Should Spotlight indexing stay on for developer Mac mini rentals?

For unattended CI hosts, disable indexing on artifact volumes with mdutil and document exceptions for interactive QA machines where desktop search still matters.

Does mdutil persist across reboots on VmMac hosts?

Settings are intended to persist per volume, but automation should re-assert policy after mounts or major macOS upgrades and log the mdutil -s output for audit.

Which regions should share the same indexing policy?

Hong Kong, Japan, Korea, Singapore, and the United States hosts should carry identical documented defaults so YAML and launchd jobs do not fork silently.

Performance April 26, 2026

Rented Mac mini Spotlight mds Indexing vs CI Disk Budget: 2026 VmMac Matrix

VmMac Engineering Team April 26, 2026 ~21 min read

Build infrastructure owners who rent Apple Silicon Mac mini from VmMac inherit macOS defaults meant for laptops, not compile farms: Spotlight and the mds metadata subsystem will happily index terabytes of .o files while your xcodebuild job misses its SLO. This 2026 matrix explains why VM golden images always strip indexing, how to reproduce that discipline on bare metal with mdutil, and how to keep Hong Kong, Japan, Korea, Singapore, and the United States hosts boringly identical. You will get two comparison tables, nine enforcement steps, numeric alarms, and an FAQ. Cross-read parallel DerivedData lanes, APFS secondary volumes, and idle sleep vs CI power assertions so disk policy never fights scheduler policy.

Use help documentation for SSH bootstrap, pricing when you split index-off compile pools from index-on interactive QA stations, and VNC where testers still expect desktop search.

Why VM Golden Images Always Strip Spotlight—and What Bare Metal Must Mimic

Hypervisor templates ship with indexing disabled because unpredictable mdworker bursts invalidate A/B perf tests. On VmMac you are not cloning a diff disk each morning; you are SSHing into a persistent host that still receives Apple metadata updates. That means your “clean room” is a policy file plus a cron guard, not a revert button. Teams that ignore this see p95 compile times widen by double digits the same week Xcode drops a new Spotlight importer—exactly the class of noise that makes developers distrust remote Mac farms.

Index churn after every git clean -fdx because thousands of small files look like a filesystem rebuild to mds.
IO priority inversion when Spotlight competes with ld on the same NVMe queue.
Security ambiguity when customer fixtures live on a volume that Spotlight advertises into desktop search.

How mds, mdworker, and mds_stores Steal CI SLO Without Showing Up in Flame Graphs

CPU profilers attribute time to Swift compilers, but the underlying symptom is blocked reads while metadata writers hold locks. Watch for disk utilization at 95% while user CPU looks idle—that pattern often maps to metadata stores expanding under .Spotlight-V100. Another tell is launchd job start latency: if your compile wrapper sees more than 400 ms skew between scheduled time and first compiler syscall, check for mdworker storms before blaming the scheduler.

Rule of thumb: if more than 7% of wall time during a clean build is spent in kernel wait states unrelated to network, sample fs_usage for mds paths before optimizing Swift flags.

Matrix: Index-Off CI Volume vs Global Indexing vs Selective Exclusions

Policy	Operator effort	Perf predictability	Desktop UX impact
Dedicated CI APFS volume with indexing off	Medium—requires mount naming discipline	High	None if GUI users never browse that volume
Global indexing on Data volume	Low	Low during large branch switches	High search quality for VNC testers
Privacy plist exclusions per path	High—drifts with folder renames	Medium	Partial; testers may miss new paths

The first row is the default recommendation for unattended CI on VmMac: keep interactive profiles on separate hosts or separate volumes so product managers do not “helpfully” re-enable indexing to find PDFs on build roots.

mdutil Commands Your Runbook Should Quote Verbatim

Start every new volume with explicit state inspection:

mdutil -s /Volumes/VmMacCI

Then disable indexing for that mount after security review:

sudo mdutil -i off /Volumes/VmMacCI

When you intentionally rebuild metadata—for forensic search on a compromised host—erase the store in a maintenance window and re-run health checks before returning the machine to CI:

sudo mdutil -E /Volumes/VmMacCI

Document who may run these commands: on shared rentals, restrict sudo to infrastructure roles so app teams cannot toggle indexing mid-release to chase a personal desktop habit.

Privacy, Spotlight, and Customer Data on Shared Hosts

Indexing does not only cost CPU—it can surface filenames and snippets into search APIs that humans did not intend to expose. If your lane folders contain PII-bearing logs, treat indexing as a data-processing activity alongside your GDPR or APPI register. Pair filesystem layout guidance from lane isolation with explicit “no index” flags on those paths even when global indexing remains on for the rest of the disk.

Nine-Step Enforcement Ladder for 2026

Inventory every mounted volume across HK, JP, KR, SG, US and record default mdutil state.
Classify volumes as CI_ARTIFACT, INTERACTIVE, or MIXED; ban mixed on compile-heavy hosts.
Apply mdutil -i off to CI_ARTIFACT mounts; capture mdutil -s output in git per host class.
Add a weekly launchd job that re-asserts policy and alerts if state drifts.
Graph mdworker CPU as a percentage of total cores; page above 12% for more than 15 minutes.
Correlate spikes with fseventsd volume remounts; fix automation that thrashes mounts.
Exclude ephemeral package caches from desktop profiles using the same paths as CI to reduce cognitive drift.
Document rollback: how to re-enable indexing safely for investigations within 30 minutes.
Quarterly game day: intentionally fill a CI volume and verify indexing stays cold.

Warning: toggling indexing during production hours without comms can destroy reproducibility for perf regression tests that week—treat changes like kernel flag flips.

Five-Region Parity on VmMac (HK / JP / KR / SG / US)

Latency tuning differs by geography, but metadata policy should not. When a Singapore compile host silently indexes while a US host does not, you chase ghosts in Swift compile dashboards. Store plist fragments and shell snippets in one private repo, tag releases, and promote them through the same pipeline you use for compiler pins.

Numeric Alarms That Catch Real Regressions

Metric	Threshold	Meaning
mdworker CPU	> 12% for 15 min	Indexing storm or stuck store
Free space on CI volume	< 30 GB	mds expansion risk + build failure risk
Build wrapper skew	> 400 ms p95	Investigate Spotlight before compilers

FAQ: Spotlight on Rented Mac mini CI

Will disabling indexing break Xcode? No for command-line builds; yes if you rely on Xcode Organizer search on the same volume—split hosts instead.

Does Time Machine interact with this? Time Machine volume layout is orthogonal but can trigger heavy mds if you point backups at CI disks—avoid that topology entirely.

Who approves sudo mdutil? Platform engineering only, with ticketed exceptions lasting less than 48 hours.

Why Mac mini M4 and VmMac Make Index Policy Cheap

Mac mini M4 gives enough sustained IO to finish legitimate indexing quickly when you do turn it on for QA stations—while compile-only rentals stay cold. VmMac’s multi-region footprint means you can place index-off compile pools in Hong Kong, Japan, Korea, Singapore, and the United States next to your users without shipping golden VM images on thumb drives. Renting extra minis to separate “search on” testers from “search off” builders is cheaper than burning engineering hours on nondeterministic perf flakes.

Split Compile Hosts from Interactive QA

Use one VmMac plan line for cold CI volumes and another for VNC-friendly search defaults.

Compare plans Read SSH setup