Este manual descreve a instalação e configuraço do Elasticsearch Curator para uso nas estratégias de backup dos índices do Elasticsearch. Esta configuração atual considera o mesmo backup e retenção de backup para todos os Index Sets do Graylog.
Pré-requisitos:
- Repositório de backup do Elasticsearch pré-configurado
Procedimento:
- Instalar o repositório
curator
no servidor:
- Criar o arquivo
/etc/yum.repos.d/curator.repo
com o seguinte conteúdo:
[curator-5]
name=CentOS/RHEL 7 repository for Elasticsearch Curator 5.x packages
baseurl=http://packages.elastic.co/curator/5/centos/7
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
- Instalar o pacote
elasticsearch-curator
:
yum install -y elasticsearch-curator
- Criar o arquivo
/etc/elasticsearch/curator-config.yml
para comportar a seguinte configuração docurator
:
---
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
client:
hosts:
- 127.0.0.1 # IP dos nodes Elasticsearch
port: 9200 # Porta dos nodes Elasticsearch
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
loglevel: INFO
logfile: /var/log/elastic-curator.log
logformat: default
blacklist: ['elasticsearch', 'urllib3']
- Criar o arquivo
/etc/elasticsearch/curator-action.yml
para comportar as regras de backup docurator
:
---
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
#
# Also remember that all examples have 'disable_action' set to True. If you
# want to use this action as a template, be sure to set this to False after
# copying it.
actions:
1:
action: snapshot
description: "Create snapshots of all incides, waiting for completion"
options:
repository: <es-backup-repo> # Nome do repositório configurado no ES
name: snap-graylog-%Y-%m-%d-%H:%M:%S
ignore_unavailable: False
include_global_state: True
partial: False
wait_for_completion: True
skip_repo_fs_check: False
timeout_override:
continue_if_exception: False
disable_action: False
filters:
- filtertype: age
source: creation_date
direction: older
unit: minutes
unit_count: 1
exclude:
2:
action: delete_snapshots
description: "Delete snapshots older than 90 days"
options:
repository: <es-backup-repo> # Nome do repositório configurado no ES
retry_interval: 10
retry_count: 3
timeout_override:
continue_if_exception: False
disable_action: False
filters:
- filtertype: age
source: creation_date
direction: older
unit: days
unit_count: 90
exclude:
- Executar o seguinte comando para testar as configurações (irá executar o snapshot/limpeza):
curator --config /etc/elasticsearch/curator-config.yml /etc/elasticsearch/curator-action.yml
Pronto! Agora você poderá inserir o comando acima num agendamento diário na crontab
do servidor de acordo com as suas políticas.