VS Quota HowTo
How to use Quota Support for VS
Quota on a separate partition (LVM, Conv. Quota)
This is an example for setting up quota support for a VServer based
system. It tries to explain how to setup user/group quota on a separate
partition. If you want to use context quota support on a shared partition,
have a look at the
Context Quota HowTo.
The following walkthrough was done on a Mandrake 8.2 Linux system,
running a custom built 2.4.20rc1 kernel, patched with CTX-14 patches
from the 0.21 release of VServer. Packages installed: 0.21 vserver
base/admin, quota-tools 3.07.
In this example, /dev/vg is the LVM volume group providing the
separate partition /dev/vg/part1 for the to-be-moved virtual
server TE01.
- Prerequisites
You will require at least the following to use/enable quota
support on your system:
- quota support for the filesystem you want to use.
- a patched kernel (quota, vserver, lvm?)
- the quota-tools compiled for this kernel.
- a free partition, the size for one virtual server.
- a good idea what quota is, and how to use the tools.
- Required Modifications
There are no special modifications required, but I would
strongly suggest to modify the vserver script with the
following patch, to leave the directory before executing
the post-stop script ...
----------------- patch me -----------------
--- /usr/sbin/vserver Fri Nov 8 21:21:43 2002
+++ /usr/sbin/vserver.patched Fri Nov 8 21:21:30 2002
@@ -500,6 +500,7 @@
# We umount anyway, because "enter" establish the mount
# but when you exit, the server is considered not running
umountproc /vservers/$1
+ cd /
test -x /etc/vservers/$1.sh && /etc/vservers/$1.sh post-stop $1
ifconfig_iproot_off $1
elif [ "$2" = "restart" ] ; then
----------------- patch me -----------------
- Server Setup/Move
This step assumes that you want to move your existing virtual
server TE01 on a separate partition /dev/vg/part1, and enable
quota support for that partition. If you either do not have an
existing server or already moved/created one on a separate
partition, you have to adjust and/or leave out the appropriate
steps.
- stop the virtual server
# vserver TE01 stop
- create filesystem and mountpoint
# mke2fs -j /dev/vg/part1
# mkdir /vservers/LV01
# mount /dev/vg/part1 /vservers/LV01
- copy the virtual server and the configuration
# cp -a /vservers/TE01/. /vservers/LV01/
# cp -a /etc/vservers/TE01.conf /etc/vservers/LV01.conf
- create/modify the start/stop scripts
----------------- /etc/vservers/LV01.sh -----------------
#!/bin/sh
case $1 in
pre-start)
e2fsck -p /dev/vg/part1
mount /dev/vg/part1 /vservers/LV01
rm -f /vservers/LV01/dev/hdv1
cp -fa /dev/vg/part1 /vservers/LV01/dev/hdv1
;;
post-start)
;;
pre-stop)
;;
post-stop)
mount -o remount,ro /vservers/LV01
umount /vservers/LV01
;;
*)
echo $0 pre-start
echo $0 pre-stop
echo $0 post-start
echo $0 post-stop
;;
esac
----------------- /etc/vservers/LV01.sh -----------------
- change the server mtab file
/dev/hdv1 / ext3 rw,usrquota,grpquota 0 0
- if not already done, install the quota-tools for the virtual server
# vrpm LV01 -- -i quota-3.07-1.i586.rpm
- start the server and change into it
# vserver LV01 start
# vserver LV01 enter
- run the quotacheck tool
# quotacheck -maug
- take a look at the quota report
# repquota -aug
*** Report for user quotas on device /dev/hdv1
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------
root -- 249712 0 0 12146 0 0
rpm -- 13124 0 0 71 0 0
apache -- 980 0 0 235 0 0
rpcuser -- 4 0 0 1 0 0
*** Report for group quotas on device /dev/hdv1
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
Group used soft hard grace used soft hard grace
----------------------------------------------------------------
root -- 248964 0 0 12102 0 0
daemon -- 4 0 0 1 0 0
tty -- 16 0 0 2 0 0
...
- live happily ever after using quota wisely ...
- Advantages and Disadvantages
This approach gives you several advantages and has some
drawbacks and security hazards.Advantages are:
- no need to modify tools or kernel regarding quota.
- fixed maximum hard limit for each virtual server.
- no security/access issues with files or partitions.
- all quota settings can be done within the server.
Disadvantages would/could be:
- no unification across servers is possible.
- changing the maximum size requires fs/partition resize.
- filesystem caching is done for each partition.
Security issues !!! (so far):
- direct block device access to the partition.
this has several implications ...
- root can modify/replace the root filesystem at low levels.
- root can create arbitrary device nodes, gaining access
to any physical resource.
- wiping out the mounted (root) filesystem will probably
harm the kernel.
|