Logical Quotas plugin
117 views
Skip to first unread message
mustafa dikmen
Feb 1, 2021, 12:43:33 PM2/1/21
to iRODS-Chat
Hello,
I have tested Logical Quotas plugin in a limited test instance (sys info>> irods 4.2.8, Ubuntu 16.04.7). Most of the operations have worked as explained on the readme. But I have some questions regarding with the usage of logical quota plugin.
- To retrieve the quota status for a collection, I executed the following;
irule -r irods_rule_engine_plugin-logical_quotas-instance '{"operation": "logical_quotas_get_collection_status", "collection": "/tempZone/home/rods/foo"}' null ruleExecOut
I got;
"the remote addresses: 10.0.2.100 ERROR: rcExecMyRule error. status = -1811000 INVALID_OPERATION"
and the log wrote;
"Feb 1 15:59:28 pid:33848 remote addresses: 10.0.2.100, ::1 ERROR: rsExecMyRule : -1811000, [-] /irods_plugin/src/main.cpp:240:irods::error (anonymous namespace)::exec_rule_text_impl(const std::string &, std::string_view, irods::callback) : status [INVALID_OPERATION] errno [] -- message [Invalid operation [logical_quotas_get_collection_status]]"
If this is preferred to be executed via the native rule language, then NO_MICROSERVICE_FOUND_ERR is received. The plugin configuration has been done as stated. So what could be the reason not to be able to execute this operation?
- Unless the "logical_quotas_count_total_number_of_data_objects" or "logical_quotas_start_monitoring_collection" operations are first put into effect, the "logical_quotas_set_maximum_number_of_data_objects" is not in effect and the quota violation cannot be ensured. Is this normal behavior? If so, maybe it would be nice to include in readme. Btw, the same thing happens for bytes operations.
- How can i invoke the operations that requires two inputs such as collection and max number of data objects/bytes via the native rule language? I tried different options but didnt succeed.
Thank you.
Regards,
Mustafa
Kory Draughn
Feb 1, 2021, 2:20:57 PM2/1/21
to irod...@googlegroups.com
logical_quotas_get_collection_status is a new operation and will be available for 4.2.9. The only way for you to retrieve that info with 4.2.8 is by using imeta or iquest.
To execute an operation against the NREP, you need to do the following:
$ irule -r irods_rule_engine_plugin-irods_rule_language-instance 'rule(*a, *b)' '*a=<value>%*b=<other_value>' ruleExecOut
- or -
This will print out whatever *out is. If the server assigned something to *out, it will be printed to the terminal on success.
$ irule -r irods_rule_engine_plugin-irods_rule_language-instance 'rule(*a, *b, *out)' '*a=<value>%*b=<other_value>%*out=' '*out'
Hope that helps.
Kory Draughn
iRODS Consortium
--
--
The Integrated Rule-Oriented Data System (iRODS) - https://irods.org
iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to the Google Groups "iRODS-Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to irod-chat+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/db80de58-6790-4b0d-beb9-2b5805e1234fn%40googlegroups.com.
mustafa dikmen
Feb 2, 2021, 7:28:17 AM2/2/21
to irod...@googlegroups.com
Hi Kory,
Thanks for your explanation. It helped me test the rest.
Just wondering one little thing; you confirm that the "logical_quotas_set_maximum_number_of_data_objects" can only work if we firstly execute the "logical_quotas_start_monitoring_collection" rule?
Just wondering one little thing; you confirm that the "logical_quotas_set_maximum_number_of_data_objects" can only work if we firstly execute the "logical_quotas_start_monitoring_collection" rule?
Mustafa Dikmen
Data Engineer/KU Leuven
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/CAA-7h7knkrCvtnyQv%2BVQPm2QcgwK0LTYQ7q0UkMqiFywRzXsew%40mail.gmail.com.
Kory Draughn
Feb 2, 2021, 11:16:19 AM2/2/21
to irod...@googlegroups.com
Yes I've verified that you are not required to call logical_quotas_start_monitoring_collection before setting max quotas.
Kory Draughn
iRODS Consortium
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/CAKCrKVjPAkQ20-OAuC376OKse%3D4npRyKUC2CpH_xZH49QnAceg%40mail.gmail.com.
mustafa dikmen
Feb 10, 2021, 8:46:38 AM2/10/21
to irod...@googlegroups.com
Hello Kory,
I have another question regarding permission checks not to change/remove metadata AVUs created/added by logical quota rules/operations.
For example as an admin we would like to set a logical quota policy on a collection (this could be a user home collection or any collection that a user can access to).
irods@6c4d46f82294:~$ irule -r irods_rule_engine_plugin-irods_rule_language-instance 'logical_quotas_start_monitoring_collection(*col)' '*col=/tempZone/home/user1' ruleExecOut
irods@6c4d46f82294:~$ ! irule -r irods_rule_engine_plugin-logical_quotas-instance '{"operation": "logical_quotas_set_maximum_number_of_data_objects", "collection": "/tempZone/home/user1", "value": "12"}' null ruleExecOut
irods@6c4d46f82294:~$ imeta ls -C /tempZone/home/user1
AVUs defined for collection /tempZone/home/user1:
attribute: irods::logical_quotas::maximum_number_of_data_objects
value: 12
units:
----
attribute: irods::logical_quotas::total_number_of_data_objects
value: 8
units:
----
attribute: irods::logical_quotas::total_size_in_bytes
value: 42
units:
Then this user is able to remove or change those metadata, meaning the user can disable the quota policy easily if he/she wants.
user1@6c4d46f82294:~$ imeta rm -C /tempZone/home/user1 irods::logical_quotas::maximum_number_of_data_objects 12
user1@6c4d46f82294:~$ imeta rm -C /tempZone/home/user1 irods::logical_quotas::total_number_of_data_objects 34
user1@6c4d46f82294:~$ imeta rm -C /tempZone/home/user1 irods::logical_quotas::total_size_in_bytes 204
user1@6c4d46f82294:~$ imeta ls -C .
AVUs defined for collection /tempZone/home/user1:
None
Then this user is able to remove or change those metadata, meaning the user disable the quota policy easily.
Is this something known? If so, what is the motivation behind? Is it possible to deny this operation for regular irods users(rodsusers)? Could an enhancement for this be useful?
As a temporary solution I think I can run a delay rule to add the same rule for instance each day.
Many thanks in advance.
I have another question regarding permission checks not to change/remove metadata AVUs created/added by logical quota rules/operations.
For example as an admin we would like to set a logical quota policy on a collection (this could be a user home collection or any collection that a user can access to).
irods@6c4d46f82294:~$ irule -r irods_rule_engine_plugin-irods_rule_language-instance 'logical_quotas_start_monitoring_collection(*col)' '*col=/tempZone/home/user1' ruleExecOut
irods@6c4d46f82294:~$ ! irule -r irods_rule_engine_plugin-logical_quotas-instance '{"operation": "logical_quotas_set_maximum_number_of_data_objects", "collection": "/tempZone/home/user1", "value": "12"}' null ruleExecOut
irods@6c4d46f82294:~$ imeta ls -C /tempZone/home/user1
AVUs defined for collection /tempZone/home/user1:
attribute: irods::logical_quotas::maximum_number_of_data_objects
value: 12
units:
----
attribute: irods::logical_quotas::total_number_of_data_objects
value: 8
units:
----
attribute: irods::logical_quotas::total_size_in_bytes
value: 42
units:
Then this user is able to remove or change those metadata, meaning the user can disable the quota policy easily if he/she wants.
user1@6c4d46f82294:~$ imeta rm -C /tempZone/home/user1 irods::logical_quotas::maximum_number_of_data_objects 12
user1@6c4d46f82294:~$ imeta rm -C /tempZone/home/user1 irods::logical_quotas::total_number_of_data_objects 34
user1@6c4d46f82294:~$ imeta rm -C /tempZone/home/user1 irods::logical_quotas::total_size_in_bytes 204
user1@6c4d46f82294:~$ imeta ls -C .
AVUs defined for collection /tempZone/home/user1:
None
Then this user is able to remove or change those metadata, meaning the user disable the quota policy easily.
Is this something known? If so, what is the motivation behind? Is it possible to deny this operation for regular irods users(rodsusers)? Could an enhancement for this be useful?
As a temporary solution I think I can run a delay rule to add the same rule for instance each day.
Many thanks in advance.
Regards
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/CAA-7h7kYYJAa-wg-Tz09xG48k-Zycmo_iLcXe1uMnENhpDSkMg%40mail.gmail.com.
Kory Draughn
Feb 10, 2021, 9:02:17 AM2/10/21
to irod...@googlegroups.com
You can protect your metadata using the metadata guard rule engine plugin. It was developed for the scenario you described. It is located here:
Kory Draughn
iRODS Consortium
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/CAKCrKVjUf%3D_kcYyWebibQw08tp7CmgX%2ByTkNTORPbYin7%3DAmgw%40mail.gmail.com.
sanju timsina
Feb 11, 2021, 8:41:37 PM2/11/21
to iRODS-Chat
Hi Kory,
I was trying to set quota for the users. While Testing I came across this issue.
Even though the user cannot modify/remove the metadata they can add new metadata with the same attribute but different value. Is there a way I can fix this so that user cannot add multiple metadata with the same attribute but different value?
[stimsina@arcirodsdev02 ~]$ imeta add -C /tempZone/home/stimsina irods::logical_quotas::maximum_size_in_bytes 200
[stimsina@arcirodsdev02 ~]$ imeta ls -C /tempZone/home/stimsina
AVUs defined for collection /tempZone/home/stimsina:
attribute: irods::logical_quotas::maximum_size_in_bytes
value: 300
units:
----
attribute: irods::logical_quotas::maximum_size_in_bytes
value: 200
units:
[stimsina@arcirodsdev02 ~]$ imeta ls -C /tempZone/home/stimsina
AVUs defined for collection /tempZone/home/stimsina:
attribute: irods::logical_quotas::maximum_size_in_bytes
value: 300
units:
----
attribute: irods::logical_quotas::maximum_size_in_bytes
value: 200
units:
Thank you,
Sanju Timsina
Terrell Russell
Feb 23, 2021, 11:16:46 PM2/23/21
to irod...@googlegroups.com
This is now https://github.com/irods/irods_rule_engine_plugin_logical_quotas/issues/36
Thanks Sanju,
Terrell
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/cabec0c8-aa9f-4fd0-9701-b5fad367adcan%40googlegroups.com.
Kory Draughn
Feb 25, 2021, 5:16:35 PM2/25/21
to irod...@googlegroups.com
We've also created an issue in the metadata guard repo for this. You can find it here: https://github.com/irods/irods_rule_engine_plugin_metadata_guard/issues/16
Kory
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/CAFaqteYssV50mc_5VqyXkfJaoSXGzWQdVecGwEfEfARpONTK3Q%40mail.gmail.com.
Kory Draughn
Feb 26, 2021, 3:24:14 PM2/26/21
to irod...@googlegroups.com
We've merged fixes for the issues described. They will be available with the release of iRODS v4.2.9.
The resolved issues can be found here:
Thanks,
Kory Draughn
iRODS Consortium
Reply all
Reply to author
Forward
0 new messages