{"id":20282191,"url":"https://github.com/ubccr/iquota","last_synced_at":"2025-10-26T12:31:34.418Z","repository":{"id":54727777,"uuid":"47833709","full_name":"ubccr/iquota","owner":"ubccr","description":"Linux CLI tools for CCR Quota reporting","archived":false,"fork":false,"pushed_at":"2024-06-03T20:19:11.000Z","size":3375,"stargazers_count":5,"open_issues_count":2,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-11T08:38:43.687Z","etag":null,"topics":["go","golang","isilon","onefs","quota"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ubccr.png","metadata":{"files":{"readme":"README.rst","changelog":"ChangeLog.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-12-11T15:18:23.000Z","updated_at":"2024-05-08T18:05:32.000Z","dependencies_parsed_at":"2024-05-08T19:27:07.319Z","dependency_job_id":"da3c33b2-a1df-473d-a411-9c0f1b32c00c","html_url":"https://github.com/ubccr/iquota","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/ubccr/iquota","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fiquota","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fiquota/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fiquota/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fiquota/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ubccr","download_url":"https://codeload.github.com/ubccr/iquota/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fiquota/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261504695,"owners_count":23168891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","isilon","onefs","quota"],"created_at":"2024-11-14T14:08:29.383Z","updated_at":"2025-10-26T12:31:29.398Z","avatar_url":"https://github.com/ubccr.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"===============================================================================\nLinux CLI tool for CCR quota reporting\n===============================================================================\n\n------------------------------------------------------------------------\nWhat is iquota?\n------------------------------------------------------------------------\n\niquota is a command line tool and associated server application for reporting\nquotas for CCR storage systems.\n\nLinux clients mount storage systems over nfs. Users obtain kerberos credentials\nvia knit and run the iquota client command which connects to the iquota-server\n(proxy) over HTTPS (using GSSAPI/SPNEGO for auth). The iquota-proxy server\nvalidates the users kerberos credentials and requests quota information cached\nin redis. \n\n------------------------------------------------------------------------\nFeatures\n------------------------------------------------------------------------\n\n- User/Group quota reporting from command line\n- Kerberos based authentication\n- Caching via redis\n\n------------------------------------------------------------------------\nRequirements\n------------------------------------------------------------------------\n\n- Linux\n- Kerberos\n- sssd-ifp (SSSD InfoPipe responder)\n\n------------------------------------------------------------------------\nInstall and configure iquota-server proxy\n------------------------------------------------------------------------\n\n*Note these docs are for CentOS 7.x. May need adjusting depending on your\nflavor of Linux*\n\nDownload the RPM release `here \u003chttps://github.com/ubccr/iquota/releases\u003e`_::\n\n  $ rpm -Uvh iquota-server-0.x.x-x.el7.centos.x86_64.rpm\n\nSetup Kerberos HTTP keytab\n===========================\n\nThe iquota-server uses Kerberos authentication. You'll need to create a HTTP\nservice keytab file. For example::\n\n    kadmin: addprinc -randkey HTTP/host.domain.com@YOUR-REALM.COM\n\nIf using FreeIPA you can run::\n\n    $ ipa service-add HTTP/host.domain.com\n    $ ipa-getkeytab -s master.domain.com -p HTTP/host.domain.com -k http.keytab\n\nConfigure sssd\n===============\n\niquota-server uses sssd-ifp (SSSD InfoPipe responder) over DBUS to fetch the\nunix groups for a given user. For more information on sssd-ifp see `here\n\u003chttps://jhrozek.fedorapeople.org/sssd/1.12.0/man/sssd-ifp.5.html\u003e`_.