Skip to content

Instantly share code, notes, and snippets.

@dcode

dcode/_Podman Volume Quotas.md

Last active September 27, 2020 06:32
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dcode/6c5a347982e29160e90958b9f53285c8 to your computer and use it in GitHub Desktop.
Save dcode/6c5a347982e29160e90958b9f53285c8 to your computer and use it in GitHub Desktop.
Download ZIP
Discussion on how to create named volumes for Podman and set quotas on them using the native filesystem tools.
Raw
_Podman Volume Quotas.md

Podman has recently added support for named volumes, which is super handy. As of today (2018-01-17), it supports the local driver, which effectively will bind-mount a tracked directory into one or more containers. It's helpful to be able to limit the size of data volumes though so that one container doesn't exhaust the resources of another.

Fortunately, the XFS filesystem let's us handle this natively using "project quotas". XFS allows setting quotas based on username, group, or project. The project quota effectively maps a project ID to a path on a filesystem.

By creating a quota on the path to the named volume, we can enforce quotas on volumes mounted into the container.

Reference

Raw
create_podman_xfs_project_quotas.sh
# Add `pquota` to container filesystem in fstab
# /dev/sdc1 /var/lib/containers/ xfs defaults,pquota 0 0
sudo umount /dev/sdc1
sudo mount /dev/sdc1
# Create a podman named volume
sudo podman volume create pulp
# Run a container, and run `df`. The volume mount path should show the full
# space alotted to that filesystem located at `/var/lib/containers/storage`
sudo podman run -v pulp:/srv/pulp -ti fedora /bin/bash
# Add a group for the project, if it doesn't already exist. This is just
# convention and convenience, but not strictly needed. We just need a unique
# project ID
sudo groupadd --system pulp
# Observe the path to the data volume with the volume name
sudo ls /var/lib/containers/storage/
# Assign the given path (path to data volume) to a project ID
# Here we use the group ID for the pulp group, but that is just for
# convenience. It can be any arbitrary number as long as your consistent
echo "$(getent group pulp \
| cut -d: -f3):/var/lib/containers/storage/pulp" \
| sudo tee /etc/projects
# Setup the mapping for project ID to project name
echo "pulp:$(getent group pulp | cut -d: -f3)" \
| sudo tee /etc/projid
# Setup the project quota tree for the "pulp" project and the filesystem
sudo xfs_quota -x -c 'project -s pulp' /var/lib/containers/
# Set the hard quota to 50 Gb for the "pulp" project
sudo xfs_quota -x -c 'limit -p bhard=50g pulp' /var/lib/containers/
# View the quotas on the configured filesystem
sudo xfs_quota -x -c "report -h" /var/lib/containers/
# Run the container with the configured volume. Run `df` and observe the new
# volume mount shows the per-directory quota assigned
sudo podman run -v pulp:/srv/pulp -ti fedora /bin/bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment