原文地址:http://drops.wooyun.org/tips/12673

0x00 NFS準備

在ES集群上做一個NFS，并掛載：

[[email protected] ~]# yum install nfs-utils*
[[email protected] ~]# vi /etc/exports

輸入集群的IP地址，例如：

192.168.1.2(rw)
192.168.1.3(rw)
192.168.1.4(rw)

保存退出,并啟動NFS服務

[[email protected] ~]# service nfs start
[[email protected] ~]# service rpcgissd start
[[email protected] ~]# service rpcbind start

掛載NFS

[[email protected] ~]# mount elasticsearch.master:/data/es/es_backup /data/es/es_backup

0x01 配置

在elasticsearch.master端執行:

curl -XPUT 'http://elasticsearch.master:9200/_snapshot/backup' -d '{
"type": "fs",
"settings": {
    "location": "/data/es/es_backup",
    "compress": true
  }
}'

備份操作，名字根據自己的情況修改

curl -XPUT http://elasticsearch.master:9200/_snapshot/backup/logstash-2016.01.01 -d '     
{"indices":"logstash-sec-2016.01.01",
"ignore_unavailable": "true",
"include_global_state": false }'

0x02 備份常用命令

查看備份狀態:

curl –XGET  http://elasticsearch.master:9200/_snapshot/backup/logstash-security-2016.01.01

刪除備份

curl -XDELETE  http://elasticsearch.master:9200/_snapshot/backup/logstash-security-2016.01.01

恢復備份

curl -XPOST http://elasticsearch.master:9200/_snapshot/backup/logstash-security-2016.01.01/_restore -d ' { "indices" : "logstash-security-2016.01.01"}'

0x03 最后附備份腳本

#!python
# -*- coding:UTF-8 -*- #
"""
自動備份ElaticSearch
"""

import sys,requests
import simplejson
import time,os
import zipfile

URL="http://elasticsearch.master:9200/_snapshot/backup"
BAK_DIR="/var/wd/elasticsearch_backup/data" 
ZIP_DIR="/var/wd/elasticsearch_backup/zip"

if __name__=='__main__':
    date=time.strftime('%Y.%m.%d',time.localtime(time.time()-86400))

    data1={"type": "fs","settings": {"location":BAK_DIR ,"compress": True}}
    r1=requests.post(URL,simplejson.dumps(data1))
    print r1.text

    index='logstash-sec-'+date
    url=URL+'/'+index

    #開始備份指定INDEX
    data2={"indices":index,"ignore_unavailable": True,"include_global_state": False }
    r2=requests.post(url,simplejson.dumps(data2))
    print r2.text

    #查詢備份狀態
    r3=requests.get(url)
    dic=simplejson.loads(r3.text)
    while  (dic['snapshots'][0]['state']=='IN_PROGRESS'):
        print "%s Backup is IN_PROGRESS..." % index
        time.sleep(10)
        r3=requests.get(url)
        dic=simplejson.loads(r3.text)

    if dic['snapshots'][0]['state']=='SUCCESS':
        print '%s 備份成功' % index
        try:
            #壓縮文件
            zfile=ZIP_DIR+'/'+index+'.zip'
            z = zipfile.ZipFile(zfile,'w',zipfile.ZIP_DEFLATED,allowZip64=True) 
            print "開始壓縮文件..."
            for dirpath, dirnames, filenames in os.walk(BAK_DIR):  
                for filename in filenames:  
                    z.write(os.path.join(dirpath,filename))  
            z.close()

            os.system('rm -rf '+BAK_DIR) #刪除原文件目錄

            print "備份結束"


        except Exception,e:
            print e
        print "開始刪除index: %s" % index
        os.system('curl -XDELETE "http://elasticsearch.master:9200/%s"' % index)

    else:
        print '%s 備份失敗' % index