Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:documentation:07_technical_annexes:16_elastic_search_backup [2021/04/30 15:37]
admscopia
en:documentation:07_technical_annexes:16_elastic_search_backup [2021/11/05 12:05] (current)
Line 4: Line 4:
 [[en:documentation:start|Go back to Pandora FMS documentation index]] [[en:documentation:start|Go back to Pandora FMS documentation index]]
  
-= Backup and restore of ElasticSearch (ELK) =+===== Backup and restore of ElasticSearch (ELK) =====
  
 Data migration from an ElasticSearch server using Snapshots is relatively quick. First, a backup of the server's data is made and then saved to a repository for later restoration. Data migration from an ElasticSearch server using Snapshots is relatively quick. First, a backup of the server's data is made and then saved to a repository for later restoration.
  
-======Snapshot======+==== Snapshot ====
 The machine where the backup will be made will be called the "source machine" and the machine where the restoration will be made will be called the "target machine". The machine where the backup will be made will be called the "source machine" and the machine where the restoration will be made will be called the "target machine".
  
  
-*//In the origin machine+  * In the origin machine
  
 1) We modify the configuration file of "elasticsearch.yml": 1) We modify the configuration file of "elasticsearch.yml":
Line 22: Line 22:
   path.repo: /usr/local/var/backups/   path.repo: /usr/local/var/backups/
  
-{{wiki: Elk1.png?600}}+{{ wiki:Elk1.png?600 }}
  
 2) We create the directory previously added to the configuration file: 2) We create the directory previously added to the configuration file:
  
- mkdir -p /usr/local/var/backups/+  mkdir -p /usr/local/var/backups/
  
 3) We give read and write permissions to the directory and user: 3) We give read and write permissions to the directory and user:
  
 +<code>
  chmod 700 /usr/local/var/backups  chmod 700 /usr/local/var/backups
  chown elasticsearch:elasticsearch /usr/local/var/backups  chown elasticsearch:elasticsearch /usr/local/var/backups
 +</code>
  
 4) We restart the service: 4) We restart the service:
  
- /etc/init.d/elasticsearch restart+  /etc/init.d/elasticsearch restart
  
 5) Create the backup with the following command: 5) Create the backup with the following command:
  
- <nowiki>curl -XPUT http://localhost:9200/_snapshot/my_backup -d '{"type": "fs", "settings": {"compress": "true", "location": "/usr/local/var/backups/"}}'</nowiki>+  curl -XPUT http://localhost:9200/_snapshot/my_backup -d '{"type": "fs", "settings": {"compress": "true", "location": "/usr/local/var/backups/"}}'
  
 6) We compress the previously generated backup: 6) We compress the previously generated backup:
  
 +<code>
  cd /usr/local/var/  cd /usr/local/var/
  tar -zcvf elastic_backup.tar.gz backups/  tar -zcvf elastic_backup.tar.gz backups/
 +</code>
  
 7) From the destination machine where we are going to make the restoration, we copy the compressed backup of the source machine. 7) From the destination machine where we are going to make the restoration, we copy the compressed backup of the source machine.
  
-*//On the target machine+  * //On the target machine// 
 +  
 +  scp -P 41122 [email protected]<ipOrigen>>/root/elastic_backup.tar.gz /home/user/backup
  
- scp -P 41122 [email protected]<ipOrigen>>/root/elastic_backup.tar.gz /home/user/backup+<WRAP center round tip 60%> 
 +To use the 'scp' command you must have an ssh server installed on the source machine and at least one ssh client on the target machine. 
 +</WRAP>
  
-{{pandora:documentation_en:tip|To use the 'scp' command you must have an ssh server installed on the source machine and at least one ssh client on the target machine.}}+<WRAP center round important 60%> 
 +It is important that the version of ElasticSearch on the importing machine supports data export, i.e. in this case your local machine must have the same or higher version. If not, you must first update ElasticSearch. 
 +</WRAP>
  
