]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | Quotas |
2 | ====== | |
3 | ||
4 | CephFS allows quotas to be set on any directory in the system. The | |
5 | quota can restrict the number of *bytes* or the number of *files* | |
6 | stored beneath that point in the directory hierarchy. | |
7 | ||
8 | Limitations | |
9 | ----------- | |
10 | ||
11 | #. *Quotas are cooperative and non-adversarial.* CephFS quotas rely on | |
12 | the cooperation of the client who is mounting the file system to | |
13 | stop writers when a limit is reached. A modified or adversarial | |
14 | client cannot be prevented from writing as much data as it needs. | |
15 | Quotas should not be relied on to prevent filling the system in | |
16 | environments where the clients are fully untrusted. | |
17 | ||
18 | #. *Quotas are imprecise.* Processes that are writing to the file | |
19 | system will be stopped a short time after the quota limit is | |
20 | reached. They will inevitably be allowed to write some amount of | |
21 | data over the configured limit. How far over the quota they are | |
22 | able to go depends primarily on the amount of time, not the amount | |
23 | of data. Generally speaking writers will be stopped within 10s of | |
24 | seconds of crossing the configured limit. | |
25 | ||
11fdf7f2 TL |
26 | #. *Quotas are implemented in the kernel client 4.17 and higher.* |
27 | Quotas are supported by the userspace client (libcephfs, ceph-fuse). | |
28 | Linux kernel clients >= 4.17 support CephFS quotas but only on | |
29 | mimic+ clusters. Kernel clients (even recent versions) will fail | |
30 | to handle quotas on older clusters, even if they may be able to set | |
31 | the quotas extended attributes. | |
7c673cae FG |
32 | |
33 | #. *Quotas must be configured carefully when used with path-based | |
34 | mount restrictions.* The client needs to have access to the | |
35 | directory inode on which quotas are configured in order to enforce | |
36 | them. If the client has restricted access to a specific path | |
37 | (e.g., ``/home/user``) based on the MDS capability, and a quota is | |
38 | configured on an ancestor directory they do not have access to | |
39 | (e.g., ``/home``), the client will not enforce it. When using | |
40 | path-based access restrictions be sure to configure the quota on | |
41 | the directory the client is restricted too (e.g., ``/home/user``) | |
42 | or something nested beneath it. | |
43 | ||
2a845540 TL |
44 | In case of a kernel client, it needs to have access to the parent |
45 | of the directory inode on which quotas are configured in order to | |
46 | enforce them. If quota is configured on a directory path | |
47 | (e.g., ``/home/volumes/group``), the kclient needs to have access | |
48 | to the parent (e.g., ``/home/volumes``). | |
49 | ||
50 | An example command to create such an user is as below:: | |
51 | ||
52 | $ ceph auth get-or-create client.guest mds 'allow r path=/home/volumes, allow rw path=/home/volumes/group' mgr 'allow rw' osd 'allow rw tag cephfs metadata=*' mon 'allow r' | |
53 | ||
54 | See also: https://tracker.ceph.com/issues/55090 | |
55 | ||
11fdf7f2 TL |
56 | #. *Snapshot file data which has since been deleted or changed does not count |
57 | towards the quota.* See also: http://tracker.ceph.com/issues/24284 | |
58 | ||
7c673cae FG |
59 | Configuration |
60 | ------------- | |
61 | ||
62 | Like most other things in CephFS, quotas are configured using virtual | |
63 | extended attributes: | |
64 | ||
65 | * ``ceph.quota.max_files`` -- file limit | |
66 | * ``ceph.quota.max_bytes`` -- byte limit | |
67 | ||
68 | If the attributes appear on a directory inode that means a quota is | |
69 | configured there. If they are not present then no quota is set on | |
70 | that directory (although one may still be configured on a parent directory). | |
71 | ||
72 | To set a quota:: | |
73 | ||
74 | setfattr -n ceph.quota.max_bytes -v 100000000 /some/dir # 100 MB | |
75 | setfattr -n ceph.quota.max_files -v 10000 /some/dir # 10,000 files | |
76 | ||
77 | To view quota settings:: | |
78 | ||
79 | getfattr -n ceph.quota.max_bytes /some/dir | |
80 | getfattr -n ceph.quota.max_files /some/dir | |
81 | ||
82 | Note that if the value of the extended attribute is ``0`` that means | |
83 | the quota is not set. | |
84 | ||
85 | To remove a quota:: | |
86 | ||
87 | setfattr -n ceph.quota.max_bytes -v 0 /some/dir | |
88 | setfattr -n ceph.quota.max_files -v 0 /some/dir |