ABS Configuration Reference
Aerospike Backup Service (ABS) reads the configuration file aerospike-backup-service.yml to create connections to Aerospike Database namespaces and storage destinations, as well as backup policies, routines, and schedules.
For the parameter list in OpenAPI format, see the Schemas section in the REST API specification.
Configuration options
Search here for individual configuration options. Expand the cards to see more details and/or usage examples.
Options
Connection timeout in milliseconds.
5000The authentication mode used by the cluster.
INTERNAL, EXTERNAL, PKI
File path with the password string. Mutually exclusive with password field.
aerospike-clusters: cluster1: credentials: user: "admin" password-path: "/path/to/pass.txt"Plaintext password for cluster authentication. If it starts with secrets, path to password stored in Aerospike Secret Agent. Only use this plaintext authentication method for testing, never in production.
aerospike-clusters: cluster1: credentials: user: "admin" password: "admin"Name of secret agent to use to fetch password. Use a previously configured secret agent in the secret-agents configuration stanza.
aerospike-clusters: cluster1: credentials: secret-agent-name: "demoSa"Configuration for one or more secret agents to use to fetch the password.
aerospike-clusters: cluster1: credentials: secret-agent: ... <secret agent config here> ...Plaintext username for cluster authentication.
aerospike-clusters: cluster1: credentials: user: "admin" password: "admin"Authentication details for the Aerospike cluster. You can pass a reference to a secret in the Secret Agent, a path to a plaintext file, or the plaintext credentials. Only use plaintext credentials for testing, never production.
aerospike-clusters: prod-cluster: seed-nodes: - host-name: aerocluster.aerospike.svc.cluster.local port: 3000 credentials: user: backup-user password: secrets:asbackup:db_password # fetched with Secret Agent secret-agent-name: primary-sa # choose one of the configured agentssecret-agents: primary-sa: address: secret-agent.svc.cluster.local port: 3005 connection-type: tcpaerospike-clusters: cluster1: credentials: user: "admin" password: "admin"A user-selected name for the cluster. It is used only in logs and error messages.
Maximum number of simultaneous allowed data reads, or scans, from the cluster during backup. This is a cluster-scope limit for all backup policies to prevent cluster overload.
aerospike-clusters: absDefaultCluster: seed-nodes: - host-name: "localhost" port: 3000 credentials: user: "tester" password: "psw" max-parallel-scans: 8Any non-negative integer
The list of acceptable racks in order of preference.
Nodes in the first element of the list (prefer-racks[0]) are chosen first.
If a node is not found in prefer-racks[0], then nodes in prefer-racks[1] are searched, and so on.
Mutually exclusive with a routine’s rack-list, node-list and partition-list properties.
This parameter was moved from backup-routines to aerospike-clusters in ABS 3.4.
[0]Host name to connect to the seed node for communication with the Aerospike Database cluster.
aerospike-clusters: absCluster1: seed-nodes: - host-name: "aerospike-cluster" port: 3000 credentials: user: admin password: adminPort to connect to the seed node for communication with the Aerospike Database cluster.
aerospike-clusters: absCluster1: seed-nodes: - host-name: "aerospike-cluster" port: 3000 credentials: user: admin password: adminOptional TLS certificate name used for secure connections.
A stanza with connection details of the seed nodes, or the nodes that Aerospike Backup Service uses to communicate with the cluster. On a multi-node cluster, you can supply connection information for a single node and the rest of the nodes will automatically be discovered.
aerospike-clusters: absCluster1: seed-nodes: - host-name: "aerospike-cluster" port: 3000Path to a trusted CA certificate file.
Path to a directory of trusted CA certificates.
Path to the chain file for mutual authentication if the Aerospike cluster supports it.
TLS cipher selection criteria. The format is the same as OpenSSL’s Cipher List Format.
Password to load protected TLS-keyfile (env:VAR, file:PATH, PASSWORD).
Path to the key for mutual authentication if the Aerospike cluster supports it.
Default TLS name used to authenticate each TLS socket connection.
TLS protocol selection criteria. This format is the same as Apache’s SSL Protocol.
A sub-stanza of a particular cluster with details about the cluster TLS configuration.
