Commit 9df9fd59 authored by Mike Hibler's avatar Mike Hibler

Preliminary changes to deal with quotas on fs/ops nodes.

Still not complete.  Moved quotamail back to being installed on ops
(not fs) but have not dealt with the issue of how to run repquota.
parent 98ed9c52
......@@ -92,7 +92,6 @@ endif
fs-install:
@$(MAKE) -C tbsetup fs-install
@$(MAKE) -C account fs-install
opsfs-install: ops-install fs-install
@echo "Combined ops/fs install done."
......
......@@ -12,9 +12,8 @@ UNIFIED = @UNIFIED_BOSS_AND_OPS@
include $(OBJDIR)/Makeconf
SBIN_STUFF = tbacct addsfskey addpubkey mkusercert
SBIN_STUFF = tbacct addsfskey addpubkey mkusercert quotamail
LIBEXEC_STUFF = webtbacct webaddsfskey webaddpubkey webmkusercert
FSBIN_STUFF = quotamail
#
# Force dependencies on the scripts so that they will be rerun through
......@@ -42,11 +41,7 @@ post-install:
chown root $(INSTALL_SBINDIR)/mkusercert
chmod u+s $(INSTALL_SBINDIR)/mkusercert
control-install:
fs-script-install: $(addprefix $(INSTALL_SBINDIR)/, $(FSBIN_STUFF))
fs-install: fs-script-install
control-install: $(addprefix $(INSTALL_SBINDIR)/, $(SBIN_STUFF))
clean:
rm -f *.o core
......
......@@ -11,10 +11,9 @@
# Some sites may wish to change the CC to a different list, or
# possibly even remove it all together.
#
# One possible caveat regarding quotas: If FS_NODE != USERNODE, they don't
# have a login on the fs machine. So checking their quota won't work unless
# the rpc.rquotad(8) daemon is running on FS_NODE, which we currently don't
# do.
# Note that if FS_NODE != USERNODE, having a user check their quota won't
# work unless the rpc.rquotad(8) daemon is running on FS_NODE. Our fs node
# installation script/directions should take care of this now.
#
for i in `/usr/sbin/repquota -v @FS_WITH_QUOTAS@ | awk '$2 ~ /+/ {print $1}'`
......
......@@ -205,20 +205,23 @@ initialized from a "prototypical" user. Note that you can change individual
user quotas later by running edquota(8) on the 'fs' node. To establish
the default quota values, you will need a "prototype user" to which to
apply the quotas. You will probably want to add a special user, say
'elabman', for this purpose. The uid and gid for this user should be
the MIN_UNIX_UID and MIN_UNIX_GID values specified in your defs file
(10000 and 6000 by default). Assuming those default values, you would do:
'elabman', for this purpose. The uid for this user should be the MIN_UNIX_UID
value specified in your defs file (10000 by default). The gid doesn't matter,
but needs to be a value that already exists in the /etc/group file. The
prefered strategy is to first add the "tbadmin" group to /etc/group with
gid 101, since this Emulab-specific group is used on the ops node as well.
Assuming you have done this, you would do:
pw useradd elabman -u 10000 -g 6000 -m -d /users/elabman -h - -s /bin/nologin
pw useradd elabman -u 10000 -g tbadmin -m -d /users/elabman -h - -s /bin/nologin
Now set the quota for that user on each quota-enabled filesystem, e.g.:
edquota -e /proj:2000000:2000000 -e /users:1000000:1000000 elabman
edquota -e /proj:2000000:2000000 -e /users:1000000:1000000 elabman
would set a 1GB quota on /proj and 512MB on /users for the prototype user.
Once the prototype user quotas are established, you can do:
edquota -p elabman 10000-15000
edquota -p elabman 10000-15000
which would automatically apply the elabman quotas to any user created with
uids between 10000 and 15000, assuming that you wanted to allow up to 5000
......
......@@ -30,6 +30,7 @@ my $FSNODE_IP = '@FSNODE_IP@';
my $LOGFACIL = '@TBLOGFACIL@';
my $ELABINELAB = @ELABINELAB@;
my $WINSUPPORT = @WINSUPPORT@;
my $QUOTA_FSLIST= '@FS_WITH_QUOTAS@';
# For /share export below.
my $CONTROL_NETWORK = "@CONTROL_NETWORK@";
......@@ -105,12 +106,14 @@ my $CP = "/bin/cp";
my $MV = "/bin/mv";
my $GMAKE = "/usr/local/bin/gmake";
my $ENV = "/usr/bin/env";
my $QUOTAON = "/usr/sbin/quotaon";
#
# Some files we edit/create
#
my $RCCONF = "/etc/rc.conf";
my $HOSTS = "/etc/hosts";
my $FSTAB = "/etc/fstab";
my $RCLOCAL = "/etc/rc.local";
my $RCCAPTURE = "$PREFIX/etc/rc.capture";
my $LOCAL_HOSTNAMES = "/etc/mail/local-host-names";
......@@ -121,7 +124,7 @@ my $SYSLOG_CONF = "/etc/syslog.conf";
my $NEWSYSLOG_CONF = "/etc/newsyslog.conf";
my $SUDOERS = "/usr/local/etc/sudoers";
my $SSHD_CONFIG = "/etc/ssh/sshd_config";
my $CRONTAB = "/etc/crontab";
my $INETD_CONF = "/etc/inetd.conf";
my $AUTHKEYS = "/root/.ssh/authorized_keys";
my $SMBCONF_FILE = "/usr/local/etc/smb.conf";
my $SMBCONF_HEAD = "$SMBCONF_FILE.head";
......@@ -358,15 +361,57 @@ Phase "exports", "Setting up exports", sub {
};
};
Phase "cron", "Adding cron jobs", sub {
Phase "crontab", "Editing $CRONTAB", sub {
DoneIfEdited($CRONTAB);
AppendToFileFatal($CRONTAB,
"0 \t6\t*\t*\t*\troot\t$PREFIX/sbin/quotamail");
Phase "quotas", "Setting up quotas", sub {
if ($QUOTA_FSLIST eq "") {
PhaseSkip("No filesystems with quotas");
}
Phase "fstab", "enabling quotas in $FSTAB", sub {
my @fs = split(' ', $QUOTA_FSLIST);
open(FT,"<$FSTAB") or
PhaseFail("Unable to open $FSTAB : $!");
my @ft = <FT>;
close(FT);
my $changed = 0;
foreach my $fs (@fs) {
my $found = 0;
Phase $fs, $fs, sub {
foreach my $line (@ft) {
if ($line =~ m((/dev/\S+\s+$fs\s+ufs\s+rw))) {
my $str = $1;
$found = 1;
PhaseSkip("already enabled")
if ($line =~ /userquota/);
$line =~ s/$str/$str,userquota/;
$changed++;
last;
}
}
};
print STDERR
"WARNING: filesystem $fs not found, quotas not enabled\n"
if (!$found);
}
open(FT,">$FSTAB.new") or
PhaseFail("Unable to open $FSTAB.new : $!");
print FT @ft;
close(FT);
chmod(0644, "$FSTAB.new") or
PhaseFail("Could not set permission of new fstab");
rename($FSTAB, "$FSTAB.orig") or
PhaseFail("Could not save original fstab");
if (!rename("$FSTAB.new", $FSTAB)) {
rename("$FSTAB.orig", $FSTAB);
PhaseFail("Could not install new fstab, old version restored");
}
};
Phase "quotaon", "Turning quotas on", sub {
ExecQuietFatal("$QUOTAON -a");
};
Phase "cronhup", "HUPing cron", sub {
if (PhaseWasSkipped("crontab")) { PhaseSkip("No new crontab"); }
HUPDaemon("cron");
Phase "rquotad", "Enabling rquotad", sub {
PhaseSkip("no inetd.conf!?") unless (-e $INETD_CONF);
PhaseSkip("already enabled") unless `grep '^#rquotad' $INETD_CONF`;
ExecQuietFatal("sed -i .orig -e '/^#rquotad/s/^#//' $INETD_CONF");
HUPDaemon("inetd");
};
};
......
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2003, 2004 University of Utah and the Flux Group.
# Copyright (c) 2003-2005 University of Utah and the Flux Group.
# All rights reserved.
#
......
......@@ -36,6 +36,7 @@ my $FSNODE_IP = '@FSNODE_IP@';
my $LOGFACIL = '@TBLOGFACIL@';
my $ELABINELAB = @ELABINELAB@;
my $WINSUPPORT = @WINSUPPORT@;
my $QUOTA_FSLIST= '@FS_WITH_QUOTAS@';
# True if we are also the FS node
my $ISFS = ($USERNODE eq $FSNODE) ? 1 : 0;
......@@ -603,10 +604,10 @@ Phase "syslog", "Setting up syslog", sub {
};
Phase "cron", "Adding cron jobs", sub {
if (!$ISFS) {
PhaseSkip("Not FS node");
}
Phase "crontab", "Editing $CRONTAB", sub {
if ($QUOTA_FSLIST eq "") {
PhaseSkip("No filesystem quotas");
}
DoneIfEdited($CRONTAB);
AppendToFileFatal($CRONTAB,
"0 \t6\t*\t*\t*\troot\t$PREFIX/sbin/quotamail");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment