elk的备份与恢复【转】

elasticsearch提供了快照功能:

1、在elsticsearch的配置文件中定义一个path.repo路径配置

path.repo: ["/elk/my_backup"]

重新启动elasticsearch服务

 

创建备份的文件夹并赋予权限

mkdir -p /elk/my_backup
chmod 755 /elk/my_backup
chown -R elasticsearch.elasticsearch /elk/*

 

创建repository:

 curl -XPUT 'http://192.168.0.224:9200/_snapshot/backup' -d '
{
    "type": "fs",                //表示类型为文件系统
    "settings": {
        "location": "/elk/my_backup/backup",                //存储的路径
        "compress": true                //是否支持压缩
    }
}'

 

查看repository信息

$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup?pretty'

elk的备份与恢复【转】

 

2、创建快照

备份工作在后台运行

$ curl -XPUT 'http://192.168.0.224:9200/_snapshot/backup/snapshot_1(快照名)'

 

同步执行,加wait_for_completion 标志,备份完成后才返回,如果数据量大的话,会花很长时间

$ curl -XPUT 'http://192.168.212.190:9200/_snapshot/my_backup/snapshot_2?wait_for_completion=true'

 

如果只想备份部分索引的话,可以加上indices 参数:

$ curl -XPUT 'http://192.168.212.190:9200/_snapshot/my_backup/snapshot_3' -d '
{
    "indices": "index_1,index_2",
    "ignore_indices": "missing"
}'

 

查看备份信息

$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup/snapshot_2'

如果要查看所有索引的信息,使用如下api:

$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup/_all'

另外还有个一api可以看到更加详细的信息:

$ curl -XGET 'http://192.168.0.224:9200/_snapshot/backup/snapshot_2/_status'

 

删除备份

$ curl -XDELETE '
http://192.168.0.224:9200/_snapshot/backup/snapshot_2'

 

备份脚本

[root@node2 elk]# vim esback.sh 

#!/bin/bash
#elasticsearch备份脚本
#快照的名字
filename=`date +%Y%m%d%H`
#备份的文件名
backesFile=es$filename.tar.gz
cd /elk/my_backup
mkdir es_dump
cd es_dump
#删除之前的快照,$filename为上一次快照的名字
curl -XDELETE "192.168.0.224:9200/_snapshot/backup/$filename?pretty"
echo 'sleep 30'
sleep 30
#创建一个快照
curl -XPUT "192.168.0.224:9200/_snapshot/backup/$filename?wait_for_completion=true&pretty"
echo 'sleep 30'
sleep 30
#拷贝仓库内的快照到一个文件并打包
cp  -a /elk/my_backup/backup/* /elk/my_backup/es_dump
cd ..
tar czf $backesFile  es_dump/
rm es_dump -rf

 

3、恢复

恢复snapshot_1里的全部索引:

$ curl -XPOST 'http://192.168.0.224:9200/_snapshot/backup/snapshot_1/_restore'

 

api额外的参数:

$ curl -XPOST 'http://192.168.0.224:9200/_snapshot/backup/snapshot_1/_restore' -d '
{
    "indices": "index_1",
    "rename_pattern": "index_(.+)",
    "rename_replacement": "restored_index_$1"
}'

 

indices: 设置只恢复index_1索引

rename_pattern 和rename_replacement: 用来正则匹配要恢复的索引,并且重命名。和备份一样,api会立刻返回值,然后在后台执行恢复,使用wait_for_completion 标记强制同步执行。

 

以使用下面两个api查看状态

 

$ curl -XGET 'http://192.168.0.224:9200/_recovery/'

 

 



[root@node2 elk]# vim esrestore.sh 

#!/bin/bash
filename='2017033020'
backesFile=es$filename.tar.gz
cd /elk/my_backup/
tar zxvf $backesFile
rm /elk/my_backup/backup/* -rf
cp -a /elk/my_backup/es_dump/* /elk/my_backup/backup
curl -XPOST "192.168.0.224:9200/logs*/_close"
curl -XPOST "192.168.0.224:9200/.kiba*/_close"
echo 'sleep 5'
sleep 5
curl -XPOST "192.168.0.224:9200/_snapshot/backup/$filename/_restore?pretty"
#curl -XPOST '192.168.0.224:9200/_snapshot/backup/$filename/_restore?pretty' -d '
#{
#    "indices":"logs*"
#}'
echo 'sleep 5'
sleep 5
#curl -XPOST '192.168.0.224:9200/logs*/_open'
#curl -XPOST '192.168.0.224:9200/.kiba*/_open'
rm es_dump -rf

 

 

 

转自

elk的备份与恢复-landanhero-51CTO博客 https://blog.51cto.com/landanhero/1912049

上一篇:操作系统与网络 2019-1-26


下一篇:2018-2019-2 20165205《网络对抗技术》Exp4 恶意代码分析