Whether to use “services-alternate” instead of “services” in info request during cluster tending.
Configuration section with parameters that control connections to an Aerospike cluster. The next level under this section must be an Aerospike cluster definition.
aerospike-clusters: cluster1: (...)Throttles backup write operations to the backup file(s) to not exceed the given bandwidth in MiB/s.
bandwidth: 10000Compression level to use, or -1 if unspecified.
Compression mode to use. Options are NONE (default) or ZSTD.
`NONE`NONE, ZSTD
Enables incremental backups to start while a full or incremental backup is ongoing.
Name of the environment variable containing the encryption key. The private key must be in PEM format, be base64-encoded, and include the BEGIN header and END footer.
-----BEGIN RSA PRIVATE KEY-----MIICWg0BAAKBgQCKHXHc6Zw4tdLRCAEIgmr4SbRpS5fk5XOKFoMXh3u+jWmWoFVHEcxTNRVBzTQn6diGpNVV1gsWNb+6BqjtLsU2JYvKxDBN4OlIp0iTReGM00x4WI3KI3q6vxRjzloeSouYWyM9HfEMzlljtVOeYSArWGS8bCe2M4tKgYeNjgvc9QIDAQABAoGAaM4NMC0pXjNDJVGgjxeAGqa7W0d8nLos4bVRhtJNaXyfiihibcqotN93ISGZGUyO/SUpqbgBs7nXok8ZctoR1WjNQnwUO0sz0MfN77d2YOOoxe9ISPPw8XItCznBVJ1TACChctdiRTb3MXK9jKvgdwuDF6CjD+jx9eUMzhuKvqUCQQD/xacOMs5754IDB+kTYFnCkutGBnbXheCZhjhNDSoeLpf/iFd7i+zwZXREy7ZF3fz/lDODcFJX8SbItntj8MgzAkEAijzzs6ZEna7SKMwBTf1zwPIq4TuwaDPPxLGdag+gniEbC54CSYuUb3H5d7ZBH5T2JlCjvX93xOF/a3GZHVm+NwJAIbgtDfIkxrD+sueYErXhH4W+/rxbbo53zcWkJoRVy3TbZRTUc7U+x3KYoXk5znw1nnwrTmjAcleYhV2JZuOXgQ4/Co4DAOsJo274hb0GWSbrCOUL8+kCzeii42zoByMCh32rThowDLI4KS5o0oq3yG0b929jcDIGwgw3bcxRXqGXakAqCJNsRUY4K/yrzRgV1lw5Dj3g8cQ3Sneon4mO6Yp73ovVbbgTxvcLBgwjIjpt1rT2uipRJKGatsIZ3NVuFfP1-----END RSA PRIVATE KEY-----export COMPRESSION_PASS_KEY=MIICWg0BAAKBgQCKHXHc6Zw4tdLRCAEIgmr4SbRpS5fk5XOKFoMXh3u+jWmWoFVHEcxTNRVBzTQn6diGpNVV1gsWNb+6BqjtLsU2JYvKxDBN4OlIp0iTReGM00x4WI3KI3q6vxRjzloeSouYWyM9HfEMzlljtVOeYSArWGS8bCe2M4tKgYeNjgvc9QIDAQABAoGAaM4NMC0pXjNDJVGgjxeAGqa7W0d8nLos4bVRhtJNaXyfiihibcqotN93ISGZGUyO/SUpqbgBs7nXok8ZctoR1WjNQnwUO0sz0MfN77d2YOOoxe9ISPPw8XItCznBVJ1TACChctdiRTb3MXK9jKvgdwuDF6CjD+jx9eUMzhuKvqUCQQD/xacOMs5754IDB+kTYFnCkutGBnbXheCZhjhNDSoeLpf/iFd7i+zwZXREy7ZF3fz/lDODcFJX8SbItntj8MgzAkEAijzzs6ZEna7SKMwBTf1zwPIq4TuwaDPPxLGdag+gniEbC54CSYuUb3H5d7ZBH5T2JlCjvX93xOF/a3GZHVm+NwJAIbgtDfIkxrD+sueYErXhH4W+/rxbbo53zcWkJoRVy3TbZRTUc7U+x3KYoXk5znw1nnwrTmjAcleYhV2JZuOXgQ4/Co4DAOsJo274hb0GWSbrCOUL8+kCzeii42zoByMCh32rThowDLI4KS5o0oq3yG0b929jcDIGwgw3bcxRXqGXakAqCJNsRUY4K/yrzRgV1lw5Dj3g8cQ3Sneon4mO6Yp73ovVbbgTxvcLBgwjIjpt1rT2uipRJKGatsIZ3NVuFfP1Path to the file containing the encryption key. The encryption key must be a valid PEM file, be base64-encoded, and include the BEGIN header and END footer.
