ABS configuration parameters

Overview

Aerospike Backup Service (ABS) reads the configuration file aerospike-backup-service.yml to create connections to Aerospike Database namespaces and storage destinations, as well as backup policies, routines, and schedules.

This page explains two sample configuration files included in the ABS GitHub repository and details about the most common parameters that you may want to adjust. These parameters cover a majority of use cases for testing ABS in an application workflow.

For a full list of parameters, see the Schemas section in the REST API specification.

Example configuration files

Docker Compose configuration

The following sample backup service configuration supplied with the Docker Compose stack for ABS consists of four sections:

aerospike-clusters defines the location and access credentials for ABS to communicate to the Aerospike database, calling that cluster absCluster1. Since this is a Docker Compose stack, it uses the Aerospike Database Docker container name "aerospike-cluster" as the hostname instead of an IP address.
storage defines the location of the storage for database backups. Here, it creates a storage type called minioStorage that uses the s3-endpoint-override parameter to send backed up data to MinIO instead of Amazon S3. You can define multiple storage types that can later be used in multiple backup policies.
In backup-policies, a new policy called keepFilesPolicy is defined with simple instructions to run in a single thread and keep all previous backups. A policy is a set of instructions defining how to do a specific type of backup. You can define multiple policies that can be used in various backup routines.
note
Backup policies are defined in the configuration file. In contrast, restore policies are not defined beforehand; they are sent in the body of each restore request.
backup-routines specifies a routine called minioKeepFilesRoutine that runs the keepFilesPolicy policy daily for full backups and hourly for incremental backups. Routines specify the source cluster to back up data from, a storage type as defined under the storage section, and a namespace from the source cluster to back up. You can define multiple routines that can be run according to different schedules or on demand.

Default Docker Compose ABS Configuration:

aerospike-clusters:
  absCluster1:
    seed-nodes:
      - host-name: "aerospike-cluster"
        port: 3000
    credentials: 
      user: admin
      password: admin
      
storage:
  minioStorage:
    # Use "aws-s3" for S3 or compatible and "local" for local storage.
    type: "aws-s3"
    # as-backup-bucket is expected to exist in MinIO.
    path: s3://as-backup-bucket/minioStorage
    s3-region: eu-central-1
    s3-profile: minio
    s3-endpoint-override: http://minio:9000
    
backup-policies:
  keepFilesPolicy:
    # Run backup operations in a single thread.
    parallel: 1
    # Previous full backups are not deleted when a new one is created.
    remove-files: KeepAll
    
backup-routines:
  minioKeepFilesRoutine:
    # 24 hours interval for full backups.
    interval-cron: "@daily"
    # 1 hour interval for incremental backups.
    incr-interval-cron: "@hourly"
    source-cluster: absCluster1
    storage: minioStorage
    namespace: test
    backup-policy: keepFilesPolicy

Linux configuration

The default configuration file supplied with Linux distributions is smaller and simpler than the configuration in the Docker Compose setup. By default, it sets up a connection to a namespace called "test" in an Aerospike database accessible at 127.0.0.1:3000. It stores backup files locally at /var/lib/aerospike-backup-service.

Default Linux ABS Configuration:

aerospike-clusters:
  cluster1:
    use-services-alternate: false
    seed-nodes:
      - host-name: "127.0.0.1"
        port: 3000
    credentials:
      user: "admin"
      password: "admin"

storage:
  local1:
    type: "local"
    path: "/var/lib/aerospike-backup-service"

backup-policies:
  policy1:
    type: 1
    parallel: 1
    remove-files: KeepAll

backup-routines:
  routine1:
    interval-cron: "1/30 * * * * *" # every 30 seconds
    incr-interval-cron: "1/5 * * * * *" # every 5 seconds
    backup-policy: "policy1"
    source-cluster: "cluster1"
    storage: "local1"
    namespace: "test"

aerospike-clusters

Parameter	Type	Description	Example
conn-timeout	integer	Connection timeout in milliseconds.	5000
credentials	object	Authentication details to the Aerospike cluster.
label	string	Cluster name.	testCluster
seed-nodes	array	Seed nodes details.
tls	object	Cluster TLS configuration.
use-services-alternate	boolean	Use "services-alternate" instead of "services" in info request during cluster tending.	false

credentials

aerospike-clusters -> credentials

Parameter	Type	Description	Example
auth-mode	string	Authentication mode string (INTERNAL, EXTERNAL, EXTERNAL_INSECURE, PKI).
password	string	Password for cluster authentication.	testPswd
password-path	string	File path with the password string, will take precedence over the password field.	/path/to/pass.txt
user	string	Username for cluster authentication.	testUser

seed-nodes

aerospike-clusters -> seed-nodes

Parameter	Type	Description	Example
host-name	string	Host name of the node.	localhost
port	integer	Port of the node.	3000
tls-name	string	Optional TLS certificate name used for secure connections.	certName