-{{pandora:documentation_en:warning|It is important that the version of ElasticSearch on the importing machine supports data export, i.e. in this case your local machine must have the same or higher version. If not, you must first update ElasticSearch.}}+==== Restore Backup ====
  
-======Restore Backup====== +  * //On the target machine//
-*//On the target machine+
  
 1) We modified the configuration file of "elasticsearch.yml" in the same way we did when we created the backup in the first machine: 1) We modified the configuration file of "elasticsearch.yml" in the same way we did when we created the backup in the first machine:
  
- vi /etc/elasticsearch/elasticsearch.yml+  vi /etc/elasticsearch/elasticsearch.yml
  
 And we add the following line: And we add the following line:
  
- path.repo: /usr/local/var/backups/+  path.repo: /usr/local/var/backups/
  
-{{wiki: Elk2.png?600}}+{{ wiki:Elk2.png?600 }}
  
 2) We create the directory added previously to the configuration file: 2) We create the directory added previously to the configuration file:
  
- mkdir -p /usr/local/var/backups/+  mkdir -p /usr/local/var/backups/
  
 3) We give read and write permissions to the directory: 3) We give read and write permissions to the directory:
  
 +<code>
  chmod 700 /usr/local/var/backups  chmod 700 /usr/local/var/backups
  chown elasticsearch:elasticsearch /usr/local/var/backups  chown elasticsearch:elasticsearch /usr/local/var/backups
 +</code>
  
 4) We restart the service: 4) We restart the service:
  
- /etc/init.d/elasticsearch restart+  /etc/init.d/elasticsearch restart
  
 5) We decompress the backup that we import from the source machine: 5) We decompress the backup that we import from the source machine:
  
- tar -xzvf /home/user/backup/elastic_backup.tar.gz -C /usr/local/var/backups+  tar -xzvf /home/user/backup/elastic_backup.tar.gz -C /usr/local/var/backups
  
 6) We create the repositories where the snapshots are located: 6) We create the repositories where the snapshots are located:
  
-<code>[email protected]@</code>+<code> 
 +curl -X PUT "localhost:9200/_snapshot/my_backup" -H 'Content-Type: application/json' -d' 
 + 
 +
 +  "type": "fs", 
 +  "settings":
 +    "location": "/usr/local/var/backups" 
 +  } 
 +
 +
 +</code> 
  
 7) We close the indexes: 7) We close the indexes:
  
- curl -XPOST <nowiki>http://localhost:9200</nowiki>/<indexname>-*/_close+  curl -XPOST http://localhost:9200/<indexname>-*/_close
  
-{{pandora:documentation_en:tip|The asterisk shows all the indexes that start with that name.}}+<WRAP center round tip 60%> 
 +The asterisk shows all the indexes that start with that name. 
 +</WRAP>
  
 8) We import the backup: 8) We import the backup:
Line 100: Line 124:
 First we copy the backup to the repository: First we copy the backup to the repository:
  
- cp <name of the snapshot.dat> my_backup_location/+  cp <name of the snapshot.dat> my_backup_location/
  
 We renamed the file without capital letters: We renamed the file without capital letters:
  
- mv my_backup_location/<name of snapshot.dat> my_backup_location/snap1+  mv my_backup_location/<name of snapshot.dat> my_backup_location/snap1
  
 Finally it matters: Finally it matters:
  
- curl -X POST "localhost:9200/_snapshot/my_backup/snap1/_restore?wait_for_completion=true"+  curl -X POST "localhost:9200/_snapshot/my_backup/snap1/_restore?wait_for_completion=true"
  
 9) Finally, we reopen the indexes: 9) Finally, we reopen the indexes:
  
- curl -XPOST <nowiki>http://localhost:9200</nowiki>/<indexname>-*/_open+  curl -XPOST http://localhost:9200/<indexname>-*/_open 
  
 +[[en:documentation:start|Go back to Pandora FMS documentation index]]
  
-[[Pandora:Documentation_en|Go back to documentation index]] 
ºº