版本比较

旧版本 2

changes.mady.by.user Bob

保存于

比较

新版本 3

changes.mady.by.user Bob

保存于

密钥

  • 该行被添加。
  • 该行被删除。
  • 格式已经改变。

...

  1. 首先需要创建一个角色专门为快照进行同步,且赋予它两个IAM策略(上面创建快照文档中均有说明)

    1. 角色本身有个信任源,需要修改角色信任关系,让其信任OpenSearch服务

      代码块
      {
  "Version": "2012-10-17",
  "Statement": [{
    "Sid": "",
    "Effect": "Allow",
    "Principal": {
      "Service": "es.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
  }]
}

    2. 允许读写桶的策略,这里的策略资源名称为arn:aws:iam::576184071779:policy/es-snapshot-s3-access,

      代码块
      {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "s3:ListBucket"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::elasticserch-snapshot-backup"
                ]
            },
            {
                "Action": [
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject"
                ],
                "Effect": "Allow",
                "Resource": [
                    "arn:aws:s3:::elasticserch-snapshot-backup/*"
                ]
            }
        ]
    }

    3. 是将这个角色的读写桶的权限交给ElasticSearch(AWS里面叫OpenSearch),这里我们称为权限传递是将这个角色的读写桶的权限交给ElasticSearch(AWS里面叫OpenSearch),这里我们称为权限传递,可见传递角色为arn:aws:iam::576184071779:role/es-snapshot,传递给ES服务

      代码块
      {
    "Version": "2012-10-17",
    "Statement": [
            {
                "Effect": "Allow",
                "Action": "iam:PassRole",
                "Resource": "arn:aws:iam::576184071779:role/es-snapshot"
            },
            {
                "Effect": "Allow",
                "Action": "es:ESHttpPut",
                "Resource": "arn:aws:es:ap-northeast-1:576184071779:domain/starcoin-es2/*"
            }
        ]
    }

  2. 使用 awscurl 发起请求创建快照库(这里一定要用awscurl,否则OpenSearch服务不知道请求者的身份),如果已经配置了 AWS CLI,awscurl 可以使用相同的凭证文件(通常位于 ~/.aws/credentials

    代码块
    languagebash
    # 创建s3快照库
awscurl --service es --region ap-northeast-1 -XPUT 'https://search-starcoin-es2-47avtmhexhbg7qtynzebcnnu64.ap-northeast-1.es.amazonaws.com/_snapshot/my-snapshot-repo?pretty' -H 'Content-Type: application/json' -d '{"type": "s3", "settings": {"role_arn": "arn:aws:iam::576184071779:role/es-snapshot", "region": "ap-northeast-1", "bucket": "elasticserch-snapshot-backup"}}
{
  "acknowledge": true
}

# 创建快照
PUT _snapshot/my-snapshot-repo/snapshot-20240917
{
  "acknowledge": true
}

  3. 在kibana的devtool中查看快照的创建进度,若状态为SUCCESS 在kibana的devtool中查看快照的创建进度,若状态为 SUCCESS 说明创建成功

    代码块
    GET _snapshot/my-snapshot-repo/snapshot-20240917

{
  "snapshots" : [ {
    "snapshot" : "snapshot-20240917",
    "uuid" : "TVlHLRoMSXupw60xQgsWcA",
    "version_id" : 7100299,
    "version" : "7.10.2",
    "indices" : [ "halley.0727.transfer_journal", "vega.0727.block_ids", "vega.0727.txn_events", "vega.0727.dag_inspector_block", "vega.0727.pending_txns", "halley.0727.block_ids", ".opendistro-anomaly-detector-jobs", "halley.0727.token_info", "barnard.0727.blocks", ".tasks", "proxima.0727.pending_txns", "barnard.0727.txn_events", "vega.0727.dag_inspector_height_group", "main.0727.market_cap", "barnard.0727.txn_infos", "txn_infos", "barnard.0727.market_cap_bak", "opendistro-sample-http-responses", "halley.0727.txn_events", "main.0727.pending_txns", "vega.0727.txn_infos", "proxima.0727.transfer_journal", "proxima.0727.address_holder", "halley.0727.txn_infos", "barnard.0727.txn_payloads", "vega.0727.transfer_journal", "barnard.0727.918.address_holder", ".opendistro-anomaly-detectors", "barnard.0914.txn_infos", ".opendistro-reports-definitions", ".opendistro_security", "main.0727.txn_payloads", "main.0727.token_info", ".opendistro-job-scheduler-lock", "halley.0727.txn_payloads", "main.0727.txn_infos", ".opendistro-anomaly-results-history-2021.05.07-1", "proxima.0727.token_info", "barnard.0727.market_cap", ".opendistro-reports-instances", "barnard.0727.block_ids", "main.0727.transfer_journal", "halley.0727.transfer", "vega.0727.txn_payloads", "halley.0727.address_holder", "vega.0727.market_cap", "proxima.0727.transfer", "vega.0727.uncle_blocks", "vega.0727.address_holder", ".opendistro-anomaly-checkpoints", "vega.0727.token_info", "halley.0727.blocks", "barnard.0727.txn_infos_0915", "main.0727.transfer", "halley.0727.uncle_blocks", ".kibana_1", "barnard.0727.address_holder", "proxima.0727.txn_infos", "proxima.0727.blocks", "halley.0727.market_cap", "proxima.0727.uncle_blocks", "barnard.0727.transfer_journal", "barnard.0727.token_info", "main.0727.uncle_blocks", "barnard.0727.uncle_blocks", "main.0727.block_ids", "vega.0727.blocks", "proxima.0727.market_cap", "barnard.0401.txn_infos", "halley.0727.pending_txns", ".opendistro-anomaly-detection-state", "vega.0727.transfer", "proxima.0727.txn_payloads", "barnard.0727.pending_txns", "main.0727.txn_events", "test_index", "main.0727.blocks", "barnard.0727.transfer", "proxima.0727.block_ids", "main.0727.address_holder", ".kibana_-1666338091_elastic_1", "vega.0727.dag_inspector_edge", "proxima.0727.txn_events" ],
    "data_streams" : [ ],
    "include_global_state" : true,
    "state" : "SUCCESS",
    "start_time" : "2024-09-17T05:04:52.562Z",
    "start_time_in_millis" : 1726549492562,
    "end_time" : "2024-09-17T07:08:33.370Z",
    "end_time_in_millis" : 1726556913370,
    "duration_in_millis" : 7420808,
    "failures" : [ ],
    "shards" : {
      "total" : 381,
      "failed" : 0,
      "successful" : 381
    }
  } ]
}

...