Elasticsearch集群的备份与恢复
iioc8988
9年前
来自: http://drops.wooyun.org/tips/12673
0x00 NFS准备
在ES集群上做一个NFS,并挂载:
[root@localhost ~]# yum install nfs-utils* [root@localhost ~]# vi /etc/exports
输入集群的IP地址,例如:
192.168.1.2(rw) 192.168.1.3(rw) 192.168.1.4(rw)
保存退出,并启动NFS服务
[root@localhost ~]# service nfs start [root@localhost ~]# service rpcgissd start [root@localhost ~]# service rpcbind start
挂载NFS
[root@localhost ~]# mount elasticsearch.master:/data/es/es_backup /data/es/es_backup
0x01 配置
在elasticsearch.master端执行:
curl -XPUT 'http://elasticsearch.master:9200/_snapshot/backup' -d '{ "type": "fs", "settings": { "location": "/data/es/es_backup", "compress": true } }'
备份操作,名字根据自己的情况修改
curl -XPUT http://elasticsearch.master:9200/_snapshot/backup/logstash-2016.01.01 -d ' {"indices":"logstash-sec-2016.01.01", "ignore_unavailable": "true", "include_global_state": false }'
0x02 备份常用命令
查看备份状态:
curl –XGET http://elasticsearch.master:9200/_snapshot/backup/logstash-security-2016.01.01
删除备份
curl -XDELETE http://elasticsearch.master:9200/_snapshot/backup/logstash-security-2016.01.01
恢复备份
curl -XPOST http://elasticsearch.master:9200/_snapshot/backup/logstash-security-2016.01.01/_restore -d ' { "indices" : "logstash-security-2016.01.01"}'
0x03 最后附备份脚本
#!python # -*- coding:UTF-8 -*- # """ 自动备份ElaticSearch """ import sys,requests import simplejson import time,os import zipfile URL="http://elasticsearch.master:9200/_snapshot/backup" BAK_DIR="/var/wd/elasticsearch_backup/data" ZIP_DIR="/var/wd/elasticsearch_backup/zip" if __name__=='__main__': date=time.strftime('%Y.%m.%d',time.localtime(time.time()-86400)) data1={"type": "fs","settings": {"location":BAK_DIR ,"compress": True}} r1=requests.post(URL,simplejson.dumps(data1)) print r1.text index='logstash-sec-'+date url=URL+'/'+index #开始备份指定INDEX data2={"indices":index,"ignore_unavailable": True,"include_global_state": False } r2=requests.post(url,simplejson.dumps(data2)) print r2.text #查询备份状态 r3=requests.get(url) dic=simplejson.loads(r3.text) while (dic['snapshots'][0]['state']=='IN_PROGRESS'): print "%s Backup is IN_PROGRESS..." % index time.sleep(10) r3=requests.get(url) dic=simplejson.loads(r3.text) if dic['snapshots'][0]['state']=='SUCCESS': print '%s 备份成功' % index try: #压缩文件 zfile=ZIP_DIR+'/'+index+'.zip' z = zipfile.ZipFile(zfile,'w',zipfile.ZIP_DEFLATED,allowZip64=True) print "开始压缩文件..." for dirpath, dirnames, filenames in os.walk(BAK_DIR): for filename in filenames: z.write(os.path.join(dirpath,filename)) z.close() os.system('rm -rf '+BAK_DIR) #删除原文件目录 print "备份结束" except Exception,e: print e print "开始删除index: %s" % index os.system('curl -XDELETE "http://elasticsearch.master:9200/%s"' % index) else: print '%s 备份失败' % index