Linux Admin 简明教程
Linux Admin - Quota Management
CentOS 磁盘配额既可以启用,既能够在超出磁盘容量前提醒系统管理员,又能够拒绝向用户提供进一步的磁盘存储访问。当磁盘已满时,取决于磁盘中的内容,整个系统可能会突然停止,直至恢复。
CentOS disk quotas can be enabled both; alerting the system administrator and denying further disk-storage-access to a user before disk capacity is exceeded. When a disk is full, depending on what resides on the disk, an entire system can come to a screeching halt until recovered.
在 CentOS Linux 中启用配额管理基本上是一个 4 步过程:
Enabling Quota Management in CentOS Linux is basically a 4 step process −
-
Step 1 − Enable quota management for groups and users in /etc/fstab.
-
Step 2 − Remount the filesystem.
-
Step 3 − Create Quota database and generate disk usage table.
-
Step 4 − Assign quota policies.
Enable Quota Management in /etc/fstab
首先,我们要备份 /etc/fstab 文件:
First, we want to backup our /etc/fstab filen −
[root@centosLocal centos]# cp -r /etc/fstab ./我们现在在当前工作目录中有已知正常工作 /etc/fstab 的副本。
We now have a copy of our known working /etc/fstab in the current working directory.
#
# /etc/fstab
# Created by anaconda on Sat Dec 17 02:44:51 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/cl-root / xfs defaults 0 0
UUID = 4b9a40bc-9480-4 /boot xfs defaults 0 0
/dev/mapper/cl-home /home xfs defaults,usrquota,grpquota 0 0
/dev/mapper/cl-swap swap swap defaults 0 0我们在 /etc/fstab 的选项部分中对要向其应用用户和组配额的卷或标签进行了以下更改。
We made the following changes in the options section of /etc/fstab for the volume or Label to where quotas are to be applied for users and groups.
-
usrquota
-
grpquota
如你所见,我们正在使用 xfs 文件系统。当使用 xfs 时,需要附加手动步骤。 /home 与 / 在同一磁盘上。进一步调查显示 / 设置了 noquota,这是内核级安装选项。我们必须重新配置内核启动选项。
As you can see, we are using the xfs filesystem. When using xfs there are extra manual steps involved. /home is on the same disk as /. Further investigation shows / is set for noquota, which is a kernel level mounting option. We must re-configure our kernel boot options.
root@localhost rdc]# mount | grep ' / '
/dev/mapper/cl-root on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
[root@localhost rdc]#Reconfiguring Kernel Boot Options for XFS File Systems
仅在以下两种情况下才需要此步骤:
This step is only necessary under two conditions −
-
When the disk/partition we are enabling quotas on, is using the xfs file system
-
When the kernel is passing noquota parameter to /etc/fstab at boot time
Step 1 − 备份 /etc/default/grub。
Step 1 − Make a backup of /etc/default/grub.
cp /etc/default/grub ~/Step 2 − 修改 /etc/default/grub。
Step 2 − Modify /etc/default/grub.
以下是默认文件。
Here is the default file.
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"我们要修改以下行:
We want to modify the following line −
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet"更改为
to
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv
=cl/swap rhgb quiet rootflags=usrquota,grpquota"Note − 正确无误地复制这些更改很重要。在我们重新配置 grub.cfg 后,如果配置中出现任何错误,系统将无法启动。请在非生产系统上尝试本教程的这一部分。
Note − It is important we copy these changes verbatim. After we reconfigure grub.cfg, our system will fail to boot if any errors were made in the configuration. Please, try this part of the tutorial on a non-production system.
Step 3 − 备份你正在使用的 grub.cfg
Step 3 − Backup your working grub.cfg
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak制作一个新的 grub.cfg
Make a new grub.cfg
[root@localhost rdc]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-514.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-514.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-dbba7fa47f73457b96628ba8f3959bfd
Found initrd image: /boot/initramfs-0-rescuedbba7fa47f73457b96628ba8f3959bfd.img
done
[root@localhost rdc]#重新启动
Reboot
[root@localhost rdc]#reboot如果所有修改都精确无误,我们应该不会有向 xfs 文件系统添加配额的权限。
If all modifications were precise, we should not have the availability to add quotas to the xfs file system.
[rdc@localhost ~]$ mount | grep ' / '
/dev/mapper/cl-root on / type xfs (rw,relatime,seclabel,attr2,inode64,usrquota,grpquota)
[rdc@localhost ~]$我们通过 grub 传递了 usrquota 和 grpquota 参数。
We have passed the usrquota and grpquota parameters via grub.
现在,再次编辑 /etc/fstab 以包括 /home,因为 /home 与同一块物理磁盘有关。
Now, again edit /etc/fstab to include / since /homeon the same physical disk.
/dev/mapper/cl-root/xfs
defaults,usrquota,grpquota 0 0现在,让我们启用配额数据库。
Now let’s enable the quota databases.
[root@localhost rdc]# quotacheck -acfvugM确保启用配额。
Make sure Quotas are enabled.
[root@localhost rdc]# quotaon -ap
group quota on / (/dev/mapper/cl-root) is on
user quota on / (/dev/mapper/cl-root) is on
group quota on /home (/dev/mapper/cl-home) is on
user quota on /home (/dev/mapper/cl-home) is on
[root@localhost rdc]#Remount the File System
如果分区或磁盘与正在启动的分区分离,我们可以重新装载而不必重新启动。如果某个磁盘/分区在根目录 / 中进行配置,我们需要重新启动操作系统。强制重新装载并应用更改,重新装载文件系统是必须的。
If the partition or disk is separate from the actively booted partition, we can remount without rebooting. If the quota was configured on a disk/partition booted in the root directory /, we may need to reboot the operating system. Forcing the remount and applying changes, the need to remount the filesystem may vary.
