h3>
<p>You have different options to limit CPU usage:</p>
<ul class="simple">
<li><p>Set <a class="configref reference internal" href="#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> to restrict which CPUs the instance can see and use.
See <a class="reference internal" href="#instance-options-limits-cpu"><span class="std std-ref">CPU pinning</span></a> for how to set this option.</p></li>
<li><p>Set <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.allowance"><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></a> to restrict the load an instance can put on the available CPUs.
This option is available only for containers.
See <a class="reference internal" href="#instance-options-limits-cpu-container"><span class="std std-ref">Allowance and priority (container only)</span></a> for how to set this option.</p></li>
<li><p>Set <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.pin_strategy"><code class="docutils literal notranslate"><span class="pre">limits.cpu.pin_strategy</span></code></a> to specify the strategy for virtual-machine CPU auto pinning.
This option is available only for virtual machines.
See <a class="reference internal" href="#instance-options-limits-cpu-vm"><span class="std std-ref">CPU limits for virtual machines</span></a> for how to set this option.</p></li>
</ul>
<p>It is possible to set both options at the same time to restrict both which CPUs are visible to the instance and the allowed usage of those instances.
However, if you use <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.allowance"><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></a> with a time limit, you should avoid using <a class="configref reference internal" href="#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> in addition, because that puts a lot of constraints on the scheduler and might lead to less efficient allocations.</p>
<p>The CPU limits are implemented through a mix of the <code class="docutils literal notranslate"><span class="pre">cpuset</span></code> and <code class="docutils literal notranslate"><span class="pre">cpu</span></code> cgroup controllers.</p>
<section id="cpu-pinning">
<span id="instance-options-limits-cpu"></span><h4>CPU pinning<a class="headerlink" href="#cpu-pinning" title="Link to this heading">¶</a></h4>
<p><a class="configref reference internal" href="#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> results in CPU pinning through the <code class="docutils literal notranslate"><span class="pre">cpuset</span></code> controller.
You can specify either which CPUs or how many CPUs are visible and available to the instance:</p>
<ul>
<li><p>To specify which CPUs to use, set <code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code> to either a set of CPUs (for example, <code class="docutils literal notranslate"><span class="pre">1,2,3</span></code>) or a CPU range (for example, <code class="docutils literal notranslate"><span class="pre">0-3</span></code>).</p>
<p>To pin to a single CPU, use the range syntax (for example, <code class="docutils literal notranslate"><span class="pre">1-1</span></code>) to differentiate it from a number of CPUs.</p>
</li>
<li><p>If you specify a number (for example, <code class="docutils literal notranslate"><span class="pre">4</span></code>) of CPUs, LXD will do dynamic load-balancing of all instances that aren’t pinned to specific CPUs, trying to spread the load on the machine.
Instances are re-balanced every time an instance starts or stops, as well as whenever a CPU is added to the system.</p></li>
</ul>
<section id="cpu-limits-for-virtual-machines">
<span id="instance-options-limits-cpu-vm"></span><h5>CPU limits for virtual machines<a class="headerlink" href="#cpu-limits-for-virtual-machines" title="Link to this heading">¶</a></h5>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>LXD supports live-updating the <a class="configref reference internal" href="#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> option.
However, for virtual machines, this only means that the respective CPUs are hotplugged.
Depending on the guest operating system, you might need to either restart the instance or complete some manual actions to bring the new CPUs online.</p>
</div>
<p>LXD virtual machines default to having just one vCPU allocated, which shows up as matching the host CPU vendor and type, but has a single core and no threads.</p>
<p>When <a class="configref reference internal" href="#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> is set to a single integer, LXD allocates multiple vCPUs and exposes them to the guest as full cores.
Unless <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.pin_strategy"><code class="docutils literal notranslate"><span class="pre">limits.cpu.pin_strategy</span></code></a> is set to <code class="docutils literal notranslate"><span class="pre">auto</span></code>, those vCPUs are not pinned to specific cores on the host.
The number of vCPUs can be updated while the VM is running.</p>
<p>When <a class="configref reference internal" href="#instance-resource-limits:limits.cpu"><code class="docutils literal notranslate"><span class="pre">limits.cpu</span></code></a> is set to a range or comma-separated list of CPU IDs (as provided by <a class="reference internal" href="../manpages/lxc/info/#lxc-info-md"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">lxc</span> <span class="pre">info</span> <span class="pre">--resources</span></code></span></a>), the vCPUs are pinned to those cores.
In this scenario, LXD checks whether the CPU configuration lines up with a realistic hardware topology and if it does, it replicates that topology in the guest.
When doing CPU pinning, it is not possible to change the configuration while the VM is running.</p>
<p>For example, if the pinning configuration includes eight threads, with each pair of thread coming from the same core and an even number of cores spread across two CPUs, the guest will show two CPUs, each with two cores and each core with two threads.
The NUMA layout is similarly replicated and in this scenario, the guest would most likely end up with two NUMA nodes, one for each CPU socket.</p>
<p>In such an environment with multiple NUMA nodes, the memory is similarly divided across NUMA nodes and be pinned accordingly on the host and then exposed to the guest.</p>
<p>All this allows for very high performance operations in the guest as the guest scheduler can properly reason about sockets, cores and threads as well as consider NUMA topology when sharing memory or moving processes across NUMA nodes.</p>
</section>
</section>
<section id="allowance-and-priority-container-only">
<span id="instance-options-limits-cpu-container"></span><h4>Allowance and priority (container only)<a class="headerlink" href="#allowance-and-priority-container-only" title="Link to this heading">¶</a></h4>
<p><a class="configref reference internal" href="#instance-resource-limits:limits.cpu.allowance"><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></a> drives either the CFS scheduler quotas when passed a time constraint, or the generic CPU shares mechanism when passed a percentage value:</p>
<ul class="simple">
<li><p>The time constraint (for example, <code class="docutils literal notranslate"><span class="pre">20ms/50ms</span></code>) is a hard limit.
For example, if you want to allow the container to use a maximum of one CPU, set <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.allowance"><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></a> to a value like <code class="docutils literal notranslate"><span class="pre">100ms/100ms</span></code>.
The value is relative to one CPU worth of time, so to restrict to two CPUs worth of time, use something like <code class="docutils literal notranslate"><span class="pre">100ms/50ms</span></code> or <code class="docutils literal notranslate"><span class="pre">200ms/100ms</span></code>.</p></li>
<li><p>When using a percentage value, the limit is a soft limit that is applied only when under load.
It is used to calculate the scheduler priority for the instance, relative to any other instance that is using the same CPU or CPUs.
For example, to limit the CPU usage of the container to one CPU when under load, set <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.allowance"><code class="docutils literal notranslate"><span class="pre">limits.cpu.allowance</span></code></a> to <code class="docutils literal notranslate"><span class="pre">100%</span></code>.</p></li>
</ul>
<p><a class="configref reference internal" href="#instance-resource-limits:limits.cpu.nodes"><code class="docutils literal notranslate"><span class="pre">limits.cpu.nodes</span></code></a> can be used to restrict the CPUs that the instance can use to a specific set of NUMA nodes.
To specify which NUMA nodes to use, set <a class="configref reference internal" href="#instance-resource-limits:limits.cpu.nodes"><code class="docutils literal notranslate"><span class="pre">limits.cpu.nodes</span></code></a> to either a set of NUMA node IDs (for example, <code class="docutils literal notranslate"><span class="pre">0,1</span></code>) or a set of NUMA node ranges (for example, <code class="docutils literal notranslate"><span class="pre">0-1,2-4</span></code>).</p>
<p><a class="configref reference internal" href="#instance-resource-limits:limits.cpu.priority"><code class="docutils literal notranslate"><span class="pre">limits.cpu.priority</span></code></a> is another factor that is used to compute the scheduler priority score when a number of instances sharing a set of CPUs have the same percentage of CPU assigned to them.</p>
</section>
</section>
<section id="huge-page-limits">
<span id="instance-options-limits-hugepages"></span><h3>Huge page limits<a class="headerlink" href="#huge-page-limits" title="Link to this heading">¶</a></h3>
<p>LXD allows to limit the number of huge pages available to a container through the <code class="docutils literal notranslate"><span class="pre">limits.hugepage.[size]</span></code> key (for example, <a class="configref reference internal" href="#instance-resource-limits:limits.hugepages.1MB"><code class="docutils literal notranslate"><span class="pre">limits.hugepages.1MB</span></code></a>).</p>
<p>Architectures often expose multiple huge-page sizes.
The available huge-page sizes depend on the architecture.</p>
<p>Setting limits for huge pages is especially useful when LXD is configured to intercept the <code class="docutils literal notranslate"><span class="pre">mount</span></code> syscall for the <code class="docutils literal notranslate"><span class="pre">hugetlbfs</span></code> file system in unprivileged containers.
When LXD intercepts a <code class="docutils literal notranslate"><span class="pre">hugetlbfs</span></code> <code class="docutils literal notranslate"><span class="pre">mount</span></code> syscall, it mounts the <code class="docutils literal notranslate"><span class="pre">hugetlbfs</span></code> file system for a container with correct <code class="docutils literal notranslate"><span class="pre">uid</span></code> and <code class="docutils literal notranslate"><span class="pre">gid</span></code> values as mount options.
This makes it possible to use huge pages from unprivileged containers.
However, it is recommended to limit the number of huge pages available to the container through <code class="docutils literal notranslate"><span class="pre">limits.hugepages.[size]</span></code> to stop the container from being able to exhaust the huge pages available to the host.</p>
<p>Limiting huge pages is done through the <code class="docutils literal notranslate"><span class="pre">hugetlb</span></code> cgroup controller, which means that the host system must expose the <code class="docutils literal notranslate"><span class="pre">hugetlb</span></code> controller in the legacy or unified cgroup hierarchy for these limits to apply.</p>
</section>
<section id="kernel-resource-limits">
<span id="instance-options-limits-kernel"></span><h3>Kernel resource limits<a class="headerlink" href="#kernel-resource-limits" title="Link to this heading">¶</a></h3>
<p>For container instances, LXD exposes a generic namespaced key <a class="configref reference internal" href="#instance-resource-limits:limits.kernel.*"><code class="docutils literal notranslate"><span class="pre">limits.kernel.*</span></code></a> that can be used to set resource limits.</p>
<p>It is generic in the sense that LXD does not perform any validation on the resource that is specified following the <code class="docutils literal notranslate"><span class="pre">limits.kernel.*</span></code> prefix.
LXD cannot know about all the possible resources that a given kernel supports.
Instead, LXD simply passes down the corresponding resource key after the <code class="docutils literal notranslate"><span class="pre">limits.kernel.*</span></code> prefix and its value to the kernel.
The kernel does the appropriate validation.
This allows users to specify any supported limit on their system.</p>
<p>Some common limits are:</p>
<div class="table-wrapper colwidths-auto docutils container">
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Key</p></th>
<th class="head text-left"><p>Resource</p></th>
<th class="head text-left"><p>Description</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.as</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_AS</span></code></p></td>
<td class="text-left"><p>Maximum size of the process’s virtual memory</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.core</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_CORE</span></code></p></td>
<td class="text-left"><p>Maximum size of the process’s core dump file</p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.cpu</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_CPU</span></code></p></td>
<td class="text-left"><p>Limit in seconds on the amount of CPU time the process can consume</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.data</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_DATA</span></code></p></td>
<td class="text-left"><p>Maximum size of the process’s data segment</p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.fsize</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_FSIZE</span></code></p></td>
<td class="text-left"><p>Maximum size of files the process may create</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.locks</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_LOCKS</span></code></p></td>
<td class="text-left"><p>Limit on the number of file locks that this process may establish</p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.memlock</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_MEMLOCK</span></code></p></td>
<td class="text-left"><p>Limit on the number of bytes of memory that the process may lock in RAM</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.nice</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_NICE</span></code></p></td>
<td class="text-left"><p>Maximum value to which the process’s nice value can be raised</p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.nofile</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_NOFILE</span></code></p></td>
<td class="text-left"><p>Maximum number of open files for the process</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.nproc</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_NPROC</span></code></p></td>
<td class="text-left"><p>Maximum number of processes that can be created for the user of the calling process</p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.rtprio</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_RTPRIO</span></code></p></td>
<td class="text-left"><p>Maximum value on the real-time-priority that may be set for this process</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">limits.kernel.sigpending</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">RLIMIT_SIGPENDING</span></code></p></td>
<td class="text-left"><p>Maximum number of signals that may be queued for the user of the calling process</p></td>
</tr>
</tbody>
</table>
</div>
<p>A full list of all available limits can be found in the manpages for the <code class="docutils literal notranslate"><span class="pre">getrlimit(2)</span></code>/<code class="docutils literal notranslate"><span class="pre">setrlimit(2)</span></code> system calls.</p>
<p>To specify a limit within the <code class="docutils literal notranslate"><span class="pre">limits.kernel.*</span></code> namespace, use the resource name in lowercase without the <code class="docutils literal notranslate"><span class="pre">RLIMIT_</span></code> prefix.