encryption: mode: "AES256" key-file: "/data/aerospike-backup-service/etc/aerospike-backup-service/keyfile1.dat"Secret keyword in Aerospike Secret Agent containing the encryption key.
Encryption mode to use. Options are NONE, AES128, or AES256.
`NONE`NONE, AES128, AES256
Controls backup encryption information like the location of an encryption key or the keyword for Aerospike Secret Agent.
File size limit in MB for the backup file. If an .asb backup file crosses this size threshold, a new backup file is created.
file-limit: 1024Approximate limit for the number of records to process. Available in Database 4.9 and later.
max-records: 10000Maximum number of retries before aborting the current transaction. Removed in 3.0 and replaced with the retry-policy substanza.
"parallel":1, "max-retries": 3Only back up record metadata; digest, TTL, generation count, key.
Whether to back up secondary index definitions.
Whether to back up record data, metadata or bin data.
Maximum number of threads to use for writing backup files. This defaults to the same value as parallel.
1Maximum number of scan calls to run in parallel. Each scan call processes a subset of the total data partitions. This value should always be equal to or less than aerospike-clusters.CLUSTER_NAME.max-parallel-scans.
1Limit total returned records per second (RPS). If RPS is zero (the default), the records-per-second limit is not applied.
1000Clear directory or remove output file.
The total number of full backups to retain. The minimum is 1, meaning each new full backup deletes the previous one. If not specified, all full backups are kept.
full: 5Any integer equal to or greater than 1
The number of most recent full backups for which incremental backups are retained. Cannot exceed the value of full. If omitted, all incremental backups are kept. A value of 0 means that all previous incremental backups will be deleted after each full backup is made.
incremental: 3Integer values equal to or less than 0 and equal to or less than full.
A stanza that optionally specifies retention rules for a given backup policy.
removeFilesPolicy: retention: full: 5 incremental: 3Delay in milliseconds to wait before retrying a failed operation.
500Initial delay between retry attempts, in milliseconds.
Maximum number of retry attempts that will be made. If set to 0, no retries will be performed.
Increases the delay between subsequent retry attempts. The actual delay is calculated as: BaseTimeout * (Multiplier ^ attemptNumber)
Define a policy in this section for the initial waiting time before a retry, number of retries, and a multiplier that extends the wait interval. A retry policy can also be sent as part of a JSON restore request.
backup-policies: example-backup-policy: ... # additional stanzas retry-policy: base-timeout: 1000 # 1000 milliseconds max-retries: 4 multiplier: 2 ... # additional stanzasWhether backup should include keys updated during the backup process. When true, the backup contains only records that were last modified before backup started. When false, records updated during backup may be included in the backup.
Socket timeout in milliseconds. Default is 10 minutes. If this value is 0, it is set to total-timeout. If both socket-timeout and total-timeout are 0, there is no socket idle time limit.
1000Total socket timeout in milliseconds.
2000Top-level section that defines the attributes of your backup policies. The next level under this section must be a backup policy name.
backup-policies: policy1: parallel: (...) retention: (...) compression: (...)Name of the corresponding backup policy.
backup-routines: minioRoutine: interval-cron: "@daily" incr-interval-cron: "@hourly" source-cluster: absCluster1 storage: minioStorage namespaces: ["test"] backup-policy: keepFilesPolicyList of bin names to back up. An empty list backs up all bins.
["dataBin"]Interval for incremental backup as a cron expression string. Intervals are extended cron (7 symbols: year, month, week, day, hour, minute, second). All times are in UTC time zone. Supported reserved words: @yearly, @monthly, @weekly, @daily, @hourly
*/10 * * * * *Interval for full backup as a cron expression string. Intervals are extended cron (7 symbols: year, month, week, day, hour, minute, second). All times are in UTC time zone. Supported reserved words: @yearly, @monthly, @weekly, @daily, @hourly
0 0 * * * *List of namespaces to back up. Empty list implies backup of whole cluster.
["source-ns1"]List of nodes to back up. Formatted as a list of IP addresses and/or host names followed by port numbers. Empty list implies backup of whole cluster. Mutually exclusive with partition-list.
IP_ADDRESS:PORT(,IP_ADDRESS:PORT,...)Filter that specifies individual partitions or a range of partitions to back up. Partition filters can be ranges, individual partitions, or records after a specific digest within a single partition.
- A range is specified as ”
- ”: “100-50” backs up 50 partitions starting from 100. - A single partition is specified as a number: “0” backs up the first partition at position 0.
- Multiple entries can be comma-separated: “0,100,200,300,400,500” backs up only the partitions in the list.
By default, all partitions are backed up. This field is mutually exclusive with node-list.
100,200,300-400Specifies the Aerospike Database rack IDs to read during backup.
If provided, only nodes belonging to these specified racks are scanned.
If the list is empty or omitted, no rack filtering is applied.
Mutually exclusive with partition-list and node-list in this routine.
Also mutually exclusive with the cluster’s prefer-racks setting.
Name of a Secret Agent to read secrets from (optional).
secret-agent: my-secret-agentList of set names to back up. An empty list backs up all sets.
["set1"]Name of the corresponding source cluster.
testClusterName of the corresponding storage provider configuration.
storage: minioStorageA top-level stanza specifying the details of one or more backup routines.
backup-routines: routine1: interval-cron: "1/30 * * * * *" incr-interval-cron: "1/5 * * * * *" backup-policy: "policy1" source-cluster: "cluster1" storage: "local1" namespaces: ["test"]A top-level stanza containing cluster objects for each of the Aerospike clusters that ABS is connected to.
aerospike-clusters: cluster1: use-services-alternate: false seed-nodes: - host-name: "127.0.0.1" port: 3000 credentials: user: "admin" password: "admin"Path to the backup data within the source storage (object key or prefix). You can obtain this value by browsing the storage UI or reading the key field in the response from GET v1/backups/full/{routine}.
backup-data-path: "daily/2025-01-15/full"Name of a preconfigured cluster in aerospike-clusters. Either destination-name or destination is required.
Inline destination cluster configuration (same shape as aerospike-clusters). Either destination or destination-name is required.
Throttles read operations from the backup file(s) to not exceed the given I/O bandwidth in MiB/s.
Maximum records per async batch write call. Only applies when batch writes are enabled.
Bins to restore. An empty list implies restoring all bins. Duplicate names are rejected.
Compression mode used by the backup. Use ZSTD only when backups are compressed.
mode: ZSTDNONE, ZSTD
Compression settings for decompressing backup files. Set when backups are compressed.
restore-request: policy: compression: mode: ZSTDDisable batch writes and force single-record writes, even when the cluster supports batch writes.
Environment variable name that holds the encryption key. Use when the key is provided via env var.
key-env: ABS_RESTORE_KEYFile path for the encryption key. Use when the key is stored locally.
key-file: /etc/aerospike/restore.keySecret Agent keyword containing the encryption key. Use when the key is stored in Secret Agent.
key-secret: restore_keyEncryption mode used by the backup. Use NONE for unencrypted backups; for AES modes, provide one key source.
mode: AES256NONE, AES128, AES256
Encryption settings for decrypting backup files. Set when backups are encrypted.
restore-request: policy: encryption: mode: AES256 key-env: ABS_RESTORE_KEYExtra time-to-live to add to records with expirable void-times, in seconds. Use 0 to keep original TTL.
Maximum number of outstanding async batch write calls. Only applies when batch writes are enabled.
Destination namespace name to restore data into. Required when using namespace remapping.
