Navigation

Backup Agent Configuration

This page describes possible settings for Backup Agent. These values are set after first launching Cloud Manager and not through manual editing of these files.

Warning

Do not edit these settings for a Backup Agent that is managed by an Automation Agent. If you do, the Automation Agent can overwrite any changes you make. If you are not using the Automation Agent, you must edit these settings manually.

Location of the Configuration File on Each Operating System

The location of the Backup Agent configuration file depends on your operating system:

Operating System Installation Method Config File Path
RHEL, CentOS, Amazon Linux and Ubuntu package manager /etc/mongodb-mms/backup-agent.config
OS X or other Linux distributions tar /path/to/install/local.config
Windows msi C:\MMSData\Backup\local.config

Backup Agent Settings

Cloud Manager provides the values for these Backup Agent settings when Cloud Manager is initially configured.

Important

You must set the mmsApiKey value.

Connection Settings

For the Backup Agent to communicate with the Cloud Manager servers, these connection settings are required:

mmsGroupId

Type: string

Specifies the ID of your Cloud Manager project. The project ID is displayed in the Project Settings page (Settings > Project Settings).

Required.

mmsGroupId=8zvbo2s2asigxvmpnkq5yexf
mmsApiKey

Type: string

Specifies the Cloud Manager agent API key of your Cloud Manager project.

You can use an Agent API key that you have already generated for the project. Otherwise, you can generate a new Agent API key. A project can have more than one Agent API key, and any of the project’s agents can use any of the keys. For more information, see Manage Agent API Keys.

To generate an Agent API key, go to the Agent API Keys tab. To navigate to the tab, from the Deployment view, click the Agents tab and then the Agent API Keys tab.

Important

When you generate an Agent API key, Cloud Manager displays it one time only. You must copy it and store it in a secure place. Cloud Manager will never display the full key again.

This setting is usually set when the Backup Agent is installed and it is required.

mmsApiKey=rgdte4w7wwbnds9nceuodx9mcte2zqem
mothership

Type: string

Specifies the URL of the Cloud Manager.

https

Type: boolean

Specifies whether or not communication with the Cloud Manager web server uses Secure HTTP.

Logging Settings

logFile

Type: string

Specifies the absolute path to the log file. If this is not specified, the log writes to standard error (stderr) on UNIX- and Linux-based systems and to the Event Log on Windows systems.

maxLogFileSizeBytes

Type: integer

Specifies the maximum size, in bytes, of a log file before the logs are rotated. If unspecified, the Backup Agent does not rotate logs based on file size. This is optional.

maxLogFileSizeBytes=536870912
maxLogFileDurationHrs

Type: float

Specifies the number of hours after which the log file is rotated. This is optional and only supported on UNIX- and Linux-based systems.

Note

You can manually rotate the Backup Agent logs. Issue a user signal 1 kill command for the Backup Agent process:

kill -SIGUSR1 <backupAgentID>

This rotates the Backup Agent log file.

HTTP Proxy Settings

httpProxy

Type: string

Specifies the URL of an HTTP proxy server the Backup Agent can use.

httpProxy=http://proxy.example.com:8080

MongoDB Kerberos Settings

Specify these settings if the Backup Agent authenticates to hosts using Kerberos. See Configure the Backup Agent for Kerberos for more information.

krb5Principal

Type: string

Specifies the Kerberos principal the Backup Agent uses.

krb5Principal=mmsagent/myhost@EXAMPLE.COM
krb5Keytab

Type: string

Specifies the absolute path to Kerberos principal’s keytab file.
krb5Keytab=/path/to/backup-agent.keytab
krb5ConfigLocation

Type: string

Specifies the absolute path to an non-system-standard location for the Kerberos configuration file.

krb5ConfigLocation=/path/to/krb_custom.conf
gsappiServiceName

Type: string

Specifies the service name with the gssapiServiceName option.

By default, MongoDB uses mongodb as its service name.

Note

Cloud Manager creates a Kerberos Credential (Ticket) Cache for each agent automatically when Kerberos is enabled. If you want to override the location of the Kerberos Credential Cache, you must set the KRB5CCNAME environment variable to the desired file name and path before running the agent.

MongoDB SSL Settings

Specify these settings when the Backup Agent connects to MongoDB deployments using SSL. See Configure Backup Agent for SSL for more information.

sslClientCertificate

Type: string

Specifies the path to the private key, client certificate, and optional intermediate certificates in PEM format. The Backup Agent uses the client certificate when connecting to a MongoDB deployment that uses SSL and requires client certificates (one that runs with the --sslCAFile option).

sslClientCertificatePassword

Type: string

Specifies the password needed to decrypt the private key in the sslClientCertificate file. This setting is needed when the client certificate PEM file is encrypted.

sslTrustedServerCertificates

Type: string

Specifies the path that contains the trusted CA certificates in PEM format. These certificates verify the server certificate returned from any MongoDB deployments running with SSL.

sslTrustedServerCertificates=/path/to/mongodb-certs.pem
sslRequireValidServerCertificates

Type: boolean

Specifies if the Backup Agent should validate SSL certificates presented by the MongoDB deployments.

Warning

Setting this option to false disables certificate verification and makes connections between the Backup Agent and MongoDB deployments susceptible to man-in-the-middle attacks. Setting this option to false is only recommended for testing purposes.

Cloud Manager Server SSL Settings

Specify the settings the Backup Agent uses when communicating with Cloud Manager using SSL.

sslTrustedMMSBackupServerCertificate

Specifies the path that contains the trusted CA certificates in PEM format. The Backup Agent uses this certificate to verify that the agent is communicating with the designated Cloud Manager instance.

By default, the Backup Agent uses the trusted root CAs installed on the system.

If the Backup Agent cannot find the trusted root CAs, configure these settings manually.

sslTrustedMMSBackupServerCertificate=/path/to/mms-certs.pem