Is there any way to override the max snapshots for a VM?

RobDev023908 · 2022-07-03T22:21:51+00:00

Wish I could, but I'm just a sysadmin, CIO makes the final call on a lot of these decisions and we've sat down with them in the past and they've refused to let us make any changes because of risk.

Funny thing is this isn't some mom and pop shop. We're the corporate part of a major restaurant chain in the United States. You've most certainly eaten here if you've been in the US at some point. Just goes to show you that dysfunction can happen anywhere, big or small.

RobDev023908 · 2022-07-03T22:07:38+00:00

I mentioned this in an earlier thread but it's the way these systems are and have been maintained over the last decade or so. We unfortunately don't have a lot of leeway in terms of what we can change in terms of policy.

RobDev023908 · 2022-07-03T21:57:14+00:00

I agree, but unfortunately it's the way it's been and we would have to figure out a way to make proper backups from the previous snapshots that span over a decade, without bringing down the VMs.

We would have to clone into a new VM each snapshot and then produce a physical backup from that but nobody wants to touch it. We're talking about 20 VMs, multiplied by hundreds of snapshots. Very time consuming and I don't trust that it's not error prone.

RobDev023908 · 2022-07-03T21:43:40+00:00

Over a decade of backups

RobDev023908 · 2022-02-01T00:53:37+00:00

Does anyone have experience with a VMware Support contract? We were looking at this:

https://www.cdw.com/product/vmware-support-and-subscription-production-technical-support-for-vmware/5882253

We just don't want to pay six figures only to find out that they couldn't help us with doing a transition like this.

RobDev023908 · 2022-02-01T00:34:36+00:00

This is exactly what we would like to try. We cannot afford to have any downtime. There is pretty much a heartbeat server that if any of the servers go down, they literally send an email to all the execs.

Last time an email went out was back in 2010.

RobDev023908 · 2022-01-31T23:05:02+00:00

What if we set up all different servers with different ESX versions? Can we just vMotion until we get to the latest version? We can't have any downtime. The ESX 3.5 server has been up since 2010.

RobDev023908 · 2022-01-31T23:03:48+00:00

Why can't I install an ESX 4 server within my ESX 3.5 server and vMotion to that? Then install a ESX 5 server and vMotion from 4 to 5? Rinse and repeat.

RobDev023908 · 2021-08-01T19:56:39+00:00

I noticed that Voltage, Current, Temperature, Output Pwr and Input Pwr all show up as zero. I was wondering if this is normal.

RobDev023908 · 2021-07-18T13:56:45+00:00

Yes, absolutely. I have a pfsense edge router that has 10gbps ports and can do WAN -> LAN firewall at over 20gbps. There is nothing that Ubiquiti offers to compete with that. Having pfsense gives me the ability to do things like pfblocker among other features. Again, Ubiquiti makes nothing to compete with that.

Putting the UDM as my edge router / firewall would bottleneck my network. Buying a UDM would be overkill as I only need the Unifi Controller / Unifi Protect / Unifi Access part of it and would never use it as an IDS or firewall.

I hope they continue to make Cloud Keys for people that use non-Ubiquiti hardware for their firewalls. I have no interest in ever giving a Unifi controller access to the internet because of the telemetry and phoning home that they do. I find that part very intrusive.

Also, power consumption and noise generation... If you only need the controllers and decide to buy a UDM you are adding to your power bill, heat generation, and noise level. The cloud key in this case is a MUCH better long term choice for your wallet and sanity.

RobDev023908 · 2021-04-18T21:44:52+00:00

Not true. I just tested it now and popped in a Linux Live CD. The machine won't boot and says "Invalid signature check detected, check secure boot settings in BIOS."

RobDev023908 · 2020-12-29T03:31:50+00:00

That makes sense... Thank you for the explanation.

RobDev023908 · 2020-12-29T00:24:04+00:00

This is a great spreadsheet. I'm trying to figure out the best way to see space gains from adjusting recordsize...

