My Moodle is showing / is 94% how do I free up space

My Moodle is showing / is 94% how do I free up space

by Doulos Xavier -
Number of replies: 13

My Moodle is showing / is 94% how do I free up space. I ran this command 

root@localhost:~# du -h --max-depth=1 /var | sort -hr
96G     /var
82G     /var/lib
8.0G    /var/cache
4.3G    /var/log
2.3G    /var/www
1.2M    /var/backups
64K     /var/snap
36K     /var/tmp
24K     /var/spool
4.0K    /var/opt
4.0K    /var/mail
4.0K    /var/local

/var/lib is consuming most of the space. 

inside /var/lib I see a number of folders. like which ones can I delete? What is the best approach to maximize space utlization?

drwxr-xr-x  4 root  root   4096 Nov 19 07:23 letsencrypt/
drwxr-xr-x  3 root  root   4096 May 20  2021 locales/

I checked the log files which of these logs can be safely deleted?

root@localhost:/var/log# du -h /var/log | sort -hr | head -n 10
4.3G    /var/log
4.1G    /var/log/journal/cc00e62c19ae4ee3bd80504e14c03931
4.1G    /var/log/journal
23M     /var/log/Acronis/APL
23M     /var/log/Acronis
12M     /var/log/apache2
4.2M    /var/log/letsencrypt
264K    /var/log/mysql
96K     /var/log/apt
12K     /var/log/unattended-upgrades

ChatGPT is suggesting the following 

sudo journalctl --vacuum-time=7d

I checked on a test instance it is deleting the files and I can considerable reduction. Just wondering if it is safe to execute in the production, appreciate your help. 

Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Ken Task -
Picture of Particularly helpful Moodlers

Really belongs in hardware and performance, not general help!  Maybe forum moderators can move.

Before we begin linux advanced ... 2 things:

  1. unless your test system is a mirrored clone of production, what you do on the test system may not be what you need to do on production system.  Is your test system a clone?
  2. can you go to either one of those systems and actually touch the case?
  3. is production a virtualized system?  and if yes, what virtualization and guest OS? and where hosted?

'SoS', Ken

Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Is it really Moodle consuming space in /var/lib? Very unusual.
Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Ken Task -
Picture of Particularly helpful Moodlers

Technical Reference:

https://medium.com/@sonoratek/cleaning-up-and-managing-linux-journal-logs-bbd7415eb38f

Questions: What, in moodle, uses space?  and how much? and can you control that usage?

Catch 22 ... a test system isn't used daily ... a production system is.

'SoS', Ken

Average of ratings: -
In reply to Ken Task

Re: My Moodle is showing / is 94% how do I free up space

by Doulos Xavier -

https://medium.com/@sonoratek/cleaning-up-and-managing-linux-journal-logs-bbd7415eb38f made changes. 

Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Ken Task -
Picture of Particularly helpful Moodlers

So @Benoit Xavier ... what did you end up doing?  Mr. V asked how much space was gained ... share back!!!!  Your solutions and issues do help others...

Free up space ... hard to do with a moodle, but ...

Are teachers making course backups?

Do a query of your DB:

select contenthash, filename, filesize where filename like '%.mbz' order by filesize;

Had a teacher whose course was about multimedia ... after every major assignment, he made a course backup ... wise to do ... only problem ... he didn't remove the previous backup.   At one point the total space used by this one course was 130Gig - approx. 25% of the data drive where moodledata resided.

'SoS', Ken

Average of ratings: -
In reply to Ken Task

Re: My Moodle is showing / is 94% how do I free up space

by Doulos Xavier -
Apologies, I was on holiday, did not make a note of how much the space was retained. After I cleared the the / partition was 89%, I just returned from holiday it is showing 96% my VPS provider is saying we cannot extended the hard drive without moving to a new server. The education head has given downtime only in December. How do I solve this without causing major disruption?
 
