Backup and Restore Configurations
This page describes the configuration options available for backup and restore on TigerGraph and how to set them.
Prerequisites
-
You have access to the TigerGraph Linux user account on your cluster. All commands must be run from the TigerGraph Linux user.
Configuration parameters
The following is a list of configurations available for backup and restore.
Configuration parameter | Description | Default |
---|---|---|
System.Backup.Local.Enable |
Whether to store the database backup data to a local path.
If this parameter is set to true, |
|
System.Backup.Local.Path |
Local path to store the backup files. Required if backup is to be stored locally. |
|
System.Backup.S3.AWSAccessKeyID |
The access key for the cloud storage bucket. For AWS, the S3 access key ID; for GCS, the "Access Key". For Azure, the blob "Account Name". |
|
System.Backup.S3.AWSSecretAccessKey |
The {secret access key, secret, secret} for the {AWS S3, Azure Blob, GCS} bucket, respectively. NOTE: If setting this in interactive mode, store the key in a file and provide the path to the file, e.g., |
|
System.Backup.S3.RoleARN |
The AWS role for accessing s3 buckets. S3 Role ARN takes priority over access keys. For more information, see AWS role ARN documentation. NOTE: This is only for AWS S3, and TigerGraph assumes the credentials for using |
|
System.Backup.S3.BucketName |
The {bucket, container, bucket} name for {AWS, Azure, GCS}, respectively. |
null |
System.Backup.S3.Enable |
Data is backed up to various S3-compatible storage services, including AWS S3, S3-compatible services such as Ceph S3,
and specifically supported services like Google Cloud Storage (GCS) and Azure Blob Storage.
The specific storage service used for the backup is determined by the If this parameter is set to true, |
|
System.Backup.S3.Endpoint |
A fully qualified URI, such as https://s3.amazonaws.com/, is used to specify the storage service’s endpoint for the client. It is used in the following situations:
Except for the above specific situations, leave it empty. |
|
System.Backup.TimeoutSec |
Timeout limit for the backup operation in seconds |
|
System.Backup.CompressProcessNumber |
Number of concurrent processes for compression during backup. We recommending keeping the default value |
|
System.Backup.DecompressProcessNumber |
The number of concurrent processes for decompression during the restore. |
|
System.Backup.CompressionLevel |
The backup compression level strikes a balance between size and speed. The better compression, the longer it takes. ("BestSpeed", "DefaultCompression", "BestCompression") |
"DefaultCompression" |
Configure backup and restore
Running gadmin config entry backup
allows you to enter the value for each parameter individually.
Alternatively, you can use gadmin config set <parameter>
to change the value of any parameter.
After configuring the parameters, run gadmin config apply
to apply the new parameter values.
Configure System.Backup.S3.Endpoint
Typically, there’s no need to configure the System.Backup.S3.Endpoint
parameter on a TigerGraph Server.
This is because the system auto-detects the regional endpoint for AWS S3 backups.
-
To backup to a private AWS S3, typically set it to "https://s3.amazonaws.com/" or any available URI.
-
To backup to an S3-compatible service, set it to its corresponding service URI.
-
To backup to Google Cloud Storage (GCS), set it to "https://storage.googleapis.com"
-
To backup to Azure Blob, set it to "https://<your storage account name>.blob.core.windows.net"."
Except for the above specific situations, leave it empty.
Backup to AWS S3
To configure backup files to an AWS S3 Bucket for an on-premises TigerGraph Server cluster, complete the following steps:
-
Create an S3 bucket in AWS
-
Create an AWS IAM user
-
Create an IAM policy that ensures the IAM user has sufficient access to the bucket itself, and contents within the bucket
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject", "s3:ListBucket", "s3:GetObject", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::<bucket-name>", "arn:aws:s3:::<bucket-name>/*" ] } ] }
-
Create an
AccessKeyID
andSecretAccessKey
for the IAM userTigerGraph clusters use long-lived credentials to authenticate to AWS as the IAM user, allowing TigerGraph access to put backup files into the S3 bucket. These credentials are also used to read and copy files during a Restore process.
-
Configure each of the following parameters on the linux command line:
Enable storing backup data in S3gadmin config set "System.Backup.S3.Enable" "true"
Specify bucket namegadmin config set "System.Backup.S3.BucketName" "<bucket-name>"
Set S3 backup AccessKeyIDgadmin config set "System.Backup.S3.AWSAccessKeyID" "<access-key-id>"
Set S3 backup SecretAccessKeygadmin config set "System.Backup.S3.AWSSecretAccessKey" "<secret-access-key>"
Alternatively, instead of using
AccessKeyID
andSecretAccessKey
, you may use AWS Role ARN for the authentication.gadmin config set "System.Backup.S3.RoleARN" "arn:aws:iam::account:role/role-name-with-path"
Apply the new parameter valuesgadmin config apply -y