tls

aerospike-clusters -> tls

Parameter	Type	Description	Example
ca-file	string	Path to a trusted CA certificate file.	/path/to/cafile.pem
ca-path	string	Path to a directory of trusted CA certificates.	/path/to/ca
cert-file	string	Path to the chain file for mutual authentication if Aerospike Cluster supports it.	/path/to/certfile.pem
cipher-suite	string	TLS cipher selection criteria. The format is the same as OpenSSL's Cipher List Format.	ECDHE-ECDSA-AES256-GCM-SHA384
key-file	string	Path to the key for mutual authentication (if Aerospike cluster supports it).	/path/to/keyfile.pem
key-file-password	string	Password to load protected TLS-keyfile (env:VAR, file:PATH, PASSWORD).	file:/path/to/password
name	string	Default TLS name used to authenticate each TLS socket connection.	tls-name
protocols	string	TLS protocol selection criteria. This format is the same as Apache's SSL Protocol.	TLSv1.2

storage

Parameter	Type	Description	Example
path	string	Root path for the backup repository.	backups
s3-endpoint-override	string	Alternative endpoint for the S3 SDK to communicate (AWS S3 optional).	http://host.docker.internal:9000
s3-log-level	string	Log level of the AWS S3 SDK (AWS S3 optional).	FATAL
s3-profile	string	The S3 profile name (AWS S3 optional).	default
s3-region	string	S3 region string (AWS S3 optional).	eu-central-1
type	string	Type of the storage provider, "local" or "aws-s3".	local

backup-policies

Parameter	Type	Description	Example
bandwidth	integer	Throttles backup write operations to the backup file(s) to not exceed the given bandwidth in MiB/s.	10000
compression	object	Compression details.
encryption	object	Encryption details.
file-limit	integer	File size limit (in MB) for the backup directory. If an .asb backup file crosses this size threshold, a new backup file is created.	1024
max-records	integer	Approximate limit for the number of records to process. Available in Database 4.9 and later.	10000
max-retries	integer	Maximum number of retries before aborting the current transaction.	3
no-bins	boolean	Only backup record metadata; digest, TTL, generation count, key.
no-indexes	boolean	Do not back up any secondary index definitions.
no-records	boolean	Do not back up any record data; metadata or bin data.
no-udfs	boolean	Do not back up any UDF modules.
parallel	integer	Maximum number of scan calls to run in parallel.	1
`records-per-second`	integer	Limit total returned records per second (RPS). If RPS is zero (the default), the `records-per-second` limit is not applied.	1000
remove-artifacts	boolean	Clear directory or remove output file.
remove-files	object	Whether to clear the output directory (default: KeepAll).
retry-delay	integer	RetryDelay defines the delay in milliseconds before retrying a failed operation.	500
sealed	boolean	Sealed determines whether backup should include keys updated during the backup process. When true, the backup contains only records that last modified before backup started. When false (default), records updated during backup might be included in the backup, but it's not guaranteed.
socket-timeout	integer	Socket timeout in milliseconds. If this value is 0, it is set to total-timeout. If both are 0, there is no socket idle time limit.	1000
total-timeout	integer	Total socket timeout in milliseconds. Default is 0, that is, no timeout.	2000

compression

backup-policies -> compression

Parameter	Type	Description	Example
level	integer	Compression level to use, or -1 if unspecified.
mode	string	Compression mode to use, NONE (default) or ZSTD.	`NONE`

encryption

backup-policies -> encryption

Parameter	Type	Description	Example
key-env	string	Name of the environment variable containing the encryption key.
key-file	string	Path to the file containing the encryption key.
key-secret	string	Secret keyword in Aerospike Secret Agent containing the encryption key.
mode	string	Encryption mode to use; NONE, AES128, or AES256.	`NONE`

backup-routines

Parameter	Type	Description	Example
backup-policy	string	Name of the corresponding backup policy.	daily
bin-list	array	List of backup bin names. Optional: An empty list implies backing up all bins.	`["dataBin"]`
incr-interval-cron	string	Interval for incremental backup as a cron expression string (optional).	`/10 * * * *`
interval-cron	string	Interval for full backup as a cron expression string.	`0 0 * * * *`
namespaces	array	List of namespaces to back up. Optional: Empty list implies backup of whole cluster.	[`"source-ns1"]`
partition-list	string	Back up list of partition filters. Partition filters can be ranges, individual partitions, or records after a specific digest within a single partition. Default number of partitions to back up: 0 to 4095: all partitions.	0-1000
prefer-racks	array	List of Aerospike Database rack IDs to prefer when reading records for a backup.	`[0]`
secret-agent	string	The Secret Agent configuration for the routine (optional).	`sa`
set-list	array	List of backup set names. Optional: An empty list implies backing up all sets.	`["set1"]`
source-cluster	string	Name of the corresponding source cluster.	`testCluster`
storage	string	Name of the corresponding storage provider configuration.	`aws`

Overview​

Example configuration files​

Docker Compose configuration​

Linux configuration​

aerospike-clusters​

credentials​

seed-nodes​

tls​

storage​

backup-policies​

compression​

encryption​

backup-routines​