#!/usr/bin/python # -*- coding: utf-8 -*- # Copyright (c) 2018, Emmanouil Kampitakis <info@kampitakis.de> # Copyright (c) 2018, William Leemans <willie@elaba.net> # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r""" --- module: xfs_quota short_description: Manage quotas on XFS filesystems description: - Configure quotas on XFS filesystems. - Before using this module /etc/projects and /etc/projid need to be configured. author: - William Leemans (@bushvin) extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: none options: type: description: - The XFS quota type. type: str required: true choices: - user - group - project name: description: - The name of the user, group or project to apply the quota to, if other than default. type: str mountpoint: description: - The mount point on which to apply the quotas. type: str required: true bhard: description: - Hard blocks quota limit. - This argument supports human readable sizes. type: str bsoft: description: - Soft blocks quota limit. - This argument supports human readable sizes. type: str ihard: description: - Hard inodes quota limit. type: int isoft: description: - Soft inodes quota limit. type: int rtbhard: description: - Hard realtime blocks quota limit. - This argument supports human readable sizes. type: str rtbsoft: description: - Soft realtime blocks quota limit. - This argument supports human readable sizes. type: str state: description: - Whether to apply the limits or remove them. - When removing limit, they are set to 0, and not quite removed. type: str default: present choices: - present - absent requirements: - xfsprogs """ EXAMPLES = r""" - name: Set default project soft and hard limit on /opt of 1g community.general.xfs_quota: type: project mountpoint: /opt bsoft: 1g bhard: 1g state: present - name: Remove the default limits on /opt community.general.xfs_quota: type: project mountpoint: /opt state: absent - name: Set default soft user inode limits on /home of 1024 inodes and hard of 2048 community.general.xfs_quota: type: user mountpoint: /home isoft: 1024 ihard: 2048 """ RETURN = r""" bhard: description: the current bhard setting in bytes returned: always type: int sample: 1024 bsoft: description: the current bsoft setting in bytes returned: always type: int sample: 1024 ihard: description: the current ihard setting in bytes returned: always type: int sample: 100 isoft: description: the current isoft setting in bytes returned: always type: int sample: 100 rtbhard: description: the current rtbhard setting in bytes returned: always type: int sample: 1024 rtbsoft: description: the current rtbsoft setting in bytes returned: always type: int sample: 1024 """ import grp import os import pwd from ansible.module_utils.basic import AnsibleModule, human_to_bytes def main(): module = AnsibleModule( argument_spec=dict( bhard=dict(type="str"), bsoft=dict(type="str"), ihard=dict(type="int"), isoft=dict(type="int"), mountpoint=dict(type="str", required=True), name=dict(type="str"), rtbhard=dict(type="str"), rtbsoft=dict(type="str"), state=dict(type="str", default="present", choices=["absent", "present"]), type=dict(type="str", required=True, choices=["group", "project", "user"]), ), supports_check_mode=True, ) quota_type = module.params["type"] name = module.params["name"] mountpoint = module.params["mountpoint"] bhard = module.params["bhard"] bsoft = module.params["bsoft"] ihard = module.params["ihard"] isoft = module.params["isoft"] rtbhard = module.params["rtbhard"] rtbsoft = module.params["rtbsoft"] state = module.params["state"] xfs_quota_bin = module.get_bin_path("xfs_quota", True) if bhard is not None: bhard = human_to_bytes(bhard) if bsoft is not None: bsoft = human_to_bytes(bsoft) if rtbhard is not None: rtbhard = human_to_bytes(rtbhard) if rtbsoft is not