Homelab upgrade - "Modern" alternatives to NFS, SSHFS?
-
Your workload just won't see much difference with any of them, so take your pick.
NFS is old, but if you add security constraints, it works really well. If you want to tune for bandwidth, try iSCSI , bonus points if you get zfs-over-iSCSI working with tuned block size. This last one is blazing fast if you have zfs at each and you do Zfs snapshots.
Beyond that, you're getting into very tuned SAN things, which people build their careers on, its a real rabbit hole.
-
-
-
-
Ceph isn't something you want to jump into without research
-
You need to know what you are doing with Ceph. It can scale to Exobyte levels but you need to do it right.
-
-
I've used MinIO as the object store on both Lemmy and Mastodon, and in retrospect I wonder why. Unless you have clustered servers and a lot of data to move it's really just adding complexity for the sake of complexity. I find that the bigger gains come from things like creating bonded network channels and sorting out a good balance in the disk layout to keep your I/O in check.
-
Fam, the modern alternative to SSHFS is literally SSHFS.
All that said, if your use case is mostly downloading and uploading files but not moving them between remotes, then overlaying webdav on whatever you feel comfy on (and that's already what eg.: Nexctloud does, IIRC) should serve well.
-
I'd only use sshfs if there's no other alternative. Like if you had to copy over a slow internet link and sync wasn't available.
NFS is fine for local network filesystems. I use it everywhere and it's great. Learn to use autos and NFS is just automatic everywhere you need it.
-
Gotta agree. Even better if backed by zfs.
-
By default, unencrypted, and unauthenticated, and permissions rely on IDs the client can fake.
May or may not be a problem in practice, one should think about their personal threat model.
Mine are read only and unauthenticated because they're just media files, but I did add unneeded encryption via ktls because it wasn't too hard to add (I already had a valid certificate to reuse)
-
I don't know what you're on about, I'm talking about segregating with vlans and firewall.
If you're encrypting your San connection, your architecture is wrong.
-
That's what I though you were saying
-
NFS is good for hypervisor level storage. If someone compromises the host system you are in trouble.
-
Oh, OK. I should have elaborated.
Yes, agreed. It's so difficult to secure NFS that it's best to treat it like a local connection and just lock it right down, physically and logically.
When i can, I use iscsi, but tuned NFS is almost as fast. I have a much higher workload than op, and i still am unable to bottleneck.
-
Have you ever used NFS in a larger production environment? Many companies coming from VMware have expensive SAN systems and Proxmox doesn't have great support for iscsi
-
Yes, i have. Same security principles in 2005 as today.
Proxmox iscsi support is fine.
-
-
Last time I had a problem with ceph losing data was during 0.10, does it still happen?
