- Reference >
- Backup Agent >
- Backup Agent Configuration
Backup Agent Configuration¶
On this page
Warning
Do not edit these settings for a Backup Agent that is managed by an Automation Agent. If you do, the Automation Agent will overwrite any changes you make.
Configuration File¶
The name and location of the Backup Agent configuration file depend on the operating system:
RHEL, CentOS, Amazon Linux, and Ubuntu all use a package manager to install the agent. The package manager creates the following agent configuration file:
/etc/mongodb-mms/backup-agent.config
OS X, Windows, and other Linux systems use either a
tar
ormsi
file for the installation. The Backup Agent stores its configuration in the following file:<installation directory>/local.config
Settings¶
Connection Settings¶
For the Backup Agent communication with the Ops Manager servers, the following connection settings are required:
-
mmsApiKey
¶ Type: string
The Ops Manager agent API key for a Ops Manager group. To retrieve the key from the Ops Manager interface, click the Administration tab, then the Agents page, and then the link for your operating system. Ops Manager will display the Ops Manager API key used by your Ops Manager group.
For example:
-
mothership
¶ Type: string
The hostname of the Ops Manager Backup Web Server.
-
https
¶ Type: boolean
Toggles communication with the Ops Manager Backup web server over HTTPS.
HTTP Proxy Settings¶
-
httpProxy
¶ New in version 1.4.4.34-1.
Type: string
To connect to Ops Manager via a proxy, specify the URL of the proxy. For example:
MongoDB SSL Settings¶
Specify these settings when the Backup Agent is connecting to MongoDB instances with SSL.
-
sslClientCertificate
¶ Type: string
The path to the private key, client certificate, and optional intermediate certificates in PEM format. The agent will use the client certificate when connecting to a MongoDB instance that uses SSL and requires client certificates, i.e. that is running using the
--sslCAFile
option.
-
sslClientCertificatePassword
¶ Type: string
The password needed to decrypt the private key in the sslClientCertificate file. This setting is only necessary if the client certificate PEM file is encrypted.
-
sslTrustedServerCertificates
¶ Type: string
The path on disk that contains the trusted certificate authority certificates in PEM format. These certificates will verify the server certificate returned from any MongoDBs running with SSL. For example:
-
sslRequireValidServerCertificates
¶ Type: boolean
Use this option to disable certificate verification by setting this value to
false
. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.
MongoDB Kerberos Settings¶
Specify these settings if the Backup Agent authenticates to hosts using Kerberos. For more information, see Configure the Backup Agent for Kerberos.
-
krb5Principal
¶ Type: string
The Kerberos principal used by the agent. For example:
-
krb5Keytab
¶ Type: string
The absolute path to Kerberos principal’s keytab file. For example:
-
gsappiServiceName
¶ Type: string
The default service name used by MongoDB is
mongodb
can specify a custom service name with thegssapiServiceName
option.
Ops Manager Server SSL Settings¶
Advanced SSL settings used by the Backup Agent when communicating to the Ops Manager Backup Web Server.
-
sslTrustedMMSBackupServerCertificate
¶ By default the Backup Agent will use the trusted root CAs installed on the system. If the agent cannot find the trusted root CAs, configure these settings manually.
If the Ops Manager Backup Server is using a self-signed SSL certificate this setting is required.
The path on disk that contains the trusted certificate authority certificates in PEM format. The agent will use this certificate to verify that the agent is communicating with the designated Ops Manager Backup Server. For example:
-
sslRequireValidMMSBackupServerCertificate
¶ Type: boolean
You can disable certificate verification by setting this value to
false
. That configuration is only recommended for testing purposes as it makes connections susceptible to man-in-the-middle attacks.