Hello,
I installed Vault with integrated storage v1.5.0 and tried creating hundreds of secrets of 128 kb each.
The memory and disk kept growing event when removing these secrets?
Is this an expected behavior?
thank you for your help!
Hello,
If you are using kv-v2, it contains metadata and it keeps previous versions of a secrets. That might be the reason you do not see space freeing up.
Martin
Thank you Martin for your quick reply!
Actually, I used kv-v1. if you want the exact commands I ran to reproduce:
# vault secrets enable kv-v1
# for i in {1..1000}; do vault kv put kv-v1/max$i key="$(openssl rand -base64 96786)" ; done
I am attaching my nodes conifguration as well
thank you again for your help!
vault configuration.txt (846 Bytes)
The other likely explanations are, for disk, that the boltdb store used internally by integrated storage doesn’t reclaim space immediately (as an optimization to avoid unnecessary writes) and, for memory, that the Go runtime doesn’t release memory to the OS immediately, if at all (for similar reasons.)
are these tunable parameters? as it didn’t free disk or memory space since yesterday.
There are no associated tunables that I’m aware of. To be clear, when I said boltdb doesn’t reclaim space immediately, I should have said “ever”: the expectation is that the space will eventually be reused, and otherwise I think the only option to reclaim space is to take a snapshot and restore it, which will require downtime.
Thank you for the explanations!
Do you think that reducing snapshot_threshold might trade off disk space for memory usage, as we’ll be flushing to disk more often ? That would be possible, as BoltDB frees memory once it has written to disk?
https://www.vaultproject.io/docs/configuration/storage/raft#snapshot_threshold
Thanks a lot !