Introduction
Please keep in mind that Linux Container configuration, management, and general systems administration are tasks that are best handled by a systems administrator with the skills, training, and expertise required to do so for you.
The following guide is not intended to serve as a complete resource for configuring a storage solution with quotas enabled on a linux container.
Due to the high level of variability in your organization's configuration and storage requirements, and the high level of complexity in the resulting required configuration, it is not possible to provide a complete guide for configuring Linux container storage within a single guide while staying within the scope of cPanel software.
There are multiple portions of this guide where the provided example configuration would not be acceptable on a production container host. You must work with a systems administrator to research every portion of the container configuration process to determine what configuration your organization requires to maintain a secure and reliable solution that matches your needs.
This guide will cover only the very most basic concepts involved in adding the /dev/sdc device from the host machine, to a CentOS 7 guest container. The host machine's /dev/sdc device will then be mounted to the guest container's /home directory with quotas enabled.
This guide will not explain the complexities or nuances of general systems administrative commands or tasks. If you find that this information is insufficient you must contact a systems administrator who would be able to interpret the information for you.
Some commands in this guide will completely destroy any data on the disk they are used on. If you are not fully aware of the consequences of each command, you may risk dataloss.
Procedure
1. Create a CentOS 7 host machine
2. Disable SElinux
3. Ensure all updates are applied and the following software is installed:
yum -y install epel-release
yum -y install lxc lxc-templates libcap-devel libcgroup busybox wget bridge-utils lxc-extra libvirt
4. Enable and start the services required for lxc:
systemctl enable lxc.service --now
systemctl enable libvirtd.service --now
5. Verify that you have a spare empty disk device at /dev/sdc . Usb devices may not work as this was tested on /dev/sdc specifically.
6. Create an ext4 filesystem on the device with the mkfs.ext4 command. Warning: This command will destroy all existing data of the disk it is used on.
7. Create a new lxc container with the centos template:
lxc-create -n lxc_centos7 -t centos
8. Open the container's configuration with the text editor of your choice:
vim /var/lib/lxc/lxc_centos7/config
9. Add the two following configuration lines:
lxc.mount.entry = /dev/sdc /var/lib/lxc/lxc_centos7/rootfs/dev/sdc none bind,create=file 0 0
lxc.aa_profile = unconfined
10. Open the centos template include file with the text editor of your choice:
vim /usr/share/lxc/config/centos.common.conf
11. Remove the following configuration:
lxc.cgroup.devices.deny = a
Add this configuration:
lxc.cgroup.devices.allow = a
Remove or comment out all other lxc.cgroup.devices.* configuration lines.
WARNING: This is most definitely not an acceptable configuration for a production server. DO NOT user this exact configuration outside of testing. When you are ready to configure a production container host, you must work with a systems administrator who is able to research the nuances and complexities of the syntax required to properly configure the lxc.cgroup.*.* configurations for you.
12. Start the container:
lxc-start -n lxc_centos7 -d --logfile=/root/lxc.log --logpriority=DEBUG
13. Login to the container:
lxc-attach -n lxc_centos7
14. Verify that the /dev/sdc device exists:
[root@lxc_centos7 ~]# stat /dev/sdc
File: ‘/dev/sdc’
Size: 0 Blocks: 0 IO Block: 4096 block special file
Device: 5h/5d Inode: 76360 Links: 1 Device type: 8,20
Access: (0660/brw-rw----) Uid: ( 0/ root) Gid: ( 6/ disk)
Access: 2021-11-12 03:44:48.982172685 +0000
Modify: 2021-11-12 02:44:52.463335157 +0000
Change: 2021-11-12 02:44:52.463335157 +0000
Birth: -
15. Install the quota utilities, your favorite text editor, and any other tools you might want:
yum install quota vim -y
16. Open the fstab with your favorite text editor:
vim /etc/fstab
17. Add the following line to mount /dev/sdc to the home directory with quotas enabled:
/dev/sdc /home ext4 defaults,usrjquota=aquota.user,jqfmt=vfsv0 0 0
18. Mount the disk:
mount -a
19. You should then be able to list the directory and see the list+found directory and the quota file.
[root@lxc_centos7 ~]# ls -lah /home
total 32K
drwxr-xr-x. 3 root root 4.0K Nov 12 03:44 .
dr-xr-xr-x. 18 root root 4.0K Nov 12 04:26 ..
-rw-r--r--. 1 root root 6.0K Nov 12 03:44 aquota.user
drwx------. 2 root root 16K Nov 12 02:44 lost+found
20. If needed you can generate the quota file manually:
quotacheck -cu /dev/sdc
21. Verify that the root user's quota is reported for the /dev/sdc device:
[root@lxc_centos7 ~]# repquota -a
*** Report for user quotas on device /dev/sdc
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 20 0 0 2 0 0
As long as it is possible to get to the point where quotas are working properly on the base system as shown above, cPanel will be able to manage quotas without issue.
As mentioned in the introduction of this article, there are a vast array of other possible ways to configure storage with quotas enabled for an LXC container, each requiring a different set of skills and expertise. A systems administrator would be required to determine what method and configuration will serve your application.