I have a three node setup and one of them had a hard drive fail and a long the data snapshots were gone (bad planning).
Now, we have two nodes running well (given the circumstances) and the third node is offline with the old data folder backup copied to the data folder.
This was the master node at the time of the indecent and it was not run again until now.
I plan to use the Elasticsearch-shard --remove-corrupted-data tool. however, I am still trying to figure out how to do that.
In the meantime, can I start the node to see the extent of the damage? or am I risking the current cluster situation and possibility to restore that data?
No, it's not safe to run a node that you've restored from a filesystem-level backup. See e.g. these docs:
There are no supported methods to restore any data from a filesystem-level backup. If you try to restore a cluster from such a backup, it may fail with reports of corruption or missing files or other data inconsistencies, or it may appear to have succeeded having silently lost some of your data.
It's certainly possible that restoring a node from a filesystem backup can be harmful to the cluster. It's not possible to say what will happen in your case. Filesystem backups just aren't covered by tests. As the docs say, there are no supported methods to restore from a filesystem backups.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.