PBM-1588 Alibaba Cloud Storage support

docs/css/design.css

@@ -74,7 +74,7 @@
     --md-primary-fg-color--dark: var(--night400);
 }
 :root,
-[data-md-color-scheme="percona-light"] {
+[data-md-color-scheme="default"] {
 
     /* Primitives */
     --md-hue: 220;
@@ -104,11 +104,11 @@
     /* Code */
     --md-code-bg-color: var(--stone800);
     --md-code-bg-color: var(--stone50);
-
+    
     /* Tables */
     --md-typeset-table-color: hsla(var(--md-hue),17%,21%,0.25)
 }
-[data-md-color-scheme="percona-dark"] {
+[data-md-color-scheme="slate"] {
 
     /* Primitives */
     --md-hue: 0;
@@ -217,20 +217,12 @@
 .md-tabs__link {
     margin-top: 0.55rem;
 }
-/* .md-header__topic .md-ellipsis {
-    position: relative;
+.md-header__topic {
+    transition: opacity .25s;
+}
+.md-header__topic:hover {
+    opacity: 0.7;
 }
-.md-header__topic:hover .md-ellipsis::after {
-    content: "";
-    position: absolute;
-    display: block;
-    right: 0;
-    bottom: 11px;
-    left: 0;
-    width: 100%;
-    height: 2.5px;
-    background-color: currentColor;
-} */
 
 /* Footer */
 
@@ -271,16 +263,18 @@
     vertical-align: baseline;
     padding: 0 0.2em 0.1em;
     border-radius: 0.15em;
-    white-space: pre-wrap;   /* Ensure long lines wrap */
 }
 .md-typeset .highlight code span,
 .md-typeset code,
 .md-typeset kbd,
 .md-typeset pre {
     color: var(--md-typeset-color);
 }
+.md-typeset .highlight code span {
+    color: var(--md-typeset-color);
+}
 .md-button code,
-[data-md-color-scheme="percona-dark"] .md-button:not(.md-button--primary) code {
+[data-md-color-scheme="slate"] .md-button:not(.md-button--primary) code {
     background-color: rgba(255, 255, 255, 0.1);
     box-shadow: 0 0 0 2px rgba(255, 255, 255, 0.1) inset;
 }
@@ -646,6 +640,35 @@ i[warning] [class*="moji"] {
     vertical-align: -0.3125em;
 }
 
+/* Version Select */
+
+.version-select::after {
+    content: "\25BE";
+    display: inline-block;
+    margin-left: -1em;
+    transform: translate(-0.625em, -0.0625em);
+    pointer-events: none;
+}
+#versionSelect {
+    -webkit-appearance: none;
+       -moz-appearance: none;
+            appearance: none;
+    align-self: center;
+    font-family: var(--fHeading);
+    font-size: 0.9rem;
+    line-height: 1;
+    font-weight: 700;
+    padding: 0.5em 1.375em 0.5em 0.5em;
+    margin: 0 0.25em;
+    background-color: rgba(0,0,0,0.2);
+    color: inherit;
+    border: none;
+    border-radius: 0.1rem;
+}
+#versionSelect::-ms-expand {
+    display: none;
+}
+
 /* Media queries */
 
 @media screen and (max-width: 76.1875em) {

docs/details/oss.md

@@ -0,0 +1,185 @@
+# Alibaba Cloud Object Storage Service (OSS)
+
+If you operate in Asia-Pacific region or China and/or use the Alibaba Cloud infrastructure, you can use the Alibaba Cloud Object Storage Service (OSS) as a remote backup storage for Percona Backup for MongoDB (PBM). This way you ensure low-latency access to your backups and optimize costs.
+
+To use Alibaba Cloud OSS, you need to have:
+
+* an active Alibaba Cloud account with the Object Storage Service enabled for it. Read more about setting up Alibaba Cloud account in the [official documentation :octicons-link-external-16:](https://www.alibabacloud.com/help/en/account/step-1-register-an-alibaba-cloud-account?spm=a2c63.l28256.0.i0)
+
+* an access to the Resource Access Management (RAM) console and sufficient permissions to create and manage access policies and users. Read more about using RAM with Alibaba Cloud OSS in the [official documentation :octicons-link-external-16:](https://www.alibabacloud.com/help/en/oss/user-guide/how-oss-works-with-ram)
+
+## Create a bucket
+
+You can create a bucket via the [Alibaba Cloud Management Console :octicons-link-external-16:](https://home.console.aliyun.com/) or via the command line. 
+
+=== ":simple-alibabacloud: via Alibaba Cloud Management Console"
+
+    1. Log in to the Alibaba Cloud Management Console.
+    2. Navigate to the Object Storage Service (OSS) section.
+    3. Navigate to Buckets and click Create a new bucket.
+    4. Specify the bucket name, region, and other settings as needed. Refer to bucket naming conventions
+    5. Click **Create**, verify the bucket information and click **Confirm**.
+
+=== ":material-console: via Command Line"
+
+    1. [Install](https://www.alibabacloud.com/help/en/oss/developer-reference/install-ossutil2#DAS) and configure the Alibaba Cloud OSS client. After the installation, the `ossutil` command line tool is available for you.
+    2. Specify the region:
+
+        ```{.bash data-prompt="$"}
+        $ ossutil config
+        ```
+
+        Press Enter until you see the prompt `Please enter Region [cn-hangzhou]:` and specify the desired region.
+
+    3. Create a bucket:
+
+		```{.bash data-prompt="$"}
+		$ ossutil mb oss://your-bucket-name
+		```
+
+		Replace `your-bucket-name` with the desired name for your bucket.
+
+	4. Verify that the bucket is created:
+
+	 	```{.bash data-prompt="$"}
+		$ ossutil ls
+		```
+
+After you created a bucket, apply the [necessary permissions](storage-configuration.md#permissions-setup) for the user identified by the access credentials you plan to use with PBM.
+
+## Configure access to Alibaba Cloud OSS for PBM
+
+For PBM to successfully access and operate in Alibaba Cloud OSS, it requires access credentials with the necessary permissions to read and write data to the designated OSS bucket.
+
+Alibaba Cloud OSS supports the following access modes:
+
+* Using the Access Key ID and Access Key secret associated with a RAM user. These are permanent credentials designed for programmatic access. Note that the RAM user must have all required permissions to access the OSS resources assigned to them. 
+
+   Refer to the [Use the AccessKey pair of a RAM user to access OSS resources :octicons-link-external-16:](https://www.alibabacloud.com/help/en/oss/developer-reference/use-the-accesskey-pair-of-a-ram-user-to-initiate-a-request) chapter for detailed instructions.
+
+* Rather than granting permissions directly to a RAM user, you can assign them through a RAM role. A RAM role is a virtual identity that can have one or more access policies attached, defining the necessary permissions. A RAM user gains these permissions by assuming the role.
+
+  An authorized RAM user can use an AccessKey pair to call the [AssumeRole :octicons-link-external-16:](https://www.alibabacloud.com/help/en/ram/developer-reference/api-sts-2015-04-01-assumerole#main-107864) operation. Then the user receives an STS token together with the temporary credentials to access OSS resources.
+
+  Refer to the [STS temporary access authorization :octicons-link-external-16:](https://www.alibabacloud.com/help/en/oss/sts-temporary-access-authorization#section-csx-hvf-vdb) chapter for configuration guidelines.
+
+
+## Configuration example
+
+Here is an example of a Alibaba Cloud OSS configuration in Percona Backup for MongoDB:
+
+=== "using AccessKey pair"
+
+    ```yaml
+    storage:
+    type: oss
+    oss:
+      region: eu-central-1
+      bucket: your-bucket-name
+      endpointUrl: https://oss-eu-central-1.aliyuncs.com
+      credentials:
+        accessKeyID: "STS.****************"
+        accessKeySecret:  "3dZn*******************************************"
+    ```
+
+=== "using a RAM role"
+
+    ```yaml
+    storage:
+    type: oss
+    oss:
+       region: eu-central-1
+       bucket: your-bucket-name
+       endpointUrl: https://oss-eu-central-1.aliyuncs.com
+       credentials:
+         accessKeyID: "STS.****************" 
+         accessKeySecret:  "3dZn*******************************************" 
+         roleArn: acs:ram::1234567890123456:role/db-backup-role  
+         sessionName: pbm-backup-session
+    ```
+
+See [Configuration file options](../reference/configuration-options.md) for the description of configuration options.
+
+## Fine-tune storage configuration
+
+The following sections describe how you can fine-tune your storage configuration:
+
+* [Server-side encryption](#server-side-encryption)
+* [Upload retries](#upload-retries)
+* [multiple endpoints to the same S3 storage](endpoint-map.md) 
+
+### Server-side encryption
+
+Alibaba Cloud OSS provides server-side encryption (SSE) capabilities to protect your data at rest. When you enable SSE, your data is automatically encrypted before being stored and decrypted when you access it.
+
+Percona Backup for MongoDB supports server-side encryption for OSS buckets with the following encryption types:
+
+* [Alibaba Cloud OSS-managed encryption keys (SSE-OSS)](#using-oss-managed-encryption-keys-sse-oss). This type provides basic encryption capabilities. 
+* [Customer master keys managed by Alibaba Cloud Key Management Service (SSE-KMS)](#using-customer-master-keys-managed-by-key-management-service-sse-kms). This option provides more control over key management and security and is suitable when you need to use self-managed or user-specified keys to meet security and compliance requirements.
+
+Learn more about server-side encryption and billing options when using it in [Server-side encryption :octicons-link-external-16:](https://www.alibabacloud.com/help/en/oss/user-guide/server-side-encryption-8) documentation.
+
+#### Prerequisites
+
+The RAM user used for PBM to access the Alibaba Cloud OSS must have the required permissions to use server-side encryption on a bucket. Make sure the RAM policy for this user includes the following actions:
+
+1. Permissions to manage the target bucket.
+
+2. The `PutBucketEncryption` and `GetBucketEncryption` permissions.
+
+3. For SSE-KMS encryption type, the RAM user must also have the following permissions:
+
+   * `kms:Encrypt`
+   * `kms:Decrypt`
+   * `kms:GenerateDataKey`
+   * `kms:DescribeKey`
+
+Read more about managing RAM policies in the following Alibaba Cloud OSS documentation:
+
+* [Create a custom RAM policy](https://www.alibabacloud.com/help/en/ram/user-guide/create-a-custom-policy#task-glf-vwf-xdb)
+* [Common examples of RAM policies](https://www.alibabacloud.com/help/en/oss/user-guide/common-examples-of-ram-policies) 
+* [Permissions for server-side encryption](https://www.alibabacloud.com/help/en/oss/user-guide/server-side-encryption-8#section-oe2-ypt-1fi)
+
+#### Using OSS-managed encryption keys (SSE-OSS)
+
+Server-side encryption with OSS-managed keys (SSE-OSS) is the default encryption method for Alibaba Cloud OSS. Alibaba Cloud OSS automatically generates  encryption keys for each object. It also creates a master key to encrypt encryption keys. 
+
+To configure PBM to use SSE-OSS, add the following options to the `oss` configuration block:
+
+```yaml
+serverSideEncryption:
+   sseAlgorithm: AES256
+```
+
+#### Using customer master keys managed by Key Management Service (SSE-KMS)
+
+Server-side encryption with customer master keys (CMK) managed by Key Management Service (SSE-KMS) gives you more flexibility over key management and security. 
+
+You have the following options:
+
+* use the default customer master key provided by KMS. OSS creates this key in the KMS platform and uses it to encrypt data 
+* generate your own customer master key using the KMS console. OSS uses this specified key to encrypt data.
+
+To configure PBM to use SSE-KMS, add the following options to the `oss` configuration block:
+
+```yaml
+serverSideEncryption:
+   sseAlgorithm: KMS
+   kmsMasterKeyID: your-kms-key-id # when using a custom KMS key
+   kmsDataEncryption: AES256
+```
+
+### Upload retries 
+
+You can set up the number of attempts for Percona Backup for MongoDB to upload data to Alibaba Cloud OSS as well as the min and max time to wait for the next retry. 
+
+Set the following options in Percona Backup for MongoDB configuration.
+
+```yaml
+retryer:
+  maxAttempts: 5
+  maxBackoff: 30
+  baseDelay: 30
+```
+
+This upload retry increases the chances of data upload completion in cases of unstable connection.