Original namespace name. Required when using namespace remapping.
Specifies an alternative namespace name for the restore operation.
restore-request: policy: namespace: source: "test" destination: "test_restore"Records from backups take precedence. Disables generation checks so backup records overwrite existing records. Mutually exclusive with unique.
Do not restore any secondary index definitions.
Do not restore any record data (metadata or bin data). Index and UDF restores are controlled by no-indexes and no-udfs.
Number of concurrent record readers from backup files. Controls read parallelism and must be greater than 0.
Replace records from the backup. By default, only bins in the backup are replaced; other bins remain untouched. Mutually exclusive with unique.
Initial delay between retry attempts, in milliseconds. Must be greater than 0.
base-timeout: 2000The maximum number of retry attempts. If set to 0, no retries are performed.
max-retries: 10Backoff multiplier (>= 1) used to increase delays between retry attempts. Accepts integer or decimal values.
multiplier: 1.5Retry settings for writes to the destination cluster. Use to override the default policy.
restore-request: policy: retry-policy: base-timeout: 2000 multiplier: 2 max-retries: 10Sets to restore. An empty list implies restoring all sets. Duplicate names are rejected.
Socket timeout in milliseconds for Aerospike commands to write records, create indexes, and create UDFs. If this value is 0, it is set to total-timeout. If both are 0, there is no socket idle time limit.
Total socket timeout in milliseconds. Default is 0, meaning no timeout.
Throttles read operations from the backup file(s) to not exceed the given transactions per second. Must be greater than 0.
Existing records take precedence. Only records that do not exist in the namespace are restored. Mutually exclusive with replace and no-generation.
Restore policy for the operation. If omitted, defaults are used. Controls filtering and record handling options.
Name of a preconfigured secret agent in secret-agents. Mutually exclusive with secret-agent.
Inline secret agent configuration (same shape as secret-agents) for resolving secrets. Mutually exclusive with secret-agent-name.
Name of a preconfigured storage in storage. Either source-name or source is required.
Inline storage configuration for the backup source (same shape as storage). Either source or source-name is required.
Use when you have a backup data path in storage and want to restore from that path. Requires backup-data-path and either source or source-name.
Name of a preconfigured cluster in aerospike-clusters. Mutually exclusive with destination. If not specified, the routine’s cluster is used.
Inline destination cluster configuration (same shape as aerospike-clusters). Mutually exclusive with destination-name. If not specified, the routine’s cluster is used.
Disable reverse-order incremental restore optimization. When true, incremental backups are applied in chronological order.
Throttles read operations from the backup file(s) to not exceed the given I/O bandwidth in MiB/s.
Maximum records per async batch write call. Only applies when batch writes are enabled.
Bins to restore. An empty list implies restoring all bins. Duplicate names are rejected.
Disable batch writes and force single-record writes, even when the cluster supports batch writes.
Environment variable name that holds the encryption key. Use when the key is provided via env var.
key-env: ABS_RESTORE_KEYFile path for the encryption key. Use when the key is stored locally.
key-file: /etc/aerospike/restore.keySecret Agent keyword containing the encryption key. Use when the key is stored in Secret Agent.
key-secret: restore_keyEncryption mode used by the backup. Use NONE for unencrypted backups; for AES modes, provide one key source.
mode: AES256NONE, AES128, AES256
Encryption settings for decrypting backup files. Set when backups are encrypted.
restore-timestamp-request: policy: encryption: mode: AES256 key-env: ABS_RESTORE_KEYExtra time-to-live to add to records with expirable void-times, in seconds. Use 0 to keep original TTL.
Maximum number of outstanding async batch write calls. Only applies when batch writes are enabled.
Destination namespace name to restore data into. Required when using namespace remapping.
Original namespace name. Required when using namespace remapping.
Specifies an alternative namespace name for the restore operation.
restore-timestamp-request: policy: namespace: source: "test" destination: "test_restore"Records from backups take precedence. Disables generation checks so backup records overwrite existing records. Mutually exclusive with unique.
Do not restore any secondary index definitions.
Do not restore any record data (metadata or bin data). Index and UDF restores are controlled by no-indexes and no-udfs.
