Merge pull request #173 from jdno/increase-quota

Increase quota on dev-desktops
rust-lang · Dec 20, 2022 · 87abaa3 · 87abaa3
2 parents 0c39802 + 861c373
commit 87abaa3
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 26 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ansible/roles/dev-desktop/defaults/main.yml b/ansible/roles/dev-desktop/defaults/main.yml
@@ -4,4 +4,7 @@ vars_team_login_path: "/root/team_login"
 allow_ssh_extra_groups: "dev-desktop-allow-ssh"
 
 # Filesystem quota per user in GB
-vars_user_quota_gb: 50
+vars_user_quota_gb: 100
+
+# Prototype user whose file system quota will be copied to new user accounts
+vars_user_quota_prototype_user: "quota-prototype"
diff --git a/ansible/roles/dev-desktop/files/team_login/Cargo.toml b/ansible/roles/dev-desktop/files/team_login/Cargo.toml
@@ -6,5 +6,4 @@ version = "0.1.0"
 
 [dependencies]
 miniserde = "0.1"
-clap = { version = "4", default-features = false, features = ["std", "derive"] }
 curl = "0.4"
diff --git a/ansible/roles/dev-desktop/files/team_login/src/main.rs b/ansible/roles/dev-desktop/files/team_login/src/main.rs
@@ -1,6 +1,5 @@
 const TEAM_URL: &str = "https://team-api.infra.rust-lang.org/v1/permissions/dev_desktop.json";
 
-use clap::Parser;
 use miniserde::Deserialize;
 use std::collections::HashSet;
 use std::process::Command;
@@ -17,15 +16,7 @@ fn cmd(cmd: &str, args: &[&str]) -> std::io::Result<Output> {
 
 const KEY_DIR: &str = "/etc/ssh/authorized_keys/";
 
-#[derive(Parser)]
-struct Args {
-    #[clap(long, value_parser)]
-    user_quota_gb: u32,
-}
-
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-    let args = Args::parse();
-
     let mut handle = curl::easy::Easy::new();
     handle
         .useragent("rust-lang/simpleinfra ([email protected])")
@@ -99,20 +90,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                 .success(),
             "failed to set the default shell"
         );
-
-        // Set a user quota
-        let hard_limit = format!("{}G", args.user_quota_gb + 1);
-        let soft_limit = format!("{}G", args.user_quota_gb);
-
-        assert!(
-            cmd(
-                "setquota",
-                &["-u", &username, &soft_limit, &hard_limit, "0", "0", "/"]
-            )?
-            .status
-            .success(),
-            "failed to set a user quota"
-        );
     }
 
     // Delete all keys for users that weren't on the list

diff --git a/ansible/roles/dev-desktop/tasks/main.yml b/ansible/roles/dev-desktop/tasks/main.yml
@@ -93,6 +93,31 @@
     - "quotaon -uv /"
   when: user_quota_check.rc == 0
 
+  # Setting a default quota for new users works by copying the quota settings
+  # from an existing user to the new user account. We are creating an empty,
+  # locked user that we can use for this purpose.
+- name: Create a prototype user for the file system quota
+  user:
+    name: "{{ vars_user_quota_prototype_user }}"
+    shell: "/usr/sbin/nologin"
+    password_lock: true
+    create_home: false
+    state: present
+
+- name: Configure default quota for new user accounts
+  replace:
+    path: /etc/adduser.conf
+    regexp: '^QUOTAUSER=""$'
+    replace: 'QUOTAUSER="{{ vars_user_quota_prototype_user }}"'
+
+- name: Get a list of dev-desktop users
+  shell: "cut -d: -f1 /etc/passwd | grep gh- || true"
+  register: dev_desktop_users
+
+- name: Set quota for users
+  command: "setquota -u {{ item }} {{ vars_user_quota_gb}}G {{ vars_user_quota_gb + 2 }}G 0 0 -a"
+  with_items: "{{ dev_desktop_users.stdout_lines + [vars_user_quota_prototype_user] }}"
+
 - name: Configure update script service
   copy:
     src: team_login/