Date: Fri 26 Apr 2002 - 16:08:27 BST
I have been experimenting with ways of meeting two particular requirements:
i. Controlling the disk space used by virtual servers
ii. Allowing virtual servers to set up their own disk quotas (as mentioned in previous posts, this is a requirement for some web hosting control panels, etc.)
Requirement (i) can be met using Logical Volume Management (LVM) at the expense of loosing filesystem unification (see notes below for LVM setup details).
As for requirement (ii), with each virtual server installed on its own logical volume, it is possible to set up standard filesystem quotas per virtual server. Quotas are initialised by running
quotacheck -ugm -F vfsold /vservers/vs1
on the base server. This creates the accounting files 'quota.user' and 'quota.group' in the root folder of the virtual server. The root user on the base server can use 'edquota' to set quotas specific to the users/groups on that virtual server.
To allow root on the virtual server to view quota status with 'repquota' it is necessary to create the /dev/vservers/vs1lv device in the virtual server filesystem and edit mtab to remove the 'hdv1' entry and replace it with:
/dev/vservers/vs1lv / ext3 rw,usrquota,grpquota 0 0
(are there any security issues with this?)
'repquota' then works in virtual server context, but commands to set quotas or turn quota management on/off fail. This is because most calls to the kernel function sys_quotactl fail without CAP_SYS_ADMIN.
To work around this, would it be sensible to add another capability, say CAP_QUOTACTL, to the kernel capabilities set, and then patch sys_quotactl() to allow calls with CAP_SYSADMIN or CAP_QUOTACTL set, or would this be too much of a hack?
LVM install/setup on Redhat 7.2 host server:
1. install lvm-1.0.3-4.i386.rpm
2. add to /etc/modules.conf:
alias block-major-58 lvm-mod
alias char-major-109 lvm-mod
3. vgscan (to initialise /etc/lvmtab)
4. create some physical disk partition(s) of type 8e, and run pvcreate /dev/hd**
5. Create a volume group: vgcreate vservers /dev/hd** ...
6. Create a logical volume for each private server, e.g.:
lvcreate -L 600 -n vs1lv vservers
(this will create a device file /dev/vservers/vs1lv)
7. mke2fs -j /dev/vservers/vs1lv
You can then mount the logical volumes under /vservers, e.g. add to fstab:
/dev/vservers/vs1lv /vservers/vs1 ext3 defaults,usrquota,grpquota 1 2
And then use 'vserver build' or newvserver to create a virtual server filesystem.at the logical volume mount point.