For example, <code class="docutils literal notranslate"><span class="pre">RLIMIT_NOFILE</span></code> should be specified as <code class="docutils literal notranslate"><span class="pre">nofile</span></code>.</p>
<p>A limit is specified as two colon-separated values that are either numeric or the word <code class="docutils literal notranslate"><span class="pre">unlimited</span></code> (for example, <code class="docutils literal notranslate"><span class="pre">limits.kernel.nofile=1000:2000</span></code>).
A single value can be used as a shortcut to set both soft and hard limit to the same value (for example, <code class="docutils literal notranslate"><span class="pre">limits.kernel.nofile=3000</span></code>).</p>
<p>A resource with no explicitly configured limit will inherit its limit from the process that starts up the container.
Note that this inheritance is not enforced by LXD but by the kernel.</p>
</section>
</section>
<section id="migration-options">
<span id="instance-options-migration"></span><h2>Migration options<a class="headerlink" href="#migration-options" title="Link to this heading">¶</a></h2>
<p>The following instance options control the behavior if the instance is <a class="reference internal" href="../../howto/instances_migrate/#howto-instances-migrate"><span class="std std-ref">moved from one LXD server to another</span></a>:</p>
<div class="configoption docutils container" id="instance-migration:migration.incremental.memory">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">migration.incremental.memory</span></code></span><span class="shortdesc"><p>Whether to use incremental memory transfer</p>
</span><span class="anchor"><a class="reference external" href="#instance-migration:migration.incremental.memory"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">migration.incremental.memory</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Using incremental memory transfer of the instance’s memory can reduce downtime.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-migration:migration.incremental.memory.goal">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">migration.incremental.memory.goal</span></code></span><span class="shortdesc"><p>Percentage of memory to have in sync before stopping the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-migration:migration.incremental.memory.goal"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">migration.incremental.memory.goal</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">70</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-migration:migration.incremental.memory.iterations">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">migration.incremental.memory.iterations</span></code></span><span class="shortdesc"><p>Maximum number of transfer operations to go through before stopping the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-migration:migration.incremental.memory.iterations"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">migration.incremental.memory.iterations</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">10</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-migration:migration.stateful">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">migration.stateful</span></code></span><span class="shortdesc"><p>Whether to allow for stateful stop/start and snapshots</p>
</span><span class="anchor"><a class="reference external" href="#instance-migration:migration.stateful"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">migration.stateful</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code> or value from profiles or <code class="docutils literal notranslate"><span class="pre">instances.migration.stateful</span></code> (if set)</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Enabling this option prevents the use of some features that are incompatible with it.</p>
</div>
</div>
</section>
<section id="placement-options">
<span id="instance-options-placement"></span><h2>Placement options<a class="headerlink" href="#placement-options" title="Link to this heading">¶</a></h2>
<p>The following instance option controls the placement of instances in a cluster:</p>
<div class="configoption docutils container" id="instance-placement:placement.group">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">placement.group</span></code></span><span class="shortdesc"><p>Placement group controlling instance scheduling</p>
</span><span class="anchor"><a class="reference external" href="#instance-placement:placement.group"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">placement.group</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specifies the placement group that determines where this instance is scheduled within the cluster.
The placement group defines the placement policy (e.g. spread or compact) and rigor (e.g. strict or permissive)
used to determine eligible cluster members during LXD scheduling events.</p>
</div>
</div>
<p>See <a class="reference internal" href="../../howto/cluster_placement_groups/#cluster-placement-groups"><span class="std std-ref">How to use placement groups</span></a> for more information about placement groups.</p>
</section>
<section id="nvidia-and-cuda-configuration">
<span id="instance-options-nvidia"></span><h2>NVIDIA and CUDA configuration<a class="headerlink" href="#nvidia-and-cuda-configuration" title="Link to this heading">¶</a></h2>
<p>The following instance options specify the NVIDIA and CUDA configuration of the instance:</p>
<div class="configoption docutils container" id="instance-nvidia:nvidia.driver.capabilities">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">nvidia.driver.capabilities</span></code></span><span class="shortdesc"><p>What driver capabilities the instance needs</p>
</span><span class="anchor"><a class="reference external" href="#instance-nvidia:nvidia.driver.capabilities"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">nvidia.driver.capabilities</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">compute,utility</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The specified driver capabilities are used to set <code class="docutils literal notranslate"><span class="pre">libnvidia-container</span> <span class="pre">NVIDIA_DRIVER_CAPABILITIES</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-nvidia:nvidia.require.cuda">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">nvidia.require.cuda</span></code></span><span class="shortdesc"><p>Required CUDA version</p>
</span><span class="anchor"><a class="reference external" href="#instance-nvidia:nvidia.require.cuda"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">nvidia.require.cuda</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The specified version expression is used to set <code class="docutils literal notranslate"><span class="pre">libnvidia-container</span> <span class="pre">NVIDIA_REQUIRE_CUDA</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-nvidia:nvidia.require.driver">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">nvidia.require.driver</span></code></span><span class="shortdesc"><p>Required driver version</p>
</span><span class="anchor"><a class="reference external" href="#instance-nvidia:nvidia.require.driver"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">nvidia.require.driver</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The specified version expression is used to set <code class="docutils literal notranslate"><span class="pre">libnvidia-container</span> <span class="pre">NVIDIA_REQUIRE_DRIVER</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-nvidia:nvidia.runtime">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">nvidia.runtime</span></code></span><span class="shortdesc"><p>Whether to pass the host NVIDIA and CUDA runtime libraries into the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-nvidia:nvidia.runtime"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">nvidia.runtime</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</section>
<section id="raw-instance-configuration-overrides">
<span id="instance-options-raw"></span><h2>Raw instance configuration overrides<a class="headerlink" href="#raw-instance-configuration-overrides" title="Link to this heading">¶</a></h2>
<p>The following instance options allow direct interaction with the backend features that LXD itself uses:</p>
<div class="configoption docutils container" id="instance-raw:raw.apparmor">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">raw.apparmor</span></code></span><span class="shortdesc"><p>AppArmor profile entries</p>
</span><span class="anchor"><a class="reference external" href="#instance-raw:raw.apparmor"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">raw.apparmor</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>blob</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The specified entries are appended to the generated profile.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-raw:raw.idmap">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></span><span class="shortdesc"><p>Raw idmap configuration</p>
</span><span class="anchor"><a class="reference external" href="#instance-raw:raw.idmap"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">raw.idmap</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>blob</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>For example: <code class="docutils literal notranslate"><span class="pre">both</span> <span class="pre">1000</span> <span class="pre">1000</span></code></p>
</div>
</div>
<div class="configoption docutils container" id="instance-raw:raw.lxc">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">raw.lxc</span></code></span><span class="shortdesc"><p>Raw LXC configuration to be appended to the generated one</p>
</span><span class="anchor"><a class="reference external" href="#instance-raw:raw.lxc"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">raw.lxc</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>blob</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-raw:raw.qemu">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">raw.qemu</span></code></span><span class="shortdesc"><p>Raw QEMU configuration to be appended to the generated command line</p>
</span><span class="anchor"><a class="reference external" href="#instance-raw:raw.qemu"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">raw.qemu</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>blob</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-raw:raw.qemu.conf">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">raw.qemu.conf</span></code></span><span class="shortdesc"><p>Addition/override to the generated <code class="docutils literal notranslate"><span class="pre">qemu.conf</span></code> file</p>
</span><span class="anchor"><a class="reference external" href="#instance-raw:raw.qemu.conf"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">raw.qemu.conf</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>blob</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>See <a class="reference internal" href="#instance-options-qemu"><span class="std std-ref">Override QEMU configuration</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-raw:raw.seccomp">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">raw.seccomp</span></code></span><span class="shortdesc"><p>Raw Seccomp configuration</p>
</span><span class="anchor"><a class="reference external" href="#instance-raw:raw.seccomp"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">raw.seccomp</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>blob</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>Setting these <code class="docutils literal notranslate"><span class="pre">raw.*</span></code> keys might break LXD in non-obvious ways.
Therefore, you should avoid setting any of these keys.</p>
</div>
<section id="override-qemu-configuration">
<span id="instance-options-qemu"></span><h3>Override QEMU configuration<a class="headerlink" href="#override-qemu-configuration" title="Link to this heading">¶</a></h3>
<p>For VM instances, LXD configures QEMU through a configuration file that is passed to QEMU with the <code class="docutils literal notranslate"><span class="pre">-readconfig</span></code> command-line option.
This configuration file is generated for each instance before boot.
It can be found at <code class="docutils literal notranslate"><span class="pre">/var/log/lxd/<instance_name>/qemu.conf</span></code>.</p>
<p>The default configuration works fine for LXD’s most common use case: modern UEFI guests with VirtIO devices.
In some situations, however, you might need to override the generated configuration.
For example:</p>
<ul class="simple">
<li><p>To run an old guest OS that doesn’t support UEFI.</p></li>
<li><p>To specify custom virtual devices when VirtIO is not supported by the guest OS.</p></li>
<li><p>To add devices that are not supported by LXD before the machines boots.</p></li>
<li><p>To remove devices that conflict with the guest OS.</p></li>
</ul>
<p>To override the configuration, set the <a class="configref reference internal" href="#instance-raw:raw.qemu.conf"><code class="docutils literal notranslate"><span class="pre">raw.qemu.conf</span></code></a> option.
It supports a format similar to <code class="docutils literal notranslate"><span class="pre">qemu.conf</span></code>, with some additions.
Since it is a multi-line configuration option, you can use it to modify multiple sections or keys.</p>
<ul>
<li><p>To replace a section or key in the generated configuration file, add a section with a different value.</p>
<p>For example, use the following section to override the default <code class="docutils literal notranslate"><span class="pre">virtio-gpu-pci</span></code> GPU driver:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">raw</span><span class="o">.</span><span class="n">qemu</span><span class="o">.</span><span class="n">conf</span><span class="p">:</span> <span class="o">|-</span>
<span class="p">[</span><span class="n">device</span> <span class="s2">"qemu_gpu"</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="s2">"qxl-vga"</span>
</pre></div>
</div>
</li>
<li><p>To remove a section, specify a section without any keys.
For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">raw</span><span class="o">.</span><span class="n">qemu</span><span class="o">.</span><span class="n">conf</span><span class="p">:</span> <span class="o">|-</span>
<span class="p">[</span><span class="n">device</span> <span class="s2">"qemu_gpu"</span><span class="p">]</span>
</pre></div>
</div>
</li>
<li><p>To remove a key, specify an empty string as the value.
For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">raw</span><span class="o">.</span><span class="n">qemu</span><span class="o">.</span><span class="n">conf</span><span class="p">:</span> <span class="o">|-</span>
<span class="p">[</span><span class="n">device</span> <span class="s2">"qemu_gpu"</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="s2">""</span>
</pre></div>
</div>
</li>
<li><p>To add a new section, specify a section name that is not present in the configuration file.</p></li>
</ul>
<p>The configuration file format used by QEMU allows multiple sections with the same name.
Here’s a piece of the configuration generated by LXD:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="k">global</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="s2">"ICH9-LPC"</span>
<span class="nb">property</span> <span class="o">=</span> <span class="s2">"disable_s3"</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"1"</span>
<span class="p">[</span><span class="k">global</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="s2">"ICH9-LPC"</span>
<span class="nb">property</span> <span class="o">=</span> <span class="s2">"disable_s4"</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"1"</span>
</pre></div>
</div>
<p>To specify which section to override, specify an index.
For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">raw</span><span class="o">.</span><span class="n">qemu</span><span class="o">.</span><span class="n">conf</span><span class="p">:</span> <span class="o">|-</span>
<span class="p">[</span><span class="k">global</span><span class="p">][</span><span class="mi">1</span><span class="p">]</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"0"</span>
</pre></div>
</div>
<p>Section indexes start at 0 (which is the default value when not specified), so the above example would generate the following configuration:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="k">global</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="s2">"ICH9-LPC"</span>
<span class="nb">property</span> <span class="o">=</span> <span class="s2">"disable_s3"</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"1"</span>
<span class="p">[</span><span class="k">global</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="s2">"ICH9-LPC"</span>
<span class="nb">property</span> <span class="o">=</span> <span class="s2">"disable_s4"</span>
<span class="n">value</span> <span class="o">=</span> <span class="s2">"0"</span>
</pre></div>
</div>
</section>
</section>
<section id="security-policies">
<span id="instance-options-security"></span><h2>Security policies<a class="headerlink" href="#security-policies" title="Link to this heading">¶</a></h2>
<p>The following instance options control the <a class="reference internal" href="../../explanation/security/#security"><span class="std std-ref">Security</span></a> policies of the instance:</p>
<div class="configoption docutils container" id="instance-security:security.agent.metrics">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.agent.metrics</span></code></span><span class="shortdesc"><p>Whether the <code class="docutils literal notranslate"><span class="pre">lxd-agent</span></code> is queried for state information and metrics</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.agent.metrics"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.agent.metrics</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.delegate_bpf">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf</span></code></span><span class="shortdesc"><p>Whether to enable eBPF delegation using BPF Token mechanism</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.delegate_bpf"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>This option enables BPF functionality delegation mechanism (using BPF Token).</p>
<p>Note: <code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.cmd_types</span></code>, <code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.map_types</span></code>,
<code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.prog_types</span></code>, <code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.attach_types</span></code>
need to be configured depending on BPF workload in the container.</p>
<p>See <a class="reference internal" href="../../explanation/bpf/#bpf-delegation-token"><span class="std std-ref">Privilege delegation using BPF Token</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.delegate_bpf.attach_types">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.attach_types</span></code></span><span class="shortdesc"><p>Which eBPF attach types to allow with delegation mechanism</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.delegate_bpf.attach_types"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.attach_types</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Which eBPF program attachment types to allow with delegation mechanism. Syntax follows
a kernel one for <code class="docutils literal notranslate"><span class="pre">delegate_attachs</span></code> bpffs mount option.
