Configuration Files¶
All Proxmox Backup Server configuration files reside in the directory
/etc/proxmox-backup/
.
acl.cfg
¶
File Format¶
This file contains the access control list for the Proxmox Backup Server API.
Each line starts with acl:
, followed by 4 additional values
separated by colon.
- propagate
Propagate permissions down the hierarchy
- path
The object path
- User/Token
List of users and tokens
- Role
List of assigned roles
Here is an example list:
acl:1:/:root@pam!test:Admin
acl:1:/datastore/store1:user1@pbs:DatastoreAdmin
You can use the proxmox-backup-manager acl
command to manipulate
this file.
Roles¶
The following roles exist:
Admin
Administrator
Audit
Auditor
NoAccess
Disable Access
DatastoreAdmin
Datastore Administrator
DatastoreReader
Datastore Reader (inspect datastore content and do restores)
DatastoreBackup
Datastore Backup (backup and restore owned backups)
DatastorePowerUser
Datastore PowerUser (backup, restore and prune owned backup)
DatastoreAudit
Datastore Auditor
RemoteAudit
Remote Auditor
RemoteAdmin
Remote Administrator
RemoteSyncOperator
Syncronisation Opertator
TapeAudit
Tape Auditor
TapeAdmin
Tape Administrator
TapeOperator
Tape Operator
TapeReader
Tape Reader
datastore.cfg
¶
File Format¶
This file contains a list of datastore configuration sections. Each
section starts with the header datastore: <name>
, followed by the
datastore configuration options.
datastore: <name1>
path <path1>
<option1> <value1>
...
datastore: <name2>
path <path2>
...
You can use the proxmox-backup-manager datastore
command to manipulate
this file.
Options¶
Required properties:
path
<string>
Directory name
Optional properties:
comment
<string>
Comment (single line).
gc-schedule
<calendar-event>
Run garbage collection job at specified schedule.
maintenance-mode
[type=<enum> [,message=<string>]]
Maintenance mode, type is either 'offline' or 'read-only', message should be enclosed in "
type
=read-only|offline|delete
Maintenance type.
message
=<string>
Message describing the reason for the maintenance.
notify
[[gc=<enum>] [,prune=<enum>] [,sync=<enum>] [,verify=<enum>]]
Datastore notification setting
gc
=never|always|error
When do we send notifications
prune
=never|always|error
When do we send notifications
sync
=never|always|error
When do we send notifications
verify
=never|always|error
When do we send notifications
notify-user
<string>
User ID
prune-schedule
<calendar-event>
Run prune job at specified schedule.
tuning
[[chunk-order=<enum>] [,sync-level=<enum>]]
Datastore tuning options
chunk-order
=none|inode (default=inode)
The order to sort chunks by
sync-level
=none|file|filesystem (default=filesystem)
The level of syncing that is done when writing into a datastore.
verify-new
<boolean>
If enabled, all new backups will be verified right after completion.
keep-daily
<integer> (1 - N)
Number of daily backups to keep.
keep-hourly
<integer> (1 - N)
Number of hourly backups to keep.
keep-last
<integer> (1 - N)
Number of backups to keep.
keep-monthly
<integer> (1 - N)
Number of monthly backups to keep.
keep-weekly
<integer> (1 - N)
Number of weekly backups to keep.
keep-yearly
<integer> (1 - N)
Number of yearly backups to keep.
media-pool.cfg
¶
File Format¶
Each entry starts with the header pool: <name>
, followed by the
media pool configuration options.
pool: company1
allocation always
retention overwrite
pool: ...
You can use the proxmox-tape pool
command to manipulate this file.
Options¶
Optional properties:
allocation
<string>
Media set allocation policy ('continue', 'always', or a calendar event).
comment
<string>
Comment (single line).
encrypt
<string>
Tape encryption key fingerprint (sha256).
retention
<string>
Media retention policy ('overwrite', 'keep', or time span).
template
<string>
Media set naming template (may contain strftime() time format specifications).
tape.cfg
¶
File Format¶
Each LTO drive configuration section starts with the header lto: <name>
,
followed by the drive configuration options.
Tape changer configurations start with the header changer: <name>
,
followed by the changer configuration options.
lto: hh8
changer sl3
path /dev/tape/by-id/scsi-10WT065325-nst
changer: sl3
export-slots 14,15,16
path /dev/tape/by-id/scsi-CJ0JBE0059
You can use the proxmox-tape drive
and proxmox-tape changer
commands to manipulate this file.
Note
The virtual:
drive type is experimental and should only be used
for debugging.
Options¶
Section type 'lto
': Lto SCSI tape driver
Required properties:
path
<string>
The path to a LTO SCSI-generic tape device (i.e. '/dev/sg0')
Optional properties:
changer
<string>
Tape Changer Identifier.
changer-drivenum
<integer> (0 - 255) (default=0)
Associated changer drive number (requires option changer)
Section type 'virtual
': Simulate tape drives (only for test and debug)
Required properties:
path
<string>
Path to directory
Optional properties:
max-size
<integer> (0 - N)
Virtual tape size
Section type 'changer
': SCSI tape changer
Required properties:
path
<string>
Path to Linux generic SCSI device (e.g. '/dev/sg4')
Optional properties:
export-slots
[<integer>, ...]
A list of slot numbers, comma separated. Those slots are reserved for Import/Export, i.e. any media in those slots are considered to be 'offline'.
tape-job.cfg
¶
File Format¶
Each entry starts with the header backup: <name>
, followed by the
job configuration options.
backup: job1
drive hh8
pool p4
store store3
schedule daily
backup: ...
You can use the proxmox-tape backup-job
command to manipulate
this file.
Options¶
Required properties:
drive
<string>
Drive Identifier.
pool
<string>
Media pool name.
store
<string>
Datastore name.
Optional properties:
comment
<string>
Comment (single line).
schedule
<calendar-event>
Run sync job at specified schedule.
eject-media
<boolean>
Eject media upon job completion.
export-media-set
<boolean>
Export media set upon job completion.
group-filter
<type:<vm|ct|host>|group:GROUP|regex:RE>
List of group filters. Can be specified more than once.
latest-only
<boolean>
Backup latest snapshots only.
max-depth
<integer> (0 - 7) (default=7)
How many levels of namespaces should be operated on (0 == no recursion)
notify-user
<string>
User ID
ns
<string>
Namespace.
user.cfg
¶
File Format¶
This file contains the list of API users and API tokens.
Each user configuration section starts with the header user: <name>
,
followed by the user configuration options.
API token configuration starts with the header token:
<userid!token_name>
, followed by the token configuration. The data
used to authenticate tokens is stored in a separate file
(token.shadow
).
user: root@pam
comment Superuser
email test@example.local
...
token: root@pam!token1
comment API test token
enable true
expire 0
user: ...
You can use the proxmox-backup-manager user
command to manipulate
this file.
Options¶
Section type 'user
': User properties.
Optional properties:
comment
<string>
Comment (single line).
email
<string>
E-Mail Address.
enable
<boolean> (default=true)
Enable the account (default). You can set this to '0' to disable the account.
expire
<integer> (0 - N) (default=0)
Account expiration date (seconds since epoch). '0' means no expiration date.
firstname
<string>
First name.
lastname
<string>
Last name.
Section type 'token
': ApiToken properties.
Optional properties:
comment
<string>
Comment (single line).
enable
<boolean> (default=true)
Enable the account (default). You can set this to '0' to disable the account.
expire
<integer> (0 - N) (default=0)
Account expiration date (seconds since epoch). '0' means no expiration date.
remote.cfg
¶
File Format¶
This file contains information used to access remote servers.
Each entry starts with the header remote: <name>
, followed by the
remote configuration options.
remote: server1
host server1.local
auth-id sync@pbs
...
remote: ...
You can use the proxmox-backup-manager remote
command to manipulate
this file.
Options¶
Required properties:
password
<string>
Password or auth token for remote host (stored as base64 string).
auth-id
<string>
Authentication ID
host
<string>
DNS name or IP address.
Optional properties:
comment
<string>
Comment (single line).
fingerprint
<string>
X509 certificate fingerprint (sha256).
port
<integer>
The (optional) port
sync.cfg
¶
File Format¶
Each entry starts with the header sync: <name>
, followed by the
job configuration options.
sync: job1
store store1
remote-store store1
remote lina
sync: ...
You can use the proxmox-backup-manager sync-job
command to manipulate
this file.
Options¶
Required properties:
remote
<string>
Remote ID.
remote-store
<string>
Datastore name.
store
<string>
Datastore name.
Optional properties:
comment
<string>
Comment (single line).
group-filter
<type:<vm|ct|host>|group:GROUP|regex:RE>
List of group filters. Can be specified more than once.
max-depth
<integer> (0 - 7)
How many levels of namespaces should be operated on (0 == no recursion, empty == automatic full recursion, namespace depths reduce maximum allowed value)
ns
<string>
Namespace.
owner
<string>
Authentication ID
remote-ns
<string>
Namespace.
remove-vanished
<boolean> (default=false)
Delete vanished backups. This remove the local copy if the remote backup was deleted.
schedule
<calendar-event>
Run sync job at specified schedule.
burst-in
<string>
Byte size with optional unit (B, KB (base 10), MB, GB, ..., KiB (base 2), MiB, Gib, ...).
burst-out
<string>
Byte size with optional unit (B, KB (base 10), MB, GB, ..., KiB (base 2), MiB, Gib, ...).
rate-in
<string>
Byte size with optional unit (B, KB (base 10), MB, GB, ..., KiB (base 2), MiB, Gib, ...).
rate-out
<string>
Byte size with optional unit (B, KB (base 10), MB, GB, ..., KiB (base 2), MiB, Gib, ...).
verification.cfg
¶
File Format¶
Each entry starts with the header verification: <name>
, followed by the
job configuration options.
verification: verify-store2
ignore-verified true
outdated-after 7
schedule daily
store store2
verification: ...
You can use the proxmox-backup-manager verify-job
command to manipulate
this file.
Options¶
Required properties:
store
<string>
Datastore name.
Optional properties:
comment
<string>
Comment (single line).
ignore-verified
<boolean> (default=true)
Do not verify backups that are already verified if their verification is not outdated.
max-depth
<integer> (0 - 7) (default=7)
How many levels of namespaces should be operated on (0 == no recursion)
ns
<string>
Namespace.
outdated-after
<integer> (0 - N)
Days after that a verification becomes outdated. (0 is deprecated)'
schedule
<calendar-event>
Run verify job at specified schedule.