- Agents >
- Backup Agent >
- Backup Agent Configuration
Backup Agent Configuration¶
This page describes possible settings for Backup Agent. These values are set after first launching Ops Manager and not through manual editing of these files. See Ops Manager Configuration for the Ops Manager settings and their values.
Warning
Do not edit these settings for a Backup Agent that is managed by an Automation Agent. If you do, the Automation Agent can overwrite any changes you make. If you are not using the Automation Agent, you must edit these settings manually.
Location of the Configuration File on Each Operating System¶
The location of the Backup Agent configuration file depends on your operating system:
Operating System | Installation Method | Config File Path |
RHEL, CentOS, Amazon Linux and Ubuntu | package manager | /etc/mongodb-mms/backup-agent.config |
OS X or other Linux distributions | tar |
/path/to/install/local.config |
Windows | msi |
C:\MMSData\Backup\local.config |
Backup Agent Settings¶
Ops Manager provides the values for these Backup Agent settings when Ops Manager is initially configured.
Important
You must set the mmsApiKey
value.
Connection Settings¶
For the Backup Agent to communicate with the Ops Manager servers, these connection settings are required:
-
mmsApiKey
¶ Type: string
Specifies the Ops Manager agent API key of your Ops Manager group. To retrieve this key from Ops Manager, click Settings, then Agents and then click on the appropriate operating system under Agent Downloads.
When the Backup Agent Installation Instructions box appears, these values can be copied directly from this box using the Copy buttons.
This setting is usually set when the Backup Agent is installed and it is required.
-
mothership
¶ Type: string
Specifies the URL of the Ops Manager Application.
-
https
¶ Type: boolean
Specifies whether or not communication with the Ops Manager web server uses Secure HTTP.
Logging Settings¶
-
logFile
¶ Type: string
Specifies the absolute path to the log file. If this is not specified, the log writes to standard error (
stderr
) on UNIX- and Linux-based systems and to the Event Log on Windows systems.
-
maxLogFileSizeBytes
¶ Type: integer
Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the Backup Agent does not rotate logs based on file size. This is optional.
-
maxLogFileDurationHrs
¶ Type: float
Specifies the number of hours after which the log file is rotated. This is optional and only supported on UNIX- and Linux-based systems.
Note
You can manually rotate the Backup Agent logs. Issue a user signal 1 kill command for the Backup Agent process:
This rotates the Backup Agent log file.
HTTP Proxy Settings¶
-
httpProxy
¶ Type: string
Specifies the URL of an HTTP proxy server the Backup Agent can use.
MongoDB Kerberos Settings¶
Specify these settings if the Backup Agent authenticates to hosts using Kerberos. See Configure the Backup Agent for Kerberos for more information.
-
krb5Principal
¶ Type: string
Specifies the Kerberos principal the Backup Agent uses.
-
krb5Keytab
¶ Type: string
Specifies the absolute path to Kerberos principal’s keytab file.
-
krb5ConfigLocation
¶ Type: string
Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.
-
gsappiServiceName
¶ Type: string
Specifies the service name with the
gssapiServiceName
option.By default, MongoDB uses
mongodb
as its service name.
Note
Ops Manager creates a Kerberos Credential (Ticket) Cache for each agent
automatically when Kerberos is enabled. If you want to override the
location of the
Kerberos Credential Cache,
you must set the KRB5CCNAME
environment variable to the desired
file name and path before running the agent.
MongoDB SSL Settings¶
Specify these settings when the Backup Agent connects to MongoDB deployments using SSL. See Configure Backup Agent for SSL for more information.
-
sslClientCertificate
¶ Type: string
Specifies the path to the private key, client certificate, and optional intermediate certificates in
PEM
format. The Backup Agent uses the client certificate when connecting to a MongoDB deployment that uses SSL and requires client certificates (one that runs with the--sslCAFile
option).
-
sslClientCertificatePassword
¶ Type: string
Specifies the password needed to decrypt the private key in the
sslClientCertificate
file. This setting is needed when the client certificate PEM file is encrypted.
-
sslTrustedServerCertificates
¶ Type: string
Specifies the path that contains the trusted CA certificates in
PEM
format. These certificates verify the server certificate returned from any MongoDB deployments running with SSL.
-
sslRequireValidServerCertificates
¶ Type: boolean
Specifies if the Backup Agent should validate SSL certificates presented by the MongoDB deployments.
Warning
Setting this option to
false
disables certificate verification and makes connections between the Backup Agent and MongoDB deployments susceptible to man-in-the-middle attacks. Setting this option tofalse
is only recommended for testing purposes.
Ops Manager Server SSL Settings¶
Specify the settings the Backup Agent uses when communicating with Ops Manager using SSL.
-
sslTrustedMMSBackupServerCertificate
¶ Specifies the path that contains the trusted CA certificates in
PEM
format. The Backup Agent uses this certificate to verify that the agent is communicating with the designated Ops Manager instance.By default, the Backup Agent uses the trusted root CAs installed on the system.
If the Backup Agent cannot find the trusted root CAs, configure these settings manually.
If Ops Manager is using a self-signed SSL certificate, this setting is required.
-
sslRequireValidMMSBackupServerCertificate
¶ Specifies if the Backup Agent should validate SSL certificates from Ops Manager.
Warning
Setting this option to
false
disables certificate verification and makes connections between Backup Agent and Ops Manager susceptible to man-in-the-middle attacks. Setting this option tofalse
is only recommended for testing purposes.
-
sslServerClientCertificate
¶ Type: string
Specifies the path to the file containing the client’s private key, certificate, and optional intermediate certificates in
PEM
format. The Backup Agent uses the client certificate when connecting to Ops Manager over SSL if Ops Manager requires client certificates, such as when Ops Manager runs withClient Certificate Mode
set toRequired for Agents Only
orRequired for All Requests
.See also
See
Client Certificate Mode
in Ops Manager Configuration for how to specify this setting in the Ops Manager Application.
-
sslServerClientCertificatePassword
¶ Type: string
Specifies the password needed to decrypt the private key in the
sslServerClientCertificate
file. This setting is required when the client certificatePEM
file is encrypted.