The configuration is loaded from either the path specified by the -c
flag or /etc/pgmoneta/pgmoneta.conf
.
The configuration of pgmoneta
is split into sections using the [
and ]
characters.
The main section, called [pgmoneta]
, is where you configure the overall properties
of pgmoneta
.
Other sections doesn't have any requirements to their naming so you can give them
meaningful names like [primary]
for the primary PostgreSQL
instance.
All properties are in the format key = value
.
The characters #
and ;
can be used for comments; must be the first character on the line.
The Bool
data type supports the following values: on
, yes
, 1
, true
, off
, no
, 0
and false
.
See a sample configuration for running pgmoneta
on localhost
.
Property | Default | Unit | Required | Description |
---|---|---|---|---|
host | String | Yes | The bind address for pgmoneta | |
unix_socket_dir | String | Yes | The Unix Domain Socket location | |
base_dir | String | Yes | The base directory for the backup | |
metrics | 0 | Int | No | The metrics port (disable = 0) |
metrics_cache_max_age | 0 | String | No | The number of seconds to keep in cache a Prometheus (metrics) response. If set to zero, the caching will be disabled. Can be a string with a suffix, like 2m to indicate 2 minutes |
metrics_cache_max_size | 256k | String | No | The maximum amount of data to keep in cache when serving Prometheus responses. Changes require restart. This parameter determines the size of memory allocated for the cache even if metrics_cache_max_age or metrics are disabled. Its value, however, is taken into account only if metrics_cache_max_age is set to a non-zero value. Supports suffixes: 'B' (bytes), the default if omitted, 'K' or 'KB' (kilobytes), 'M' or 'MB' (megabytes), 'G' or 'GB' (gigabytes). |
management | 0 | Int | No | The remote management port (disable = 0) |
compression | zstd | String | No | The compression type (none, gzip, client-gzip, server-gzip, zstd, client-zstd, server-zstd, lz4, client-lz4, server-lz4, bzip2, client-bzip2) |
compression_level | 3 | Int | No | The compression level |
workers | 0 | Int | No | The number of workers that each process can use for its work. Use 0 to disable |
storage_engine | local | String | No | The storage engine type (local, ssh, s3, azure) |
encryption | none | String | No | The encryption mode for encrypt wal and datanone : No encryption aes | aes-256 | aes-256-cbc : AES CBC (Cipher Block Chaining) mode with 256 bit key lengthaes-192 | aes-192-cbc : AES CBC mode with 192 bit key lengthaes-128 | aes-128-cbc : AES CBC mode with 128 bit key lengthaes-256-ctr : AES CTR (Counter) mode with 256 bit key lengthaes-192-ctr : AES CTR mode with 192 bit key lengthaes-128-ctr : AES CTR mode with 128 bit key length |
create_slot | no | Bool | No | Create a replication slot for all server. Valid values are: yes, no |
ssh_hostname | String | Yes | Defines the hostname of the remote system for connection | |
ssh_username | String | Yes | Defines the username of the remote system for connection | |
ssh_base_dir | String | Yes | The base directory for the remote backup | |
ssh_ciphers | aes-256-ctr, aes-192-ctr, aes-128-ctr | String | No | The supported ciphers for communication. aes | aes-256 | aes-256-cbc : AES CBC (Cipher Block Chaining) mode with 256 bit key lengthaes-192 | aes-192-cbc : AES CBC mode with 192 bit key lengthaes-128 | aes-128-cbc : AES CBC mode with 128 bit key lengthaes-256-ctr : AES CTR (Counter) mode with 256 bit key lengthaes-192-ctr : AES CTR mode with 192 bit key lengthaes-128-ctr : AES CTR mode with 128 bit key length. Otherwise verbatim |
s3_aws_region | String | Yes | The AWS region | |
s3_access_key_id | String | Yes | The IAM access key ID | |
s3_secret_access_key | String | Yes | The IAM secret access key | |
s3_bucket | String | Yes | The AWS S3 bucket name | |
s3_base_dir | String | Yes | The base directory for the S3 bucket | |
azure_storage_account | String | Yes | The Azure storage account name | |
azure_container | String | Yes | The Azure container name | |
azure_shared_key | String | Yes | The Azure storage account key | |
azure_base_dir | String | Yes | The base directory for the Azure container | |
retention | 7, - , - , - | Array | No | The retention time in days, weeks, months, years |
log_type | console | String | No | The logging type (console, file, syslog) |
log_level | info | String | No | The logging level, any of the (case insensitive) strings FATAL , ERROR , WARN , INFO and DEBUG (that can be more specific as DEBUG1 thru DEBUG5 ). Debug level greater than 5 will be set to DEBUG5 . Not recognized values will make the log_level be INFO |
log_path | pgmoneta.log | String | No | The log file location. Can be a strftime(3) compatible string. |
log_rotation_age | 0 | String | No | The age that will trigger a log file rotation. If expressed as a positive number, is managed as seconds. Supports suffixes: 'S' (seconds, the default), 'M' (minutes), 'H' (hours), 'D' (days), 'W' (weeks). A value of 0 disables. |
log_rotation_size | 0 | String | No | The size of the log file that will trigger a log rotation. Supports suffixes: 'B' (bytes), the default if omitted, 'K' or 'KB' (kilobytes), 'M' or 'MB' (megabytes), 'G' or 'GB' (gigabytes). A value of 0 (with or without suffix) disables. |
log_line_prefix | %Y-%m-%d %H:%M:%S | String | No | A strftime(3) compatible string to use as prefix for every log line. Must be quoted if contains spaces. |
log_mode | append | String | No | Append to or create the log file (append, create) |
blocking_timeout | 30 | Int | No | The number of seconds the process will be blocking for a connection (disable = 0) |
tls | off |
Bool | No | Enable Transport Layer Security (TLS) |
tls_cert_file | String | No | Certificate file for TLS. This file must be owned by either the user running pgmoneta or root. | |
tls_key_file | String | No | Private key file for TLS. This file must be owned by either the user running pgmoneta or root. Additionally permissions must be at least 0640 when owned by root or 0600 otherwise. |
|
tls_ca_file | String | No | Certificate Authority (CA) file for TLS. This file must be owned by either the user running pgmoneta or root. | |
libev | auto |
String | No | Select the libev backend to use. Valid options: auto , select , poll , epoll , iouring , devpoll and port |
backup_max_rate | 0 | Int | No | The number of bytes of tokens added every one second to limit the backup rate |
network_max_rate | 0 | Int | No | The number of bytes of tokens added every one second to limit the netowrk backup rate |
manifest | sha256 | String | No | The hash algoritm for the manifest. Valid options: crc32c , sha224 , sha256 , sha384 and sha512 |
keep_alive | on | Bool | No | Have SO_KEEPALIVE on sockets |
nodelay | on | Bool | No | Have TCP_NODELAY on sockets |
non_blocking | on | Bool | No | Have O_NONBLOCK on sockets |
backlog | 16 | Int | No | The backlog for listen() . Minimum 16 |
hugepage | try |
String | No | Huge page support (off , try , on ) |
pidfile | String | No | Path to the PID file. If not specified, it will be automatically set to unix_socket_dir/pgmoneta.<host>.pid where <host> is the value of the host parameter or all if host = * . |
|
update_process_title | verbose |
String | No | The behavior for updating the operating system process title. Allowed settings are: never (or off ), does not update the process title; strict to set the process title without overriding the existing initial process title length; minimal to set the process title to the base description; verbose (or full ) to set the process title to the full description. Please note that strict and minimal are honored only on those systems that do not provide a native way to set the process title (e.g., Linux). On other systems, there is no difference between strict and minimal and the assumed behaviour is minimal even if strict is used. never and verbose are always honored, on every system. On Linux systems the process title is always trimmed to 255 characters, while on system that provide a natve way to set the process title it can be longer. |
Property | Default | Unit | Required | Description |
