Configuration Files¶
All Proxmox Backup Server configuration files resides inside directory
/etc/proxmox-backup/.
acl.cfg¶
File Format¶
This file contains the access control list for the Proxmox Backup Server API.
Each line starts with acl:, followed by 4 additional values
separated by collon.
| propagate: | Propagate permissions down the hierachrchy |
|---|---|
| path: | The object path |
| User/Token: | List of users and token |
| Role: | List of assigned roles |
Here is an example list:
acl:1:/:root@pam!test:Admin
acl:1:/datastore/store1:user1@pbs:DatastoreAdmin
You can use the proxmox-backup-manager acl command to manipulate
this file.
Roles¶
The following roles exist:
Admin: | Administrator |
|---|---|
Audit: | Auditor |
NoAccess: | Disable Access |
DatastoreAdmin: | Datastore Administrator |
DatastoreReader: | |
| Datastore Reader (inspect datastore content and do restores) | |
DatastoreBackup: | |
| Datastore Backup (backup and restore owned backups) | |
DatastorePowerUser: | |
| Datastore PowerUser (backup, restore and prune owned backup) | |
DatastoreAudit: | Datastore Auditor |
RemoteAudit: | Remote Auditor |
RemoteAdmin: | Remote Administrator |
RemoteSyncOperator: | |
| Syncronisation Opertator | |
TapeAudit: | Tape Auditor |
TapeAdmin: | Tape Administrator |
TapeOperator: | Tape Operator |
TapeReader: | Tape Reader |
datastore.cfg¶
File Format¶
The file contains a list of datastore configuration sections. Each
section starts with a header datastore: <name>, followed by the
datastore configuration options.
datastore: <name1>
path <path1>
<option1> <value1>
...
datastore: <name2>
path <path2>
...
You can use the proxmox-backup-manager datastore command to manipulate
this file.
Options¶
Required properties:
path:<string>- Directory name
Optional properties:
comment:<string>- Comment (single line).
gc-schedule:<calendar-event>- Run garbage collection job at specified schedule.
keep-daily:<integer> (1 - N)- Number of daily backups to keep.
keep-hourly:<integer> (1 - N)- Number of hourly backups to keep.
keep-last:<integer> (1 - N)- Number of backups to keep.
keep-monthly:<integer> (1 - N)- Number of monthly backups to keep.
keep-weekly:<integer> (1 - N)- Number of weekly backups to keep.
keep-yearly:<integer> (1 - N)- Number of yearly backups to keep.
notify:[[gc=<enum>] [,sync=<enum>] [,verify=<enum>]]Datastore notification setting
gc=never|always|error- When do we send notifications
sync=never|always|error- When do we send notifications
verify=never|always|error- When do we send notifications
notify-user:<string>- User ID
prune-schedule:<calendar-event>- Run prune job at specified schedule.
verify-new:<boolean>- If enabled, all backups will be verified right after completion.
media-pool.cfg¶
File Format¶
Each entry starts with a header pool: <name>, followed by the
media pool configuration options.
pool: company1
allocation always
retention overwrite
pool: ...
You can use the proxmox-tape pool command to manipulate this file.
Options¶
Optional properties:
allocation:<string>- Media set allocation policy ('continue', 'always', or a calendar event).
comment:<string>- Comment (single line).
encrypt:<string>- Tape encryption key fingerprint (sha256).
retention:<string>- Media retention policy ('overwrite', 'keep', or time span).
template:<string>- Media set naming template (may contain strftime() time format specifications).
tape.cfg¶
File Format¶
Each LTO drive configuration section starts with a header lto: <name>,
followed by the drive configuration options.
Tape changer configurations starts with changer: <name>,
followed by the changer configuration options.
lto: hh8
changer sl3
path /dev/tape/by-id/scsi-10WT065325-nst
changer: sl3
export-slots 14,15,16
path /dev/tape/by-id/scsi-CJ0JBE0059
You can use the proxmox-tape drive and proxmox-tape changer
commands to manipulate this file.
Note
The virtual: drive type is experimental and onyl used
for debugging.
Options¶
Section type 'changer': SCSI tape changer
Required properties:
path:<string>- Path to Linux generic SCSI device (e.g. '/dev/sg4')
Optional properties:
export-slots:[<integer>, ...]- A list of slot numbers, comma separated. Those slots are reserved for Import/Export, i.e. any media in those slots are considered to be 'offline'.
