Backing Up Your Clusteredit

As with any software that stores data, it is important to routinely back up your data. Elasticsearch replicas provide high availability during runtime; they allow you to tolerate sporadic node loss without an interruption of service.

Replicas do not provide protection from catastrophic failure, however. For that, you need a real backup of your cluster—​a complete copy in case something goes wrong.

To back up your cluster, you can use the snapshot API. This will take the current state and data in your cluster and save it to a shared repository. This backup process is "smart." Your first snapshot will be a complete copy of data, but all subsequent snapshots will save the delta between the existing snapshots and the new data. Data is incrementally added and deleted as you snapshot data over time. This means subsequent backups will be substantially faster since they are transmitting far less data.

To use this functionality, you must first create a repository to save data. There are several repository types that you may choose from:

  • Shared filesystem, such as a NAS
  • Amazon S3
  • HDFS (Hadoop Distributed File System)
  • Azure Cloud

Creating the Repositoryedit

Let’s set up a shared filesystem repository:

PUT _snapshot/my_backup 
{
    "type": "fs", 
    "settings": {
        "location": "/mount/backups/my_backup" 
    }
}

We provide a name for our repository, in this case it is called my_backup.

We specify that the type of the repository should be a shared filesystem.

And finally, we provide a mounted drive as the destination.

The shared filesystem path must be accessible from all nodes in your cluster!

This will create the repository and required metadata at the mount point. There are also some other options that you may want to configure, depending on the performance profile of your nodes, network, and repository location:

max_snapshot_bytes_per_sec
When snapshotting data into the repo, this controls the throttling of that process. The default is 20mb per second.
max_restore_bytes_per_sec
When restoring data from the repo, this controls how much the restore is throttled so that your network is not saturated. The default is 20mb per second.

Let’s assume we have a very fast network and are OK with extra traffic, so we can increase the defaults:

POST _snapshot/my_backup/ 
{
    "type": "fs",
    "settings": {
        "location": "/mount/backups/my_backup",
        "max_snapshot_bytes_per_sec" : "50mb", 
        "max_restore_bytes_per_sec" : "50mb"
    }
}

Note that we are using a POST instead of PUT. This will update the settings of the existing repository.

Then add our new settings.

Snapshotting All Open Indicesedit

A repository can contain multiple snapshots. Each snapshot is associated with a certain set of indices (for example, all indices, some subset, or a single index). When creating a snapshot, you specify which indices you are interested in and give the snapshot a unique name.

Let’s start with the most basic snapshot command:

PUT _snapshot/my_backup/snapshot_1

This will back up all open indices into a snapshot named snapshot_1, under the my_backup repository. This call will return immediately, and the snapshot will proceed in the background.

Usually you’ll want your snapshots to proceed as a background process, but occasionally you may want to wait for completion in your script. This can be accomplished by adding a wait_for_completion flag:

PUT _snapshot/my_backup/snapshot_1?wait_for_completion=true

This will block the call until the snapshot has completed. Note that large snapshots may take a long time to return!

Snapshotting Particular Indicesedit

The default behavior is to back up all open indices. But say you are using Marvel, and don’t really want to back up all the diagnostic .marvel indices. You just don’t have enough space to back up everything.

In that case, you can specify which indices to back up when snapshotting your cluster:

PUT _snapshot/my_backup/snapshot_2
{
    "indices": "index_1,index_2"
}

This snapshot command will now back up only index1 and index2.

Listing Information About Snapshotsedit

Once you start accumulating snapshots in your repository, you may forget the details relating to each—​particularly when the snapshots are named based on time demarcations (for example, backup_2014_10_28).

