本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
注册手动快照存储库
您需要先向 S OpenSearch ervice 注册快照存储库,然后才能手动拍摄索引快照。此一次性操作要求您使用允许访问的凭据签署 AWS 请求TheSnapshotRole
,如中所述先决条件。
步骤 1:在 OpenSearch 仪表板中映射快照角色(如果使用精细的访问控制)
注册存储库时,精细访问控制会引入额外的步骤。即使您将HTTP基本身份验证用于所有其他目的,也需要将manage_snapshots
角色映射到具有传递iam:PassRole
权限的IAM角色TheSnapshotRole
。
-
导航到您的 OpenSearch 服务域的 OpenSearch 仪表板插件。您可以在 OpenSearch 服务控制台的域控制面板上找到控制面板终端节点。
-
从主菜单中选择安全、角色,然后选择 manage_snapshots 角色。
-
选择映射的用户、管理映射。
-
添加有权ARN传递的角色
TheSnapshotRole
。将角色置ARNs于后端角色下。arn:aws:iam::
123456789123
:role/role-name
-
选择映射并确认在映射的用户下显示的用户或角色。
第 2 步:注册存储库
以下快照选项卡演示如何注册快照目录。有关在迁移到新域后加密手动快照和注册快照的特定选项,请参阅相关选项卡。
使用示例 Python 客户端
Python 客户端比简单的HTTP请求更容易实现自动化,并且具有更好的可重用性。如果您选择使用此方法注册快照存储库,请将下面的示例 Python 代码保存为 Python 文件,如 register-repo.py
。客户端需要 AWS SDK for Python (Boto3)
更新示例代码中的以下变量:host
、region
、path
和 payload
。
import boto3 import requests from requests_aws4auth import AWS4Auth host = '' # domain endpoint region = '' # e.g. us-west-1 service = 'es' credentials = boto3.Session().get_credentials() awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token) # Register repository path = '/_snapshot/
my-snapshot-repo-name
' # the OpenSearch API endpoint url = host + path payload = { "type": "s3", "settings": { "bucket": "s3-bucket-name
", "base_path": "my/snapshot/directory
", "region": "us-west-1
", "role_arn": "arn:aws:iam::123456789012
:role/snapshot-role
" } } headers = {"Content-Type": "application/json"} r = requests.put(url, auth=awsauth, json=payload, headers=headers) print(r.status_code) print(r.text) # # Take snapshot # # path = '/_snapshot/my-snapshot-repo-name/my-snapshot' # url = host + path # # r = requests.put(url, auth=awsauth) # # print(r.text) # # # Delete index # # path = 'my-index' # url = host + path # # r = requests.delete(url, auth=awsauth) # # print(r.text) # # # Restore snapshot (all indexes except Dashboards and fine-grained access control) # # path = '/_snapshot/my-snapshot-repo-name/my-snapshot/_restore' # url = host + path # # payload = { # "indices": "-.kibana*,-.opendistro_security,-.opendistro-*", # "include_global_state": False # } # # headers = {"Content-Type": "application/json"} # # r = requests.post(url, auth=awsauth, json=payload, headers=headers) # # print(r.text) # # # Restore snapshot (one index) # # path = '/_snapshot/my-snapshot-repo-name/my-snapshot/_restore' # url = host + path # # payload = {"indices": "my-index"} # # headers = {"Content-Type": "application/json"} # # r = requests.post(url, auth=awsauth, json=payload, headers=headers) # # print(r.text)