(Sorry, I realized I posted in the wrong forum before, moved here).
I upgraded a Debian 10 machine to 11 a while back and ran out of disk space while doing so. I had no idea why, so I reinstalled and all was good.
I just did another one last weekend and had the same problem! But this time I found the culprit - the fail2ban database was over 4GB; and it had made repeated clones/backups (?) of itself until there was no disk space left. I just deleted the dated ones and it seemed to work... for a while. Then it filled up the disk again with the same issue.
Just today I stopped fail2ban, deleted ALL of the databases in /var/lib/fail2ban/ and restarted, and it's a modest size DB now.
Will it stay that way? What caused it to go nuts like that on a dist-upgrade? I know there's a daily purge by default, but is there a need to VACUUM the database as well?
fail2ban.sqlite3 bloat?
OK no responses, I'm still wondering the answer, but here's my observations:
I have a chunk of bans over 24h in the database (now, under normal operation), it sits at just under 3000. The database seems to settle at about 4.5MB over several days, without vacuum being needed.
I suspect that the upgrade from 10-11 does a lot of self-connects and maybe bans itself. Could this be during mandb updates? It seems that's where the upgrade sits (for half an hour or more) when the bloat starts to happen. I don't have the database anymore so I can't actually verify that.
It might be good to suspend or stop the fail2ban service while the update is happening... or possibly run a purge/cleanup task every 5 minutes or so, if that's safer.
I have a chunk of bans over 24h in the database (now, under normal operation), it sits at just under 3000. The database seems to settle at about 4.5MB over several days, without vacuum being needed.
I suspect that the upgrade from 10-11 does a lot of self-connects and maybe bans itself. Could this be during mandb updates? It seems that's where the upgrade sits (for half an hour or more) when the bloat starts to happen. I don't have the database anymore so I can't actually verify that.
It might be good to suspend or stop the fail2ban service while the update is happening... or possibly run a purge/cleanup task every 5 minutes or so, if that's safer.