Backup and Restore Configurations

This page describes the configuration options available for backup and restore on TigerGraph and how to set them.

Prerequisites

  • You have access to the TigerGraph Linux user account on your cluster. All commands must be run from the TigerGraph Linux user.

Configuration parameters

The following is a list of configurations available for backup and restore.

Configuration parameter Description Default

System.Backup.Local.Enable

Whether to store the database backup data to a local path. IMPORTANT: See note at end of table.

If this parameter is set to true, System.Backup.S3.Enable cannot be set to true.

false

System.Backup.Local.Path

Local path to store the backup files. Required if backup is to be stored locally.

null

System.Backup.S3.AWSAccessKeyID

AWS access key ID for s3 bucket of backup. Required if backup is to be stored on S3.

null

System.Backup.S3.AWSSecretAccessKey

Secret access key for s3 bucket. Required if backup is to be stored on S3.

NOTE: If setting this in interactive mode, store the key in a file and provide the path to the file, e.g., @/tmp/test_secret.

nan

System.Backup.S3.RoleARN

The AWS role for accessing s3 bucket, its use is prioritized over the combination of access key id and secret access key in accessing s3. To understand what AWS role ARN is, see AWS role ARN doc.

NOTE: This is only for AWS S3, and TigerGraph assumes the credentials for using sts:AssumeRole have been set up. You can verify the credentials are ready by running aws sts assume-role. One way to set up credentials is to configure access key id, secret access key and region with AWS CLI aws configure.

nan

System.Backup.S3.BucketName

Name of the S3 bucket to store backup files. Required if backup is to be stored on S3.

null

System.Backup.S3.Enable

Whether to store the database backup data to S3. Required if backup is to be stored on S3.

If this parameter is set to true, System.Backup.Local.Enable cannot be set to true.

false

System.Backup.S3.Endpoint

Endpoint to use instead of the S3 default endpoint. Must be a fully qualified URL. Typically used when operating in a private network or with a non-AWS S3-compatible endpoint.

null

System.Backup.TimeoutSec

Timeout limit for the backup operation in seconds

18000

System.Backup.CompressProcessNumber

Number of concurrent processes for compression during backup.

It’s recommended to keep the default value 10, which means the number of processes used to compress is equal to the number of CPU cores on each node.

10

System.Backup.DecompressProcessNumber

The number of concurrent processes for decompression during the restore.

8

System.Backup.CompressionLevel

The backup compression level strikes a balance between size and speed. The better compression, the longer it takes. ("BestSpeed", "DefaultCompression", "BestCompression")

"DefaultCompression"

If System.Backup.Local.Enable is set to true, this also enables a daily full backup at 12:00am UTC.

Configure backup and restore

Running gadmin config entry backup allows you to enter the value for each parameter individually.

Alternatively, you can also use gadmin config set <parameter> to change the value of any parameter.

After configuring the parameters, run gadmin config apply to apply the new parameter values.

Configure backup to AWS S3 Endpoint

Typically, there’s no need to configure the System.Backup.S3.Endpoint parameter on a TigerGraph Server. This is because the system auto-detects the regional endpoint for AWS S3 backups.

Users should configure this parameter only for special cases, such as:
  • When using S3 in FIPS mode.

  • When connecting to a private or localized cloud environment.

  • When integrating with an S3-compatible service that requires a specific endpoint.

For more information please see AWS Service Endpoints, generally, to configure backup files to an AWS S3 Bucket for an on-premise TigerGraph Server cluster, users need to complete the following steps:

  1. Create an S3 bucket in AWS

  2. Create an AWS IAM user

  3. Create an IAM policy that ensures the IAM user has sufficient access to the bucket itself, and contents within the bucket

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "s3:PutObject",
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:GetBucketLocation"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::<bucket-name>",
                    "arn:aws:s3:::<bucket-name>/*"
                ]
            }
        ]
    }
  4. Create an AccessKeyID and SecretAccessKey for the IAM user

    Long-lived credentials are what TigerGraph clusters use to authenticate to AWS as the IAM user. Allowing TigerGraph access to put backup files into the S3 bucket. Also, to read/copy the files during the restore process.

    TigerGraph does not support short-lived credentials as of TigerGraph 3.9.3.
  5. Configure each of the following parameters on the linux command line:

    Enable storing backup data in S3
    gadmin config set "System.Backup.S3.Enable" "true"
    Specify bucket name
    gadmin config set "System.Backup.S3.BucketName" "<bucket-name>"
    Set S3 backup AccessKeyID
    gadmin config set "System.Backup.S3.AWSAccessKeyID" "<access-key-id>"
    Set S3 backup SecretAccessKey
    gadmin config set "System.Backup.S3.AWSSecretAccessKey" "<secret-access-key>"
    Alternatively, instead of using AccessKeyID and SecretAccessKey, you may use AWS Role ARN for the authentication
    gadmin config set "System.Backup.S3.RoleARN" "arn:aws:iam::account:role/role-name-with-path"
    Apply the new parameter values
    gadmin config apply -y
    Restart all services
    gadmin restart all -y