pgBackRest Configuration Reference

1 Introduction

pgBackRest can be used entirely with command-line parameters but a configuration file is more practical for installations that are complex or set a lot of options. The default location for the configuration file is /etc/pgbackrest/pgbackrest.conf. If no file exists in that location then the old default of /etc/pgbackrest.conf will be checked.

2 Archive Options (archive)

The archive section defines options for the archive-push and archive-get commands.

2.1 Asynchronous Archiving Option (--archive-async)

Push/get WAL segments asynchronously.

Enables asynchronous operation for the archive-push and archive-get commands.

Asynchronous operation is more efficient because it can reuse connections and take advantage of parallelism. See the spool-path, archive-get-queue-max, and archive-push-queue-max options for more information.

default: n
example: archive-async=y

2.2 Maximum Archive Get Queue Size Option (--archive-get-queue-max)

Maximum size of the pgBackRest archive-get queue.

Specifies the maximum size of the archive-get queue when archive-async is enabled. The queue is stored in the spool-path and is used to speed providing WAL to PostgreSQL.

Size can be entered in bytes (default) or KB, MB, GB, TB, or PB where the multiplier is a power of 1024.

default: 134217728
allowed: 0-4503599627370496
example: archive-get-queue-max=1073741824

2.3 Maximum Archive Push Queue Size Option (--archive-push-queue-max)

Maximum size of the PostgreSQL archive queue.

After the limit is reached, the following will happen:

  1. pgBackRest will notify PostgreSQL that the WAL was successfully archived, then DROP IT.

  2. A warning will be output to the Postgres log.

If this occurs then the archive log stream will be interrupted and PITR will not be possible past that point. A new backup will be required to regain full restore capability.

In asynchronous mode the entire queue will be dropped to prevent spurts of WAL getting through before the queue limit is exceeded again.

The purpose of this feature is to prevent the log volume from filling up at which point Postgres will stop completely. Better to lose the backup than have PostgreSQL go down.

Size can be entered in bytes (default) or KB, MB, GB, TB, or PB where the multiplier is a power of 1024.

allowed: 0-4503599627370496
example: archive-push-queue-max=1GB

Deprecated Name: archive-queue-max

2.4 Archive Timeout Option (--archive-timeout)

Archive timeout.

Set maximum time, in seconds, to wait for each WAL segment to reach the pgBackRest archive repository. The timeout applies to the check and backup commands when waiting for WAL segments required for backup consistency to be archived.

default: 60
allowed: 0.1-86400
example: archive-timeout=30

3 Backup Options (backup)

The backup section defines settings related to backup.

3.1 Check Archive Option (--archive-check)

Check that WAL segments are in the archive before backup completes.

Checks that all WAL segments required to make the backup consistent are present in the WAL archive. It’s a good idea to leave this as the default unless you are using another method for archiving.

This option must be enabled if archive-copy is enabled.

default: y
example: archive-check=n

3.2 Copy Archive Option (--archive-copy)

Copy WAL segments needed for consistency to the backup.

This slightly paranoid option protects against corruption in the WAL segment archive by storing the WAL segments required for consistency directly in the backup. WAL segments are still stored in the archive so this option will use additional space.

It is best if the archive-push and backup commands have the same compress-type (e.g. lz4) when using this option. Otherwise, the WAL segments will need to be recompressed with the compress-type used by the backup, which can be fairly expensive depending on how much WAL was generated during the backup.

On restore, the WAL segments will be present in pg_xlog/pg_wal and PostgreSQL will use them in preference to calling the restore_command.

The archive-check option must be enabled if archive-copy is enabled.

default: n
example: archive-copy=y

3.3 Check WAL Headers Option (--archive-header-check)

Check PostgreSQL version/id in WAL headers.

Enabled by default, this option checks the WAL header against the PostgreSQL version and system identifier to ensure that the WAL is being copied to the correct stanza. This is in addition to checking pg_control against the stanza and verifying that WAL is being copied from the same PostgreSQL data directory where pg_control is located.

Therefore, disabling this check is fairly safe but should only be done when needed, e.g. if the WAL is encrypted.

default: y
example: archive-header-check=n

3.4 Check Archive Mode Option (--archive-mode-check)

Check the PostgreSQL archive_mode setting.

Enabled by default, this option disallows PostgreSQL archive_mode=always.

WAL segments pushed from a standby server might be logically the same as WAL segments pushed from the primary but have different checksums. Disabling archiving from multiple sources is recommended to avoid conflicts.

If this option is disabled then it is critical to ensure that only one archiver is writing to the repository via the archive-push command.

default: y
example: archive-mode-check=n

3.5 Backup from Standby Option (--backup-standby)

Backup from the standby cluster.

Enable backup from standby to reduce load on the primary cluster. This option requires that both the primary and standby hosts be configured.

default: n
example: backup-standby=y

3.6 Page Checksums Option (--checksum-page)

Validate data page checksums.

Directs pgBackRest to validate all data page checksums while backing up a cluster. This option is automatically enabled when data page checksums are enabled on the cluster.

Failures in checksum validation will not abort a backup. Rather, warnings will be emitted in the log (and to the console with default settings) and the list of invalid pages will be stored in the backup manifest.

example: checksum-page=n

3.7 Path/File Exclusions Option (--exclude)

Exclude paths/files from the backup.

