Add MinIO Quota Enforcement Script - minio_quota_checker.py

2025-04-02 08:43:41 -04:00 · 2025-04-02 08:43:41 -04:00 · 4d44f96e0d
commit 4d44f96e0d
1 changed files with 65 additions and 0 deletions
--- a/minio_quota_checker.py.-.md
+++ b/minio_quota_checker.py.-.md
@ -0,0 +1,65 @@
+# MinIO Quota Enforcement Script
+
+This script monitors and enforces user-based storage quotas on a MinIO object storage instance. It periodically aggregates disk usage per user, logs warnings for overages, and sets a Redis key when a user exceeds their quota.
+
+## Features
+- Fetches MinIO buckets and groups them by user.
+- Calculates total storage usage for each user.
+- Logs warnings when a user exceeds their quota.
+- Uses Redis to store quota exceedance status (`quota_exceeded:username`).
+- Supports configurable quotas, whitelisted users, and customizable intervals.
+
+## Configuration
+The script loads its configuration from environment variables or from `/etc/minio_quota.conf`. Available settings:
+
+| Variable            | Description                                      | Default Value |
+|--------------------|------------------------------------------------|--------------|
+| `MINIO_ENDPOINT`   | MinIO server endpoint                          | `play.min.io` |
+| `MINIO_ACCESS_KEY` | MinIO access key                              | `your-access-key` |
+| `MINIO_SECRET_KEY` | MinIO secret key                              | `your-secret-key` |
+| `TOTAL_SIZE_LIMIT` | Storage quota per user (e.g., `1G`, `500M`)   | `1G` |
+| `WHITELIST`        | Comma-separated list of users exempt from quotas | `admin,superuser` |
+| `AGGREGATE_INTERVAL` | Interval (seconds) for disk usage aggregation | `600` (10 minutes) |
+| `REDIS_HOST`       | Redis server hostname                         | `localhost` |
+| `REDIS_PORT`       | Redis server port                             | `6379` |
+| `REDIS_DB`         | Redis database ID                             | `0` |
+| `LOG_FILE`         | Log file location                             | `minio_quota.log` |
+
+## Installation
+1. Install dependencies:
+   ```sh
+   pip install minio redis
+   ```
+2. (Optional) Create a configuration file at `/etc/minio_quota.conf`:
+   ```ini
+   MINIO_ENDPOINT=minio.example.com
+   MINIO_ACCESS_KEY=my-access-key
+   MINIO_SECRET_KEY=my-secret-key
+   TOTAL_SIZE_LIMIT=500M
+   WHITELIST=admin,superuser
+   AGGREGATE_INTERVAL=600
+   REDIS_HOST=localhost
+   REDIS_PORT=6379
+   REDIS_DB=1
+   LOG_FILE=/var/log/minio_quota.log
+   ```
+3. Run the script:
+   ```sh
+   python minio_quota.py
+   ```
+
+## How It Works
+- The script runs in an infinite loop, executing every `AGGREGATE_INTERVAL` seconds.
+- It fetches all MinIO buckets and groups them by username.
+- It calculates total storage usage per user and compares it with `TOTAL_SIZE_LIMIT`.
+- If a user exceeds their quota, a warning is logged and a Redis key `quota_exceeded:username` is set.
+- Users in the `WHITELIST` are ignored.
+
+## Handling Quota Enforcement
+Other services (e.g., Nginx or an API gateway) can check Redis for quota exceedance and enforce restrictions accordingly.
+
+## Signals & Graceful Shutdown
+The script handles `SIGINT` and `SIGTERM` signals to allow a clean exit.
+
+## License
+This script is provided as-is under an open-source license.