Backup and Restore Configurations

This page describes the configuration options available for backup and restore on TigerGraph and how to set them.

Prerequisites

You have access to the TigerGraph Linux user account on your cluster. All commands must be run from the TigerGraph Linux user.

Configuration parameters

The following is a list of configurations available for backup and restore.

Configuration parameter Description Default

Configuration parameter	Description	Default
System.Backup.Local.Enable	Whether to store the database backup data to a local path. IMPORTANT: See note at end of table. If this parameter is set to true, `System.Backup.S3.Enable` cannot be set to true.	`false`
System.Backup.Local.Path	Local path to store the backup files. Required if backup is to be stored locally.	null
System.Backup.S3.AWSAccessKeyID	AWS access key ID for s3 bucket of backup. Required if backup is to be stored on S3.	null
System.Backup.S3.AWSSecretAccessKey	Secret access key for s3 bucket. Required if backup is to be stored on S3. NOTE: If setting this in interactive mode, store the key in a file and provide the path to the file, e.g., `@/tmp/test_secret`.	`nan`
System.Backup.S3.RoleARN	The AWS role for accessing s3 buckets. S3 Role ARN takes priority over access keys. For more information, see AWS role ARN documentation. NOTE: This is only for AWS S3, and TigerGraph assumes the credentials for using `sts:AssumeRole` have been set up. You can verify the credentials are ready by running aws sts assume-role. One way to set up credentials is to configure access key id, secret access key and region with AWS CLI `aws configure`.	`nan`
System.Backup.S3.BucketName	Name of the S3 bucket to store backup files. Required if backup is to be stored on S3.	null
System.Backup.S3.Enable	Whether to store the database backup data to S3. Required if backup is to be stored on S3. If this parameter is set to true, `System.Backup.Local.Enable` cannot be set to true.	`false`
System.Backup.S3.Endpoint	Endpoint to use instead of the S3 default endpoint. Must be a fully qualified URL. Typically used when operating in a private network or with a non-AWS S3-compatible endpoint.	null
System.Backup.TimeoutSec	Timeout limit for the backup operation in seconds	`18000`
System.Backup.CompressProcessNumber	Number of concurrent processes for compression during backup. It’s recommended to keep the default value `10`, which means the number of processes used to compress is equal to the number of CPU cores on each node.	`10`
System.Backup.DecompressProcessNumber	The number of concurrent processes for decompression during the restore.	`8`
System.Backup.CompressionLevel	The backup compression level strikes a balance between size and speed. The better compression, the longer it takes. ("BestSpeed", "DefaultCompression", "BestCompression")	"DefaultCompression"

System.Backup.Local.Enable

Whether to store the database backup data to a local path. IMPORTANT: See note at end of table.

If this parameter is set to true, System.Backup.S3.Enable cannot be set to true.

false

System.Backup.Local.Path

Local path to store the backup files. Required if backup is to be stored locally.

null

System.Backup.S3.AWSAccessKeyID

AWS access key ID for s3 bucket of backup. Required if backup is to be stored on S3.

null

System.Backup.S3.AWSSecretAccessKey

Secret access key for s3 bucket. Required if backup is to be stored on S3.

NOTE: If setting this in interactive mode, store the key in a file and provide the path to the file, e.g., @/tmp/test_secret.

nan

System.Backup.S3.RoleARN

The AWS role for accessing s3 buckets. S3 Role ARN takes priority over access keys. For more information, see AWS role ARN documentation.

NOTE: This is only for AWS S3, and TigerGraph assumes the credentials for using sts:AssumeRole have been set up. You can verify the credentials are ready by running aws sts assume-role. One way to set up credentials is to configure access key id, secret access key and region with AWS CLI aws configure.

nan

System.Backup.S3.BucketName

Name of the S3 bucket to store backup files. Required if backup is to be stored on S3.

null

System.Backup.S3.Enable

Whether to store the database backup data to S3. Required if backup is to be stored on S3.

If this parameter is set to true, System.Backup.Local.Enable cannot be set to true.

false

System.Backup.S3.Endpoint

Endpoint to use instead of the S3 default endpoint. Must be a fully qualified URL. Typically used when operating in a private network or with a non-AWS S3-compatible endpoint.

null

System.Backup.TimeoutSec

Timeout limit for the backup operation in seconds

18000

System.Backup.CompressProcessNumber

Number of concurrent processes for compression during backup.

It’s recommended to keep the default value 10, which means the number of processes used to compress is equal to the number of CPU cores on each node.

10

System.Backup.DecompressProcessNumber

The number of concurrent processes for decompression during the restore.

8

System.Backup.CompressionLevel

The backup compression level strikes a balance between size and speed. The better compression, the longer it takes. ("BestSpeed", "DefaultCompression", "BestCompression")

"DefaultCompression"

If System.Backup.Local.Enable is set to true, this also enables a daily full backup at 12:00am UTC.

Configure backup and restore

Running gadmin config entry backup allows you to enter the value for each parameter individually.

Alternatively, you can use gadmin config set <parameter> to change the value of any parameter.

After configuring the parameters, run gadmin config apply to apply the new parameter values.

Configure backup to AWS S3 Endpoint

Typically, there’s no need to configure the System.Backup.S3.Endpoint parameter on a TigerGraph Server. This is because the system auto-detects the regional endpoint for AWS S3 backups.

Users should configure this parameter only for special cases, such as:

When using S3 in FIPS mode.
When connecting to a private or localized cloud environment.
When integrating with an S3-compatible service that requires a specific endpoint.

For more information please see AWS Service Endpoints, generally, to configure backup files to an AWS S3 Bucket for an on-premise TigerGraph Server cluster, users need to complete the following steps:

Create an S3 bucket in AWS
Create an AWS IAM user

Create an IAM policy that ensures the IAM user has sufficient access to the bucket itself, and contents within the bucket

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<bucket-name>",
                "arn:aws:s3:::<bucket-name>/*"
            ]
        }
    ]
}

Create an AccessKeyID and SecretAccessKey for the IAM user

TigerGraph clusters use long-lived credentials to authenticate to AWS as the IAM user, allowing TigerGraph access to put backup files into the S3 bucket. These credentials are also used to read and copy files during a Restore process.

Configure each of the following parameters on the linux command line:

Enable storing backup data in S3

gadmin config set "System.Backup.S3.Enable" "true"

Specify bucket name

gadmin config set "System.Backup.S3.BucketName" "<bucket-name>"

Set S3 backup AccessKeyID

gadmin config set "System.Backup.S3.AWSAccessKeyID" "<access-key-id>"

Set S3 backup SecretAccessKey

gadmin config set "System.Backup.S3.AWSSecretAccessKey" "<secret-access-key>"

Alternatively, instead of using AccessKeyID and SecretAccessKey, you may use AWS Role ARN for the authentication.

gadmin config set "System.Backup.S3.RoleARN" "arn:aws:iam::account:role/role-name-with-path"

Apply the new parameter values

gadmin config apply -y

Restart all services

gadmin restart all -y