Auto-trimming Workstation to shrink disk usage

Rupurudu · January 26, 2024, 7:31am

Hello,

My Workstation’s virtual disk size balloons out due to the regular updates and usage. I am trying to shrink the size of the virtual disk by enabling trim support on the VirtualBox.

Since Whonix is based on the Debian, I followed the steps for enabling trim support on Debian, sadly it didn’t work on Whonix.

Here is what I did:

I modified Workstation.vbox file to enable SSD and TRIM support:

<AttachedDevice discard="true" nonrotational="true" type="HardDisk" port="0" device="0">

Then I booted the Workstation to and used the following command to verify TRIM support is enabled:

sudo hdparm -I /dev/sda | grep TRIM

On Debian this outputs:

      *   Data Set Management TRIM supported

but nothing happens on Whonix Workstation, in fact hdparm does not return any information at all.

I modified /etc/fstab to enable trim support anyway, like this:

sudo nano /etc/fstab

then I modified this line from this:

/dev/disk/by-uuid/3d1fc014-57d8-4eaf-95ef-8de97ee9cb61   /   auto    defaults,errors=remount-ro   0   1

to this:

/dev/disk/by-uuid/3d1fc014-57d8-4eaf-95ef-8de97ee9cb61   /   auto    discard,noatime,defaults,errors=remount-ro   0   1

I rebooted the system and tried to run a trim operation:

sudo fstrim -av
fstrim: /: the discard operation is not supported

It doesn’t work. Any suggestions?

Patrick · January 26, 2024, 11:19am

Trim is something different. It works only on hardware. You don’t need it. Trim is unrelated to the file system / VM image level.

What you need instead:

(Whonix is based on Kicksecure.)

Rupurudu · January 26, 2024, 8:35pm

Hello @Patrick !

As it’s written on the Wikipedia page:

A trim command allows an operating system to inform a SSD which blocks of data are no longer considered to be “in use” and therefore can be erased internally.

VirtualBox needs the trim command to know which sectors of the virtual hard disk are not used. Let me explain how this works with an example.

Here is how it works on a real SSD:

When you delete a file, the operating system will mark the file’s sectors as free, then send a TRIM command to the disk.
An SSD uses this information to handle garbage collection. This results in less write amplification (fewer writes), higher write throughput (no need for a read-erase-modify sequence), thus increasing drive life.

Here is how it works on a Virtual Disk:

When you delete a file, the operating system will mark the file’s sectors as free, then send a TRIM command to the disk.
VirtualBox uses this information to mark the respective blocks on the .vdi file as empty. Host operating system then uses this information to shrink the .vdi file.

As a result when you delete a file on the Guest OS, the Host OS gains free disk space automatically. See the --discard option on the VirtualBox manual.

The way you mentioned also works, but it’s more like a manual workaround. Instead of marking the sectors as free, zerofree actually empties all sectors by writing zeroes to the whole unused space on the disk. Then you’ll need to shutdown the Guest OS and tell VirtualBox to scan the whole disk and mark zero filled sectors as empty, so Host OS can shrink the file.

This procedure is very tedious. Not only you need to shutdown the Guest OS to shrink the disk, the actual zerofree operation and virtualbox compaction operation takes a very long time with large disks. Not only that zerofree’ing a disk temporarily increases the virtual disk’s size, so if you are already short on disk space (and need to shrink the virtual disk), then you’ll need to free up disk space by removing something else.

The above procedure I told you earlier works on Debian, which is what Kicksecure is based on. Guessing from the empty hdparm output, I think one of the Kicksecure’s hardening features disables the trim feature.

I am not familiar with KickSecure/Whonix, so I don’t know how to re-enable trim feature.

extraextra · January 26, 2024, 10:01pm

Is disk format VDI?

I don’t think VirtualBox supports manual modifications? It might work or might not. Afaik you’re supposed to change settings through VirtualBox GUI interface or vboxmanage command. Try that first.

Rupurudu · January 26, 2024, 10:08pm

Yes, the disk format is VDI.

While the nonrotational option is exposed as the “Solid-state Drive” checkbox in the GUI, discard is not present on the GUI.

I suppose I can use vboxmanage but I think it doesn’t make any difference since GUI did pick up the file modification and shows the “Solid-state Drive” checkbox as checked.

extraextra · January 27, 2024, 3:19am

Use vboxmanage. Because it checks if that setting is allowed in the specific configuration. File direct editing is cheating.

Patrick · January 27, 2024, 1:00pm

There’s no purposeful hardening disabling trim. This probably relates to how the VM is created using command line in 4600_create-vbox-vm.

Since this seems a cool feature, it probably makes sense to modify the build script (derivative-maker) to VMs using virtual SSDs with discard support.

Using VirtualBox with --discard=on option and /etc/fstab with discard mount option by default seems a sensible development goal.
(fstab modifications are difficult for a Linux distribution)

Can you accomplish this functionality on plain (non-Whonix) Debian? Please try. As per: Generic Bug Reproduction

Try to Compare VM Settings of the Whonix VM versus a Debian VM.

Rupurudu · January 27, 2024, 1:47pm

I already use the trim feature on my other VMs, but I’ll try the above steps again with a clean installation.

Rupurudu · January 27, 2024, 7:15pm

I found the solution. Apperantly, the storage controller you use matters. I found out that my Workstation uses the VirtIO storage controller, while trim command only works with SATA and SCSI controllers.

Interestingly, the default option on new .ova packages is SATA, and I don’t remember why I changed my workstation to use the VirtIO storage controller.

While my issue is fixed, I would like to keep this topic open since this would be a good idea to implement to the Kicksecure/Whonix.

Patrick · January 27, 2024, 7:44pm

VirtualBox default storage controller choice is actually quite a hard decision. References:

github.com

derivative-maker/derivative-maker/blob/master/build-steps.d/4600_create-vbox-vm#L31-L45


      
          ## SATA AHCI is VirtualBox's default for VMs created using the VirtualBox
          ## graphical user interface (GUI) for Debian 64-bit VMs.
          ##
          ## No longer using `--add sas`, because:
          ## https://forums.whonix.org/t/whonix-virtualbox-failed-to-start-ns-error-failure-0x80004005-the-vm-session-was-aborted/11471
          ## Related:
          ## - https://github.com/Whonix/Whonix/issues/274
          ## - https://www.virtualbox.org/ticket/10031
          ## - https://www.whonix.org/wiki/VirtualBox/Troubleshooting#Failed_to_open_a_session_for_the_virtual_machine
          ##
          ## `--name` is mandatory by `VBoxManage`.
          ## `--name "controller"` is arbitrary. VirtualBox default for VMs created
          ## by VirtualBox GUI would be "Controller: SATA". Keeping it generic to
          ## simplify maybe required later manual user changes.
          VBoxManage storagectl "$VMNAME" --add sata --name "controller"

sata is the current default.

Let’s see what upstream thinks and if enabling the trim mount option by default in grml-debootstrap breaks any builds: