Configuration Files

All Proxmox Backup Server configuration files resides inside directory /etc/proxmox-backup/.

acl.cfg

File Format

This file contains the access control list for the Proxmox Backup Server API.

Each line starts with acl:, followed by 4 additional values separated by collon.

propagate:Propagate permissions down the hierachrchy
path:The object path
User/Token:List of users and token
Role:List of assigned roles

Here is an example list:

acl:1:/:root@pam!test:Admin
acl:1:/datastore/store1:user1@pbs:DatastoreAdmin

You can use the proxmox-backup-manager acl command to manipulate this file.

Roles

The following roles exist:

Admin:Administrator
Audit:Auditor
NoAccess:Disable Access
DatastoreAdmin:Datastore Administrator
DatastoreReader:
 Datastore Reader (inspect datastore content and do restores)
DatastoreBackup:
 Datastore Backup (backup and restore owned backups)
DatastorePowerUser:
 Datastore PowerUser (backup, restore and prune owned backup)
DatastoreAudit:Datastore Auditor
RemoteAudit:Remote Auditor
RemoteAdmin:Remote Administrator
RemoteSyncOperator:
 Syncronisation Opertator
TapeAudit:Tape Auditor
TapeAdmin:Tape Administrator
TapeOperator:Tape Operator
TapeReader:Tape Reader

datastore.cfg

File Format

The file contains a list of datastore configuration sections. Each section starts with a header datastore: <name>, followed by the datastore configuration options.

datastore: <name1>
   path <path1>
   <option1> <value1>
   ...

datastore: <name2>
   path <path2>
   ...

You can use the proxmox-backup-manager datastore command to manipulate this file.

Options

Required properties:

path : <string>
Directory name

Optional properties:

comment : <string>
Comment (single line).
gc-schedule : <calendar-event>
Run garbage collection job at specified schedule.
keep-daily : <integer> (1 - N)
Number of daily backups to keep.
keep-hourly : <integer> (1 - N)
Number of hourly backups to keep.
keep-last : <integer> (1 - N)
Number of backups to keep.
keep-monthly : <integer> (1 - N)
Number of monthly backups to keep.
keep-weekly : <integer> (1 - N)
Number of weekly backups to keep.
keep-yearly : <integer> (1 - N)
Number of yearly backups to keep.
notify : [[gc=<enum>] [,sync=<enum>] [,verify=<enum>]]

Datastore notification setting

gc = never|always|error
When do we send notifications
sync = never|always|error
When do we send notifications
verify = never|always|error
When do we send notifications
notify-user : <string>
User ID
prune-schedule : <calendar-event>
Run prune job at specified schedule.
verify-new : <boolean>
If enabled, all backups will be verified right after completion.

media-pool.cfg

File Format

Each entry starts with a header pool: <name>, followed by the media pool configuration options.

pool: company1
      allocation always
      retention overwrite

pool: ...

You can use the proxmox-tape pool command to manipulate this file.

Options

Optional properties:

allocation : <string>
Media set allocation policy ('continue', 'always', or a calendar event).
comment : <string>
Comment (single line).
encrypt : <string>
Tape encryption key fingerprint (sha256).
retention : <string>
Media retention policy ('overwrite', 'keep', or time span).
template : <string>
Media set naming template (may contain strftime() time format specifications).

tape.cfg

File Format

Each LTO drive configuration section starts with a header lto: <name>, followed by the drive configuration options.

Tape changer configurations starts with changer: <name>, followed by the changer configuration options.

lto: hh8
      changer sl3
      path /dev/tape/by-id/scsi-10WT065325-nst

changer: sl3
      export-slots 14,15,16
      path /dev/tape/by-id/scsi-CJ0JBE0059

You can use the proxmox-tape drive and proxmox-tape changer commands to manipulate this file.

Note

The virtual: drive type is experimental and onyl used for debugging.

Options

Section type 'changer': SCSI tape changer

Required properties:

path : <string>
Path to Linux generic SCSI device (e.g. '/dev/sg4')

Optional properties:

export-slots : [<integer>, ...]
A list of slot numbers, comma separated. Those slots are reserved for Import/Export, i.e. any media in those slots are considered to be 'offline'.

Section type 'virtual': Simulate tape drives (only for test and debug)

Required properties:

path : <string>
Path to directory

Optional properties:

max-size : <integer> (0 - N)
Virtual tape size

Section type 'lto': Lto SCSI tape driver

Required properties:

path : <string>
The path to a LTO SCSI-generic tape device (i.e. '/dev/sg0')

Optional properties:

changer : <string>
Tape Changer Identifier.
changer-drivenum : <integer> (0 - 8)   (default=0)
Associated changer drive number (requires option changer)

tape-job.cfg

File Format

Each entry starts with a header backup: <name>, followed by the job configuration options.

backup: job1
      drive hh8
      pool p4
      store store3
      schedule daily

backup: ...

You can use the proxmox-tape backup-job command to manipulate this file.

Options

Required properties:

drive : <string>
Drive Identifier.
pool : <string>
Media pool name.
store : <string>
Datastore name.

Optional properties:

comment : <string>
Comment (single line).
schedule : <calendar-event>
Run sync job at specified schedule.
eject-media : <boolean>
Eject media upon job completion.
export-media-set : <boolean>
Export media set upon job completion.
latest-only : <boolean>
Backup latest snapshots only.
notify-user : <string>
User ID

user.cfg

File Format

This file contains the list of API users and API tokens.

Each user configuration section starts with a header user: <name>, followed by the user configuration options.

API token configuration starts with a header token: <userid!token_name>, followed by the token configuration. The data used to authenticate tokens is stored in a separate file (token.shadow).

user: root@pam
      comment Superuser
      email test@example.local
      ...

token: root@pam!token1
      comment API test token
      enable true
      expire 0

user: ...

You can use the proxmox-backup-manager user command to manipulate this file.

Options

Section type 'token': ApiToken properties.

Optional properties:

comment : <string>
Comment (single line).
enable : <boolean>   (default=true)
Enable the account (default). You can set this to '0' to disable the account.
expire : <integer> (0 - N)   (default=0)
Account expiration date (seconds since epoch). '0' means no expiration date.

Section type 'user': User properties.

Optional properties:

comment : <string>
Comment (single line).
email : <string>
E-Mail Address.
enable : <boolean>   (default=true)
Enable the account (default). You can set this to '0' to disable the account.
expire : <integer> (0 - N)   (default=0)
Account expiration date (seconds since epoch). '0' means no expiration date.
firstname : <string>
First name.
lastname : <string>
Last name.

remote.cfg

File Format

This file contains information used to access remote servers.

Each entry starts with a header remote: <name>, followed by the remote configuration options.

remote: server1
      host server1.local
      auth-id sync@pbs
      ...

remote: ...

You can use the proxmox-backup-manager remote command to manipulate this file.

Options

Required properties:

auth-id : <string>
Authentication ID
host : <string>
DNS name or IP address.
password : <string>
Password or auth token for remote host.

Optional properties:

comment : <string>
Comment (single line).
fingerprint : <string>
X509 certificate fingerprint (sha256).
port : <integer>
The (optional) port

sync.cfg

File Format

Each entry starts with a header sync: <name>, followed by the job configuration options.

sync: job1
      store store1
      remote-store store1
      remote lina

sync: ...

You can use the proxmox-backup-manager sync-job command to manipulate this file.

Options

Required properties:

remote : <string>
Remote ID.
remote-store : <string>
Datastore name.
store : <string>
Datastore name.

Optional properties:

comment : <string>
Comment (single line).
owner : <string>
Authentication ID
remove-vanished : <boolean>   (default=true)
Delete vanished backups. This remove the local copy if the remote backup was deleted.
schedule : <calendar-event>
Run sync job at specified schedule.

verification.cfg

File Format

Each entry starts with a header verification: <name>, followed by the job configuration options.

verification: verify-store2
      ignore-verified true
      outdated-after 7
      schedule daily
      store store2

verification: ...

You can use the proxmox-backup-manager verify-job command to manipulate this file.

Options

Required properties:

store : <string>
Datastore name.

Optional properties:

comment : <string>
Comment (single line).
ignore-verified : <boolean>   (default=true)
Do not verify backups that are already verified if their verification is not outdated.
outdated-after : <integer> (1 - N)
Days after that a verification becomes outdated
schedule : <calendar-event>
Run verify job at specified schedule.