Section type 'virtual': Simulate tape drives (only for test and debug)
Required properties:
path:<string>- Path to directory
Optional properties:
max-size:<integer> (0 - N)- Virtual tape size
Section type 'lto': Lto SCSI tape driver
Required properties:
path:<string>- The path to a LTO SCSI-generic tape device (i.e. '/dev/sg0')
Optional properties:
changer:<string>- Tape Changer Identifier.
changer-drivenum:<integer> (0 - 8) (default=0)- Associated changer drive number (requires option changer)
tape-job.cfg¶
File Format¶
Each entry starts with a header backup: <name>, followed by the
job configuration options.
backup: job1
drive hh8
pool p4
store store3
schedule daily
backup: ...
You can use the proxmox-tape backup-job command to manipulate
this file.
Options¶
Required properties:
drive:<string>- Drive Identifier.
pool:<string>- Media pool name.
store:<string>- Datastore name.
Optional properties:
comment:<string>- Comment (single line).
schedule:<calendar-event>- Run sync job at specified schedule.
eject-media:<boolean>- Eject media upon job completion.
export-media-set:<boolean>- Export media set upon job completion.
latest-only:<boolean>- Backup latest snapshots only.
notify-user:<string>- User ID
user.cfg¶
File Format¶
This file contains the list of API users and API tokens.
Each user configuration section starts with a header user: <name>,
followed by the user configuration options.
API token configuration starts with a header token:
<userid!token_name>, followed by the token configuration. The data
used to authenticate tokens is stored in a separate file
(token.shadow).
user: root@pam
comment Superuser
email test@example.local
...
token: root@pam!token1
comment API test token
enable true
expire 0
user: ...
You can use the proxmox-backup-manager user command to manipulate
this file.
Options¶
Section type 'token': ApiToken properties.
Optional properties:
comment:<string>- Comment (single line).
enable:<boolean> (default=true)- Enable the account (default). You can set this to '0' to disable the account.
expire:<integer> (0 - N) (default=0)- Account expiration date (seconds since epoch). '0' means no expiration date.
Section type 'user': User properties.
Optional properties:
comment:<string>- Comment (single line).
email:<string>- E-Mail Address.
enable:<boolean> (default=true)- Enable the account (default). You can set this to '0' to disable the account.
expire:<integer> (0 - N) (default=0)- Account expiration date (seconds since epoch). '0' means no expiration date.
firstname:<string>- First name.
lastname:<string>- Last name.
remote.cfg¶
File Format¶
This file contains information used to access remote servers.
Each entry starts with a header remote: <name>, followed by the
remote configuration options.
remote: server1
host server1.local
auth-id sync@pbs
...
remote: ...
You can use the proxmox-backup-manager remote command to manipulate
this file.
Options¶
Required properties:
auth-id:<string>- Authentication ID
host:<string>- DNS name or IP address.
password:<string>- Password or auth token for remote host.
Optional properties:
comment:<string>- Comment (single line).
fingerprint:<string>- X509 certificate fingerprint (sha256).
port:<integer>- The (optional) port
sync.cfg¶
File Format¶
Each entry starts with a header sync: <name>, followed by the
job configuration options.
sync: job1
store store1
remote-store store1
remote lina
sync: ...
You can use the proxmox-backup-manager sync-job command to manipulate
this file.
Options¶
Required properties:
remote:<string>- Remote ID.
remote-store:<string>- Datastore name.
store:<string>- Datastore name.
Optional properties:
comment:<string>- Comment (single line).
owner:<string>- Authentication ID
remove-vanished:<boolean> (default=true)- Delete vanished backups. This remove the local copy if the remote backup was deleted.
schedule:<calendar-event>- Run sync job at specified schedule.
verification.cfg¶
File Format¶
Each entry starts with a header verification: <name>, followed by the
job configuration options.
verification: verify-store2
ignore-verified true
outdated-after 7
schedule daily
store store2
verification: ...
You can use the proxmox-backup-manager verify-job command to manipulate
this file.
Options¶
Required properties:
store:<string>- Datastore name.
Optional properties:
comment:<string>- Comment (single line).
ignore-verified:<boolean> (default=true)- Do not verify backups that are already verified if their verification is not outdated.
outdated-after:<integer> (1 - N)- Days after that a verification becomes outdated
schedule:<calendar-event>- Run verify job at specified schedule.