如何为AWS Elastic搜索注册手动备份?

时间:2016-03-19 05:38:24

标签: amazon-web-services elasticsearch

我正在尝试将弹性搜索索引备份到文件夹中的S3存储桶。我使用以下代码注册路径:

from boto.connection import AWSAuthConnection

类ESConnection(AWSAuthConnection):

def __init__(self, region, **kwargs):
    super(ESConnection, self).__init__(**kwargs)
    self._set_auth_region_name(region)
    self._set_auth_service_name("es")

def _required_auth_capability(self):
    return ['hmac-v4']

如果名称 ==“主要”:

client = ESConnection(
        region='us-east-1',
        host='search-weblogs-etrt4mbbu254nsfupy6oiytuz4.us-east-1.es.a9.com',
        aws_access_key_id='my-access-key-id',
        aws_secret_access_key='my-access-key', is_secure=False)

print 'Registering Snapshot Repository'
resp = client.make_request(method='POST',
        path='/_snapshot/weblogs-index-backups/test_dir',
        data='{"type": "s3","settings": { "bucket": "es-index-backups","region": "us-east-1","role_arn": "arn:aws:iam::123456789012:role/MyElasticsearchRole"}}')
body = resp.read()
print body

对于给定的路径,我收到错误: 找不到uri [/ _snapshot / weblogs-index-backups / test_dir]和方法[POST]

的处理程序

请提出任何建议。

感谢。

2 个答案:

答案 0 :(得分:2)

1)创建IAM策略并将其添加到角色: 示例角色如下所示:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

像这样的示例策略应该附加到以前的角色:

 {
    "Version":"2012-10-17",
    "Statement":[
        {
            "Action":[
                "s3:ListBucket"
            ],
            "Effect":"Allow",
            "Resource":[
                "arn:aws:s3:::es-index-backups"
            ]
        },
        {
            "Action":[
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "iam:PassRole"
            ],
            "Effect":"Allow",
            "Resource":[
                "arn:aws:s3:::es-index-backups/*"
            ]
        }
    ]
}

2)注册快照目录

作为可以访问新角色的IAM用户,您必须在使用手动索引快照之前向Amazon Elasticsearch Service注册快照目录。此一次性操作要求您使用授予Amazon ES权限的IAM角色对AWS请求进行签名。

保存以下示例Python代码并修改以下值: region:您创建快照存储库的AWS区域 endpoint:您的Amazon ES域的端点 aws_access_key_id:IAM凭证 aws_secret_access_key:IAM凭证 path:快照存储库的位置

注意:Python客户端要求在您注册快照存储库的计算机上安装boto包。

from boto.connection import AWSAuthConnection

class ESConnection(AWSAuthConnection):

    def __init__(self, region, **kwargs):
        super(ESConnection, self).__init__(**kwargs)
        self._set_auth_region_name(region)
        self._set_auth_service_name("es")

    def _required_auth_capability(self):
        return ['hmac-v4']

if __name__ == "__main__":

    client = ESConnection(
            region='us-east-1',
            host='search-weblogs-etrt4mbbu254nsfupy6oiytuz4.us-east-1.es.a9.com',
            aws_access_key_id='my-access-key-id',
            aws_secret_access_key='my-access-key', is_secure=False)

    print 'Registering Snapshot Repository'
    resp = client.make_request(method='PUT',
            path='/_snapshot/weblogs-index-backups',
            data='{"type": "s3","settings": { "bucket": "es-index-backups","region": "us-east-1","role_arn": "arn:aws:iam::123456789012:role/MyElasticsearchRole"}}')
    body = resp.read()
    print body

注册S3存储库后,您将能够使用curl手动获取和恢复快照。例如:

手动拍摄快照:

curl -XPUT 'http://<Elasticsearch_domain_endpoint>/_snapshot/snapshot_repository/snapshot_name'

手动恢复快照:

curl -XPOST 'http://search-weblogs-abcdefghijklmnojiu.us-east-1.a9.com/_snapshot/weblogs-index-backups/snapshot_1/_restore'

注意:您无法将索引的快照还原到已包含具有相同名称的索引的Amazon ES群集。目前,Amazon ES不支持Elasticsearch _close API,因此您必须使用以下备选方案之一: 删除同一Amazon ES域上的索引,然后恢复快照 将快照还原到其他Amazon ES域

答案 1 :(得分:0)

使用boto3和request模块以及python 3.7 将以下示例Python代码另存为Python文件,例如register-repo.py。客户端需要适用于Python的AWS开发工具包(Boto3),请求和request-aws4auth软件包。客户端包含其他快照操作的注释示例。

import boto3
import requests
from requests_aws4auth import AWS4Auth

host = '' # include https:// and trailing /
region = '' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)

# Register repository

path = '_snapshot/my-snapshot-repo-name' # the Elasticsearch API endpoint
url = host + path

payload = {
  "type": "s3",
  "settings": {
    "bucket": "s3-bucket-name",
    # "endpoint": "s3.amazonaws.com", # for us-east-1
    "region": "us-west-1", # for all other regions
    "role_arn": "arn:aws:iam::123456789012:role/TheSnapshotRole"
  }
}

headers = {"Content-Type": "application/json"}

r = requests.put(url, auth=awsauth, json=payload, headers=headers)

print(r.status_code)
print(r.text)

# # Take snapshot
#
# path = '_snapshot/my-snapshot-repo/my-snapshot'
# url = host + path
#
# r = requests.put(url, auth=awsauth)
#
# print(r.text)
#
# # Delete index
#
# path = 'my-index'
# url = host + path
#
# r = requests.delete(url, auth=awsauth)
#
# print(r.text)
#
# # Restore snapshot (all indices except Kibana and fine-grained access control)
#
# path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
# url = host + path
#
# payload = {
#   "indices": "-.kibana*,-.opendistro_security",
#   "include_global_state": false
# }
#
# headers = {"Content-Type": "application/json"}
#
# r = requests.post(url, auth=awsauth, json=payload, headers=headers)
#
# # Restore snapshot (one index)
#
# path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
# url = host + path
#
# payload = {"indices": "my-index"}
#
# headers = {"Content-Type": "application/json"}
#
# r = requests.post(url, auth=awsauth, json=payload, headers=headers)
#
# print(r.text)
相关问题
最新问题