Moving elasticsearch storage directory

parthmaniar · January 9, 2021, 3:40pm

I've been using the elastic stack for last one year to capture research data (mainly using honeypots hosted on cloud service providers.)

I'm using a three-node cluster to capture the data.

2 nodes are data nodes
1 node is a voting node (no data is stored on this node.)

All the nodes are virtual machines with separate disks (at the physical layer) for OS and the data directory. I'm running out of disk space, and I need to move the data to a separate disk. What is the most efficient and error-free way to make this transfer? Here is what I've decided:

Stop elasticsearch on the node that is currently not voted as the master node.
Wait for a few minutes to ensure all disk activity from elasticsearch service has finished.
Mount the new virtual disk & change the data directory in the elasticsearch.yml folder.
use the "mv" command to move the current data.
Start elasticsearch service.

Repeat the process on the next node.

Is this method, OK? Are there more steps recommended, such as removing the node from allocation routing?

Thank you very much and a very happy & safe new year to you.

DavidTurner · January 9, 2021, 3:52pm

Yeah that's pretty much it. No need to wait in step 2, as soon as Elasticsearch has stopped there's nothing else to wait for.

In step 4 you must make sure that the data is moved completely faithfully, permissions and all.

Also no need to do this to the node that's currently the master, you can do either node first.

parthmaniar · January 9, 2021, 5:45pm

Thank you very much David. Happy new year to you and your loved ones

system · February 6, 2021, 5:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.