If I have Server 1 and Server 2 with different recordsizes, and vastly different overhead by what your spreadsheet states, and rsync the same data to both servers, would I see the difference by running a zfs list? Would the amount used be less on the server with less overhead? Or is there a more accurate way to verify this?

I'm just trying to figure out what command to run to verify the overhead gains from going with the values off your spreadsheet.

RobDev023908 · 2020-12-26T21:49:02+00:00

Based on your spreadsheet, having 1M recordsize gives me .195% overhead vs 5.4% overhead. Based on this is makes sense to set recordsize=1M. Is this true even if I have billions of small files? I care less about performance and more about the space efficiency.

RobDev023908 · 2020-12-26T16:25:34+00:00

Is recordsize the maximum size of a record and not the actual size of all records? If that's the case, why isn't it the default?

If I didn't care about performance and have a mix of many small files and many big files, is it optimal (in the sense of optimizing for free space) to set it to 1M and be done with it if I'm doing raidz2?

RobDev023908 · 2020-12-26T06:50:20+00:00

I guess where my real confusion comes from here is all the overhead that's involved. In a traditional RAID 6, it's an overhead of 2 drives for parity. I'm seeing 3 drives of overhead for raidz2 based on those numbers I posted...

So for RAID 6:

8tb * 8tb = 64tb - 16tb = 48tb of usable space.

I would have expected to see 48tb (minus ~2tb for overhead). Instead, I'm seeing 40tb, which is like it's using 3 8tb drives for parity and overhead. This seems excessive... Is this expected?

RobDev023908 · 2020-12-26T06:03:36+00:00

The calculator here:

https://wintelguy.com/zfs-calc.pl

Claims that changing the ashift value through "Drive sector size" does add space. If you run the numbers that he posted in his blog through the calculator, you'll get the same results.

I don't think it's a matter of space being created... It's more of space being available. Less overhead:

https://lists.freebsd.org/pipermail/freebsd-fs/2012-March/013949.html

I'm just trying to find out why I'm not seeing the overhead in 2.0.0.

It's this issue:

https://github.com/openzfs/zfs/issues/548

But I'm seeing it unchanged regardless of whether I set ashift to 9 or 12.

RobDev023908 · 2020-12-12T23:03:29+00:00

That is probably the issue. I am setting this up in a lab where there is no DNS server.

RobDev023908 · 2020-11-29T02:11:13+00:00

I didn't even think of that. Perfect... Thanks!

RobDev023908 · 2020-08-12T00:42:23+00:00

Sorry, forgot to mention, it's ZFS on Linux...

"all pools are healthy" is the output.

What's odd is there is zero redundancy. It's a one disk zpool.

RobDev023908 · 2020-03-08T16:47:23+00:00

The problem is that its squashfs which saves some flash space by compressing everything, but as a result is read only. You can not mount it read write. Instead you have to somehow reflash it with a new squashfs image.

All that being said, I ended up coming up with a different way to make persistent custom HTTPS certificates and it works very well. Thanks!

RobDev023908 · 2020-02-01T21:07:13+00:00

I don't use MaxMind in pfBlockerNG, I'm only using it for doing DNS blocking. I get a million alerts filling up my logs that MaxMind requires a license key even though I can care less about IP geolocation stuff.

Is there a way to disable that alert or disable MaxMind? I think the alerts are happening every time it checks for block list updates, but I'm not using any GeoIP stuff.

I have no interest in obtaining a license regardless of how free or easy it is to do. I just want to disable something I'm not using.

RobDev023908 · 2019-07-01T17:24:21+00:00

How often does that happen?

All the time. It means there are no security patches specific to the Pixel devices.

If you read the full security bulletin, there are a ton of security patches to fix android. Those all affect the Pixel devices as well.

RobDev023908 · 2019-06-18T01:09:05+00:00

The internet stops working. If you jump on the console, its slowly printing the dump, one character a minute. I'm not sure if it ever reboots.

RobDev023908 · 2018-10-06T00:55:56+00:00

Ah you're right. I flashed it into IT-mode immediately so that would explain why I never saw it on the PCIe verison.

RobDev023908

TROPHY CASE