\n\nEnsure the sssd-dbus package is installed::\n\n    # yum install sssd-dbus\n\nConfigure sssd-ifp. Add the following lines to /etc/sssd/sssd.conf::\n\n    [sssd]\n    services = nss, sudo, pam, ssh, ifp\n\n    [ifp]\n    allowed_uids = iquota, root\n\nRestart sssd to make the changes take effect::\n\n    # systemctl restart sssd\n\nYou can test to ensure sssd-ifp is configured properly by running the following\ncommand. The array of unix groups for the user should be displayed::\n\n    # dbus-send --print-reply --system \\\n      --dest=org.freedesktop.sssd.infopipe \\\n      /org/freedesktop/sssd/infopipe \\\n      org.freedesktop.sssd.infopipe.GetUserGroups \\\n      string:username\n\n       array [\n          string \"physics\"\n          string \"compsci\"\n          string \"users\"\n       ]\n\nConfigure iquota.yaml\n=====================\n\nEdit iquota configuration file::\n\n    $ vim /etc/iquota/iquota.yaml \n    keytab: \"/path/to/http.keytab\"\n    [ edit to taste ]\n\nIt's highly recommended to run iquota-server using HTTPS. You'll need an SSL\ncert/private_key either using FreeIPA's PKI, self-signed, or from a commercial\ncertificate authority. Creating SSL certs is outside the scope of this\ndocument. You can also run iquota-server behind haproxy or Apache/Nginx.\n\nCopy your SSL cert/private_key to the following directories and set correct\npaths in /etc/iquota/iquota.yaml. The iquota-server binary will run as non-root\nuser (iquota) so need to ensure file perms are set correctly::\n\n    $ mkdir /etc/iquota/{cert,private}\n    $ cp my.crt /etc/iquota/cert/my.crt\n    $ cp my.key /etc/iquota/private/my.key\n    $ chmod 640 /etc/iquota/private/my.key\n    $ chgrp iquota /etc/iquota/private/my.key\n\nStart iquota-server service\n============================\n\nStart iquota-server service::\n\n    $ systemctl restart iquota-server\n    $ systemctl enable iquota-server\n\nTo view iquota-server system logs run::\n\n    $ journalctl -u iquota-server\n\n------------------------------------------------------------------------\nInstall iquota on all client machines mounting storage over nfs\n------------------------------------------------------------------------\n\nOn all client machines mounting storage over nfs install the iquota client.\nDownload the RPM release `here \u003chttps://github.com/ubccr/iquota/releases\u003e`_::\n\n  $ rpm -Uvh iquota-0.x.x-x.el7.centos.x86_64.rpm\n\nEdit iquota configuration file. Add URL for iquota-server::\n\n    $ vim /etc/iquota/iquota.yaml \n    iquota_url: \"http://host.domain.com\"\n    [ edit to taste ]\n\n------------------------------------------------------------------------\nUsage\n------------------------------------------------------------------------\n\nCheck user/group quotas::\n\n    $ kinit walterwhite\n    Password for walterwhite@REALM:\n    $ iquota -u -g\n    User quotas:\n    Filesystem  user               files      used     limit    grace \n    /ifs/user\n                (default)                             2.0 GB   1 week \n                walterwhite           34    370 kB    2.0 GB   1 week \n\n    Group quotas:\n    Filesystem  group              files      used     limit    grace \n    /ifs/projects\n                (default)                             520 GB   1 week \n                hermanos               4    699 MB    520 GB   1 week\n\n------------------------------------------------------------------------\nConfigure caching\n------------------------------------------------------------------------\n\niquota-server should be configured to cache results for a given time period.\nThis helps reduce the load on the storage APIs and provide better iquota\nperformance. To enable caching first install redis then update\n/etc/iquota/iquota.yaml.\n\nInstall Redis (install from EPEL)::\n\n    $ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm\n    $ yum install redis\n    $ systemctl restart redis\n    $ systecmtl enable redis\n\nEdit /etc/iquota/iquota.yaml and restart::\n\n    $ vi /etc/iquota/iquota.yaml\n    enable_caching: true\n\n    $ systecmtl restart iquota-server\n\n------------------------------------------------------------------------\nLicense\n------------------------------------------------------------------------\n\niquota is released under a BSD style license. See the LICENSE file. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fubccr%2Fiquota","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fubccr%2Fiquota","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fubccr%2Fiquota/lists"}