This is the result when I do a df 
 
99G     /var
95G     /var/lib
2.5G    /var/www
1.7G    /var/cache
325M    /var/log
1.2M    /var/backups
64K     /var/snap
36K     /var/tmp
24K     /var/spool
4.0K    /var/opt
4.0K    /var/mail
4.0K    /var/local
Under the log files, checked with files consuming max space, in ascending order. What is this 'btmp', did a query on ChatGPT, is giving an output that 'btmp file is a log file that records failed login attempts on your system'
 
root@localhost:/var/log# sudo find /var/log -type f -exec du -h {} + | sort -rh | head -n 10
107M    /var/log/btmp
84M     /var/log/btmp.1
14M     /var/log/auth.log.1
9.2M    /var/log/Acronis/APL/active-protection.log
 
'The btmp file is a log file that records failed login attempts on your system. It's part of the /var/log directory and can grow large if there are repeated failed login attempts, which might indicate malicious activity like a brute-force attack.'
 
sudo lastb

I see a number of enteries with SSH and names I don't recognize 

root@localhost:/var/log# sudo lastb
sts      ssh:notty    120.48.152.250   Mon Nov 25 11:57 - 11:57  (00:00)
sts      ssh:notty    120.48.152.250   Mon Nov 25 11:57 - 11:57  (00:00)
teacher  ssh:notty    95.173.191.84    Mon Nov 25 11:56 - 11:56  (00:00)
teacher  ssh:notty    95.173.191.84    Mon Nov 25 11:56 - 11:56  (00:00)
admin1   ssh:notty    120.48.152.250   Mon Nov 25 11:55 - 11:55  (00:00)
admin1   ssh:notty    120.48.152.250   Mon Nov 25 11:55 - 11:55  (00:00)
root     ssh:notty    92.255.85.107    Mon Nov 25 11:54 - 11:54  (00:00)
burak    ssh:notty    95.173.191.84    Mon Nov 25 11:54 - 11:54  (00:00)
burak    ssh:notty    95.173.191.84    Mon Nov 25 11:54 - 11:54  (00:00)
admin    ssh:notty    120.48.152.250   Mon Nov 25 11:53 - 11:53  (00:00)
admin    ssh:notty    120.48.152.250   Mon Nov 25 11:53 - 11:53  (00:00)
proxyuse ssh:notty    120.48.152.250   Mon Nov 25 11:52 - 11:52  (00:00)
proxyuse ssh:notty    120.48.152.250   Mon Nov 25 11:52 - 11:52  (00:00)
root     ssh:notty    157.10.253.39    Mon Nov 25 11:52 - 11:52  (00:00)
testadmi ssh:notty    95.173.191.84    Mon Nov 25 11:51 - 11:51  (00:00)
testadmi ssh:notty    95.173.191.84    Mon Nov 25 11:51 - 11:51  (00:00)
user01   ssh:notty    120.48.152.250   Mon Nov 25 11:50 - 11:50  (00:00)
user01   ssh:notty    120.48.152.250   Mon Nov 25 11:50 - 11:50  (00:00)
root     ssh:notty    157.10.253.39    Mon Nov 25 11:50 - 11:50  (00:00)
teamspea ssh:notty    95.173.191.84    Mon Nov 25 11:49 - 11:49  (00:00)
teamspea ssh:notty    95.173.191.84    Mon Nov 25 11:49 - 11:49  (00:00)
guest    ssh:notty    54.38.190.246    Mon Nov 25 11:49 - 11:49  (00:00)
guest    ssh:notty    54.38.190.246    Mon Nov 25 11:49 - 11:49  (00:00)
admin    ssh:notty    92.255.57.132    Mon Nov 25 11:49 - 11:49  (00:00)
admin    ssh:notty    92.255.57.132    Mon Nov 25 11:49 - 11:49  (00:00)
frappe   ssh:notty    95.161.220.54    Mon Nov 25 11:49 - 11:49  (00:00)
frappe   ssh:notty    95.161.220.54    Mon Nov 25 11:49 - 11:49  (00:00)
root     ssh:notty    89.107.10.66     Mon Nov 25 11:49 - 11:49  (00:00)
root     ssh:notty    92.255.85.253    Mon Nov 25 11:49 - 11:49  (00:00)
burak    ssh:notty    34.142.110.144   Mon Nov 25 11:48 - 11:48  (00:00)
burak    ssh:notty    34.142.110.144   Mon Nov 25 11:48 - 11:48  (00:00)
