Self Hosting Fail
submitted 8 months ago by Padook
I woke up this morning to a text from my ISP, "There is an outage in your area, we are working to resolve the issue"
I laugh, this is what I live for! Almost all of my services are self hosted, I'm barely going to notice the difference!
Wrong.
When the internet went out, the power also went out for a few seconds. Four small computers host all of my services. Of those, one shutdown, and three rebooted. Of the three that ugly rebooted some services came back online, some didn't.
30 minutes later, ISP sends out the text that service is back online.
2 hours later I'm still finding down services on my network.
Moral of the story: A UPS has moved to the top of the shopping list! Any suggestions??
When you are bored, backup a VM then hard kill it and see if it manage to restart properly.
Software should be able to recover from that.
If it doesn't, troubleshoot.
When I built my home server this is what I did with all VMs. Learned how to change the start up delay time in esxi and ensured everything came back online with no issues from a cold built.
Rip VMware.
That reminds me of Netflix's Chaos Monkey (basically in office hours this tool will randomly kill stuff).
While I appreciate the sentiment, most traditional VMs do not like to have their power killed (especially non-journaling file systems).
Even crash consistent applications can be impacted if the underlying host fs is affected by power loss.
I do think that backup are a valid suggestion here, provided that the backup is an interrupted by a power surge or loss.
Why are you using a non-journaling file system in 2024 when those were common 10+ years ago?
It's been a while since a power cut affected my services, is this why?
I remember having to troubleshoot mysql corruption following abrupt power loss, is this no longer a thing?
Databases shouldn't even need a journaling filesystem, they usually pay attention to when to use fsync and fdatasync.
In fact journaling filesystems basically use the same mechanisms as databases only for filesystem metadata.
Or even better use something like ZFS with CoW that can't corrupt on power loss
and don't fuck with sync writes
I would still consider that generation of filesystem to be effort to use while regular journaling filesystems have been so ubiquitous that you need to invest effort to avoid using one.
It was supported and the default out of the box when I installed my OS
Your system should be fine after a hard kill. If its not stop using it as that's going to be a problem down the road.
Did the services fail to come back due to the bad reboot, or would they have failed to come back on a clean reboot? I ugly reboot my stuff all the time, and unless the hardware fails, i can be pretty sure its all going to come back. Getting your stuff to survive reboot is probably a better spend of effort.
Yeah an unclean reboot shouldn’t break anything as long as it wasn’t doing anything when it went down. I’ve never had any issues when I have to crash a computer unless it was stuck doing an update.
I didn't mean to imply that Services actually broke. Only that they didn't come back after a reboot. A clean reboot may have caused some of the same issues because, I'm learning as I go. Some services are restarted by systemctl, some by cron, some....manual. This is certainly a wake up call that I need standardize and simplify the way the services are started.
We've all.committed that sin before. Its better to rely on it surviving the reboot than to try prevent the reboot.
Also worth looking into some form of uptime monitoring software. When something goes down, you want to know about it asap.
And documenting your setup never hurts :D
On the uptime monitoring I've been quite happy with uptime kuma, but... If you put it on the same host that's down... Well, that's not going to work :p (I nearly made that mistake)
It's not the most detailed thing, but I just use a free account on cron-job.org to send a head request every two minutes to a few services that are reachable from the internet (either just their homepage or some ping endpoint in the API) and then used the status page functionality to have a simple second status page on a third party server.
You can do a bit more on their paid tier, but so far I didn't need that.
On the other hand, you could try if a free tier/cheap small vps on one of the many cloud providers is sufficient for an uptime Kuma installation. Just don't use the same cloud provider as all other of your services run in.
Oh, I'm fine with my setup, I have a couple of external servers that can monitor all my web accessible stuff with kuma and then I've got another local one to monitor my non-web accessible stuff.
Thanks for those tips though, definitely useful to consider other options
Same, Uptime Kuma is fantastic. I put it on my most critical server, if Kuma is down, everything is down :D
I reboot every box monthly to flush out such issues. It's not perfect, since it won't catch things like circular dependencies or clusters failing to start if every member is down, but it gets lots of stuff.
IMHO you're optimizing for the wrong thing. 100% availability is not something that's attainable for a self-hoster without driving yourself crazy.
Like the other comment suggested, I'd rather invest time into having machines and services come back up smoothly after reboots.
