说明
由于业务的需要,我们ES使用的是Amazon Elasticsearch Service 7.4,为了配合开发同学的使用和节省部门不必要的开支,我们将定期去备份索引快照至S3中,同时删除ES对应的索引数据。
需求
我们需要定期备份一定周期(比如:一周之前)的索引快照至S3,删除Elasticsearch Service中对应索引数据。同时,如有需要还要可以恢复备份的索引数据。整个流程执行成功后,要有微信或其他途径信息提醒。
流程图
ES需求处理流程图:
ES索引和快照的自动化管理方案
curator工具
curator与es版本的兼容性
ES索引和快照的自动化管理方案
The current version of Curator is 5.8.3,详见传送门
curator可执行的操作
curator允许对索引和快照执行许多不同的操作,包括:
从别名添加或删除索引(或两者!)
更改分片路由分配
关闭索引
创建索引
删除索引
删除快照
打开被关闭的索引
对索引执行forcemerge段合并操作
reindex索引,包括来自远程集群的索引
更改索引的每个分片的副本数
rollover索引
生成索引的快照(备份)
还原快照
安装配置curator
curator安装方式有多种,比如:yum/apt-get、pip、docker等,这里我们选择常用的pip。
pip安装curator
登录后复制
# 安装必要的基础包
yum install -y vim python-pip
登录后复制
# 安装虚拟环境
pip install virtualenvwrapper
# 配置虚拟环境,在/etc/profile添加:
### virtualenv start ###
#设置virtualenv的统一管理目录
export WORKON_HOME=~/Envs
#添加virtualenvwrapper的参数,生成干净隔绝的环境
#export VIRTUALENVWRAPPER_VIRTUALENV_ARGS='--no-site-packages'
#指定python解释器
#export VIRTUALENVWRAPPER_PYTHON=/opt/python36/bin/python3.6
#执行virtualenvwrapper安装脚本
export VIRTUALENVWRAPPER_SCRIPT=/usr/bin/virtualenvwrapper.sh
source /usr/bin/virtualenvwrapper_lazy.sh
### virtualenv end ###
# 刷新配置文件
source !$
# 创建管理es的虚拟环境
mkvirtualenv es-snapshot
# 查看刚创建的虚拟环境
lsvirtualenv
# 进入虚拟环境
workon es-snapshot
登录后复制
# 在es-snapshot虚拟环境中安装
pip install elasticsearch-curator
命令行下单次执行
登录后复制
# 查看当前es的所有索引的详细信息,默认host:127.0.0.1,默认port:9200
curator_cli --host 127.0.0.1 --port 9200 show_indices --verbose
配置config.yml
登录后复制
# Rmember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
client:
#es集群地址
hosts: http://your-domain.com
#es端口
port: your-port
url_prefix:
use_ssl: False
# aws区域,如ap-south-1
aws_region: xxxxx
aws_sign_request: False
certificate:
client_cert:
client_key:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
#日志级别
loglevel: INFO
#日志存放路径
logfile: /var/log/cur-run.log
logformat: default
blacklist: ['elasticsearch', 'urllib3']
配置action.yml
登录后复制
actions:
1:
# 备份7天前的索引快照
action: snapshot
description: >-
Snapshot sdk_|game_ prefixed indices older than 7 day (based on index
creation_date) with the default snapshot name pattern of
'es-%Y%m%d%H%M%S'. Wait for the snapshot to complete. Do not skip
the repository filesystem access check. Use the other options to create
the snapshot.
options:
# s3仓库名称,可通过脚本生成
repository: "es_backup_\
"
# Leaving name blank will result in the default 'curator-%Y%m%d%H%M%S'
name: es-%Y%m%d%H%M%S
ignore_unavailable: False
include_global_state: True
partial: True
wait_for_completion: True
skip_repo_fs_check: True
ignore_empty_list: True
continue_if_exception: False
disable_action: False
filters:
- filtertype: pattern
kind: regex
# 匹配"logstash-"的索引
value: 'logstash-'
- filtertype: age
source: creation_date
direction: older
unit: days
# 7天之前的索引
unit_count: 7
2:
# 关闭7天前以logstash-为前缀的索引:
action: close
description: >-
Close indices older than 7 days (based on index name), for dtlog-
prefixed indices.
