Moving elasticsearch storage directory

Elastic Stack Elasticsearch
1

I've been using the elastic stack for last one year to capture research data (mainly using honeypots hosted on cloud service providers.)

I'm using a three-node cluster to capture the data.

2 nodes are data nodes
1 node is a voting node (no data is stored on this node.)

All the nodes are virtual machines with separate disks (at the physical layer) for OS and the data directory. I'm running out of disk space, and I need to move the data to a separate disk. What is the most efficient and error-free way to make this transfer? Here is what I've decided:

  1. Stop elasticsearch on the node that is currently not voted as the master node.
  2. Wait for a few minutes to ensure all disk activity from elasticsearch service has finished.
  3. Mount the new virtual disk & change the data directory in the elasticsearch.yml folder.
  4. use the "mv" command to move the current data.
  5. Start elasticsearch service.

Repeat the process on the next node.

Is this method, OK? Are there more steps recommended, such as removing the node from allocation routing?

Thank you very much and a very happy & safe new year to you.

2

Yeah that's pretty much it. No need to wait in step 2, as soon as Elasticsearch has stopped there's nothing else to wait for.

In step 4 you must make sure that the data is moved completely faithfully, permissions and all.

Also no need to do this to the node that's currently the master, you can do either node first.

3

Thank you very much David. Happy new year to you and your loved ones :slight_smile:

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.