None: rtbsoft = human_to_bytes(rtbsoft) result = dict( changed=False, ) if not os.path.ismount(mountpoint): module.fail_json(msg="Path '%s' is not a mount point" % mountpoint, **result) mp = get_fs_by_mountpoint(mountpoint) if mp is None: module.fail_json( msg="Path '%s' is not a mount point or not located on an xfs file system." % mountpoint, **result ) if quota_type == "user": type_arg = "-u" quota_default = "root" if name is None: name = quota_default if ( "uquota" not in mp["mntopts"] and "usrquota" not in mp["mntopts"] and "quota" not in mp["mntopts"] and "uqnoenforce" not in mp["mntopts"] and "qnoenforce" not in mp["mntopts"] ): module.fail_json( msg="Path '%s' is not mounted with the uquota/usrquota/quota/uqnoenforce/qnoenforce option." % mountpoint, **result ) try: pwd.getpwnam(name) except KeyError as e: module.fail_json(msg="User '%s' does not exist." % name, **result) elif quota_type == "group": type_arg = "-g" quota_default = "root" if name is None: name = quota_default if ( "gquota" not in mp["mntopts"] and "grpquota" not in mp["mntopts"] and "gqnoenforce" not in mp["mntopts"] ): module.fail_json( msg="Path '%s' is not mounted with the gquota/grpquota/gqnoenforce option. (current options: %s)" % (mountpoint, mp["mntopts"]), **result ) try: grp.getgrnam(name) except KeyError as e: module.fail_json(msg="User '%s' does not exist." % name, **result) elif quota_type == "project": type_arg = "-p" quota_default = "#0" if name is None: name = quota_default if ( "pquota" not in mp["mntopts"] and "prjquota" not in mp["mntopts"] and "pqnoenforce" not in mp["mntopts"] ): module.fail_json( msg="Path '%s' is not mounted with the pquota/prjquota/pqnoenforce option." % mountpoint, **result ) if name != quota_default and not os.path.isfile("/etc/projects"): module.fail_json(msg="Path '/etc/projects' does not exist.", **result) if name != quota_default and not os.path.isfile("/etc/projid"): module.fail_json(msg="Path '/etc/projid' does not exist.", **result) if name != quota_default and name is not None and get_project_id(name) is None: module.fail_json( msg="Entry '%s' has not been defined in /etc/projid." % name, **result ) prj_set = True if name != quota_default: cmd = "project %s" % name rc, stdout, stderr = exec_quota(module, xfs_quota_bin, cmd, mountpoint) if rc != 0: result["cmd"] = cmd result["rc"] = rc result["stdout"] = stdout result["stderr"] = stderr module.fail_json(msg="Could not get project state.", **result) else: for line in stdout.split("\n"): if ( "Project Id '%s' - is not set." in line or "project identifier is not set" in line ): prj_set = False break if state == "present" and not prj_set: if not module.check_mode: cmd = "project -s %s" % name rc, stdout, stderr = exec_quota(module, xfs_quota_bin, cmd, mountpoint) if rc != 0: result["cmd"] = cmd result["rc"] = rc result["stdout"] = stdout result["stderr"] = stderr module.fail_json( msg="Could not get quota realtime block report.", **result ) result["changed"] = True elif state == "absent" and prj_set and name != quota_default: if not module.check_mode: cmd = "project -C %s" % name rc, stdout, stderr = exec_quota(module, xfs_quota_bin, cmd, mountpoint) if rc != 0: result["cmd"] = cmd result["rc"] = rc result["stdout"] = stdout result["stderr"] = stderr module.fail_json( msg="Failed to clear managed tree from project quota control.", **result ) result["changed"] = True current_bsoft, current_bhard = quota_report( module, xfs_quota_bin, mountpoint, name, quota_type, "b" ) current_isoft, current_ihard = quota_report( module, xfs_quota_bin, mountpoint, name, quota_type, "i" ) current_rtbsoft, current_rtbhard = quota_report( module, xfs_quota_bin, mountpoint, name, quota_type, "rtb" ) # Set limits if state == "absent": bhard = 0 bsoft = 0 ihard = 0 isoft = 0 rtbhard = 0 rtbsoft = 0 # Ensure that a non-existing quota does not trigger a change current_bsoft = current_bsoft if current_bsoft is not None else 0 current_bhard = current_bhard if current_bhard is not None else 0 current_isoft = current_isoft if current_isoft is not None else 0 current_ihard = current_ihard if current_ihard is not None else 0 current_rtbsoft = current_rtbsoft if current_rtbsoft is not None else 0 current_rtbhard = current_rtbhard if current_rtbhard is not None else 0 result["xfs_quota"] = dict( bsoft=current_bsoft, bhard=current_bhard, isoft=current_isoft, ihard=current_ihard, rtbsoft=current_rtbsoft, rtbhard=current_rtbhard, ) limit = [] if bsoft is not None and int(bsoft) != current_bsoft: limit.append("bsoft=%s" % bsoft) result["bsoft"] = int(bsoft) if bhard is not None and int(bhard) != current_bhard: limit.append("bhard=%s" % bhard) result["bhard"] = int(bhard) if isoft is not None and isoft != current_isoft: limit.append("isoft=%s" % isoft) result["isoft"] = isoft if ihard is not None and ihard != current_ihard: limit.append("ihard=%s" % ihard) result["ihard"] = ihard if rtbsoft is not None and int(rtbsoft) != current_rtbsoft: limit.append("rtbsoft=%s" % rtbsoft) result["rtbsoft"] = int(rtbsoft) if rtbhard is not None and int(rtbhard) != current_rtbhard: limit.append("rtbhard=%s" % rtbhard) result["rtbhard"] = int(rtbhard) if len(limit) > 0: if not module.check_mode: if name == quota_default: cmd = "limit %s -d %s" % (type_arg, " ".join(limit)) else: cmd = "limit %s %s %s" % (type_arg, " ".join(limit), name) rc, stdout, stderr = exec_quota(module, xfs_quota_bin, cmd, mountpoint) if rc != 0: result["cmd"] = cmd result["rc"] = rc result["stdout"] = stdout result["stderr"] = stderr module.fail_json(msg="Could not set limits.", **result) result["changed"] = True module.exit_json(**result) def quota_report(module, xfs_quota_bin, mountpoint, name, quota_type, used_type): soft = None hard = None if quota_type == "project": type_arg = "-p" elif quota_type == "user": type_arg = "-u" elif quota_type == "group": type_arg = "-g" if used_type == "b": used_arg = "-b" used_name = "blocks" factor = 1024 elif used_type == "i": used_arg = "-i" used_name = "inodes" factor = 1 elif used_type == "rtb": used_arg = "-r" used_name = "realtime blocks" factor = 1024 rc, stdout, stderr = exec_quota( module, xfs_quota_bin, "report %s %s" % (type_arg, used_arg), mountpoint ) if rc != 0: result = dict( changed=False, rc=rc, stdout=stdout, stderr=stderr, ) module.fail_json(msg="Could not get quota report for %s." % used_name, **result) for line in stdout.split("\n"): line = line.strip().split() if len(line) > 3 and line[0] == name: soft = int(line[2]) * factor hard = int(line[3]) * factor break return soft, hard def exec_quota(module, xfs_quota_bin, cmd, mountpoint): cmd = [xfs_quota_bin, "-x", "-c"] + [cmd, mountpoint] (rc, stdout, stderr) = module.run_command(cmd, use_unsafe_shell=True) if ( "XFS_GETQUOTA: Operation not permitted" in stderr.split("\n") or rc == 1 and "xfs_quota: cannot set limits: Operation not permitted" in stderr.split("\n") ): module.fail_json( msg="You need to be root or have CAP_SYS_ADMIN capability to perform this operation" ) return rc, stdout, stderr def get_fs_by_mountpoint(mountpoint): mpr = None with open("/proc/mounts", "r") as s: for line in s.readlines(): mp = line.strip().split() if len(mp) == 6 and mp[1] == mountpoint and mp[2] == "xfs": mpr = dict( zip(["spec", "file", "vfstype", "mntopts", "freq", "passno"], mp) ) mpr["mntopts"] = mpr["mntopts"].split(",") break return mpr def get_project_id(name): prjid = None with open("/etc/projid", "r") as s: for line in s.readlines(): line = line.strip().partition(":") if line[0] == name: prjid = line[2] break return prjid if __name__ == "__main__": main()