---|---|---|---|---|
host | String | Yes | The address of the PostgreSQL instance | |
port | Int | Yes | The port of the PostgreSQL instance | |
user | String | Yes | The replication user name | |
wal_slot | String | Yes | The replication slot for WAL | |
create_slot | no | Bool | No | Create a replication slot for this server. Valid values are: yes, no |
follow | String | No | Failover to this server if follow server fails | |
retention | Array | No | The retention for the server in days, weeks, months, years | |
wal_shipping | String | No | The WAL shipping directory | |
hot_standby | String | No | Hot standby directory | |
hot_standby_overrides | String | No | Files to override in the hot standby directory | |
hot_standby_tablespaces | String | No | Tablespace mappings for the hot standby. Syntax is [from -> to,?]+ | |
workers | -1 | Int | No | The number of workers that each process can use for its work. Use 0 to disable, -1 means use the global settting |
backup_max_rate | -1 | Int | No | The number of bytes of tokens added every one second to limit the backup rate. Use 0 to disable, -1 means use the global settting |
network_max_rate | -1 | Int | No | The number of bytes of tokens added every one second to limit the netowrk backup rate. Use 0 to disable, -1 means use the global settting |
manifest | sha256 | String | No | The hash algoritm for the manifest. Valid options: crc32c , sha224 , sha256 , sha384 and sha512 |
tls_cert_file | String | No | Certificate file for TLS. This file must be owned by either the user running pgmoneta or root. | |
tls_key_file | String | No | Private key file for TLS. This file must be owned by either the user running pgmoneta or root. Additionally permissions must be at least 0640 when owned by root or 0600 otherwise. |
|
tls_ca_file | String | No | Certificate Authority (CA) file for TLS. This file must be owned by either the user running pgmoneta or root. | |
extra | String | No | The source directory for retrieval on the server side (details are in the extra section) |
The user
specified must have the REPLICATION
option in order to stream the Write-Ahead Log (WAL), and must
have access to the postgres
database in order to get the necessary configuration parameters.
Note, that PostgreSQL 13+ is required, as well as having wal_level
at replica
or logical
level.
Note, that if host
starts with a /
it represents a path and pgmoneta
will connect using a Unix Domain Socket.
The extra
configuration is set in the server section. It is not required, but if you configure this parameter, when you perform a backup using the CLI pgmoneta-cli -c pgmoneta.conf backup primary
, it will also copy all specified files on the server side and send them back to the client side.
This extra
feature requires the server side to install the pgmoneta_ext extension and also make the user repl
a SUPERUSER
(this will be improved in the future). Currently, this feature is only available to the SUPERUSER
role.
You can set up pgmoneta_ext
by following the README to easily install the extension. There are also more detailed instructions available in the DEVELOPERS documentation.
The format for the extra
parameter is a path to a file or directory. You can list more than one file or directory separated by commas. The format is as follows:
extra = /tmp/myfile1, /tmp/myfile2, /tmp/mydir1, /tmp/mydir2
The pgmoneta_users
configuration defines the users known to the system. This file is created and managed through
the pgmoneta-admin
tool.
The configuration is loaded from either the path specified by the -u
flag or /etc/pgmoneta/pgmoneta_users.conf
.
The pgmoneta_admins
configuration defines the administrators known to the system. This file is created and managed through
the pgmoneta-admin
tool.
The configuration is loaded from either the path specified by the -A
flag or /etc/pgmoneta/pgmoneta_admins.conf
.
If pgmoneta has both Transport Layer Security (TLS) and management
enabled then pgmoneta-cli
can
connect with TLS using the files ~/.pgmoneta/pgmoneta.key
(must be 0600 permission),
~/.pgmoneta/pgmoneta.crt
and ~/.pgmoneta/root.crt
.