That being said, an UPS may be relevant to your setup in other ways. For example it can allow a parity RAID array to shut down cleanly and reduce the risk of write holes. But that's just one example, and an UPS is just one solution for that (others being ZFS, or non-parity RAID, or SAS/SATA controller cards with built-in battery and/or hardware RAID support etc.)
I agree that 99.999% uptime is a pipedream for most home labs, but I personally think a UPS is worth it, if only to give yourself the option to gracefully shut down systems in the event of a power outage.
Eventually, I'll get a working script that checks the battery backup for mains power loss and handle the graceful shutdown for me, but right now that extra 10-15 minutes of battery backup is enough for a manual effort.
Some of the nicer models of UPS have little servers built in for remote management, and also communicate to their tenants via USB or Serial or Emergency Power Off (EPO) Port.
You shouldn't have to write a script that polls battery status, the UPS should tell you. Be told, don't ask.
I run nut on a pi.
A UPS should always be your first or second purchase if only for power conditioning and brown-out protection.
You should buy a UPS if those things are concerns for you. If not, then don't.
They will do power conditioning? My modem is such a sensitive baby I cannot plug anything else in next to it or it starts dropping packets. Would a UPS help with that? Unfortunately I cannot replace the modem, that's the only one the ISP will give me.
Yes. An online/double-conversion UPS will be the most effective, because it actually runs off the battery the whole time, so it's disconnected from any line quality issues.
A line-interactive UPS is cheaper, but doesn't do full power conditioning.
An offline UPS doesn't do any at all, only comes online when power drops.
https://community.fs.com/article/line-interactive-vs-online-vs-offline-ups.html
I present to you the holy hardware compatibility table:
https://networkupstools.org/stable-hcl.html
Anything not listed there is not worth buying.
A lot of stuff on there isn't worth buying either, like anything from APC. If you want good stuff, just get Eaton.
But also you have to understand that UPSes aren't set and forget. The batteries need replacement every 3-5 years. And they're not for extended outages, they're mostly to bridge the gap between mains power going out and a generator starting up.
Personally I just have everything running from docker-compose, so I run one command and everything not running gets started. I don't worry about stuff being down for a bit.
Eatons batteries are usually really simple to switch, see
https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/backup-power-ups/eaton-5s-ups/eaton-5s-120v-user-manual-700-1000-1500-lcd.pdf
For me they are meant for allowing a graceful shutdown in a powerout scenario and to protect the hardware behind them from power surges.
Tl;dr apc bad? I have 4 cyberpower so no experience with them
They got bought. They started to suck.
Now they've been 'sploited, they're overpriced, and they still schlepp the same bad software.
That's why you integrate with NUT. So you can automate a graceful shutdown when battery levels drop to a set level.
UPS, good idea.
backups too.
UPS with usb allows you to configure a script to properly shutdown your server when a power outage happens and the UPS battery is about to run out.
Yeah if you self host, a UPS is very important.
A general tip on buying UPSes: look for second hand ones - people often don't realise you can just replace the battery in them (or can't be bothered) so you can get fancier/larger ones very cheap.
Also, a larger capacity one is better, and it's likely you'll find a secondhand one with more capacity/features for a similar price.
Laptops
My favorite part about using an old laptop as a 24/7/365 plugged-in server is the anticipation of when the lithium battery will explode from overcharging.
"overcharging" doesn't exist. There are two circuits preventing the battery from being charged beyond 100%: the usual battery controller, and normally another protection circuit in the battery cell. Sitting at 100% and being warm all the time is enough for a significant hit on the cell's longetivity though. An easy measure that is possible on many laptops (like thinkpads) is to set a threshold where to stop charging at. Ideal for longetivity is around 60%. Also ensure good cooling.
Sorry for being pedantic, but as an electricial engineer it annoys me that there's more wrong information about li-po/-ion batteries, chargers and even usb wall warts and usb power delivery than there's correct information.
Isn't dendrite formation and the shorts they can cause a much bigger concern when dealing with old batteries that are being charged 24/7? Asking a genuine question here, so please don't shoot me if I'm wrong. 🙂 I'd love to hear more about the most common failure modes and causes for li-po/ion batteries.
If you say it quickly enough it may sound plausible to some but this is not how battery technology works, as explained by @skilltheamps@feddit.de
Amen. I appreciate my UPS for sure!
