Remote Volume Vacuum — Internals, API & Limits
Technical reference for Remote Volume Vacuum — the snapshot, compact, upload, and commit phases, the atomic swap and crash recovery, the full configuration table, worker flags, and limits to plan around.
The worker pulls a cloud-tiered volume’s remote object and local index into its own -workingDir, compacts the data locally, uploads a fresh compacted object to the tier backend, and commits an atomic swap on the volume server. Volume servers are never asked to hold a full volume’s worth of free disk or to run the compaction; they only serve the index snapshot and process one lightweight commit.
What can it do?
- Detect cloud-tier waste: identifies tiered volumes where deleted needles are consuming significant space in the remote object (configurable threshold).
- Compact remote objects: rewrites the tiered object without the deleted data, then switches the volume onto it.
- Offload heavy work: performs the download, compaction, and upload in the worker’s local working directory instead of on the volume server.
- Reclaim cloud storage: shrinks the billed object, directly lowering object-store cost.
- Preserve retention: honors the cluster deletion-retention window so in-window tombstones survive compaction.
Why do you need it?
When files are deleted from a cloud-tiered volume, the space they occupied in the remote object stays allocated — the delete only touches the local index. Over time this creates cloud “storage waste” you keep paying for:
| Scenario | Deleted ratio | Problem | Remote Vacuum solution |
|---|---|---|---|
| Fresh tiered volume | 5% | Minimal waste, no action needed | No vacuum triggered |
| Churning dataset | 30% | 30% of the remote object is deleted data you still pay for | Detects and triggers vacuum |
| Old archive | 50% | Half the object is deleted, still billed | Compacts to reclaim ~50% |
For example, a 30 GB tiered object that is 40% deleted:
- Without vacuum: still billed for the full 30 GB.
- After vacuum: compacted to ~18 GB — a 40% cloud-storage saving.
How does it work?
Remote Volume Vacuum: worker-local compaction of a cloud-tiered volume
Volume Server Remote Vacuum Worker Cloud Tier
(serves the index) (local -workingDir) (object store)
+-----------+ 1. pull .vif/.idx/.idt +------------------+
| tiered | -------------------------> | - snapshot index |
| volume | 4. stage compacted idx | - download object| <-- 2. download old object
| | <------------------------- | - vacuum locally |
| | | - upload object | --> 3. upload NEW object
| .idx | 5. commit (atomic swap) +------------------+
+-----------+ <------------------------- |
| |
+--- switches onto the new object, deletes the old one (6)
Snapshot phase
The worker copies the volume’s .vif (which names the tier backend and current object key), its .idx, and any .idt retention sidecar. Because a tiered volume’s remote object is immutable — writes are rejected and deletes only append index tombstones — this snapshot stays valid for the whole run; the only drift is new deletes, which the commit reconciles.
Compact phase
The worker downloads the remote object to local scratch, then compacts it offline exactly like a normal volume — dropping deleted needles, honoring the cluster deletion-retention floor so in-window tombstones (and their data) are preserved for undelete and point-in-time recovery.
Upload phase
The compacted data is uploaded to the tier backend as a new object (a new key). The old object is left untouched until the swap is durable, so a failure at any point before commit simply leaves the volume serving the old object.
Commit phase
A single VolumeTierRemoteVacuumCommit RPC performs the switch on the volume server, mirroring the local-compaction commit:
- Validate + claim: confirms the volume still points at the object the worker snapshotted (a compare-and-set that fences out-of-band
volume.tier.download/upload), and claims this attempt’s staged index. - Carry deletes: folds in any needles deleted since the snapshot, comparing final-live index state so a re-written needle is never resurrected.
- Swap: switches
.idx/.idt/.vifonto the new object under a durable commit marker, ordered index-before-metadata so a crash can never pair the new object with the old index. - Reload + delete old object: reloads the volume against the new object, then deletes the old one.
Safety guarantees
- Atomic switch: a durable
.rvcmarker makes the swap all-or-nothing; on restart an interrupted commit rolls forward (marker present) or back (marker absent). - Leak, never lose: every failure window leaves the volume serving a complete object; at worst an object is leaked (and logged), never data.
- Concurrency-fenced: the object-key compare-and-set and per-attempt staging mean a stale or overlapping attempt can never swap its index in under another attempt’s object.
- Authenticated: the commit and the staging uploads require admin authorization, like the other destructive volume operations.
Configuration
Remote Vacuum runs as a plugin worker with configurable thresholds:
| Setting | Default | Description |
|---|---|---|
| Detection interval | ~60 min | How often to scan for high-deletion tiered volumes |
| Detection timeout | 5 min | Maximum time for a detection scan |
| Garbage ratio threshold | 0.30 | Trigger vacuum if >= 30% of the object is deleted |
| Max jobs per cycle | 100 | Maximum vacuum jobs per detection cycle |
| Global concurrency | 4 | Total concurrent remote vacuum jobs across cluster |
| Per-worker concurrency | 1 | Concurrent remote vacuum jobs per worker node |
| Job max runtime | 4 h | Ceiling for a single download/compact/upload job |
You can also filter vacuums by collection to focus on specific data sets.
Deployment
Remote Vacuum runs as a plugin worker process. Start one or more weed worker processes that connect to the admin server; it is a “heavy” task, so it is included with -jobType=heavy or -jobType=all, or you can select it explicitly.
Starting a worker
# Start a worker handling all heavy tasks (includes remote vacuum)
weed worker -admin=admin.example.com:23646 -jobType=heavy \
-workingDir=/var/lib/seaweedfs-plugin -maxExecute=2
# Select remote vacuum explicitly (alias: tier.vacuum)
weed worker -admin=admin.example.com:23646 -jobType=remote_vacuum \
-workingDir=/var/lib/seaweedfs-plugin
# Start a worker handling all available task types
weed worker -admin=admin.example.com:23646 -jobType=all \
-workingDir=/var/lib/seaweedfs-plugin
The worker must be able to reach the tier backend (e.g., S3) — it downloads and uploads the objects directly, using the same storage.backend configuration the cluster is configured with.
Key options
| Flag | Description |
|---|---|
-admin |
Admin server gRPC address (required) |
-jobType |
Task types: heavy, all, or remote_vacuum (alias tier.vacuum) |
-workingDir |
Directory for the downloaded object and compacted output during vacuums |
-maxExecute |
Max concurrent job executions per worker (default: 4) |
-metricsPort |
Prometheus metrics port for monitoring |
-id |
Stable worker ID across restarts; auto-generated if omitted |
Production recommendations
- Run at least 2 worker instances for high availability.
- Allocate
-workingDirdisk for roughly twice the largest tiered object — the downloaded object plus the compacted output. - Place workers close (network-wise) to the tier backend to minimize download/upload time.
- Set
-metricsPortto monitor progress and troubleshoot. - Remote vacuum works alongside the other vacuum and EC tasks without coordination; the regular volume vacuum automatically skips cloud-tiered volumes so the two never contend.
Kubernetes
Workers are supported in the SeaweedFS Helm chart:
worker:
enabled: true
replicas: 2
jobType: "heavy"
maxExecute: 2
workingDir: "/var/lib/seaweedfs-plugin"
metricsPort: 9327
Health checks
Workers expose HTTP endpoints when -metricsPort is set:
/health— always returns 200/ready— returns 200 only when connected to admin/metrics— Prometheus metrics
How Remote Vacuum complements other enterprise features
- With Cloud Tiering: tiering moves cold data to object storage to save on primary disk; remote vacuum keeps that tiered data from silently accumulating deleted-byte cost.
- With EC Vacuum: EC vacuum reclaims space in erasure-coded volumes on local disk; remote vacuum does the equivalent for volumes tiered to the cloud.
- With Point-in-Time Recovery / Undelete: remote vacuum honors the deletion-retention window, so recently deleted data stays recoverable through compaction.
Requirements & limits
- Requires a valid SeaweedFS Enterprise license; runs as a plugin worker connected to the admin server.
- Applies to single-location cloud-tiered volumes (the default
volume.tier.uploadleaves exactly one location); a volume observed at more than one location is skipped. - The worker needs scratch disk of roughly twice the tiered object size and network access to the tier backend.
- Only triggered for tiered volumes past the garbage-ratio threshold (default 0.30). Bytes deleted after a run’s snapshot are reclaimed by the next run.