Backup and Restore Configurations
This page describes the configuration options available for backup and restore on TigerGraph and how to set them.
Prerequisites
-
You have access to the TigerGraph Linux user account on your cluster. All commands must be run from the TigerGraph Linux user.
Configuration parameters
The following is a list of configurations available for backup and restore.
Configuration parameter | Description | Default |
---|---|---|
System.Backup.Local.Enable |
Whether to store the database backup data to a local path. IMPORTANT: See note at end of table. If this parameter is set to true, |
|
System.Backup.Local.Path |
Local path to store the backup files. Required if backup is to be stored locally. |
null |
System.Backup.S3.AWSAccessKeyID |
AWS access key ID for s3 bucket of backup. Required if backup is to be stored on S3. |
null |
System.Backup.S3.AWSSecretAccessKey |
Secret access key for s3 bucket. Required if backup is to be stored on S3. NOTE: If setting this in interactive mode, store the key in a file and provide the path to the file, e.g., |
|
System.Backup.S3.RoleARN |
The AWS role for accessing s3 bucket, its use is prioritized over the combination of access key id and secret access key in accessing s3. To understand what AWS role ARN is, see AWS role ARN doc. NOTE: This is only for AWS S3, and TigerGraph assumes the credentials for using |
|
System.Backup.S3.BucketName |
Name of the S3 bucket to store backup files. Required if backup is to be stored on S3. |
null |
System.Backup.S3.Enable |
Whether to store the database backup data to S3. Required if backup is to be stored on S3. If this parameter is set to true, |
|
System.Backup.S3.Endpoint |
Endpoint to use instead of the S3 default endpoint. Must be a fully qualified URL. Typically used when operating in a private network or with a non-AWS S3-compatible endpoint. |
null |
System.Backup.TimeoutSec |
Timeout limit for the backup operation in seconds |
|
System.Backup.CompressProcessNumber |
Number of concurrent processes for compression during backup. It’s recommended to keep the default value |
|
System.Backup.DecompressProcessNumber |
The number of concurrent processes for decompression during the restore. |
|
System.Backup.CompressionLevel |
The backup compression level strikes a balance between size and speed. The better compression, the longer it takes. ("BestSpeed", "DefaultCompression", "BestCompression") |
"DefaultCompression" |
If System.Backup.Local.Enable is set to true , this also enables a daily full backup at 12:00am UTC.
|
Configure backup and restore
Running gadmin config entry backup
allows you to enter the value for each parameter individually.
Alternatively, you can also use gadmin config set <parameter>
to change the value of any parameter.
After configuring the parameters, run gadmin config apply
to apply the new parameter values.
Configure backup to AWS S3 Endpoint
Typically, there’s no need to configure the System.Backup.S3.Endpoint
parameter on a TigerGraph Server.
This is because the system auto-detects the regional endpoint for AWS S3 backups.
-
When using S3 in FIPS mode.
-
When connecting to a private or localized cloud environment.
-
When integrating with an S3-compatible service that requires a specific endpoint.
For more information please see AWS Service Endpoints, generally, to configure backup files to an AWS S3 Bucket for an on-premise TigerGraph Server cluster, users need to complete the following steps:
-
Create an S3 bucket in AWS
-
Create an AWS IAM user
-
Create an IAM policy that ensures the IAM user has sufficient access to the bucket itself, and contents within the bucket
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject", "s3:ListBucket", "s3:GetObject", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::<bucket-name>", "arn:aws:s3:::<bucket-name>/*" ] } ] }
-
Create an
AccessKeyID
andSecretAccessKey
for the IAM userLong-lived credentials are what TigerGraph clusters use to authenticate to AWS as the IAM user. Allowing TigerGraph access to put backup files into the S3 bucket. Also, to read/copy the files during the restore process.
TigerGraph does not support short-lived credentials as of TigerGraph 3.9.3. -
Configure each of the following parameters on the linux command line:
Enable storing backup data in S3gadmin config set "System.Backup.S3.Enable" "true"
Specify bucket namegadmin config set "System.Backup.S3.BucketName" "<bucket-name>"
Set S3 backup AccessKeyIDgadmin config set "System.Backup.S3.AWSAccessKeyID" "<access-key-id>"
Set S3 backup SecretAccessKeygadmin config set "System.Backup.S3.AWSSecretAccessKey" "<secret-access-key>"
Alternatively, instead of usingAccessKeyID
andSecretAccessKey
, you may use AWS Role ARN for the authenticationgadmin config set "System.Backup.S3.RoleARN" "arn:aws:iam::account:role/role-name-with-path"
Apply the new parameter valuesgadmin config apply -y
Restart all servicesgadmin restart all -y