From 5733fbc88a59f660d027ebb576ecee26892674f6 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Mon, 26 Jan 2026 15:05:42 +0100 Subject: [PATCH 1/7] Added support for 'grid_accounting' daemon --- Dockerfile.rocky9 | 5 ++ Makefile | 5 ++ development.env | 1 + development_gdp.env | 1 + .../sections/configuration/variables.rst | 8 ++- docker-compose_production.yml | 61 +++++++++++++++++++ production.env | 4 ++ 7 files changed, 84 insertions(+), 1 deletion(-) diff --git a/Dockerfile.rocky9 b/Dockerfile.rocky9 index 9200adcc..032870f4 100755 --- a/Dockerfile.rocky9 +++ b/Dockerfile.rocky9 @@ -127,6 +127,7 @@ ARG ENABLE_TWOFACTOR_STRICT_ADDRESS=False ARG TWOFACTOR_AUTH_APPS="" ARG ENABLE_PEERS=True ARG ENABLE_QUOTA=False +ARG ENABLE_ACCOUNTING=False ARG PEERS_MANDATORY=False ARG PEERS_EXPLICIT_FIELDS="" ARG PEERS_CONTACT_HINT="authorized to invite you as peer" @@ -230,6 +231,7 @@ ARG QUOTA_LUSTRE_VERSION="2.15.4" ARG QUOTA_LUSTRE_BASE="/dev/null" ARG QUOTA_GOCRYPTFS_XRAY="/dev/null" ARG QUOTA_GOCRYPTFS_SOCK="/dev/null" +ARG ACCOUNTING_UPDATE_INTERVAL=3600 # Jupyter Arguments ARG JUPYTER_SERVICES="" @@ -1028,6 +1030,7 @@ ARG ENABLE_TWOFACTOR_STRICT_ADDRESS ARG TWOFACTOR_AUTH_APPS ARG ENABLE_PEERS ARG ENABLE_QUOTA +ARG ENABLE_ACCOUNTING ARG PEERS_MANDATORY ARG PEERS_EXPLICIT_FIELDS ARG PEERS_CONTACT_HINT @@ -1109,6 +1112,7 @@ ARG QUOTA_UPDATE_INTERVAL ARG QUOTA_USER_LIMIT ARG QUOTA_VGRID_LIMIT ARG QUOTA_LUSTRE_VERSION +ARG ACCOUNTING_UPDATE_INTERVAL # TODO: do we still need the ~/.local/ wrapper now that update-alternatives run? ENV PYTHONPATH=${MIG_ROOT} @@ -1242,6 +1246,7 @@ RUN ./generateconfs.py --source=. \ --enable_quota=${ENABLE_QUOTA} --quota_backend="${QUOTA_BACKEND}" \ --quota_update_interval=${QUOTA_UPDATE_INTERVAL} \ --quota_user_limit=${QUOTA_USER_LIMIT} --quota_vgrid_limit=${QUOTA_VGRID_LIMIT} \ + --enable_accounting=${ENABLE_ACCOUNTING} --accounting_update_interval=${ACCOUNTING_UPDATE_INTERVAL} \ --storage_protocols="${STORAGE_PROTOCOLS}" \ --wwwserve_max_bytes=${WWWSERVE_MAX_BYTES} \ --password_policy=${MIG_PASSWORD_POLICY} \ diff --git a/Makefile b/Makefile index 37f09f71..13f98b4d 100755 --- a/Makefile +++ b/Makefile @@ -112,6 +112,7 @@ initdirs: initcomposevars mkdir -p ${PERSISTENT_ROOT}/events_home mkdir -p ${PERSISTENT_ROOT}/sitestats_home mkdir -p ${PERSISTENT_ROOT}/quota_home + mkdir -p ${PERSISTENT_ROOT}/accounting_home mkdir -p ${PERSISTENT_ROOT}/sandbox_home mkdir -p ${PERSISTENT_ROOT}/sss_home mkdir -p ${PERSISTENT_ROOT}/workflows_db_home @@ -180,6 +181,10 @@ initservices: && "${ENABLE_QUOTA}" == "True" ]]; then @ENABLED_SERVICES+=" $$service" @fi + @if [[ "$$service" == "migrid-accounting" \ + && "${ENABLE_ACCOUNTING}" == "True" ]]; then + @ENABLED_SERVICES+=" $$service" + @fi @done; @echo $$ENABLED_SERVICES > ./.migrid_enabled_services diff --git a/development.env b/development.env index 42133383..cfd21a84 100644 --- a/development.env +++ b/development.env @@ -111,6 +111,7 @@ ENABLE_JOBS=True ENABLE_RESOURCES=True ENABLE_EVENTS=True ENABLE_QUOTA=False +ENABLE_ACCOUNTING=False ENABLE_GRAVATARS=True ENABLE_SITESTATUS=True STATUS_SYSTEM_MATCH=ANY diff --git a/development_gdp.env b/development_gdp.env index 87a9bd41..d4dd91be 100644 --- a/development_gdp.env +++ b/development_gdp.env @@ -111,6 +111,7 @@ ENABLE_JOBS=False ENABLE_RESOURCES=False ENABLE_EVENTS=False ENABLE_QUOTA=False +ENABLE_ACCOUNTING=False ENABLE_GRAVATARS=False ENABLE_SITESTATUS=True STATUS_SYSTEM_MATCH=ANY diff --git a/doc/source/sections/configuration/variables.rst b/doc/source/sections/configuration/variables.rst