Monday, 22 February 2021

Linux Admin - Quota Management

 CentOS disk quotas can be enabled both; alerting the system administrator and denying further disk-storage-access to a user before disk capacity is exceeded. When a disk is full, depending on what resides on the disk, an entire system can come to a screeching halt until recovered.

Enabling Quota Management in CentOS Linux is basically a 4 step process −

  • Step 1 − Enable quota management for groups and users in /etc/fstab.

  • Step 2 − Remount the filesystem.

  • Step 3 − Create Quota database and generate disk usage table.

  • Step 4 − Assign quota policies.

Enable Quota Management in /etc/fstab

First, we want to backup our /etc/fstab filen −

[root@centosLocal centos]# cp -r /etc/fstab ./

We now have a copy of our known working /etc/fstab in the current working directory.

# 
# /etc/fstab 
# Created by anaconda on Sat Dec 17 02:44:51 2016 
# 
# Accessible filesystems, by reference, are maintained under '/dev/disk' 
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
# 
/dev/mapper/cl-root        /         xfs     defaults                      0 0
UUID = 4b9a40bc-9480-4     /boot     xfs     defaults                      0 0

/dev/mapper/cl-home        /home     xfs     defaults,usrquota,grpquota    0 0

/dev/mapper/cl-swap        swap      swap    defaults                      0 0

We made the following changes in the options section of /etc/fstab for the volume or Label to where quotas are to be applied for users and groups.

  • usrquota
  • grpquota

As you can see, we are using the xfs filesystem. When using xfs there are extra manual steps involved. /home is on the same disk as /. Further investigation shows / is set for noquota, which is a kernel level mounting option. We must re-configure our kernel boot options.

root@localhost rdc]# mount | grep ' / ' 
/dev/mapper/cl-root on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)

[root@localhost rdc]#

Reconfiguring Kernel Boot Options for XFS File Systems

This step is only necessary under two conditions −

  • When the disk/partition we are enabling quotas on, is using the xfs file system
  • When the kernel is passing noquota parameter to /etc/fstab at boot time

Step 1 − Make a backup of /etc/default/grub.

cp /etc/default/grub ~/

Step 2 − Modify /etc/default/grub.

Here is the default file.

GRUB_TIMEOUT=5 
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" 
GRUB_DEFAULT=saved 
GRUB_DISABLE_SUBMENU=true 
GRUB_TERMINAL_OUTPUT="console" 
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet" 
GRUB_DISABLE_RECOVERY="true"

We want to modify the following line −

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet" 

to

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv 
=cl/swap rhgb quiet rootflags=usrquota,grpquota"

Note − It is important we copy these changes verbatim. After we reconfigure grub.cfg, our system will fail to boot if any errors were made in the configuration. Please, try this part of the tutorial on a non-production system.

Step 3 − Backup your working grub.cfg

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak

Make a new grub.cfg

[root@localhost rdc]# grub2-mkconfig -o /boot/grub2/grub.cfg 
Generating grub configuration file ... 
Found linux image: /boot/vmlinuz-3.10.0-514.el7.x86_64 
Found initrd image: /boot/initramfs-3.10.0-514.el7.x86_64.img 
Found linux image: /boot/vmlinuz-0-rescue-dbba7fa47f73457b96628ba8f3959bfd 
Found initrd image: /boot/initramfs-0-rescuedbba7fa47f73457b96628ba8f3959bfd.img 
done

[root@localhost rdc]#

Reboot

[root@localhost rdc]#reboot

If all modifications were precise, we should not have the availability to add quotas to the xfs file system.

[rdc@localhost ~]$ mount | grep ' / ' 
/dev/mapper/cl-root on / type xfs (rw,relatime,seclabel,attr2,inode64,usrquota,grpquota)
 
[rdc@localhost ~]$

We have passed the usrquota and grpquota parameters via grub.

Now, again edit /etc/fstab to include / since /homeon the same physical disk.

/dev/mapper/cl-root/xfs
defaults,usrquota,grpquota        0 0

Now let's enable the quota databases.

[root@localhost rdc]# quotacheck -acfvugM

Make sure Quotas are enabled.

[root@localhost rdc]# quotaon -ap 
group quota on / (/dev/mapper/cl-root) is on 
user quota on / (/dev/mapper/cl-root) is on 
group quota on /home (/dev/mapper/cl-home) is on 
user quota on /home (/dev/mapper/cl-home) is on 
[root@localhost rdc]#

Remount the File System

If the partition or disk is separate from the actively booted partition, we can remount without rebooting. If the quota was configured on a disk/partition booted in the root directory /, we may need to reboot the operating system. Forcing the remount and applying changes, the need to remount the filesystem may vary.

[rdc@localhost ~]$ df 
Filesystem              1K-blocks     Used      Available      Use%     Mounted on
/dev/mapper/cl-root     22447404      4081860   18365544       19%         /
devtmpfs                903448        0         903448         0%          /dev
tmpfs                   919308        100       919208         1%          /dev/shm
tmpfs                   919308        9180      910128         1%          /run
tmpfs                   919308        0         919308         0%          /sys/fs/cgroup
/dev/sda2               1268736       176612    1092124        14%         /boot
/dev/mapper/cl-var      4872192       158024    4714168        4%          /var
/dev/mapper/cl-home     18475008      37284     18437724       1%          /home
tmpfs                   183864        8         183856         1%          /run/user/1000

[rdc@localhost ~]$

As we can see, LVM volumes are in use. So it's simple to just reboot. This will remount /home and load the /etc/fstab configuration changes into active configuration.

Create Quota Database Files

CentOS is now capable of working with disk quotas on /home. To enable full quota supprt, we must run the quotacheck command.

quotacheck will create two files −

  • aquota.user
  • aquota.group

These are used to store quota information for the quota enabled disks/partitions.

Following are the common quotacheck switches.

SwitchAction
-uChecks for user quotas
-gChecks for group quotas
-cQuotas should be enabled for each file system with enables quotas
-vDisplays verbose output

Add Quota Limits Per User

For this, we will use the edquota command, followed by the username −

[root@localhost rdc]# edquota centos

Disk quotas for user centos (uid 1000):  
Filesystem                   blocks       soft       hard     inodes     soft     hard 
/dev/mapper/cl-root              12          0          0         13        0        0  
/dev/mapper/cl-home            4084          0          0        140        0        0

Let's look at each column.

  • Filesystem − It is the filesystem quotas for the user applied to

  • blocks − How many blocks the user is currently using on each filesystem

  • soft − Set blocks for a soft limit. Soft limit allows the user to carry quota for a given time period

  • hard − Set blocks for a hard limit. Hard limit is total allowable quota

  • inodes − How many inodes the user is currently using

  • soft − Soft inode limit

  • hard − Hard inode limit

To check our current quota as a user −

[centos@localhost ~]$ quota 
Disk quotas for user centos (uid 1000):  
Filesystem             blocks     quota      limit grace    files   quota   limit   grace 
/dev/mapper/cl-home    6052604    56123456   61234568       475     0       0       [centos@localhost ~]$

Following is an error given to a user when the hard quota limit has exceeded.

[centos@localhost Downloads]$ cp CentOS-7-x86_64-LiveKDE-1611.iso.part ../Desktop/

cp: cannot create regular file ‘../Desktop/CentOS-7-x86_64-LiveKDE-
1611.iso.part’: Disk quota exceeded

[centos@localhost Downloads]$

As we can see, we are closely within this user's disk quota. Let's set a soft limit warning. This way, the user will have advance notice before quota limits expire. From experience, you will get end-user complaints when they come into work and need to spend 45 minutes clearing files to actually get to work.

As an Administrator, we can check quota usage with the repquota command.

[root@localhost Downloads]# repquota  /home  
                    Block limits                            File limits  
User            used     soft     hard     grace       used     soft     hard     grace 
----------------------------------------------------------------------------------------
root      --       0         0        0                   3        0        0        
centos    -+ 6189824  56123456 61234568                 541      520      540      6days 

[root@localhost Downloads]#

As we can see, the user centos has exceeded their hard block quota and can no longer use any more disk space on /home.

-+denotes a hard quota has been exceeded on the filesystem.

When planning quotas, it is necessary to do a little math. What an Administrator needs to know is:How many users are on the system? How much free space to allocate amongst users/groups? How many bytes make up a block on the file system?

Define quotas in terms of blocks as related to free disk-space.It is recommended to leave a "safe" buffer of free-space on the file system that will remain in worst case scenario: all quotas are simultaneously exceeded. This is especially on a partition that is used by the system for writing logs.

No comments:

Post a Comment