neo4j / docs-operations Goto Github PK

Neo4j Operations documentation

JavaScript 100.00%

docs-operations's Introduction

Neo4j: Graphs for Everyone

Neo4j is the world’s leading Graph Database. It is a high performance graph store with all the features expected of a mature and robust database, like a friendly query language and ACID transactions. The programmer works with a flexible network structure of nodes and relationships rather than static tables — yet enjoys all the benefits of enterprise-quality database. For many applications, Neo4j offers orders of magnitude performance benefits compared to relational DBs.

Learn more on the Neo4j website.

Using Neo4j

Neo4j is available both as a standalone server, or an embeddable component. You can download or try online.

Extending Neo4j

We encourage experimentation with Neo4j. You can build extensions to Neo4j, develop library or drivers atop the product, or make contributions directly to the product core. You’ll need to sign a Contributor License Agreement in order for us to accept your patches.

Dependencies

Neo4j is built using Apache Maven version 3.8.2 and a recent version of supported VM. Bash and Make are also required. Note that maven needs more memory than the standard configuration, this can be achieved with export MAVEN_OPTS="-Xmx2048m".

macOS users need to have Homebrew installed.

With brew on macOS

brew install maven

Please note that we do not support building Debian packages on macOS.

With apt-get on Ubuntu

sudo apt install maven openjdk-17-jdk

Be sure that the JAVA_HOME environment variable points to /usr/lib/jvm/java-17-openjdk-amd64 (you may have various java versions installed).

Building Neo4j

Before you start running the unit and integration tests in the Neo4j Maven project on a Linux-like system, you should ensure your limit on open files is set to a reasonable value. You can test it with ulimit -n. We recommend you have a limit of at least 40K.

A plain mvn clean install -T1C will only build the individual jar files.
Test execution is, of course, part of the build.
In case you just want the jars, without running tests, this is for you: mvn clean install -DskipTests -T1C.
You may need to increase the memory available to Maven: export MAVEN_OPTS="-Xmx2048m" (try this first if you get build errors).
You may run into problems resolving org.neo4j.build:build-resources due to a bug in maven. To resolve this simply invoke mvn clean install -pl build-resources.

Running Neo4j

After running a mvn clean install, cd into packaging/standalone/target and extract the version you want, then:

bin/neo4j-admin server start

in the extracted folder to start Neo4j on localhost:7474. On Windows you want to run:

bin\neo4j-admin server start

instead.

Neo4j Desktop

Neo4j Desktop is a convenient way for developers to work with local Neo4j databases.

To install Neo4j Desktop, go to Neo4j Download Center and follow the instructions.

Licensing

Neo4j Community Edition is an open source product licensed under GPLv3.

Neo4j Enterprise Edition includes additional closed-source components not available in this repository and requires a commercial license from Neo4j or one of its affiliates.

Trademark

Neo4j’s trademark policy is available at our trademark policy page.

docs-operations's People

Contributors

Stargazers

Watchers

docs-operations's Issues

What does this refer to?

https://neo4j.com/docs/operations-manual/current/configuration/configuration-settings/#config_dbms.security.logs.ldap.groups_at_debug_level_enabled

The description of dbms.security.logs.ldap.groups_at_debug_level_enable is as follows:

When set to true, will log the groups retrieved from the ldap server. This will only take effect when the security log level is set to DEBUG.WARNING: It is strongly advised that this is set to false when running in a production environment in order to prevent logging of sensitive

But what setting does "the security log level" refer to? This should be changed to the actual configuration setting.

A doc question

In this image, the memory heap size of the docker container is set by NEO4J_server_memory_heap_max__size, is this right or a typo because there are 2 underscores before size.

I tried to set this env for my docker container instance but the memory neo4j server used is still about 500M.

Incorrect yaml configuration creation for neo4j-reverse-proxy

Hello!

I followed this Manual
I generated a TLS certificate by certbot for godaddy domain name.
I added it to the kubernetes secret.
Created the following ingress-values.yaml

reverseProxy:
  image: neo4j/helm-charts-reverse-proxy:5.12.0
  serviceName: "neo4j-lb"
  ingress:
    enabled: true
    tls:
      enabled: true
      config:
      - secretName: "mydomain-tls" <--- set the secret
        hosts:
          - mydomain.com <--- set the domain name

After step Install the Reverse proxy Helm chart the rp-reverseproxy-ingress.yaml was generated and deployed. Here is the part of that yaml:

spec:
  ingressClassName: nginx
  rules:
  - http:
      paths:
      - backend:
          service:
            name: rp-reverseproxy-service
            port:
              number: 443
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - mydomain.com
    secretName: mydomain-tls

But it will not work. Here is the right yaml piece of configuration:

spec:
  ingressClassName: nginx
  rules:
  - host: mydomain.com <--- added this key
    http:
      paths:
      - backend:
          service:
            name: rp-reverseproxy-service
            port:
              number: 443
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - mydomain.com
    secretName: mydomain-tls

I'n not sure, where should I go?