ubuntu   ssh:notty    120.48.152.250   Mon Nov 25 11:48 - 11:48  (00:00)
ubuntu   ssh:notty    120.48.152.250   Mon Nov 25 11:48 - 11:48  (00:00)
steam    ssh:notty    54.38.190.246    Mon Nov 25 11:48 - 11:48  (00:00)
steam    ssh:notty    54.38.190.246    Mon Nov 25 11:48 - 11:48  (00:00)
root     ssh:notty    157.10.253.39    Mon Nov 25 11:48 - 11:48  (00:00)
root     ssh:notty    80.94.95.81      Mon Nov 25 11:48 - 11:48  (00:00)
user     ssh:notty    95.161.220.54    Mon Nov 25 11:48 - 11:48  (00:00)
root     ssh:notty    80.94.95.81      Mon Nov 25 11:48 - 11:48  (00:00)
user     ssh:notty    95.161.220.54    Mon Nov 25 11:48 - 11:48  (00:00)
root     ssh:notty    80.94.95.81      Mon Nov 25 11:48 - 11:48  (00:00)
root     ssh:notty    80.94.95.81      Mon Nov 25 11:47 - 11:47  (00:00)
root     ssh:notty    80.94.95.81      Mon Nov 25 11:47 - 11:47  (00:00)
fa       ssh:notty    95.173.191.84    Mon Nov 25 11:47 - 11:47  (00:00)
fa       ssh:notty    95.173.191.84    Mon Nov 25 11:47 - 11:47  (00:00)
burak    ssh:notty    188.132.232.122  Mon Nov 25 11:47 - 11:47  (00:00)
burak    ssh:notty    188.132.232.122  Mon Nov 25 11:47 - 11:47  (00:00)
da       ssh:notty    34.142.110.144   Mon Nov 25 11:47 - 11:47  (00:00)
da       ssh:notty    34.142.110.144   Mon Nov 25 11:47 - 11:47  (00:00)
joao     ssh:notty    95.85.47.10      Mon Nov 25 11:47 - 11:47  (00:00)
joao     ssh:notty    95.85.47.10      Mon Nov 25 11:46 - 11:46  (00:00)
sysadmin ssh:notty    54.38.190.246    Mon Nov 25 11:46 - 11:46  (00:00)
sysadmin ssh:notty    54.38.190.246    Mon Nov 25 11:46 - 11:46  (00:00)
mbot     ssh:notty    95.161.220.54    Mon Nov 25 11:46 - 11:46  (00:00)
mbot     ssh:notty    95.161.220.54    Mon Nov 25 11:46 - 11:46  (00:00)
ubuntu   ssh:notty    120.48.152.250   Mon Nov 25 11:46 - 11:46  (00:00)
ubuntu   ssh:notty    120.48.152.250   Mon Nov 25 11:46 - 11:46  (00:00)
root     ssh:notty    157.10.253.39    Mon Nov 25 11:46 - 11:46  (00:00)
fa       ssh:notty    188.132.232.122  Mon Nov 25 11:46 - 11:46  (00:00)
fa       ssh:notty    188.132.232.122  Mon Nov 25 11:46 - 11:46  (00:00)
joao     ssh:notty    34.142.110.144   Mon Nov 25 11:46 - 11:46  (00:00)
joao     ssh:notty    34.142.110.144   Mon Nov 25 11:46 - 11:46  (00:00)
oracle   ssh:notty    54.38.190.246    Mon Nov 25 11:45 - 11:45  (00:00)
teacher  ssh:notty    95.85.47.10      Mon Nov 25 11:45 - 11:45  (00:00)
user     ssh:notty    95.161.220.54    Mon Nov 25 11:45 - 11:45  (00:00)
oracle   ssh:notty    54.38.190.246    Mon Nov 25 11:45 - 11:45  (00:00)
user     ssh:notty    95.161.220.54    Mon Nov 25 11:45 - 11:45  (00:00)
teacher  ssh:notty    95.85.47.10      Mon Nov 25 11:45 - 11:45  (00:00)
caja     ssh:notty    95.173.191.84    Mon Nov 25 11:45 - 11:45  (00:00)
caja     ssh:notty    95.173.191.84    Mon Nov 25 11:45 - 11:45  (00:00)
user     ssh:notty    120.48.152.250   Mon Nov 25 11:45 - 11:45  (00:00)
user     ssh:notty    120.48.152.250   Mon Nov 25 11:45 - 11:45  (00:00)
teacher  ssh:notty    188.132.232.122  Mon Nov 25 11:44 - 11:44  (00:00)
teacher  ssh:notty    188.132.232.122  Mon Nov 25 11:44 - 11:44  (00:00)
eagle    ssh:notty    34.142.110.144   Mon Nov 25 11:44 - 11:44  (00:00)
eagle    ssh:notty    34.142.110.144   Mon Nov 25 11:44 - 11:44  (00:00)
oracle   ssh:notty    95.161.220.54    Mon Nov 25 11:44 - 11:44  (00:00)

Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Ken Task -
Picture of Particularly helpful Moodlers

"How do I solve this without causing major disruption?"

Get more space!   Even if it means moving to another server ... which provider does for you.

Moving to another server would mean change of IP address I would think so some minor disruption until DNS change propagates which normally doesn't take that long.

If you stay with same server ... does provider offer attached data disk?   That won't be for free ... additional cost .... if they do make the size of that 2 to 3 x's the space your current moodledata directory is using up.   That attached data device could also be where one stores site backups and if running them, automated course backups.   Best to have more than enough than not enough.

If no attached data device, another alt is another server used for data only.  Now you are paying for hosting 2 servers and you have added to the complexity of admin of the moodle.

A third ... an attached data device on another network ... Google/Amazon.

The third option will probably result in some slowness ... but in miliseconds.

'SoS'. Ken

Average of ratings: -
In reply to Ken Task

Re: My Moodle is showing / is 94% how do I free up space

by Doulos Xavier -
Thanks Ken! I moved the SSH default port to another one.
Average of ratings: -
In reply to Ken Task

Re: My Moodle is showing / is 94% how do I free up space

by Doulos Xavier -
I checked with my current VPS provider. Looks like I need to buy a new server, the upgrades cannot happen unless we move to a new server (no in place upgrades). I am yet to get clarity on how this is going to work. I am looking at the option of moving to a new VPS provider with cPanel. The current one is a pure Ubuntu box with no cPanel. The prospective VPS provider said they cannot help with the migration as it does not have a cPanel. Do you know VPS providers who will help with the migration? 
Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Ken Task -
Picture of Particularly helpful Moodlers

Sent you a PM.

'SoS', Ken

Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Ken Task -
Picture of Particularly helpful Moodlers

Previously, I asked if your site was set to make automated backups of courses.   Is it?

I also asked if teachers were making backups of their own.  Are they?  And if they are, are they cleaning up old course backups they have made.

You can find out via mysql query of mdl_files table.

select filename,filesize,component from mdl_files where filename like '%.mbz' order by filesize DESC;

'SoS', Ken

Average of ratings: -
In reply to Doulos Xavier

Re: My Moodle is showing / is 94% how do I free up space

by Palom Bane -
I really had a problem and it was the moove theme that caused these slowdowns.

I changed the theme and it didn't exceed 30%
Average of ratings: -