elk的备份与恢复
elasticsearch提供了快照功能:1、在elsticsearch的配置文件中定义一个path.repo路径配置
path.repo: ["/elk/my_backup"] 重新启动elasticsearch服务
创建备份的文件夹并赋予权限
mkdir -p /elk/my_backup
chmod 755 /elk/my_backup
chown -R elasticsearch.elasticsearch /elk/* 创建repository:
curl -XPUT 'http://192.168.0.224:9200/_snapshot/backup' -d '
{
"type": "fs", //表示类型为文件系统
"settings": {
"location": "/elk/my_backup/backup", //存储的路径
"compress": true //是否支持压缩
}
}' 查看repository信息
$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup?pretty'https://s3.运维网.com/wyfs02/M02/8F/6B/wKiom1jdvo6Tv9TnAAAoU8oEG9U361.png-wh_500x0-wm_3-wmp_4-s_2762237698.png
2、创建快照
备份工作在后台运行
$ curl -XPUT 'http://192.168.0.224:9200/_snapshot/backup/snapshot_1(快照名)' 同步执行,加wait_for_completion 标志,备份完成后才返回,如果数据量大的话,会花很长时间
$ curl -XPUT 'http://192.168.212.190:9200/_snapshot/my_backup/snapshot_2?wait_for_completion=true' 如果只想备份部分索引的话,可以加上indices 参数:
$ curl -XPUT 'http://192.168.212.190:9200/_snapshot/my_backup/snapshot_3' -d '
{
"indices": "index_1,index_2",
"ignore_indices": "missing"
}'
查看备份信息
$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup/snapshot_2' 如果要查看所有索引的信息,使用如下api:
$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup/_all' 另外还有个一api可以看到更加详细的信息:
$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup/snapshot_2/_status'
删除备份
$ curl -XDELETE '
http://192.168.0.224:9200/_snapshot/backup/snapshot_2' 备份脚本
# vim esback.sh
#!/bin/bash
#elasticsearch备份脚本
#快照的名字
filename=`date +%Y%m%d%H`
#备份的文件名
backesFile=es$filename.tar.gz
cd /elk/my_backup
mkdir es_dump
cd es_dump
#删除之前的快照,$filename为上一次快照的名字
curl -XDELETE "192.168.0.224:9200/_snapshot/backup/$filename?pretty"
echo 'sleep 30'
sleep 30
#创建一个快照
curl -XPUT "192.168.0.224:9200/_snapshot/backup/$filename?wait_for_completion=true&pretty"
echo 'sleep 30'
sleep 30
#拷贝仓库内的快照到一个文件并打包
cp-a /elk/my_backup/backup/* /elk/my_backup/es_dump
cd ..
tar czf $backesFilees_dump/
rm es_dump -rf
3、恢复
恢复snapshot_1里的全部索引:
$ curl -XPOST 'http://192.168.0.224:9200/_snapshot/backup/snapshot_1/_restore'
api额外的参数:
$ curl -XPOST 'http://192.168.0.224:9200/_snapshot/backup/snapshot_1/_restore' -d '
{
"indices": "index_1",
"rename_pattern": "index_(.+)",
"rename_replacement": "restored_index_$1"
}' indices: 设置只恢复index_1索引
rename_pattern 和rename_replacement: 用来正则匹配要恢复的索引,并且重命名。和备份一样,api会立刻返回值,然后在后台执行恢复,使用wait_for_completion 标记强制同步执行。
以使用下面两个api查看状态
$ curl -XGET 'http://192.168.0.224:9200/_recovery/'
# vim esrestore.sh
#!/bin/bash
filename='2017033020'
backesFile=es$filename.tar.gz
cd /elk/my_backup/
tar zxvf $backesFile
rm /elk/my_backup/backup/* -rf
cp -a /elk/my_backup/es_dump/* /elk/my_backup/backup
curl -XPOST "192.168.0.224:9200/logs*/_close"
curl -XPOST "192.168.0.224:9200/.kiba*/_close"
echo 'sleep 5'
sleep 5
curl -XPOST "192.168.0.224:9200/_snapshot/backup/$filename/_restore?pretty"
#curl -XPOST '192.168.0.224:9200/_snapshot/backup/$filename/_restore?pretty' -d '
#{
# "indices":"logs*"
#}'
echo 'sleep 5'
sleep 5
#curl -XPOST '192.168.0.224:9200/logs*/_open'
#curl -XPOST '192.168.0.224:9200/.kiba*/_open'
rm es_dump -rf
页:
[1]