Agent Configuration File¶
This document covers the configurations settings you need to consider for the Scylla Manager Agent.
The Scylla Manager Agent has a single configuration file /etc/scylla-manager-agent/scylla-manager-agent.yaml.
Completing this section in the scylla-manager-agent.yaml file is mandatory
Scylla Agent uses token authentication in API calls so that the Scylla Manager Server can authenticate itself with the Scylla Manager Agent. Once you have created a token , and have configured the agent configuration file as described.
# Specify authentication token auth_token: 6Es3dm24U72NzAu9ANWmU3C4ALyVZhwwPZZPWtK10eYGHJ24wMoh9SQxRZEluWMc0qDrsWCCshvfhk9uewOimQS2x5yNTYUEoIkO1VpSmTFu5fsFyoDgEkmNrCJpXtfM
In this section, you can specify to which address Scylla Agent should listen.
By default, Scylla Manager Agent pulls these values from the Scylla itself.
Port 10001 is the default port, and traffic to this port should be allowed on firewall.
You can change the port to a different port by clearing the
https label and adding an IP address and port.
In order to obtain TLS cert and key file, use the
# Bind REST API to the specified TCP address using HTTPS protocol. By default # Scylla Manager Agent uses Scylla listen/broadcast address that is read from # the Scylla API (see scylla section). #https: 0.0.0.0:10001 # TLS certificate and key files to use with HTTPS. To regenerate the files use # scyllamgr_ssl_cert_gen script shipped with the Scylla Manager Agent. #tls_cert_file: /var/lib/scylla-manager/scylla_manager.crt #tls_key_file: /var/lib/scylla-manager/scylla_manager.key
In this section, you can set the Prometheus settings for the Scylla Manager Agent so that the Agent Manager metrics (from each Scylla node) can be viewed and monitored with Scylla Monitoring.
# Bind prometheus API to the specified TCP address using HTTP protocol. # By default it binds to all network interfaces but you can restrict it # by specifying it like this 127:0.0.1:5090 or any other combination # of ip and port. #prometheus: ':5090'
If you change the Prometheus IP or port you must adjust the rules in the Prometheus server.
- targets: - IP:5090
Please note that Scylla Manager 2.2 introduced changes to the ports and port for Prometheus was changed from 56090 to 5090.
In this section, you can specify the pprof debug server address.
It allows you to run profiling on demand on a live application.
By default, the server is running on port
# Debug server that allows to run pporf profiling on demand on a live system. #debug: 127.0.0.1:5112
Please note that Scylla Manager 2.2 introduced changes to the ports and port for debug was changed from 56112 to 5112.
In this section, you can set the
cpu setting which dictates the CPU to run Scylla Manager Agent on.
By default, the agent reads the Scylla configuration from
/etc/scylla.d/cpuset.conf and tries to find a core that is not used by Scylla.
If that’s not possible you can specify the core on which to run the Scylla Manager Agent.
In this section, you can set the Log level settings which specify log output and level. Available log levels are
logger: level: info
In this section, you can set the Scylla API settings. Scylla Manager Agent pulls all needed configuration options from the
scylla.yaml file. In order to do this, Scylla Manager Agent needs to know where the Scylla API is exposed. You should copy the
api_port values from
/etc/scylla/scylla.yaml and add them here:
#scylla: # api_address: 0.0.0.0 # api_port: 10000
In this section, you configure the AWS credentials (if required) for the backup location.
Completing this section in the scylla-manager-agent.yaml file is mandatory if you are not using an IAM role. Make sure you understand the security ramifications of placing AWS credentials into the yaml file.
s3: # S3 credentials, it's recommended to use IAM roles if possible, otherwise set # your AWS Access Key ID and AWS Secret Access Key (password) here. access_key_id: <your access key id> secret_access_key: <your secret access key>
Backup can work with MinIO and other AWS S3 compatible providers. The available options are:
To configure S3 with a 3rd-party provider, in addition to credentials, one needs to specify
provider parameter with one of the above options.
If the service is self-hosted it’s also needed to specify
endpoint with its base URL address.
s3: # Provider of the S3 service. By default this is AWS. There are multiple S3 # API compatible providers that can be used instead. Due to minor differences # between them we require that exact provider is specified here for full # compatibility. Supported and tested options are: AWS and Minio. # The available providers are: Alibaba, AWS, Ceph, DigitalOcean, IBMCOS, Minio, # Wasabi, Dreamhost, Netease. provider: Minio # # Endpoint for S3 API, only relevant when using S3 compatible API. endpoint: <your MinIO instance URL>
#s3: # The server-side encryption algorithm used when storing this object in S3. # If using KMS ID you must provide the ARN of Key. # server_side_encryption: # sse_kms_key_id: # # Number of files uploaded concurrently, by default it's 2. # upload_concurrency: 2 # # Maximum size (in bytes) of body of single request to S3 when uploading big files. # Big files are cut into chunks, this value allows to specify how much data # single request to S3 can carry. Bigger value allows to reduce number of requests # needed to upload files, increasing it may help with 5xx responses returned by S3. # Default value is 50M and string representation of the value can be provided, for # e.g. 1M, 1G, off. # chunk_size: 50M # # AWS S3 Transfer acceleration # https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration-examples.html # use_accelerate_endpoint: false
In this section, you configure the Google Cloud Storage credentials (if required) for the backup location.
If you are using automatic Service Account authentication, you do not need to change this section.
Completing this section in the scylla-manager-agent.yaml file is mandatory if you are not using automatic Service Account authorization. Make sure you understand the security ramifications of placing credentials into the yaml file.
Fill in the information below with your Service Account Credentials. If you do not know where your file is located, read the GCP Authentication documentation.
gcs: # GCS credentials, it's recommended to use Service Account authentication if possible, # otherwise set path to credentials here. service_account_file:
#gcs: # Maximum size (in bytes) of body of single request to GCS when uploading files. # Files are cut into chunks, this value allows to specify how much data # single request to GCS can carry. Bigger value allows to reduce number of requests # needed to upload files, increasing it may help with rate limiting responses from GCS. # Default value is 50M and string representation of the value can be provided, for # e.g. 1M, 1G, off. # chunk_size: 50M