Hi Brian,
According to Wikipedia, OpenVZ required a patched kernel to get the full feature set, and presumably those patches were never upstreamed.
Probably, yeah. Or upstream rejected them for good reasons. I faintly recall that a few select features made it through and some not, because the kernel-implementation was bordering a bit on the obscene.
Could you provide a filesystem from the host (as Stéphane suggested), with per-user quotas enabled, but set the quotas very high so enforcement never happens? Then you can still report on the usage.
That is an interesting approach, which is indeed partially useful. Let’s see: I have an AlmaLinux 9 named “first” in a CT on an AlmaLinux 9 node running Incus 0.7. The storage driver is “dir” and it’s using a directory on /home on the node where /home is mounted this way in /etc/fstab:
/dev/mapper/VolGroup00-home /home xfs defaults,gquota,uquota,pquota 0 0
Inside the AlmaLinux 9 CT on said node I get this:
[root@first ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-home 30G 506M 30G 2% /
none 492K 4.0K 488K 1% /dev
devtmpfs 4.0M 0 4.0M 0% /dev/tty
tmpfs 100K 0 100K 0% /dev/incus
tmpfs 100K 0 100K 0% /dev/.incus-mounts
tmpfs 32G 0 32G 0% /dev/shm
tmpfs 13G 8.2M 13G 1% /run
tmpfs 410M 0 410M 0% /run/user/0
[root@first ~]# mount
/dev/mapper/VolGroup00-home on / type xfs (rw,relatime,idmapped,attr2,inode64,logbufs=8,logbsize=32k,usrquota,prjquota,grpquota)
none on /dev type tmpfs (rw,relatime,size=492k,mode=755,uid=1000000,gid=1000000,inode64)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,relatime)
devtmpfs on /dev/fuse type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devtmpfs on /dev/net/tun type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/incus type tmpfs (rw,relatime,size=100k,mode=755,inode64)
tmpfs on /dev/.incus-mounts type tmpfs (rw,relatime,size=100k,mode=711,inode64)
none on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)
lxcfs on /proc/cpuinfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/diskstats type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/loadavg type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/meminfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/slabinfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/stat type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/swaps type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/uptime type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /sys/devices/system/cpu type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
devtmpfs on /dev/full type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devtmpfs on /dev/null type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devtmpfs on /dev/random type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devtmpfs on /dev/tty type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devtmpfs on /dev/urandom type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devtmpfs on /dev/zero type devtmpfs (rw,nosuid,size=4096k,nr_inodes=8161030,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=1000005,mode=620,ptmxmode=666,max=1024)
devpts on /dev/ptmx type devpts (rw,nosuid,noexec,relatime,gid=1000005,mode=620,ptmxmode=666,max=1024)
devpts on /dev/console type devpts (rw,nosuid,noexec,relatime,gid=1000005,mode=620,ptmxmode=666,max=1024)
none on /proc/sys/kernel/random/boot_id type tmpfs (ro,nosuid,nodev,noexec,relatime,size=492k,mode=755,uid=1000000,gid=1000000,inode64)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,uid=1000000,gid=1000000,inode64)
tmpfs on /run type tmpfs (rw,nosuid,nodev,size=13081700k,nr_inodes=819200,mode=755,uid=1000000,gid=1000000,inode64)
tracefs on /sys/kernel/debug/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=419428k,nr_inodes=104857,mode=700,uid=1000000,gid=1000000,inode64)
Attempts to read the quota information yield nothing via “repquota” and throw an error via xfs_quota:
[root@first ~]# /usr/sbin/repquota -a
[root@first ~]#
[root@first ~]# xfs_quota -x -c 'report -h' /
xfs_quota: cannot setup path for mount /: No such device or address
Which isn’t that big of a surprise as far as “repquota” goes, as no quotas specific to the CT have been set on the node aside from the generic project-quota that limits this CT to a total of 30GiB of usage. And “xfs_quota” seems to have issue with the mountpoint and/or absence of /etc/fstab.
There is a group “site1” configured in the quota of the node and a matching “group1” exists inside the CT. Yet no quota is reported for this, which may or may not be due to UID/GID-shifting?
Being able to use the quota-tools to report on user and group disk usage would be nice, but I think I can make do without with our overhauled code in BlueOnyx. If the quotas of the node can be used in one way or another, but can’t be modified from inside the CT they’re not really useful to us.
Because in a typical scenario a Vsite gets created with a siteAdmin. Either manually or via a provisioning tool. That Vsite is then handed off to the end user, who can use the GUI interface to create and modify further users and set their disk-quota allowance. This would need to feed back to an API on the node to append/adjust the disk quota there as well.
That quickly gets complicated once CTs are moved from one node to another, or get backed up and restored. Which may or may not happen during their lifetime. Having the CTs isolated with no unnecessary callbacks back to the node is much more preferable.
Otherwise you can look at FreeBSD jails, Solaris zones etc.
Yeah, it’s not really an option, even though FreeBSD jails sure are great. Our codebase and build environment is deeply rooted in the RedHat hellscape. Means our OS’s of choice are currently AlmaLinux 8 and 9 or RockyLinux 8 and 9. The build env for BlueOnyx spits out around 1200 RPMs all things said and done and porting that to a non RPM-based architecture is such a major undertaking that it ain’t funny.
I’ll try to make do without quota, but I really do appreciate your input as I still have much to learn about Incus. Many thanks!