1 前言

一个问题，一篇文章，一出故事。
笔者由于最近搭建的Elasticsearch集群需要备份，由于执行备份之前需要先注册备份存储库，也由于笔者选择将数据备份在Azure上，于是整理此章节。

2 最佳实践

2.1 环境信息

如果你需要参考我们的环境，请参阅如下章节，

如何部署带安全认证的Elasticsearch 8.x集群？

2.2 准备Azure存储

你需要向Azure存储管理员申请存储并要求他提供如下信息，

Storage account name: logsysbackup
Key: hzDl4kZwuMGudmCOymu8QzsaiO4ccbOwJu72h7OfAokpS7Vr+R18AK+GHkC4XcgJkRFVNCQO+j1X+ASt54/LYg==
Container name: logsystem

2.3 配置Azure的账号密码

2.3.1 Azure的账号写到ES的Keystore

/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.default.account

具体向导如下，

Enter value for azure.client.default.account: logsysbackup

2.3.2 Azure的密码写到ES的Keystore

/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.default.key

具体向导如下，

Enter value for azure.client.default.key: hzDl4kZwuMGudmCOymu8QzsaiO4ccbOwJu72h7OfAokpS7Vr+R18AK+GHkC4XcgJkRFVNCQO+j1X+ASt54/LYg==

另外，如果需要定义辅助账户，请使用如下命令，

/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.secondary.account
/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.secondary.sas_token

2.3.3 将配置发送到其他ES节点

scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch02:/etc/elasticsearch/elasticsearch.keystore
scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch03:/etc/elasticsearch/elasticsearch.keystore
scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch04:/etc/elasticsearch/elasticsearch.keystore
scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch05:/etc/elasticsearch/elasticsearch.keystore

2.3.4 执行API重新加载每个ES节点的Keystore设置

POST _nodes/reload_secure_settings
{
  "secure_settings_password": "" 
}

需要注意的是，由于集群最初设置的keystore安全密码为空，因此以上密码为空。
如果加载成功，可见如下提示，

{
  "_nodes": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "cluster_name": "esCluster01",
  "nodes": {
    "kB-pXO3vRwiV3Wqw0V_d6Q": {
      "name": "azelasticsearch01"
    },
    "C4Vjw4juSVqGyuWFA3kUKg": {
      "name": "azelasticsearch03"
    },
    "MYoeLk35SHiVeBuiqdtvRw": {
      "name": "azelasticsearch05"
    },
    "QEU94immQ3uE-q_jvXoBIg": {
      "name": "azelasticsearch04"
    },
    "c9_DFQNSTvaUXeapV12hhw": {
      "name": "azelasticsearch02"
    }
  }
}

或者，你可以选择重新逐个重新启动节点加载设置（可选，非必要步骤），

ssh azelasticsearch01 systemctl restart elasticsearch
ssh azelasticsearch02 systemctl restart elasticsearch
ssh azelasticsearch03 systemctl restart elasticsearch
ssh azelasticsearch04 systemctl restart elasticsearch
ssh azelasticsearch05 systemctl restart elasticsearch

2.4 创建备份存储库

PUT _snapshot/my_backup
{
  "type": "azure",
  "settings": {
    "client": "default",
    "container": "logsystem",
    "base_path": "/backups",
    "compress": "true"
  }
}

如果需要反操作，可以使用如下命令删除备份存储库，

DELETE /_snapshot/my_backup

2.5 测试备份

PUT /_snapshot/my_backup/snapshot_20250707?wait_for_completion=true

然后，你可以使用如下命令查看所有的备份，

GET /_snapshot/backup/_all

如果需要反操作，可以使用如下命令删除备份，

DELETE /_snapshot/my_backup/snapshot_20250707

参阅文档
=========================
https://www.elastic.co/guide/en/elasticsearch/reference/8.14/cluster-nodes-reload-secure-settings.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.14/repository-azure.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.14/repository-azure.html#repository-azure-usage