Homelab upgrade - "Modern" alternatives to NFS, SSHFS?
-
NFS is good for hypervisor level storage. If someone compromises the host system you are in trouble.
-
Oh, OK. I should have elaborated.
Yes, agreed. It's so difficult to secure NFS that it's best to treat it like a local connection and just lock it right down, physically and logically.
When i can, I use iscsi, but tuned NFS is almost as fast. I have a much higher workload than op, and i still am unable to bottleneck.
-
Have you ever used NFS in a larger production environment? Many companies coming from VMware have expensive SAN systems and Proxmox doesn't have great support for iscsi
-
Yes, i have. Same security principles in 2005 as today.
Proxmox iscsi support is fine.
-
It really isn't.
You can't automatically create new disks with the create new VM wizard.
Also I hope you aren't using the same security principals as 2005. The landscape has evolved immensity.
-
Last time I had a problem with ceph losing data was during 0.10, does it still happen?
-
If you want to try something that’s quite new and mostly unexplored, look into NVMe over TCP. I really like the concept, but it appears to be too new to be production ready. Might be a good fit for your adventurous endeavors.
-
NFS is fine if you can lock it down at the network level, but otherwise it's Not For Security.
-
sshfs is somewhat unmaintained, only "high-impact issues" are being addressed https://github.com/libfuse/sshfs
I would go for NFS.
-
I preach this to people everywhere I go and seldom do they listen. There's no reason for object storage for a non-enterprise environment. Using it in homelabs is just...mostly insane..
-
If someone compromises the host system you are in trouble.
Not only the host. You have to trust every client to behave, as @forbiddenlake already mentioned, NFS relies on IDs that clients can easily fake to pretend they are someone else. Without rolling out all the Kerberos stuff, there really is no security when it comes to NFS.
-
NFS is bulletproof.
For it to be bulletproof, it would help if it came with security built in. Kerberos is a complex mess.
-
This is just block device over network, it will not allow the use cases OP is asking for. You will still need a filesystem and a file-serving service on top of that.
-
But NFS has mediocre snapshotting capabilities (unless his setup also includes >10g nics)
-
NFS + Kerberos?
But everything I read about NFS amd so on: You deploy it on a dedicated storage LAN and not in your usual networking LAN.
-
At least something that's distributed and fail safe (assuming OP targets this goal).
And if proxmox doesnt support it natively, someone could probably still config it local on the underlying debian OS. -
And if you need to mount a directory over SSH, I can recommend rclone and its mount subcommand.
-
I assume you are referring to Filesystem Snapshotting?
For what reason do you want to do that on the client and not on the FS host? -
I'm using ceph on my proxmox cluster but only for the server data, all my jellyfin media goes into a separate NAS using NFS as it doesn't really need the high availability and everything else that comes with ceph.
It's been working great, You can set everything up through the Proxmox GUI and it'll show up as any other storage for the VMs. You need enterprise grade NVMEs for it though or it'll chew through them in no time. Also a separate network connection for ceph traffic if you're moving a lot of data.
Very happy with this setup.
-
I have my NFS storage mounted via 2.5G and use qcow2 disks. It is slow to snapshot...
Maybe I understand your question wrong?
