如何部署Elasticsearch的Azure存储库?

Elastic Stack

1 前言

一个问题,一篇文章,一出故事。
笔者由于最近搭建的Elasticsearch集群需要备份,由于执行备份之前需要先注册备份存储库,也由于笔者选择将数据备份在Azure上,于是整理此章节。

2 最佳实践

2.1 环境信息

如果你需要参考我们的环境,请参阅如下章节,

如何部署带安全认证的Elasticsearch 8.x集群?

2.2 准备Azure存储

你需要向Azure存储管理员申请存储并要求他提供如下信息,

Storage account name: logsysbackup
Key: hzDl4kZwuMGudmCOymu8QzsaiO4ccbOwJu72h7OfAokpS7Vr+R18AK+GHkC4XcgJkRFVNCQO+j1X+ASt54/LYg==
Container name: logsystem

2.3 配置Azure的账号密码

2.3.1 Azure的账号写到ES的Keystore

/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.default.account

具体向导如下,

Enter value for azure.client.default.account: logsysbackup

2.3.2 Azure的密码写到ES的Keystore

/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.default.key

具体向导如下,

Enter value for azure.client.default.key: hzDl4kZwuMGudmCOymu8QzsaiO4ccbOwJu72h7OfAokpS7Vr+R18AK+GHkC4XcgJkRFVNCQO+j1X+ASt54/LYg==

另外,如果需要定义辅助账户,请使用如下命令,

/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.secondary.account
/usr/share/elasticsearch/bin/elasticsearch-keystore add azure.client.secondary.sas_token

2.3.3 将配置发送到其他ES节点

scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch02:/etc/elasticsearch/elasticsearch.keystore
scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch03:/etc/elasticsearch/elasticsearch.keystore
scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch04:/etc/elasticsearch/elasticsearch.keystore
scp /etc/elasticsearch/elasticsearch.keystore azelasticsearch05:/etc/elasticsearch/elasticsearch.keystore

2.3.4 执行API重新加载每个ES节点的Keystore设置

POST _nodes/reload_secure_settings
{
  "secure_settings_password": "" 
}

需要注意的是,由于集群最初设置的keystore安全密码为空,因此以上密码为空。
如果加载成功,可见如下提示,

{
  "_nodes": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "cluster_name": "esCluster01",
  "nodes": {
    "kB-pXO3vRwiV3Wqw0V_d6Q": {
      "name": "azelasticsearch01"
    },
    "C4Vjw4juSVqGyuWFA3kUKg": {
      "name": "azelasticsearch03"
    },
    "MYoeLk35SHiVeBuiqdtvRw": {
      "name": "azelasticsearch05"
    },
    "QEU94immQ3uE-q_jvXoBIg": {
      "name": "azelasticsearch04"
    },
    "c9_DFQNSTvaUXeapV12hhw": {
      "name": "azelasticsearch02"
    }
  }
}

或者,你可以选择重新逐个重新启动节点加载设置(可选,非必要步骤),

ssh azelasticsearch01 systemctl restart elasticsearch
ssh azelasticsearch02 systemctl restart elasticsearch
ssh azelasticsearch03 systemctl restart elasticsearch
ssh azelasticsearch04 systemctl restart elasticsearch
ssh azelasticsearch05 systemctl restart elasticsearch

2.4 创建备份存储库

PUT _snapshot/my_backup
{
  "type": "azure",
  "settings": {
    "client": "default",
    "container": "logsystem",
    "base_path": "/backups",
    "compress": "true"
  }
}

如果需要反操作,可以使用如下命令删除备份存储库,

DELETE /_snapshot/my_backup

2.5 测试备份

PUT /_snapshot/my_backup/snapshot_20250707?wait_for_completion=true

然后,你可以使用如下命令查看所有的备份,

GET /_snapshot/backup/_all

如果需要反操作,可以使用如下命令删除备份,

DELETE /_snapshot/my_backup/snapshot_20250707

参阅文档
=========================
https://www.elastic.co/guide/en/elasticsearch/reference/8.14/cluster-nodes-reload-secure-settings.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.14/repository-azure.html
https://www.elastic.co/guide/en/elasticsearch/reference/8.14/repository-azure.html#repository-azure-usage

没有评论

发表回复

Elastic Stack
如何部署与交换机集成的Logstash?

1 基础知识 一个问题,一篇文章,一出故事。 笔者最近需要配置接收交换机日志的Logstash管道, …

Bash
如何用Tigase监控Elasticsearch集群?

1 前言 一个问题,一篇文章,一出故事。 笔者生产中有一套Elasticsearch集群,笔者为了能 …

Bash
如何用Base Shell获取ES集群状态?

1 前言 一个问题,一篇文章,一出故事。 笔者想要通过Base Shell获取Elasticsear …