Elasticsearchk可使用两种方式使用对象存储,一种是安装插件,一种是直接指定本地挂载目录
一、在elasticsearch上安装s3插件
1、安装存储库S3插件
sudo bin/elasticsearch-plugin install repository-s3
2、创建S3 credential (在提示处输入值)
sudo bin/elasticsearch-keystore add s3.client.default.access_key
sudo bin/elasticsearch-keystore add s3.client.default.secret_key
3、在elasticsearch上创建backup
PUT /_snapshot/backup
{
"type": "s3",
"settings": {
"bucket": "myjfs"
}
}
4、备份索引
PUT /_snapshot/my_s3_repository/security-auditlog-2023.04.28
{
"indices": "security-auditlog-2023.04.28",
"ignore_unavailable": true,
"include_global_state": false
}
5、单个索引删除及恢复
删除:DELETE security-auditlog-2023.04.28
恢复:POST /_snapshot/my_s3_repository/security-auditlog-2023.04.28/_restore
6、多个索引删除及恢复
DELETE security-auditlog-2023.04.1*
POST /_snapshot/my_s3_repository/security-auditlog-2023.04.1/_restore
(多个的话,会短时内变黄,等待校验完成就会变绿)
二、使用elasticsearch集群节点的本地挂载目录备份
(前提是在所有es节点上都挂盘了,且目录名一致)
1、本地配置文件修改
在/etc/elasticsearch/elasticsearch.yml中添加以下信息
path.repo: ["/data/jfs/dev-cluster", "/data/jfs/dev-cluster"]
重启elasticsearch生效
2、创建snapshot
PUT /_snapshot/my_backup
{
"type": "fs",
"settings": {
"location": "/data/jfs/dev-cluster"
}
}
3、备份
PUT /_snapshot/my_backup/snapshot_1?wait_for_completion=true
{ "indices": "security-auditlog-2023.05.19" }
加了wait_for_completion=true后,等待完成才会返回,如果需要异步,可以不加才选项。
如下返回,即备份成功。
{
"snapshot" : {
"snapshot" : "snapshot_1",
"uuid" : "8x_NlDuqQm2XTS4KnQWuBA",
"version_id" : 7100299,
"version" : "7.10.2",
"indices" : [
"security-auditlog-2023.05.19"
],
"data_streams" : [ ],
"include_global_state" : true,
"state" : "SUCCESS",
"start_time" : "2023-05-22T03:30:20.230Z",
"start_time_in_millis" : 1684726220230,
"end_time" : "2023-05-22T03:31:05.937Z",
"end_time_in_millis" : 1684726265937,
"duration_in_millis" : 45707,
"failures" : [ ],
"shards" : {
"total" : 1,
"failed" : 0,
"successful" : 1
}
}
}
4、删除及恢复
DELETE security-auditlog-2023.05.19
POST /_snapshot/my_backup/snapshot_1/_restore?wait_for_completion=true
{
"indices": "security-auditlog-2023.05.19",
"rename_replacement": "restored_security-auditlog-2023.05.19"
}
恢复成功
{
"snapshot" : {
"snapshot" : "snapshot_1",
"indices" : [
"security-auditlog-2023.05.19"
],
"shards" : {
"total" : 1,
"failed" : 0,
"successful" : 1
}
}
}
5、增量备份
PUT /_snapshot/my_backup/security-auditlog-2023.05.22-1?wait_for_completion=true
{ "indices": "security-auditlog-2023.05.22" }
PUT /_snapshot/my_backup/security-auditlog-2023.05.22-2?wait_for_completion=true
{ "indices": "security-auditlog-2023.05.22" }
可以通过修改snapshot后缀的方式增量index,例如:可以做到每小时同步一次
PUT /_snapshot/my_backup/security-auditlog-2023.05.22-<当前的小时>?wait_for_completion=true
{ "indices": "security-auditlog-2023.05.22" }
对于不分日期的大索引,可以通过这种方式做备份。
问题:
elasticsearch集群节点elasticsearch用户id不一致,导致kibana远程创建文件夹所属用户有误
创建snapshot,报错节点无法创建,权限不足。
PUT /_snapshot/dw_backup
{
"type": "fs",
"settings": {
"location": "/data/jfs/prod-cluster"
}
}
{“error”:{“root_cause”:[{“type”:“repository_verification_exception”,“reason”:“[client_statistics] nested: RepositoryVerificationException[[client_statistics] store location [/data/jfs/] is not accessible on the node nested: AccessDeniedException
报错是权限不足,但是我已经加了权限了,甚至我直接给了777,但是新建的目录还是其他用户。
排查发现:
发现node1,node2,node3,node5的elasticsearch权限是998,node4的权限是996
源于elasticsearch的bug,用的是uid,传了个998过来建目录,结果当然不是elasticsearch了。
处理:
usermod -u 998 elasticsearch
解决。
官方解释: