Deleting snap after certbot installation?

Sorry, I know nothing about snap. I'm guessing that I can't just remove snap and still get certificate auto-updates, but is there anything I can do to stop snap using vast and increasing amounts of disk space?

Problem: I'm creating 10GB server images for Ubuntu 20/22. snap is required only for certbot, since I can't find instructions for installing without snap. I can live with having over 2GB of a 10GB image pointlessly filled up with snap, but the problem is that the disk usage is increasing over time. The disk usage on a server I created a month ago has increased from 43% to 61%. I'm still analysing this, but it looks like snap is responsible for almost all of this. The server is meant to run unattended indefinitely, but this is clearly impossible if snap needs constant hand-holding. The previous Centos servers have run for literally years with the pre-snap certbot. Any ideas? Thanks.

Don't use Certbot, or don't use Ubuntu. There are several alternatives. For both.

1 Like

you can try running these two commands once you are done with the certbot

docker system prune -a

this command removes:

  • all stopped containers
  • all networks not used by at least one container
  • all images without at least one container associated to them
  • all build cache

then run:
fstrim -a -v

and check if your disk usage changes.

1 Like

I agree with 9peppe you could look at other ACME clients. acme.sh is a popular bash script and has a github.

For snap disk usage debugging you are probably better off asking on the snapcraft forum

2 Likes

You could also install Certbot using pip. It's not that great (mostly due to no automatic updates, you'd need to run a pip update command manually), but it's possible if you (understandably) don't want to use snap but would like to use Certbot. Please see the pip installation guide on the Certbot site, as you'd want to run it in a virtual environment et cetera.

1 Like

that doesn't apply to a docker image. you're not supposed to update the software inside, you're supposed to replace the image with a newer one, while keeping the data volumes.

1 Like

I'm not sure why you mention Docker? I was talking about installing Certbot using pip in a Python virtual environment. No Docker what so ever.

1 Like

I had no idea there were so many alternatives - thanks. After a quick scan, the shell ones look good, but it looks like the Apache mod might make life easier.

pip is a real disk hog - it installs gcc, among other things. My recollection is that it's about 800MB.

Probably to byte-compile some C and Rust code? I'm not that familiar with pip (it's not recommended on my distribution Gentoo GNU/Linux), but perhaps it's possible to use only binaries without compiling anything yourself?

1 Like

Thanks, I'll check out acme.sh.

1 Like

I only use minimal Python, so I don't really understand it. I use one library which has minimal dependencies, and so can be installed directly without pip. I did previously use a second library (csvkit) which has major dependencies, and required pip to sort everything out, but it was simpler just to find a non-Python alternative.

@EML100 It seems Certbot itself does not require much storage and does not seem to be doing much weird stuff:

osiris@desktop tmp $ python3 -m venv certbot
osiris@desktop tmp $ certbot/bin/pip install --upgrade pip
Requirement already satisfied: pip in ./certbot/lib/python3.10/site-packages (21.2.4)
Collecting pip
  Using cached pip-22.1.2-py3-none-any.whl (2.1 MB)
Installing collected packages: pip
  Attempting uninstall: pip
    Found existing installation: pip 21.2.4
    Uninstalling pip-21.2.4:
      Successfully uninstalled pip-21.2.4
Successfully installed pip-22.1.2
osiris@desktop tmp $ certbot/bin/pip install certbot
Collecting certbot
  Downloading certbot-1.28.0-py3-none-any.whl (272 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 272.4/272.4 kB 1.4 MB/s eta 0:00:00
Collecting configobj>=5.0.6
  Using cached configobj-5.0.6.tar.gz (33 kB)
  Preparing metadata (setup.py) ... done
Collecting cryptography>=2.5.0
  Downloading cryptography-37.0.2-cp36-abi3-manylinux_2_24_x86_64.whl (4.0 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.0/4.0 MB 3.8 MB/s eta 0:00:00
Collecting acme>=1.28.0
  Downloading acme-1.28.0-py3-none-any.whl (48 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 48.1/48.1 kB 1.0 MB/s eta 0:00:00
Requirement already satisfied: setuptools>=41.6.0 in ./certbot/lib/python3.10/site-packages (from certbot) (58.1.0)
Collecting parsedatetime>=2.4
  Using cached parsedatetime-2.6-py3-none-any.whl (42 kB)
Collecting josepy>=1.13.0
  Using cached josepy-1.13.0-py2.py3-none-any.whl (29 kB)
Collecting pyrfc3339
  Using cached pyRFC3339-1.1-py2.py3-none-any.whl (5.7 kB)
Collecting zope.component
  Using cached zope.component-5.0.1-py2.py3-none-any.whl (68 kB)
Collecting ConfigArgParse>=0.9.3
  Using cached ConfigArgParse-1.5.3-py3-none-any.whl (20 kB)
Collecting zope.interface
  Downloading zope.interface-5.4.0.tar.gz (249 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 249.3/249.3 kB 1.9 MB/s eta 0:00:00
  Preparing metadata (setup.py) ... done
Collecting pytz>=2019.3
  Downloading pytz-2022.1-py2.py3-none-any.whl (503 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 503.5/503.5 kB 2.2 MB/s eta 0:00:00
Collecting distro>=1.0.1
  Using cached distro-1.7.0-py3-none-any.whl (20 kB)
Collecting requests>=2.20.0
  Downloading requests-2.28.0-py3-none-any.whl (62 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.8/62.8 kB 1.4 MB/s eta 0:00:00
Collecting requests-toolbelt>=0.3.0
  Using cached requests_toolbelt-0.9.1-py2.py3-none-any.whl (54 kB)
Collecting PyOpenSSL>=17.3.0
  Using cached pyOpenSSL-22.0.0-py2.py3-none-any.whl (55 kB)
Collecting six
  Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting cffi>=1.12
  Downloading cffi-1.15.0-cp310-cp310-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (446 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 446.3/446.3 kB 2.3 MB/s eta 0:00:00
Collecting zope.event
  Using cached zope.event-4.5.0-py2.py3-none-any.whl (6.8 kB)
Collecting zope.hookable>=4.2.0
  Downloading zope.hookable-5.1.0.tar.gz (21 kB)
  Preparing metadata (setup.py) ... done
Collecting pycparser
  Using cached pycparser-2.21-py2.py3-none-any.whl (118 kB)
Collecting certifi>=2017.4.17
  Downloading certifi-2022.6.15-py3-none-any.whl (160 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 160.2/160.2 kB 1.3 MB/s eta 0:00:00
Collecting idna<4,>=2.5
  Using cached idna-3.3-py3-none-any.whl (61 kB)
Collecting urllib3<1.27,>=1.21.1
  Downloading urllib3-1.26.9-py2.py3-none-any.whl (138 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 139.0/139.0 kB 1.6 MB/s eta 0:00:00
Collecting charset-normalizer~=2.0.0
  Using cached charset_normalizer-2.0.12-py3-none-any.whl (39 kB)
Using legacy 'setup.py install' for configobj, since package 'wheel' is not installed.
Using legacy 'setup.py install' for zope.interface, since package 'wheel' is not installed.
Using legacy 'setup.py install' for zope.hookable, since package 'wheel' is not installed.
Installing collected packages: pytz, parsedatetime, zope.interface, zope.hookable, zope.event, urllib3, six, pyrfc3339, pycparser, idna, distro, ConfigArgParse, charset-normalizer, certifi, zope.component, requests, configobj, cffi, requests-toolbelt, cryptography, PyOpenSSL, josepy, acme, certbot
  Running setup.py install for zope.interface ... done
  Running setup.py install for zope.hookable ... done
  Running setup.py install for configobj ... done
Successfully installed ConfigArgParse-1.5.3 PyOpenSSL-22.0.0 acme-1.28.0 certbot-1.28.0 certifi-2022.6.15 cffi-1.15.0 charset-normalizer-2.0.12 configobj-5.0.6 cryptography-37.0.2 distro-1.7.0 idna-3.3 josepy-1.13.0 parsedatetime-2.6 pycparser-2.21 pyrfc3339-1.1 pytz-2022.1 requests-2.28.0 requests-toolbelt-0.9.1 six-1.16.0 urllib3-1.26.9 zope.component-5.0.1 zope.event-4.5.0 zope.hookable-5.1.0 zope.interface-5.4.0
osiris@desktop tmp $ du -sh certbot/
49M	certbot/
osiris@desktop tmp $ 

I do not have pip installed globally, but it seems to be installed automatically when building the venv. YMMV of course, as this system is build for compiling stuff (Gentoo GNU/Linux), but 49 MB is not the same as your number :wink:

Personally, I find Python to be the most easy to understand languages and it all just makes sense. I like it very much :slight_smile: Some things are a little bit to get used to (indentation instead of {} to mark blocks for example), but I like the fact I can modify any Python application without a problem if I don't like certain behaviour or it's lacking some feature.

2 Likes

(I read "server images" and I understood hey were docker images)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.