options:
delete_aliases: False
timeout_override:
continue_if_exception: False
filters:
- filtertype: pattern
kind: regex
value: '^logstash-'
exclude:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
3:
# 删除7天前的索引
action: delete_indices
description: >-
Delete metric indices older than 7 days (based on index name), for logstash-2021.04.10
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
filters:
- filtertype: pattern
kind: prefix
# 匹配"logstash-"的索引
value: logstash-
- filtertype: age
# 这里根据索引name来匹配,还可以根据字段等,详见官方文档
source: name
direction: older
# 用于匹配和提取索引或快照名称中的时间戳
timestring: '%Y.%m.%d'
unit: days
# 7天之前的索引
unit_count: 7
配置action顺序:7天前索引做快照 --> 关闭7天前索引 --> 删除7天前索引 --> 保留7天内的索引,如有需要可把7天前的快照恢复当前es中。
action.yml配置中:
登录后复制
# s3仓库名称,可通过脚本生成
repository: "es_backup_\
"
之所以这样写,是因为执行python register-repo.py会得到两个值:带有时间戳仓库的后缀比如es_backup_20210424150533,另一个值是时间戳并把它写入time_save.txt。sed '/es_backup_/r time_save.txt' action_temp.yml -i将获得的时间戳传进action_temp.yml中。
注意:actions: 后面的,依次类推:
登录后复制
2:执行操作
3:执行操作
4:执行操作
N:执行操作
创建S3仓库
在执行curator之前,我们需要创建s3仓库,需要配置IAM role访问Elasticsearch Service权限,详见AWS Elasticsearch Service 建立snapshot
详见如下脚本:
登录后复制
# cat register-repo.py
import boto3
import requests
from requests_aws4auth import AWS4Auth
import time
def create_s3_register(timeup):
host = 'https://your-aws-es-domain.com/' # include https:// and trailing /
region = 'ap-south-1' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)
# Register repository
path = '_snapshot/'+'es_backup_'+timeup # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "your-s3-bucket",
"region": "ap-south-1",
"role_arn": "arn:aws:iam::1234567890:role/your-role-name"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers)
print(r.status_code)
print(r.text)
def var_save(timeup,filename,mode='w'):
file = open(filename,mode)
file.write(' '+timeup+'\\'+'\n')
file.close
if __name__=="__main__":
time = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))
create_s3_register(time)
var_save(time,'time_save.txt')
创建执行脚本
该脚本将完成,索引快照备份、索引关闭和索引删除,最后信息通知,详见:
登录后复制
#!/bin/bash
#author: tengfei.wu
#email: tengfei.wu@domain.com
#date:2021/04/25
#version: 2
# Create the S3 repository
python register-repo.py
# Get the name of the warehouse
cp action.yml action_temp.yml
sed '/es_backup_/r time_save.txt' action_temp.yml -i
# Perform ES index shutdown, backup, and deletion
#curator --config config.yml action_temp.yml --dry-run
curator --config config.yml action_temp.yml
rm -rf action_temp.yml
# WeChat alarm
content='
【AI测试环境】-- ES操作通知
详情信息: "ES快照备份、索引关闭和索引删除"
操作细节:
索引快照: "7天前索引"
索引关闭: "7天前索引"
索引删除: "7天前索引"
状态: SUCCESS
报警创建方式: "自动脚本对接"
当前索引: "保留最近一周的索引"'
curl http://x.x.x.x:4567/send -d "tos=your-IM&content=${content}"
定时执行
登录后复制
# logstash-日志备份,每周日am 9:30
30 9 * * 0 cd /root/Envs/es-snapshot/bin && source ./activate && cd /root/Envs/es-snapshot && (/bin/bash ccc) && deactivate
手动执行
登录后复制
workon es-snapshot && cd /root/Envs/es-snapshot/
sh start_es_backup.sh > /dev/null 2>&1 &
检查执行结果
ES索引和快照的自动化管理方案
其他的操作
索引恢复
登录后复制
# cat action_restore.yml
actions:
1:
action: restore
description: >-
Restore all indices in the most recent snapshot with state SUCCESS. Wait
for the restore to complete before continuing. Do not skip the repository
filesystem access check. Use the other options to define the index/shard
settings for the restore.
options:
repository: es_backup_20210425054626
name:
indices:
wait_for_completion: True
#max_wait: 3600
#wait_interval: 10
filters:
- filtertype: state
state: SUCCESS
exclude:
查看当前索引状态:curator_cli --host your-domain.es.amazonaws.com --port your-port show_indices --verbose
索引打开
登录后复制
# cat action_open.yml
actions:
1:
action: open
description: "open selected indices"
options:
continue_if_exception: False
timeout_override: 300
filters:
- filtertype: pattern
kind: regex
value: '^logstash-'
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
仓库快照删除和删除空仓库
登录后复制
# action_delete_snapshot.yml
# 删除快照配置示例
actions:
1:
action: delete_snapshots
description: "Delete selected snapshots from 'repository'"
options:
repository: es_backup_20210424150533
retry_interval: 120
retry_count: 3
timeout_override: 3600
filters:
- filtertype: state
state: SUCCESS
exclude:
注意:
上面的action_delete_snapshot.yml配置只是清空了es_backup_20210424150533仓库中的快照内容,仓库并没有删除,删除空仓库:DELETE /_snapshot/es_backup_20210424150533