[rdc@localhost ~]$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/cl-root 22447404 4081860 18365544 19% /
devtmpfs 903448 0 903448 0% /dev
tmpfs 919308 100 919208 1% /dev/shm
tmpfs 919308 9180 910128 1% /run
tmpfs 919308 0 919308 0% /sys/fs/cgroup
/dev/sda2 1268736 176612 1092124 14% /boot
/dev/mapper/cl-var 4872192 158024 4714168 4% /var
/dev/mapper/cl-home 18475008 37284 18437724 1% /home
tmpfs 183864 8 183856 1% /run/user/1000
[rdc@localhost ~]$就像我们看到的那样,LVM 卷正在使用。因此,简单地重新启动即可。这会重新装载 /home 并将 /etc/fstab 配置更改加载到活动配置中。
As we can see, LVM volumes are in use. So it’s simple to just reboot. This will remount /home and load the /etc/fstab configuration changes into active configuration.
Create Quota Database Files
CentOS 现在能够处理 /home 中的磁盘配额。要启用完全配额支持,我们必须运行 quotacheck 命令。
CentOS is now capable of working with disk quotas on /home. To enable full quota supprt, we must run the quotacheck command.
quotacheck 将创建两个文件 −
quotacheck will create two files −
-
aquota.user
-
aquota.group
这些文件用于存储已启用配额的磁盘/分区的配额信息。
These are used to store quota information for the quota enabled disks/partitions.
以下是常见的 quotacheck 开关。
Following are the common quotacheck switches.
Switch |
Action |
-u |
Checks for user quotas |
-g |
Checks for group quotas |
-c |
Quotas should be enabled for each file system with enables quotas |
-v |
Displays verbose output |
Add Quota Limits Per User
为此,我们将使用 edquota 命令,后跟用户名 −
For this, we will use the edquota command, followed by the username −
[root@localhost rdc]# edquota centos
Disk quotas for user centos (uid 1000):
Filesystem blocks soft hard inodes soft hard
/dev/mapper/cl-root 12 0 0 13 0 0
/dev/mapper/cl-home 4084 0 0 140 0 0让我们看看每一列。
Let’s look at each column.
-
Filesystem − It is the filesystem quotas for the user applied to
-
blocks − How many blocks the user is currently using on each filesystem
-
soft − Set blocks for a soft limit. Soft limit allows the user to carry quota for a given time period
-
hard − Set blocks for a hard limit. Hard limit is total allowable quota
-
inodes − How many inodes the user is currently using
-
soft − Soft inode limit
-
*hard * − Hard inode limit
以用户身份检查当前配额 −
To check our current quota as a user −
[centos@localhost ~]$ quota
Disk quotas for user centos (uid 1000):
Filesystem blocks quota limit grace files quota limit grace
/dev/mapper/cl-home 6052604 56123456 61234568 475 0 0 [centos@localhost ~]$当超出硬配额限度时,系统会向用户发出以下错误。
Following is an error given to a user when the hard quota limit has exceeded.
[centos@localhost Downloads]$ cp CentOS-7-x86_64-LiveKDE-1611.iso.part ../Desktop/
cp: cannot create regular file ‘../Desktop/CentOS-7-x86_64-LiveKDE-
1611.iso.part’: Disk quota exceeded
[centos@localhost Downloads]$正如我们所见,我们正在接近此用户的磁盘配额。我们设置一个软限制警告。这种方式,在配额限制到期之前,用户会提前收到通知。根据经验,当用户上班并需要花费 45 分钟来清除文件以便开始实际工作时,您会收到最终用户的投诉。
As we can see, we are closely within this user’s disk quota. Let’s set a soft limit warning. This way, the user will have advance notice before quota limits expire. From experience, you will get end-user complaints when they come into work and need to spend 45 minutes clearing files to actually get to work.
作为管理员,可以使用 repquota 命令来检查配额使用情况。
As an Administrator, we can check quota usage with the repquota command.
[root@localhost Downloads]# repquota /home
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------------------------
root -- 0 0 0 3 0 0
centos -+ 6189824 56123456 61234568 541 520 540 6days
[root@localhost Downloads]#正如我们所见,用户 centos 已超出其硬块配额,并且无法在 /home 上使用任何更多磁盘空间。
As we can see, the user centos has exceeded their hard block quota and can no longer use any more disk space on /home.
-+ 表示已在文件系统上超过硬配额。
-+denotes a hard quota has been exceeded on the filesystem.
在规划配额时,有必要进行一些计算。管理员需要了解的是:系统上有多少用户?在用户/组之间分配多少可用空间?文件系统上的块由多少字节组成?
When planning quotas, it is necessary to do a little math. What an Administrator needs to know is:How many users are on the system? How much free space to allocate amongst users/groups? How many bytes make up a block on the file system?
根据自由磁盘与块相关的空间来定义配额。建议在文件系统上留出“安全”的可用空间缓冲区,以便在最坏的情况下仍然保留:同时超出所有配额。特别是在系统用于编写日志的分区上。
Define quotas in terms of blocks as related to free disk-space.It is recommended to leave a "safe" buffer of free-space on the file system that will remain in worst case scenario: all quotas are simultaneously exceeded. This is especially on a partition that is used by the system for writing logs.