index 96e6dae4..eb9020b1 100644 --- a/doc/source/sections/configuration/variables.rst +++ b/doc/source/sections/configuration/variables.rst @@ -436,7 +436,10 @@ Variables - Enable the built-in janitor service to handle recurring tasks like clean up and cache update * - ENABLE_QUOTA - False - - Enable additional quota integration in the user pages if fundamentally enabled with the QUOTA_X variables. + - Enable additional storage quota daemon if fundamentally enabled with the QUOTA_X variables. + * - ENABLE_ACCOUNTING + - False + - Enable additional accounting daemon and integration in the user pages. * - ENABLE_GDP - False - Enable GDP mode for sensitive data with a lot of restrictions on access and logging @@ -656,4 +659,7 @@ Variables * - QUOTA_GOCRYPTFS_SOCK - "/dev/null" - A gocryptfs socket is needed by gocryptfs-xray to resolve encoded data paths from MiG data paths. + * - ACCOUNTING_UPDATE_INTERVAL + - 3600 + - The frequency (seconds) of storage accounting updates. diff --git a/docker-compose_production.yml b/docker-compose_production.yml index 5fd9c3f0..dc83c6a9 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -154,6 +154,9 @@ services: - type: volume source: quota_home target: /home/mig/state/quota_home + - type: volume + source: accounting_home + target: /home/mig/state/accounting_home - type: volume source: sandbox_home target: /home/mig/state/sandbox_home @@ -306,6 +309,9 @@ services: # source: quota_home # target: /home/mig/state/quota_home #- type: volume + # source: accounting_home + # target: /home/mig/state/accounting_home + #- type: volume # source: sandbox_home # target: /home/mig/state/sandbox_home #- type: volume @@ -452,6 +458,9 @@ services: # source: quota_home # target: /home/mig/state/quota_home #- type: volume + # source: accounting_home + # target: /home/mig/state/accounting_home + #- type: volume # source: sandbox_home # target: /home/mig/state/sandbox_home #- type: volume @@ -597,6 +606,9 @@ services: # source: quota_home # target: /home/mig/state/quota_home #- type: volume + # source: accounting_home + # target: /home/mig/state/accounting_home + #- type: volume # source: sandbox_home # target: /home/mig/state/sandbox_home #- type: volume @@ -856,6 +868,9 @@ services: - type: volume source: quota_home target: /home/mig/state/quota_home + - type: volume + source: accounting_home + target: /home/mig/state/accounting_home - type: volume source: user_home target: /home/mig/state/user_home @@ -870,6 +885,44 @@ services: target: /home/mig/state/vgrid_files_writable command: /app/docker-entry.sh -k + migrid-accounting: + container_name: migrid-accounting + image: ${CONTAINER_REGISTRY}/ucphhpc/migrid${CONTAINER_TAG} + network_mode: host + environment: + TZ: ${TZ} + RUN_SERVICES: accounting rsyslogd + depends_on: + # IMPORTANT: finish volume init before migrid launch as explained above + migrid-volume-init: + condition: service_completed_successfully + volumes: + - type: volume + source: mig + target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes + - type: volume + source: mig-server-extconfs + target: /home/mig/mig/server/MiGserver.d + - type: volume + source: state + target: /home/mig/state + - type: volume + source: migrid-quota-syslog + target: /var/log + - type: volume + source: log + target: /home/mig/state/log + - type: volume + source: quota_home + target: /home/mig/state/quota_home + - type: volume + source: accounting_home + target: /home/mig/state/accounting_home + command: /app/docker-entry.sh -k + # NOTE: not used in stand-alone production mode # nginx-proxy: # image: ${CONTAINER_REGISTRY}/jwilder/nginx-proxy @@ -1045,6 +1098,14 @@ volumes: device: ${PERSISTENT_ROOT}/quota_home o: bind + accounting_home: + # Volume used to contain the migrid accounting_home + driver: local + driver_opts: + type: none + device: ${PERSISTENT_ROOT}/accounting_home + o: bind + sandbox_home: # Volume used to contain the migrid sandbox_home driver: local diff --git a/production.env b/production.env index 8ad28638..0f0c7309 100644 --- a/production.env +++ b/production.env @@ -111,6 +111,7 @@ ENABLE_JOBS=True ENABLE_RESOURCES=True ENABLE_EVENTS=True ENABLE_QUOTA=False +ENABLE_ACCOUNTING=False ENABLE_GRAVATARS=True ENABLE_SITESTATUS=True STATUS_SYSTEM_MATCH=ANY @@ -274,3 +275,6 @@ QUOTA_LUSTRE_VERSION=2.15.4 QUOTA_LUSTRE_BASE="/dev/null" QUOTA_GOCRYPTFS_XRAY="/dev/null" QUOTA_GOCRYPTFS_SOCK="/dev/null" + +# Accounting settings +ACCOUNTING_UPDATE_INTERVAL=3600 From 8e25dfd1d374844a9cfe9d877c6e3bf4394abab0 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Mon, 26 Jan 2026 15:23:45 +0100 Subject: [PATCH 2/7] Added missing migrid-accounting syslog volume --- Makefile | 1 + docker-compose_production.yml | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 13f98b4d..8734b1b3 100755 --- a/Makefile +++ b/Makefile @@ -144,6 +144,7 @@ initdirs: initcomposevars mkdir -p ${LOG_ROOT}/syslog/migrid-webdavs mkdir -p ${LOG_ROOT}/syslog/migrid-ftps mkdir -p ${LOG_ROOT}/syslog/migrid-quota + mkdir -p ${LOG_ROOT}/syslog/migrid-accounting initcomposevars: @echo "creating env variable map in docker-compose_shared.yml" diff --git a/docker-compose_production.yml b/docker-compose_production.yml index dc83c6a9..181dfa5c 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -910,7 +910,7 @@ services: source: state target: /home/mig/state - type: volume - source: migrid-quota-syslog + source: migrid-accounting-syslog target: /var/log - type: volume source: log @@ -1289,3 +1289,11 @@ volumes: type: none device: ${LOG_ROOT}/syslog/migrid-quota o: bind + + migrid-accounting-syslog: + # Volume used for exposing migrid lustre quota container system log + driver: local + driver_opts: + type: none + device: ${LOG_ROOT}/syslog/migrid-accounting + o: bind From b8fe5fc3a9f15b247ac86e64f63cb49d79b9dd31 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Thu, 29 Jan 2026 17:43:47 +0100 Subject: [PATCH 3/7] Updated volume comments thanks to @rasmunk --- docker-compose_production.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose_production.yml b/docker-compose_production.yml index 181dfa5c..bbfae408 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -1283,7 +1283,7 @@ volumes: o: bind migrid-quota-syslog: - # Volume used for exposing migrid lustre quota container system log + # Volume used for exposing migrid quota container system log driver: local driver_opts: type: none @@ -1291,7 +1291,7 @@ volumes: o: bind migrid-accounting-syslog: - # Volume used for exposing migrid lustre quota container system log + # Volume used for exposing migrid accounting container system log driver: local driver_opts: type: none From 0dfed64ceab5cbdc9a8e09367a0d2bdf58acae18 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Thu, 29 Jan 2026 17:46:26 +0100 Subject: [PATCH 4/7] Added 'vgrid_home'. 'freeze_home' and 'user_settings' to migrid-accounting --- docker-compose_production.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-compose_production.yml b/docker-compose_production.yml index bbfae408..8e9cc7c5 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -909,6 +909,15 @@ services: - type: volume source: state target: /home/mig/state + - type: volume + source: vgrid_home + target: /home/mig/state/vgrid_home + - type: volume + source: freeze_home + target: /home/mig/state/freeze_home + - type: volume + source: user_settings + target: /home/mig/state/user_settings - type: volume source: migrid-accounting-syslog target: /var/log From 56f6ea09c2cb1e4bcde2006f399326f0c66f7488 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Fri, 30 Jan 2026 10:12:32 +0100 Subject: [PATCH 5/7] Added 'storage' to accounting description as suggested by @jonasbardine --- doc/source/sections/configuration/variables.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/sections/configuration/variables.rst b/doc/source/sections/configuration/variables.rst index eb9020b1..96a28fa1 100644 --- a/doc/source/sections/configuration/variables.rst +++ b/doc/source/sections/configuration/variables.rst @@ -439,7 +439,7 @@ Variables - Enable additional storage quota daemon if fundamentally enabled with the QUOTA_X variables. * - ENABLE_ACCOUNTING - False - - Enable additional accounting daemon and integration in the user pages. + - Enable additional storage accounting daemon and integration in the user pages. * - ENABLE_GDP - False - Enable GDP mode for sensitive data with a lot of restrictions on access and logging From b6b372d1a19b3a9cd558f15cb5547afdc4a5dc74 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Fri, 30 Jan 2026 10:21:33 +0100 Subject: [PATCH 6/7] Removed debug leftover 'accounting_home' volume from 'migrid-quota' container --- docker-compose_production.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker-compose_production.yml b/docker-compose_production.yml index 8e9cc7c5..47e33ec0 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -868,9 +868,6 @@ services: - type: volume source: quota_home target: /home/mig/state/quota_home - - type: volume - source: accounting_home - target: /home/mig/state/accounting_home - type: volume source: user_home target: /home/mig/state/user_home From 334b5c05d3a7168e863c5791301a2f1852802415 Mon Sep 17 00:00:00 2001 From: Martin Rehr Date: Fri, 30 Jan 2026 10:26:40 +0100 Subject: [PATCH 7/7] Added accounting to 'Available target service names' thanks @jonasbardino --- docker-compose_production.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docker-compose_production.yml b/docker-compose_production.yml index 47e33ec0..64ef5bc4 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -33,6 +33,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: volumes: - type: volume @@ -239,6 +240,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: openid rsyslogd depends_on: - migrid @@ -387,6 +389,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: sftp sftpsubsys rsyslogd depends_on: - migrid @@ -536,6 +539,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: ftps rsyslogd depends_on: - migrid @@ -684,6 +688,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: webdavs rsyslogd depends_on: - migrid @@ -829,6 +834,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: quota rsyslogd depends_on: - migrid @@ -888,6 +894,11 @@ services: network_mode: host environment: TZ: ${TZ} + # RUN_SERVICES specifies which daemons to launch + # Available target service names follow migrid init script and are: + # httpd script monitor sshmux events cron transfers janitor + # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy quota + # accounting RUN_SERVICES: accounting rsyslogd depends_on: # IMPORTANT: finish volume init before migrid launch as explained above