A number (bitmask) or <code class="docutils literal notranslate"><span class="pre">:</span></code>-separated list of attachment types to allow can be specified.
For example, <code class="docutils literal notranslate"><span class="pre">cgroup_inet_ingress</span></code> allows <code class="docutils literal notranslate"><span class="pre">BPF_CGROUP_INET_INGRESS</span></code> attachment type.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.delegate_bpf.cmd_types">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.cmd_types</span></code></span><span class="shortdesc"><p>Which eBPF commands to allow with delegation mechanism</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.delegate_bpf.cmd_types"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.cmd_types</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Which eBPF commands to allow with delegation mechanism. Syntax follows a kernel one for <code class="docutils literal notranslate"><span class="pre">delegate_cmds</span></code>
bpffs mount option. A number (bitmask) or <code class="docutils literal notranslate"><span class="pre">:</span></code>-separated list of commands to allow can be specified.
For example, <code class="docutils literal notranslate"><span class="pre">prog_load:map_create</span></code> allows eBPF programs loading and eBPF maps creation.
Notice: <code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.prog_types</span></code> and <code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.map_types</span></code> still need to
be configured accordingly.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.delegate_bpf.map_types">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.map_types</span></code></span><span class="shortdesc"><p>Which eBPF maps to allow with delegation mechanism</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.delegate_bpf.map_types"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.map_types</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Which eBPF maps to allow with delegation mechanism. Syntax follows a kernel one for <code class="docutils literal notranslate"><span class="pre">delegate_maps</span></code>
bpffs mount option. A number (bitmask) or <code class="docutils literal notranslate"><span class="pre">:</span></code>-separated list of map types to allow can be specified.
For example, <code class="docutils literal notranslate"><span class="pre">ringbuf</span></code> allows <code class="docutils literal notranslate"><span class="pre">BPF_MAP_TYPE_RINGBUF</span></code> map.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.delegate_bpf.prog_types">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.prog_types</span></code></span><span class="shortdesc"><p>Which eBPF program types to allow with delegation mechanism</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.delegate_bpf.prog_types"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.delegate_bpf.prog_types</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Which eBPF program types to allow with delegation mechanism. Syntax follows a kernel one for <code class="docutils literal notranslate"><span class="pre">delegate_progs</span></code>
bpffs mount option. A number (bitmask) or <code class="docutils literal notranslate"><span class="pre">:</span></code>-separated list of program types to allow can be specified.
For example, <code class="docutils literal notranslate"><span class="pre">socket_filter</span></code> allows <code class="docutils literal notranslate"><span class="pre">BPF_PROG_TYPE_SOCKET_FILTER</span></code> program type.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.devlxd">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.devlxd</span></code></span><span class="shortdesc"><p>Whether <code class="docutils literal notranslate"><span class="pre">/dev/lxd</span></code> is present in the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.devlxd"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.devlxd</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>See <a class="reference internal" href="../../dev-lxd/#dev-lxd"><span class="std std-ref">Communication between instance and host</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.devlxd.images">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.devlxd.images</span></code></span><span class="shortdesc"><p>Controls the availability of the <code class="docutils literal notranslate"><span class="pre">/1.0/images</span></code> API over <code class="docutils literal notranslate"><span class="pre">devlxd</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.devlxd.images"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.devlxd.images</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.devlxd.management.volumes">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.devlxd.management.volumes</span></code></span><span class="shortdesc"><p>Controls the availability of the volume management API over <code class="docutils literal notranslate"><span class="pre">devlxd</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.devlxd.management.volumes"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.devlxd.management.volumes</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.idmap.base">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.idmap.base</span></code></span><span class="shortdesc"><p>The base host ID to use for the allocation</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.idmap.base"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.idmap.base</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Setting this option overrides auto-detection.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.idmap.isolated">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.idmap.isolated</span></code></span><span class="shortdesc"><p>Whether to use a unique idmap for this instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.idmap.isolated"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.idmap.isolated</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>If specified, the idmap used for this instance is unique among instances that have this option set.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.idmap.size">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.idmap.size</span></code></span><span class="shortdesc"><p>The size of the idmap to use</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.idmap.size"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.idmap.size</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>unprivileged container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.nesting">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.nesting</span></code></span><span class="shortdesc"><p>Whether to support running LXD (nested) inside the instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.nesting"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.nesting</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.privileged">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.privileged</span></code></span><span class="shortdesc"><p>Whether to run the instance in privileged mode</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.privileged"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.privileged</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>See <a class="reference internal" href="../../explanation/security/#container-security"><span class="std std-ref">Container security</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.protection.delete">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.protection.delete</span></code></span><span class="shortdesc"><p>Whether to prevent the instance from being deleted</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.protection.delete"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.protection.delete</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.protection.shift">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.protection.shift</span></code></span><span class="shortdesc"><p>Whether to protect the file system from being UID/GID shifted</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.protection.shift"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.protection.shift</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Set this option to <code class="docutils literal notranslate"><span class="pre">true</span></code> to prevent the instance’s file system from being UID/GID shifted on startup.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.protection.start">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.protection.start</span></code></span><span class="shortdesc"><p>Whether to prevent the instance from being started</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.protection.start"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.protection.start</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.sev">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.sev</span></code></span><span class="shortdesc"><p>Whether AMD SEV (Secure Encrypted Virtualization) is enabled for this VM</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.sev"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.sev</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.sev.policy.es">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.sev.policy.es</span></code></span><span class="shortdesc"><p>Whether AMD SEV-ES (SEV Encrypted State) is enabled for this VM</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.sev.policy.es"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.sev.policy.es</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.sev.session.data">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.sev.session.data</span></code></span><span class="shortdesc"><p>The guest owner’s <code class="docutils literal notranslate"><span class="pre">base64</span></code>-encoded session blob</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.sev.session.data"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.sev.session.data</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.sev.session.dh">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.sev.session.dh</span></code></span><span class="shortdesc"><p>The guest owner’s <code class="docutils literal notranslate"><span class="pre">base64</span></code>-encoded Diffie-Hellman key</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.sev.session.dh"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.sev.session.dh</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>virtual machine</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.allow">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.allow</span></code></span><span class="shortdesc"><p>List of syscalls to allow</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.allow"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.allow</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>A <code class="docutils literal notranslate"><span class="pre">\n</span></code>-separated list of syscalls to allow.