All exclusions are relative to $PGDATA. If the exclusion ends with / then only files in the specified directory will be excluded, e.g. --exclude=junk/ will exclude all files in the $PGDATA/junk directory but include the directory itself. If the exclusion does not end with / then the file may match the exclusion exactly or match with / appended to the exclusion, e.g. --exclude=junk will exclude the $PGDATA/junk directory and all the files it contains.

Be careful using this feature — it is very easy to exclude something critical that will make the backup inconsistent. Be sure to test your restores!

All excluded files will be logged at info level along with the exclusion rule. Be sure to audit the list of excluded files to ensure nothing unexpected is being excluded.[NOTE]

Exclusions are not honored on delta restores. Any files/directories that were excluded by the backup will be removed on delta restore.

This option should not be used to exclude PostgreSQL logs from a backup. Logs can be moved out of the PGDATA directory using the PostgreSQL log_directory setting, which has the benefit of allowing logs to be preserved after a restore.

Multiple exclusions may be specified on the command-line or in a configuration file.

example: exclude=junk/

3.8 Expire Auto Option (--expire-auto)

Automatically run the expire command after a successful backup.

The setting is enabled by default. Use caution when disabling this option as doing so will result in retaining all backups and archives indefinitely, which could cause your repository to run out of space. The expire command will need to be run regularly to prevent this from happening.

default: y
example: expire-auto=y

3.9 Manifest Save Threshold Option (--manifest-save-threshold)

Manifest save threshold during backup.

Defines how often the manifest will be saved during a backup. Saving the manifest is important because it stores the checksums and allows the resume function to work efficiently. The actual threshold used is 1% of the backup size or manifest-save-threshold, whichever is greater.

Size can be entered in bytes (default) or KB, MB, GB, TB, or PB where the multiplier is a power of 1024.

default: 1073741824
allowed: 1-1099511627776
example: manifest-save-threshold=5G

3.10 Resume Option (--resume)

Allow resume of failed backup.

Defines whether the resume feature is enabled. Resume can greatly reduce the amount of time required to run a backup after a previous backup of the same type has failed. It adds complexity, however, so it may be desirable to disable in environments that do not require the feature.

default: y
example: resume=n

3.11 Start Fast Option (--start-fast)

Force a checkpoint to start backup quickly.

Forces a checkpoint (by passing y to the fast parameter of pg_start_backup()) so the backup begins immediately. Otherwise the backup will start after the next regular checkpoint.

This feature only works in PostgreSQL >= 8.4.

default: n
example: start-fast=y

3.12 Stop Auto Option (--stop-auto)

Stop prior failed backup on new backup.

This will only be done if an exclusive advisory lock can be acquired to demonstrate that the prior failed backup process has really stopped.

This feature relies on pg_is_in_backup() so only works on PostgreSQL >= 9.3.

This feature is not supported for PostgreSQL >= 9.6 since backups are run in non-exclusive mode.

The setting is disabled by default because it assumes that pgBackRest is the only process doing exclusive online backups. It depends on an advisory lock that only pgBackRest sets so it may abort other processes that do exclusive online backups. Note that base_backup and pg_dump are safe to use with this setting because they do not call pg_start_backup() so are not exclusive.

default: n
example: stop-auto=y

4 General Options (general)

The general section defines options that are common for many commands.

4.1 Buffer Size Option (--buffer-size)

Buffer size for file operations.

Set the buffer size used for copy, compress, and uncompress functions. A maximum of 3 buffers will be in use at a time per process. An additional maximum of 256K per process may be used for zlib buffers.

Size can be entered in bytes (default) or KB, MB, GB, TB, or PB where the multiplier is a power of 1024. For example, the case-insensitive value 32k (or 32KB) can be used instead of 32768.

Allowed values, in bytes, are 16384, 32768, 65536, 131072, 262144, 524288, 1048576, 2097152, 4194304, 8388608, and 16777216.

default: 1048576
example: buffer-size=32K

4.2 SSH client command Option (--cmd-ssh)

Path to ssh client executable.

Use a specific SSH client when an alternate is desired or the ssh executable is not in $PATH.

default: ssh
example: cmd-ssh=/usr/bin/ssh

4.3 Compress Option (--compress)

Use file compression.

Backup files are compatible with command-line compression tools.

This option is now deprecated. The compress-type option should be used instead.

default: y
example: compress=n

4.4 Compress Level Option (--compress-level)

File compression level.

Sets the level to be used for file compression when compress-type does not equal none or compress=y (deprecated).

The following are the defaults levels based on compress-type when compress-level is not specified:

  • bz2 - 9

  • gz - 6

  • lz4 - 1

  • zst - 3

allowed: 0-9
example: compress-level=9

4.5 Network Compress Level Option (--compress-level-network)

Network compression level.

Sets the network compression level when compress-type=none and the command is not run on the same host as the repository. Compression is used to reduce network traffic but can be disabled by setting compress-level-network=0. When compress-type does not equal none the compress-level-network setting is ignored and compress-level is used instead so that the file is only compressed once. SSH compression is always disabled.

default: 3
allowed: 0-9
example: compress-level-network=1

4.6 Compress Type Option (--compress-type)

File compression type.

The following compression types are supported:

  • none - no compression

  • bz2 - bzip2 compression format

  • gz - gzip compression format

  • lz4 - lz4 compression format (not available on all platforms)

  • zst - Zstandard compression format (not available on all platforms)

default: gz
example: compress-type=none

4.7 Config Option (--config)

pgBackRest configuration file.

Use this option to specify a different configuration file than the default.

default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_FILE
example: config=/conf/pgbackrest/pgbackrest.conf

4.8 Config Include Path Option (--config-include-path)

Path to additional pgBackRest configuration files.

Configuration files existing in the specified location with extension .conf will be concatenated with the pgBackRest configuration file, resulting in one configuration file.

default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_INCLUDE_PATH
example: config-include-path=/conf/pgbackrest/conf.d

4.9 Config Path Option (--config-path)

Base path of pgBackRest configuration files.

This setting is used to override the default base path setting for the --config and --config-include-path options unless they are explicitly set on the command-line.

For example, passing only --config-path=/conf/pgbackrest results in the --config default being set to /conf/pgbackrest/pgbackrest.conf and the --config-include-path default being set to /conf/pgbackrest/conf.d.

default: CFGOPTDEF_CONFIG_PATH
example: config-path=/conf/pgbackrest

4.10 Database Timeout Option (--db-timeout)

Database query timeout.

Sets the timeout, in seconds, for queries against the database. This includes the pg_start_backup() and pg_stop_backup() functions which can each take a substantial amount of time. Because of this the timeout should be kept high unless you know that these functions will return quickly (i.e. if you have set startfast=y and you know that the database cluster will not generate many WAL segments during the backup). [NOTE]

The db-timeout option must be less than the protocol-timeout option.

default: 1800
allowed: 0.1-604800
example: db-timeout=600

4.11 Delta Option (--delta)

Restore or backup using checksums.

During a restore, by default the PostgreSQL data and tablespace directories are expected to be present but empty. This option performs a delta restore using checksums.

During a backup, this option will use checksums instead of the timestamps to determine if files will be copied.

default: n
example: delta=y

4.12 Dry Run Option (--dry-run)

Execute a dry-run for the command.

The --dry-run option is a command-line only option and can be passed when it is desirable to determine what modifications will be made by the command without the command actually making any modifications.

default: n
example: dry-run=y

4.13 I/O Timeout Option (--io-timeout)

I/O timeout.

Timeout, in seconds, used for connections and read/write operations.

Note that the entire read/write operation does not need to complete within this timeout but some progress must be made, even if it is only a single byte.

default: 60
allowed: 0.1-3600
example: io-timeout=120

4.14 Lock Path Option (--lock-path)

Path where lock files are stored.

The lock path provides a location for pgBackRest to create lock files to prevent conflicting operations from being run concurrently.

default: /tmp/pgbackrest
example: lock-path=/backup/db/lock

4.15 Neutral Umask Option (--neutral-umask)

Use a neutral umask.

Sets the umask to 0000 so modes in the repository are created in a sensible way. The default directory mode is 0750 and default file mode is 0640. The lock and log directories set the directory and file mode to 0770 and 0660 respectively.

To use the executing user’s umask instead specify neutral-umask=n in the config file or --no-neutral-umask on the command line.

default: y
example: neutral-umask=n

4.16 Process Maximum Option (--process-max)

Max processes to use for compress/transfer.

Each process will perform compression and transfer to make the command run faster, but don’t set process-max so high that it impacts database performance.

default: 1
allowed: 1-999
example: process-max=4

4.17 Protocol Timeout Option (--protocol-timeout)

Protocol timeout.

Sets the timeout, in seconds, that the local or remote process will wait for a new message to be received on the protocol layer. This prevents processes from waiting indefinitely for a message. [NOTE]

The protocol-timeout option must be greater than the db-timeout option.

default: 1830
allowed: 0.1-604800
example: protocol-timeout=630

4.18 Raw Data Option (--raw)

Do not transform data.

Do not transform (i.e, encrypt, decompress, etc.) data for the current command.

default: n
example: raw=y

4.19 Keep Alive Option (--sck-keep-alive)

Keep-alive enable.

Enables keep-alive messages on socket connections.

default: y
example: sck-keep-alive=n

4.20 Spool Path Option (--spool-path)

Path where transient data is stored.

This path is used to store data for the asynchronous archive-push and archive-get command.

The asynchronous archive-push command writes acknowledgements into the spool path when it has successfully stored WAL in the archive (and errors on failure) so the foreground process can quickly notify PostgreSQL. Acknowledgement files are very small (zero on success and a few hundred bytes on error).

The asynchronous archive-get command queues WAL in the spool path so it can be provided very quickly when PostgreSQL requests it. Moving files to PostgreSQL is most efficient when the spool path is on the same filesystem as pg_xlog/pg_wal.

The data stored in the spool path is not strictly temporary since it can and should survive a reboot. However, loss of the data in the spool path is not a problem. pgBackRest will simply recheck each WAL segment to ensure it is safely archived for archive-push and rebuild the queue for archive-get.

The spool path is intended to be located on a local Posix-compatible filesystem, not a remote filesystem such as NFS or CIFS.

default: /var/spool/pgbackrest
example: spool-path=/backup/db/spool

4.21 Stanza Option (--stanza)

Defines the stanza.

A stanza is the configuration for a PostgreSQL database cluster that defines where it is located, how it will be backed up, archiving options, etc. Most db servers will only have one Postgres database cluster and therefore one stanza, whereas backup servers will have a stanza for every database cluster that needs to be backed up.

It is tempting to name the stanza after the primary cluster but a better name describes the databases contained in the cluster. Because the stanza name will be used for the primary and all replicas it is more appropriate to choose a name that describes the actual function of the cluster, such as app or dw, rather than the local cluster name, such as main or prod.

example: stanza=main

4.22 Keep Alive Count Option (--tcp-keep-alive-count)

Keep-alive count.

Specifies the number of TCP keep-alive messages that can be lost before the connection is considered dead.

This option is available on systems that support the TCP_KEEPCNT socket option.

allowed: 1-32
example: tcp-keep-alive-count=3

4.23 Keep Alive Idle Option (--tcp-keep-alive-idle)

Keep-alive idle time.

Specifies the amount of time (in seconds) with no network activity after which the operating system should send a TCP keep-alive message.

This option is available on systems that support the TCP_KEEPIDLE socket option.

allowed: 1-3600
example: tcp-keep-alive-idle=60

4.24 Keep Alive Interval Option (--tcp-keep-alive-interval)

Keep-alive interval time.

Specifies the amount of time (in seconds) after which a TCP keep-alive message that has not been acknowledged should be retransmitted.

This option is available on systems that support the TCP_KEEPINTVL socket option.

allowed: 1-900
example: tcp-keep-alive-interval=30

5 Log Options (log)

The log section defines logging-related settings.[CAUTION]

Trace-level logging may expose secrets such as keys and passwords. Use with caution!

5.1 Console Log Level Option (--log-level-console)

Level for console logging.

The following log levels are supported:

  • off - No logging at all (not recommended)

  • error - Log only errors

  • warn - Log warnings and errors

  • info - Log info, warnings, and errors

  • detail - Log detail, info, warnings, and errors

  • debug - Log debug, detail, info, warnings, and errors

  • trace - Log trace (very verbose debugging), debug, info, warnings, and errors

default: warn
example: log-level-console=error

5.2 File Log Level Option (--log-level-file)

Level for file logging.

The following log levels are supported:

  • off - No logging at all (not recommended)

  • error - Log only errors

  • warn - Log warnings and errors

  • info - Log info, warnings, and errors

  • detail - Log detail, info, warnings, and errors

  • debug - Log debug, detail, info, warnings, and errors

  • trace - Log trace (very verbose debugging), debug, info, warnings, and errors

default: info
example: log-level-file=debug

5.3 Std Error Log Level Option (--log-level-stderr)

Level for stderr logging.

Specifies which log levels will output to stderr rather than stdout (specified by log-level-console). The timestamp and process will not be output to stderr.

The following log levels are supported:

  • off - No logging at all (not recommended)

  • error - Log only errors

  • warn - Log warnings and errors

  • info - Log info, warnings, and errors

  • detail - Log detail, info, warnings, and errors

  • debug - Log debug, detail, info, warnings, and errors

  • trace - Log trace (very verbose debugging), debug, info, warnings, and errors

default: warn
example: log-level-stderr=error

5.4 Log Path Option (--log-path)

Path where log files are stored.

The log path provides a location for pgBackRest to store log files. Note that if log-level-file=off then no log path is required.

default: /var/log/pgbackrest
example: log-path=/backup/db/log

5.5 Log Subprocesses Option (--log-subprocess)

Enable logging in subprocesses.

Enable file logging for any subprocesses created by this process using the log level specified by log-level-file.

default: n
example: log-subprocess=y

5.6 Log Timestamp Option (--log-timestamp)

Enable timestamp in logging.

Enables the timestamp in console and file logging. This option is disabled in special situations such as generating documentation.

default: y
example: log-timestamp=n

6 Repository Options (repository)

The repository section defines options used to configure the repository.

Indexing: All repo- options are indexed to allow for configuring multiple repositories. For example, a single repository is configured with the repo1-path, repo1-host, etc. options. If there is more than one repository configured and the --repo option is not specified for a command, the repositories will be acted upon in highest priority order (e.g. repo1 then repo2).

The repo-retention-* options define how long backups will be retained. Expiration only occurs when the count of complete backups exceeds the allowed retention. In other words, if repo1-retention-full-type is set to count (default) and repo1-retention-full is set to 2, then there must be 3 complete backups before the oldest will be expired. If repo1-retention-full-type is set to time then repo1-retention-full represents days so there must be at least that many days worth of full backups before expiration can occur. Make sure you always have enough space for retention + 1 backups.

6.1 Set Repository Option (--repo)

Set repository.

Set the repository for a command to operate on.

For example, this option may be used to perform a restore from a specific repository, rather than letting pgBackRest choose.

allowed: 1-4
example: repo=1

6.2 Azure Repository Account Option (--repo-azure-account)

Azure repository account.

Azure account used to store the repository.

example: repo1-azure-account=pg-backup

6.3 Azure Repository Container Option (--repo-azure-container)

Azure repository container.

Azure container used to store the repository.

pgBackRest repositories can be stored in the container root by setting repo-path=/ but it is usually best to specify a prefix, such as /repo, so logs and other Azure-generated content can also be stored in the container.

example: repo1-azure-container=pg-backup

6.4 Azure Repository Endpoint Option (--repo-azure-endpoint)

Azure repository endpoint.

Endpoint used to connect to the blob service. The default is generally correct unless using Azure Government.

For custom/test configurations the repo-storage-ca-file, repo-storage-ca-path, repo-storage-host, repo-storage-port, and repo-storage-verify-tls options may be useful.

default: blob.core.windows.net
example: repo1-azure-endpoint=blob.core.usgovcloudapi.net

6.5 Azure Repository Key Option (--repo-azure-key)

Azure repository key.

A shared key or shared access signature depending on the repo-azure-key-type option.

example: repo1-azure-key=T+9+aov82qNhrcXSNGZCzm9mjd4d75/oxxOr6r1JVpgTLA==

6.6 Azure Repository Key Type Option (--repo-azure-key-type)

Azure repository key type.

The following types are supported for authorization:

  • shared - Shared key

  • sas - Shared access signature

default: shared
example: repo1-azure-key-type=sas

6.7 Repository Cipher Passphrase Option (--repo-cipher-pass)

Repository cipher passphrase.

Passphrase used to encrypt/decrypt files of the repository.

example: repo1-cipher-pass=zWaf6XtpjIVZC5444yXB+cgFDFl7MxGlgkZSaoPvTGirhPygu4jOKOXf9LO4vjfO

6.8 Repository Cipher Type Option (--repo-cipher-type)

Cipher used to encrypt the repository.

The following cipher types are supported:

  • none - The repository is not encrypted

  • aes-256-cbc - Advanced Encryption Standard with 256 bit key length

Note that encryption is always performed client-side even if the repository type (e.g. S3) supports encryption.

default: none
example: repo1-cipher-type=aes-256-cbc

6.9 GCS Repository Bucket Option (--repo-gcs-bucket)

GCS repository bucket.

GCS bucket used to store the repository.

pgBackRest repositories can be stored in the bucket root by setting repo-path=/ but it is usually best to specify a prefix, such as /repo, so logs and other GCS-generated content can also be stored in the bucket.

example: repo1-gcs-bucket=/pg-backup

6.10 GCS Repository Endpoint Option (--repo-gcs-endpoint)

GCS repository endpoint.

Endpoint used to connect to the storage service. May be updated to use a local GCS server or alternate endpoint.

default: storage.googleapis.com
example: repo1-gcs-endpoint=localhost

6.11 GCS Repository Key Option (--repo-gcs-key)

GCS repository key.

A token or service key file depending on the repo-gcs-key-type option.

example: repo1-gcs-key=/etc/pgbackrest/gcs-key.json

6.12 GCS Repository Key Type Option (--repo-gcs-key-type)

GCS repository key type.

The following types are supported for authorization:

  • auto - Authorize using the instance service account.

  • service - Service account from locally stored key.

  • token - For local testing, e.g. fakegcs.

default: service
example: repo1-gcs-key-type=none

Hardlink files between backups in the repository.

Enable hard-linking of files in differential and incremental backups to their full backups. This gives the appearance that each backup is a full backup at the file-system level. Be careful, though, because modifying files that are hard-linked can affect all the backups in the set.

default: n
example: repo1-hardlink=y

Deprecated Name: hardlink

6.14 Repository Host Option (--repo-host)

Repository host when operating remotely via SSH.

Make sure that trusted SSH authentication is configured between the PostgreSQL host and the repository host.

When backing up and archiving to a locally mounted filesystem this setting is not required.

example: repo1-host=repo1.domain.com

Deprecated Name: backup-host

6.15 Repository Host Command Option (--repo-host-cmd)

pgBackRest exe path on the repository host.

Required only if the path to pgbackrest is different on the local and repository hosts. If not defined, the repository host exe path will be set the same as the local exe path.

example: repo1-host-cmd=/usr/lib/backrest/bin/pgbackrest

Deprecated Name: backup-cmd

6.16 Repository Host Configuration Option (--repo-host-config)

pgBackRest repository host configuration file.

Sets the location of the configuration file on the repository host. This is only required if the repository host configuration file is in a different location than the local configuration file.

default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_FILE
example: repo1-host-config=/conf/pgbackrest/pgbackrest.conf

Deprecated Name: backup-config

6.17 Repository Host Configuration Include Path Option (--repo-host-config-include-path)

pgBackRest repository host configuration include path.

Sets the location of the configuration include path on the repository host. This is only required if the repository host configuration include path is in a different location than the local configuration include path.

default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_INCLUDE_PATH
example: repo1-host-config-include-path=/conf/pgbackrest/conf.d

6.18 Repository Host Configuration Path Option (--repo-host-config-path)

pgBackRest repository host configuration path.

Sets the location of the configuration path on the repository host. This is only required if the repository host configuration path is in a different location than the local configuration path.

default: CFGOPTDEF_CONFIG_PATH
example: repo1-host-config-path=/conf/pgbackrest

6.19 Repository Host Port Option (--repo-host-port)

Repository host port when repo-host is set.

Use this option to specify a non-default port for the repository host protocol. Currently only SSH is supported

allowed: 0-65535
example: repo1-host-port=25

Deprecated Name: backup-ssh-port

6.20 Repository Host User Option (--repo-host-user)

Repository host user when repo-host is set.

Defines the user that will be used for operations on the repository host. Preferably this is not the postgres user but rather some other user like pgbackrest. If PostgreSQL runs on the repository host the postgres user can be placed in the pgbackrest group so it has read permissions on the repository without being able to damage the contents accidentally.

default: pgbackrest
example: repo1-host-user=repo-user

Deprecated Name: backup-user

6.21 Repository Path Option (--repo-path)

Path where backups and archive are stored.

The repository is where pgBackRest stores backups and archives WAL segments.

It may be difficult to estimate in advance how much space you’ll need. The best thing to do is take some backups then record the size of different types of backups (full/incr/diff) and measure the amount of WAL generated per day. This will give you a general idea of how much space you’ll need, though of course requirements will likely change over time as your database evolves.

default: /var/lib/pgbackrest
example: repo1-path=/backup/db/backrest

6.22 Archive Retention Option (--repo-retention-archive)

Number of backups worth of continuous WAL to retain.

WAL segments required to make a backup consistent are always retained until the backup is expired regardless of how this option is configured.