Number of concurrent record readers from backup files. Controls read parallelism and must be greater than 0.
Replace records from the backup. By default, only bins in the backup are replaced; other bins remain untouched. Mutually exclusive with unique.
Initial delay between retry attempts, in milliseconds. Must be greater than 0.
base-timeout: 2000The maximum number of retry attempts. If set to 0, no retries are performed.
max-retries: 10Backoff multiplier (>= 1) used to increase delays between retry attempts. Accepts integer or decimal values.
multiplier: 1.5Retry settings for writes to the destination cluster. Use to override the default policy.
restore-timestamp-request: policy: retry-policy: base-timeout: 2000 multiplier: 2 max-retries: 10Sets to restore. An empty list implies restoring all sets. Duplicate names are rejected.
Socket timeout in milliseconds for Aerospike commands to write records, create indexes, and create UDFs. If this value is 0, it is set to total-timeout. If both are 0, there is no socket idle time limit.
Total socket timeout in milliseconds. Default is 0, meaning no timeout.
Throttles read operations from the backup file(s) to not exceed the given transactions per second. Must be greater than 0.
Existing records take precedence. Only records that do not exist in the namespace are restored. Mutually exclusive with replace and no-generation.
Restore policy for the operation. If omitted, defaults are used. Controls filtering and record handling options.
Backup routine name from backup-routines. Identifies which routine’s backups to restore.
Name of a preconfigured secret agent in secret-agents. If not specified, the routine’s secret agent is used. Mutually exclusive with secret-agent.
Inline secret agent configuration (same shape as secret-agents) for resolving secrets. If not specified, the routine’s secret agent is used. Mutually exclusive with secret-agent-name.
Epoch time in milliseconds for recovery (13-digit epoch). The closest backup before the timestamp is applied.
1739538000000Use for point-in-time restores based on a backup routine. Requires routine and time and restores the closest backup before the timestamp.
The hostname or IP address of the Secret Agent.
secret-agents: my-agent: address: secret-agent.example.com port: 3005 connection-type: tcpPath to a trusted CA certificate file in PEM format. Used to verify the Secret Agent’s server certificate when connecting over TLS.
secret-agents: secure-agent: address: secret-agent.example.com port: 3005 connection-type: tcp ca-file: /etc/ssl/certs/ca.pemPath to a client certificate file in PEM format for mutual TLS authentication with the Secret Agent. Requires both key-file and name to be specified.
secret-agents: secure-agent: address: secret-agent.example.com port: 3005 connection-type: tcp ca-file: /etc/ssl/certs/ca.pem cert-file: /etc/ssl/certs/client-cert.pem key-file: /etc/ssl/private/client-key.pemThe type of connection to use when communicating with the Secret Agent.
secret-agents: my-agent: address: localhost port: 3005 connection-type: tcpsecret-agents: my-agent: address: /var/run/secret-agent.sock connection-type: unixtcp, unix
Flag indicating whether the Secret Agent responses are base64-encoded. When true, ABS will decode the responses before using them.
secret-agents: my-agent: address: localhost port: 3005 connection-type: tcp is-base64: truetrue, false
Path to a client private key file in PEM format for mutual TLS authentication with the Secret Agent. Requires both cert-file and name to be specified.
secret-agents: secure-agent: address: secret-agent.example.com port: 3005 connection-type: tcp ca-file: /etc/ssl/certs/ca.pem cert-file: /etc/ssl/certs/client-cert.pem key-file: /etc/ssl/private/client-key.pemTLS server name used for certificate verification (Server Name Indication). Required when using mutual TLS authentication (cert-file and key-file). Use this when the Secret Agent’s certificate common name or SAN does not match the address you are connecting to.
secret-agents: secure-agent: address: 10.0.0.50 port: 3005 connection-type: tcp ca-file: /etc/ssl/certs/ca.pem cert-file: /etc/ssl/certs/client-cert.pem key-file: /etc/ssl/private/client-key.pem name: secret-agent.example.comThe port number the Secret Agent is listening on.
secret-agents: my-agent: address: localhost port: 3005 connection-type: tcpTimeout in milliseconds for connections and requests to the Secret Agent.
