If you need to decomission a node the first thing you should do is transfer all shards from it to other nodes
This command will tell ElasticSearch to:
- Stop sending new shards to node 10.0.0.1
- Move all existing shards on node 10.0.0.1 to other nodes in the cluster
NODE="127.0.0.1"
curl -X PUT "${NODE}:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
"transient" : {
"cluster.routing.allocation.exclude._ip" : "10.0.0.1"
}
}
'
To know if you are done relocating the shard you can run this command to see if there are any documents left
curl -XGET 'http://ES_SERVER:9200/_nodes/NODE_NAME/stats/indices?pretty
If you decide you actually want to keep the node run this command.
NODE="127.0.0.1"
curl -X PUT "${NODE}:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
"transient" : {
"cluster.routing.allocation.exclude._ip" : ""
}
}
'
NODE="127.0.0.1"
REPOSITORY="foo"
SNAPSHOT_NAME="bar"
curl -XGET "http://${NODE}:9200/_snapshot/${REPOSITORY}/${SNAPSHOT_NAME}?pretty"
# example to show only indexes that start with "graylog_"
curl -XGET "http://${NODE}:9200/_snapshot/${REPOSITORY}/${SNAPSHOT_NAME}?pretty" | grep "graylog_" | sort -u
NODE="127.0.0.1"
REPOSITORY="foo"
curl -X GET "${NODE}:9200/_snapshot/${REPOSITORY}/_all?pretty" | jq -r '.[] | sort_by(.start_time_in_millis) | .[] | .snapshot'
Use this to see how far along a snapshot is that is currently RUNNING
NODE="127.0.0.1"
REPOSITORY="foo"
SNAPSHOT_NAME="bar"
curl -X GET "${NODE}:9200/_snapshot/${REPOSITORY}/${SNAPSHOT_NAME}/_status" | jq '.snapshots[]| .stats,.state,.shards_stats'
Example Output:
{
"number_of_files": 12458,
"processed_files": 12413,
"total_size_in_bytes": 2320082301006,
"processed_size_in_bytes": 2125845451207,
"start_time_in_millis": 1571812199400,
"time_in_millis": 49711011
}
"STARTED"
{
"initializing": 347,
"started": 5,
"finalizing": 0,
"done": 5497,
"failed": 1,
"total": 5850
}
Create repository on file system (be sure path exists on all nodes)
curl -XPUT 'http://localhost:9200/_snapshot/elastic_backup' -d '{
"type": "fs",
"settings": {
"location": "/mnt/elastic-backup/elastic_backup",
"compress": true
}
}'
Prerequisites:
- ElasticSearch Plugin installed on every node in the cluster
- ElasticSearch config file updated with aws key and secret (or use IAM role)
- Pre-existing s3 bucket
cd /usr/share/elasticsearch/plugins
bin/elasticsearch-plugin install repository-s3
Modify /etc/elasticsearch/elasticsearch.yml and append
cloud.aws.access_key: YOURAccessKEY
cloud.aws.secret_key: YOURsecret_key!
cloud.aws.region: us-east-1
Be sure to replace foo and region in the json shown below
BUCKET_NAME="foo"
NODE="127.0.0.1"
curl -X PUT "${NODE}:9200/_snapshot/${BUCKET_NAME}?pretty" -H 'Content-Type: application/json' -d'
{
"type": "s3",
"settings": {
"bucket": "foo",
"region": "us-east"
}
}
'
NODE="127.0.0.1"
curl -X GET "${NODE}:9200/_cat/repositories?v"
NODE="127.0.0.1"
REPOSITORY="foo"
curl -X GET "${NODE}:9200/_snapshot/${REPOSITORY}"
NODE="127.0.0.1"
REPOSITORY="foo"
curl -X POST "${NODE}:9200/_snapshot/${REPOSITORY}/_verify"`
FYI this will scroll a lot of data on screen.. be patient and wait for end
# Required - Input Bucket Name
BUCKET="foo"
aws s3 ls --summarize --human-readable --recursive s3://${BUCKET}
Curator is a tool that can be used to work with snapshots
Instructions to install ElasticSearch Curator
Instructions if using the repositories: https://www.elastic.co/guide/en/elasticsearch/client/curator/current/apt-repository.html
To install without adding additional repositories:
apt-get install python-pip python-dev build-essential
pip install elasticsearch-curator
https://www.elastic.co/guide/en/elasticsearch/client/curator/current/yum-repository.html
You need to create this file:
~/.curator/curator.yml
File Content: replace the host names with your host names
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
client:
hosts: [ "mynode1", "mynode2", "mynode3", "mynode4", "mynode5" ]
port: 9200
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
loglevel: DEBUG
logfile: '/root/.curator/curator.log'
logformat: default
blacklist: ['elasticsearch', 'urllib3']
The cli comes along with the regular curator installation
REPOSITORY="foo"
curator_cli show_snapshots --repository ${REPOSITORY}
curator_cli show_indices