跳转至

aos-migration

snapshot

es 7.10 snapshot

  • only could use iam role in cli to execute awscurl
  • create snapshot repo

    DOMAIN_NAME=vpc-src2-xxx.ap-southeast-1.es.amazonaws.com
    awscurl -XPUT --service es --region ap-southeast-1 https://${DOMAIN_NAME}/_snapshot/snapshot-repo-1 -H 'Content-Type: application/json' -d ' 
    {
      "type": "s3",
      "settings": {
        "bucket": "aos-mig-20241226",
        "base_path": "snapshot",
        "region": "ap-southeast-1",
        "role_arn": "arn:aws:iam::123456789012:role/aos-mig-role"
      }
    }'
    

  • do snapshot

    awscurl -XPUT --service es --region ap-southeast-1 https://${DOMAIN_NAME}/_snapshot/snapshot-repo-1/snapshot-1
    

  • get snapshot

    awscurl -XGET --service es --region ap-southeast-1 https://${DOMAIN_NAME}/_snapshot/_status
    
    awscurl -XGET --service es --region ap-southeast-1 https://${DOMAIN_NAME}/_snapshot/snapshot-repo-1/_all?pretty
    

es 7.10 restore

  • (option) put role/user to all_access
  • create repo

    DOMAIN_NAME=vpc-target2-xxx.ap-southeast-1.es.amazonaws.com
    awscurl -XPUT --service es --region ap-southeast-1 https://${DOMAIN_NAME}/_snapshot/snapshot-repo-1 -H 'Content-Type: application/json' -d ' 
    {
      "type": "s3",
      "settings": {
        "bucket": "aos-mig-20241226",
        "base_path": "snapshot",
        "region": "ap-southeast-1",
        "role_arn": "arn:aws:iam::123456789012:role/aos-mig-role"
      }
    }'
    
    awscurl -XGET --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/_snapshot/snapshot-repo-1/_all?pretty"
    
    awscurl -XGET --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/_snapshot?pretty"
    

  • get all indice and delete one of them

    # get all indice
    awscurl -XGET --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/_all"
    # delete one of them 
    awscurl -XDELETE --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/.kibana_1"
    

  • restore

    awscurl -XPOST --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/_snapshot/snapshot-repo-1/snapshot-1/_restore" \
    -d '{"indices": "-.kibana_1"}' \
    -H 'Content-Type: application/json'
    

es 6.8 snapshot

  • could use iam role / user in cli to execute awscurl
  • follow steps in es 7.10
    DOMAIN_NAME=vpc-src1-xxx.ap-southeast-1.es.amazonaws.com
    
    awscurl -XPUT --service es --region ap-southeast-1 http://${DOMAIN_NAME}/_snapshot/snapshot-repo-1 -H 'Content-Type: application/json' -d ' 
    {
      "type": "s3",
      "settings": {
        "bucket": "aos-mig-20241226",
        "base_path": "snapshot-src1",
        "region": "ap-southeast-1",
        "role_arn": "arn:aws:iam::123456789012:role/aos-mig-role"
      }
    }'
    

error

  • 创建 opensearch repo 只能使用本 region 的 s3 桶

  • 使用 curl 用 admin 登录,只能做查询,无法创建 repo,需要使用 awscurl

    {"Message":"User: anonymous is not authorized to perform: iam:PassRole on resource: arn:aws:iam::123456789012:role/aos-mig-role because no resource-based policy allows the iam:PassRole action"}
    

  • iam user could not access ES cluster 7.10 directly, assume to another iam role

    {
      "error" : {
        "root_cause" : [
          {
            "type" : "security_exception",
            "reason" : "no permissions for [cluster:admin/repository/get] and User [name=arn:aws:iam::123456789012:user/panlm, backend_roles=[], requestedTenant=null]"
          }
        ],
        "type" : "security_exception",
        "reason" : "no permissions for [cluster:admin/repository/get] and User [name=arn:aws:iam::123456789012:user/panlm, backend_roles=[], requestedTenant=null]"
      },
      "status" : 403
    }
    

replication

DOMAIN_NAME=
INDEX_NAME=leader-99
CONNECTION_NAME=src2-target-test
awscurl -XPUT --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/_plugins/_replication/${INDEX_NAME}/_start" -H 'Content-Type: application/json' -d ' 
{
  "leader_alias": "'"${CONNECTION_NAME}"'",
  "leader_index": "'"${INDEX_NAME}"'",
  "use_roles":{
    "leader_cluster_role": "all_access",
    "follower_cluster_role": "all_access"
  }
}'

awscurl -XGET --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/_plugins/_replication/${INDEX_NAME}/_status?pretty"

awscurl -XGET --service es --region ap-southeast-1 "https://${DOMAIN_NAME}/${INDEX_NAME}/_search?pretty"