- Reference >
- Backup Agent Configuration
Backup Agent Configuration¶
On this page
Connection Settings¶
For the Backup Agent communication with the MMS Servers, the following connection settings are required:
-
mmsApiKey
¶ Type: string
The MMS agent API key for a MMS group. The API Key can be found in the MMS interface on the Settings in the Agent API Settings section. For example:
-
mothership
¶ Type: string
The hostname of the MMS Backup Web Server.
-
https
¶ Type: boolean
Toggles communication with the MMS Backup web server over HTTPS.
HTTP Proxy Settings¶
-
httpProxy
¶ New in version 1.4.4.34-1.
Type: string
To connect to the MMS HTTP Service via a proxy, specify the URL of the proxy. For example:
MongoDB SSL Settings¶
Specify these settings when the Backup Agent is connecting to MongoDB instances with SSL.
-
sslClientCertificate
¶ Type: string
The path to the private key, client certificate, and optional intermediate certificates in PEM format. The agent will use the client certificate when connecting to any configured MongoDB that use SSL and require client certificates, i.e. that are running using the
--sslCAFile
option.
-
sslClientCertificatePassword
¶ Type: string
The password needed to decrypt the private key in the sslClientCertificate file. This setting is only necessary if the client certificate PEM file is encrypted.
-
sslTrustedServerCertificates
¶ Type: string
The path on disk that contains the trusted certificate authority certificates in PEM format. These certificates will verify the server certificate returned from any MongoDBs running with SSL. For example:
-
sslRequireValidServerCertificates
¶ Type: boolean
Use this option to disable certificate verification by setting this value to
false
. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.
MongoDB Kerberos Settings¶
Specify these settings if the Backup Agent authenticates to hosts using Kerberos. For more information, see Connect to Hosts with Kerberos Authentication.
-
krb5Principal
¶ Type: string
The Kerberos principal used by the agent. For example:
-
krb5Keytab
¶ Type: string
The absolute path to Kerberos principal’s keytab file. For example:
MMS Server SSL Settings¶
Advanced SSL settings used by the Backup Agent when communicating to the MMS Backup Web Server.
-
sslTrustedMMSBackupServerCertificate
¶ By default the Backup Agent will use the trusted root CAs installed on the system. If the agent cannot find the trusted root CAs, configure these settings manually.
If the MMS Backup Server is using a self-signed SSL certificate this setting is required.
The path on disk that contains the trusted certificate authority certificates in PEM format. The agent will use this certificate to verify that the agent is communicating with the designated MMS Backup Server. For example:
-
sslRequireValidMMSBackupServerCertificate
¶ Type: boolean
You can disable certificate verification by setting this value to
false
. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.