If this value is not set and repo-retention-full-type is count (default), then the archive to expire will default to the repo-retention-full (or repo-retention-diff) value corresponding to the repo-retention-archive-type if set to full (or diff). This will ensure that WAL is only expired for backups that are already expired. If repo-retention-full-type is time, then this value will default to removing archives that are earlier than the oldest full backup retained after satisfying the repo-retention-full setting.

This option must be set if repo-retention-archive-type is set to incr. If disk space is at a premium, then this setting, in conjunction with repo-retention-archive-type, can be used to aggressively expire WAL segments. However, doing so negates the ability to perform PITR from the backups with expired WAL and is therefore not recommended.

allowed: 1-9999999
example: repo1-retention-archive=2

Deprecated Name: retention-archive

6.23 Archive Retention Type Option (--repo-retention-archive-type)

Backup type for WAL retention.

If set to full pgBackRest will keep archive logs for the number of full backups defined by repo-retention-archive. If set to diff (differential) pgBackRest will keep archive logs for the number of full and differential backups defined by repo-retention-archive, meaning if the last backup taken was a full backup, it will be counted as a differential for the purpose of repo-retention. If set to incr (incremental) pgBackRest will keep archive logs for the number of full, differential, and incremental backups defined by repo-retention-archive. It is recommended that this setting not be changed from the default which will only expire WAL in conjunction with expiring full backups.

default: full
example: repo1-retention-archive-type=diff

Deprecated Name: retention-archive-type

6.24 Differential Retention Option (--repo-retention-diff)

Number of differential backups to retain.

When a differential backup expires, all incremental backups associated with the differential backup will also expire. When not defined all differential backups will be kept until the full backups they depend on expire.

allowed: 1-9999999
example: repo1-retention-diff=3

Deprecated Name: retention-diff

6.25 Full Retention Option (--repo-retention-full)

Full backup retention count/time.

When a full backup expires, all differential and incremental backups associated with the full backup will also expire. When the option is not defined a warning will be issued. If indefinite retention is desired then set the option to the max value.

allowed: 1-9999999
example: repo1-retention-full=2

Deprecated Name: retention-full

6.26 Full Retention Type Option (--repo-retention-full-type)

Retention type for full backups.

Determines whether the repo-retention-full setting represents a time period (days) or count of full backups to keep. If set to time then full backups older than repo-retention-full will be removed from the repository if there is at least one backup that is equal to or greater than the repo-retention-full setting. For example, if repo-retention-full is 30 (days) and there are 2 full backups: one 25 days old and one 35 days old, no full backups will be expired because expiring the 35 day old backup would leave only the 25 day old backup, which would violate the 30 day retention policy of having at least one backup 30 days old before an older one can be expired. Archived WAL older than the oldest full backup remaining will be automatically expired unless repo-retention-archive-type and repo-retention-archive are explicitly set.

default: count
example: repo1-retention-full-type=time

6.27 Backup History Retention Option (--repo-retention-history)

Days of backup history manifests to retain.

A copy of the backup manifest is stored in the backup.history path when a backup completes. By default these files are never expired since they are useful for data mining, e.g. measuring backup and WAL growth over time.

Set repo-retention-history to define the number of days of backup history manifests to retain. Unexpired backups are always kept in the backup history. Specify repo-retention-history=0 to retain the backup history only for unexpired backups.

When a full backup history manifest is expired, all differential and incremental backup history manifests associated with the full backup also expire.

allowed: 0-9999999
example: repo1-retention-history=365

6.28 S3 Repository Bucket Option (--repo-s3-bucket)

S3 repository bucket.

S3 bucket used to store the repository.

pgBackRest repositories can be stored in the bucket root by setting repo-path=/ but it is usually best to specify a prefix, such as /repo, so logs and other AWS generated content can also be stored in the bucket.

example: repo1-s3-bucket=pg-backup

6.29 S3 Repository Endpoint Option (--repo-s3-endpoint)

S3 repository endpoint.

The AWS endpoint should be valid for the selected region.

For custom/test configurations the repo-storage-ca-file, repo-storage-ca-path, repo-storage-host, repo-storage-port, and repo-storage-verify-tls options may be useful.

example: repo1-s3-endpoint=s3.amazonaws.com

6.30 S3 Repository Access Key Option (--repo-s3-key)

S3 repository access key.

AWS key used to access this bucket.

example: repo1-s3-key=AKIAIOSFODNN7EXAMPLE

6.31 S3 Repository Secret Access Key Option (--repo-s3-key-secret)

S3 repository secret access key.

AWS secret key used to access this bucket.

example: repo1-s3-key-secret=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

6.32 S3 Repository Key Type Option (--repo-s3-key-type)

S3 repository key type.

The following types are supported:

  • shared - Shared keys

  • auto - Automatically retrieve temporary credentials

default: shared
example: repo1-s3-key-type=auto

6.33 S3 Repository Region Option (--repo-s3-region)

S3 repository region.

The AWS region where the bucket was created.

example: repo1-s3-region=us-east-1

6.34 S3 Repository Role Option (--repo-s3-role)

S3 repository role.

The AWS role name (not the full ARN) used to retrieve temporary credentials when repo-s3-key-type=auto.

example: repo1-s3-role=authrole

6.35 S3 Repository Security Token Option (--repo-s3-token)

S3 repository security token.

AWS security token used with temporary credentials.

example: repo1-s3-token=AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22 ...

6.36 S3 Repository URI Style Option (--repo-s3-uri-style)

S3 URI Style.