This list must be mutually exclusive with <code class="docutils literal notranslate"><span class="pre">security.syscalls.deny*</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.deny">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.deny</span></code></span><span class="shortdesc"><p>List of syscalls to deny</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.deny"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.deny</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>A <code class="docutils literal notranslate"><span class="pre">\n</span></code>-separated list of syscalls to deny.
This list must be mutually exclusive with <code class="docutils literal notranslate"><span class="pre">security.syscalls.allow</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.deny_compat">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.deny_compat</span></code></span><span class="shortdesc"><p>Whether to block <code class="docutils literal notranslate"><span class="pre">compat_*</span></code> syscalls (<code class="docutils literal notranslate"><span class="pre">x86_64</span></code> only)</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.deny_compat"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.deny_compat</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>On <code class="docutils literal notranslate"><span class="pre">x86_64</span></code>, this option controls whether to block <code class="docutils literal notranslate"><span class="pre">compat_*</span></code> syscalls.
On other architectures, the option is ignored.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.deny_default">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.deny_default</span></code></span><span class="shortdesc"><p>Whether to enable the default syscall deny</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.deny_default"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.deny_default</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.bpf">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.bpf</span></code></span><span class="shortdesc"><p>Whether to handle the <code class="docutils literal notranslate"><span class="pre">bpf()</span></code> system call</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.bpf"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.bpf</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.bpf.devices">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.bpf.devices</span></code></span><span class="shortdesc"><p>Whether to allow BPF programs</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.bpf.devices"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.bpf.devices</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>This option controls whether to allow BPF programs for the devices cgroup in the unified hierarchy to be loaded.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.mknod">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mknod</span></code></span><span class="shortdesc"><p>Whether to handle the <code class="docutils literal notranslate"><span class="pre">mknod</span></code> and <code class="docutils literal notranslate"><span class="pre">mknodat</span></code> system calls</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.mknod"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mknod</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>These system calls allow creation of a limited subset of char/block devices.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.mount">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount</span></code></span><span class="shortdesc"><p>Whether to handle the <code class="docutils literal notranslate"><span class="pre">mount</span></code> system call</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.mount"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.mount.allowed">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount.allowed</span></code></span><span class="shortdesc"><p>File systems that can be mounted</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.mount.allowed"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount.allowed</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify a comma-separated list of file systems that are safe to mount for processes inside the instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.mount.fuse">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount.fuse</span></code></span><span class="shortdesc"><p>File system that should be redirected to FUSE implementation</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.mount.fuse"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount.fuse</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify the mounts of a given file system that should be redirected to their FUSE implementation (for example, <code class="docutils literal notranslate"><span class="pre">ext4=fuse2fs</span></code>).</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.mount.shift">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount.shift</span></code></span><span class="shortdesc"><p>Whether to use idmapped mounts for syscall interception</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.mount.shift"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.mount.shift</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.sched_setscheduler">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.sched_setscheduler</span></code></span><span class="shortdesc"><p>Whether to handle the <code class="docutils literal notranslate"><span class="pre">sched_setscheduler</span></code> system call</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.sched_setscheduler"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.sched_setscheduler</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>This system call allows increasing process priority.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.setxattr">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.setxattr</span></code></span><span class="shortdesc"><p>Whether to handle the <code class="docutils literal notranslate"><span class="pre">setxattr</span></code> system call</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.setxattr"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.setxattr</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>This system call allows setting a limited subset of restricted extended attributes.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-security:security.syscalls.intercept.sysinfo">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.sysinfo</span></code></span><span class="shortdesc"><p>Whether to handle the <code class="docutils literal notranslate"><span class="pre">sysinfo</span></code> system call</p>
</span><span class="anchor"><a class="reference external" href="#instance-security:security.syscalls.intercept.sysinfo"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">security.syscalls.intercept.sysinfo</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>This system call can be used to get cgroup-based resource usage information.</p>
</div>
</div>
</section>
<section id="snapshot-scheduling-and-configuration">
<span id="instance-options-snapshots"></span><h2>Snapshot scheduling and configuration<a class="headerlink" href="#snapshot-scheduling-and-configuration" title="Link to this heading">¶</a></h2>
<p>The following instance options control the creation and expiry of <a class="reference internal" href="../../howto/instances_backup/#instances-snapshots"><span class="std std-ref">instance snapshots</span></a>:</p>
<div class="configoption docutils container" id="instance-snapshots:snapshots.expiry">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">snapshots.expiry</span></code></span><span class="shortdesc"><p>When snapshots are to be deleted</p>
</span><span class="anchor"><a class="reference external" href="#instance-snapshots:snapshots.expiry"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">snapshots.expiry</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify an expression like <code class="docutils literal notranslate"><span class="pre">1M</span> <span class="pre">2H</span> <span class="pre">3d</span> <span class="pre">4w</span> <span class="pre">5m</span> <span class="pre">6y</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-snapshots:snapshots.pattern">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">snapshots.pattern</span></code></span><span class="shortdesc"><p>Template for the snapshot name</p>
</span><span class="anchor"><a class="reference external" href="#instance-snapshots:snapshots.pattern"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">snapshots.pattern</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">snap%d</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify a Pongo2 template string that represents the snapshot name.
This template is used for scheduled snapshots and for unnamed snapshots.</p>
<p>See <a class="reference internal" href="#instance-options-snapshots-names"><span class="std std-ref">Automatic snapshot names</span></a> for more information.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-snapshots:snapshots.schedule">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">snapshots.schedule</span></code></span><span class="shortdesc"><p>Schedule for automatic instance snapshots</p>
</span><span class="anchor"><a class="reference external" href="#instance-snapshots:snapshots.schedule"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">snapshots.schedule</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p>empty</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Specify either a cron expression (<code class="docutils literal notranslate"><span class="pre"><minute></span> <span class="pre"><hour></span> <span class="pre"><dom></span> <span class="pre"><month></span> <span class="pre"><dow></span></code>), a comma-separated list of schedule aliases (<code class="docutils literal notranslate"><span class="pre">@hourly</span></code>, <code class="docutils literal notranslate"><span class="pre">@daily</span></code>, <code class="docutils literal notranslate"><span class="pre">@midnight</span></code>, <code class="docutils literal notranslate"><span class="pre">@weekly</span></code>, <code class="docutils literal notranslate"><span class="pre">@monthly</span></code>, <code class="docutils literal notranslate"><span class="pre">@annually</span></code>, <code class="docutils literal notranslate"><span class="pre">@yearly</span></code>), or leave empty to disable automatic snapshots.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-snapshots:snapshots.schedule.stopped">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">snapshots.schedule.stopped</span></code></span><span class="shortdesc"><p>Whether to automatically snapshot stopped instances</p>
</span><span class="anchor"><a class="reference external" href="#instance-snapshots:snapshots.schedule.stopped"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">snapshots.schedule.stopped</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Live update: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<section id="automatic-snapshot-names">
<span id="instance-options-snapshots-names"></span><h3>Automatic snapshot names<a class="headerlink" href="#automatic-snapshot-names" title="Link to this heading">¶</a></h3>
<p>The <code class="docutils literal notranslate"><span class="pre">snapshots.pattern</span></code> option takes a Pongo2 template string to format the snapshot name.</p>
<p>To add a time stamp to the snapshot name, use the Pongo2 context variable <code class="docutils literal notranslate"><span class="pre">creation_date</span></code>.
Make sure to format the date in your template string to avoid forbidden characters in the snapshot name.
For example, set <code class="docutils literal notranslate"><span class="pre">snapshots.pattern</span></code> to <code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">creation_date|date:'2006-01-02_15-04-05'</span> <span class="pre">}}</span></code> to name the snapshots after their time of creation, down to the precision of a second.</p>
<p>Another way to avoid name collisions is to use the placeholder <code class="docutils literal notranslate"><span class="pre">%d</span></code> in the pattern.
For the first snapshot, the placeholder is replaced with <code class="docutils literal notranslate"><span class="pre">0</span></code>.
For subsequent snapshots, the existing snapshot names are taken into account to find the highest number at the placeholder’s position.
This number is then incremented by one for the new name.</p>
</section>
</section>
<section id="volatile-internal-data">
<span id="instance-options-volatile"></span><h2>Volatile internal data<a class="headerlink" href="#volatile-internal-data" title="Link to this heading">¶</a></h2>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The <code class="docutils literal notranslate"><span class="pre">volatile.*</span></code> keys cannot be manipulated by the user. Do not attempt to modify these keys in any way. LXD modifies these keys, and attempting to manipulate them yourself might break LXD in non-obvious ways.</p>
</div>
<p>The following volatile keys are currently used internally by LXD to store internal data specific to an instance:</p>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.apply_quota">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.apply_quota</span></code></span><span class="shortdesc"><p>Disk quota</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.apply_quota"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.apply_quota</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The disk quota is applied the next time the instance starts.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.bus">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.bus</span></code></span><span class="shortdesc"><p>Persistent VM bus number</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.bus"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.bus</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Persistent VM bus number.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.ceph_rbd">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.ceph_rbd</span></code></span><span class="shortdesc"><p>RBD device path for Ceph disk devices</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.ceph_rbd"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.ceph_rbd</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>RBD device path for Ceph disk devices.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.devlxd.owner">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.devlxd.owner</span></code></span><span class="shortdesc"><p>DevLXD identity ID that owns the device.</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.devlxd.owner"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.devlxd.owner</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>ID of the DevLXD identity that owns the device. It is used by DevLXD to restrict
access of an identity to devices that were created by that identity.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.host_name">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.host_name</span></code></span><span class="shortdesc"><p>Network device name on the host</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.host_name"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.host_name</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Network device name on the host.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.hwaddr">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.hwaddr</span></code></span><span class="shortdesc"><p>Network device MAC address</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.hwaddr"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.hwaddr</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The network device MAC address is used when no <code class="docutils literal notranslate"><span class="pre">hwaddr</span></code> property is set on the device itself.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.created">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.created</span></code></span><span class="shortdesc"><p>Whether the network device physical device was created</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.created"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.created</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Possible values are <code class="docutils literal notranslate"><span class="pre">true</span></code> or <code class="docutils literal notranslate"><span class="pre">false</span></code>.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.hwaddr">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.hwaddr</span></code></span><span class="shortdesc"><p>Network device original MAC</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.hwaddr"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.hwaddr</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The original MAC that was used when moving a physical device into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.mtu">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.mtu</span></code></span><span class="shortdesc"><p>Network device original MTU</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.mtu"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.mtu</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The original MTU that was used when moving a physical device into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.vdpa.name">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vdpa.name</span></code></span><span class="shortdesc"><p>VDPA device name</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.vdpa.name"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vdpa.name</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The VDPA device name used when moving a VDPA device file descriptor into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.vf.hwaddr">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.hwaddr</span></code></span><span class="shortdesc"><p>SR-IOV virtual function original MAC</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.vf.hwaddr"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.hwaddr</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The original MAC used when moving a VF into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.vf.id">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.id</span></code></span><span class="shortdesc"><p>SR-IOV virtual function ID</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.vf.id"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.id</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The ID used when moving a VF into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.vf.spoofcheck">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.spoofcheck</span></code></span><span class="shortdesc"><p>SR-IOV virtual function original spoof check setting</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.vf.spoofcheck"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.spoofcheck</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The original spoof check setting used when moving a VF into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.<name>.last_state.vf.vlan">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.vlan</span></code></span><span class="shortdesc"><p>SR-IOV virtual function original VLAN</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.<name>.last_state.vf.vlan"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.<name>.last_state.vf.vlan</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The original VLAN used when moving a VF into an instance.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.apply_nvram">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.apply_nvram</span></code></span><span class="shortdesc"><p>Whether to regenerate VM NVRAM the next time the instance starts</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.apply_nvram"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.apply_nvram</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.apply_template">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.apply_template</span></code></span><span class="shortdesc"><p>Template hook</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.apply_template"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.apply_template</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The template with the given name is triggered upon next startup.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.attached_volumes">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.attached_volumes</span></code></span><span class="shortdesc"><p>JSON-serialized map of attached volume device names to the UUIDs of their corresponding snapshots.</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.attached_volumes"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.attached_volumes</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>snapshot</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>JSON-serialized map of attached volume device names to the UUIDs of their corresponding
snapshots, created as part of a multi-volume snapshot.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.base_image">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.base_image</span></code></span><span class="shortdesc"><p>Hash of the base image</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.base_image"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.base_image</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The hash of the image that the instance was created from (empty if the instance was not created from an image).</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.bus.mode">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.bus.mode</span></code></span><span class="shortdesc"><p>Device bus allocation mode</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.bus.mode"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.bus.mode</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>Set to <code class="docutils literal notranslate"><span class="pre">persistent</span></code> when persistent bus allocation mode is enabled.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.cloud-init.instance-id">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.cloud-init.instance-id</span></code></span><span class="shortdesc"><p><code class="docutils literal notranslate"><span class="pre">instance-id</span></code> (UUID) exposed to <code class="docutils literal notranslate"><span class="pre">cloud-init</span></code></p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.cloud-init.instance-id"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.cloud-init.instance-id</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.cluster.group">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.cluster.group</span></code></span><span class="shortdesc"><p>The target cluster group</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.cluster.group"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.cluster.group</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The target cluster group at instance creation or migration time. This is used during scheduling events such as evacuation to ensure the instance is placed correctly.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.evacuate.origin">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.evacuate.origin</span></code></span><span class="shortdesc"><p>The origin of the evacuated instance</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.evacuate.origin"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.evacuate.origin</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The cluster member that the instance lived on before evacuation.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.idmap.base">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.idmap.base</span></code></span><span class="shortdesc"><p>The first ID in the container’s primary idmap range</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.idmap.base"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.idmap.base</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>integer</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.idmap.current">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.idmap.current</span></code></span><span class="shortdesc"><p>The idmap currently in use by the container</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.idmap.current"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.idmap.current</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.idmap.next">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.idmap.next</span></code></span><span class="shortdesc"><p>The idmap to use the next time the container starts</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.idmap.next"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.idmap.next</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.last_state.idmap">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.last_state.idmap</span></code></span><span class="shortdesc"><p>On-disk UID/GID map for the container’s rootfs</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.last_state.idmap"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.last_state.idmap</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Condition: </strong></td>
<td><span class="ignoreP"><p>container</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The UID/GID map that has been applied to the container’s underlying storage.
This is usually set for containers created on older kernels that don’t
support idmapped mounts.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.last_state.power">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.last_state.power</span></code></span><span class="shortdesc"><p>Instance state as of last host shutdown</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.last_state.power"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.last_state.power</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.uuid">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.uuid</span></code></span><span class="shortdesc"><p>Instance UUID</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.uuid"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.uuid</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The instance UUID is globally unique across all servers and projects.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.uuid.generation">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.uuid.generation</span></code></span><span class="shortdesc"><p>Instance generation UUID</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.uuid.generation"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.uuid.generation</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The instance generation UUID changes whenever the instance’s place in time moves backwards.
It is globally unique across all servers and projects.</p>
</div>
</div>
<div class="configoption docutils container" id="instance-volatile:volatile.vsock_id">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">volatile.vsock_id</span></code></span><span class="shortdesc"><p>Instance <code class="docutils literal notranslate"><span class="pre">vsock</span> <span class="pre">ID</span></code> used as of last start</p>
</span><span class="anchor"><a class="reference external" href="#instance-volatile:volatile.vsock_id"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">volatile.vsock_id</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</section>
</section>
</article>
</div>
<footer>
<div class="related-pages">
<a class="next-page" href="../devices/">
<div class="page-info">
<div class="context">
<span>Next</span>
</div>
<div class="title">Devices</div>
</div>
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
</a>
<a class="prev-page" href="../instance_properties/">
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
<div class="page-info">
<div class="context">
<span>Previous</span>
</div>
<div class="title">Instance properties</div>
</div>
</a>
</div>
<div class="bottom-of-page">
<div class="left-details">
<div class="copyright">
© 2014-2026 AGPL-3.0, LXD contributors
</div><div class="last-updated">
Last updated on Feb 13, 2026</div>
</div>
<div class="right-details">
<a href="" class="js-revoke-cookie-manager muted-link">Manage your tracker settings</a>
</div>
</footer>
</div>
<aside class="toc-drawer">
<div class="toc-sticky toc-scroll">
<div class="toc-title-container">
<span class="toc-title">
Contents
</span>
</div>
<div class="toc-tree-container">
<div class="toc-tree">
<ul>
<li><a class="reference internal" href="#">Instance options</a><ul>
<li><a class="reference internal" href="#miscellaneous-options">Miscellaneous options</a></li>
<li><a class="reference internal" href="#boot-related-options">Boot-related options</a></li>
<li><a class="reference internal" href="#cloud-init-configuration"><code class="docutils literal notranslate"><span class="pre">cloud-init</span></code> configuration</a></li>
<li><a class="reference internal" href="#resource-limits">Resource limits</a><ul>
<li><a class="reference internal" href="#cpu-limits">CPU limits</a><ul>
<li><a class="reference internal" href="#cpu-pinning">CPU pinning</a><ul>
<li><a class="reference internal" href="#cpu-limits-for-virtual-machines">CPU limits for virtual machines</a></li>
</ul>
</li>
<li><a class="reference internal" href="#allowance-and-priority-container-only">Allowance and priority (container only)</a></li>
</ul>
</li>
<li><a class="reference internal" href="#huge-page-limits">Huge page limits</a></li>
<li><a class="reference internal" href="#kernel-resource-limits">Kernel resource limits</a></li>
</ul>
</li>
<li><a class="reference internal" href="#migration-options">Migration options</a></li>
<li><a class="reference internal" href="#placement-options">Placement options</a></li>
<li><a class="reference internal" href="#nvidia-and-cuda-configuration">NVIDIA and CUDA configuration</a></li>
<li><a class="reference internal" href="#raw-instance-configuration-overrides">Raw instance configuration overrides</a><ul>
<li><a class="reference internal" href="#override-qemu-configuration">Override QEMU configuration</a></li>
</ul>
</li>
<li><a class="reference internal" href="#security-policies">Security policies</a></li>
<li><a class="reference internal" href="#snapshot-scheduling-and-configuration">Snapshot scheduling and configuration</a><ul>
<li><a class="reference internal" href="#automatic-snapshot-names">Automatic snapshot names</a></li>
</ul>
</li>
<li><a class="reference internal" href="#volatile-internal-data">Volatile internal data</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</aside>
</div>
</div><script src="../../_static/jquery.js?v=5d32c60e"></script>
<script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../../_static/documentation_options.js?v=a5603611"></script>
<script src="../../_static/doctools.js?v=9a2dae69"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/scripts/furo.js?v=46bd48cc"></script>
<script src="../../_static/clipboard.min.js?v=a7894cd8"></script>
<script src="../../_static/copybutton.js?v=b01cb6f2"></script>
<script src="../../_static/config-options.js"></script>
<script src="../../_static/design-tabs.js?v=f930bc37"></script>
<script src="../../_static/js/bundle.js?v=a4d88309"></script>
<script src="../../_static/header-nav.js?v=e117ad08"></script>
<script src="../../_static/github_issue_links.js?v=32bb732f"></script>
<script>
const github_url = "https://github.com/canonical/lxd";
</script>
</body>
</html>