antisaWiki

User Tools

Site Tools

Trace: backup_elasticsearch_indices
wiki:backup_elasticsearch_indices

Table of Contents

,

Backup Elasticsearch indices

Below should work on bare metal and inside ES docker installation. The snapshots are done using the ES API. Raw system file backups won't work. Test below was done via docker on Debian 11 provisioned by Vagrant.

Add path repo where the snapshots will be restored

Create the repo path: 

[root@97baaa7e0134 elasticsearch]# cat config/elasticsearch.yml 
cluster.name: "docker-cluster"
network.host: 0.0.0.0
path.repo: /usr/share/elasticsearch/data/ # add this path

Restart ES container.

Register repository

curl -X PUT "localhost:9200/_snapshot/my_repository?pretty" -H 'Content-Type: application/json' -d'
{
  "type": "fs",
  "settings": {
    "location": "/usr/share/elasticsearch/data/backups"
  }
}
'

Above paths need to be created and owned by 'elasticsearch' user.

Manually create snapshot

curl -X PUT "localhost:9200/_snapshot/my_repository/my_snapshot?wait_for_completion=true&pretty"

List all snapshots

curl -X GET "localhost:9200/_snapshot/my_repository/_all?pretty"

Copy snapshot outside of container

docker cp root-elasticsearch-1:/usr/share/elasticsearch/data/backups /vagrant/

You should also copy the configuration folder above (where path.repo is defined among other things) 

docker cp root-elasticsearch-1:/usr/share/elasticsearch/config /vagrant/

Restoring snapshots

Copy the files from snapshot repository back into docker container 

docker cp /vagrant/backups root-elasticsearch-1:/usr/share/elasticsearch/data/

Register the repository again as above

Before restoring you might need to delete the indexes if they already exist. This is especially the case when moving to new cluster with default docker installation and default indexes.

To list the indexes do 

curl -X GET "localhost:9200/_all?pretty"

If the Graylog is using ES

Stop the graylog docker then you can delete the indices with 

curl -X DELETE "localhost:9200/graylog_0,gl-system-events_0,gl-events_0?pretty"

This deletes the 3 default indices.

Final restore

List the snapshot and chose the one you want to restore. E.g. restoring “my_snapshot2” 

curl -X POST "localhost:9200/_snapshot/my_repository/my_snapshot2/_restore?wait_for_completion=true&pretty"

Tested on

  • Debian 11 Bullseye (vagrant)
  • docker_compose_version: v2.2.3
  • graylog_version: 4.2-jre11
  • mongodb_version: 4.2
  • elastic_search_version: 7.10.2

See also

References

wiki/backup_elasticsearch_indices.txt · Last modified: 2022/02/18 13:28 by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki