72 lines
2.3 KiB
Plaintext
72 lines
2.3 KiB
Plaintext
[role="xpack"]
|
|
[testenv="basic"]
|
|
[[snapshot-lifecycle-management]]
|
|
== Manage the snapshot lifecycle
|
|
|
|
You can set up snapshot lifecycle policies to automate the timing, frequency, and retention of snapshots.
|
|
Snapshot policies can apply to multiple indices.
|
|
|
|
The snapshot lifecycle management (SLM) <<snapshot-lifecycle-management-api, CRUD APIs>> provide
|
|
the building blocks for the snapshot policy features that are part of the Management application in {kib}.
|
|
The Snapshot and Restore UI makes it easy to set up policies, register snapshot repositories,
|
|
view and manage snapshots, and restore indices.
|
|
|
|
You can stop and restart SLM to temporarily pause automatic backups while performing
|
|
upgrades or other maintenance.
|
|
To disable SLM entirely, set `xpack.slm.enabled` to `false` in `elasticsearch.yml`.
|
|
|
|
[float]
|
|
[[slm-and-security]]
|
|
=== Security and SLM
|
|
|
|
Two built-in cluster privileges control access to the SLM actions when
|
|
{es} {security-features} are enabled:
|
|
|
|
`manage_slm`:: Allows a user to perform all SLM actions, including creating and updating policies
|
|
and starting and stopping SLM.
|
|
|
|
`read_slm`:: Allows a user to perform all read-only SLM actions,
|
|
such as getting policies and checking the SLM status.
|
|
|
|
`cluster:admin/snapshot/*`:: Allows a user to take and delete snapshots of any
|
|
index, whether or not they have access to that index.
|
|
|
|
For example, the following request configures an `slm-admin` role that grants the privileges
|
|
necessary for administering SLM.
|
|
|
|
[source,console]
|
|
-----------------------------------
|
|
POST /_security/role/slm-admin
|
|
{
|
|
"cluster": ["manage_slm", "cluster:admin/snapshot/*"],
|
|
"indices": [
|
|
{
|
|
"names": [".slm-history-*"],
|
|
"privileges": ["all"]
|
|
}
|
|
]
|
|
}
|
|
-----------------------------------
|
|
// TEST[skip:security is not enabled here]
|
|
|
|
Or, for a read-only role that can retrieve policies (but not update, execute, or
|
|
delete them), as well as only view the history index:
|
|
|
|
[source,console]
|
|
-----------------------------------
|
|
POST /_security/role/slm-read-only
|
|
{
|
|
"cluster": ["read_slm"],
|
|
"indices": [
|
|
{
|
|
"names": [".slm-history-*"],
|
|
"privileges": ["read"]
|
|
}
|
|
]
|
|
}
|
|
-----------------------------------
|
|
// TEST[skip:security is not enabled here]
|
|
|
|
include::getting-started-slm.asciidoc[]
|
|
|
|
include::slm-retention.asciidoc[] |