This is why I have about five of these bad boys: CyberPower CP1500PFCLCD.
One is in my utility room for my cable modem and our chest freezer, three back up my homelab and wifi AP, and one is for my office.
They've been bulletproof through storms, and when we've lost power, but not Internet I can't keep on working.
The big thing to look for is number of battery+surge outlets vs just surge outlets. Typically they top out at 1500VA - the more overhead for what you're powering, the longer you can go without mains power.
A screen/display is helpful for at-a-glance information like expected runtime, current output, etc.
I use a laptop and external jbod covered with a low power ups. As other said, the point is to bridge powergaps now long term working powerless. I live in the countrisied, so small powergaps happens specially when my photovoltaic don't produce (no, i have no battery accumulators, too expensive)
Not APC. (At least for Windows) trashy software.
It doesn't need the software, it gets recognized by the system as a battery
Still bad hardware. At least the Back-UPS line.
Had a old APC that worked for many years. Brought a new back-ups 1100va few years ago , wasn't the quality I expected.
It might work but the software is still trash.
Or TrippLite. Owners used it as a massive money laundering front for right-wing donations and bribes.
Have a suggestion?
Eaton. Supported by Nut, works with 50Hz as well as the 52Hz my emergency power puts out.
Not really. I saw multiple mentions of eaton.
Might be worthwile to look online like on reddit or other forums how the perception is there.
Figure out how much power your servers use on average with the help of a wattage meter, then enter that number and how many minutes battery backup you want in Eatons UPS Power Calculator to find a suitable unit. I'm sure other vendors have similar tools too.
This is why I gave up self hosting. It's great when it works but it just becomes an expensive second job. I still have Plex/Jellyfin etc but for emails and password vaults I just pay for external services.
if you don't want it to feel like a second job, you could always quit your first!
I could have the best self hosted setup.... living in a van, down by the river!
I like to host as many services as possible and I’m fine with it being a second job at times since this is my main hobby, but I actually agree with you on your examples. The three things I won’t self-host are:
Emails - I am not willing to put in the effort on this. Plus, my ISP blocks those ports so I’d already be into using a VPS even if I wanted to host this. I’d rather just pay someone else, like Proton.
Password manager - I actually did self-host Bitwarden for a long time, but after thinking about it for a while, I decided to take the pay someone else approach here too. I’m pretty sure I’m doing everything correctly, but I’m not a security expert. I’d rather be 100% sure my passwords are in safe hands rather than be 95% sure that I’m doing everything right on this one.
Lemmy - I’ve heard about (luckily never seen) CSAM attacks on Lemmy/Kbin and will not risk that kind of content being downloaded because I’m federated with an instance dealing with those attacks. I’m happy to throw a couple bucks at lemmy.world’s Patreon and let them handle that.
I self host stuff that I feel the need to. But TBH, you don't really need to self host much, outside of media collections. PhotoPrism and JellyFin are about the only two I need, aside from a PiHole. Most folks would be fine with a beefy NAS.
In addition to ups, an LTE failover. I've had my Comcast crap be offline for hours.
I'd like that, but also a really long-running UPS. multi-hour power outages are surprisingly common in my area.
Thats no longer a UPS.
You could get something like a powerwall, something designed to power things from batteries for a long time.
Or get a generator with an automatic failover. The UPS then covers the downtime between powerfailure and generator taking load
Does this require a lot of gear? Or does it simply act as another gateway?
There are devices like the Netgear lm1200 that can do it inline by themselves.
I have that device, but configured as a second gateway. My firewall manages the failover based on primary packet loss and latency.
It requires an LTE capable gateway and a data plan. As for the rest you can simply write your routing tables so that if the main gateway doesn't work, use the secondary gateway with lower prio.
It requires an LTE capable gateway and a data plan. As for the rest you can simply write your routing tables so that if the main gateway doesn't work, use the secondary gateway with lower prio.
I feel your pain. Just the other day the disk on my home assistant machine died after a power outage and I had to replace it with another disk and restore from backup.
My suggestion just changes your threat model, so may not be a good one based on your wants.
Perhaps consolidate systems? Managing less devices = less points of failure. But adds the risk of any given failure being more severe.
This thought came to me this morning. I have 4 machines both because the BEAST grows organically, and because we're always trying to avoid that single point of failure. Then a scenario comes along that makes you question your whole way of thinking, diversifying may actually create more problems