secret-agents: my-agent: address: localhost port: 3005 connection-type: tcp timeout: 5000Configuration for a single Aerospike Secret Agent connection. The AGENT_NAME is a user-defined identifier that can be referenced elsewhere in the configuration.
secret-agents: my-secret-agent: address: localhost port: 3005 connection-type: tcpA top-level stanza defining one or more Aerospike Secret Agent connections. Secret agents are used by backup routines (for encryption keys), clusters (for credentials), and storage (for authentication). Define a custom name for each agent you create, then use further parameters to define each agent’s connection details.
secret-agents: my-agent: address: localhost port: 3005 connection-type: tcpsecret-agents: secure-agent: address: secret-agent.example.com port: 3005 connection-type: tcp ca-file: /path/to/ca.pem cert-file: /path/to/client-cert.pem key-file: /path/to/client-key.pem name: secret-agent.example.com # Required for mutual TLSEncoding for backup date in human-readable format in backup file paths.
service: http: port: 9000 logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.log backup: timestamp-format: ISOISO, EU, US
Common configuration for backup settings at the service level, applying to all policies and routines.
service: http: port: 9000 logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.log backup: timestamp-format: ISOThe HTTP listen address.
service: http: address: 10.0.0.1 port: 8080Specifies a custom path for the ABS API endpoints.
service: http: address: 10.0.0.1 port: 8080The HTTP listen port for the monitoring endpoints. See ABS Monitoring for more information.
service: http: address: 10.0.0.1 port: 8080Rate limiter token bucket size, also known as the burst threshold.
service: http: address: 10.0.0.1 port: 8080 rate: size: tps: white-list:Rate limiter tokens per second threshold.
service: http: address: 10.0.0.1 port: 8080 rate: size: tps: white-list:List of IP addresses allowed during rate limiting. All addresses are allowed by default.
service: http: address: 10.0.0.1 port: 8080 rate: size: tps: white-list:HTTP rate limiter configuration.
service: http: address: 10.0.0.1 port: 8080 rate: size: tps: white-list:Timeout for HTTP server operations in milliseconds.
service: http: address: 10.0.0.1 port: 8080 timeout: 10000Configures the HTTP server for ABS.
service: http: port: 9000 logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.logDetermines if the rotated log files should be compressed using gzip. The default is to not compress.
service: logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.log compress: trueLog destination.
service: logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.logMaximum number of days to retain log files based on the timestamp in the filename. Default is to not remove log files based on age.
service: logger: maxage: 30 file-writer: filename: /var/log/aerospike-backup-service.logMaximum number of log files to retain. The default is to retain all log files.
service: logger: maxbackups: 10 file-writer: filename: /var/log/aerospike-backup-service.logMaximum size in megabytes of the log file before it gets rotated.
service: logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.logSubstanza that configures the file writing protocol, such as the destination directory.
service: logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.logFormat is the logger format (PLAIN, JSON).
service: logger: level: INFO format: JSON file-writer: filename: /var/log/aerospike-backup-service.logPLAIN, JSON
Log level.
service: logger: level: INFO format: PLAIN file-writer: filename: /var/log/aerospike-backup-service.logTRACE, DEBUG, INFO, WARN, WARNING, ERROR
Whether to enable logging to the standard output.
service: logger: level: INFO stdout-writer: false file-writer: filename: /var/log/aerospike-backup-service.logConfigures the ABS logger, such as enabling the logs, setting the log level, and setting the log format.
service: logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.logTop-level stanza that configures the operation of the Aerospike Backup Service, including logging and HTTP endpoint.
service: http: port: 9000 logger: level: INFO file-writer: filename: /var/log/aerospike-backup-service.logAzure storage account key for Shared Key authentication. This is sensitive information. Can be a path in secret agent or an actual value.
string
Azure storage account name for Shared Key authentication.
string
Azure Active Directory client ID for AAD authentication.
string
Azure Active Directory client secret for AAD authentication. This is sensitive information. Can be a path in secret agent or an actual value.
string
Name of the Azure Blob container.
string
Azure Blob service endpoint URL.
string
The minimum size in bytes of individual chunks uploaded during a multipart upload.
integer
Root path for the backup repository within the container. If not specified, backups will be saved in the container’s root.
path: backupsstring
Secret Agent configuration (optional). Link to a preconfigured agent. Mutually exclusive with secret-agent.
string
Secret Agent object definition. Mutually exclusive with secret-agent-name.
Azure Active Directory tenant ID for AAD authentication.
string
Stanza defining Azure storage options. Mutually exclusive with other storage objects. Can also take a secret-agent substanza.
storage: azure-blob-storage-example: azure-storage: endpoint: http://127.0.0.1:6000/devstoreaccount1 container-name: testcontainer path: backups account-name: devstoreaccount1GCP storage bucket name.
string
Alternative URL. It is not recommended to use an alternate URL in a production environment.
string
Path to the file containing the service account key in JSON format.
string
Service account key in JSON format. This is sensitive information. Can be a path in secret agent or an actual value.
string
The minimum size in bytes of individual chunks uploaded during a multipart upload.
integer
Root path for the backup repository. If not specified, backups will be saved in the bucket’s root.
path: backupsstring
Secret Agent configuration (optional). Link to one of preconfigured agents. Mutually exclusive with secret-agent.
string
Secret Agent object definition. Mutually exclusive with secret-agent-name.
object
Stanza defining GCP storage options. Mutually exclusive with other storage objects. Can also take a secret-agent substanza.
storage: gcp-storage-example: gcp-storage: key-file-path: key-file.json bucket-name: gcp-backup-bucket path: backups endpoint: http://127.0.0.1:9020The minimum size in bytes of individual storage chunks when writing backup files to local storage.
storage: local-backup: local-storage: path: /backups min-part-size: 5242880integer
Root path for the backup directory when backing up locally.
storage: example-local-storage-object: local-storage: path: backupsStanza defining local storage options. Mutually exclusive with other storage objects.
storage: example-local-storage-object: local-storage: path: backupsRoot path for the backup directory.
path: backupsAlternative endpoint for the S3 SDK to communicate (AWS S3 optional).
s3-endpoint-override: http://host.docker.internal:9000Log level of the AWS S3 SDK (AWS S3 optional).
s3-log-level: FATALThe S3 profile name (AWS S3 optional).
s3-profile: defaultS3 region string (AWS S3 optional).
s3-region: eu-central-1Access Key ID for authentication with S3 StaticCredentialsProvider. This is sensitive information. Can be a path in secret agent or an actual value.
string
The S3 bucket name.
string
The maximum number of simultaneous requests allowed from S3. This parameter was named max_async_connections until 3.1
integer
The minimum size in bytes of individual chunks uploaded during a multipart upload. This parameter was named min_part_size until version 3.1.
integer
The root path for the backup repository within the bucket. If not specified, backups will be saved in the bucket’s root.
path: backupsstring
An alternative endpoint for the S3 SDK to communicate (AWS S3 optional).
s3-endpoint-override: http://host.docker.internal:9000string
The log level of the AWS S3 SDK (AWS S3 optional).
string
The S3 profile name (AWS S3 optional).
string
The S3 region string.
region: eu-central-1string
Secret Access Key for authentication with S3 StaticCredentialsProvider. This is sensitive information. Can be a path in Aerospike Secret Agent or an actual value.
string
Secret Agent configuration (optional). Link to one of preconfigured agents. Mutually exclusive with secret-agent.
string
Secret Agent object definition. Mutually exclusive with secret-agent-name.
Stanza defining AWS S3 storage options. Mutually exclusive with other storage objects. Can also take a secret-agent substanza.
storage: aws-s3-example-object: s3-storage: bucket: as-backup-bucket path: backups s3-region: eu-central-1Type of the storage provider.
type: localA top-level stanza with options for configuring local or remote storage. Define a custom name for each storage object you create, then use further parameters to define each object’s details.
storage: # Example 1: Local Storage storage1: local-storage: path: /local/backups # Example 2: S3 Storage storage2: s3-storage: bucket: my-backup-bucket path: backups s3-profile: default s3-region: eu-central-1