To obtain information about a single snapshot, simply issue a GET request against the repo and snapshot name:

GET _snapshot/my_backup/snapshot_2

This will return a small response with various pieces of information regarding the snapshot:

{
   "snapshots": [
      {
         "snapshot": "snapshot_1",
         "indices": [
            ".marvel_2014_28_10",
            "index1",
            "index2"
         ],
         "state": "SUCCESS",
         "start_time": "2014-09-02T13:01:43.115Z",
         "start_time_in_millis": 1409662903115,
         "end_time": "2014-09-02T13:01:43.439Z",
         "end_time_in_millis": 1409662903439,
         "duration_in_millis": 324,
         "failures": [],
         "shards": {
            "total": 10,
            "failed": 0,
            "successful": 10
         }
      }
   ]
}

For a complete listing of all snapshots in a repository, use the _all placeholder instead of a snapshot name:

GET _snapshot/my_backup/_all

Deleting Snapshotsedit

Finally, we need a command to delete old snapshots that are no longer useful. This is simply a DELETE HTTP call to the repo/snapshot name:

DELETE _snapshot/my_backup/snapshot_2

It is important to use the API to delete snapshots, and not some other mechanism (such as deleting by hand, or using automated cleanup tools on S3). Because snapshots are incremental, it is possible that many snapshots are relying on old segments. The delete API understands what data is still in use by more recent snapshots, and will delete only unused segments.

If you do a manual file delete, however, you are at risk of seriously corrupting your backups because you are deleting data that is still in use.

Monitoring Snapshot Progressedit

The wait_for_completion flag provides a rudimentary form of monitoring, but really isn’t sufficient when snapshotting or restoring even moderately sized clusters.

Two other APIs will give you more-detailed status about the state of the snapshotting. First you can execute a GET to the snapshot ID, just as we did earlier get information about a particular snapshot:

GET _snapshot/my_backup/snapshot_3

If the snapshot is still in progress when you call this, you’ll see information about when it was started, how long it has been running, and so forth. Note, however, that this API uses the same threadpool as the snapshot mechanism. If you are snapshotting very large shards, the time between status updates can be quite large, since the API is competing for the same threadpool resources.

A better option is to poll the _status API:

GET _snapshot/my_backup/snapshot_3/_status

The _status API returns immediately and gives a much more verbose output of statistics:

{
   "snapshots": [
      {
         "snapshot": "snapshot_3",
         "repository": "my_backup",
         "state": "IN_PROGRESS", 
         "shards_stats": {
            "initializing": 0,
            "started": 1, 
            "finalizing": 0,
            "done": 4,
            "failed": 0,
            "total": 5
         },
         "stats": {
            "number_of_files": 5,
            "processed_files": 5,
            "total_size_in_bytes": 1792,
            "processed_size_in_bytes": 1792,
            "start_time_in_millis": 1409663054859,
            "time_in_millis": 64
         },
         "indices": {
            "index_3": {
               "shards_stats": {
                  "initializing": 0,
                  "started": 0,
                  "finalizing": 0,
                  "done": 5,
                  "failed": 0,
                  "total": 5
               },
               "stats": {
                  "number_of_files": 5,
                  "processed_files": 5,
                  "total_size_in_bytes": 1792,
                  "processed_size_in_bytes": 1792,
                  "start_time_in_millis": 1409663054859,
                  "time_in_millis": 64
               },
               "shards": {
                  "0": {
                     "stage": "DONE",
                     "stats": {
                        "number_of_files": 1,
                        "processed_files": 1,
                        "total_size_in_bytes": 514,
                        "processed_size_in_bytes": 514,
                        "start_time_in_millis": 1409663054862,
                        "time_in_millis": 22
                     }
                  },
                  ...

A snapshot that is currently running will show IN_PROGRESS as its status.

This particular snapshot has one shard still transferring (the other four have already completed).

The response includes the overall status of the snapshot, but also drills down into per-index and per-shard statistics. This gives you an incredibly detailed view of how the snapshot is progressing. Shards can be in various states of completion:

INITIALIZING
The shard is checking with the cluster state to see whether it can be snapshotted. This is usually very fast.
STARTED
Data is being transferred to the repository.
FINALIZING
Data transfer is complete; the shard is now sending snapshot metadata.
DONE
Snapshot complete!
FAILED
An error was encountered during the snapshot process, and this shard/index/snapshot could not be completed. Check your logs for more information.

Canceling a Snapshotedit

Finally, you may want to cancel a snapshot or restore. Since these are long-running processes, a typo or mistake when executing the operation could take a long time to resolve—​and use up valuable resources at the same time.

To cancel a snapshot, simply delete the snapshot while it is in progress:

DELETE _snapshot/my_backup/snapshot_3

This will halt the snapshot process. Then proceed to delete the half-completed snapshot from the repository.