Does Neo4J supports SSO integration with PingFederate Identity Provider

Hi Team,

We are working with Neo4J SSO integration with PingFederate 11.x, However we 're getting an exception & have some queries on this setup.

1) Does Neo4j supports SSO authentication and authorization through PingFederate as a identity provider implementing the OpenID Connect (OIDC) standard?

As per this documentation, it is mentioned support for Okta, Azure, Google etc.

2) Need to know whether Neo4j SSO authentication and authorization is designed to work only with Okta, Azure, Google only? As based on this documentation the configuration is provider-specific using prefix represented by <provider>.

Based on this below OIDC configuration is created for PingFederate:

 dbms.security.authentication_providers=oidc-ping
 dbms.security.authorization_providers=oidc-ping
 dbms.security.oidc.ping.display_name=ping
 dbms.security.oidc.ping.audience=myAud
 dbms.security.oidc.ping.auth_flow=implicit
 dbms.security.oidc.ping.config=principal=unique_name;code_challenge_method=S256;token_type_principal=access_token;token_type_authentication=access_token
 dbms.security.oidc.ping.token_endpoint=https://myhostname:9031/as/token.oauth2
 dbms.security.oidc.ping.auth_endpoint=https://myhostname:9031/as/authorization.oauth2
 dbms.security.oidc.ping.issuer=https://myhostname:9031
 dbms.security.oidc.ping.params=client_id=myClientID;response_type=token;client_secret=myClientSecret;scope=openid
 dbms.security.oidc.ping.claims.username=username

Also, tried using below configuration for PingFederate:

dbms.security.authentication_providers=oidc-ping
dbms.security.authorization_providers=oidc-ping
dbms.security.oidc.ping.display_name=Ping
dbms.security.oidc.ping.auth_flow=pkce
dbms.security.oidc.ping.well_known_discovery_uri=https://myhostname:9031/.well-known/openid-configuration
dbms.security.oidc.ping.auth_endpoint=https://myhostname:9031/as/authorization.oauth2
dbms.security.oidc.ping.audience=myAud
dbms.security.oidc.ping.params=client_id=myClientID;response_type=code;scope=openid
dbms.security.oidc.ping.token_params=client_secret=myClientSecret
dbms.security.oidc.ping.claims.username=username
dbms.security.oidc.ping.jwks_uri=https://myhostname:9031/pf/JWKS

3) We are getting an exception at Neo4j end as below, Moreover the Neo4J does not makes any request to PingFederate Idp as exception comes at Neo4J end:

 2023-11-20 15:31:05.488+0000 WARN  {OidcRealm: oidc-ping}: Failed to authenticate user 'demo'. JWT is not valid for this realm.
 2023-11-20 15:31:05.489+0000 ERROR failed to log in: invalid principal or credentials`

While using JWT token:

{
  "alg": "RS256",
  "kid": "6554eWf3A81B8bhv6SBo",
  "pi.atm": "5cnv"
} 

{
  "scope": "openid",
  "client_id": "myClientID",
  "iss": "https://myhostname:9031",
  "aud": "myAud",
  "jti": "Ytr3765DMoH1WgOcX",
  "Username": "demo",
  "username": "demo",
  "exp": 1700159940
}

Note: The user demo is stored in LDAP which is configured as a data store at PingFederate end.

4) For PingFederate IdP will there be a need to implement a custom auth provider for Neo4j like this? If yes then can you please provide a documentation reference or OOTB SSO solution from Neo4J will work?

5) We have enabled below loggers at Neo4J end, But these loggers are not helpful to debug the exception, Can you please suggest any additional loggers for this exception:

dbms.cluster.discovery.log_level=DEBUG  
dbms.routing.driver.logging.level=DEBUG  
db.logs.query.plan_description_enabled=true  
server.logs.debug.enabled=true  
dbms.security.logs.ldap.groups_at_debug_level_enabled=true  
dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled=true

Thanks,
--Rohit