一、对于 Curator
curator 容许对索引和快照执行许多不同的操作,罕用操作包含:
- 从别名增加或删除索引
- 更改分片路由调配更改分片路由调配
- 敞开索引敞开索引
- 创立索引创立索引
- 删除索引删除索引
- 删除快照删除快照
- 关上被敞开的索引关上被敞开的索引
curator 版本
Curator 版本关系
二、装置 & 卸载 curator
1. 自己应用的装置形式(centos7 环境下)
- 下载对应的 curator 包 下载地址:
Elasticsearch Curator 5.8.3 RHEL/CentOS 7 Binary Package (RPM)
Elasticsearch Curator 5.8.3 RHEL/CentOS 6 Binary Package (RPM) -
在 elasticsearch 集群所在的机器上装置 curator
rpm -ivh elasticsearch-curator-5.8.3-1.x86_64.rpm -
验证是否装置胜利
curator --version如果呈现如下谬误:
Click will abort further execution because Python 3 was configured to use ASCII as encoding for the environment. Consult http://click.pocoo.org/python… mitigation steps.
This system lists a couple of UTF-8 supporting locales that
you can pick from. The following suitable locales where
discovered: en_AG.utf8, en_AU.utf8, en_BW.utf8, en_CA.utf8, en_DK.utf8, en_GB.utf8, en_HK.utf8, en_IE.utf8, en_IN.utf8, en_NG.utf8, en_NZ.utf8, en_PH.utf8, en_SG.utf8, en_US.utf8, en_ZA.utf8, en_ZM.utf8, en_ZW.utf8
解决形式:
## 执行前运行
export LC_ALL=en_US.utf-8
export LANG=en_US.utf-82. 官网装置步骤
Curator 官网装置步骤
3. 应用 docker 镜像装置
docker 镜像装置 curator
卸载 curator
rpm -e elasticsearch-curator参考:ElasticSearch-curator 装置与卸载
三、应用 curator 治理索引
1.curator 运行
## 指定配置文件 config_file.yml,和须要执行的脚本文件 action_file.yml
curator --config /config/config_file.yml /config/action_file.yml- 参考 config_file.yml
版本不同配置文件也有很大差异,请参考官网文档:官网配置文件地址
---
# Remember, leave a key empty if there is no value. None will be a string,
# not a Python "NoneType"
client:
hosts:
- 127.0.0.1
port: 9200
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
ssl_no_validate: True
username: 'elastic'
password: '123456'
# http_auth: elastic:123456
timeout: 120
master_only: True
logging:
loglevel: INFO
logfile:
logformat: default
#blacklist: ['elasticsearch', 'urllib3']- 参考 action_file.yml
具体治理执行命令参考官网:官网治理 action_file
actions:
1:
action: delete_indices
description: >-
Delete indices older than ${UNIT_COUNT:1} ${UNIT:months} (based on index name), for logstash-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
timeout_override:
continue_if_exception: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
exclude:
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: ${UNIT:months}
unit_count: ${UNIT_COUNT:1}
exclude:
# 2:
# action: delete_indices
# description: >-
# Delete indices older than ${UNIT_COUNT:1} ${UNIT:months} (based on index name), for filebeat-
# prefixed indices. Ignore the error if the filter does not result in an
# actionable list of indices (ignore_empty_list) and exit cleanly.
# options:
# ignore_empty_list: True
# timeout_override:
# continue_if_exception: True
# disable_action: False
# filters:
# - filtertype: pattern
# kind: prefix
# value: filebeat-
# exclude:
# - filtertype: age
# source: name
# direction: older
# timestring: '%Y.%m.%d'
# unit: ${UNIT:months}
# unit_count: ${UNIT_COUNT:1}
# exclude:2. 定时执行(linux)
crontab 命令用于设置周期性被执行的指令。该命令从规范输出设施读取指令,并将其寄存于“crontab”文件中,以供之后读取和执行
- 编写 sh 脚本:curator-delete-index.sh
#!/bin/sh
/usr/local/bin/curator --config /home/soft/elk/config.yml /home/soft/elk/action.yml
echo "delete index success"
#最好应用命令的全路径名,否则可能找不到 - chmod 777 /home/elk/curator-delete-index.sh
- 创立定时工作:crontab
1. crontab -e #关上了 vi,输出:30 16 * * * /home/elk/curator-delete-index.sh #之后保留退出 vi
2. crontab -l #查看所有的 root 用户的定时工作 参考文档:ES Curator 的应用及其配置
四、附录
干货 | Elasticsearch 索引治理利器——Curator 深刻详解