docs/details/storage-configuration.md

@@ -17,6 +17,7 @@
 * [MinIO and S3-compatible storage](minio.md)
 * [Filesystem server storage](filesystem-storage.md)
 * [Microsoft Azure Blob storage](azure.md)
+* [Alibaba Cloud OSS storage](oss.md)
 
 ## How PBM organizes backups on the storage
 
@@ -76,5 +77,6 @@
     * Google Cloud Storage documentation: [Overview of access control :octicons-link-external-16:](https://cloud.google.com/storage/docs/access-control)
     * Microsoft Azure documentation: [Assign an Azure role for access to blob data :octicons-link-external-16:](https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal)
     * MinIO documentation: [Policy Management :octicons-link-external-16:](https://docs.min.io/minio/baremetal/security/minio-identity-management/policy-based-access-control.html)
+    * Alibaba Cloud documentation: [Permissions and access control :octicons-link-external-16:](https://www.alibabacloud.com/help/en/oss/user-guide/permissions-and-access-control)
 
-*[AWS KMS]: Amazon Web Services Key Management Service
+*[AWS KMS]: Amazon Web Services Key Management Service

docs/features/split-merge-backup.md

@@ -1,6 +1,6 @@
 # Manage large backup files upload 
 
-!!! admonition "Version added: [2.11.0](../release-notes/2.11.0.md)
+!!! admonition "Version added: [2.11.0](../release-notes/2.11.0.md)"
 
 As your database grows, so do your backups. Eventually, a collection or index  may become so large that its backup file exceeds the maximum object size limit of your cloud or local storage. When this happens, Percona Backup for MongoDB (PBM) can't upload the file, which can disrupt your backup strategy.
 
@@ -12,6 +12,7 @@
 | **MinIO and S3-compatible storage** | 4.9 TB |
 | **GCS** | 4.9 TB |
 | **Azure Blob Storage** | 190 TB |
+| **Alibaba Cloud OSS** | 48.8 TB |
 | **Filesystem storage** | 4.9 TB |
 
 These defaults are sufficient to satisfy the majority of use cases. However, you can configure a new maximum size for backup files for the storage you use. To do this, define the file size in GB for the `maxObjSizeGB` configuration parameter. 

docs/install/backup-storage.md

@@ -80,6 +80,20 @@
               key: <your-access-key>
         ```    
 
+    === "Alibaba Cloud Storage"
+
+        ```yaml
+        storage:
+        type: oss
+        oss:
+          region: eu-central-1
+          bucket: your-bucket-name
+          endpointUrl: https://oss-eu-central-1.aliyuncs.com
+          credentials:
+            accessKeyID: "STS.****************"
+            accessKeySecret:  "3dZn*******************************************"
+        ```
+
     === ":material-file-tree: Shared local filesystem"    
 
         ```yaml