The following URI styles are supported:

  • host - Connect to bucket.endpoint host.

  • path - Connect to endpoint host and prepend bucket to URIs.

default: host
example: repo1-s3-uri-style=path

6.37 Repository Storage CA File Option (--repo-storage-ca-file)

Repository storage CA file.

Use a CA file other than the system default for storage (e.g. S3, Azure) certificates.

example: repo1-storage-ca-file=/etc/pki/tls/certs/ca-bundle.crt

Deprecated Names: repo-azure-ca-file, repo-s3-ca-file

6.38 Repository Storage TLS CA Path Option (--repo-storage-ca-path)

Repository storage CA path.

Use a CA path other than the system default for storage (e.g. S3, Azure) certificates.

example: repo1-storage-ca-path=/etc/pki/tls/certs

Deprecated Names: repo-azure-ca-path, repo-s3-ca-path

6.39 Repository Storage Host Option (--repo-storage-host)

Repository storage host.

Connect to a host other than the storage (e.g. S3, Azure) endpoint. This is typically used for testing.

example: repo1-storage-host=127.0.0.1

Deprecated Names: repo-azure-host, repo-s3-host

6.40 Repository Storage Port Option (--repo-storage-port)

Repository storage port.

Port to use when connecting to the storage (e.g. S3, Azure) endpoint (or host if specified).

default: 443
allowed: 1-65535
example: repo1-storage-port=9000

Deprecated Names: repo-azure-port, repo-s3-port

6.41 Repository Storage Certificate Verify Option (--repo-storage-verify-tls)

Repository storage certificate verify.

This option provides the ability to enable/disable verification of the storage (e.g. S3, Azure) server TLS certificate. Disabling should only be used for testing or other scenarios where a certificate has been self-signed.

default: y
example: repo1-storage-verify-tls=n

Deprecated Names: repo-azure-verify-tls, repo-s3-verify-ssl, repo-s3-verify-tls

6.42 Repository Type Option (--repo-type)

Type of storage used for the repository.

The following repository types are supported:

  • azure - Azure Blob Storage Service

  • cifs - Like posix, but disables links and directory fsyncs

  • gcs - Google Cloud Storage

  • posix - Posix-compliant file systems

  • s3 - AWS Simple Storage Service

When an NFS mount is used as a posix repository, the same rules apply to pgBackRest as described in the PostgreSQL documentation: Creating a Database Cluster - File Systems.

default: posix
example: repo1-type=cifs

7 Restore Options (restore)

The restore section defines settings used for restoring backups.

7.1 Archive Mode Option (--archive-mode)

Preserve or disable archiving on restored cluster.

This option allows archiving to be preserved or disabled on a restored cluster. This is useful when the cluster must be promoted to do some work but is not intended to become the new primary. In this case it is not a good idea to push WAL from the cluster into the repository.

The following modes are supported:

  • off - disable archiving by setting archive_mode=off.

  • preserve - preserve current archive_mode setting.

NOTE: This option is not available on PostgreSQL < 12.

default: preserve
example: archive-mode=off

7.2 Exclude Database Option (--db-exclude)

Restore excluding the specified databases.

Databases excluded will be restored as sparse, zeroed files to save space but still allow PostgreSQL to perform recovery. After recovery, those databases will not be accessible but can be removed with the drop database command. The --db-exclude option can be passed multiple times to specify more than one database to exclude.

When used in combination with the --db-include option, --db-exclude will only apply to standard system databases (template0, template1, and postgres).

example: db-exclude=db_main

7.3 Include Database Option (--db-include)

Restore only specified databases.

This feature allows only selected databases to be restored. Databases not specifically included will be restored as sparse, zeroed files to save space but still allow PostgreSQL to perform recovery. After recovery, the databases that were not included will not be accessible but can be removed with the drop database command. [NOTE]

built-in databases (template0, template1, and postgres) are always restored unless specifically excluded.

The --db-include option can be passed multiple times to specify more than one database to include.

See Restore Selected Databases for additional information and caveats.

example: db-include=db_main

Restore all symlinks.

By default symlinked directories and files are restored as normal directories and files in $PGDATA. This is because it may not be safe to restore symlinks to their original destinations on a system other than where the original backup was performed. This option restores all the symlinks just as they were on the original system where the backup was performed.

default: n
example: link-all=y

Modify the destination of a symlink.

Allows the destination file or path of a symlink to be changed on restore. This is useful for restoring to systems that have a different storage layout than the original system where the backup was generated.

example: link-map=pg_xlog=/data/xlog

7.6 Recovery Option Option (--recovery-option)

Set an option in recovery.conf.

See http://www.postgresql.org/docs/X.X/static/recovery-config.html for details on recovery.conf options (replace X.X with your PostgreSQL version). This option can be used multiple times.[NOTE]

The restore_command option will be automatically generated but can be overridden with this option. Be careful about specifying your own restore_command as pgBackRest is designed to handle this for you. Target Recovery options (recovery_target_name, recovery_target_time, etc.) are generated automatically by pgBackRest and should not be set with this option.

Since pgBackRest does not start PostgreSQL after writing the recovery.conf file, it is always possible to edit/check recovery.conf before manually restarting.

example: recovery-option=primary_conninfo=db.mydomain.com

7.7 Tablespace Map Option (--tablespace-map)

Restore a tablespace into the specified directory.

Moves a tablespace to a new location during the restore. This is useful when tablespace locations are not the same on a replica, or an upgraded system has different mount points.

Since PostgreSQL 9.2 tablespace locations are not stored in pg_tablespace so moving tablespaces can be done with impunity. However, moving a tablespace to the data_directory is not recommended and may cause problems. For more information on moving tablespaces http://www.databasesoup.com/2013/11/moving-tablespaces.html is a good resource.

example: tablespace-map=ts_01=/db/ts_01

7.8 Map All Tablespaces Option (--tablespace-map-all)

Restore all tablespaces into the specified directory.

By default tablespaces are restored into their original locations and while this behavior can be modified by with the tablespace-map open it is sometime preferable to remap all tablespaces to a new directory all at once. This is particularly useful for development or staging systems that may not have the same storage layout as the original system where the backup was generated.

The path specified will be the parent path used to create all the tablespaces in the backup.

example: tablespace-map-all=/data/tablespace

8 Stanza Options (stanza)

A stanza defines the backup configuration for a specific PostgreSQL database cluster. The stanza section must define the database cluster path and host/user if the database cluster is remote. Also, any global configuration sections can be overridden to define stanza-specific settings.

Indexing: All pg- options are indexed to allow for configuring multiple PostgreSQL hosts. For example, a single primary is configured with the pg1-path, pg1-port, etc. options. If a standby is configured then index the pg- options on the repository host as pg2- (e.g. pg2-host, pg2-path, etc).

8.1 PostgreSQL Database Option (--pg-database)

PostgreSQL database.

The database name used when connecting to PostgreSQL. The default is usually best but some installations may not contain this database.

Note that for legacy reasons the setting of the PGDATABASE environment variable will be ignored.

default: postgres
example: pg1-database=backupdb

8.2 PostgreSQL Host Option (--pg-host)

PostgreSQL host for operating remotely via SSH.

Used for backups where the PostgreSQL host is different from the repository host.

example: pg1-host=db.domain.com

Deprecated Name: db-host

8.3 PostgreSQL Host Command Option (--pg-host-cmd)

pgBackRest exe path on the PostgreSQL host.

Required only if the path to pgbackrest is different on the local and PostgreSQL hosts. If not defined, the database host exe path will be set the same as the local exe path.

example: pg1-host-cmd=/usr/lib/backrest/bin/pgbackrest

Deprecated Name: db-cmd

8.4 PostgreSQL Host Configuration Option (--pg-host-config)

pgBackRest database host configuration file.

Sets the location of the configuration file on the PostgreSQL host. This is only required if the PostgreSQL host configuration file is in a different location than the local configuration file.

default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_FILE
example: pg1-host-config=/conf/pgbackrest/pgbackrest.conf

Deprecated Name: db-config

8.5 PostgreSQL Host Configuration Include Path Option (--pg-host-config-include-path)

pgBackRest database host configuration include path.

Sets the location of the configuration include path on the PostgreSQL host. This is only required if the PostgreSQL host configuration include path is in a different location than the local configuration include path.

default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_INCLUDE_PATH
example: pg1-host-config-include-path=/conf/pgbackrest/conf.d

8.6 PostgreSQL Host Configuration Path Option (--pg-host-config-path)

pgBackRest database host configuration path.

Sets the location of the configuration path on the PostgreSQL host. This is only required if the PostgreSQL host configuration path is in a different location than the local configuration path.

default: CFGOPTDEF_CONFIG_PATH
example: pg1-host-config-path=/conf/pgbackrest

8.7 PostgreSQL Host Port Option (--pg-host-port)

PostgreSQL host port when pg-host is set.

Use this option to specify a non-default port for the PostgreSQL host protocol. Currently only SSH is supported

allowed: 0-65535
example: pg1-host-port=25

Deprecated Name: db-ssh-port

8.8 PostgreSQL Host User Option (--pg-host-user)

PostgreSQL host logon user when pg-host is set.

This user will also own the remote pgBackRest process and will initiate connections to PostgreSQL. For this to work correctly the user should be the PostgreSQL database cluster owner which is generally postgres, the default.

default: postgres
example: pg1-host-user=db_owner

Deprecated Name: db-user

8.9 PostgreSQL Path Option (--pg-path)

PostgreSQL data directory.

This should be the same as the data_directory setting in postgresql.conf. Even though this value can be read from postgresql.conf or PostgreSQL it is prudent to set it in case those resources are not available during a restore or offline backup scenario.

The pg-path option is tested against the value reported by PostgreSQL on every online backup so it should always be current.

example: pg1-path=/data/db

Deprecated Name: db-path

8.10 PostgreSQL Port Option (--pg-port)

PostgreSQL port.

Port that PostgreSQL is running on. This usually does not need to be specified as most PostgreSQL clusters run on the default port.

default: 5432
allowed: 0-65535
example: pg1-port=6543

Deprecated Name: db-port

8.11 PostgreSQL Socket Path Option (--pg-socket-path)

PostgreSQL unix socket path.

The unix socket directory that was specified when PostgreSQL was started. pgBackRest will automatically look in the standard location for your OS so there is usually no need to specify this setting unless the socket directory was explicitly modified with the unix_socket_directory setting in postgresql.conf.

allowed: 0-65535
example: pg1-socket-path=/var/run/postgresql

Deprecated Name: db-socket-path

8.12 PostgreSQL Database User Option (--pg-user)

PostgreSQL database user.

The database user name used when connecting to PostgreSQL. If not specified pgBackRest will connect with the local OS user or PGUSER.

example: pg1-user=backupuser

Copyright © 2015-2021, The PostgreSQL Global Development Group, MIT License. Updated June 7, 2021